Index: head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc (revision 46902)
+++ head/share/security/advisories/FreeBSD-EN-15:08.sendmail.asc (revision 46903)
@@ -1,157 +1,165 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
=============================================================================
FreeBSD-EN-15:08.sendmail Errata Notice
The FreeBSD Project
Topic: sendmail TLS/DH Interoperability Improvement
Category: contrib
Module: sendmail
-Announced: 2015-06-18
+Announced: 2015-06-18; Last revised on 2015-06-30.
Credits: Frank Seltzer, Gregory Shapiro
Affects: All supported versions of FreeBSD.
-Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE)
- 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13)
- 2015-06-17 03:11:25 UTC (stable/9, 9.3-STABLE)
- 2015-06-18 05:36:45 UTC (releng/9.3, 9.3-RELEASE-p17)
- 2015-06-17 03:22:18 UTC (stable/8, 8.4-STABLE)
- 2015-06-18 05:36:45 UTC (releng/8.4, 8.4-RELEASE-p31)
+Corrected: 2015-06-25 01:49:44 UTC (stable/10, 10.1-STABLE)
+ 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
+ 2015-06-25 01:53:45 UTC (stable/9, 9.3-STABLE)
+ 2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
+ 2015-06-25 01:56:36 UTC (stable/8, 8.4-STABLE)
+ 2015-06-30 23:21:59 UTC (releng/8.4, 8.4-RELEASE-p32)
For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
.
+0. Revision history
+
+v1.0 2015-06-18 Initial release.
+v1.1 2015-06-30 Revised patch for non-existent DH parameter file.
+
I. Background
-sendmail supports STARTTLS encrypted connections using DHE_EXPORT
-ciphers. As part of that support, by default, sendmail employs 1024-bit
-DH parameters for server connections and 512-bit DH parameters for
-client connections.
+Sendmail supports STARTTLS encrypted connections using DHE_EXPORT
+ciphers. As part of that support, by default, Sendmail employs 1024-bit
+DH parameters for server connections but 512-bit DH parameters if
+configured to use a DH parameter file that does not exist.
II. Problem Description
In response to CVE-2015-4000 ("Logjam TLS vulnerability"), OpenSSL and
other encryption packages have begun rejecting 512-bit and lower DH
parameters during negotiation, thereby reducing interoperability.
III. Impact
-In its default configuration, client connections from sendmail to other
-SMTP servers will not be able to negotiate a STARTTLS encrypted session
-with SMTP servers which reject 512-bit DH parameters. This may cause
-mail deliverability issues for outbound mail.
+In its default FreeBSD configuration, client connections from Sendmail
+to other SMTP servers will not be able to negotiate a STARTTLS encrypted
+session with SMTP servers that reject 512-bit DH parameters. This may
+cause mail deliverability issues for outbound mail.
IV. Workaround
-To work around this interoperability, sendmail can be configured to use
+Systems that do not use Sendmail are not affected.
+
+To work around this interoperability, Sendmail can be configured to use
a 1024 or 2048 bit DH parameter using these steps:
1. Edit /etc/mail/`hostname`.mc
2. If a setting for confDH_PARAMETERS does not exist or
exists and is set to a string beginning with '5',
replace it with '1' for 1024-bit or '2' for 2048-bit.
3. If a setting for confDH_PARAMETERS exists and is set to
a file path, create a new file with:
openssl dhparam -out /path/to/file 2048
for 2048-bit or:
openssl dhparam -out /path/to/file 1024
for 1024-bit.
- 4. If you have modified your MSP submission configuration
- file to enable STARTTLS (not enabled by default), repeat
- the above steps for /etc/mail/`hostname`.submit.mc.
- 5. Rebuild the .cf file(s):
- cd /etc/mail/; make; make install
- 6. Restart sendmail:
- cd /etc/mail/; make restart
-Systems that do not use sendmail are not affected.
+ 4. Rebuild the .cf file:
+ cd /etc/mail/; make; make install
+ 5. Restart sendmail:
+ cd /etc/mail/; make restart
V. Solution
-A change to the raise the default for sendmail client connections to
-1024-bit DH parameters has been committed.
+A change to the raise the default for Sendmail connections to use
+1024-bit DH parameters if the configured DH parameters file does not
+exist has been committed.
Perform one of the following:
1) Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date.
