Index: head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc	(revision 49477)
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:27.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Regression in OpenSSL suite
+
+Category:       contrib
+Module:         openssl
+Announced:      2016-10-10
+Credits:        OpenSSL Project
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-09-26 14:30:19 UTC (stable/11, 11.0-STABLE)
+                2016-09-26 20:26:19 UTC (releng/11.0, 11.0-RELEASE-p1)
+CVE Name:       CVE-2016-7052
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+The OpenSSL version included in FreeBSD 11.0-RELEASE is 1.0.2i.  The version
+has bug fix for CVE-2016-7052, which should have included CRL sanity check,
+but the check was omitted.
+
+III. Impact
+
+Any attempt to use CRLs in OpenSSL 1.0.2i will crash with a null pointer
+exception.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+Restart all daemons that use the library, or reboot the system.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Restart all daemons that use the library, or reboot the system.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:27/openssl.patch.asc
+# gpg --verify openssl.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart all daemons that use the library, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/11/                                                        r306343
+releng/11.0/                                                      r306354
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://www.openssl.org/news/secadv/20160926.txt>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7052>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:27.openssl.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnEPYQAOewieypFMknEi5Q02IBVhcC
+Bs1sczFLXaSz+4c9lNRi+m6Q5TXbW0MM9ZhZDnoLOXZ9OZ7DsQ0OVJcmWPHCSTkT
+WAlZgiB5B2xtZpLUNi0XAVPyegh+YxWCKa5mq/e4gC7BL+QhtTQqIlzsNylBDcI0
+2Tp5fPfO3vIJlSwPpsUA2peYlm2c75/dusE0+bvWnqickWbEmFdCAd8rzTLrsm9R
+w5essD2o6BzFPA9j+3X/LNaMI6ZKKa4EkaXXB42KHruDfNTV8dmYL/LLxWs6aj1f
+Li++71GPh3aZZCA5SCo6NYdI25kg4xORZzqUmYzT856kdmpaemLd8oVT8/ojOCTX
+CoNtA9yVphhYgfSGLy2BIs0u7U3H16SVjZ1oC5MjTAY6kUsEDt6x2vlKOt5452yN
+3v2fHf9I8/ibgo4d4ovpGGzvrj/8EfodmDLhjYP5RcwZH4FW1jCUzXTflsYmPWMi
+8+COC+K19MNIXR0M8ajs2M8z2ILc3pOUZ1sdrNhU1jEIyYCl8EDMEU0Bc13XlUKS
+UE92RKfxIAMh+Zyu44++8UizfOorBVKhQVd+9NthMnfXW6xlnwujjbabam8k2E5V
+Za4sBQ57JvL9aKrsbmB/hhVnxXE6jYqtp7tagXK+wwULO1SarpRp7HENd50ggH5l
+yu2DM4rkIcwzTaJEdvyT
+=5rNc
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-16:27.openssl.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-16:28.bind.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:28.bind.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:28.bind.asc	(revision 49477)
@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:28.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND remote Denial of Service vulnerability
+
+Category:       contrib
+Module:         bind
+Announced:      2016-10-10
+Credits:        ISC
+Affects:        FreeBSD 9.x
+Corrected:      2016-09-28 06:11:01 UTC (stable/9, 9.3-STABLE)
+                2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
+CVE Name:       CVE-2016-2776
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+II.  Problem Description
+
+Testing by ISC has uncovered a critical error condition which can occur when
+a nameserver is constructing a response.  A defect in the rendering of
+messages into packets can cause named to exit with an assertion failure in
+buffer.c while constructing a response to a query that meets certain
+criteria.
+
+This assertion can be triggered even if the apparent source address is not
+allowed to make queries (i.e. doesn't match 'allow-query'). [CVE-2016-2776]
+
+III. Impact
+
+A remote attacker who can send queries to a server running BIND can cause
+the server to crash, resulting in a Denial of Service condition.
+
+IV.  Workaround
+
+No workaround is available, but hosts not running named(8) are not
+vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+The named service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+2) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+The named service has to be restarted after the update.  A reboot is
+recommended but not required.
+
+3) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:28/bind.patch.asc
+# gpg --verify bind.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+Restart the named service, or reboot the system.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r306394
+releng/9.3/                                                       r306942
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://kb.isc.org/article/AA-01419>
+
+<URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:28.bind.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OlAAoJEO1n7NZdz2rnt/cQAJJ/P9/cNH4mB3Oq9kks1TJI
+thye1Bmd6BAS16UYj+S2POSkrwkTJLhg/Rtch/4O1TUJ7q86Dko/0nciF/4Qin/J
+LrNhX2TUUTpQygfWdzTqdk9EiHLKT46sNh1Two4Lb9gMuBulES9Fy40gj8y81ypv
+uys05i6DMAlY/EsmidTHFKUGGC9160XLS7wFWnlw9XglDHn2+pIDALHl77mmoXwR
+VKiCbGO6IybDV5bATh12eflCSb+IJRT0MMOwJAt3Nhzp//7t2tf+izazzfs43IH4
+HRkiDfkkxqAMus6h0Dm4xR91oe/oSzlEedKFM3ctHfQqyIi+AP0FKixf8pS72n7o
+M0W5vIbkMSuTsiOTzyQUJpQ3tExvWeZjhNZj9U5trs2YNdPCRaM3pETUdF6GZmNC
+tnPiTZFst3ARsy/4oJg8Eeo/cyrd/sfPm4fXCbXkakL7ml/Mu+/KEyq5qw43FIXn
+96/btRfHsPSpy74KRtLsqSM29eCK9puGhJIk1iBtuhuTvze/48Od7U5zWOjn8XiS
+o4oOyCtm3nQfB8VIzfypFAIUFFOqfHmsfP3s51J9tUXjxvORO3UWD3/R2wXLre2Y
+Z5+s7IUhesunZztGtaUFCqG28KCrzmSiIVXGRd/IsQCuTJ4DNiUFZofKYdI0B7fE
+hrSETFwDg/OYusZ5/96D
+=v9vM
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-16:28.bind.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc	(revision 49477)
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:29.bspatch                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Heap overflow vulnerability in bspatch
+
+Category:       core
+Module:         bsdiff
+Announced:      2016-10-10
+Affects:        All supported versions of FreeBSD.
+                2016-09-22 21:05:21 UTC (stable/11, 11.0-STABLE)
+                2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1)
+                2016-09-22 21:16:54 UTC (stable/10, 10.3-STABLE)
+                2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10)
+                2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23)
+                2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40)
+                2016-09-23 01:52:06 UTC (stable/9, 9.3-STABLE)
+                2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The bspatch utility generates newfile from oldfile and patchfile where
+patchfile is a binary patch built by bsdiff(1).
+
+II.  Problem Description
+
+The implementation of bspatch is susceptible to integer overflows with
+carefully crafted input, potentially allowing an attacker who can control
+the patch file to write at arbitrary locations in the heap. This issue
+was partially addressed in FreeBSD-SA-16:25.bspatch, but some possible
+integer overflows remained.
+
+III. Impact
+
+An attacker who can control the patch file can cause a crash or run arbitrary
+code under the credentials of the user who runs bspatch, in many cases, root.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility.
+
+Because this vulnerability exists in bspatch, a component used by
+freebsd-update, a special procedure must be followed to safely update.
+First, truncate bspatch to a zero byte file:
+
+# :> /usr/bin/bspatch
+
+FreeBSD-update will fall back to replacing bspatch, rather than applying
+a binary patch. Proceed with FreeBSD-update as usual:
+
+# freebsd-update fetch
+# freebsd-update install
+
+No reboot is needed.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:29/bspatch.patch.asc
+# gpg --verify bspatch.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r306222
+releng/9.3/                                                       r306942
+stable/10/                                                        r306215
+releng/10.1/                                                      r306941
+releng/10.2/                                                      r306941
+releng/10.3/                                                      r306941
+stable/11/                                                        r306213
+releng/11.0/                                                      r306379
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:29.bspatch.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OmAAoJEO1n7NZdz2rnMHQQALyzQ6rIFLMV+qfIKr/dxUmv
+frrY3rE8GbHNI6UYnlB7T97SZBVG2lOGpUO7sGNzsqAol+aBEn44mX88ijCQk+mc
+pIHcbwACkAG6u5c6nyelHAa3ZLc8PkPbNaryjfc9Y0vZxGFKI5ETpdN1nFxUBKRA
+eGt4h4GW3ZxHTkc3DDogDM6kBds3DYAnQjnqvkH6QesM/cMIdnU2NMjIrYDdtcsJ
+Mp92PqRl8/qCZxcpfoHSl3S190Dmu9KNjEwXdk8gvtr7aTe/OG9fcIOAwIJHMi/n
+E3tojTrSGLl0v9yuznG8rU0Hr6VyFNRv9i5QhPEQF4ZQ0HT2/naV0v/THMB1JdeR
+8rszvO8HIdYkKEYPEp4RZ+QWJX36xK0ZOA0BSF3+OW6VYMIEB+iMvK1xAlGWmyJq
+D6f5AQuw559o4MNZ9gh1tXl+PXjYHvwSOrHb1EZ7mDZ3zVarn8TwUjxaE2ILIhjW
+wS+wqbxZt1eENfKbhLHxSavIE+Bi59ab/iymmOFtFdgDDDpQhzx13MUFM17v270g
+1OCXnx7HLMIr5ibndJBQbjPmZT0InMM9856Hij8UhcFjyFpytCJie7sVcDFG9nNp
+z3VXrSIdEIA5MwaD6MYGW8nUfBwQnD/rSh6t2Tt4qz24FPk9K9pbzpb8CDIOImiF
+GnLZXJQlgmJ55XOa0EgR
+=uRNW
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-16:29.bspatch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc	(revision 49477)
@@ -0,0 +1,149 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:30.portsnap                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple portsnap vulnerabilities
+
+Category:       core
+Module:         portsnap
+Announced:      2016-10-10
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-09-28 21:33:35 UTC (stable/11, 11.0-STABLE)
+                2016-09-28 22:04:07 UTC (releng/11.0, 11.0-RELEASE-p1)
+                2016-10-05 00:33:06 UTC (stable/10, 10.3-STABLE)
+                2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10)
+                2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23)
+                2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40)
+                2016-10-05 01:01:10 UTC (stable/9, 9.3-STABLE)
+                2016-10-10 07:19:16 UTC (releng/9.3, 9.3-RELEASE-p48)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The portsnap utility is used to fetch and update compressed snapshots of
+the FreeBSD ports tree. Portsnap fetches snapshots and updates over http,
+and then cryptographically verifies the downloaded files.
+
+II.  Problem Description
+
+Flaws in portsnap's verification of downloaded tar files allows additional
+files to be included without causing the verification to fail. Portsnap may
+then use or execute these files.
+
+III. Impact
+
+An attacker who can conduct man in the middle attack on the network at the
+time when portsnap is run can cause portsnap to execute arbitrary commands
+under the credentials of the user who runs portsnap, typically root.
+
+IV.  Workaround
+
+The ports tree may be obtained by methods other than portsnap, as
+described in the FreeBSD handbook.
+
+V.   Solution
+
+portsnap has been modified to explicitly validate compressed files within
+the tar file by full name, rather than relying on gunzip's filename search
+logic. portsnap now verifies that snapshots contain only the expected files.
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility.
+
+This advisory is released concurrently with FreeBSD-SA-16:29.bspatch
+which contains special instructions for using freebsd-update. Following
+the instructions in that advisory will safely apply updates for
+FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and
+FreeBSD-SA-16:31.libarchive.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 10.x]
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-10.patch.asc
+# gpg --verify portsnap-10.patch.asc
+
+[FreeBSD 9.3]
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:30/portsnap-9.3.patch.asc
+# gpg --verify portsnap-9.3.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/9/                                                         r306701
+releng/9.3/                                                       r306942
+stable/10/                                                        r306697
+releng/10.1/                                                      r306941
+releng/10.2/                                                      r306941
+releng/10.3/                                                      r306941
+stable/11/                                                        r306418
+releng/11.0/                                                      r306419
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:30.portsnap.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OqAAoJEO1n7NZdz2rns54P/3N6V4ZGWZ8jXDSw7KPRhF16
+gUs2AQx+rL+o5rOVsMZ6DulVtFP+AzUvEsLIJeARdaOJar9St1cQVTZHa+8CtWr5
+aCSgx5r39srcvvMuQ34z0yss7eEkHRubzkIzrjHcD6MweFg4tAIufXHgxmhNVuKp
+QOQCwUbWIp8MssNbd/nYr1fpNoEvhkuzEv+EsvU+gTXeYNbHDS8zN/XC1a4167Q9
+flFCqVn45ZpYR+2ifeLv0s+Rj4MQdnaCUYPpt1JoY5pIr/1GbNuywam9YgUQJZ7o
+gbY+S9Un0aByEOmPgD2e6qb8qhQFtaJgAbhB51dsI/qpZUljQKERmV1vd78drqWB
+1gss/MFe5oyxZ5IbmHLBabIcKvvtH72gSaD8Zp973TbD72usjC/ZfdkukNBlWkbm
+M4PFTK+VQA1y5c8R2RduVoz3ioaBtRisxqqGOi0i3AUgiWx6IeP9jkIana28dGtJ
+Mkm4ZiWBj12lT5B+gafpy7+bLkbYl2sEFYIt+YUlJ1GqAumyDnnmYt5rDhZwMLFo
+7ywCpCwtoBc49sCV7szV4MdFw0Zmo8tT0uiWBehferN1SHygKVNGnXIj+NotRXx0
+mp0j7pgK4AcML2y7pJLEUwyWUKE5tBkPKmHg+4ELhqPb0mjm+A+KHX/8vXxlPpRJ
+2yVhfIubEhECQJeJKAqm
+=y+kG
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-16:30.portsnap.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc
===================================================================
--- head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc	(nonexistent)
+++ head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc	(revision 49477)
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+=============================================================================
+FreeBSD-SA-16:31.libarchive                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple libarchive vulnerabilities
+
+Category:       core
+Module:         portsnap
+Announced:      2016-10-05
+Affects:        All supported versions of FreeBSD.
+Corrected:      2016-09-25 22:02:27 UTC (stable/11, 11.0-STABLE)
+                2016-09-27 19:36:12 UTC (releng/11.0, 11.0-RELEASE-p1)
+                2016-09-25 22:04:02 UTC (stable/10, 10.3-STABLE)
+                2016-10-10 07:18:54 UTC (releng/10.3, 10.3-RELEASE-p10)
+                2016-10-10 07:18:54 UTC (releng/10.2, 10.2-RELEASE-p23)
+                2016-10-10 07:18:54 UTC (releng/10.1, 10.1-RELEASE-p40)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:https://security.FreeBSD.org/>.
+
+I.   Background
+
+The libarchive(3) library provides a flexible interface for reading and
+writing streaming archive files such as tar(1) and cpio(1), and has been the
+basis for the FreeBSD implementation of the tar(1) and cpio(1) utilities
+since FreeBSD 5.3.
+
+II.  Problem Description
+
+Flaws in libarchive's handling of symlinks and hard links allow overwriting
+files outside the extraction directory, or permission changes to a directory
+outside the extraction directory.
+
+III. Impact
+
+An attacker who can control freebsd-update's or portsnap's input to tar can
+change file content or permisssions on files outside of the update tool's
+working sandbox.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Upgrade your vulnerable system to a supported FreeBSD stable or
+release / security branch (releng) dated after the correction date.
+
+No reboot is needed.
+
+Perform one of the following:
+
+1) To update your vulnerable system via a binary patch:
+
+Systems running a RELEASE version of FreeBSD on the i386 or amd64
+platforms can be updated via the freebsd-update(8) utility.
+
+This advisory is released concurrently with FreeBSD-SA-16:29.bspatch
+which contains special instructions for using freebsd-update. Following
+the instructions in that advisory will safely apply updates for
+FreeBSD-SA-16:29.bspatch, FreeBSD-SA-16:30.portsnap, and
+FreeBSD-SA-16:31.libarchive.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to the applicable
+FreeBSD release branches.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch
+# fetch https://security.FreeBSD.org/patches/SA-16:31/libarchive.patch.asc
+# gpg --verify libarchive.patch.asc
+
+b) Apply the patch.  Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system using buildworld and installworld as
+described in <URL:https://www.FreeBSD.org/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the correction revision numbers for each
+affected branch.
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/10/                                                        r306322
+releng/10.1/                                                      r306941
+releng/10.2/                                                      r306941
+releng/10.3/                                                      r306941
+stable/11/                                                        r306321
+releng/11.0/                                                      r306379
+- -------------------------------------------------------------------------
+
+To see which files were modified by a particular revision, run the
+following command, replacing NNNNNN with the revision number, on a
+machine with Subversion installed:
+
+# svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base
+
+Or visit the following URL, replacing NNNNNN with the revision number:
+
+<URL:https://svnweb.freebsd.org/base?view=revision&revision=NNNNNN>
+
+VII. References
+
+<URL:https://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f>
+<URL:https://github.com/libarchive/libarchive/issues/743>
+
+The latest revision of this advisory is available at
+<URL:https://security.FreeBSD.org/advisories/FreeBSD-SA-16:31.libarchive.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAEBCgAGBQJX+0OrAAoJEO1n7NZdz2rnkaAP/i5Njok8Lg3ogwRGVo/HVQfA
+AzRz2oQ5oAuwZhmpkQ3CzHArRsaTGuKK5C1SNJpmEDuq5XM2u5Td2ph/R5ry0fwF
+7B58Ci+o7ngRWtJ/N8dYk3cXfg0sjPZKDO1otIyfh8HF3UAq5uB3/w/8UFOpqcxQ
+guMKahd/r9PnfrD8GtS+t/2V+KHInNH0J4YD/+hoqcdZPzMKtlE5D5OjqOov9rVn
+myQwAuN+w2buPj2gXSuubq5wTNFOvj8u06mVpRj+0X0VoybdN5cohuqSx7s4vlw+
+/qV7gT2993aijXp43dGGSUeuGl1ZbrKp233vntkIYrsjJzaw56YMHL3ushopGGhj
+OfC/ilXmsUjrlHgCrWpMiTuN7cdWDXrpMnaf4c99yMxdYUuRtbbnVthdOpZB8iOt
+7xeVnvHiYTYbQu+4xy4SPOWqPLOnrbwVqIocXU1QjWJice5A3EU/mSAd2IpX04a2
+prdlaGxBNZlziLgzsZoiER+5u0S3owbx7y2SVhMEslHyrRQ92X7SZjfu4NrvlX5k
+Dw6xjpHD51pshj4GXTPuznbCyd8246u1fRnH3fnlNLhz5/XhrYbG+OVQ9WDbnX2C
+6SzS/oOcjA9qcq1+Ghmz6G7S2MuWZ0XcKfzV0ygX2RZEhU1p0rZfsF/2cGrKIGY1
+JguXI1tZdrjfSZisAI+l
+=vqSJ
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/advisories/FreeBSD-SA-16:31.libarchive.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:27/openssl.patch
===================================================================
--- head/share/security/patches/SA-16:27/openssl.patch	(nonexistent)
+++ head/share/security/patches/SA-16:27/openssl.patch	(revision 49477)
@@ -0,0 +1,4151 @@
+--- crypto/openssl/crypto/engine/eng_cryptodev.c.orig
++++ crypto/openssl/crypto/engine/eng_cryptodev.c
+@@ -939,7 +939,7 @@
+     if (fstate->mac_len != 0) {
+         if (fstate->mac_data != NULL) {
+             dstate->mac_data = OPENSSL_malloc(fstate->mac_len);
+-            if (dstate->ac_data == NULL) {
++            if (dstate->mac_data == NULL) {
+                 printf("cryptodev_digest_init: malloc failed\n");
+                 return 0;
+             }
+--- crypto/openssl/crypto/x509/x509_vfy.c.orig
++++ crypto/openssl/crypto/x509/x509_vfy.c
+@@ -1124,10 +1124,10 @@
+         crl = sk_X509_CRL_value(crls, i);
+         reasons = *preasons;
+         crl_score = get_crl_score(ctx, &crl_issuer, &reasons, crl, x);
+-        if (crl_score < best_score)
++        if (crl_score < best_score || crl_score == 0)
+             continue;
+         /* If current CRL is equivalent use it if it is newer */
+-        if (crl_score == best_score) {
++        if (crl_score == best_score && best_crl != NULL) {
+             int day, sec;
+             if (ASN1_TIME_diff(&day, &sec, X509_CRL_get_lastUpdate(best_crl),
+                                X509_CRL_get_lastUpdate(crl)) == 0)
+--- crypto/openssl/crypto/opensslv.h.orig
++++ crypto/openssl/crypto/opensslv.h
+@@ -30,11 +30,11 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-# define OPENSSL_VERSION_NUMBER  0x1000209fL
++# define OPENSSL_VERSION_NUMBER  0x100020afL
+ # ifdef OPENSSL_FIPS
+-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i-fips  22 Sep 2016"
++#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-fips  26 Sep 2016"
+ # else
+-#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2i-freebsd  22 Sep 2016"
++#  define OPENSSL_VERSION_TEXT    "OpenSSL 1.0.2j-freebsd  26 Sep 2016"
+ # endif
+ # define OPENSSL_VERSION_PTEXT   " part of " OPENSSL_VERSION_TEXT
+ 
+--- crypto/openssl/ssl/t1_ext.c.orig
++++ crypto/openssl/ssl/t1_ext.c
+@@ -275,7 +275,9 @@
+     case TLSEXT_TYPE_ec_point_formats:
+     case TLSEXT_TYPE_elliptic_curves:
+     case TLSEXT_TYPE_heartbeat:
++# ifndef OPENSSL_NO_NEXTPROTONEG
+     case TLSEXT_TYPE_next_proto_neg:
++# endif
+     case TLSEXT_TYPE_padding:
+     case TLSEXT_TYPE_renegotiate:
+     case TLSEXT_TYPE_server_name:
+--- crypto/openssl/CHANGES.orig
++++ crypto/openssl/CHANGES
+@@ -2,6 +2,18 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes between 1.0.2i and 1.0.2j [26 Sep 2016]
++
++  *) Missing CRL sanity check
++
++     A bug fix which included a CRL sanity check was added to OpenSSL 1.1.0
++     but was omitted from OpenSSL 1.0.2i. As a result any attempt to use
++     CRLs in OpenSSL 1.0.2i will crash with a null pointer exception.
++
++     This issue only affects the OpenSSL 1.0.2i
++     (CVE-2016-7052)
++     [Matt Caswell]
++
+  Changes between 1.0.2h and 1.0.2i [22 Sep 2016]
+ 
+   *) OCSP Status Request extension unbounded memory growth
+--- crypto/openssl/Makefile.orig
++++ crypto/openssl/Makefile
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+ 
+-VERSION=1.0.2i
++VERSION=1.0.2j
+ MAJOR=1
+ MINOR=0.2
+ SHLIB_VERSION_NUMBER=1.0.0
+--- crypto/openssl/NEWS.orig
++++ crypto/openssl/NEWS
+@@ -5,6 +5,10 @@
+   This file gives a brief overview of the major changes between each OpenSSL
+   release. For more details please read the CHANGES file.
+ 
++  Major changes between OpenSSL 1.0.2i and OpenSSL 1.0.2j [26 Sep 2016]
++
++      o Fix Use After Free for large message sizes (CVE-2016-6309)
++
+   Major changes between OpenSSL 1.0.2h and OpenSSL 1.0.2i [22 Sep 2016]
+ 
+       o OCSP Status Request extension unbounded memory growth (CVE-2016-6304)
+--- crypto/openssl/README.orig
++++ crypto/openssl/README
+@@ -1,5 +1,5 @@
+ 
+- OpenSSL 1.0.2i 22 Sep 2016
++ OpenSSL 1.0.2j 26 Sep 2016
+ 
+  Copyright (c) 1998-2015 The OpenSSL Project
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+--- secure/lib/libcrypto/man/ASN1_OBJECT_new.3.orig
++++ secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_OBJECT_new 3"
+-.TH ASN1_OBJECT_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_OBJECT_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_STRING_length.3.orig
++++ secure/lib/libcrypto/man/ASN1_STRING_length.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_STRING_length 3"
+-.TH ASN1_STRING_length 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_STRING_length 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_STRING_new.3.orig
++++ secure/lib/libcrypto/man/ASN1_STRING_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_STRING_new 3"
+-.TH ASN1_STRING_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_STRING_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_STRING_print_ex.3.orig
++++ secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_STRING_print_ex 3"
+-.TH ASN1_STRING_print_ex 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_STRING_print_ex 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_TIME_set.3.orig
++++ secure/lib/libcrypto/man/ASN1_TIME_set.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_TIME_set 3"
+-.TH ASN1_TIME_set 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_TIME_set 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ASN1_generate_nconf.3.orig
++++ secure/lib/libcrypto/man/ASN1_generate_nconf.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1_generate_nconf 3"
+-.TH ASN1_generate_nconf 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1_generate_nconf 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_ctrl.3.orig
++++ secure/lib/libcrypto/man/BIO_ctrl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_ctrl 3"
+-.TH BIO_ctrl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_ctrl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_base64.3.orig
++++ secure/lib/libcrypto/man/BIO_f_base64.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_base64 3"
+-.TH BIO_f_base64 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_base64 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_buffer.3.orig
++++ secure/lib/libcrypto/man/BIO_f_buffer.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_buffer 3"
+-.TH BIO_f_buffer 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_buffer 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_cipher.3.orig
++++ secure/lib/libcrypto/man/BIO_f_cipher.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_cipher 3"
+-.TH BIO_f_cipher 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_cipher 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_md.3.orig
++++ secure/lib/libcrypto/man/BIO_f_md.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_md 3"
+-.TH BIO_f_md 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_md 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_null.3.orig
++++ secure/lib/libcrypto/man/BIO_f_null.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_null 3"
+-.TH BIO_f_null 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_null 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_f_ssl.3.orig
++++ secure/lib/libcrypto/man/BIO_f_ssl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_f_ssl 3"
+-.TH BIO_f_ssl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_f_ssl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_find_type.3.orig
++++ secure/lib/libcrypto/man/BIO_find_type.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_find_type 3"
+-.TH BIO_find_type 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_find_type 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_new.3.orig
++++ secure/lib/libcrypto/man/BIO_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_new 3"
+-.TH BIO_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_new_CMS.3.orig
++++ secure/lib/libcrypto/man/BIO_new_CMS.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_new_CMS 3"
+-.TH BIO_new_CMS 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_new_CMS 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_push.3.orig
++++ secure/lib/libcrypto/man/BIO_push.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_push 3"
+-.TH BIO_push 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_push 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_read.3.orig
++++ secure/lib/libcrypto/man/BIO_read.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_read 3"
+-.TH BIO_read 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_read 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_accept.3.orig
++++ secure/lib/libcrypto/man/BIO_s_accept.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_accept 3"
+-.TH BIO_s_accept 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_accept 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_bio.3.orig
++++ secure/lib/libcrypto/man/BIO_s_bio.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_bio 3"
+-.TH BIO_s_bio 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_bio 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_connect.3.orig
++++ secure/lib/libcrypto/man/BIO_s_connect.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_connect 3"
+-.TH BIO_s_connect 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_connect 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_fd.3.orig
++++ secure/lib/libcrypto/man/BIO_s_fd.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_fd 3"
+-.TH BIO_s_fd 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_fd 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_file.3.orig
++++ secure/lib/libcrypto/man/BIO_s_file.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_file 3"
+-.TH BIO_s_file 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_file 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_mem.3.orig
++++ secure/lib/libcrypto/man/BIO_s_mem.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_mem 3"
+-.TH BIO_s_mem 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_mem 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_null.3.orig
++++ secure/lib/libcrypto/man/BIO_s_null.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_null 3"
+-.TH BIO_s_null 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_null 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_s_socket.3.orig
++++ secure/lib/libcrypto/man/BIO_s_socket.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_s_socket 3"
+-.TH BIO_s_socket 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_s_socket 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_set_callback.3.orig
++++ secure/lib/libcrypto/man/BIO_set_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_set_callback 3"
+-.TH BIO_set_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_set_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BIO_should_retry.3.orig
++++ secure/lib/libcrypto/man/BIO_should_retry.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BIO_should_retry 3"
+-.TH BIO_should_retry 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BIO_should_retry 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_BLINDING_new.3.orig
++++ secure/lib/libcrypto/man/BN_BLINDING_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_BLINDING_new 3"
+-.TH BN_BLINDING_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_BLINDING_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_CTX_new.3.orig
++++ secure/lib/libcrypto/man/BN_CTX_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_CTX_new 3"
+-.TH BN_CTX_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_CTX_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_CTX_start.3.orig
++++ secure/lib/libcrypto/man/BN_CTX_start.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_CTX_start 3"
+-.TH BN_CTX_start 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_CTX_start 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_add.3.orig
++++ secure/lib/libcrypto/man/BN_add.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_add 3"
+-.TH BN_add 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_add 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_add_word.3.orig
++++ secure/lib/libcrypto/man/BN_add_word.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_add_word 3"
+-.TH BN_add_word 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_add_word 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_bn2bin.3.orig
++++ secure/lib/libcrypto/man/BN_bn2bin.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_bn2bin 3"
+-.TH BN_bn2bin 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_bn2bin 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_cmp.3.orig
++++ secure/lib/libcrypto/man/BN_cmp.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_cmp 3"
+-.TH BN_cmp 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_cmp 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_copy.3.orig
++++ secure/lib/libcrypto/man/BN_copy.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_copy 3"
+-.TH BN_copy 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_copy 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_generate_prime.3.orig
++++ secure/lib/libcrypto/man/BN_generate_prime.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_generate_prime 3"
+-.TH BN_generate_prime 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_generate_prime 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_mod_inverse.3.orig
++++ secure/lib/libcrypto/man/BN_mod_inverse.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_mod_inverse 3"
+-.TH BN_mod_inverse 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_mod_inverse 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_mod_mul_montgomery.3.orig
++++ secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_mod_mul_montgomery 3"
+-.TH BN_mod_mul_montgomery 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_mod_mul_montgomery 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3.orig
++++ secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_mod_mul_reciprocal 3"
+-.TH BN_mod_mul_reciprocal 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_mod_mul_reciprocal 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_new.3.orig
++++ secure/lib/libcrypto/man/BN_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_new 3"
+-.TH BN_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_num_bytes.3.orig
++++ secure/lib/libcrypto/man/BN_num_bytes.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_num_bytes 3"
+-.TH BN_num_bytes 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_num_bytes 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_rand.3.orig
++++ secure/lib/libcrypto/man/BN_rand.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_rand 3"
+-.TH BN_rand 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_rand 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_set_bit.3.orig
++++ secure/lib/libcrypto/man/BN_set_bit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_set_bit 3"
+-.TH BN_set_bit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_set_bit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_swap.3.orig
++++ secure/lib/libcrypto/man/BN_swap.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_swap 3"
+-.TH BN_swap 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_swap 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/BN_zero.3.orig
++++ secure/lib/libcrypto/man/BN_zero.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "BN_zero 3"
+-.TH BN_zero 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH BN_zero 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_add0_cert.3.orig
++++ secure/lib/libcrypto/man/CMS_add0_cert.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_add0_cert 3"
+-.TH CMS_add0_cert 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_add0_cert 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_add1_recipient_cert.3.orig
++++ secure/lib/libcrypto/man/CMS_add1_recipient_cert.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_add1_recipient_cert 3"
+-.TH CMS_add1_recipient_cert 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_add1_recipient_cert 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_add1_signer.3.orig
++++ secure/lib/libcrypto/man/CMS_add1_signer.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_add1_signer 3"
+-.TH CMS_add1_signer 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_add1_signer 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_compress.3.orig
++++ secure/lib/libcrypto/man/CMS_compress.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_compress 3"
+-.TH CMS_compress 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_compress 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_decrypt.3.orig
++++ secure/lib/libcrypto/man/CMS_decrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_decrypt 3"
+-.TH CMS_decrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_decrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_encrypt.3.orig
++++ secure/lib/libcrypto/man/CMS_encrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_encrypt 3"
+-.TH CMS_encrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_encrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_final.3.orig
++++ secure/lib/libcrypto/man/CMS_final.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_final 3"
+-.TH CMS_final 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_final 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3.orig
++++ secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_get0_RecipientInfos 3"
+-.TH CMS_get0_RecipientInfos 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_get0_RecipientInfos 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_get0_SignerInfos.3.orig
++++ secure/lib/libcrypto/man/CMS_get0_SignerInfos.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_get0_SignerInfos 3"
+-.TH CMS_get0_SignerInfos 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_get0_SignerInfos 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_get0_type.3.orig
++++ secure/lib/libcrypto/man/CMS_get0_type.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_get0_type 3"
+-.TH CMS_get0_type 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_get0_type 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3.orig
++++ secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_get1_ReceiptRequest 3"
+-.TH CMS_get1_ReceiptRequest 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_get1_ReceiptRequest 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_sign.3.orig
++++ secure/lib/libcrypto/man/CMS_sign.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_sign 3"
+-.TH CMS_sign 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_sign 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_sign_receipt.3.orig
++++ secure/lib/libcrypto/man/CMS_sign_receipt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_sign_receipt 3"
+-.TH CMS_sign_receipt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_sign_receipt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_uncompress.3.orig
++++ secure/lib/libcrypto/man/CMS_uncompress.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_uncompress 3"
+-.TH CMS_uncompress 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_uncompress 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_verify.3.orig
++++ secure/lib/libcrypto/man/CMS_verify.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_verify 3"
+-.TH CMS_verify 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_verify 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CMS_verify_receipt.3.orig
++++ secure/lib/libcrypto/man/CMS_verify_receipt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS_verify_receipt 3"
+-.TH CMS_verify_receipt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS_verify_receipt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CONF_modules_free.3.orig
++++ secure/lib/libcrypto/man/CONF_modules_free.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CONF_modules_free 3"
+-.TH CONF_modules_free 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CONF_modules_free 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CONF_modules_load_file.3.orig
++++ secure/lib/libcrypto/man/CONF_modules_load_file.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CONF_modules_load_file 3"
+-.TH CONF_modules_load_file 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CONF_modules_load_file 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/CRYPTO_set_ex_data.3.orig
++++ secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CRYPTO_set_ex_data 3"
+-.TH CRYPTO_set_ex_data 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CRYPTO_set_ex_data 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DH_generate_key.3.orig
++++ secure/lib/libcrypto/man/DH_generate_key.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DH_generate_key 3"
+-.TH DH_generate_key 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DH_generate_key 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DH_generate_parameters.3.orig
++++ secure/lib/libcrypto/man/DH_generate_parameters.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DH_generate_parameters 3"
+-.TH DH_generate_parameters 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DH_generate_parameters 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DH_get_ex_new_index.3.orig
++++ secure/lib/libcrypto/man/DH_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DH_get_ex_new_index 3"
+-.TH DH_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DH_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DH_new.3.orig
++++ secure/lib/libcrypto/man/DH_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DH_new 3"
+-.TH DH_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DH_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DH_set_method.3.orig
++++ secure/lib/libcrypto/man/DH_set_method.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DH_set_method 3"
+-.TH DH_set_method 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DH_set_method 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DH_size.3.orig
++++ secure/lib/libcrypto/man/DH_size.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DH_size 3"
+-.TH DH_size 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DH_size 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_SIG_new.3.orig
++++ secure/lib/libcrypto/man/DSA_SIG_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_SIG_new 3"
+-.TH DSA_SIG_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_SIG_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_do_sign.3.orig
++++ secure/lib/libcrypto/man/DSA_do_sign.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_do_sign 3"
+-.TH DSA_do_sign 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_do_sign 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_dup_DH.3.orig
++++ secure/lib/libcrypto/man/DSA_dup_DH.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_dup_DH 3"
+-.TH DSA_dup_DH 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_dup_DH 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_generate_key.3.orig
++++ secure/lib/libcrypto/man/DSA_generate_key.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_generate_key 3"
+-.TH DSA_generate_key 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_generate_key 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_generate_parameters.3.orig
++++ secure/lib/libcrypto/man/DSA_generate_parameters.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_generate_parameters 3"
+-.TH DSA_generate_parameters 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_generate_parameters 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_get_ex_new_index.3.orig
++++ secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_get_ex_new_index 3"
+-.TH DSA_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_new.3.orig
++++ secure/lib/libcrypto/man/DSA_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_new 3"
+-.TH DSA_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_set_method.3.orig
++++ secure/lib/libcrypto/man/DSA_set_method.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_set_method 3"
+-.TH DSA_set_method 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_set_method 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_sign.3.orig
++++ secure/lib/libcrypto/man/DSA_sign.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_sign 3"
+-.TH DSA_sign 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_sign 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/DSA_size.3.orig
++++ secure/lib/libcrypto/man/DSA_size.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA_size 3"
+-.TH DSA_size 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA_size 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EC_GFp_simple_method.3.orig
++++ secure/lib/libcrypto/man/EC_GFp_simple_method.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC_GFp_simple_method 3"
+-.TH EC_GFp_simple_method 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC_GFp_simple_method 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EC_GROUP_copy.3.orig
++++ secure/lib/libcrypto/man/EC_GROUP_copy.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC_GROUP_copy 3"
+-.TH EC_GROUP_copy 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC_GROUP_copy 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EC_GROUP_new.3.orig
++++ secure/lib/libcrypto/man/EC_GROUP_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC_GROUP_new 3"
+-.TH EC_GROUP_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC_GROUP_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EC_KEY_new.3.orig
++++ secure/lib/libcrypto/man/EC_KEY_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC_KEY_new 3"
+-.TH EC_KEY_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC_KEY_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EC_POINT_add.3.orig
++++ secure/lib/libcrypto/man/EC_POINT_add.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC_POINT_add 3"
+-.TH EC_POINT_add 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC_POINT_add 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EC_POINT_new.3.orig
++++ secure/lib/libcrypto/man/EC_POINT_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC_POINT_new 3"
+-.TH EC_POINT_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC_POINT_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_GET_LIB.3.orig
++++ secure/lib/libcrypto/man/ERR_GET_LIB.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_GET_LIB 3"
+-.TH ERR_GET_LIB 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_GET_LIB 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_clear_error.3.orig
++++ secure/lib/libcrypto/man/ERR_clear_error.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_clear_error 3"
+-.TH ERR_clear_error 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_clear_error 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_error_string.3.orig
++++ secure/lib/libcrypto/man/ERR_error_string.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_error_string 3"
+-.TH ERR_error_string 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_error_string 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_get_error.3.orig
++++ secure/lib/libcrypto/man/ERR_get_error.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_get_error 3"
+-.TH ERR_get_error 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_get_error 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_load_crypto_strings.3.orig
++++ secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_load_crypto_strings 3"
+-.TH ERR_load_crypto_strings 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_load_crypto_strings 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_load_strings.3.orig
++++ secure/lib/libcrypto/man/ERR_load_strings.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_load_strings 3"
+-.TH ERR_load_strings 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_load_strings 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_print_errors.3.orig
++++ secure/lib/libcrypto/man/ERR_print_errors.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_print_errors 3"
+-.TH ERR_print_errors 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_print_errors 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_put_error.3.orig
++++ secure/lib/libcrypto/man/ERR_put_error.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_put_error 3"
+-.TH ERR_put_error 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_put_error 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_remove_state.3.orig
++++ secure/lib/libcrypto/man/ERR_remove_state.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_remove_state 3"
+-.TH ERR_remove_state 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_remove_state 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ERR_set_mark.3.orig
++++ secure/lib/libcrypto/man/ERR_set_mark.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERR_set_mark 3"
+-.TH ERR_set_mark 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERR_set_mark 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_BytesToKey.3.orig
++++ secure/lib/libcrypto/man/EVP_BytesToKey.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_BytesToKey 3"
+-.TH EVP_BytesToKey 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_BytesToKey 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_DigestInit.3.orig
++++ secure/lib/libcrypto/man/EVP_DigestInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_DigestInit 3"
+-.TH EVP_DigestInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_DigestInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_DigestSignInit.3.orig
++++ secure/lib/libcrypto/man/EVP_DigestSignInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_DigestSignInit 3"
+-.TH EVP_DigestSignInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_DigestSignInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_DigestVerifyInit.3.orig
++++ secure/lib/libcrypto/man/EVP_DigestVerifyInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_DigestVerifyInit 3"
+-.TH EVP_DigestVerifyInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_DigestVerifyInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_EncodeInit.3.orig
++++ secure/lib/libcrypto/man/EVP_EncodeInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_EncodeInit 3"
+-.TH EVP_EncodeInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_EncodeInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_EncryptInit.3.orig
++++ secure/lib/libcrypto/man/EVP_EncryptInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_EncryptInit 3"
+-.TH EVP_EncryptInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_EncryptInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_OpenInit.3.orig
++++ secure/lib/libcrypto/man/EVP_OpenInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_OpenInit 3"
+-.TH EVP_OpenInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_OpenInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_CTX_ctrl 3"
+-.TH EVP_PKEY_CTX_ctrl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_CTX_ctrl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_CTX_new 3"
+-.TH EVP_PKEY_CTX_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_CTX_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_cmp.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_cmp.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_cmp 3"
+-.TH EVP_PKEY_cmp 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_cmp 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_decrypt.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_decrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_decrypt 3"
+-.TH EVP_PKEY_decrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_decrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_derive.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_derive.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_derive 3"
+-.TH EVP_PKEY_derive 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_derive 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_encrypt.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_encrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_encrypt 3"
+-.TH EVP_PKEY_encrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_encrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_get_default_digest 3"
+-.TH EVP_PKEY_get_default_digest 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_get_default_digest 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_keygen.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_keygen.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_keygen 3"
+-.TH EVP_PKEY_keygen 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_keygen 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_new.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_new 3"
+-.TH EVP_PKEY_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_print_private.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_print_private.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_print_private 3"
+-.TH EVP_PKEY_print_private 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_print_private 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_set1_RSA 3"
+-.TH EVP_PKEY_set1_RSA 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_set1_RSA 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_sign.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_sign.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_sign 3"
+-.TH EVP_PKEY_sign 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_sign 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_verify.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_verify.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_verify 3"
+-.TH EVP_PKEY_verify 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_verify 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3.orig
++++ secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_PKEY_verify_recover 3"
+-.TH EVP_PKEY_verify_recover 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_PKEY_verify_recover 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_SealInit.3.orig
++++ secure/lib/libcrypto/man/EVP_SealInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_SealInit 3"
+-.TH EVP_SealInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_SealInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_SignInit.3.orig
++++ secure/lib/libcrypto/man/EVP_SignInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_SignInit 3"
+-.TH EVP_SignInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_SignInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/EVP_VerifyInit.3.orig
++++ secure/lib/libcrypto/man/EVP_VerifyInit.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EVP_VerifyInit 3"
+-.TH EVP_VerifyInit 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EVP_VerifyInit 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OBJ_nid2obj.3.orig
++++ secure/lib/libcrypto/man/OBJ_nid2obj.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OBJ_nid2obj 3"
+-.TH OBJ_nid2obj 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OBJ_nid2obj 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OPENSSL_Applink.3.orig
++++ secure/lib/libcrypto/man/OPENSSL_Applink.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL_Applink 3"
+-.TH OPENSSL_Applink 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL_Applink 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3.orig
++++ secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL_VERSION_NUMBER 3"
+-.TH OPENSSL_VERSION_NUMBER 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL_VERSION_NUMBER 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OPENSSL_config.3.orig
++++ secure/lib/libcrypto/man/OPENSSL_config.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL_config 3"
+-.TH OPENSSL_config 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL_config 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OPENSSL_ia32cap.3.orig
++++ secure/lib/libcrypto/man/OPENSSL_ia32cap.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL_ia32cap 3"
+-.TH OPENSSL_ia32cap 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL_ia32cap 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OPENSSL_instrument_bus.3.orig
++++ secure/lib/libcrypto/man/OPENSSL_instrument_bus.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL_instrument_bus 3"
+-.TH OPENSSL_instrument_bus 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL_instrument_bus 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3.orig
++++ secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL_load_builtin_modules 3"
+-.TH OPENSSL_load_builtin_modules 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL_load_builtin_modules 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3.orig
++++ secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OpenSSL_add_all_algorithms 3"
+-.TH OpenSSL_add_all_algorithms 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OpenSSL_add_all_algorithms 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3.orig
++++ secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PEM_write_bio_CMS_stream 3"
+-.TH PEM_write_bio_CMS_stream 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PEM_write_bio_CMS_stream 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3.orig
++++ secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PEM_write_bio_PKCS7_stream 3"
+-.TH PEM_write_bio_PKCS7_stream 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PEM_write_bio_PKCS7_stream 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS12_create.3.orig
++++ secure/lib/libcrypto/man/PKCS12_create.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS12_create 3"
+-.TH PKCS12_create 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS12_create 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS12_parse.3.orig
++++ secure/lib/libcrypto/man/PKCS12_parse.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS12_parse 3"
+-.TH PKCS12_parse 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS12_parse 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS7_decrypt.3.orig
++++ secure/lib/libcrypto/man/PKCS7_decrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS7_decrypt 3"
+-.TH PKCS7_decrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS7_decrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS7_encrypt.3.orig
++++ secure/lib/libcrypto/man/PKCS7_encrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS7_encrypt 3"
+-.TH PKCS7_encrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS7_encrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS7_sign.3.orig
++++ secure/lib/libcrypto/man/PKCS7_sign.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS7_sign 3"
+-.TH PKCS7_sign 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS7_sign 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS7_sign_add_signer.3.orig
++++ secure/lib/libcrypto/man/PKCS7_sign_add_signer.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS7_sign_add_signer 3"
+-.TH PKCS7_sign_add_signer 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS7_sign_add_signer 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/PKCS7_verify.3.orig
++++ secure/lib/libcrypto/man/PKCS7_verify.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS7_verify 3"
+-.TH PKCS7_verify 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS7_verify 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RAND_add.3.orig
++++ secure/lib/libcrypto/man/RAND_add.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND_add 3"
+-.TH RAND_add 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND_add 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RAND_bytes.3.orig
++++ secure/lib/libcrypto/man/RAND_bytes.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND_bytes 3"
+-.TH RAND_bytes 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND_bytes 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RAND_cleanup.3.orig
++++ secure/lib/libcrypto/man/RAND_cleanup.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND_cleanup 3"
+-.TH RAND_cleanup 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND_cleanup 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RAND_egd.3.orig
++++ secure/lib/libcrypto/man/RAND_egd.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND_egd 3"
+-.TH RAND_egd 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND_egd 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RAND_load_file.3.orig
++++ secure/lib/libcrypto/man/RAND_load_file.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND_load_file 3"
+-.TH RAND_load_file 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND_load_file 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RAND_set_rand_method.3.orig
++++ secure/lib/libcrypto/man/RAND_set_rand_method.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND_set_rand_method 3"
+-.TH RAND_set_rand_method 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND_set_rand_method 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_blinding_on.3.orig
++++ secure/lib/libcrypto/man/RSA_blinding_on.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_blinding_on 3"
+-.TH RSA_blinding_on 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_blinding_on 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_check_key.3.orig
++++ secure/lib/libcrypto/man/RSA_check_key.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_check_key 3"
+-.TH RSA_check_key 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_check_key 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_generate_key.3.orig
++++ secure/lib/libcrypto/man/RSA_generate_key.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_generate_key 3"
+-.TH RSA_generate_key 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_generate_key 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_get_ex_new_index.3.orig
++++ secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_get_ex_new_index 3"
+-.TH RSA_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_new.3.orig
++++ secure/lib/libcrypto/man/RSA_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_new 3"
+-.TH RSA_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3.orig
++++ secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_padding_add_PKCS1_type_1 3"
+-.TH RSA_padding_add_PKCS1_type_1 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_padding_add_PKCS1_type_1 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_print.3.orig
++++ secure/lib/libcrypto/man/RSA_print.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_print 3"
+-.TH RSA_print 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_print 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_private_encrypt.3.orig
++++ secure/lib/libcrypto/man/RSA_private_encrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_private_encrypt 3"
+-.TH RSA_private_encrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_private_encrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_public_encrypt.3.orig
++++ secure/lib/libcrypto/man/RSA_public_encrypt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_public_encrypt 3"
+-.TH RSA_public_encrypt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_public_encrypt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_set_method.3.orig
++++ secure/lib/libcrypto/man/RSA_set_method.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_set_method 3"
+-.TH RSA_set_method 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_set_method 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_sign.3.orig
++++ secure/lib/libcrypto/man/RSA_sign.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_sign 3"
+-.TH RSA_sign 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_sign 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3.orig
++++ secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+-.TH RSA_sign_ASN1_OCTET_STRING 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_sign_ASN1_OCTET_STRING 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/RSA_size.3.orig
++++ secure/lib/libcrypto/man/RSA_size.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA_size 3"
+-.TH RSA_size 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA_size 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/SMIME_read_CMS.3.orig
++++ secure/lib/libcrypto/man/SMIME_read_CMS.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SMIME_read_CMS 3"
+-.TH SMIME_read_CMS 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SMIME_read_CMS 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/SMIME_read_PKCS7.3.orig
++++ secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SMIME_read_PKCS7 3"
+-.TH SMIME_read_PKCS7 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SMIME_read_PKCS7 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/SMIME_write_CMS.3.orig
++++ secure/lib/libcrypto/man/SMIME_write_CMS.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SMIME_write_CMS 3"
+-.TH SMIME_write_CMS 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SMIME_write_CMS 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/SMIME_write_PKCS7.3.orig
++++ secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SMIME_write_PKCS7 3"
+-.TH SMIME_write_PKCS7 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SMIME_write_PKCS7 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3.orig
++++ secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_NAME_ENTRY_get_object 3"
+-.TH X509_NAME_ENTRY_get_object 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_NAME_ENTRY_get_object 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3.orig
++++ secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_NAME_add_entry_by_txt 3"
+-.TH X509_NAME_add_entry_by_txt 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_NAME_add_entry_by_txt 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3.orig
++++ secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_NAME_get_index_by_NID 3"
+-.TH X509_NAME_get_index_by_NID 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_NAME_get_index_by_NID 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_NAME_print_ex.3.orig
++++ secure/lib/libcrypto/man/X509_NAME_print_ex.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_NAME_print_ex 3"
+-.TH X509_NAME_print_ex 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_NAME_print_ex 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3.orig
++++ secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_STORE_CTX_get_error 3"
+-.TH X509_STORE_CTX_get_error 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_STORE_CTX_get_error 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3.orig
++++ secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_STORE_CTX_get_ex_new_index 3"
+-.TH X509_STORE_CTX_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_STORE_CTX_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_STORE_CTX_new.3.orig
++++ secure/lib/libcrypto/man/X509_STORE_CTX_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_STORE_CTX_new 3"
+-.TH X509_STORE_CTX_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_STORE_CTX_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3.orig
++++ secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_STORE_CTX_set_verify_cb 3"
+-.TH X509_STORE_CTX_set_verify_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_STORE_CTX_set_verify_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3.orig
++++ secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_STORE_set_verify_cb_func 3"
+-.TH X509_STORE_set_verify_cb_func 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_STORE_set_verify_cb_func 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3.orig
++++ secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_VERIFY_PARAM_set_flags 3"
+-.TH X509_VERIFY_PARAM_set_flags 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_VERIFY_PARAM_set_flags 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_check_host.3.orig
++++ secure/lib/libcrypto/man/X509_check_host.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_check_host 3"
+-.TH X509_check_host 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_check_host 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_new.3.orig
++++ secure/lib/libcrypto/man/X509_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_new 3"
+-.TH X509_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/X509_verify_cert.3.orig
++++ secure/lib/libcrypto/man/X509_verify_cert.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509_verify_cert 3"
+-.TH X509_verify_cert 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509_verify_cert 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/bio.3.orig
++++ secure/lib/libcrypto/man/bio.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "bio 3"
+-.TH bio 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH bio 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/blowfish.3.orig
++++ secure/lib/libcrypto/man/blowfish.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "blowfish 3"
+-.TH blowfish 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH blowfish 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/bn.3.orig
++++ secure/lib/libcrypto/man/bn.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "bn 3"
+-.TH bn 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH bn 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/bn_internal.3.orig
++++ secure/lib/libcrypto/man/bn_internal.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "bn_internal 3"
+-.TH bn_internal 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH bn_internal 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/buffer.3.orig
++++ secure/lib/libcrypto/man/buffer.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "buffer 3"
+-.TH buffer 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH buffer 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/crypto.3.orig
++++ secure/lib/libcrypto/man/crypto.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "crypto 3"
+-.TH crypto 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH crypto 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3.orig
++++ secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_ASN1_OBJECT 3"
+-.TH d2i_ASN1_OBJECT 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_ASN1_OBJECT 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3.orig
++++ secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_CMS_ContentInfo 3"
+-.TH d2i_CMS_ContentInfo 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_CMS_ContentInfo 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_DHparams.3.orig
++++ secure/lib/libcrypto/man/d2i_DHparams.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_DHparams 3"
+-.TH d2i_DHparams 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_DHparams 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_DSAPublicKey.3.orig
++++ secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_DSAPublicKey 3"
+-.TH d2i_DSAPublicKey 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_DSAPublicKey 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_ECPKParameters.3.orig
++++ secure/lib/libcrypto/man/d2i_ECPKParameters.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_ECPKParameters 3"
+-.TH d2i_ECPKParameters 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_ECPKParameters 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_ECPrivateKey.3.orig
++++ secure/lib/libcrypto/man/d2i_ECPrivateKey.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_ECPrivateKey 3"
+-.TH d2i_ECPrivateKey 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_ECPrivateKey 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3.orig
++++ secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_PKCS8PrivateKey 3"
+-.TH d2i_PKCS8PrivateKey 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_PKCS8PrivateKey 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_PrivateKey.3.orig
++++ secure/lib/libcrypto/man/d2i_PrivateKey.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_PrivateKey 3"
+-.TH d2i_PrivateKey 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_PrivateKey 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_RSAPublicKey.3.orig
++++ secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_RSAPublicKey 3"
+-.TH d2i_RSAPublicKey 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_RSAPublicKey 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_X509.3.orig
++++ secure/lib/libcrypto/man/d2i_X509.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_X509 3"
+-.TH d2i_X509 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_X509 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_X509_ALGOR.3.orig
++++ secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_X509_ALGOR 3"
+-.TH d2i_X509_ALGOR 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_X509_ALGOR 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_X509_CRL.3.orig
++++ secure/lib/libcrypto/man/d2i_X509_CRL.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_X509_CRL 3"
+-.TH d2i_X509_CRL 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_X509_CRL 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_X509_NAME.3.orig
++++ secure/lib/libcrypto/man/d2i_X509_NAME.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_X509_NAME 3"
+-.TH d2i_X509_NAME 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_X509_NAME 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_X509_REQ.3.orig
++++ secure/lib/libcrypto/man/d2i_X509_REQ.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_X509_REQ 3"
+-.TH d2i_X509_REQ 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_X509_REQ 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/d2i_X509_SIG.3.orig
++++ secure/lib/libcrypto/man/d2i_X509_SIG.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_X509_SIG 3"
+-.TH d2i_X509_SIG 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_X509_SIG 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/des.3.orig
++++ secure/lib/libcrypto/man/des.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "des 3"
+-.TH des 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH des 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/dh.3.orig
++++ secure/lib/libcrypto/man/dh.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "dh 3"
+-.TH dh 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH dh 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/dsa.3.orig
++++ secure/lib/libcrypto/man/dsa.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "dsa 3"
+-.TH dsa 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH dsa 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ec.3.orig
++++ secure/lib/libcrypto/man/ec.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ec 3"
+-.TH ec 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ec 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ecdsa.3.orig
++++ secure/lib/libcrypto/man/ecdsa.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ecdsa 3"
+-.TH ecdsa 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ecdsa 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/engine.3.orig
++++ secure/lib/libcrypto/man/engine.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "engine 3"
+-.TH engine 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH engine 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/err.3.orig
++++ secure/lib/libcrypto/man/err.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "err 3"
+-.TH err 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH err 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/evp.3.orig
++++ secure/lib/libcrypto/man/evp.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "evp 3"
+-.TH evp 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH evp 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/hmac.3.orig
++++ secure/lib/libcrypto/man/hmac.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "hmac 3"
+-.TH hmac 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH hmac 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/i2d_CMS_bio_stream.3.orig
++++ secure/lib/libcrypto/man/i2d_CMS_bio_stream.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "i2d_CMS_bio_stream 3"
+-.TH i2d_CMS_bio_stream 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH i2d_CMS_bio_stream 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3.orig
++++ secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "i2d_PKCS7_bio_stream 3"
+-.TH i2d_PKCS7_bio_stream 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH i2d_PKCS7_bio_stream 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/lh_stats.3.orig
++++ secure/lib/libcrypto/man/lh_stats.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "lh_stats 3"
+-.TH lh_stats 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH lh_stats 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/lhash.3.orig
++++ secure/lib/libcrypto/man/lhash.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "lhash 3"
+-.TH lhash 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH lhash 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/md5.3.orig
++++ secure/lib/libcrypto/man/md5.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "md5 3"
+-.TH md5 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH md5 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/mdc2.3.orig
++++ secure/lib/libcrypto/man/mdc2.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "mdc2 3"
+-.TH mdc2 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH mdc2 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/pem.3.orig
++++ secure/lib/libcrypto/man/pem.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "pem 3"
+-.TH pem 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH pem 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/rand.3.orig
++++ secure/lib/libcrypto/man/rand.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "rand 3"
+-.TH rand 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH rand 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/rc4.3.orig
++++ secure/lib/libcrypto/man/rc4.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "rc4 3"
+-.TH rc4 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH rc4 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ripemd.3.orig
++++ secure/lib/libcrypto/man/ripemd.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ripemd 3"
+-.TH ripemd 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ripemd 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/rsa.3.orig
++++ secure/lib/libcrypto/man/rsa.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "rsa 3"
+-.TH rsa 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH rsa 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/sha.3.orig
++++ secure/lib/libcrypto/man/sha.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "sha 3"
+-.TH sha 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH sha 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/threads.3.orig
++++ secure/lib/libcrypto/man/threads.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "threads 3"
+-.TH threads 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH threads 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ui.3.orig
++++ secure/lib/libcrypto/man/ui.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ui 3"
+-.TH ui 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ui 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/ui_compat.3.orig
++++ secure/lib/libcrypto/man/ui_compat.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ui_compat 3"
+-.TH ui_compat 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ui_compat 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/man/x509.3.orig
++++ secure/lib/libcrypto/man/x509.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "x509 3"
+-.TH x509 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH x509 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libcrypto/Makefile.inc.orig
++++ secure/lib/libcrypto/Makefile.inc
+@@ -3,8 +3,8 @@
+ .include <bsd.own.mk>
+ 
+ # OpenSSL version used for manual page generation
+-OPENSSL_VER=	1.0.2i
+-OPENSSL_DATE=	2016-09-22
++OPENSSL_VER=	1.0.2j
++OPENSSL_DATE=	2016-09-26
+ 
+ LCRYPTO_SRC=	${.CURDIR}/../../../crypto/openssl
+ LCRYPTO_DOC=	${LCRYPTO_SRC}/doc
+--- secure/lib/libssl/man/SSL_CIPHER_get_name.3.orig
++++ secure/lib/libssl/man/SSL_CIPHER_get_name.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CIPHER_get_name 3"
+-.TH SSL_CIPHER_get_name 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CIPHER_get_name 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_COMP_add_compression_method.3.orig
++++ secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_COMP_add_compression_method 3"
+-.TH SSL_COMP_add_compression_method 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_COMP_add_compression_method 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CONF_CTX_new.3.orig
++++ secure/lib/libssl/man/SSL_CONF_CTX_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CONF_CTX_new 3"
+-.TH SSL_CONF_CTX_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CONF_CTX_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3.orig
++++ secure/lib/libssl/man/SSL_CONF_CTX_set1_prefix.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CONF_CTX_set1_prefix 3"
+-.TH SSL_CONF_CTX_set1_prefix 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CONF_CTX_set1_prefix 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3.orig
++++ secure/lib/libssl/man/SSL_CONF_CTX_set_flags.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CONF_CTX_set_flags 3"
+-.TH SSL_CONF_CTX_set_flags 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CONF_CTX_set_flags 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3.orig
++++ secure/lib/libssl/man/SSL_CONF_CTX_set_ssl_ctx.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CONF_CTX_set_ssl_ctx 3"
+-.TH SSL_CONF_CTX_set_ssl_ctx 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CONF_CTX_set_ssl_ctx 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CONF_cmd.3.orig
++++ secure/lib/libssl/man/SSL_CONF_cmd.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CONF_cmd 3"
+-.TH SSL_CONF_cmd 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CONF_cmd 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CONF_cmd_argv.3.orig
++++ secure/lib/libssl/man/SSL_CONF_cmd_argv.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CONF_cmd_argv 3"
+-.TH SSL_CONF_cmd_argv 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CONF_cmd_argv 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3.orig
++++ secure/lib/libssl/man/SSL_CTX_add1_chain_cert.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_add1_chain_cert 3"
+-.TH SSL_CTX_add1_chain_cert 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_add1_chain_cert 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3.orig
++++ secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_add_extra_chain_cert 3"
+-.TH SSL_CTX_add_extra_chain_cert 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_add_extra_chain_cert 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_add_session.3.orig
++++ secure/lib/libssl/man/SSL_CTX_add_session.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_add_session 3"
+-.TH SSL_CTX_add_session 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_add_session 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_ctrl.3.orig
++++ secure/lib/libssl/man/SSL_CTX_ctrl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_ctrl 3"
+-.TH SSL_CTX_ctrl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_ctrl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_flush_sessions.3.orig
++++ secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_flush_sessions 3"
+-.TH SSL_CTX_flush_sessions 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_flush_sessions 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_free.3.orig
++++ secure/lib/libssl/man/SSL_CTX_free.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_free 3"
+-.TH SSL_CTX_free 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_free 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_get0_param.3.orig
++++ secure/lib/libssl/man/SSL_CTX_get0_param.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_get0_param 3"
+-.TH SSL_CTX_get0_param 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_get0_param 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3.orig
++++ secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_get_ex_new_index 3"
+-.TH SSL_CTX_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_get_verify_mode.3.orig
++++ secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_get_verify_mode 3"
+-.TH SSL_CTX_get_verify_mode 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_get_verify_mode 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_load_verify_locations.3.orig
++++ secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_load_verify_locations 3"
+-.TH SSL_CTX_load_verify_locations 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_load_verify_locations 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_new.3.orig
++++ secure/lib/libssl/man/SSL_CTX_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_new 3"
+-.TH SSL_CTX_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_sess_number.3.orig
++++ secure/lib/libssl/man/SSL_CTX_sess_number.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_sess_number 3"
+-.TH SSL_CTX_sess_number 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_sess_number 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3.orig
++++ secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_sess_set_cache_size 3"
+-.TH SSL_CTX_sess_set_cache_size 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_sess_set_cache_size 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_sess_set_get_cb 3"
+-.TH SSL_CTX_sess_set_get_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_sess_set_get_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_sessions.3.orig
++++ secure/lib/libssl/man/SSL_CTX_sessions.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_sessions 3"
+-.TH SSL_CTX_sessions 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_sessions 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set1_curves.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set1_curves.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set1_curves 3"
+-.TH SSL_CTX_set1_curves 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set1_curves 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set1_verify_cert_store.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set1_verify_cert_store 3"
+-.TH SSL_CTX_set1_verify_cert_store 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set1_verify_cert_store 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_alpn_select_cb 3"
+-.TH SSL_CTX_set_alpn_select_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_alpn_select_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_cert_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_cert_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_cert_cb 3"
+-.TH SSL_CTX_set_cert_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_cert_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_cert_store.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_cert_store 3"
+-.TH SSL_CTX_set_cert_store 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_cert_store 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_cert_verify_callback 3"
+-.TH SSL_CTX_set_cert_verify_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_cert_verify_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_cipher_list.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_cipher_list 3"
+-.TH SSL_CTX_set_cipher_list 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_cipher_list 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_client_CA_list 3"
+-.TH SSL_CTX_set_client_CA_list 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_client_CA_list 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_client_cert_cb 3"
+-.TH SSL_CTX_set_client_cert_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_client_cert_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_custom_cli_ext.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_custom_cli_ext 3"
+-.TH SSL_CTX_set_custom_cli_ext 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_custom_cli_ext 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_default_passwd_cb 3"
+-.TH SSL_CTX_set_default_passwd_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_default_passwd_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_generate_session_id 3"
+-.TH SSL_CTX_set_generate_session_id 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_generate_session_id 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_info_callback.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_info_callback 3"
+-.TH SSL_CTX_set_info_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_info_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_max_cert_list 3"
+-.TH SSL_CTX_set_max_cert_list 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_max_cert_list 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_mode.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_mode.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_mode 3"
+-.TH SSL_CTX_set_mode 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_mode 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_msg_callback.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_msg_callback 3"
+-.TH SSL_CTX_set_msg_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_msg_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_options.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_options.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_options 3"
+-.TH SSL_CTX_set_options 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_options 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_psk_client_callback 3"
+-.TH SSL_CTX_set_psk_client_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_psk_client_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_quiet_shutdown 3"
+-.TH SSL_CTX_set_quiet_shutdown 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_quiet_shutdown 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_read_ahead.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_read_ahead.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_read_ahead 3"
+-.TH SSL_CTX_set_read_ahead 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_read_ahead 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_session_cache_mode 3"
+-.TH SSL_CTX_set_session_cache_mode 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_session_cache_mode 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_session_id_context.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_session_id_context 3"
+-.TH SSL_CTX_set_session_id_context 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_session_id_context 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_ssl_version.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_ssl_version 3"
+-.TH SSL_CTX_set_ssl_version 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_ssl_version 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_timeout.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_timeout.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_timeout 3"
+-.TH SSL_CTX_set_timeout 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_timeout 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_tlsext_status_cb 3"
+-.TH SSL_CTX_set_tlsext_status_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_tlsext_status_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_tlsext_ticket_key_cb 3"
+-.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_tlsext_ticket_key_cb 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+-.TH SSL_CTX_set_tmp_dh_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_tmp_dh_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+-.TH SSL_CTX_set_tmp_rsa_callback 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_tmp_rsa_callback 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_set_verify.3.orig
++++ secure/lib/libssl/man/SSL_CTX_set_verify.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_set_verify 3"
+-.TH SSL_CTX_set_verify 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_set_verify 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_use_certificate.3.orig
++++ secure/lib/libssl/man/SSL_CTX_use_certificate.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_use_certificate 3"
+-.TH SSL_CTX_use_certificate 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_use_certificate 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3.orig
++++ secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_use_psk_identity_hint 3"
+-.TH SSL_CTX_use_psk_identity_hint 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_use_psk_identity_hint 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_CTX_use_serverinfo.3.orig
++++ secure/lib/libssl/man/SSL_CTX_use_serverinfo.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_CTX_use_serverinfo 3"
+-.TH SSL_CTX_use_serverinfo 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_CTX_use_serverinfo 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_SESSION_free.3.orig
++++ secure/lib/libssl/man/SSL_SESSION_free.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_SESSION_free 3"
+-.TH SSL_SESSION_free 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_SESSION_free 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3.orig
++++ secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_SESSION_get_ex_new_index 3"
+-.TH SSL_SESSION_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_SESSION_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_SESSION_get_time.3.orig
++++ secure/lib/libssl/man/SSL_SESSION_get_time.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_SESSION_get_time 3"
+-.TH SSL_SESSION_get_time 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_SESSION_get_time 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_accept.3.orig
++++ secure/lib/libssl/man/SSL_accept.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_accept 3"
+-.TH SSL_accept 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_accept 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_alert_type_string.3.orig
++++ secure/lib/libssl/man/SSL_alert_type_string.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_alert_type_string 3"
+-.TH SSL_alert_type_string 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_alert_type_string 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_check_chain.3.orig
++++ secure/lib/libssl/man/SSL_check_chain.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_check_chain 3"
+-.TH SSL_check_chain 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_check_chain 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_clear.3.orig
++++ secure/lib/libssl/man/SSL_clear.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_clear 3"
+-.TH SSL_clear 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_clear 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_connect.3.orig
++++ secure/lib/libssl/man/SSL_connect.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_connect 3"
+-.TH SSL_connect 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_connect 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_do_handshake.3.orig
++++ secure/lib/libssl/man/SSL_do_handshake.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_do_handshake 3"
+-.TH SSL_do_handshake 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_do_handshake 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_free.3.orig
++++ secure/lib/libssl/man/SSL_free.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_free 3"
+-.TH SSL_free 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_free 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_SSL_CTX.3.orig
++++ secure/lib/libssl/man/SSL_get_SSL_CTX.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_SSL_CTX 3"
+-.TH SSL_get_SSL_CTX 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_SSL_CTX 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_ciphers.3.orig
++++ secure/lib/libssl/man/SSL_get_ciphers.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_ciphers 3"
+-.TH SSL_get_ciphers 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_ciphers 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_client_CA_list.3.orig
++++ secure/lib/libssl/man/SSL_get_client_CA_list.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_client_CA_list 3"
+-.TH SSL_get_client_CA_list 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_client_CA_list 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_current_cipher.3.orig
++++ secure/lib/libssl/man/SSL_get_current_cipher.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_current_cipher 3"
+-.TH SSL_get_current_cipher 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_current_cipher 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_default_timeout.3.orig
++++ secure/lib/libssl/man/SSL_get_default_timeout.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_default_timeout 3"
+-.TH SSL_get_default_timeout 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_default_timeout 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_error.3.orig
++++ secure/lib/libssl/man/SSL_get_error.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_error 3"
+-.TH SSL_get_error 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_error 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3.orig
++++ secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+-.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_ex_new_index.3.orig
++++ secure/lib/libssl/man/SSL_get_ex_new_index.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_ex_new_index 3"
+-.TH SSL_get_ex_new_index 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_ex_new_index 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_fd.3.orig
++++ secure/lib/libssl/man/SSL_get_fd.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_fd 3"
+-.TH SSL_get_fd 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_fd 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_peer_cert_chain.3.orig
++++ secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_peer_cert_chain 3"
+-.TH SSL_get_peer_cert_chain 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_peer_cert_chain 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_peer_certificate.3.orig
++++ secure/lib/libssl/man/SSL_get_peer_certificate.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_peer_certificate 3"
+-.TH SSL_get_peer_certificate 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_peer_certificate 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_psk_identity.3.orig
++++ secure/lib/libssl/man/SSL_get_psk_identity.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_psk_identity 3"
+-.TH SSL_get_psk_identity 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_psk_identity 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_rbio.3.orig
++++ secure/lib/libssl/man/SSL_get_rbio.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_rbio 3"
+-.TH SSL_get_rbio 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_rbio 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_session.3.orig
++++ secure/lib/libssl/man/SSL_get_session.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_session 3"
+-.TH SSL_get_session 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_session 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_verify_result.3.orig
++++ secure/lib/libssl/man/SSL_get_verify_result.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_verify_result 3"
+-.TH SSL_get_verify_result 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_verify_result 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_get_version.3.orig
++++ secure/lib/libssl/man/SSL_get_version.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_get_version 3"
+-.TH SSL_get_version 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_get_version 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_library_init.3.orig
++++ secure/lib/libssl/man/SSL_library_init.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_library_init 3"
+-.TH SSL_library_init 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_library_init 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_load_client_CA_file.3.orig
++++ secure/lib/libssl/man/SSL_load_client_CA_file.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_load_client_CA_file 3"
+-.TH SSL_load_client_CA_file 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_load_client_CA_file 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_new.3.orig
++++ secure/lib/libssl/man/SSL_new.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_new 3"
+-.TH SSL_new 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_new 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_pending.3.orig
++++ secure/lib/libssl/man/SSL_pending.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_pending 3"
+-.TH SSL_pending 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_pending 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_read.3.orig
++++ secure/lib/libssl/man/SSL_read.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_read 3"
+-.TH SSL_read 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_read 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_rstate_string.3.orig
++++ secure/lib/libssl/man/SSL_rstate_string.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_rstate_string 3"
+-.TH SSL_rstate_string 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_rstate_string 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_session_reused.3.orig
++++ secure/lib/libssl/man/SSL_session_reused.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_session_reused 3"
+-.TH SSL_session_reused 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_session_reused 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_set_bio.3.orig
++++ secure/lib/libssl/man/SSL_set_bio.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_set_bio 3"
+-.TH SSL_set_bio 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_set_bio 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_set_connect_state.3.orig
++++ secure/lib/libssl/man/SSL_set_connect_state.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_set_connect_state 3"
+-.TH SSL_set_connect_state 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_set_connect_state 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_set_fd.3.orig
++++ secure/lib/libssl/man/SSL_set_fd.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_set_fd 3"
+-.TH SSL_set_fd 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_set_fd 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_set_session.3.orig
++++ secure/lib/libssl/man/SSL_set_session.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_set_session 3"
+-.TH SSL_set_session 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_set_session 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_set_shutdown.3.orig
++++ secure/lib/libssl/man/SSL_set_shutdown.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_set_shutdown 3"
+-.TH SSL_set_shutdown 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_set_shutdown 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_set_verify_result.3.orig
++++ secure/lib/libssl/man/SSL_set_verify_result.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_set_verify_result 3"
+-.TH SSL_set_verify_result 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_set_verify_result 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_shutdown.3.orig
++++ secure/lib/libssl/man/SSL_shutdown.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_shutdown 3"
+-.TH SSL_shutdown 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_shutdown 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_state_string.3.orig
++++ secure/lib/libssl/man/SSL_state_string.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_state_string 3"
+-.TH SSL_state_string 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_state_string 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_want.3.orig
++++ secure/lib/libssl/man/SSL_want.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_want 3"
+-.TH SSL_want 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_want 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/SSL_write.3.orig
++++ secure/lib/libssl/man/SSL_write.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SSL_write 3"
+-.TH SSL_write 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SSL_write 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/d2i_SSL_SESSION.3.orig
++++ secure/lib/libssl/man/d2i_SSL_SESSION.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "d2i_SSL_SESSION 3"
+-.TH d2i_SSL_SESSION 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH d2i_SSL_SESSION 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/lib/libssl/man/ssl.3.orig
++++ secure/lib/libssl/man/ssl.3
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ssl 3"
+-.TH ssl 3 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ssl 3 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/CA.pl.1.orig
++++ secure/usr.bin/openssl/man/CA.pl.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CA.PL 1"
+-.TH CA.PL 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CA.PL 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/asn1parse.1.orig
++++ secure/usr.bin/openssl/man/asn1parse.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ASN1PARSE 1"
+-.TH ASN1PARSE 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ASN1PARSE 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/c_rehash.1.orig
++++ secure/usr.bin/openssl/man/c_rehash.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "C_REHASH 1"
+-.TH C_REHASH 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH C_REHASH 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/ca.1.orig
++++ secure/usr.bin/openssl/man/ca.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CA 1"
+-.TH CA 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CA 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/ciphers.1.orig
++++ secure/usr.bin/openssl/man/ciphers.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CIPHERS 1"
+-.TH CIPHERS 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CIPHERS 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/cms.1.orig
++++ secure/usr.bin/openssl/man/cms.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CMS 1"
+-.TH CMS 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CMS 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/crl.1.orig
++++ secure/usr.bin/openssl/man/crl.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CRL 1"
+-.TH CRL 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CRL 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/crl2pkcs7.1.orig
++++ secure/usr.bin/openssl/man/crl2pkcs7.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "CRL2PKCS7 1"
+-.TH CRL2PKCS7 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH CRL2PKCS7 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/dgst.1.orig
++++ secure/usr.bin/openssl/man/dgst.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DGST 1"
+-.TH DGST 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DGST 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/dhparam.1.orig
++++ secure/usr.bin/openssl/man/dhparam.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DHPARAM 1"
+-.TH DHPARAM 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DHPARAM 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/dsa.1.orig
++++ secure/usr.bin/openssl/man/dsa.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSA 1"
+-.TH DSA 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSA 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/dsaparam.1.orig
++++ secure/usr.bin/openssl/man/dsaparam.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "DSAPARAM 1"
+-.TH DSAPARAM 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH DSAPARAM 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/ec.1.orig
++++ secure/usr.bin/openssl/man/ec.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "EC 1"
+-.TH EC 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH EC 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/ecparam.1.orig
++++ secure/usr.bin/openssl/man/ecparam.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ECPARAM 1"
+-.TH ECPARAM 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ECPARAM 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/enc.1.orig
++++ secure/usr.bin/openssl/man/enc.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ENC 1"
+-.TH ENC 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ENC 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/errstr.1.orig
++++ secure/usr.bin/openssl/man/errstr.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "ERRSTR 1"
+-.TH ERRSTR 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH ERRSTR 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/gendsa.1.orig
++++ secure/usr.bin/openssl/man/gendsa.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "GENDSA 1"
+-.TH GENDSA 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH GENDSA 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/genpkey.1.orig
++++ secure/usr.bin/openssl/man/genpkey.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "GENPKEY 1"
+-.TH GENPKEY 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH GENPKEY 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/genrsa.1.orig
++++ secure/usr.bin/openssl/man/genrsa.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "GENRSA 1"
+-.TH GENRSA 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH GENRSA 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/nseq.1.orig
++++ secure/usr.bin/openssl/man/nseq.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "NSEQ 1"
+-.TH NSEQ 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH NSEQ 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/ocsp.1.orig
++++ secure/usr.bin/openssl/man/ocsp.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OCSP 1"
+-.TH OCSP 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OCSP 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/openssl.1.orig
++++ secure/usr.bin/openssl/man/openssl.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "OPENSSL 1"
+-.TH OPENSSL 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH OPENSSL 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/passwd.1.orig
++++ secure/usr.bin/openssl/man/passwd.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PASSWD 1"
+-.TH PASSWD 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PASSWD 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/pkcs12.1.orig
++++ secure/usr.bin/openssl/man/pkcs12.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS12 1"
+-.TH PKCS12 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS12 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/pkcs7.1.orig
++++ secure/usr.bin/openssl/man/pkcs7.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS7 1"
+-.TH PKCS7 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS7 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/pkcs8.1.orig
++++ secure/usr.bin/openssl/man/pkcs8.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKCS8 1"
+-.TH PKCS8 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKCS8 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/pkey.1.orig
++++ secure/usr.bin/openssl/man/pkey.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKEY 1"
+-.TH PKEY 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKEY 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/pkeyparam.1.orig
++++ secure/usr.bin/openssl/man/pkeyparam.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKEYPARAM 1"
+-.TH PKEYPARAM 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKEYPARAM 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/pkeyutl.1.orig
++++ secure/usr.bin/openssl/man/pkeyutl.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "PKEYUTL 1"
+-.TH PKEYUTL 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH PKEYUTL 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/rand.1.orig
++++ secure/usr.bin/openssl/man/rand.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RAND 1"
+-.TH RAND 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RAND 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/req.1.orig
++++ secure/usr.bin/openssl/man/req.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "REQ 1"
+-.TH REQ 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH REQ 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/rsa.1.orig
++++ secure/usr.bin/openssl/man/rsa.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSA 1"
+-.TH RSA 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSA 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/rsautl.1.orig
++++ secure/usr.bin/openssl/man/rsautl.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "RSAUTL 1"
+-.TH RSAUTL 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH RSAUTL 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/s_client.1.orig
++++ secure/usr.bin/openssl/man/s_client.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "S_CLIENT 1"
+-.TH S_CLIENT 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH S_CLIENT 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/s_server.1.orig
++++ secure/usr.bin/openssl/man/s_server.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "S_SERVER 1"
+-.TH S_SERVER 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH S_SERVER 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/s_time.1.orig
++++ secure/usr.bin/openssl/man/s_time.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "S_TIME 1"
+-.TH S_TIME 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH S_TIME 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/sess_id.1.orig
++++ secure/usr.bin/openssl/man/sess_id.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SESS_ID 1"
+-.TH SESS_ID 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SESS_ID 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/smime.1.orig
++++ secure/usr.bin/openssl/man/smime.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SMIME 1"
+-.TH SMIME 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SMIME 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/speed.1.orig
++++ secure/usr.bin/openssl/man/speed.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SPEED 1"
+-.TH SPEED 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SPEED 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/spkac.1.orig
++++ secure/usr.bin/openssl/man/spkac.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "SPKAC 1"
+-.TH SPKAC 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH SPKAC 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/ts.1.orig
++++ secure/usr.bin/openssl/man/ts.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "TS 1"
+-.TH TS 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH TS 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/tsget.1.orig
++++ secure/usr.bin/openssl/man/tsget.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "TSGET 1"
+-.TH TSGET 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH TSGET 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/verify.1.orig
++++ secure/usr.bin/openssl/man/verify.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "VERIFY 1"
+-.TH VERIFY 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH VERIFY 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/version.1.orig
++++ secure/usr.bin/openssl/man/version.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "VERSION 1"
+-.TH VERSION 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH VERSION 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/x509.1.orig
++++ secure/usr.bin/openssl/man/x509.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509 1"
+-.TH X509 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- secure/usr.bin/openssl/man/x509v3_config.1.orig
++++ secure/usr.bin/openssl/man/x509v3_config.1
+@@ -133,7 +133,7 @@
+ .\" ========================================================================
+ .\"
+ .IX Title "X509V3_CONFIG 1"
+-.TH X509V3_CONFIG 1 "2016-09-22" "1.0.2i" "OpenSSL"
++.TH X509V3_CONFIG 1 "2016-09-26" "1.0.2j" "OpenSSL"
+ .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
+ .\" way too many mistakes in technical documents.
+ .if n .ad l
+--- ..orig
++++ .
+   Merged /head:r306342

Property changes on: head/share/security/patches/SA-16:27/openssl.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:27/openssl.patch.asc
===================================================================
--- head/share/security/patches/SA-16:27/openssl.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:27/openssl.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PkAAoJEO1n7NZdz2rnOOwQAOezEOJdnLrlHHKfQhX2MZ2x
+GL8VmX3mIzWUBt8nU/aS1ApM/l5Oiiiw0qGmO0PbjDKzEsrnzoudAlOXYA6S42GX
+koFAFhGtdza1hfzEUfqCit6yzK+JlSLBFXnezmZzUmM/RipJig6mJGbbrh3avxPL
+sAvbe893bQ/5zOu72KdK4CrfpNgeGC4vGvVuTag24rNjRS/X9FTxt1Dg+snvXaec
+IZfp/ar8ZAdWGQzmkLbSl0Ac3x5WWh7I9TSs0a+o9fMK36jgor7lMzTLMrkJ8Jh1
+IqrWktNL5BDOyAROHEmdhbQiXNeRljJTGrg9Fkjacmj7PqrjbVNzwqCCqmn1Dr1I
+9u3++EOJf4AK6cKZ2dAqhbxoKB+q4N6SDiSnm5Gspr/et6LJqlsEiaf+8evVpvRY
+jnhdykgf5dgmwMl39FWM4+4Yy8R0XusmlHhh6fiivaAidUhzExsfokGndzhF6nYc
+Dys/hVhi3GGg1QejCNck/yHH8ikVEuUFq2pObpDDObS771QQ/wJ6HtHhXMxEsHjg
+aXLLmpPrP1ZHrRkcdS5xFeRDgmlGJe+Yoxsw4aqJPsj/kfjIZzeIyD6yfFYsnZzj
+R+x1ZuVbb8OkKvm1fhZojEzWROL6dcT4CYUahqLaxn2G5bzht1HSaehOy7/0EOHR
+HQw0gDrKNjf/vCtN4v9a
+=5Xq6
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:27/openssl.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:28/bind.patch
===================================================================
--- head/share/security/patches/SA-16:28/bind.patch	(nonexistent)
+++ head/share/security/patches/SA-16:28/bind.patch	(revision 49477)
@@ -0,0 +1,87 @@
+--- contrib/bind9/lib/dns/message.c.orig
++++ contrib/bind9/lib/dns/message.c
+@@ -1736,7 +1736,7 @@
+ 	if (r.length < DNS_MESSAGE_HEADERLEN)
+ 		return (ISC_R_NOSPACE);
+ 
+-	if (r.length < msg->reserved)
++	if (r.length - DNS_MESSAGE_HEADERLEN < msg->reserved)
+ 		return (ISC_R_NOSPACE);
+ 
+ 	/*
+@@ -1863,8 +1863,29 @@
+ 
+ 	return (ISC_TRUE);
+ }
++#endif
+ 
+-#endif
++static isc_result_t
++renderset(dns_rdataset_t *rdataset, dns_name_t *owner_name,
++	  dns_compress_t *cctx, isc_buffer_t *target,
++	  unsigned int reserved, unsigned int options, unsigned int *countp)
++{
++	isc_result_t result;
++
++	/*
++	 * Shrink the space in the buffer by the reserved amount.
++	 */
++	if (target->length - target->used < reserved)
++		return (ISC_R_NOSPACE);
++
++	target->length -= reserved;
++	result = dns_rdataset_towire(rdataset, owner_name,
++				     cctx, target, options, countp);
++	target->length += reserved;
++
++	return (result);
++}
++
+ isc_result_t
+ dns_message_rendersection(dns_message_t *msg, dns_section_t sectionid,
+ 			  unsigned int options)
+@@ -1907,6 +1928,8 @@
+ 	/*
+ 	 * Shrink the space in the buffer by the reserved amount.
+ 	 */
++	if (msg->buffer->length - msg->buffer->used < msg->reserved)
++		return (ISC_R_NOSPACE);
+ 	msg->buffer->length -= msg->reserved;
+ 
+ 	total = 0;
+@@ -2183,9 +2206,8 @@
+ 		 * Render.
+ 		 */
+ 		count = 0;
+-		result = dns_rdataset_towire(msg->opt, dns_rootname,
+-					     msg->cctx, msg->buffer, 0,
+-					     &count);
++		result = renderset(msg->opt, dns_rootname, msg->cctx,
++				   msg->buffer, msg->reserved, 0, &count);
+ 		msg->counts[DNS_SECTION_ADDITIONAL] += count;
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+@@ -2201,9 +2223,8 @@
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+ 		count = 0;
+-		result = dns_rdataset_towire(msg->tsig, msg->tsigname,
+-					     msg->cctx, msg->buffer, 0,
+-					     &count);
++		result = renderset(msg->tsig, msg->tsigname, msg->cctx,
++				   msg->buffer, msg->reserved, 0, &count);
+ 		msg->counts[DNS_SECTION_ADDITIONAL] += count;
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);
+@@ -2224,9 +2245,8 @@
+ 		 * the owner name of a SIG(0) is irrelevant, and will not
+ 		 * be set in a message being rendered.
+ 		 */
+-		result = dns_rdataset_towire(msg->sig0, dns_rootname,
+-					     msg->cctx, msg->buffer, 0,
+-					     &count);
++		result = renderset(msg->sig0, dns_rootname, msg->cctx,
++				   msg->buffer, msg->reserved, 0, &count);
+ 		msg->counts[DNS_SECTION_ADDITIONAL] += count;
+ 		if (result != ISC_R_SUCCESS)
+ 			return (result);