2) To update your present system via a binary patch:
Systems running a RELEASE version of FreeBSD on the i386 or amd64
platforms can be updated via the freebsd-update(8) utility:
# freebsd-update fetch
# freebsd-update install
3) To update your present system via a source code patch:
The following patches have been verified to apply to the applicable
FreeBSD release branches.
a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.
# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch
# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail.patch.asc
# gpg --verify sendmail.patch.asc
+# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:08/sendmail-01.patch.asc
+# gpg --verify sendmail.patch.asc
+
b) Apply the patch. Execute the following commands as root:
# cd /usr/src
# patch < /path/to/patch
c) Recompile the operating system using buildworld and installworld as
described in .
-Restart the sendmail daemon(s), or reboot the system.
+Restart the Sendmail daemon(s), or reboot the system.
VI. Correction details
The following list contains the correction revision numbers for each
affected branch.
Branch/path Revision
- -------------------------------------------------------------------------
-stable/8/ r284491
-releng/8.4/ r284536
-stable/9/ r284488
-releng/9.3/ r284536
-stable/10/ r284485
-releng/10.1/ r284536
+stable/8/ r284790
+releng/8.4/ r284987
+stable/9/ r284788
+releng/9.3/ r284986
+stable/10/ r284786
+releng/10.1/ r284985
- -------------------------------------------------------------------------
To see which files were modified by a particular revision, run the
following command, replacing NNNNNN with the revision number, on a
machine with Subversion installed:
# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
Or visit the following URL, replacing NNNNNN with the revision number:
VII. References
The latest revision of this Errata Notice is available at
https://security.FreeBSD.org/advisories/FreeBSD-EN-15:08.sendmail.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.1.5 (FreeBSD)
-iQIcBAEBCgAGBQJVgllYAAoJEO1n7NZdz2rnsY0QAIKcqNxRed97fvmxvL9kX1In
-CpdKO0Cso8EhCDOKJzmSYR49QZc6CNtPflbgbK2wktiHptmK87R+xODyIWBR1q8T
-peMoevr942gCUZzrA259cLaWJGC7MZer5G9SIsB7cnMJox/QcHmQysDONfu1PRjf
-T8T3/q24230PnBBJpR1SNDMOPAc1YLMetEZ3ue72ToG9pd6gAXN8I9N1ZUPY/6dd
-9/urhdQnxlX5RB3JnqujueJvCrcstInZ8grtKOmTfPSUcWGL++dwu6YH34ORwKDh
-wiI8U+qyg1Lq5vGx6srDOkGAhiSbYi177PV1RCNTxY28yGVvhiiSnLSsIesZBcoB
-pVYcefBJeqcXNuQC5jsGKHEbti9X3bhHnThOaOBOvrooEGcc7/DuP02BZiNOWDvV
-3axT+iFzJdZ1sZktdUQl65zqVBSDASTFz5uG/nTUFASj0W4+vVEghy6FAxlf3aBO
-eV9tqxeUozt0nSb/44n2u2GHRplWWS1KEE3N+skN5IT4RfZaNvTVtZ0s1fRv6Jum
-YNut6TGiVIyTACP0JjS2TkGC3kdPrqweZSQ6xnfrgOSCS+3w2nR1aqaGJ3aCIm/b
-9ixFFIW03LhBH2fl4Y68+CbAlIgGd0zigbRds1IGxRSUxR8AKBngqC+KQUFCOSnY
-snl4x6f2t36abWYgneaP
-=mvxv
+iQIcBAEBCgAGBQJVkyZLAAoJEO1n7NZdz2rnsdsP/2+xJUiaNWialSFlTwE75sHC
+vN/CrkceLw6QrUi5U0PpQdI7xP/y8Cspj/vDCNUbHlkK8WfA5G8J6WhyyaVxMREG
+aZTPHFBn0/IeP2vxlyf0PLq6hL1KtasOQNjDEasUMb4uclaE+hn3QxrWk+KGoe8B
+8rZHYS6Y9gOfWLJj7Rvf6T6TEtKf8Mz1cBfn7lRQbF7yDwkvNDpmNv7BhTQOM5rw
+/2q2i4ZjuZT4AX0IaSzZLC1dEyxuUKqAxMV1D+F1WYBQqMUwnoJLMAETmWXphuSa
+QGDNU0w3PbAJrgK06qeLSswVo/r/5h+kjra5eL17MPKZPO+sWHv9E1jS7wUsbsFB
+RE7kcafgWcN9S0TBldyuFo9g8nwjsWq4uooSLrf8pG8y7U6FtXbgyitS3BNVKT7i