Property changes on: head/share/security/patches/SA-16:28/bind.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:28/bind.patch.asc
===================================================================
--- head/share/security/patches/SA-16:28/bind.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:28/bind.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PkAAoJEO1n7NZdz2rnQp4QAM0ewaa+/Uf9DtsxfNFBG7B3
+FGwAQsn6147M1+Et1FFtHonjnnzYb+bN+xEHGDLS5R7kLxDgdzWdF/+VlM1iTex9
+gwdJ9PHctHKh++mw6iI4CSZDPHIg+4YmuY6liUDVlQthetOdh8mIHrOO9EBOkQZ9
+yk37YWSFmJEKfLYOOSp8/c7ukf56YW3Z7KWVSjxftx7Ct4WJVVL0nc6YDly0/IoS
+3RhGPdT/fkqYVewHolCkp9+oVMiQaOJIqUCpE8oaRMRrRjUHG457RoyEVM0y2SwC
+ptjAvimClV0qv6hzXY/D4Y4UV5MCTreJVESkZECNF5UB20jhdPLR2gwC1NQNb0+w
+3W1AabWMIv/OyqfFy4ZWIaEKaza8iVQruJZdq/ZPItSiszRqJ9vVReI8rIaEPtRI
+ZVhPO4YOozwQE/kQrYQL5MJe2uV+grnmN/1wDCMqUBBi/9/YnRFFpf876Q4lS9xM
+D2d4PqelPUJ+C+K4P/750Jiv4K4DXuR1zliwshmofeNKS1/KkqGm7E4jp0JoCSQa
+udlSQ4Y5D/84Wcevi3GXXuAK55I0WOfB5XgSMpAFVgKeEKSYDaU93olNOqxikMwC
+vV5GX6RgTRri3pjhGoxFvp1EcuihUCmjGMcUJy1lPg8QQpf1KTiQ24acse5CV+nr
+YBtiOueAyfcGtkaTWCty
+=Daic
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:28/bind.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:29/bspatch.patch
===================================================================
--- head/share/security/patches/SA-16:29/bspatch.patch	(nonexistent)
+++ head/share/security/patches/SA-16:29/bspatch.patch	(revision 49477)
@@ -0,0 +1,325 @@
+--- usr.bin/bsdiff/bspatch/bspatch.c.orig
++++ usr.bin/bsdiff/bspatch/bspatch.c
+@@ -27,56 +27,133 @@
+ #include <sys/cdefs.h>
+ __FBSDID("$FreeBSD$");
+ 
++#if defined(__FreeBSD__)
++#include <sys/param.h>
++#if __FreeBSD_version >= 1001511
++#include <sys/capsicum.h>
++#define HAVE_CAPSICUM
++#endif
++#endif
++
+ #include <bzlib.h>
+-#include <stdlib.h>
++#include <err.h>
++#include <errno.h>
++#include <fcntl.h>
++#include <libgen.h>
++#include <limits.h>
++#include <stdint.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+-#include <err.h>
+ #include <unistd.h>
+-#include <fcntl.h>
+ 
+ #ifndef O_BINARY
+ #define O_BINARY 0
+ #endif
++#define HEADER_SIZE 32
++
++static char *newfile;
++static int dirfd = -1;
++
++static void
++exit_cleanup(void)
++{
++
++	if (dirfd != -1 && newfile != NULL)
++		if (unlinkat(dirfd, newfile, 0))
++			warn("unlinkat");
++}
+ 
+ static off_t offtin(u_char *buf)
+ {
+ 	off_t y;
+ 
+-	y=buf[7]&0x7F;
+-	y=y*256;y+=buf[6];
+-	y=y*256;y+=buf[5];
+-	y=y*256;y+=buf[4];
+-	y=y*256;y+=buf[3];
+-	y=y*256;y+=buf[2];
+-	y=y*256;y+=buf[1];
+-	y=y*256;y+=buf[0];
++	y = buf[7] & 0x7F;
++	y = y * 256; y += buf[6];
++	y = y * 256; y += buf[5];
++	y = y * 256; y += buf[4];
++	y = y * 256; y += buf[3];
++	y = y * 256; y += buf[2];
++	y = y * 256; y += buf[1];
++	y = y * 256; y += buf[0];
+ 
+-	if(buf[7]&0x80) y=-y;
++	if (buf[7] & 0x80)
++		y = -y;
+ 
+-	return y;
++	return (y);
+ }
+ 
+-int main(int argc,char * argv[])
++int main(int argc, char *argv[])
+ {
+-	FILE * f, * cpf, * dpf, * epf;
+-	BZFILE * cpfbz2, * dpfbz2, * epfbz2;
++	FILE *f, *cpf, *dpf, *epf;
++	BZFILE *cpfbz2, *dpfbz2, *epfbz2;
++	char *directory, *namebuf;
+ 	int cbz2err, dbz2err, ebz2err;
+-	int fd;
+-	ssize_t oldsize,newsize;
+-	ssize_t bzctrllen,bzdatalen;
+-	u_char header[32],buf[8];
++	int newfd, oldfd;
++	off_t oldsize, newsize;
++	off_t bzctrllen, bzdatalen;
++	u_char header[HEADER_SIZE], buf[8];
+ 	u_char *old, *new;
+-	off_t oldpos,newpos;
++	off_t oldpos, newpos;
+ 	off_t ctrl[3];
+-	off_t lenread;
+-	off_t i;
++	off_t i, lenread, offset;
++#ifdef HAVE_CAPSICUM
++	cap_rights_t rights_dir, rights_ro, rights_wr;
++#endif
+ 
+ 	if(argc!=4) errx(1,"usage: %s oldfile newfile patchfile\n",argv[0]);
+ 
+ 	/* Open patch file */
+ 	if ((f = fopen(argv[3], "rb")) == NULL)
+ 		err(1, "fopen(%s)", argv[3]);
++	/* Open patch file for control block */
++	if ((cpf = fopen(argv[3], "rb")) == NULL)
++		err(1, "fopen(%s)", argv[3]);
++	/* open patch file for diff block */
++	if ((dpf = fopen(argv[3], "rb")) == NULL)
++		err(1, "fopen(%s)", argv[3]);
++	/* open patch file for extra block */
++	if ((epf = fopen(argv[3], "rb")) == NULL)
++		err(1, "fopen(%s)", argv[3]);
++	/* open oldfile */
++	if ((oldfd = open(argv[1], O_RDONLY | O_BINARY, 0)) < 0)
++		err(1, "open(%s)", argv[1]);
++	/* open directory where we'll write newfile */
++	if ((namebuf = strdup(argv[2])) == NULL ||
++	    (directory = dirname(namebuf)) == NULL ||
++	    (dirfd = open(directory, O_DIRECTORY)) < 0)
++		err(1, "open %s", argv[2]);
++	free(namebuf);
++	if ((newfile = basename(argv[2])) == NULL)
++		err(1, "basename");
++	/* open newfile */
++	if ((newfd = openat(dirfd, newfile,
++	    O_CREAT | O_TRUNC | O_WRONLY | O_BINARY, 0666)) < 0)
++		err(1, "open(%s)", argv[2]);
++	atexit(exit_cleanup);
++
++#ifdef HAVE_CAPSICUM
++	if (cap_enter() < 0) {
++		/* Failed to sandbox, fatal if CAPABILITY_MODE enabled */
++		if (errno != ENOSYS)
++			err(1, "failed to enter security sandbox");
++	} else {
++		/* Capsicum Available */
++		cap_rights_init(&rights_ro, CAP_READ, CAP_FSTAT, CAP_SEEK);
++		cap_rights_init(&rights_wr, CAP_WRITE);
++		cap_rights_init(&rights_dir, CAP_UNLINKAT);
++
++		if (cap_rights_limit(fileno(f), &rights_ro) < 0 ||
++		    cap_rights_limit(fileno(cpf), &rights_ro) < 0 ||
++		    cap_rights_limit(fileno(dpf), &rights_ro) < 0 ||
++		    cap_rights_limit(fileno(epf), &rights_ro) < 0 ||
++		    cap_rights_limit(oldfd, &rights_ro) < 0 ||
++		    cap_rights_limit(newfd, &rights_wr) < 0 ||
++		    cap_rights_limit(dirfd, &rights_dir) < 0)
++			err(1, "cap_rights_limit() failed, could not restrict"
++			    " capabilities");
++	}
++#endif
+ 
+ 	/*
+ 	File format:
+@@ -93,99 +170,99 @@
+ 	*/
+ 
+ 	/* Read header */
+-	if (fread(header, 1, 32, f) < 32) {
++	if (fread(header, 1, HEADER_SIZE, f) < HEADER_SIZE) {
+ 		if (feof(f))
+-			errx(1, "Corrupt patch\n");
++			errx(1, "Corrupt patch");
+ 		err(1, "fread(%s)", argv[3]);
+ 	}
+ 
+ 	/* Check for appropriate magic */
+ 	if (memcmp(header, "BSDIFF40", 8) != 0)
+-		errx(1, "Corrupt patch\n");
++		errx(1, "Corrupt patch");
+ 
+ 	/* Read lengths from header */
+-	bzctrllen=offtin(header+8);
+-	bzdatalen=offtin(header+16);
+-	newsize=offtin(header+24);
+-	if((bzctrllen<0) || (bzdatalen<0) || (newsize<0))
+-		errx(1,"Corrupt patch\n");
++	bzctrllen = offtin(header + 8);
++	bzdatalen = offtin(header + 16);
++	newsize = offtin(header + 24);
++	if (bzctrllen < 0 || bzctrllen > OFF_MAX - HEADER_SIZE ||
++	    bzdatalen < 0 || bzctrllen + HEADER_SIZE > OFF_MAX - bzdatalen ||
++	    newsize < 0 || newsize > SSIZE_MAX)
++		errx(1, "Corrupt patch");
+ 
+ 	/* Close patch file and re-open it via libbzip2 at the right places */
+ 	if (fclose(f))
+ 		err(1, "fclose(%s)", argv[3]);
+-	if ((cpf = fopen(argv[3], "rb")) == NULL)
+-		err(1, "fopen(%s)", argv[3]);
+-	if (fseeko(cpf, 32, SEEK_SET))
+-		err(1, "fseeko(%s, %lld)", argv[3],
+-		    (long long)32);
++	offset = HEADER_SIZE;
++	if (fseeko(cpf, offset, SEEK_SET))
++		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
+ 	if ((cpfbz2 = BZ2_bzReadOpen(&cbz2err, cpf, 0, 0, NULL, 0)) == NULL)
+ 		errx(1, "BZ2_bzReadOpen, bz2err = %d", cbz2err);
+-	if ((dpf = fopen(argv[3], "rb")) == NULL)
+-		err(1, "fopen(%s)", argv[3]);
+-	if (fseeko(dpf, 32 + bzctrllen, SEEK_SET))
+-		err(1, "fseeko(%s, %lld)", argv[3],
+-		    (long long)(32 + bzctrllen));
++	offset += bzctrllen;
++	if (fseeko(dpf, offset, SEEK_SET))
++		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
+ 	if ((dpfbz2 = BZ2_bzReadOpen(&dbz2err, dpf, 0, 0, NULL, 0)) == NULL)
+ 		errx(1, "BZ2_bzReadOpen, bz2err = %d", dbz2err);
+-	if ((epf = fopen(argv[3], "rb")) == NULL)
+-		err(1, "fopen(%s)", argv[3]);
+-	if (fseeko(epf, 32 + bzctrllen + bzdatalen, SEEK_SET))
+-		err(1, "fseeko(%s, %lld)", argv[3],
+-		    (long long)(32 + bzctrllen + bzdatalen));
++	offset += bzdatalen;
++	if (fseeko(epf, offset, SEEK_SET))
++		err(1, "fseeko(%s, %jd)", argv[3], (intmax_t)offset);
+ 	if ((epfbz2 = BZ2_bzReadOpen(&ebz2err, epf, 0, 0, NULL, 0)) == NULL)
+ 		errx(1, "BZ2_bzReadOpen, bz2err = %d", ebz2err);
+ 
+-	if(((fd=open(argv[1],O_RDONLY|O_BINARY,0))<0) ||
+-		((oldsize=lseek(fd,0,SEEK_END))==-1) ||
+-		((old=malloc(oldsize+1))==NULL) ||
+-		(lseek(fd,0,SEEK_SET)!=0) ||
+-		(read(fd,old,oldsize)!=oldsize) ||
+-		(close(fd)==-1)) err(1,"%s",argv[1]);
+-	if((new=malloc(newsize+1))==NULL) err(1,NULL);
++	if ((oldsize = lseek(oldfd, 0, SEEK_END)) == -1 ||
++	    oldsize > SSIZE_MAX ||
++	    (old = malloc(oldsize)) == NULL ||
++	    lseek(oldfd, 0, SEEK_SET) != 0 ||
++	    read(oldfd, old, oldsize) != oldsize ||
++	    close(oldfd) == -1)
++		err(1, "%s", argv[1]);
++	if ((new = malloc(newsize)) == NULL)
++		err(1, NULL);
+ 
+-	oldpos=0;newpos=0;
+-	while(newpos<newsize) {
++	oldpos = 0;
++	newpos = 0;
++	while (newpos < newsize) {
+ 		/* Read control data */
+-		for(i=0;i<=2;i++) {
++		for (i = 0; i <= 2; i++) {
+ 			lenread = BZ2_bzRead(&cbz2err, cpfbz2, buf, 8);
+ 			if ((lenread < 8) || ((cbz2err != BZ_OK) &&
+ 			    (cbz2err != BZ_STREAM_END)))
+-				errx(1, "Corrupt patch\n");
+-			ctrl[i]=offtin(buf);
++				errx(1, "Corrupt patch");
++			ctrl[i] = offtin(buf);
+ 		};
+ 
+ 		/* Sanity-check */
+-		if ((ctrl[0] < 0) || (ctrl[1] < 0))
+-			errx(1,"Corrupt patch\n");
++		if (ctrl[0] < 0 || ctrl[0] > INT_MAX ||
++		    ctrl[1] < 0 || ctrl[1] > INT_MAX)
++			errx(1, "Corrupt patch");
+ 
+ 		/* Sanity-check */
+-		if(newpos+ctrl[0]>newsize)
+-			errx(1,"Corrupt patch\n");
++		if (newpos + ctrl[0] > newsize)
++			errx(1, "Corrupt patch");
+ 
+ 		/* Read diff string */
+ 		lenread = BZ2_bzRead(&dbz2err, dpfbz2, new + newpos, ctrl[0]);
+ 		if ((lenread < ctrl[0]) ||
+ 		    ((dbz2err != BZ_OK) && (dbz2err != BZ_STREAM_END)))
+-			errx(1, "Corrupt patch\n");
++			errx(1, "Corrupt patch");
+ 
+ 		/* Add old data to diff string */
+-		for(i=0;i<ctrl[0];i++)
+-			if((oldpos+i>=0) && (oldpos+i<oldsize))
+-				new[newpos+i]+=old[oldpos+i];
++		for (i = 0; i < ctrl[0]; i++)
++			if ((oldpos + i >= 0) && (oldpos + i < oldsize))
++				new[newpos + i] += old[oldpos + i];
+ 
+ 		/* Adjust pointers */
+-		newpos+=ctrl[0];
+-		oldpos+=ctrl[0];
++		newpos += ctrl[0];
++		oldpos += ctrl[0];
+ 
+ 		/* Sanity-check */
+-		if(newpos+ctrl[1]>newsize)
+-			errx(1,"Corrupt patch\n");
++		if (newpos + ctrl[1] > newsize)
++			errx(1, "Corrupt patch");
+ 
+ 		/* Read extra string */
+ 		lenread = BZ2_bzRead(&ebz2err, epfbz2, new + newpos, ctrl[1]);
+ 		if ((lenread < ctrl[1]) ||
+ 		    ((ebz2err != BZ_OK) && (ebz2err != BZ_STREAM_END)))
+-			errx(1, "Corrupt patch\n");
++			errx(1, "Corrupt patch");
+ 
+ 		/* Adjust pointers */
+ 		newpos+=ctrl[1];
+@@ -200,12 +277,13 @@
+ 		err(1, "fclose(%s)", argv[3]);
+ 
+ 	/* Write the new file */
+-	if(((fd=open(argv[2],O_CREAT|O_TRUNC|O_WRONLY|O_BINARY,0666))<0) ||
+-		(write(fd,new,newsize)!=newsize) || (close(fd)==-1))
+-		err(1,"%s",argv[2]);
++	if (write(newfd, new, newsize) != newsize || close(newfd) == -1)
++		err(1, "%s", argv[2]);
++	/* Disable atexit cleanup */
++	newfile = NULL;
+ 
+ 	free(new);
+ 	free(old);
+ 
+-	return 0;
++	return (0);
+ }