+9GqzTi89HKPefnPQR5wfJIl9YXgKvWJ/FNei7MpGTl2LGKHSd2P/21+OoIjfNeQl
+hYOP9uWDrk3Uf7gJVrJOobMfme5Zb1/LDSQegTIFjzQ0Iac1p4nqj53rzG2Nufyx
+/Y93rKOz280NCS193buARcl4KmFp9oGaJTjVG9Cthu8FUFlCkCeZl13ZrhDufKBS
+z2ZEwkIYFamOFjbhCUJ5wm3gsozV7bzAOSRQEFEzzLDlYGPv2RPDAlgREcuzxr8N
+OhK1HFcIqXbXRthWN7Sp
+=ibhZ
-----END PGP SIGNATURE-----
Index: head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc (revision 46903)
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:09.xlocale Errata Notice
+ The FreeBSD Project
+
+Topic: Inconsistency between locale and rune locale states
+
+Category: core
+Module: libc
+Announced: 2015-06-30
+Credits: David Chisnall
+Affects: FreeBSD 9.x and FreeBSD 10.x.
+Corrected: 2015-06-17 19:12:18 UTC (stable/10, 10.1-STABLE)
+ 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
+ 2015-06-17 19:13:13 UTC (stable/9, 9.3-STABLE)
+ 2015-06-30 23:21:48 UTC (releng/9.3, 9.3-RELEASE-p18)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+Recent FreeBSD releases have support to thread-safe and extended locale API,
+modeled after the Darwin xlocale(3) API.
+
+The C standard locale API was reimplemented as a wrapper of the xlocale(3)
+API with a global locale in order to support its semantics.
+
+II. Problem Description
+
+The locale and rune locale may become out of sync, in which case calls of
+mb* and similar functions would be supplied with wrong data.
+
+III. Impact
+
+Applications that uses xlocale but does not call setlocale(3) would crash.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:09/xlocale.patch.asc
+# gpg --verify xlocale.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/9/ r284525
+releng/9.3/ r284986
+stable/10/ r284524
+releng/10.1/ r284985
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:09.locale.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnitMQAK5jY0n9Kv0VDwP5J4EXdcHZ
+SOEE8n5O+bwWxVFWkqGGZrPQiUuJt6ujrAJb2iSeUtKIa2E84TLDVjmWGtyqP/RN
+rLlRjVVQo14EhSScRI54oUeAYpoBWU8oRtFiixFbw24gFEW/ZeovFxQUY1Waueuy
+Xpx28cmqQ3KG/T+Ujq1edHrtMpqwsBQd93eHRFSjtWaMrxmjnr4ln66AerdPQAYx
+ib2rznxy+MCF0rmHbTsYnpZKZ1DupcyU7YkOdhVTk8cviL44wPGaCrA9Oaf6Q2hW
+NTek9h5VQhvmhWaPsUZTGbQYPkvFjvEbmKOxRV+Mtf+UBt2y7SoqACpP1BbCC77n
+8uRGdI8MPpC1j9RHZ5miWz4NkA3W1Pa/oi66PRhenzXgDe9Ua4aykklqnINhOrgm
+ZBCLz1DXnx4WyeW2FIf7Z9GGcF3sUd9RU2e4H0WI3uZ75PT7p/zq1L4FKxXEn9/7
+VoGy6cyQWwFUZ27lIcSGLeUhSolrtDofHPwKe8YB12bTXPhxjNYs+4iYWF0ZScOE
+Wr9Jx7mKecNQ+jD5iEP2Ne7tzqSPSDZGzwkvifz+dmHT5L9hx6Pu916xp6/kzVg1
+up31EcoQOn1N/ZHjC9VgGmyOgdA5ENHKNPhzcYp2CrJSadBHQHeINfwbRLdzLjVl
+Nnt+YSShqakxvZhNmTex
+=Wfyl
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-15:09.xlocale.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc
===================================================================
--- head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc (nonexistent)
+++ head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc (revision 46903)
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-EN-15:10.iconv Errata Notice
+ The FreeBSD Project
+
+Topic: Improved iconv(3) UTF-7 support
+
+Category: core
+Module: libc/iconv
+Announced: 2015-06-30
+Credits: Tijl Coosemans
+Affects: FreeBSD 10.x
+Corrected: 2015-06-02 09:42:00 UTC (stable/10, 10.1-STABLE)
+ 2015-06-30 23:21:37 UTC (releng/10.1, 10.1-RELEASE-p14)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+.