Property changes on: head/share/security/patches/SA-16:29/bspatch.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:29/bspatch.patch.asc
===================================================================
--- head/share/security/patches/SA-16:29/bspatch.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:29/bspatch.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PlAAoJEO1n7NZdz2rnfh4QAIXvMutg0RNWQ0nrxUC2l8D9
+0Ul2EMzk764Cq8qsFbKtecxxrzGf8EF90KxWMJTi+n2OdEvZleRP0ZwZP/6LHKR+
+79p+ZHJ+KAafF1JQ0B7hEBQHMN4VG9tD58xrQYpNaxzRw7bGBWEQignOzGYJf0GA
+xF1KEgOcN1YwdfV6IuwHC3qKLpG0LsVItr3Pk8qOxPKKUB2X19rXqyZxy4vI9Rbd
+v4E3hdIG/ltjGfd/+hg/d6tajtzoMsaWQVOPYHyR1WsUIf5cRhX4Kxf0s59xKgtK
+hxIpGcJ+HpdEDJQJxjjPZmeM1duU9K7LjSfCB2W6Ss/IMwwcPeRUiwDAlbmX3Iui
+149kLuKCMMoGqem50f0rUHqT6OaSj9QCz64NatGaCtmj7jpKPWKx0DmtnYcDrwLS
+/QnYqqlCYKQDhgxKMwvBIhFh5KNO67tOJ5JU94/x+q8JSluO4TXq/JBOd3x7Gx1J
+GKlyRL/NRACq0OFBDIavUBicd2mlV7MvX2GkUUFQ+xoFIr2gtZWjOd8uc5M9VTcs
+9hJHg8EV6+0+r+X5kbGD7Ysp/Ane/H/0zsipQOmH792xtUv4+BYY7HGtOU+mHo/n
+9ArqhJCgoW4kryKo3N91gdRfpmRz1CU6Ug/OaNtu3+gDZ1DpqVzrt0ZcBq6cWJSP
+muRFMZb83H5gn9orwr7w
+=plb5
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:29/bspatch.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:30/portsnap-10.patch
===================================================================
--- head/share/security/patches/SA-16:30/portsnap-10.patch	(nonexistent)
+++ head/share/security/patches/SA-16:30/portsnap-10.patch	(revision 49477)
@@ -0,0 +1,49 @@
+--- usr.sbin/portsnap/portsnap/portsnap.sh.orig
++++ usr.sbin/portsnap/portsnap/portsnap.sh
+@@ -646,7 +646,7 @@
+ # Verify a list of files
+ fetch_snapshot_verify() {
+ 	while read F; do
+-		if [ "`gunzip -c snap/${F} | ${SHA256} -q`" != ${F} ]; then
++		if [ "`gunzip -c < snap/${F}.gz | ${SHA256} -q`" != ${F} ]; then
+ 			echo "snapshot corrupt."
+ 			return 1
+ 		fi
+@@ -681,11 +681,18 @@
+ 	cut -f 2 -d '|' tINDEX.new | fetch_snapshot_verify || return 1
+ # Extract the index
+ 	rm -f INDEX.new
+-	gunzip -c snap/`look INDEX tINDEX.new |
++	gunzip -c < snap/`look INDEX tINDEX.new |
+ 	    cut -f 2 -d '|'`.gz > INDEX.new
+ 	fetch_index_sanity || return 1
+ # Verify the snapshot contents
+ 	cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
++	cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
++	find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
++	if ! cmp -s files.expected files.snap; then
++		echo "unexpected files in snapshot."
++		return 1
++	fi
++	rm files.expected files.snap
+ 	echo "done."
+ 
+ # Move files into their proper locations
+@@ -777,7 +784,7 @@
+ 
+ # Extract the index
+ 	echo -n "Extracting index... " 1>${QUIETREDIR}
+-	gunzip -c files/`look INDEX tINDEX.new |
++	gunzip -c < files/`look INDEX tINDEX.new |
+ 	    cut -f 2 -d '|'`.gz > INDEX.new
+ 	fetch_index_sanity || return 1
+ 
+@@ -897,7 +904,7 @@
+ 		echo -n "$1 not provided by portsnap server; "
+ 		echo "$2 not being generated."
+ 	else
+-	gunzip -c "${WORKDIR}/files/`look $1 ${WORKDIR}/tINDEX |
++	gunzip -c < "${WORKDIR}/files/`look $1 ${WORKDIR}/tINDEX |
+ 	    cut -f 2 -d '|'`.gz" |
+ 	    cat - ${LOCALDESC} |
+ 	    ${MKINDEX} /dev/stdin > ${PORTSDIR}/$2

Property changes on: head/share/security/patches/SA-16:30/portsnap-10.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:30/portsnap-10.patch.asc
===================================================================
--- head/share/security/patches/SA-16:30/portsnap-10.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:30/portsnap-10.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PlAAoJEO1n7NZdz2rn9XUP/iaVbNjwpbtZVxtTIlEHFvgH
+BK1Pn4DEuXKWfL00kMAUr/fhZSKqb37hT9ZBQzRbrofG5nG0hOpG8LF9br3ZWaR5
+t04Yk9mXM9c1JDXjXuSNAewe4z+ylSdNNxXNO75s/qC2TbOGP2R7GpcIJ+LljsEI
+cRgZuau3ce6iJcrbbmlI4BBvOMGor1eteJI4kXIegtsOlHxl+mAQcqxdpxENGwzn
+VJMQv7dav0PQ2TaCU8UkBj9jYeToXoTMo/lqalweSrYVqL6Lf7zP312Lxz1YtJY3
+c9GcViHjni8RnBMglGX6LYm9uzQIlA8nxccU3Uc08b6c8uouWLn6QmkQefGa2zqf
+YRUnX8fJwy3n8qFjPm3wq48UsJvL8i7O33DyDHo8OerG2OADbz6ts56QRKgJWI7w
+NLPq/D/OeTgfbuGrOdnJWZBQZ/CwAdeNtzQLvyj5xG2S9jBv2lWh/nvKgBUshWoW
+HaxxVKh7Q4c9JXmSMHokRIe/oeFdAN3V1Bh4/IbR8V4vh1B0XGGo1bpWaM90qZ54
+z5JG1acryHTgoFk48uaDm69wTbgU5Ag63v0clSJH7ns4VZvf9nhYEmdxQl6IebAp
+HC50Upysn8NKoXRuOwFJqUevgpAcgp8RDNCKJ3ypNLpbGUE5LKm0CC6lnZbnWnr0
+cHfCP/URRfL/VLFvpTLb
+=qZzf
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:30/portsnap-10.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:30/portsnap-9.3.patch
===================================================================
--- head/share/security/patches/SA-16:30/portsnap-9.3.patch	(nonexistent)
+++ head/share/security/patches/SA-16:30/portsnap-9.3.patch	(revision 49477)
@@ -0,0 +1,49 @@
+--- usr.sbin/portsnap/portsnap/portsnap.sh.orig
++++ usr.sbin/portsnap/portsnap/portsnap.sh
+@@ -609,7 +609,7 @@
+ # Verify a list of files
+ fetch_snapshot_verify() {
+ 	while read F; do
+-		if [ "`gunzip -c snap/${F} | ${SHA256} -q`" != ${F} ]; then
++		if [ "`gunzip -c < snap/${F}.gz | ${SHA256} -q`" != ${F} ]; then
+ 			echo "snapshot corrupt."
+ 			return 1
+ 		fi
+@@ -644,11 +644,18 @@
+ 	cut -f 2 -d '|' tINDEX.new | fetch_snapshot_verify || return 1
+ # Extract the index
+ 	rm -f INDEX.new
+-	gunzip -c snap/`look INDEX tINDEX.new |
++	gunzip -c < snap/`look INDEX tINDEX.new |
+ 	    cut -f 2 -d '|'`.gz > INDEX.new
+ 	fetch_index_sanity || return 1
+ # Verify the snapshot contents
+ 	cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
++	cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
++	find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
++	if ! cmp -s files.expected files.snap; then
++		echo "unexpected files in snapshot."
++		return 1
++	fi
++	rm files.expected files.snap
+ 	echo "done."
+ 
+ # Move files into their proper locations
+@@ -737,7 +744,7 @@
+ 	echo "done."
+ 
+ # Extract the index
+-	gunzip -c files/`look INDEX tINDEX.new |
++	gunzip -c < files/`look INDEX tINDEX.new |
+ 	    cut -f 2 -d '|'`.gz > INDEX.new
+ 	fetch_index_sanity || return 1
+ 
+@@ -842,7 +849,7 @@
+ 		echo -n "$1 not provided by portsnap server; "
+ 		echo "$2 not being generated."
+ 	else
+-	gunzip -c "${WORKDIR}/files/`look $1 ${WORKDIR}/tINDEX |
++	gunzip -c < "${WORKDIR}/files/`look $1 ${WORKDIR}/tINDEX |
+ 	    cut -f 2 -d '|'`.gz" |
+ 	    cat - ${LOCALDESC} |
+ 	    ${MKINDEX} /dev/stdin > ${PORTSDIR}/$2

Property changes on: head/share/security/patches/SA-16:30/portsnap-9.3.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:30/portsnap-9.3.patch.asc
===================================================================
--- head/share/security/patches/SA-16:30/portsnap-9.3.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:30/portsnap-9.3.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PlAAoJEO1n7NZdz2rntIMP/3653gK7bSBhc1Dw68p9OQcE
+VqDIE7ucmGjMl9Jk6UrIqMdf54O0lKb+Kf1FuuyERtIBl/c8oTM/ChPvVPyyAVnm
++3GPfoFzfH0UloD6jko9rWdFX0QdrVhZh5tP/TZpDj+FprJm9xgUruKEAmkN0Itz
+rvHHI6v2qbXO97lP18jvZhdBExlzICRRgjnduxqbjabb+B6MQdU/Ey8tkussrB+l
+tPkTJWEwXfkDGNBx/LF6bM+yh8qlTIOFF9yL8wUXxuG2oKkbS49agPzrTzj5ZLnX
+AozV+jnXvNCLGA+eR1rRyfLOtnNh8nbJeOe4fZB/o+595R0YjOsjZLKZAZSajIKV
+yIC1j5inK+WbBULYowFb6XL9kg1Y2gc42GkYaOmoEOcQqdcptBpN+c+5W6wM29CD
+RouiCAbOxWgwNCAhZMyyS03x2P+sAahAUrZ7lrEqitoy/gLn82etFAu/vid6PAIo
+u79rT4Wq1TBeow7fu37KIWtuFvfKl0BSe02SdjWw+5taZisBc84LYQMGdB8sA2Rl
+7t99xGx0NwA/CsONv2rsvjxFXnjvN7ZLw7ccmpMSl90LORwXrn1WK0G4O6hbFYbp
+DB4UNReyF7bnwWJzRsN0hQUXamrCJlv3DFVCzdkd3A5iN1gxQYPGPX1A2eI1oVUw
+JPpNrRIH+dqkRc9vw+Ba
+=Pic0
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:30/portsnap-9.3.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:31/libarchive-10.1.patch
===================================================================
--- head/share/security/patches/SA-16:31/libarchive-10.1.patch	(nonexistent)
+++ head/share/security/patches/SA-16:31/libarchive-10.1.patch	(revision 49477)
@@ -0,0 +1,1270 @@
+--- contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c.orig
++++ contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
+@@ -409,9 +409,7 @@
+ {
+ 	const char	*accpath;
+ 	acl_t		 acl;
+-#if HAVE_ACL_IS_TRIVIAL_NP
+ 	int		r;
+-#endif
+ 
+ 	accpath = archive_entry_sourcepath(entry);
+ 	if (accpath == NULL)
+@@ -443,9 +441,13 @@
+ 	}
+ #endif
+ 	if (acl != NULL) {
+-		translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
++		r = translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
+ 		acl_free(acl);
+-		return (ARCHIVE_OK);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, errno,
++			    "Couldn't translate NFSv4 ACLs: %s", accpath);
++		}
++		return (r);
+ 	}
+ 
+ 	/* Retrieve access ACL from file. */
+@@ -464,18 +466,29 @@
+ 	else
+ 		acl = acl_get_file(accpath, ACL_TYPE_ACCESS);
+ 	if (acl != NULL) {
+-		translate_acl(a, entry, acl,
++		r = translate_acl(a, entry, acl,
+ 		    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
+ 		acl_free(acl);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, errno,
++			    "Couldn't translate access ACLs: %s", accpath);
++			return (r);
++		}
+ 	}
+ 
+ 	/* Only directories can have default ACLs. */
+ 	if (S_ISDIR(archive_entry_mode(entry))) {
+ 		acl = acl_get_file(accpath, ACL_TYPE_DEFAULT);
+ 		if (acl != NULL) {
+-			translate_acl(a, entry, acl,
++			r = translate_acl(a, entry, acl,
+ 			    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
+ 			acl_free(acl);
++			if (r != ARCHIVE_OK) {
++				archive_set_error(&a->archive, errno,
++				    "Couldn't translate default ACLs: %s",
++				    accpath);
++				return (r);
++			}
+ 		}
+ 	}
+ 	return (ARCHIVE_OK);
+@@ -536,7 +549,11 @@
+ 	// FreeBSD "brands" ACLs as POSIX.1e or NFSv4
+ 	// Make sure the "brand" on this ACL is consistent
+ 	// with the default_entry_acl_type bits provided.
+-	acl_get_brand_np(acl, &brand);
++	if (acl_get_brand_np(acl, &brand) != 0) {
++		archive_set_error(&a->archive, errno,
++		    "Failed to read ACL brand");
++		return (ARCHIVE_WARN);
++	}
+ 	switch (brand) {
+ 	case ACL_BRAND_POSIX:
+ 		switch (default_entry_acl_type) {
+@@ -544,30 +561,42 @@
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+ 			break;
+ 		default:
+-			// XXX set warning message?
+-			return ARCHIVE_FAILED;
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Invalid ACL entry type for POSIX.1e ACL");
++			return (ARCHIVE_WARN);
+ 		}
+ 		break;
+ 	case ACL_BRAND_NFS4:
+ 		if (default_entry_acl_type & ~ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
+-			// XXX set warning message?
+-			return ARCHIVE_FAILED;
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Invalid ACL entry type for NFSv4 ACL");
++			return (ARCHIVE_WARN);
+ 		}
+ 		break;
+ 	default:
+-		// XXX set warning message?
+-		return ARCHIVE_FAILED;
++		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++		    "Unknown ACL brand");
++		return (ARCHIVE_WARN);
+ 		break;
+ 	}
+ 
+ 
+ 	s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
++	if (s == -1) {
++		archive_set_error(&a->archive, errno,
++		    "Failed to get first ACL entry");
++		return (ARCHIVE_WARN);
++	}
+ 	while (s == 1) {
+ 		ae_id = -1;
+ 		ae_name = NULL;
+ 		ae_perm = 0;
+ 
+-		acl_get_tag_type(acl_entry, &acl_tag);
++		if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get ACL tag type");
++			return (ARCHIVE_WARN);
++		}
+ 		switch (acl_tag) {
+ 		case ACL_USER:
+ 			ae_id = (int)*(uid_t *)acl_get_qualifier(acl_entry);
+@@ -600,12 +629,17 @@
+ 			continue;
+ 		}
+ 
+-		// XXX acl type maps to allow/deny/audit/YYYY bits
+-		// XXX acl_get_entry_type_np on FreeBSD returns EINVAL for
+-		// non-NFSv4 ACLs
++		// XXX acl_type maps to allow/deny/audit/YYYY bits
+ 		entry_acl_type = default_entry_acl_type;
+-		r = acl_get_entry_type_np(acl_entry, &acl_type);
+-		if (r == 0) {
++		if (default_entry_acl_type & ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
++			/*
++			 * acl_get_entry_type_np() falis with non-NFSv4 ACLs
++			 */
++			if (acl_get_entry_type_np(acl_entry, &acl_type) != 0) {
++				archive_set_error(&a->archive, errno, "Failed "
++				    "to get ACL type from a NFSv4 ACL entry");
++				return (ARCHIVE_WARN);
++			}
+ 			switch (acl_type) {
+ 			case ACL_ENTRY_TYPE_ALLOW:
+ 				entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
+@@ -619,28 +653,52 @@
+ 			case ACL_ENTRY_TYPE_ALARM:
+ 				entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALARM;
+ 				break;
++			default:
++				archive_set_error(&a->archive, errno,
++				    "Invalid NFSv4 ACL entry type");
++				return (ARCHIVE_WARN);
+ 			}
+-		}
+-
+-		/*
+-		 * Libarchive stores "flag" (NFSv4 inheritance bits)
+-		 * in the ae_perm bitmap.
+-		 */
+-		acl_get_flagset_np(acl_entry, &acl_flagset);
+-                for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
+-			if (acl_get_flag_np(acl_flagset,
+-					    acl_inherit_map[i].platform_inherit))
+-				ae_perm |= acl_inherit_map[i].archive_inherit;
+ 
+-                }
++			/*
++			 * Libarchive stores "flag" (NFSv4 inheritance bits)
++			 * in the ae_perm bitmap.
++			 *
++			 * acl_get_flagset_np() fails with non-NFSv4 ACLs
++			 */
++			if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
++				archive_set_error(&a->archive, errno,
++				    "Failed to get flagset from a NFSv4 ACL entry");
++				return (ARCHIVE_WARN);
++			}
++	                for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
++				r = acl_get_flag_np(acl_flagset,
++				    acl_inherit_map[i].platform_inherit);
++				if (r == -1) {
++					archive_set_error(&a->archive, errno,
++					    "Failed to check flag in a NFSv4 "
++					    "ACL flagset");
++					return (ARCHIVE_WARN);
++				} else if (r)
++					ae_perm |= acl_inherit_map[i].archive_inherit;
++                	}
++		}
+ 
+-		acl_get_permset(acl_entry, &acl_permset);
+-                for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
++		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get ACL permission set");
++			return (ARCHIVE_WARN);
++		}
++		for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
+ 			/*
+ 			 * acl_get_perm() is spelled differently on different
+ 			 * platforms; see above.
+ 			 */
+-			if (ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm))
++			r = ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm);
++			if (r == -1) {
++				archive_set_error(&a->archive, errno,
++				    "Failed to check permission in an ACL permission set");
++				return (ARCHIVE_WARN);
++			} else if (r)
+ 				ae_perm |= acl_perm_map[i].archive_perm;
+ 		}
+ 
+@@ -649,6 +707,11 @@
+ 					    ae_id, ae_name);
+ 
+ 		s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
++		if (s == -1) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get next ACL entry");
++			return (ARCHIVE_WARN);
++		}
+ 	}
+ 	return (ARCHIVE_OK);
+ }
+--- contrib/libarchive/libarchive/archive_read_support_format_tar.c.orig
++++ contrib/libarchive/libarchive/archive_read_support_format_tar.c
+@@ -136,6 +136,7 @@
+ 	int64_t			 entry_padding;
+ 	int64_t 		 entry_bytes_unconsumed;
+ 	int64_t			 realsize;
++	int			 sparse_allowed;
+ 	struct sparse_block	*sparse_list;
+ 	struct sparse_block	*sparse_last;
+ 	int64_t			 sparse_offset;
+@@ -1216,6 +1217,14 @@
+ 		 * sparse information in the extended area.
+ 		 */
+ 		/* FALLTHROUGH */
++	case '0':
++		/*
++		 * Enable sparse file "read" support only for regular
++		 * files and explicit GNU sparse files.  However, we
++		 * don't allow non-standard file types to be sparse.
++		 */
++		tar->sparse_allowed = 1;
++		/* FALLTHROUGH */
+ 	default: /* Regular file  and non-standard types */
+ 		/*
+ 		 * Per POSIX: non-recognized types should always be
+@@ -1675,6 +1684,14 @@
+ #endif
+ 	switch (key[0]) {
+ 	case 'G':
++		/* Reject GNU.sparse.* headers on non-regular files. */
++		if (strncmp(key, "GNU.sparse", 10) == 0 &&
++		    !tar->sparse_allowed) {
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Non-regular file cannot be sparse");
++			return (ARCHIVE_FATAL);
++		}
++
+ 		/* GNU "0.0" sparse pax format. */
+ 		if (strcmp(key, "GNU.sparse.numblocks") == 0) {
+ 			tar->sparse_offset = -1;
+--- contrib/libarchive/libarchive/archive_write_disk_acl.c.orig
++++ contrib/libarchive/libarchive/archive_write_disk_acl.c
+@@ -131,6 +131,7 @@
+ 	acl_entry_t	 acl_entry;
+ 	acl_permset_t	 acl_permset;
+ 	acl_flagset_t	 acl_flagset;
++	int		 r;
+ 	int		 ret;
+ 	int		 ae_type, ae_permset, ae_tag, ae_id;
+ 	uid_t		 ae_uid;
+@@ -144,9 +145,19 @@
+ 	if (entries == 0)
+ 		return (ARCHIVE_OK);
+ 	acl = acl_init(entries);
++	if (acl == (acl_t)NULL) {
++		archive_set_error(a, errno,
++		    "Failed to initialize ACL working storage");
++		return (ARCHIVE_FAILED);
++	}
+ 	while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
+ 		   &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
+-		acl_create_entry(&acl, &acl_entry);
++		if (acl_create_entry(&acl, &acl_entry) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to create a new ACL entry");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
+ 
+ 		switch (ae_tag) {
+ 		case ARCHIVE_ENTRY_ACL_USER:
+@@ -175,47 +186,95 @@
+ 			acl_set_tag_type(acl_entry, ACL_EVERYONE);
+ 			break;
+ 		default:
+-			/* XXX */
+-			break;
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Unknown ACL tag");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
+ 		}
+ 
++		r = 0;
+ 		switch (ae_type) {
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DENY:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+ 			// These don't translate directly into the system ACL.
+ 			break;
+ 		default:
+-			// XXX error handling here.
+-			break;
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Unknown ACL entry type");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
++		if (r != 0) {
++			archive_set_error(a, errno,
++			    "Failed to set ACL entry type");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
+ 		}
+ 
+-		acl_get_permset(acl_entry, &acl_permset);
+-		acl_clear_perms(acl_permset);
++		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to get ACL permission set");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
++		if (acl_clear_perms(acl_permset) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to clear ACL permissions");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
+ 
+ 		for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
+ 			if (ae_permset & acl_perm_map[i].archive_perm)
+-				acl_add_perm(acl_permset,
+-					     acl_perm_map[i].platform_perm);
++				if (acl_add_perm(acl_permset,
++				    acl_perm_map[i].platform_perm) != 0) {
++					archive_set_error(a, errno,
++					    "Failed to add ACL permission");
++					ret = ARCHIVE_FAILED;
++					goto exit_free;
++				}
+ 		}
+ 
+ 		acl_get_flagset_np(acl_entry, &acl_flagset);
+-		acl_clear_flags_np(acl_flagset);
+-		for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
+-			if (ae_permset & acl_inherit_map[i].archive_inherit)
+-				acl_add_flag_np(acl_flagset,
+-						acl_inherit_map[i].platform_inherit);
++		if (acl_type == ACL_TYPE_NFS4) {
++			/*
++			 * acl_get_flagset_np() fails with non-NFSv4 ACLs
++			 */
++			if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
++				archive_set_error(a, errno,
++				    "Failed to get flagset from an NFSv4 ACL entry");
++				ret = ARCHIVE_FAILED;
++				goto exit_free;
++			}
++			if (acl_clear_flags_np(acl_flagset) != 0) {
++				archive_set_error(a, errno,
++				    "Failed to clear flags from an NFSv4 ACL flagset");
++				ret = ARCHIVE_FAILED;
++				goto exit_free;
++			}
++			for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
++				if (ae_permset & acl_inherit_map[i].archive_inherit) {
++					if (acl_add_flag_np(acl_flagset,
++							acl_inherit_map[i].platform_inherit) != 0) {
++						archive_set_error(a, errno,
++						    "Failed to add flag to NFSv4 ACL flagset");
++						ret = ARCHIVE_FAILED;
++						goto exit_free;
++					}
++				}
++			}
+ 		}
+ 	}
+ 
+@@ -243,6 +302,7 @@
+ 		ret = ARCHIVE_WARN;
+ 	}
+ #endif
++exit_free:
+ 	acl_free(acl);
+ 	return (ret);
+ }
+--- contrib/libarchive/libarchive/archive_write_disk_posix.c.orig
++++ contrib/libarchive/libarchive/archive_write_disk_posix.c
+@@ -140,7 +140,17 @@
+ #define O_BINARY 0
+ #endif
+ #ifndef O_CLOEXEC
+-#define O_CLOEXEC	0
++#define O_CLOEXEC 0
++#endif
++
++/* Ignore non-int O_NOFOLLOW constant. */
++/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
++#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
++#undef O_NOFOLLOW
++#endif
++
++#ifndef O_NOFOLLOW
++#define O_NOFOLLOW 0
+ #endif
+ 
+ struct fixup_entry {
+@@ -326,12 +336,14 @@
+ 
+ #define HFS_BLOCKS(s)	((s) >> 12)
+ 
++static int	check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
+ static int	check_symlinks(struct archive_write_disk *);
+ static int	create_filesystem_object(struct archive_write_disk *);
+ static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
+ #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
+ static void	edit_deep_directories(struct archive_write_disk *ad);
+ #endif
++static int	cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
+ static int	cleanup_pathname(struct archive_write_disk *);
+ static int	create_dir(struct archive_write_disk *, char *);
+ static int	create_parent_dir(struct archive_write_disk *, char *);
+@@ -1791,7 +1803,7 @@
+ 	char *tail = a->name;
+ 
+ 	/* If path is short, avoid the open() below. */
+-	if (strlen(tail) <= PATH_MAX)
++	if (strlen(tail) < PATH_MAX)
+ 		return;
+ 
+ 	/* Try to record our starting dir. */
+@@ -1801,7 +1813,7 @@
+ 		return;
+ 
+ 	/* As long as the path is too long... */
+-	while (strlen(tail) > PATH_MAX) {
++	while (strlen(tail) >= PATH_MAX) {
+ 		/* Locate a dir prefix shorter than PATH_MAX. */
+ 		tail += PATH_MAX - 8;
+ 		while (tail > a->name && *tail != '/')
+@@ -1996,6 +2008,10 @@
+ 	const char *linkname;
+ 	mode_t final_mode, mode;
+ 	int r;
++	/* these for check_symlinks_fsobj */
++	char *linkname_copy;	/* non-const copy of linkname */
++	struct archive_string error_string;
++	int error_number;
+ 
+ 	/* We identify hard/symlinks according to the link names. */
+ 	/* Since link(2) and symlink(2) don't handle modes, we're done here. */
+@@ -2004,6 +2020,27 @@
+ #if !HAVE_LINK
+ 		return (EPERM);
+ #else
++		archive_string_init(&error_string);
++		linkname_copy = strdup(linkname);
++		if (linkname_copy == NULL) {
++		    return (EPERM);
++		}
++		/* TODO: consider using the cleaned-up path as the link target? */
++		r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, error_number, "%s", error_string.s);
++			free(linkname_copy);
++			/* EPERM is more appropriate than error_number for our callers */
++			return (EPERM);
++		}
++		r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, error_number, "%s", error_string.s);
++			free(linkname_copy);
++			/* EPERM is more appropriate than error_number for our callers */
++			return (EPERM);
++		}
++		free(linkname_copy);
+ 		r = link(linkname, a->name) ? errno : 0;
+ 		/*
+ 		 * New cpio and pax formats allow hardlink entries
+@@ -2022,7 +2059,7 @@
+ 			a->deferred = 0;
+ 		} else if (r == 0 && a->filesize > 0) {
+ 			a->fd = open(a->name,
+-				     O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
++				     O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC | O_NOFOLLOW);
+ 			__archive_ensure_cloexec_flag(a->fd);
+ 			if (a->fd < 0)
+ 				r = errno;
+@@ -2332,110 +2369,233 @@
+ 	return (a->current_fixup);
+ }
+ 
+-/* TODO: Make this work. */
+-/*
+- * TODO: The deep-directory support bypasses this; disable deep directory
+- * support if we're doing symlink checks.
+- */
+ /*
+  * TODO: Someday, integrate this with the deep dir support; they both
+  * scan the path and both can be optimized by comparing against other
+  * recent paths.
+  */
+ /* TODO: Extend this to support symlinks on Windows Vista and later. */
++
++/*
++ * Checks the given path to see if any elements along it are symlinks.  Returns
++ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
++ */
+ static int
+-check_symlinks(struct archive_write_disk *a)
++check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
+ {
+ #if !defined(HAVE_LSTAT)
+ 	/* Platform doesn't have lstat, so we can't look for symlinks. */
+-	(void)a; /* UNUSED */
++	(void)path; /* UNUSED */
++	(void)error_number; /* UNUSED */
++	(void)error_string; /* UNUSED */
++	(void)flags; /* UNUSED */
+ 	return (ARCHIVE_OK);
+ #else
+-	char *pn;
++	int res = ARCHIVE_OK;
++	char *tail;
++	char *head;
++	int last;
+ 	char c;
+ 	int r;
+ 	struct stat st;
++	int restore_pwd;
++
++	/* Nothing to do here if name is empty */
++	if(path[0] == '\0')
++	    return (ARCHIVE_OK);
+ 
+ 	/*
+ 	 * Guard against symlink tricks.  Reject any archive entry whose
+ 	 * destination would be altered by a symlink.
++	 *
++	 * Walk the filename in chunks separated by '/'.  For each segment:
++	 *  - if it doesn't exist, continue
++	 *  - if it's symlink, abort or remove it
++	 *  - if it's a directory and it's not the last chunk, cd into it
++	 * As we go:
++	 *  head points to the current (relative) path
++	 *  tail points to the temporary \0 terminating the segment we're currently examining
++	 *  c holds what used to be in *tail
++	 *  last is 1 if this is the last tail
++	 */
++	restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
++	__archive_ensure_cloexec_flag(restore_pwd);
++	if (restore_pwd < 0)
++		return (ARCHIVE_FATAL);
++	head = path;
++	tail = path;
++	last = 0;
++	/* TODO: reintroduce a safe cache here? */
++	/* Skip the root directory if the path is absolute. */
++	if(tail == path && tail[0] == '/')
++		++tail;
++	/* Keep going until we've checked the entire name.
++	 * head, tail, path all alias the same string, which is
++	 * temporarily zeroed at tail, so be careful restoring the
++	 * stashed (c=tail[0]) for error messages.
++	 * Exiting the loop with break is okay; continue is not.
+ 	 */
+-	/* Whatever we checked last time doesn't need to be re-checked. */
+-	pn = a->name;
+-	if (archive_strlen(&(a->path_safe)) > 0) {
+-		char *p = a->path_safe.s;
+-		while ((*pn != '\0') && (*p == *pn))
+-			++p, ++pn;
+-	}
+-	c = pn[0];
+-	/* Keep going until we've checked the entire name. */
+-	while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
++	while (!last) {
++		/* Skip the separator we just consumed, plus any adjacent ones */
++		while (*tail == '/')
++		    ++tail;
+ 		/* Skip the next path element. */
+-		while (*pn != '\0' && *pn != '/')
+-			++pn;
+-		c = pn[0];
+-		pn[0] = '\0';
++		while (*tail != '\0' && *tail != '/')
++			++tail;
++		/* is this the last path component? */
++		last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
++		/* temporarily truncate the string here */
++		c = tail[0];
++		tail[0] = '\0';
+ 		/* Check that we haven't hit a symlink. */
+-		r = lstat(a->name, &st);
++		r = lstat(head, &st);
+ 		if (r != 0) {
++			tail[0] = c;
+ 			/* We've hit a dir that doesn't exist; stop now. */
+-			if (errno == ENOENT)
++			if (errno == ENOENT) {
+ 				break;
++			} else {
++				/* Treat any other error as fatal - best to be paranoid here
++				 * Note: This effectively disables deep directory
++				 * support when security checks are enabled.
++				 * Otherwise, very long pathnames that trigger
++				 * an error here could evade the sandbox.
++				 * TODO: We could do better, but it would probably
++				 * require merging the symlink checks with the
++				 * deep-directory editing. */
++				if (error_number) *error_number = errno;
++				if (error_string)
++					archive_string_sprintf(error_string,
++							"Could not stat %s",
++							path);
++				res = ARCHIVE_FAILED;
++				break;
++			}
++		} else if (S_ISDIR(st.st_mode)) {
++			if (!last) {
++				if (chdir(head) != 0) {
++					tail[0] = c;
++					if (error_number) *error_number = errno;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Could not chdir %s",
++								path);
++					res = (ARCHIVE_FATAL);
++					break;
++				}
++				/* Our view is now from inside this dir: */
++				head = tail + 1;
++			}
+ 		} else if (S_ISLNK(st.st_mode)) {
+-			if (c == '\0') {
++			if (last) {
+ 				/*
+ 				 * Last element is symlink; remove it
+ 				 * so we can overwrite it with the
+ 				 * item being extracted.
+ 				 */
+-				if (unlink(a->name)) {
+-					archive_set_error(&a->archive, errno,
+-					    "Could not remove symlink %s",
+-					    a->name);
+-					pn[0] = c;
+-					return (ARCHIVE_FAILED);
++				if (unlink(head)) {
++					tail[0] = c;
++					if (error_number) *error_number = errno;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Could not remove symlink %s",
++								path);
++					res = ARCHIVE_FAILED;
++					break;
+ 				}
+-				a->pst = NULL;
+ 				/*
+ 				 * Even if we did remove it, a warning
+ 				 * is in order.  The warning is silly,
+ 				 * though, if we're just replacing one
+ 				 * symlink with another symlink.
+ 				 */
+-				if (!S_ISLNK(a->mode)) {
+-					archive_set_error(&a->archive, 0,
+-					    "Removing symlink %s",
+-					    a->name);
++				tail[0] = c;
++				/* FIXME:  not sure how important this is to restore
++				if (!S_ISLNK(path)) {
++					if (error_number) *error_number = 0;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Removing symlink %s",
++								path);
+ 				}
++				*/
+ 				/* Symlink gone.  No more problem! */
+-				pn[0] = c;
+-				return (0);
+-			} else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
++				res = ARCHIVE_OK;
++				break;
++			} else if (flags & ARCHIVE_EXTRACT_UNLINK) {
+ 				/* User asked us to remove problems. */
+-				if (unlink(a->name) != 0) {
+-					archive_set_error(&a->archive, 0,
+-					    "Cannot remove intervening symlink %s",
+-					    a->name);
+-					pn[0] = c;
+-					return (ARCHIVE_FAILED);
++				if (unlink(head) != 0) {
++					tail[0] = c;
++					if (error_number) *error_number = 0;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Cannot remove intervening symlink %s",
++								path);
++					res = ARCHIVE_FAILED;
++					break;
+ 				}
+-				a->pst = NULL;
++				tail[0] = c;
+ 			} else {
+-				archive_set_error(&a->archive, 0,
+-				    "Cannot extract through symlink %s",
+-				    a->name);
+-				pn[0] = c;
+-				return (ARCHIVE_FAILED);
++				tail[0] = c;
++				if (error_number) *error_number = 0;
++				if (error_string)
++					archive_string_sprintf(error_string,
++							"Cannot extract through symlink %s",
++							path);
++				res = ARCHIVE_FAILED;
++				break;
+ 			}
+ 		}
++		/* be sure to always maintain this */
++		tail[0] = c;
++		if (tail[0] != '\0')
++			tail++; /* Advance to the next segment. */
+ 	}
+-	pn[0] = c;
+-	/* We've checked and/or cleaned the whole path, so remember it. */
+-	archive_strcpy(&a->path_safe, a->name);
+-	return (ARCHIVE_OK);
++	/* Catches loop exits via break */
++	tail[0] = c;
++#ifdef HAVE_FCHDIR
++	/* If we changed directory above, restore it here. */
++	if (restore_pwd >= 0) {
++		r = fchdir(restore_pwd);
++		if (r != 0) {
++			if(error_number) *error_number = errno;
++			if(error_string)
++				archive_string_sprintf(error_string,
++						"chdir() failure");
++		}
++		close(restore_pwd);
++		restore_pwd = -1;
++		if (r != 0) {
++			res = (ARCHIVE_FATAL);
++		}
++	}
++#endif
++	/* TODO: reintroduce a safe cache here? */
++	return res;
+ #endif
+ }
+ 
++/*
++ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
++ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
++ */
++static int
++check_symlinks(struct archive_write_disk *a)
++{
++	struct archive_string error_string;
++	int error_number;
++	int rc;
++	archive_string_init(&error_string);
++	rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
++	if (rc != ARCHIVE_OK) {
++		archive_set_error(&a->archive, error_number, "%s", error_string.s);
++	}
++	archive_string_free(&error_string);
++	a->pst = NULL;	/* to be safe */
++	return rc;
++}
++
++
+ #if defined(__CYGWIN__)
+ /*
+  * 1. Convert a path separator from '\' to '/' .
+@@ -2509,15 +2669,17 @@
+  * is set) if the path is absolute.
+  */
+ static int
+-cleanup_pathname(struct archive_write_disk *a)
++cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
+ {
+ 	char *dest, *src;
+ 	char separator = '\0';
+ 
+-	dest = src = a->name;
++	dest = src = path;
+ 	if (*src == '\0') {
+-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+-		    "Invalid empty pathname");
++		if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++		if (error_string)
++		    archive_string_sprintf(error_string,
++			    "Invalid empty pathname");
+ 		return (ARCHIVE_FAILED);
+ 	}
+ 
+@@ -2526,9 +2688,11 @@
+ #endif
+ 	/* Skip leading '/'. */
+ 	if (*src == '/') {
+-		if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+-			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+-			                  "Path is absolute");
++		if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
++			if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++			if (error_string)
++			    archive_string_sprintf(error_string,
++				    "Path is absolute");
+ 			return (ARCHIVE_FAILED);
+ 		}
+ 
+@@ -2555,10 +2719,11 @@
+ 			} else if (src[1] == '.') {
+ 				if (src[2] == '/' || src[2] == '\0') {
+ 					/* Conditionally warn about '..' */
+-					if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
+-						archive_set_error(&a->archive,
+-						    ARCHIVE_ERRNO_MISC,
+-						    "Path contains '..'");
++					if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
++						if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++						if (error_string)
++						    archive_string_sprintf(error_string,
++							    "Path contains '..'");
+ 						return (ARCHIVE_FAILED);
+ 					}
+ 				}
+@@ -2589,7 +2754,7 @@
+ 	 * We've just copied zero or more path elements, not including the
+ 	 * final '/'.
+ 	 */
+-	if (dest == a->name) {
++	if (dest == path) {
+ 		/*
+ 		 * Nothing got copied.  The path must have been something
+ 		 * like '.' or '/' or './' or '/././././/./'.
+@@ -2604,6 +2769,21 @@
+ 	return (ARCHIVE_OK);
+ }
+ 
++static int
++cleanup_pathname(struct archive_write_disk *a)
++{
++	struct archive_string error_string;
++	int error_number;
++	int rc;
++	archive_string_init(&error_string);
++	rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
++	if (rc != ARCHIVE_OK) {
++		archive_set_error(&a->archive, error_number, "%s", error_string.s);
++	}
++	archive_string_free(&error_string);
++	return rc;
++}
++
+ /*
+  * Create the parent directory of the specified path, assuming path
+  * is already in mutable storage.
+--- contrib/libarchive/libarchive/test/main.c.orig
++++ contrib/libarchive/libarchive/test/main.c
+@@ -1396,6 +1396,31 @@
+ 	return (0);
+ }
+ 
++/* Verify mode of 'pathname'. */
++int
++assertion_file_mode(const char *file, int line, const char *pathname, int expected_mode)
++{
++	int mode;
++	int r;
++
++	assertion_count(file, line);
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	failure_start(file, line, "assertFileMode not yet implemented for Windows");
++#else
++	{
++		struct stat st;
++		r = lstat(pathname, &st);
++		mode = (int)(st.st_mode & 0777);
++	}
++	if (r == 0 && mode == expected_mode)
++		return (1);
++	failure_start(file, line, "File %s has mode %o, expected %o",
++	    pathname, mode, expected_mode);
++#endif
++	failure_finish(NULL);
++	return (0);
++}
++
+ /* Assert that 'pathname' is a dir.  If mode >= 0, verify that too. */
+ int
+ assertion_is_dir(const char *file, int line, const char *pathname, int mode)
+--- contrib/libarchive/libarchive/test/test.h.orig
++++ contrib/libarchive/libarchive/test/test.h
+@@ -176,6 +176,8 @@
+   assertion_file_nlinks(__FILE__, __LINE__, pathname, nlinks)
+ #define assertFileSize(pathname, size)  \
+   assertion_file_size(__FILE__, __LINE__, pathname, size)
++#define assertFileMode(pathname, mode)  \
++  assertion_file_mode(__FILE__, __LINE__, pathname, mode)
+ #define assertTextFileContents(text, pathname) \
+   assertion_text_file_contents(__FILE__, __LINE__, text, pathname)
+ #define assertFileContainsLinesAnyOrder(pathname, lines)	\
+@@ -239,6 +241,7 @@
+ int assertion_file_nlinks(const char *, int, const char *, int);
+ int assertion_file_not_exists(const char *, int, const char *);
+ int assertion_file_size(const char *, int, const char *, long);
++int assertion_file_mode(const char *, int, const char *, int);
+ int assertion_is_dir(const char *, int, const char *, int);
+ int assertion_is_hardlink(const char *, int, const char *, const char *);
+ int assertion_is_not_hardlink(const char *, int, const char *, const char *);
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure744.c
+@@ -0,0 +1,95 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #744 describes a bug in the sandboxing code that
++ * causes very long pathnames to not get checked for symlinks.
++ */
++
++DEFINE_TEST(test_write_disk_secure744)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++	size_t buff_size = 8192;
++	char *buff = malloc(buff_size);
++	char *p = buff;
++	int n = 0;
++	int t;
++
++	assert(buff != NULL);
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	while (p + 500 < buff + buff_size) {
++		memset(p, 'x', 100);
++		p += 100;
++		p[0] = '\0';
++
++		buff[0] = ((n / 1000) % 10) + '0';
++		buff[1] = ((n / 100) % 10)+ '0';
++		buff[2] = ((n / 10) % 10)+ '0';
++		buff[3] = ((n / 1) % 10)+ '0';
++		buff[4] = '_';
++		++n;
++
++		/* Create a symlink pointing to the testworkdir */
++		assert((ae = archive_entry_new()) != NULL);
++		archive_entry_copy_pathname(ae, buff);
++		archive_entry_set_mode(ae, S_IFREG | 0777);
++		archive_entry_copy_symlink(ae, testworkdir);
++		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
++		archive_entry_free(ae);
++
++		*p++ = '/';
++		sprintf(p, "target%d", n);
++
++		/* Try to create a file through the symlink, should fail. */
++		assert((ae = archive_entry_new()) != NULL);
++		archive_entry_copy_pathname(ae, buff);
++		archive_entry_set_mode(ae, S_IFDIR | 0777);
++
++		t = archive_write_header(a, ae);
++		archive_entry_free(ae);
++		failure("Attempt to create target%d via %d-character symlink should have failed", n, (int)strlen(buff));
++		if(!assertEqualInt(ARCHIVE_FAILED, t)) {
++			break;
++		}
++	}
++	archive_free(a);
++	free(buff);
++#endif
++}
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure745.c
+@@ -0,0 +1,79 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #745 describes a bug in the sandboxing code that
++ * allows one to use a symlink to edit the permissions on a file or
++ * directory outside of the sandbox.
++ */
++
++DEFINE_TEST(test_write_disk_secure745)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	/* The target dir:  The one we're going to try to change permission on */
++	assertMakeDir("target", 0700);
++
++	/* The sandbox dir we're going to run inside of. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create a symlink pointing to the target directory */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "sym");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_copy_symlink(ae, "../target");
++	assert(0 == archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Try to alter the target dir through the symlink; this should fail. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "sym");
++	archive_entry_set_mode(ae, S_IFDIR | 0777);
++	assert(0 == archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Permission of target dir should not have changed. */
++	assertFileMode("../target", 0700);
++
++	assert(0 == archive_write_close(a));
++	archive_write_free(a);
++#endif
++}
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure746.c
+@@ -0,0 +1,129 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #746 describes a problem in which hardlink targets are
++ * not adequately checked and can be used to modify entries outside of
++ * the sandbox.
++ */
++
++/*
++ * Verify that ARCHIVE_EXTRACT_SECURE_NODOTDOT disallows '..' in hardlink
++ * targets.
++ */
++DEFINE_TEST(test_write_disk_secure746a)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* The target directory we're going to try to affect. */
++	assertMakeDir("target", 0700);
++	assertMakeFile("target/foo", 0700, "unmodified");
++
++	/* The sandbox dir we're going to work within. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NODOTDOT);
++
++	/* Attempt to hardlink to the target directory. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "bar");
++	archive_entry_set_mode(ae, AE_IFREG | 0777);
++	archive_entry_set_size(ae, 8);
++	archive_entry_copy_hardlink(ae, "../target/foo");
++	assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
++	assertEqualInt(ARCHIVE_FATAL, archive_write_data(a, "modified", 8));
++	archive_entry_free(ae);
++
++	/* Verify that target file contents are unchanged. */
++	assertTextFileContents("unmodified", "../target/foo");
++#endif
++}
++
++/*
++ * Verify that ARCHIVE_EXTRACT_SECURE_NOSYMLINK disallows symlinks in hardlink
++ * targets.
++ */
++DEFINE_TEST(test_write_disk_secure746b)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* The target directory we're going to try to affect. */
++	assertMakeDir("target", 0700);
++	assertMakeFile("target/foo", 0700, "unmodified");
++
++	/* The sandbox dir we're going to work within. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	/* Create a symlink to the target directory. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "symlink");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_copy_symlink(ae, "../target");
++	assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Attempt to hardlink to the target directory via the symlink. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "bar");
++	archive_entry_set_mode(ae, AE_IFREG | 0777);
++	archive_entry_set_size(ae, 8);
++	archive_entry_copy_hardlink(ae, "symlink/foo");
++	assertEqualIntA(a, ARCHIVE_FAILED, archive_write_header(a, ae));
++	assertEqualIntA(a, ARCHIVE_FATAL, archive_write_data(a, "modified", 8));
++	archive_entry_free(ae);
++
++	/* Verify that target file contents are unchanged. */
++	assertTextFileContents("unmodified", "../target/foo");
++
++	assertEqualIntA(a, ARCHIVE_FATAL, archive_write_close(a));
++	archive_write_free(a);
++#endif
++}
+--- lib/libarchive/test/Makefile.orig
++++ lib/libarchive/test/Makefile
+@@ -175,6 +175,9 @@
+ 	test_write_disk_no_hfs_compression.c	\
+ 	test_write_disk_perms.c			\
+ 	test_write_disk_secure.c		\
++	test_write_disk_secure744.c		\
++	test_write_disk_secure745.c		\
++	test_write_disk_secure746.c		\
+ 	test_write_disk_sparse.c		\
+ 	test_write_disk_symlink.c		\
+ 	test_write_disk_times.c			\