+
+I. Background
+
+The iconv(3) API allows converting text data from one character set
+encoding to another. Applications first open a converter between two
+encodings using iconv_open(3) and then convert text using iconv(3).
+
+UTF-7 is a variable-length character encoding representing Unicode text
+using a stream of ASCII characters.
+
+II. Problem Description
+
+A defect in the iconv(3) UTF-7 decoding process causes the end of base64
+symbols ("-") to be treated as an incomplete character when they exist
+at the end of the string.
+
+III. Impact
+
+Applications that use iconv(3) to decode UTF-7 may receive an incorrect
+encoded result.
+
+IV. Workaround
+
+No workaround is available.
+
+V. Solution
+
+Perform one of the following:
+
+1) Upgrade your system to a supported FreeBSD stable or release / security
+branch (releng) dated after the correction date.
+
+2) To update your present system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+3) To update your present system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch
+# fetch https://security.FreeBSD.org/patches/EN-15:10/iconv.patch.asc
+# gpg --verify iconv.patch.asc
+
+b) Apply the patch. Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in .
+
+Restart all deamons using the library, or reboot the system.
+
+VI. Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path Revision
+- -------------------------------------------------------------------------
+stable/10/ r283908
+releng/10.1/ r284985
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+
+
+VII. References
+
+
+
+The latest revision of this Errata Notice is available at
+https://security.FreeBSD.org/advisories/FreeBSD-EN-15:10.iconv.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAEBCgAGBQJVkyZQAAoJEO1n7NZdz2rnue4P/2TGL5ucl/YypMQAcgDxRn77
+3zky6DhJSWx0ydnoCsFNogiK2A9qdw6YHvYMyqwjcVTZ9NpjeXSOnuEgaD6SN9Xj
+elIkvxPkbome8QDJAVsW+amqw1ipfJ4deN4XQqzbRTaNBd0Yo0jsC4S7zjVq+gwE
+0EJ98vYQz8KfOFRW5Y1DlCS2OkapuGHPcxBJsRGoz5Y4Qe8KYDivRDZPJsrhbEWY
++QF+xjZ+ZDvCl6qBSVcYgsVNeMr6jHjmIS2BYSeWypKmI1LfPgZszOMCZsS/rvAs
+DKsm9N7GcbMVCD0tUWSOQmN1jtfBEoYtgqoHg1/wg5/jTOlcVQgANVMF5p9jqo/Q
+BGBUWfwQACZ4cJI/lXTqUt87Dg1n15JtU011nDCfbK4Ll9ZaYioAisqx2kXdUgBP
+ojP3XMwoFtq2tJGJZLlIG3nWm3IatsOL+vtZxw6N4Y5PVksZeCctFikm7FhsCXjk
+SCVSn3w+rLP1klWSCbqUUtpvRSMP3JZDH7auytvykUZ2pncKAzwhfb+TI9Qqnguk
+RkSDUDnRvLEuwezZOAZ3lErVV/G38zyi6Hn/ODeO0Cg6w70XKdbuWqgf0z3etz7M
+HiHk4dpVNO7S4Y12wNdin1XgXa94s08wyiY7bSGpDaqL22O6CHgd0B+NAsqUqJSx
+lAsbtw23ytA4JwkVwIdf
+=hK2X
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/advisories/FreeBSD-EN-15:10.iconv.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-15:08/sendmail-01.patch
===================================================================
--- head/share/security/patches/EN-15:08/sendmail-01.patch (nonexistent)