Property changes on: head/share/security/patches/SA-16:31/libarchive-10.1.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:31/libarchive-10.1.patch.asc
===================================================================
--- head/share/security/patches/SA-16:31/libarchive-10.1.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:31/libarchive-10.1.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PmAAoJEO1n7NZdz2rnn7kQAOUhndMptAsM7FN+wLxFUBHC
+GNB9bjulRPcXBM4D2aQcN7If8oG9d7nvmgaphrml8WDkgxUGCoAZyxG0Cty87wYp
+gvyMZuhsmIEkKvI9UOH2PeFaVm/qkQrojjFplE/0BFtFLLr6RVGytSR4krYjbZPb
+9jj1Q3OL/dHuZFFeyP30yDCFYId5cBLbfNo410iKlX0CZj6lsD6FDMKlXmLqbgrW
+pnUP9mb5EHBmAmvZm0bieFAl2W9UdrbjVTR6/IwQLAMeQQpKZFX1eYLkm+FuUlfM
+nk5Z26JXoHIDODQBNf5p3sArHRJbLb/8KfZjVpyTAxoDT+kdHHk55oCFDhYMgYHm
+Nkyrqoq5oQ4KEGdkuLcWsOvnMzAWn4rjBTpzKHUPk24xG9pbU8LKV7WcnmYlX/n8
+uKk8wjGGrIpdxGRhArkBoiqS5q11Xc2XDgNyHonZLekeNBYC1NpdhuK6Ni45NS6q
+/IDFBoOXmxbsQAvcArFCqMPpp1IMQ9zMwefJOMvSwdvFDvK4x6JTrIbFhhWgTp3I
+xrlYscQy0rW0HeNucpdaGDzGb9OvzC5LsuA/uKs5vTPFijm6Lwdu9xpSzbT07dVJ
+1k7GoctzPJm970THSS7M6y/vbqLS8SWhsiBuA30ftyS2udLJKsAhd7sML4tvut4d
+eoyhQFyF38/ITK3qQ/Jo
+=w5H8
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:31/libarchive-10.1.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:31/libarchive-10.2.patch
===================================================================
--- head/share/security/patches/SA-16:31/libarchive-10.2.patch	(nonexistent)
+++ head/share/security/patches/SA-16:31/libarchive-10.2.patch	(revision 49477)
@@ -0,0 +1,1270 @@
+--- contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c.orig
++++ contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
+@@ -409,9 +409,7 @@
+ {
+ 	const char	*accpath;
+ 	acl_t		 acl;
+-#if HAVE_ACL_IS_TRIVIAL_NP
+ 	int		r;
+-#endif
+ 
+ 	accpath = archive_entry_sourcepath(entry);
+ 	if (accpath == NULL)
+@@ -443,9 +441,13 @@
+ 	}
+ #endif
+ 	if (acl != NULL) {
+-		translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
++		r = translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
+ 		acl_free(acl);
+-		return (ARCHIVE_OK);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, errno,
++			    "Couldn't translate NFSv4 ACLs: %s", accpath);
++		}
++		return (r);
+ 	}
+ 
+ 	/* Retrieve access ACL from file. */
+@@ -464,18 +466,29 @@
+ 	else
+ 		acl = acl_get_file(accpath, ACL_TYPE_ACCESS);
+ 	if (acl != NULL) {
+-		translate_acl(a, entry, acl,
++		r = translate_acl(a, entry, acl,
+ 		    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
+ 		acl_free(acl);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, errno,
++			    "Couldn't translate access ACLs: %s", accpath);
++			return (r);
++		}
+ 	}
+ 
+ 	/* Only directories can have default ACLs. */
+ 	if (S_ISDIR(archive_entry_mode(entry))) {
+ 		acl = acl_get_file(accpath, ACL_TYPE_DEFAULT);
+ 		if (acl != NULL) {
+-			translate_acl(a, entry, acl,
++			r = translate_acl(a, entry, acl,
+ 			    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
+ 			acl_free(acl);
++			if (r != ARCHIVE_OK) {
++				archive_set_error(&a->archive, errno,
++				    "Couldn't translate default ACLs: %s",
++				    accpath);
++				return (r);
++			}
+ 		}
+ 	}
+ 	return (ARCHIVE_OK);
+@@ -536,7 +549,11 @@
+ 	// FreeBSD "brands" ACLs as POSIX.1e or NFSv4
+ 	// Make sure the "brand" on this ACL is consistent
+ 	// with the default_entry_acl_type bits provided.
+-	acl_get_brand_np(acl, &brand);
++	if (acl_get_brand_np(acl, &brand) != 0) {
++		archive_set_error(&a->archive, errno,
++		    "Failed to read ACL brand");
++		return (ARCHIVE_WARN);
++	}
+ 	switch (brand) {
+ 	case ACL_BRAND_POSIX:
+ 		switch (default_entry_acl_type) {
+@@ -544,30 +561,42 @@
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+ 			break;
+ 		default:
+-			// XXX set warning message?
+-			return ARCHIVE_FAILED;
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Invalid ACL entry type for POSIX.1e ACL");
++			return (ARCHIVE_WARN);
+ 		}
+ 		break;
+ 	case ACL_BRAND_NFS4:
+ 		if (default_entry_acl_type & ~ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
+-			// XXX set warning message?
+-			return ARCHIVE_FAILED;
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Invalid ACL entry type for NFSv4 ACL");
++			return (ARCHIVE_WARN);
+ 		}
+ 		break;
+ 	default:
+-		// XXX set warning message?
+-		return ARCHIVE_FAILED;
++		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++		    "Unknown ACL brand");
++		return (ARCHIVE_WARN);
+ 		break;
+ 	}
+ 
+ 
+ 	s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
++	if (s == -1) {
++		archive_set_error(&a->archive, errno,
++		    "Failed to get first ACL entry");
++		return (ARCHIVE_WARN);
++	}
+ 	while (s == 1) {
+ 		ae_id = -1;
+ 		ae_name = NULL;
+ 		ae_perm = 0;
+ 
+-		acl_get_tag_type(acl_entry, &acl_tag);
++		if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get ACL tag type");
++			return (ARCHIVE_WARN);
++		}
+ 		switch (acl_tag) {
+ 		case ACL_USER:
+ 			ae_id = (int)*(uid_t *)acl_get_qualifier(acl_entry);
+@@ -600,12 +629,17 @@
+ 			continue;
+ 		}
+ 
+-		// XXX acl type maps to allow/deny/audit/YYYY bits
+-		// XXX acl_get_entry_type_np on FreeBSD returns EINVAL for
+-		// non-NFSv4 ACLs
++		// XXX acl_type maps to allow/deny/audit/YYYY bits
+ 		entry_acl_type = default_entry_acl_type;
+-		r = acl_get_entry_type_np(acl_entry, &acl_type);
+-		if (r == 0) {
++		if (default_entry_acl_type & ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
++			/*
++			 * acl_get_entry_type_np() falis with non-NFSv4 ACLs
++			 */
++			if (acl_get_entry_type_np(acl_entry, &acl_type) != 0) {
++				archive_set_error(&a->archive, errno, "Failed "
++				    "to get ACL type from a NFSv4 ACL entry");
++				return (ARCHIVE_WARN);
++			}
+ 			switch (acl_type) {
+ 			case ACL_ENTRY_TYPE_ALLOW:
+ 				entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
+@@ -619,28 +653,52 @@
+ 			case ACL_ENTRY_TYPE_ALARM:
+ 				entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALARM;
+ 				break;
++			default:
++				archive_set_error(&a->archive, errno,
++				    "Invalid NFSv4 ACL entry type");
++				return (ARCHIVE_WARN);
+ 			}
+-		}
+-
+-		/*
+-		 * Libarchive stores "flag" (NFSv4 inheritance bits)
+-		 * in the ae_perm bitmap.
+-		 */
+-		acl_get_flagset_np(acl_entry, &acl_flagset);
+-                for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
+-			if (acl_get_flag_np(acl_flagset,
+-					    acl_inherit_map[i].platform_inherit))
+-				ae_perm |= acl_inherit_map[i].archive_inherit;
+ 
+-                }
++			/*
++			 * Libarchive stores "flag" (NFSv4 inheritance bits)
++			 * in the ae_perm bitmap.
++			 *
++			 * acl_get_flagset_np() fails with non-NFSv4 ACLs
++			 */
++			if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
++				archive_set_error(&a->archive, errno,
++				    "Failed to get flagset from a NFSv4 ACL entry");
++				return (ARCHIVE_WARN);
++			}
++	                for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
++				r = acl_get_flag_np(acl_flagset,
++				    acl_inherit_map[i].platform_inherit);
++				if (r == -1) {
++					archive_set_error(&a->archive, errno,
++					    "Failed to check flag in a NFSv4 "
++					    "ACL flagset");
++					return (ARCHIVE_WARN);
++				} else if (r)
++					ae_perm |= acl_inherit_map[i].archive_inherit;
++                	}
++		}
+ 
+-		acl_get_permset(acl_entry, &acl_permset);
+-                for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
++		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get ACL permission set");
++			return (ARCHIVE_WARN);
++		}
++		for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
+ 			/*
+ 			 * acl_get_perm() is spelled differently on different
+ 			 * platforms; see above.
+ 			 */
+-			if (ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm))
++			r = ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm);
++			if (r == -1) {
++				archive_set_error(&a->archive, errno,
++				    "Failed to check permission in an ACL permission set");
++				return (ARCHIVE_WARN);
++			} else if (r)
+ 				ae_perm |= acl_perm_map[i].archive_perm;
+ 		}
+ 
+@@ -649,6 +707,11 @@
+ 					    ae_id, ae_name);
+ 
+ 		s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
++		if (s == -1) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get next ACL entry");
++			return (ARCHIVE_WARN);
++		}
+ 	}
+ 	return (ARCHIVE_OK);
+ }
+--- contrib/libarchive/libarchive/archive_read_support_format_tar.c.orig
++++ contrib/libarchive/libarchive/archive_read_support_format_tar.c
+@@ -136,6 +136,7 @@
+ 	int64_t			 entry_padding;
+ 	int64_t 		 entry_bytes_unconsumed;
+ 	int64_t			 realsize;
++	int			 sparse_allowed;
+ 	struct sparse_block	*sparse_list;
+ 	struct sparse_block	*sparse_last;
+ 	int64_t			 sparse_offset;
+@@ -1226,6 +1227,14 @@
+ 		 * sparse information in the extended area.
+ 		 */
+ 		/* FALLTHROUGH */
++	case '0':
++		/*
++		 * Enable sparse file "read" support only for regular
++		 * files and explicit GNU sparse files.  However, we
++		 * don't allow non-standard file types to be sparse.
++		 */
++		tar->sparse_allowed = 1;
++		/* FALLTHROUGH */
+ 	default: /* Regular file  and non-standard types */
+ 		/*
+ 		 * Per POSIX: non-recognized types should always be
+@@ -1685,6 +1694,14 @@
+ #endif
+ 	switch (key[0]) {
+ 	case 'G':
++		/* Reject GNU.sparse.* headers on non-regular files. */
++		if (strncmp(key, "GNU.sparse", 10) == 0 &&
++		    !tar->sparse_allowed) {
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Non-regular file cannot be sparse");
++			return (ARCHIVE_FATAL);
++		}
++
+ 		/* GNU "0.0" sparse pax format. */
+ 		if (strcmp(key, "GNU.sparse.numblocks") == 0) {
+ 			tar->sparse_offset = -1;
+--- contrib/libarchive/libarchive/archive_write_disk_acl.c.orig
++++ contrib/libarchive/libarchive/archive_write_disk_acl.c
+@@ -131,6 +131,7 @@
+ 	acl_entry_t	 acl_entry;
+ 	acl_permset_t	 acl_permset;
+ 	acl_flagset_t	 acl_flagset;
++	int		 r;
+ 	int		 ret;
+ 	int		 ae_type, ae_permset, ae_tag, ae_id;
+ 	uid_t		 ae_uid;
+@@ -144,9 +145,19 @@
+ 	if (entries == 0)
+ 		return (ARCHIVE_OK);
+ 	acl = acl_init(entries);
++	if (acl == (acl_t)NULL) {
++		archive_set_error(a, errno,
++		    "Failed to initialize ACL working storage");
++		return (ARCHIVE_FAILED);
++	}
+ 	while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
+ 		   &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
+-		acl_create_entry(&acl, &acl_entry);
++		if (acl_create_entry(&acl, &acl_entry) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to create a new ACL entry");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
+ 
+ 		switch (ae_tag) {
+ 		case ARCHIVE_ENTRY_ACL_USER:
+@@ -175,47 +186,95 @@
+ 			acl_set_tag_type(acl_entry, ACL_EVERYONE);
+ 			break;
+ 		default:
+-			/* XXX */
+-			break;
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Unknown ACL tag");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
+ 		}
+ 
++		r = 0;
+ 		switch (ae_type) {
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DENY:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+ 			// These don't translate directly into the system ACL.
+ 			break;
+ 		default:
+-			// XXX error handling here.
+-			break;
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Unknown ACL entry type");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
++		if (r != 0) {
++			archive_set_error(a, errno,
++			    "Failed to set ACL entry type");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
+ 		}
+ 
+-		acl_get_permset(acl_entry, &acl_permset);
+-		acl_clear_perms(acl_permset);
++		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to get ACL permission set");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
++		if (acl_clear_perms(acl_permset) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to clear ACL permissions");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
+ 
+ 		for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
+ 			if (ae_permset & acl_perm_map[i].archive_perm)
+-				acl_add_perm(acl_permset,
+-					     acl_perm_map[i].platform_perm);
++				if (acl_add_perm(acl_permset,
++				    acl_perm_map[i].platform_perm) != 0) {
++					archive_set_error(a, errno,
++					    "Failed to add ACL permission");
++					ret = ARCHIVE_FAILED;
++					goto exit_free;
++				}
+ 		}
+ 
+ 		acl_get_flagset_np(acl_entry, &acl_flagset);
+-		acl_clear_flags_np(acl_flagset);
+-		for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
+-			if (ae_permset & acl_inherit_map[i].archive_inherit)
+-				acl_add_flag_np(acl_flagset,
+-						acl_inherit_map[i].platform_inherit);
++		if (acl_type == ACL_TYPE_NFS4) {
++			/*
++			 * acl_get_flagset_np() fails with non-NFSv4 ACLs
++			 */
++			if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
++				archive_set_error(a, errno,
++				    "Failed to get flagset from an NFSv4 ACL entry");
++				ret = ARCHIVE_FAILED;
++				goto exit_free;
++			}
++			if (acl_clear_flags_np(acl_flagset) != 0) {
++				archive_set_error(a, errno,
++				    "Failed to clear flags from an NFSv4 ACL flagset");
++				ret = ARCHIVE_FAILED;
++				goto exit_free;
++			}
++			for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
++				if (ae_permset & acl_inherit_map[i].archive_inherit) {
++					if (acl_add_flag_np(acl_flagset,
++							acl_inherit_map[i].platform_inherit) != 0) {
++						archive_set_error(a, errno,
++						    "Failed to add flag to NFSv4 ACL flagset");
++						ret = ARCHIVE_FAILED;
++						goto exit_free;
++					}
++				}
++			}
+ 		}
+ 	}
+ 
+@@ -243,6 +302,7 @@
+ 		ret = ARCHIVE_WARN;
+ 	}
+ #endif
++exit_free:
+ 	acl_free(acl);
+ 	return (ret);
+ }
+--- contrib/libarchive/libarchive/archive_write_disk_posix.c.orig
++++ contrib/libarchive/libarchive/archive_write_disk_posix.c
+@@ -140,7 +140,17 @@
+ #define O_BINARY 0
+ #endif
+ #ifndef O_CLOEXEC
+-#define O_CLOEXEC	0
++#define O_CLOEXEC 0
++#endif
++
++/* Ignore non-int O_NOFOLLOW constant. */
++/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
++#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
++#undef O_NOFOLLOW
++#endif
++
++#ifndef O_NOFOLLOW
++#define O_NOFOLLOW 0
+ #endif
+ 
+ struct fixup_entry {
+@@ -326,12 +336,14 @@
+ 
+ #define HFS_BLOCKS(s)	((s) >> 12)
+ 
++static int	check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
+ static int	check_symlinks(struct archive_write_disk *);
+ static int	create_filesystem_object(struct archive_write_disk *);
+ static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
+ #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
+ static void	edit_deep_directories(struct archive_write_disk *ad);
+ #endif
++static int	cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
+ static int	cleanup_pathname(struct archive_write_disk *);
+ static int	create_dir(struct archive_write_disk *, char *);
+ static int	create_parent_dir(struct archive_write_disk *, char *);
+@@ -1791,7 +1803,7 @@
+ 	char *tail = a->name;
+ 
+ 	/* If path is short, avoid the open() below. */
+-	if (strlen(tail) <= PATH_MAX)
++	if (strlen(tail) < PATH_MAX)
+ 		return;
+ 
+ 	/* Try to record our starting dir. */
+@@ -1801,7 +1813,7 @@
+ 		return;
+ 
+ 	/* As long as the path is too long... */
+-	while (strlen(tail) > PATH_MAX) {
++	while (strlen(tail) >= PATH_MAX) {
+ 		/* Locate a dir prefix shorter than PATH_MAX. */
+ 		tail += PATH_MAX - 8;
+ 		while (tail > a->name && *tail != '/')
+@@ -1996,6 +2008,10 @@
+ 	const char *linkname;
+ 	mode_t final_mode, mode;
+ 	int r;
++	/* these for check_symlinks_fsobj */
++	char *linkname_copy;	/* non-const copy of linkname */
++	struct archive_string error_string;
++	int error_number;
+ 
+ 	/* We identify hard/symlinks according to the link names. */
+ 	/* Since link(2) and symlink(2) don't handle modes, we're done here. */
+@@ -2004,6 +2020,27 @@
+ #if !HAVE_LINK
+ 		return (EPERM);
+ #else
++		archive_string_init(&error_string);
++		linkname_copy = strdup(linkname);
++		if (linkname_copy == NULL) {
++		    return (EPERM);
++		}
++		/* TODO: consider using the cleaned-up path as the link target? */
++		r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, error_number, "%s", error_string.s);
++			free(linkname_copy);
++			/* EPERM is more appropriate than error_number for our callers */
++			return (EPERM);
++		}
++		r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, error_number, "%s", error_string.s);
++			free(linkname_copy);
++			/* EPERM is more appropriate than error_number for our callers */
++			return (EPERM);
++		}
++		free(linkname_copy);
+ 		r = link(linkname, a->name) ? errno : 0;
+ 		/*
+ 		 * New cpio and pax formats allow hardlink entries
+@@ -2022,7 +2059,7 @@
+ 			a->deferred = 0;
+ 		} else if (r == 0 && a->filesize > 0) {
+ 			a->fd = open(a->name,
+-				     O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
++				     O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC | O_NOFOLLOW);
+ 			__archive_ensure_cloexec_flag(a->fd);
+ 			if (a->fd < 0)
+ 				r = errno;
+@@ -2332,110 +2369,233 @@
+ 	return (a->current_fixup);
+ }
+ 
+-/* TODO: Make this work. */
+-/*
+- * TODO: The deep-directory support bypasses this; disable deep directory
+- * support if we're doing symlink checks.
+- */
+ /*
+  * TODO: Someday, integrate this with the deep dir support; they both
+  * scan the path and both can be optimized by comparing against other
+  * recent paths.
+  */
+ /* TODO: Extend this to support symlinks on Windows Vista and later. */
++
++/*
++ * Checks the given path to see if any elements along it are symlinks.  Returns
++ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
++ */
+ static int
+-check_symlinks(struct archive_write_disk *a)
++check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
+ {
+ #if !defined(HAVE_LSTAT)
+ 	/* Platform doesn't have lstat, so we can't look for symlinks. */
+-	(void)a; /* UNUSED */
++	(void)path; /* UNUSED */
++	(void)error_number; /* UNUSED */
++	(void)error_string; /* UNUSED */
++	(void)flags; /* UNUSED */
+ 	return (ARCHIVE_OK);
+ #else
+-	char *pn;
++	int res = ARCHIVE_OK;
++	char *tail;
++	char *head;
++	int last;
+ 	char c;
+ 	int r;
+ 	struct stat st;
++	int restore_pwd;
++
++	/* Nothing to do here if name is empty */
++	if(path[0] == '\0')
++	    return (ARCHIVE_OK);
+ 
+ 	/*
+ 	 * Guard against symlink tricks.  Reject any archive entry whose
+ 	 * destination would be altered by a symlink.
++	 *
++	 * Walk the filename in chunks separated by '/'.  For each segment:
++	 *  - if it doesn't exist, continue
++	 *  - if it's symlink, abort or remove it
++	 *  - if it's a directory and it's not the last chunk, cd into it
++	 * As we go:
++	 *  head points to the current (relative) path
++	 *  tail points to the temporary \0 terminating the segment we're currently examining
++	 *  c holds what used to be in *tail
++	 *  last is 1 if this is the last tail
++	 */
++	restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
++	__archive_ensure_cloexec_flag(restore_pwd);
++	if (restore_pwd < 0)
++		return (ARCHIVE_FATAL);
++	head = path;
++	tail = path;
++	last = 0;
++	/* TODO: reintroduce a safe cache here? */
++	/* Skip the root directory if the path is absolute. */
++	if(tail == path && tail[0] == '/')
++		++tail;
++	/* Keep going until we've checked the entire name.
++	 * head, tail, path all alias the same string, which is
++	 * temporarily zeroed at tail, so be careful restoring the
++	 * stashed (c=tail[0]) for error messages.
++	 * Exiting the loop with break is okay; continue is not.
+ 	 */
+-	/* Whatever we checked last time doesn't need to be re-checked. */
+-	pn = a->name;
+-	if (archive_strlen(&(a->path_safe)) > 0) {
+-		char *p = a->path_safe.s;
+-		while ((*pn != '\0') && (*p == *pn))
+-			++p, ++pn;
+-	}
+-	c = pn[0];
+-	/* Keep going until we've checked the entire name. */
+-	while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
++	while (!last) {
++		/* Skip the separator we just consumed, plus any adjacent ones */
++		while (*tail == '/')
++		    ++tail;
+ 		/* Skip the next path element. */
+-		while (*pn != '\0' && *pn != '/')
+-			++pn;
+-		c = pn[0];
+-		pn[0] = '\0';
++		while (*tail != '\0' && *tail != '/')
++			++tail;
++		/* is this the last path component? */
++		last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
++		/* temporarily truncate the string here */
++		c = tail[0];
++		tail[0] = '\0';
+ 		/* Check that we haven't hit a symlink. */
+-		r = lstat(a->name, &st);
++		r = lstat(head, &st);
+ 		if (r != 0) {
++			tail[0] = c;
+ 			/* We've hit a dir that doesn't exist; stop now. */
+-			if (errno == ENOENT)
++			if (errno == ENOENT) {
+ 				break;
++			} else {
++				/* Treat any other error as fatal - best to be paranoid here
++				 * Note: This effectively disables deep directory
++				 * support when security checks are enabled.
++				 * Otherwise, very long pathnames that trigger
++				 * an error here could evade the sandbox.
++				 * TODO: We could do better, but it would probably
++				 * require merging the symlink checks with the
++				 * deep-directory editing. */
++				if (error_number) *error_number = errno;
++				if (error_string)
++					archive_string_sprintf(error_string,
++							"Could not stat %s",
++							path);
++				res = ARCHIVE_FAILED;
++				break;
++			}
++		} else if (S_ISDIR(st.st_mode)) {
++			if (!last) {
++				if (chdir(head) != 0) {
++					tail[0] = c;
++					if (error_number) *error_number = errno;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Could not chdir %s",
++								path);
++					res = (ARCHIVE_FATAL);
++					break;
++				}
++				/* Our view is now from inside this dir: */
++				head = tail + 1;
++			}
+ 		} else if (S_ISLNK(st.st_mode)) {
+-			if (c == '\0') {
++			if (last) {
+ 				/*
+ 				 * Last element is symlink; remove it
+ 				 * so we can overwrite it with the
+ 				 * item being extracted.
+ 				 */
+-				if (unlink(a->name)) {
+-					archive_set_error(&a->archive, errno,
+-					    "Could not remove symlink %s",
+-					    a->name);
+-					pn[0] = c;
+-					return (ARCHIVE_FAILED);
++				if (unlink(head)) {
++					tail[0] = c;
++					if (error_number) *error_number = errno;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Could not remove symlink %s",
++								path);
++					res = ARCHIVE_FAILED;
++					break;
+ 				}
+-				a->pst = NULL;
+ 				/*
+ 				 * Even if we did remove it, a warning
+ 				 * is in order.  The warning is silly,
+ 				 * though, if we're just replacing one
+ 				 * symlink with another symlink.
+ 				 */
+-				if (!S_ISLNK(a->mode)) {
+-					archive_set_error(&a->archive, 0,
+-					    "Removing symlink %s",
+-					    a->name);
++				tail[0] = c;
++				/* FIXME:  not sure how important this is to restore
++				if (!S_ISLNK(path)) {
++					if (error_number) *error_number = 0;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Removing symlink %s",
++								path);
+ 				}
++				*/
+ 				/* Symlink gone.  No more problem! */
+-				pn[0] = c;
+-				return (0);
+-			} else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
++				res = ARCHIVE_OK;
++				break;
++			} else if (flags & ARCHIVE_EXTRACT_UNLINK) {
+ 				/* User asked us to remove problems. */
+-				if (unlink(a->name) != 0) {
+-					archive_set_error(&a->archive, 0,
+-					    "Cannot remove intervening symlink %s",
+-					    a->name);
+-					pn[0] = c;
+-					return (ARCHIVE_FAILED);
++				if (unlink(head) != 0) {
++					tail[0] = c;
++					if (error_number) *error_number = 0;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Cannot remove intervening symlink %s",
++								path);
++					res = ARCHIVE_FAILED;
++					break;
+ 				}
+-				a->pst = NULL;
++				tail[0] = c;
+ 			} else {
+-				archive_set_error(&a->archive, 0,
+-				    "Cannot extract through symlink %s",
+-				    a->name);
+-				pn[0] = c;
+-				return (ARCHIVE_FAILED);
++				tail[0] = c;
++				if (error_number) *error_number = 0;
++				if (error_string)
++					archive_string_sprintf(error_string,
++							"Cannot extract through symlink %s",
++							path);
++				res = ARCHIVE_FAILED;
++				break;
+ 			}
+ 		}
++		/* be sure to always maintain this */
++		tail[0] = c;
++		if (tail[0] != '\0')
++			tail++; /* Advance to the next segment. */
+ 	}
+-	pn[0] = c;
+-	/* We've checked and/or cleaned the whole path, so remember it. */
+-	archive_strcpy(&a->path_safe, a->name);
+-	return (ARCHIVE_OK);
++	/* Catches loop exits via break */
++	tail[0] = c;
++#ifdef HAVE_FCHDIR
++	/* If we changed directory above, restore it here. */
++	if (restore_pwd >= 0) {
++		r = fchdir(restore_pwd);
++		if (r != 0) {
++			if(error_number) *error_number = errno;
++			if(error_string)
++				archive_string_sprintf(error_string,
++						"chdir() failure");
++		}
++		close(restore_pwd);
++		restore_pwd = -1;
++		if (r != 0) {
++			res = (ARCHIVE_FATAL);
++		}
++	}
++#endif
++	/* TODO: reintroduce a safe cache here? */
++	return res;
+ #endif
+ }
+ 
++/*
++ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
++ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
++ */
++static int
++check_symlinks(struct archive_write_disk *a)
++{
++	struct archive_string error_string;
++	int error_number;
++	int rc;
++	archive_string_init(&error_string);
++	rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
++	if (rc != ARCHIVE_OK) {
++		archive_set_error(&a->archive, error_number, "%s", error_string.s);
++	}
++	archive_string_free(&error_string);
++	a->pst = NULL;	/* to be safe */
++	return rc;
++}
++
++
+ #if defined(__CYGWIN__)
+ /*
+  * 1. Convert a path separator from '\' to '/' .
+@@ -2509,15 +2669,17 @@
+  * is set) if the path is absolute.
+  */
+ static int
+-cleanup_pathname(struct archive_write_disk *a)
++cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
+ {
+ 	char *dest, *src;
+ 	char separator = '\0';
+ 
+-	dest = src = a->name;
++	dest = src = path;
+ 	if (*src == '\0') {
+-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+-		    "Invalid empty pathname");
++		if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++		if (error_string)
++		    archive_string_sprintf(error_string,
++			    "Invalid empty pathname");
+ 		return (ARCHIVE_FAILED);
+ 	}
+ 
+@@ -2526,9 +2688,11 @@
+ #endif
+ 	/* Skip leading '/'. */
+ 	if (*src == '/') {
+-		if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+-			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+-			                  "Path is absolute");
++		if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
++			if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++			if (error_string)
++			    archive_string_sprintf(error_string,
++				    "Path is absolute");
+ 			return (ARCHIVE_FAILED);
+ 		}
+ 
+@@ -2555,10 +2719,11 @@
+ 			} else if (src[1] == '.') {
+ 				if (src[2] == '/' || src[2] == '\0') {
+ 					/* Conditionally warn about '..' */
+-					if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
+-						archive_set_error(&a->archive,
+-						    ARCHIVE_ERRNO_MISC,
+-						    "Path contains '..'");
++					if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
++						if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++						if (error_string)
++						    archive_string_sprintf(error_string,
++							    "Path contains '..'");
+ 						return (ARCHIVE_FAILED);
+ 					}
+ 				}
+@@ -2589,7 +2754,7 @@
+ 	 * We've just copied zero or more path elements, not including the
+ 	 * final '/'.
+ 	 */
+-	if (dest == a->name) {
++	if (dest == path) {
+ 		/*
+ 		 * Nothing got copied.  The path must have been something
+ 		 * like '.' or '/' or './' or '/././././/./'.
+@@ -2604,6 +2769,21 @@
+ 	return (ARCHIVE_OK);
+ }
+ 
++static int
++cleanup_pathname(struct archive_write_disk *a)
++{
++	struct archive_string error_string;
++	int error_number;
++	int rc;
++	archive_string_init(&error_string);
++	rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
++	if (rc != ARCHIVE_OK) {
++		archive_set_error(&a->archive, error_number, "%s", error_string.s);
++	}
++	archive_string_free(&error_string);
++	return rc;
++}
++
+ /*
+  * Create the parent directory of the specified path, assuming path
+  * is already in mutable storage.
+--- contrib/libarchive/libarchive/test/main.c.orig
++++ contrib/libarchive/libarchive/test/main.c
+@@ -1396,6 +1396,31 @@
+ 	return (0);
+ }
+ 
++/* Verify mode of 'pathname'. */
++int
++assertion_file_mode(const char *file, int line, const char *pathname, int expected_mode)
++{
++	int mode;
++	int r;
++
++	assertion_count(file, line);
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	failure_start(file, line, "assertFileMode not yet implemented for Windows");
++#else
++	{
++		struct stat st;
++		r = lstat(pathname, &st);
++		mode = (int)(st.st_mode & 0777);
++	}
++	if (r == 0 && mode == expected_mode)
++		return (1);
++	failure_start(file, line, "File %s has mode %o, expected %o",
++	    pathname, mode, expected_mode);
++#endif
++	failure_finish(NULL);
++	return (0);
++}
++
+ /* Assert that 'pathname' is a dir.  If mode >= 0, verify that too. */
+ int
+ assertion_is_dir(const char *file, int line, const char *pathname, int mode)
+--- contrib/libarchive/libarchive/test/test.h.orig
++++ contrib/libarchive/libarchive/test/test.h
+@@ -176,6 +176,8 @@
+   assertion_file_nlinks(__FILE__, __LINE__, pathname, nlinks)
+ #define assertFileSize(pathname, size)  \
+   assertion_file_size(__FILE__, __LINE__, pathname, size)
++#define assertFileMode(pathname, mode)  \
++  assertion_file_mode(__FILE__, __LINE__, pathname, mode)
+ #define assertTextFileContents(text, pathname) \
+   assertion_text_file_contents(__FILE__, __LINE__, text, pathname)
+ #define assertFileContainsLinesAnyOrder(pathname, lines)	\
+@@ -239,6 +241,7 @@
+ int assertion_file_nlinks(const char *, int, const char *, int);
+ int assertion_file_not_exists(const char *, int, const char *);
+ int assertion_file_size(const char *, int, const char *, long);
++int assertion_file_mode(const char *, int, const char *, int);
+ int assertion_is_dir(const char *, int, const char *, int);
+ int assertion_is_hardlink(const char *, int, const char *, const char *);
+ int assertion_is_not_hardlink(const char *, int, const char *, const char *);
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure744.c
+@@ -0,0 +1,95 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #744 describes a bug in the sandboxing code that
++ * causes very long pathnames to not get checked for symlinks.
++ */
++
++DEFINE_TEST(test_write_disk_secure744)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++	size_t buff_size = 8192;
++	char *buff = malloc(buff_size);
++	char *p = buff;
++	int n = 0;
++	int t;
++
++	assert(buff != NULL);
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	while (p + 500 < buff + buff_size) {
++		memset(p, 'x', 100);
++		p += 100;
++		p[0] = '\0';
++
++		buff[0] = ((n / 1000) % 10) + '0';
++		buff[1] = ((n / 100) % 10)+ '0';
++		buff[2] = ((n / 10) % 10)+ '0';
++		buff[3] = ((n / 1) % 10)+ '0';
++		buff[4] = '_';
++		++n;
++
++		/* Create a symlink pointing to the testworkdir */
++		assert((ae = archive_entry_new()) != NULL);
++		archive_entry_copy_pathname(ae, buff);
++		archive_entry_set_mode(ae, S_IFREG | 0777);
++		archive_entry_copy_symlink(ae, testworkdir);
++		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
++		archive_entry_free(ae);
++
++		*p++ = '/';
++		sprintf(p, "target%d", n);
++
++		/* Try to create a file through the symlink, should fail. */
++		assert((ae = archive_entry_new()) != NULL);
++		archive_entry_copy_pathname(ae, buff);
++		archive_entry_set_mode(ae, S_IFDIR | 0777);
++
++		t = archive_write_header(a, ae);
++		archive_entry_free(ae);
++		failure("Attempt to create target%d via %d-character symlink should have failed", n, (int)strlen(buff));
++		if(!assertEqualInt(ARCHIVE_FAILED, t)) {
++			break;
++		}
++	}
++	archive_free(a);
++	free(buff);
++#endif
++}
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure745.c
+@@ -0,0 +1,79 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #745 describes a bug in the sandboxing code that
++ * allows one to use a symlink to edit the permissions on a file or
++ * directory outside of the sandbox.
++ */
++
++DEFINE_TEST(test_write_disk_secure745)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	/* The target dir:  The one we're going to try to change permission on */
++	assertMakeDir("target", 0700);
++
++	/* The sandbox dir we're going to run inside of. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create a symlink pointing to the target directory */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "sym");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_copy_symlink(ae, "../target");
++	assert(0 == archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Try to alter the target dir through the symlink; this should fail. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "sym");
++	archive_entry_set_mode(ae, S_IFDIR | 0777);
++	assert(0 == archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Permission of target dir should not have changed. */
++	assertFileMode("../target", 0700);
++
++	assert(0 == archive_write_close(a));
++	archive_write_free(a);
++#endif
++}
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure746.c
+@@ -0,0 +1,129 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #746 describes a problem in which hardlink targets are
++ * not adequately checked and can be used to modify entries outside of
++ * the sandbox.
++ */
++
++/*
++ * Verify that ARCHIVE_EXTRACT_SECURE_NODOTDOT disallows '..' in hardlink
++ * targets.
++ */
++DEFINE_TEST(test_write_disk_secure746a)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* The target directory we're going to try to affect. */
++	assertMakeDir("target", 0700);
++	assertMakeFile("target/foo", 0700, "unmodified");
++
++	/* The sandbox dir we're going to work within. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NODOTDOT);
++
++	/* Attempt to hardlink to the target directory. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "bar");
++	archive_entry_set_mode(ae, AE_IFREG | 0777);
++	archive_entry_set_size(ae, 8);
++	archive_entry_copy_hardlink(ae, "../target/foo");
++	assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
++	assertEqualInt(ARCHIVE_FATAL, archive_write_data(a, "modified", 8));
++	archive_entry_free(ae);
++
++	/* Verify that target file contents are unchanged. */
++	assertTextFileContents("unmodified", "../target/foo");
++#endif
++}
++
++/*
++ * Verify that ARCHIVE_EXTRACT_SECURE_NOSYMLINK disallows symlinks in hardlink
++ * targets.
++ */
++DEFINE_TEST(test_write_disk_secure746b)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* The target directory we're going to try to affect. */
++	assertMakeDir("target", 0700);
++	assertMakeFile("target/foo", 0700, "unmodified");
++
++	/* The sandbox dir we're going to work within. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	/* Create a symlink to the target directory. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "symlink");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_copy_symlink(ae, "../target");
++	assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Attempt to hardlink to the target directory via the symlink. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "bar");
++	archive_entry_set_mode(ae, AE_IFREG | 0777);
++	archive_entry_set_size(ae, 8);
++	archive_entry_copy_hardlink(ae, "symlink/foo");
++	assertEqualIntA(a, ARCHIVE_FAILED, archive_write_header(a, ae));
++	assertEqualIntA(a, ARCHIVE_FATAL, archive_write_data(a, "modified", 8));
++	archive_entry_free(ae);
++
++	/* Verify that target file contents are unchanged. */
++	assertTextFileContents("unmodified", "../target/foo");
++
++	assertEqualIntA(a, ARCHIVE_FATAL, archive_write_close(a));
++	archive_write_free(a);
++#endif
++}
+--- lib/libarchive/test/Makefile.orig
++++ lib/libarchive/test/Makefile
+@@ -176,6 +176,9 @@
+ 	test_write_disk_no_hfs_compression.c	\
+ 	test_write_disk_perms.c			\
+ 	test_write_disk_secure.c		\
++	test_write_disk_secure744.c		\
++	test_write_disk_secure745.c		\
++	test_write_disk_secure746.c		\
+ 	test_write_disk_sparse.c		\
+ 	test_write_disk_symlink.c		\
+ 	test_write_disk_times.c			\