+++ head/share/security/patches/EN-15:08/sendmail-01.patch (revision 46903)
@@ -0,0 +1,13 @@
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+--- contrib/sendmail/src/sendmail.h (revision 284940)
++++ contrib/sendmail/src/sendmail.h (working copy)
+@@ -1935,7 +1935,7 @@ struct termescape
+
+ /* server requirements */
+ #define TLS_I_SRV (TLS_I_SRV_CERT | TLS_I_RSA_TMP | TLS_I_VRFY_PATH | \
+- TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH512 | \
++ TLS_I_VRFY_LOC | TLS_I_TRY_DH | TLS_I_DH1024 | \
+ TLS_I_CACHE)
+
+ /* client requirements */
Property changes on: head/share/security/patches/EN-15:08/sendmail-01.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-15:08/sendmail-01.patch.asc
===================================================================
--- head/share/security/patches/EN-15:08/sendmail-01.patch.asc (nonexistent)
+++ head/share/security/patches/EN-15:08/sendmail-01.patch.asc (revision 46903)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnDCgP/03Bv37NZRCd3fpZC8Og73t2
+qFxR5glnHfXeNpAnI2p0Jmfvay4/ZHYEOIXQwS60wdnNElN00mudJ/D7RBVr5sGF
+fjW68S3+z9vppBP4pWq4xhitDkA+Ko9zZmCojMOta3DTBhJzp825i8al03wQbViQ
+Xgv7AhA52bsdXqcru83DfRDfXfUuf8BivgvuGoohfaVQYhAusrOlAXR9jij9mWJo
+24Phs3gXlmOvRnjWiRfcmESCZdZJwDwUfBXk+cMFuEQo60bburyjqp+rCD4bt1lN
+3zkRTLggBQefqLer78CP++A/PrLxLWajqRpZ0SvUny3HeWED8Yrp/8L3xc0H+Zfs
+Eo5lmVvi3RLAzTWgAkdQOBddjvYoK5jmJBauFyiY/sQ/sti1HT7vavXPIRZFTWFQ
+VM/+URwLudyAnIXqVn0iSuOrrjW5eQnchuEWYs6ar7qc375sa9um7idfif9kCq5j
+5GvBILw1m6CVfeuW5dfL/Gwkz6ALx9yqSVQ10L3m5Ik7+hbCAkD+GnMK53OvQSjA
+Kuw3nMDVHjdVVYZKYI7h8Ez25K2S9EoPARcmX9oikkeUYLR3s8PbLOikixltpRpp
+viaHkskG4bvxY2b5SP64NRZowUqPP2EgVY/Mi11pPsr5cuQR+PTTv7mx0QUzJ862
+m86CQtJ8so6TKWTO8bQb
+=c8JT
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-15:08/sendmail-01.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-15:09/xlocale.patch
===================================================================
--- head/share/security/patches/EN-15:09/xlocale.patch (nonexistent)
+++ head/share/security/patches/EN-15:09/xlocale.patch (revision 46903)
@@ -0,0 +1,58 @@
+Index: lib/libc/locale/setrunelocale.c
+===================================================================
+--- lib/libc/locale/setrunelocale.c (revision 284940)
++++ lib/libc/locale/setrunelocale.c (working copy)
+@@ -202,6 +202,8 @@ __set_thread_rune_locale(locale_t loc)
+
+ if (loc == NULL) {
+ _ThreadRuneLocale = &_DefaultRuneLocale;
++ } else if (loc == LC_GLOBAL_LOCALE) {
++ _ThreadRuneLocale = 0;
+ } else {
+ _ThreadRuneLocale = XLOCALE_CTYPE(loc)->runes;
+ }
+Index: lib/libc/locale/xlocale.c
+===================================================================
+--- lib/libc/locale/xlocale.c (revision 284940)
++++ lib/libc/locale/xlocale.c (working copy)
+@@ -154,23 +154,24 @@ __get_locale(void)
+ static void
+ set_thread_locale(locale_t loc)
+ {