Property changes on: head/share/security/patches/SA-16:31/libarchive-10.2.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:31/libarchive-10.2.patch.asc
===================================================================
--- head/share/security/patches/SA-16:31/libarchive-10.2.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:31/libarchive-10.2.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PmAAoJEO1n7NZdz2rn4pcQANwh2y75/IJsBmdNHJ039vBS
+oSfzGTH+k1EWswJfudVa50qQsZV4DFhbHOlTvocEtBQWuxP7d/MTh9cCFX1c2bmg
+gD/AVe24rZoikv/J35uKRyEL4145vAMLUikr6BZCcFe63XJ0YaFHzLNlMn5j31dl
+yRDHI3KH6DCTgEjVHv0CsnagLtqA5PIQIa5ck9zhkAcmC7BYbk3zqOERkj9la7h1
+HODayA9l8Uludie0aUpSSKEr41aY0C7go7sC4J29zbY2oKPvMEE8fitnl2h5tzqy
+BFY5ZbJWpx264GNu3mp7sOrn6wTqyCW2IvfDIJ36jcvN2KWb+Nt4bVt9Apv7hltg
+KUc/POJxrcISPtirQhDFNtclPrCyTT00pQigin8wT9rFZzJapW90hN22HFcF9EaN
++Xqwu1cJudjRfKHYyhUekLU9jhk3y8BI2UdMDhBEv6xnJ+9Cvjb5V3Khvyv/OcTV
+wZ7KJnxxaQlbfIfW8VHs9nZct8QEBXZQZ7rm/tSBv9TKJNgVQgtuElSkSw8mA3Nk
+9T97AVc37/R0urwM8F2A5rpm12roPG0RvkYPAbKfpaL5QklsnI7QlLJ3DYT/PgPe
+HAf8mUqKwqUjsI3xlyH+UJ5fGPpUYO5gRXUq4Jj8xYbzbRR0TUfyJKbAhQecarKW
+8sd5IddIZQ64/Pf9+tCM
+=b7yC
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:31/libarchive-10.2.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:31/libarchive-10.3.patch
===================================================================
--- head/share/security/patches/SA-16:31/libarchive-10.3.patch	(nonexistent)
+++ head/share/security/patches/SA-16:31/libarchive-10.3.patch	(revision 49477)
@@ -0,0 +1,1270 @@
+--- contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c.orig
++++ contrib/libarchive/libarchive/archive_read_disk_entry_from_file.c
+@@ -409,9 +409,7 @@
+ {
+ 	const char	*accpath;
+ 	acl_t		 acl;
+-#if HAVE_ACL_IS_TRIVIAL_NP
+ 	int		r;
+-#endif
+ 
+ 	accpath = archive_entry_sourcepath(entry);
+ 	if (accpath == NULL)
+@@ -443,9 +441,13 @@
+ 	}
+ #endif
+ 	if (acl != NULL) {
+-		translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
++		r = translate_acl(a, entry, acl, ARCHIVE_ENTRY_ACL_TYPE_NFS4);
+ 		acl_free(acl);
+-		return (ARCHIVE_OK);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, errno,
++			    "Couldn't translate NFSv4 ACLs: %s", accpath);
++		}
++		return (r);
+ 	}
+ 
+ 	/* Retrieve access ACL from file. */
+@@ -464,18 +466,29 @@
+ 	else
+ 		acl = acl_get_file(accpath, ACL_TYPE_ACCESS);
+ 	if (acl != NULL) {
+-		translate_acl(a, entry, acl,
++		r = translate_acl(a, entry, acl,
+ 		    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
+ 		acl_free(acl);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, errno,
++			    "Couldn't translate access ACLs: %s", accpath);
++			return (r);
++		}
+ 	}
+ 
+ 	/* Only directories can have default ACLs. */
+ 	if (S_ISDIR(archive_entry_mode(entry))) {
+ 		acl = acl_get_file(accpath, ACL_TYPE_DEFAULT);
+ 		if (acl != NULL) {
+-			translate_acl(a, entry, acl,
++			r = translate_acl(a, entry, acl,
+ 			    ARCHIVE_ENTRY_ACL_TYPE_DEFAULT);
+ 			acl_free(acl);
++			if (r != ARCHIVE_OK) {
++				archive_set_error(&a->archive, errno,
++				    "Couldn't translate default ACLs: %s",
++				    accpath);
++				return (r);
++			}
+ 		}
+ 	}
+ 	return (ARCHIVE_OK);
+@@ -536,7 +549,11 @@
+ 	// FreeBSD "brands" ACLs as POSIX.1e or NFSv4
+ 	// Make sure the "brand" on this ACL is consistent
+ 	// with the default_entry_acl_type bits provided.
+-	acl_get_brand_np(acl, &brand);
++	if (acl_get_brand_np(acl, &brand) != 0) {
++		archive_set_error(&a->archive, errno,
++		    "Failed to read ACL brand");
++		return (ARCHIVE_WARN);
++	}
+ 	switch (brand) {
+ 	case ACL_BRAND_POSIX:
+ 		switch (default_entry_acl_type) {
+@@ -544,30 +561,42 @@
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+ 			break;
+ 		default:
+-			// XXX set warning message?
+-			return ARCHIVE_FAILED;
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Invalid ACL entry type for POSIX.1e ACL");
++			return (ARCHIVE_WARN);
+ 		}
+ 		break;
+ 	case ACL_BRAND_NFS4:
+ 		if (default_entry_acl_type & ~ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
+-			// XXX set warning message?
+-			return ARCHIVE_FAILED;
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Invalid ACL entry type for NFSv4 ACL");
++			return (ARCHIVE_WARN);
+ 		}
+ 		break;
+ 	default:
+-		// XXX set warning message?
+-		return ARCHIVE_FAILED;
++		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++		    "Unknown ACL brand");
++		return (ARCHIVE_WARN);
+ 		break;
+ 	}
+ 
+ 
+ 	s = acl_get_entry(acl, ACL_FIRST_ENTRY, &acl_entry);
++	if (s == -1) {
++		archive_set_error(&a->archive, errno,
++		    "Failed to get first ACL entry");
++		return (ARCHIVE_WARN);
++	}
+ 	while (s == 1) {
+ 		ae_id = -1;
+ 		ae_name = NULL;
+ 		ae_perm = 0;
+ 
+-		acl_get_tag_type(acl_entry, &acl_tag);
++		if (acl_get_tag_type(acl_entry, &acl_tag) != 0) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get ACL tag type");
++			return (ARCHIVE_WARN);
++		}
+ 		switch (acl_tag) {
+ 		case ACL_USER:
+ 			ae_id = (int)*(uid_t *)acl_get_qualifier(acl_entry);
+@@ -600,12 +629,17 @@
+ 			continue;
+ 		}
+ 
+-		// XXX acl type maps to allow/deny/audit/YYYY bits
+-		// XXX acl_get_entry_type_np on FreeBSD returns EINVAL for
+-		// non-NFSv4 ACLs
++		// XXX acl_type maps to allow/deny/audit/YYYY bits
+ 		entry_acl_type = default_entry_acl_type;
+-		r = acl_get_entry_type_np(acl_entry, &acl_type);
+-		if (r == 0) {
++		if (default_entry_acl_type & ARCHIVE_ENTRY_ACL_TYPE_NFS4) {
++			/*
++			 * acl_get_entry_type_np() falis with non-NFSv4 ACLs
++			 */
++			if (acl_get_entry_type_np(acl_entry, &acl_type) != 0) {
++				archive_set_error(&a->archive, errno, "Failed "
++				    "to get ACL type from a NFSv4 ACL entry");
++				return (ARCHIVE_WARN);
++			}
+ 			switch (acl_type) {
+ 			case ACL_ENTRY_TYPE_ALLOW:
+ 				entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALLOW;
+@@ -619,28 +653,52 @@
+ 			case ACL_ENTRY_TYPE_ALARM:
+ 				entry_acl_type = ARCHIVE_ENTRY_ACL_TYPE_ALARM;
+ 				break;
++			default:
++				archive_set_error(&a->archive, errno,
++				    "Invalid NFSv4 ACL entry type");
++				return (ARCHIVE_WARN);
+ 			}
+-		}
+-
+-		/*
+-		 * Libarchive stores "flag" (NFSv4 inheritance bits)
+-		 * in the ae_perm bitmap.
+-		 */
+-		acl_get_flagset_np(acl_entry, &acl_flagset);
+-                for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
+-			if (acl_get_flag_np(acl_flagset,
+-					    acl_inherit_map[i].platform_inherit))
+-				ae_perm |= acl_inherit_map[i].archive_inherit;
+ 
+-                }
++			/*
++			 * Libarchive stores "flag" (NFSv4 inheritance bits)
++			 * in the ae_perm bitmap.
++			 *
++			 * acl_get_flagset_np() fails with non-NFSv4 ACLs
++			 */
++			if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
++				archive_set_error(&a->archive, errno,
++				    "Failed to get flagset from a NFSv4 ACL entry");
++				return (ARCHIVE_WARN);
++			}
++	                for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
++				r = acl_get_flag_np(acl_flagset,
++				    acl_inherit_map[i].platform_inherit);
++				if (r == -1) {
++					archive_set_error(&a->archive, errno,
++					    "Failed to check flag in a NFSv4 "
++					    "ACL flagset");
++					return (ARCHIVE_WARN);
++				} else if (r)
++					ae_perm |= acl_inherit_map[i].archive_inherit;
++                	}
++		}
+ 
+-		acl_get_permset(acl_entry, &acl_permset);
+-                for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
++		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get ACL permission set");
++			return (ARCHIVE_WARN);
++		}
++		for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
+ 			/*
+ 			 * acl_get_perm() is spelled differently on different
+ 			 * platforms; see above.
+ 			 */
+-			if (ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm))
++			r = ACL_GET_PERM(acl_permset, acl_perm_map[i].platform_perm);
++			if (r == -1) {
++				archive_set_error(&a->archive, errno,
++				    "Failed to check permission in an ACL permission set");
++				return (ARCHIVE_WARN);
++			} else if (r)
+ 				ae_perm |= acl_perm_map[i].archive_perm;
+ 		}
+ 
+@@ -649,6 +707,11 @@
+ 					    ae_id, ae_name);
+ 
+ 		s = acl_get_entry(acl, ACL_NEXT_ENTRY, &acl_entry);
++		if (s == -1) {
++			archive_set_error(&a->archive, errno,
++			    "Failed to get next ACL entry");
++			return (ARCHIVE_WARN);
++		}
+ 	}
+ 	return (ARCHIVE_OK);
+ }
+--- contrib/libarchive/libarchive/archive_read_support_format_tar.c.orig
++++ contrib/libarchive/libarchive/archive_read_support_format_tar.c
+@@ -136,6 +136,7 @@
+ 	int64_t			 entry_padding;
+ 	int64_t 		 entry_bytes_unconsumed;
+ 	int64_t			 realsize;
++	int			 sparse_allowed;
+ 	struct sparse_block	*sparse_list;
+ 	struct sparse_block	*sparse_last;
+ 	int64_t			 sparse_offset;
+@@ -1226,6 +1227,14 @@
+ 		 * sparse information in the extended area.
+ 		 */
+ 		/* FALLTHROUGH */
++	case '0':
++		/*
++		 * Enable sparse file "read" support only for regular
++		 * files and explicit GNU sparse files.  However, we
++		 * don't allow non-standard file types to be sparse.
++		 */
++		tar->sparse_allowed = 1;
++		/* FALLTHROUGH */
+ 	default: /* Regular file  and non-standard types */
+ 		/*
+ 		 * Per POSIX: non-recognized types should always be
+@@ -1685,6 +1694,14 @@
+ #endif
+ 	switch (key[0]) {
+ 	case 'G':
++		/* Reject GNU.sparse.* headers on non-regular files. */
++		if (strncmp(key, "GNU.sparse", 10) == 0 &&
++		    !tar->sparse_allowed) {
++			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
++			    "Non-regular file cannot be sparse");
++			return (ARCHIVE_FATAL);
++		}
++
+ 		/* GNU "0.0" sparse pax format. */
+ 		if (strcmp(key, "GNU.sparse.numblocks") == 0) {
+ 			tar->sparse_offset = -1;
+--- contrib/libarchive/libarchive/archive_write_disk_acl.c.orig
++++ contrib/libarchive/libarchive/archive_write_disk_acl.c
+@@ -131,6 +131,7 @@
+ 	acl_entry_t	 acl_entry;
+ 	acl_permset_t	 acl_permset;
+ 	acl_flagset_t	 acl_flagset;
++	int		 r;
+ 	int		 ret;
+ 	int		 ae_type, ae_permset, ae_tag, ae_id;
+ 	uid_t		 ae_uid;
+@@ -144,9 +145,19 @@
+ 	if (entries == 0)
+ 		return (ARCHIVE_OK);
+ 	acl = acl_init(entries);
++	if (acl == (acl_t)NULL) {
++		archive_set_error(a, errno,
++		    "Failed to initialize ACL working storage");
++		return (ARCHIVE_FAILED);
++	}
+ 	while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
+ 		   &ae_permset, &ae_tag, &ae_id, &ae_name) == ARCHIVE_OK) {
+-		acl_create_entry(&acl, &acl_entry);
++		if (acl_create_entry(&acl, &acl_entry) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to create a new ACL entry");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
+ 
+ 		switch (ae_tag) {
+ 		case ARCHIVE_ENTRY_ACL_USER:
+@@ -175,47 +186,95 @@
+ 			acl_set_tag_type(acl_entry, ACL_EVERYONE);
+ 			break;
+ 		default:
+-			/* XXX */
+-			break;
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Unknown ACL tag");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
+ 		}
+ 
++		r = 0;
+ 		switch (ae_type) {
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ALLOW:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALLOW);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DENY:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_DENY);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_AUDIT:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_AUDIT);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ALARM:
+-			acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM);
++			r = acl_set_entry_type_np(acl_entry, ACL_ENTRY_TYPE_ALARM);
+ 			break;
+ 		case ARCHIVE_ENTRY_ACL_TYPE_ACCESS:
+ 		case ARCHIVE_ENTRY_ACL_TYPE_DEFAULT:
+ 			// These don't translate directly into the system ACL.
+ 			break;
+ 		default:
+-			// XXX error handling here.
+-			break;
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Unknown ACL entry type");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
++		if (r != 0) {
++			archive_set_error(a, errno,
++			    "Failed to set ACL entry type");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
+ 		}
+ 
+-		acl_get_permset(acl_entry, &acl_permset);
+-		acl_clear_perms(acl_permset);
++		if (acl_get_permset(acl_entry, &acl_permset) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to get ACL permission set");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
++		if (acl_clear_perms(acl_permset) != 0) {
++			archive_set_error(a, errno,
++			    "Failed to clear ACL permissions");
++			ret = ARCHIVE_FAILED;
++			goto exit_free;
++		}
+ 
+ 		for (i = 0; i < (int)(sizeof(acl_perm_map) / sizeof(acl_perm_map[0])); ++i) {
+ 			if (ae_permset & acl_perm_map[i].archive_perm)
+-				acl_add_perm(acl_permset,
+-					     acl_perm_map[i].platform_perm);
++				if (acl_add_perm(acl_permset,
++				    acl_perm_map[i].platform_perm) != 0) {
++					archive_set_error(a, errno,
++					    "Failed to add ACL permission");
++					ret = ARCHIVE_FAILED;
++					goto exit_free;
++				}
+ 		}
+ 
+ 		acl_get_flagset_np(acl_entry, &acl_flagset);
+-		acl_clear_flags_np(acl_flagset);
+-		for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
+-			if (ae_permset & acl_inherit_map[i].archive_inherit)
+-				acl_add_flag_np(acl_flagset,
+-						acl_inherit_map[i].platform_inherit);
++		if (acl_type == ACL_TYPE_NFS4) {
++			/*
++			 * acl_get_flagset_np() fails with non-NFSv4 ACLs
++			 */
++			if (acl_get_flagset_np(acl_entry, &acl_flagset) != 0) {
++				archive_set_error(a, errno,
++				    "Failed to get flagset from an NFSv4 ACL entry");
++				ret = ARCHIVE_FAILED;
++				goto exit_free;
++			}
++			if (acl_clear_flags_np(acl_flagset) != 0) {
++				archive_set_error(a, errno,
++				    "Failed to clear flags from an NFSv4 ACL flagset");
++				ret = ARCHIVE_FAILED;
++				goto exit_free;
++			}
++			for (i = 0; i < (int)(sizeof(acl_inherit_map) / sizeof(acl_inherit_map[0])); ++i) {
++				if (ae_permset & acl_inherit_map[i].archive_inherit) {
++					if (acl_add_flag_np(acl_flagset,
++							acl_inherit_map[i].platform_inherit) != 0) {
++						archive_set_error(a, errno,
++						    "Failed to add flag to NFSv4 ACL flagset");
++						ret = ARCHIVE_FAILED;
++						goto exit_free;
++					}
++				}
++			}
+ 		}
+ 	}
+ 
+@@ -243,6 +302,7 @@
+ 		ret = ARCHIVE_WARN;
+ 	}
+ #endif
++exit_free:
+ 	acl_free(acl);
+ 	return (ret);
+ }
+--- contrib/libarchive/libarchive/archive_write_disk_posix.c.orig
++++ contrib/libarchive/libarchive/archive_write_disk_posix.c
+@@ -140,7 +140,17 @@
+ #define O_BINARY 0
+ #endif
+ #ifndef O_CLOEXEC
+-#define O_CLOEXEC	0
++#define O_CLOEXEC 0
++#endif
++
++/* Ignore non-int O_NOFOLLOW constant. */
++/* gnulib's fcntl.h does this on AIX, but it seems practical everywhere */
++#if defined O_NOFOLLOW && !(INT_MIN <= O_NOFOLLOW && O_NOFOLLOW <= INT_MAX)
++#undef O_NOFOLLOW
++#endif
++
++#ifndef O_NOFOLLOW
++#define O_NOFOLLOW 0
+ #endif
+ 
+ struct fixup_entry {
+@@ -326,12 +336,14 @@
+ 
+ #define HFS_BLOCKS(s)	((s) >> 12)
+ 
++static int	check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
+ static int	check_symlinks(struct archive_write_disk *);
+ static int	create_filesystem_object(struct archive_write_disk *);
+ static struct fixup_entry *current_fixup(struct archive_write_disk *, const char *pathname);
+ #if defined(HAVE_FCHDIR) && defined(PATH_MAX)
+ static void	edit_deep_directories(struct archive_write_disk *ad);
+ #endif
++static int	cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags);
+ static int	cleanup_pathname(struct archive_write_disk *);
+ static int	create_dir(struct archive_write_disk *, char *);
+ static int	create_parent_dir(struct archive_write_disk *, char *);
+@@ -1791,7 +1803,7 @@
+ 	char *tail = a->name;
+ 
+ 	/* If path is short, avoid the open() below. */
+-	if (strlen(tail) <= PATH_MAX)
++	if (strlen(tail) < PATH_MAX)
+ 		return;
+ 
+ 	/* Try to record our starting dir. */
+@@ -1801,7 +1813,7 @@
+ 		return;
+ 
+ 	/* As long as the path is too long... */
+-	while (strlen(tail) > PATH_MAX) {
++	while (strlen(tail) >= PATH_MAX) {
+ 		/* Locate a dir prefix shorter than PATH_MAX. */
+ 		tail += PATH_MAX - 8;
+ 		while (tail > a->name && *tail != '/')
+@@ -1996,6 +2008,10 @@
+ 	const char *linkname;
+ 	mode_t final_mode, mode;
+ 	int r;
++	/* these for check_symlinks_fsobj */
++	char *linkname_copy;	/* non-const copy of linkname */
++	struct archive_string error_string;
++	int error_number;
+ 
+ 	/* We identify hard/symlinks according to the link names. */
+ 	/* Since link(2) and symlink(2) don't handle modes, we're done here. */
+@@ -2004,6 +2020,27 @@
+ #if !HAVE_LINK
+ 		return (EPERM);
+ #else
++		archive_string_init(&error_string);
++		linkname_copy = strdup(linkname);
++		if (linkname_copy == NULL) {
++		    return (EPERM);
++		}
++		/* TODO: consider using the cleaned-up path as the link target? */
++		r = cleanup_pathname_fsobj(linkname_copy, &error_number, &error_string, a->flags);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, error_number, "%s", error_string.s);
++			free(linkname_copy);
++			/* EPERM is more appropriate than error_number for our callers */
++			return (EPERM);
++		}
++		r = check_symlinks_fsobj(linkname_copy, &error_number, &error_string, a->flags);
++		if (r != ARCHIVE_OK) {
++			archive_set_error(&a->archive, error_number, "%s", error_string.s);
++			free(linkname_copy);
++			/* EPERM is more appropriate than error_number for our callers */
++			return (EPERM);
++		}
++		free(linkname_copy);
+ 		r = link(linkname, a->name) ? errno : 0;
+ 		/*
+ 		 * New cpio and pax formats allow hardlink entries
+@@ -2022,7 +2059,7 @@
+ 			a->deferred = 0;
+ 		} else if (r == 0 && a->filesize > 0) {
+ 			a->fd = open(a->name,
+-				     O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC);
++				     O_WRONLY | O_TRUNC | O_BINARY | O_CLOEXEC | O_NOFOLLOW);
+ 			__archive_ensure_cloexec_flag(a->fd);
+ 			if (a->fd < 0)
+ 				r = errno;
+@@ -2332,110 +2369,233 @@
+ 	return (a->current_fixup);
+ }
+ 
+-/* TODO: Make this work. */
+-/*
+- * TODO: The deep-directory support bypasses this; disable deep directory
+- * support if we're doing symlink checks.
+- */
+ /*
+  * TODO: Someday, integrate this with the deep dir support; they both
+  * scan the path and both can be optimized by comparing against other
+  * recent paths.
+  */
+ /* TODO: Extend this to support symlinks on Windows Vista and later. */
++
++/*
++ * Checks the given path to see if any elements along it are symlinks.  Returns
++ * ARCHIVE_OK if there are none, otherwise puts an error in errmsg.
++ */
+ static int
+-check_symlinks(struct archive_write_disk *a)
++check_symlinks_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
+ {
+ #if !defined(HAVE_LSTAT)
+ 	/* Platform doesn't have lstat, so we can't look for symlinks. */
+-	(void)a; /* UNUSED */
++	(void)path; /* UNUSED */
++	(void)error_number; /* UNUSED */
++	(void)error_string; /* UNUSED */
++	(void)flags; /* UNUSED */
+ 	return (ARCHIVE_OK);
+ #else
+-	char *pn;
++	int res = ARCHIVE_OK;
++	char *tail;
++	char *head;
++	int last;
+ 	char c;
+ 	int r;
+ 	struct stat st;
++	int restore_pwd;
++
++	/* Nothing to do here if name is empty */
++	if(path[0] == '\0')
++	    return (ARCHIVE_OK);
+ 
+ 	/*
+ 	 * Guard against symlink tricks.  Reject any archive entry whose
+ 	 * destination would be altered by a symlink.
++	 *
++	 * Walk the filename in chunks separated by '/'.  For each segment:
++	 *  - if it doesn't exist, continue
++	 *  - if it's symlink, abort or remove it
++	 *  - if it's a directory and it's not the last chunk, cd into it
++	 * As we go:
++	 *  head points to the current (relative) path
++	 *  tail points to the temporary \0 terminating the segment we're currently examining
++	 *  c holds what used to be in *tail
++	 *  last is 1 if this is the last tail
++	 */
++	restore_pwd = open(".", O_RDONLY | O_BINARY | O_CLOEXEC);
++	__archive_ensure_cloexec_flag(restore_pwd);
++	if (restore_pwd < 0)
++		return (ARCHIVE_FATAL);
++	head = path;
++	tail = path;
++	last = 0;
++	/* TODO: reintroduce a safe cache here? */
++	/* Skip the root directory if the path is absolute. */
++	if(tail == path && tail[0] == '/')
++		++tail;
++	/* Keep going until we've checked the entire name.
++	 * head, tail, path all alias the same string, which is
++	 * temporarily zeroed at tail, so be careful restoring the
++	 * stashed (c=tail[0]) for error messages.
++	 * Exiting the loop with break is okay; continue is not.
+ 	 */
+-	/* Whatever we checked last time doesn't need to be re-checked. */
+-	pn = a->name;
+-	if (archive_strlen(&(a->path_safe)) > 0) {
+-		char *p = a->path_safe.s;
+-		while ((*pn != '\0') && (*p == *pn))
+-			++p, ++pn;
+-	}
+-	c = pn[0];
+-	/* Keep going until we've checked the entire name. */
+-	while (pn[0] != '\0' && (pn[0] != '/' || pn[1] != '\0')) {
++	while (!last) {
++		/* Skip the separator we just consumed, plus any adjacent ones */
++		while (*tail == '/')
++		    ++tail;
+ 		/* Skip the next path element. */
+-		while (*pn != '\0' && *pn != '/')
+-			++pn;
+-		c = pn[0];
+-		pn[0] = '\0';
++		while (*tail != '\0' && *tail != '/')
++			++tail;
++		/* is this the last path component? */
++		last = (tail[0] == '\0') || (tail[0] == '/' && tail[1] == '\0');
++		/* temporarily truncate the string here */
++		c = tail[0];
++		tail[0] = '\0';
+ 		/* Check that we haven't hit a symlink. */
+-		r = lstat(a->name, &st);
++		r = lstat(head, &st);
+ 		if (r != 0) {
++			tail[0] = c;
+ 			/* We've hit a dir that doesn't exist; stop now. */
+-			if (errno == ENOENT)
++			if (errno == ENOENT) {
+ 				break;
++			} else {
++				/* Treat any other error as fatal - best to be paranoid here
++				 * Note: This effectively disables deep directory
++				 * support when security checks are enabled.
++				 * Otherwise, very long pathnames that trigger
++				 * an error here could evade the sandbox.
++				 * TODO: We could do better, but it would probably
++				 * require merging the symlink checks with the
++				 * deep-directory editing. */
++				if (error_number) *error_number = errno;
++				if (error_string)
++					archive_string_sprintf(error_string,
++							"Could not stat %s",
++							path);
++				res = ARCHIVE_FAILED;
++				break;
++			}
++		} else if (S_ISDIR(st.st_mode)) {
++			if (!last) {
++				if (chdir(head) != 0) {
++					tail[0] = c;
++					if (error_number) *error_number = errno;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Could not chdir %s",
++								path);
++					res = (ARCHIVE_FATAL);
++					break;
++				}
++				/* Our view is now from inside this dir: */
++				head = tail + 1;
++			}
+ 		} else if (S_ISLNK(st.st_mode)) {
+-			if (c == '\0') {
++			if (last) {
+ 				/*
+ 				 * Last element is symlink; remove it
+ 				 * so we can overwrite it with the
+ 				 * item being extracted.
+ 				 */
+-				if (unlink(a->name)) {
+-					archive_set_error(&a->archive, errno,
+-					    "Could not remove symlink %s",
+-					    a->name);
+-					pn[0] = c;
+-					return (ARCHIVE_FAILED);
++				if (unlink(head)) {
++					tail[0] = c;
++					if (error_number) *error_number = errno;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Could not remove symlink %s",
++								path);
++					res = ARCHIVE_FAILED;
++					break;
+ 				}
+-				a->pst = NULL;
+ 				/*
+ 				 * Even if we did remove it, a warning
+ 				 * is in order.  The warning is silly,
+ 				 * though, if we're just replacing one
+ 				 * symlink with another symlink.
+ 				 */
+-				if (!S_ISLNK(a->mode)) {
+-					archive_set_error(&a->archive, 0,
+-					    "Removing symlink %s",
+-					    a->name);
++				tail[0] = c;
++				/* FIXME:  not sure how important this is to restore
++				if (!S_ISLNK(path)) {
++					if (error_number) *error_number = 0;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Removing symlink %s",
++								path);
+ 				}
++				*/
+ 				/* Symlink gone.  No more problem! */
+-				pn[0] = c;
+-				return (0);
+-			} else if (a->flags & ARCHIVE_EXTRACT_UNLINK) {
++				res = ARCHIVE_OK;
++				break;
++			} else if (flags & ARCHIVE_EXTRACT_UNLINK) {
+ 				/* User asked us to remove problems. */
+-				if (unlink(a->name) != 0) {
+-					archive_set_error(&a->archive, 0,
+-					    "Cannot remove intervening symlink %s",
+-					    a->name);
+-					pn[0] = c;
+-					return (ARCHIVE_FAILED);
++				if (unlink(head) != 0) {
++					tail[0] = c;
++					if (error_number) *error_number = 0;
++					if (error_string)
++						archive_string_sprintf(error_string,
++								"Cannot remove intervening symlink %s",
++								path);
++					res = ARCHIVE_FAILED;
++					break;
+ 				}
+-				a->pst = NULL;
++				tail[0] = c;
+ 			} else {
+-				archive_set_error(&a->archive, 0,
+-				    "Cannot extract through symlink %s",
+-				    a->name);
+-				pn[0] = c;
+-				return (ARCHIVE_FAILED);
++				tail[0] = c;
++				if (error_number) *error_number = 0;
++				if (error_string)
++					archive_string_sprintf(error_string,
++							"Cannot extract through symlink %s",
++							path);
++				res = ARCHIVE_FAILED;
++				break;
+ 			}
+ 		}
++		/* be sure to always maintain this */
++		tail[0] = c;
++		if (tail[0] != '\0')
++			tail++; /* Advance to the next segment. */
+ 	}
+-	pn[0] = c;
+-	/* We've checked and/or cleaned the whole path, so remember it. */
+-	archive_strcpy(&a->path_safe, a->name);
+-	return (ARCHIVE_OK);
++	/* Catches loop exits via break */
++	tail[0] = c;
++#ifdef HAVE_FCHDIR
++	/* If we changed directory above, restore it here. */
++	if (restore_pwd >= 0) {
++		r = fchdir(restore_pwd);
++		if (r != 0) {
++			if(error_number) *error_number = errno;
++			if(error_string)
++				archive_string_sprintf(error_string,
++						"chdir() failure");
++		}
++		close(restore_pwd);
++		restore_pwd = -1;
++		if (r != 0) {
++			res = (ARCHIVE_FATAL);
++		}
++	}
++#endif
++	/* TODO: reintroduce a safe cache here? */
++	return res;
+ #endif
+ }
+ 
++/*
++ * Check a->name for symlinks, returning ARCHIVE_OK if its clean, otherwise
++ * calls archive_set_error and returns ARCHIVE_{FATAL,FAILED}
++ */
++static int
++check_symlinks(struct archive_write_disk *a)
++{
++	struct archive_string error_string;
++	int error_number;
++	int rc;
++	archive_string_init(&error_string);
++	rc = check_symlinks_fsobj(a->name, &error_number, &error_string, a->flags);
++	if (rc != ARCHIVE_OK) {
++		archive_set_error(&a->archive, error_number, "%s", error_string.s);
++	}
++	archive_string_free(&error_string);
++	a->pst = NULL;	/* to be safe */
++	return rc;
++}
++
++
+ #if defined(__CYGWIN__)
+ /*
+  * 1. Convert a path separator from '\' to '/' .
+@@ -2509,15 +2669,17 @@
+  * is set) if the path is absolute.
+  */
+ static int
+-cleanup_pathname(struct archive_write_disk *a)
++cleanup_pathname_fsobj(char *path, int *error_number, struct archive_string *error_string, int flags)
+ {
+ 	char *dest, *src;
+ 	char separator = '\0';
+ 
+-	dest = src = a->name;
++	dest = src = path;
+ 	if (*src == '\0') {
+-		archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+-		    "Invalid empty pathname");
++		if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++		if (error_string)
++		    archive_string_sprintf(error_string,
++			    "Invalid empty pathname");
+ 		return (ARCHIVE_FAILED);
+ 	}
+ 
+@@ -2526,9 +2688,11 @@
+ #endif
+ 	/* Skip leading '/'. */
+ 	if (*src == '/') {
+-		if (a->flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
+-			archive_set_error(&a->archive, ARCHIVE_ERRNO_MISC,
+-			                  "Path is absolute");
++		if (flags & ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS) {
++			if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++			if (error_string)
++			    archive_string_sprintf(error_string,
++				    "Path is absolute");
+ 			return (ARCHIVE_FAILED);
+ 		}
+ 
+@@ -2555,10 +2719,11 @@
+ 			} else if (src[1] == '.') {
+ 				if (src[2] == '/' || src[2] == '\0') {
+ 					/* Conditionally warn about '..' */
+-					if (a->flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
+-						archive_set_error(&a->archive,
+-						    ARCHIVE_ERRNO_MISC,
+-						    "Path contains '..'");
++					if (flags & ARCHIVE_EXTRACT_SECURE_NODOTDOT) {
++						if (error_number) *error_number = ARCHIVE_ERRNO_MISC;
++						if (error_string)
++						    archive_string_sprintf(error_string,
++							    "Path contains '..'");
+ 						return (ARCHIVE_FAILED);
+ 					}
+ 				}
+@@ -2589,7 +2754,7 @@
+ 	 * We've just copied zero or more path elements, not including the
+ 	 * final '/'.
+ 	 */
+-	if (dest == a->name) {
++	if (dest == path) {
+ 		/*
+ 		 * Nothing got copied.  The path must have been something
+ 		 * like '.' or '/' or './' or '/././././/./'.
+@@ -2604,6 +2769,21 @@
+ 	return (ARCHIVE_OK);
+ }
+ 
++static int
++cleanup_pathname(struct archive_write_disk *a)
++{
++	struct archive_string error_string;
++	int error_number;
++	int rc;
++	archive_string_init(&error_string);
++	rc = cleanup_pathname_fsobj(a->name, &error_number, &error_string, a->flags);
++	if (rc != ARCHIVE_OK) {
++		archive_set_error(&a->archive, error_number, "%s", error_string.s);
++	}
++	archive_string_free(&error_string);
++	return rc;
++}
++
+ /*
+  * Create the parent directory of the specified path, assuming path
+  * is already in mutable storage.
+--- contrib/libarchive/libarchive/test/main.c.orig
++++ contrib/libarchive/libarchive/test/main.c
+@@ -1396,6 +1396,31 @@
+ 	return (0);
+ }
+ 
++/* Verify mode of 'pathname'. */
++int
++assertion_file_mode(const char *file, int line, const char *pathname, int expected_mode)
++{
++	int mode;
++	int r;
++
++	assertion_count(file, line);
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	failure_start(file, line, "assertFileMode not yet implemented for Windows");
++#else
++	{
++		struct stat st;
++		r = lstat(pathname, &st);
++		mode = (int)(st.st_mode & 0777);
++	}
++	if (r == 0 && mode == expected_mode)
++		return (1);
++	failure_start(file, line, "File %s has mode %o, expected %o",
++	    pathname, mode, expected_mode);
++#endif
++	failure_finish(NULL);
++	return (0);
++}
++
+ /* Assert that 'pathname' is a dir.  If mode >= 0, verify that too. */
+ int
+ assertion_is_dir(const char *file, int line, const char *pathname, int mode)
+--- contrib/libarchive/libarchive/test/test.h.orig
++++ contrib/libarchive/libarchive/test/test.h
+@@ -176,6 +176,8 @@
+   assertion_file_nlinks(__FILE__, __LINE__, pathname, nlinks)
+ #define assertFileSize(pathname, size)  \
+   assertion_file_size(__FILE__, __LINE__, pathname, size)
++#define assertFileMode(pathname, mode)  \
++  assertion_file_mode(__FILE__, __LINE__, pathname, mode)
+ #define assertTextFileContents(text, pathname) \
+   assertion_text_file_contents(__FILE__, __LINE__, text, pathname)
+ #define assertFileContainsLinesAnyOrder(pathname, lines)	\
+@@ -239,6 +241,7 @@
+ int assertion_file_nlinks(const char *, int, const char *, int);
+ int assertion_file_not_exists(const char *, int, const char *);
+ int assertion_file_size(const char *, int, const char *, long);
++int assertion_file_mode(const char *, int, const char *, int);
+ int assertion_is_dir(const char *, int, const char *, int);
+ int assertion_is_hardlink(const char *, int, const char *, const char *);
+ int assertion_is_not_hardlink(const char *, int, const char *, const char *);
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure744.c
+@@ -0,0 +1,95 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #744 describes a bug in the sandboxing code that
++ * causes very long pathnames to not get checked for symlinks.
++ */
++
++DEFINE_TEST(test_write_disk_secure744)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++	size_t buff_size = 8192;
++	char *buff = malloc(buff_size);
++	char *p = buff;
++	int n = 0;
++	int t;
++
++	assert(buff != NULL);
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	while (p + 500 < buff + buff_size) {
++		memset(p, 'x', 100);
++		p += 100;
++		p[0] = '\0';
++
++		buff[0] = ((n / 1000) % 10) + '0';
++		buff[1] = ((n / 100) % 10)+ '0';
++		buff[2] = ((n / 10) % 10)+ '0';
++		buff[3] = ((n / 1) % 10)+ '0';
++		buff[4] = '_';
++		++n;
++
++		/* Create a symlink pointing to the testworkdir */
++		assert((ae = archive_entry_new()) != NULL);
++		archive_entry_copy_pathname(ae, buff);
++		archive_entry_set_mode(ae, S_IFREG | 0777);
++		archive_entry_copy_symlink(ae, testworkdir);
++		assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
++		archive_entry_free(ae);
++
++		*p++ = '/';
++		sprintf(p, "target%d", n);
++
++		/* Try to create a file through the symlink, should fail. */
++		assert((ae = archive_entry_new()) != NULL);
++		archive_entry_copy_pathname(ae, buff);
++		archive_entry_set_mode(ae, S_IFDIR | 0777);
++
++		t = archive_write_header(a, ae);
++		archive_entry_free(ae);
++		failure("Attempt to create target%d via %d-character symlink should have failed", n, (int)strlen(buff));
++		if(!assertEqualInt(ARCHIVE_FAILED, t)) {
++			break;
++		}
++	}
++	archive_free(a);
++	free(buff);
++#endif
++}
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure745.c
+@@ -0,0 +1,79 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #745 describes a bug in the sandboxing code that
++ * allows one to use a symlink to edit the permissions on a file or
++ * directory outside of the sandbox.
++ */
++
++DEFINE_TEST(test_write_disk_secure745)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	/* The target dir:  The one we're going to try to change permission on */
++	assertMakeDir("target", 0700);
++
++	/* The sandbox dir we're going to run inside of. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create a symlink pointing to the target directory */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "sym");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_copy_symlink(ae, "../target");
++	assert(0 == archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Try to alter the target dir through the symlink; this should fail. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "sym");
++	archive_entry_set_mode(ae, S_IFDIR | 0777);
++	assert(0 == archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Permission of target dir should not have changed. */
++	assertFileMode("../target", 0700);
++
++	assert(0 == archive_write_close(a));
++	archive_write_free(a);
++#endif
++}
+--- /dev/null
++++ contrib/libarchive/libarchive/test/test_write_disk_secure746.c
+@@ -0,0 +1,129 @@
++/*-
++ * Copyright (c) 2003-2007,2016 Tim Kientzle
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++#include "test.h"
++__FBSDID("$FreeBSD$");
++
++#define UMASK 022
++
++/*
++ * Github Issue #746 describes a problem in which hardlink targets are
++ * not adequately checked and can be used to modify entries outside of
++ * the sandbox.
++ */
++
++/*
++ * Verify that ARCHIVE_EXTRACT_SECURE_NODOTDOT disallows '..' in hardlink
++ * targets.
++ */
++DEFINE_TEST(test_write_disk_secure746a)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* The target directory we're going to try to affect. */
++	assertMakeDir("target", 0700);
++	assertMakeFile("target/foo", 0700, "unmodified");
++
++	/* The sandbox dir we're going to work within. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_NODOTDOT);
++
++	/* Attempt to hardlink to the target directory. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "bar");
++	archive_entry_set_mode(ae, AE_IFREG | 0777);
++	archive_entry_set_size(ae, 8);
++	archive_entry_copy_hardlink(ae, "../target/foo");
++	assertEqualInt(ARCHIVE_FAILED, archive_write_header(a, ae));
++	assertEqualInt(ARCHIVE_FATAL, archive_write_data(a, "modified", 8));
++	archive_entry_free(ae);
++
++	/* Verify that target file contents are unchanged. */
++	assertTextFileContents("unmodified", "../target/foo");
++#endif
++}
++
++/*
++ * Verify that ARCHIVE_EXTRACT_SECURE_NOSYMLINK disallows symlinks in hardlink
++ * targets.
++ */
++DEFINE_TEST(test_write_disk_secure746b)
++{
++#if defined(_WIN32) && !defined(__CYGWIN__)
++	skipping("archive_write_disk security checks not supported on Windows");
++#else
++	struct archive *a;
++	struct archive_entry *ae;
++
++	/* Start with a known umask. */
++	assertUmask(UMASK);
++
++	/* The target directory we're going to try to affect. */
++	assertMakeDir("target", 0700);
++	assertMakeFile("target/foo", 0700, "unmodified");
++
++	/* The sandbox dir we're going to work within. */
++	assertMakeDir("sandbox", 0700);
++	assertChdir("sandbox");
++
++	/* Create an archive_write_disk object. */
++	assert((a = archive_write_disk_new()) != NULL);
++	archive_write_disk_set_options(a, ARCHIVE_EXTRACT_SECURE_SYMLINKS);
++
++	/* Create a symlink to the target directory. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "symlink");
++	archive_entry_set_mode(ae, AE_IFLNK | 0777);
++	archive_entry_copy_symlink(ae, "../target");
++	assertEqualIntA(a, ARCHIVE_OK, archive_write_header(a, ae));
++	archive_entry_free(ae);
++
++	/* Attempt to hardlink to the target directory via the symlink. */
++	assert((ae = archive_entry_new()) != NULL);
++	archive_entry_copy_pathname(ae, "bar");
++	archive_entry_set_mode(ae, AE_IFREG | 0777);
++	archive_entry_set_size(ae, 8);
++	archive_entry_copy_hardlink(ae, "symlink/foo");
++	assertEqualIntA(a, ARCHIVE_FAILED, archive_write_header(a, ae));
++	assertEqualIntA(a, ARCHIVE_FATAL, archive_write_data(a, "modified", 8));
++	archive_entry_free(ae);
++
++	/* Verify that target file contents are unchanged. */
++	assertTextFileContents("unmodified", "../target/foo");
++
++	assertEqualIntA(a, ARCHIVE_FATAL, archive_write_close(a));
++	archive_write_free(a);
++#endif
++}
+--- lib/libarchive/tests/Makefile.orig
++++ lib/libarchive/tests/Makefile
+@@ -177,6 +177,9 @@
+ 	test_write_disk_no_hfs_compression.c	\
+ 	test_write_disk_perms.c			\
+ 	test_write_disk_secure.c		\
++	test_write_disk_secure744.c		\
++	test_write_disk_secure745.c		\
++	test_write_disk_secure746.c		\
+ 	test_write_disk_sparse.c		\
+ 	test_write_disk_symlink.c		\
+ 	test_write_disk_times.c			\