++ locale_t l = (loc == LC_GLOBAL_LOCALE) ? 0 : loc;
+
+ _once(&once_control, init_key);
+
+- if (NULL != loc) {
+- xlocale_retain((struct xlocale_refcounted*)loc);
++ if (NULL != l) {
++ xlocale_retain((struct xlocale_refcounted*)l);
+ }
+ locale_t old = pthread_getspecific(locale_info_key);
+- if ((NULL != old) && (loc != old)) {
++ if ((NULL != old) && (l != old)) {
+ xlocale_release((struct xlocale_refcounted*)old);
+ }
+ if (fake_tls) {
+- thread_local_locale = loc;
++ thread_local_locale = l;
+ } else {
+- pthread_setspecific(locale_info_key, loc);
++ pthread_setspecific(locale_info_key, l);
+ }
+ #ifndef __NO_TLS
+- __thread_locale = loc;
++ __thread_locale = l;
+ __set_thread_rune_locale(loc);
+ #endif
+ }
+@@ -361,9 +362,6 @@ locale_t uselocale(locale_t loc)
+ {
+ locale_t old = get_thread_locale();
+ if (NULL != loc) {
+- if (LC_GLOBAL_LOCALE == loc) {
+- loc = NULL;
+- }
+ set_thread_locale(loc);
+ }
+ return (old ? old : LC_GLOBAL_LOCALE);
Property changes on: head/share/security/patches/EN-15:09/xlocale.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-15:09/xlocale.patch.asc
===================================================================
--- head/share/security/patches/EN-15:09/xlocale.patch.asc (nonexistent)
+++ head/share/security/patches/EN-15:09/xlocale.patch.asc (revision 46903)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rnwpgQAI29DAkpuY6cD9vJNtVvD/BC
+EeGcYGO+hq82b5QAVS1778ETaQOPZjPrVycj3o8pFjCdVTaCCVhutKbEVxojDTAj
+pqPpTvBZqcAf9pfBL7mPGLjfF8gzKiLVwNMNxfs/uC++rWdebdVUMI3sWntnc85c
+a8oplvXIBuXJHXOd2xNG2c6+Zdo4GJBAouUxMvkneUwS5Sw8sB+cMJt5UZ5lHbRH
+qgekU+v4HLjurK10WWzBKN178y/+mOhvZ0gck0ft0BR4EZmaaFJqBYE6otUDz9MM
+W9dG2e+Bfg5VmVhuVZMetIFPzLmhTQtwciGhp5JFT5lBzx2JyLlZ9mztDo6s+hwm
+wsD8/Wf6xK0UbxLrlCi3cjNS/MKUmjjTJkFnbPnUljU3khmOjeGRkT3LZJL0eOft
+U/UU+AzOOUKXLAgOWuYjaG6a3QB1aAB6dEPX5YpMfdsprM6r3D9mYWLF6b2ieD/2
+QKZiQTUasJno5lXsyp6p/sEW59prPYOsWOtv5m65Tzjim+/rxX41w0vDTm8Ou2rh
+yHfCJidFL6AzYZEWh6dS2AGS/EW0hgWtp5frOP65cfNlFHdXiZqv21Xq0IRchs+L
+mYpWpxpzbdA7vk33tvolkv+TahgPCXML0waCucKEY9p8vRfl+wJo2vs3kqozl0jG
+rzjVDz4t+4Kbr0LNm9aI
+=BvyK
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-15:09/xlocale.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-15:10/iconv.patch
===================================================================
--- head/share/security/patches/EN-15:10/iconv.patch (nonexistent)
+++ head/share/security/patches/EN-15:10/iconv.patch (revision 46903)
@@ -0,0 +1,107 @@
+Index: lib/libiconv_modules/UTF7/citrus_utf7.c
+===================================================================
+--- lib/libiconv_modules/UTF7/citrus_utf7.c (revision 284940)
++++ lib/libiconv_modules/UTF7/citrus_utf7.c (working copy)
+@@ -62,8 +62,7 @@ typedef struct {
+ unsigned int
+ mode: 1, /* whether base64 mode */
+ bits: 4, /* need to hold 0 - 15 */
+- cache: 22, /* 22 = BASE64_BIT + UTF16_BIT */
+- surrogate: 1; /* whether surrogate pair or not */
++ cache: 22; /* 22 = BASE64_BIT + UTF16_BIT */
+ int chlen;
+ char ch[4]; /* BASE64_IN, 3 * 6 = 18, most closed to UTF16_BIT */
+ } _UTF7State;
+@@ -154,12 +153,11 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
+ uint16_t * __restrict u16, const char ** __restrict s, size_t n,
+ _UTF7State * __restrict psenc, size_t * __restrict nresult)
+ {
+- _UTF7State sv;
+ const char *s0;
+ int done, i, len;
+
++ *nresult = 0;
+ s0 = *s;
+- sv = *psenc;
+
+ for (i = 0, done = 0; done == 0; i++) {
+ if (i == psenc->chlen) {
+@@ -166,9 +164,6 @@ _citrus_UTF7_mbtoutf16(_UTF7EncodingInfo * __restr
+ if (n-- < 1) {
+ *nresult = (size_t)-2;
+ *s = s0;
+- sv.chlen = psenc->chlen;
+- memcpy(sv.ch, psenc->ch, sizeof(sv.ch));
+- *psenc = sv;
+ return (0);
+ }
+ psenc->ch[psenc->chlen++] = *s0++;
+@@ -257,34 +252,31 @@ _citrus_UTF7_mbrtowc_priv(_UTF7EncodingInfo * __re
+ *nresult = (size_t)_ENCODING_IS_STATE_DEPENDENT;
+ return (0);
+ }
+- if (psenc->surrogate) {
+- hi = (psenc->cache >> psenc->bits) & UTF16_MAX;
+- if (hi < HISRG_MIN || hi > HISRG_MAX)
+- return (EINVAL);
+- siz = 0;
+- } else {
+- err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
+- if (nr == (size_t)-1 || nr == (size_t)-2) {
+- *nresult = nr;
+- return (err);
+- }
+- if (err != 0)
+- return (err);
+- n -= nr;
+- siz = nr;
+- if (hi < HISRG_MIN || hi > HISRG_MAX) {
+- u32 = (uint32_t)hi;
+- goto done;
+- }
+- psenc->surrogate = 1;
++ err = _citrus_UTF7_mbtoutf16(ei, &hi, s, n, psenc, &nr);
++ if (nr == (size_t)-1 || nr == (size_t)-2) {
++ *nresult = nr;
++ return (err);
+ }
++ if (err != 0)
++ return (err);
++ n -= nr;
++ siz = nr;
++ if (hi < HISRG_MIN || hi > HISRG_MAX) {
++ u32 = (uint32_t)hi;
++ goto done;
++ }
+ err = _citrus_UTF7_mbtoutf16(ei, &lo, s, n, psenc, &nr);
+ if (nr == (size_t)-1 || nr == (size_t)-2) {
++ psenc->chlen = 1; /* make get_state_desc return incomplete */
+ *nresult = nr;
+ return (err);
+ }
+ if (err != 0)
+ return (err);
++ if (lo < LOSRG_MIN || lo > LOSRG_MAX) {
++ *nresult = (size_t)-1;
++ return (EILSEQ);
++ }
+ hi -= HISRG_MIN;
+ lo -= LOSRG_MIN;
+ u32 = (hi << 10 | lo) + SRG_BASE;
+@@ -297,7 +289,6 @@ done:
+ _citrus_UTF7_init_state(ei, psenc);
+ } else {
+ *nresult = siz;
+- psenc->surrogate = 0;
+ }
+ return (err);
+ }
+@@ -396,7 +387,7 @@ _citrus_UTF7_put_state_reset(_UTF7EncodingInfo * _
+ {
+ int bits, pos;
+
+- if (psenc->chlen != 0 || psenc->bits > BASE64_BIT || psenc->surrogate)
++ if (psenc->chlen != 0 || psenc->bits > BASE64_BIT)
+ return (EINVAL);
+
+ if (psenc->mode) {
Property changes on: head/share/security/patches/EN-15:10/iconv.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/EN-15:10/iconv.patch.asc
===================================================================
--- head/share/security/patches/EN-15:10/iconv.patch.asc (nonexistent)
+++ head/share/security/patches/EN-15:10/iconv.patch.asc (revision 46903)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.5 (FreeBSD)
+
+iQIcBAABCgAGBQJVkyZ+AAoJEO1n7NZdz2rn5vIP/jsofR8DW12TqLeEURwBKF+S
+mmUY4wQaCxDJQddAMRIEDHwWN0FPJnNn3sA7L40+c6iYnf1kTkK2Fimw733TAmsB
+hEZujVoFP77QUsFVGm7iYzzRu4ck76riNonNlEw8kvt1VUhJjzxFPVjkh55wRM6D
+T75JJD3VV78bfHN/umj437tsTe3wfH8el2nXXjTxyzRbucGZpz6EAkBYdnFc7PPu
+bFrEFmNVs/tD0V5C5FdoxFLkuti84FfdZ42Ad9z4o+1H80adwMLL+1dLciutLdQt
+7eHLGljdz9iDMlPhi3e8BCHM2Ij1QAa6L16BH43yTLaD/XMcM14HdwCwiNNl6YAr
+Mc6PScRwGSjZAixgL1rMR1iFtlDndyRGg6KCNydH89xIHTb+SEdEC+I6pOPvX4yg
+SAmzOwPsEGScslNbqxNeLkPlv70/zqnCihwN/8Z7M6yERYdWmfs8n8dhMBGc/UF5
+1vw/lOfOZf1CR+KJmhQQgpFknnx2aStJXdzqsTm+Bdx5n09wdRzoRVqwiuvPEBt+
+a+IInr9cybNdUeU3r+sobzuCcxfDDiRtoYtStoQ2vI7iGkuuwq8lulbBxvh1xzGH
+xolOc6tXDDn7Ndvo+pmY83/C9qI0q3TOnqWjody97zqihs+yRJwN7xrrujgngpdy
+FdClblODnEpnK3GmJsPE
+=ZMx/
+-----END PGP SIGNATURE-----
Property changes on: head/share/security/patches/EN-15:10/iconv.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/notices.xml
===================================================================
--- head/share/xml/notices.xml (revision 46902)
+++ head/share/xml/notices.xml (revision 46903)
@@ -1,519 +1,531 @@
$FreeBSD$
2015
6
+ 30
+
+
+ FreeBSD-EN-15:10.iconv
+
+
+
+ FreeBSD-EN-15:09.xlocale
+
+
+
+
18
FreeBSD-EN-15:08.sendmail
9
FreeBSD-EN-15:07.zfs
FreeBSD-EN-15:06.file
5
13
FreeBSD-EN-15:05.ufs
FreeBSD-EN-15:04.freebsd-update
2
25
FreeBSD-EN-15:03.freebsd-update
FreeBSD-EN-15:02.openssl
FreeBSD-EN-15:01.vt
2014
12
23
FreeBSD-EN-14:13.freebsd-update
11
04
FreeBSD-EN-14:12.zfs
10
22
FreeBSD-EN-14:11.crypt
FreeBSD-EN-14:10.tzdata
7
8
FreeBSD-EN-14:09.jail
6
24
FreeBSD-EN-14:08.heimdal
FreeBSD-EN-14:07.pmap
3
FreeBSD-EN-14:06.exec
5
13
FreeBSD-EN-14:05.ciss
FreeBSD-EN-14:04.kldxref
FreeBSD-EN-14:03.pkg
1
14
FreeBSD-EN-14:02.mmap
FreeBSD-EN-14:01.random
2013
11
28
FreeBSD-EN-13:05.freebsd-update
10
26
FreeBSD-EN-13:04.freebsd-update
8
22
FreeBSD-EN-13:03.mfi
6
28
FreeBSD-EN-13:01.fxp
FreeBSD-EN-13:02.vtnet
2012
6
12
FreeBSD-EN-12:02.ipv6refcount
1
4
FreeBSD-EN-12:01.freebsd-update
2010
2
27
FreeBSD-EN-10:02.sched_ule
1
6
FreeBSD-EN-10:01.freebsd
2009
10
2
FreeBSD-EN-09:05.null
6
24
FreeBSD-EN-09:04.fork
FreeBSD-EN-09:03.fxp
FreeBSD-EN-09:02.bce
3
23
FreeBSD-EN-09:01.kenv
2008
6
19
FreeBSD-EN-08:02.tcp
4
17
FreeBSD-EN-08:01.libpthread
2007
3
15
FreeBSD-EN-07:05.freebsd-update
2
28
FreeBSD-EN-07:04.zoneinfo
FreeBSD-EN-07:03.rc.d_jail
FreeBSD-EN-07:02.net
14
FreeBSD-EN-07:01.nfs
2006
8
28
FreeBSD-EN-06:02.net
7
7
FreeBSD-EN-06:01.jail
2005
12
19
FreeBSD-EN-05:04.nfs
1
16
FreeBSD-EN-05:03.ipi
6
FreeBSD-EN-05:02.sk
5
FreeBSD-EN-05:01.nfs
2004
6
28
FreeBSD-EN-04:01.twe
2
26
FreeBSD 5.2.1-RELEASE