Property changes on: head/share/security/patches/SA-16:31/libarchive-10.3.patch
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/security/patches/SA-16:31/libarchive-10.3.patch.asc
===================================================================
--- head/share/security/patches/SA-16:31/libarchive-10.3.patch.asc	(nonexistent)
+++ head/share/security/patches/SA-16:31/libarchive-10.3.patch.asc	(revision 49477)
@@ -0,0 +1,17 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.1.13 (FreeBSD)
+
+iQIcBAABCgAGBQJX+0PmAAoJEO1n7NZdz2rnnmUQAIqTh0iP7z9FW2QY6FuyTWQK
+XNqLx5LaAdTfoJ3gFpQMvbms5yVr/aOPUTgRTwl1UctPNM68bdGslxFwj2aIs4u7
+I4/VPvbWdSURzjwik2cTXpwEqHMWymPbFqeDZ914AbjN3LCk3oyClrCQbetR+37g
+GEfQtsMipZeUjOvQXTGvMFQTirRmMrrU+5gPwkbVWXdnE+7chridmN7oer4IarpA
+IQY454+dbYkAwDK6+ZUwi3xFnF93fBuguxHwbiuH1Z9i+2pO4saWSjSJJ7pGeU3i
+WaGKKnyBCO+fKPI40iv2YnDHiVlpK06g/GQIpzFEHo0FRAByJY1zLBx3+leUGLhk
+fy4r3LobLrJANWr48AzoO4KUeRuuTmmvm1eWfTCTa4ODEJuos8BCLKiwsdWJuMPW
+Z3LsDmaQxoGpxK+4SsCyANTBs0DHO+kzcTnsW4MgsmnLn0KAOaGP50z3FpqqE4ov
+2fPq/qe1A+Wicto16hx5PZfvunroPputvoN8qoFujdYuOgGfRcgqEUxTT/zknZXz
+3ncwMgCK1JA6ivvKW9XwDup6v3Z+fW1PpZB7qPZFhx/q+EJukOD5AyhJROOKKjtp
+mOEnJf7my2c0H9uxDbXlPgfHZY4dS7BszRJq0istxdvcvl0ZEOTTJAD3hOnGXyYU
+TCtBq+CcUEOG7+MLWqtZ
+=km25
+-----END PGP SIGNATURE-----

Property changes on: head/share/security/patches/SA-16:31/libarchive-10.3.patch.asc
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: head/share/xml/advisories.xml
===================================================================
--- head/share/xml/advisories.xml	(revision 49476)
+++ head/share/xml/advisories.xml	(revision 49477)
@@ -1,4210 +1,4238 @@
 <?xml version="1.0"?>
 <advisories>
     <cvs:keyword xmlns:cvs="http://www.FreeBSD.org/XML/CVS">
       $FreeBSD$
     </cvs:keyword>
 
   <year>
     <name>2016</name>
 
     <month>
+      <name>10</name>
+
+      <day>
+        <name>10</name>
+
+        <advisory>
+          <name>FreeBSD-SA-16:31.libarchive</name>
+        </advisory>
+
+        <advisory>
+          <name>FreeBSD-SA-16:30.portsnap</name>
+        </advisory>
+
+        <advisory>
+          <name>FreeBSD-SA-16:29.bspatch</name>
+        </advisory>
+
+        <advisory>
+          <name>FreeBSD-SA-16:28.bind</name>
+        </advisory>
+
+        <advisory>
+          <name>FreeBSD-SA-16:27.openssl</name>
+        </advisory>
+      </day>
+    </month>
+
+    <month>
       <name>9</name>
 
       <day>
         <name>23</name>
 
         <advisory>
           <name>FreeBSD-SA-16:26.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-16:25.bspatch</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>4</name>
 
         <advisory>
           <name>FreeBSD-SA-16:24.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
         <name>31</name>
 
         <advisory>
           <name>FreeBSD-SA-16:23.libarchive</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:22.libarchive</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:21.43bsd</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:20.linux</name>
         </advisory>
       </day>
 
       <day>
         <name>17</name>
 
         <advisory>
           <name>FreeBSD-SA-16:19.sendmsg</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:18.atkbd</name>
         </advisory>
       </day>
 
       <day>
         <name>4</name>
 
         <advisory>
           <name>FreeBSD-SA-16:17.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
         <name>29</name>
 
         <advisory>
           <name>FreeBSD-SA-16:16.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
         <name>16</name>
 
         <advisory>
           <name>FreeBSD-SA-16:15.sysarch</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:14.openssh</name>
         </advisory>
       </day>
 
       <day>
         <name>10</name>
 
         <advisory>
           <name>FreeBSD-SA-16:13.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:12.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>30</name>
 
         <advisory>
           <name>FreeBSD-SA-16:11.openssl</name>
         </advisory>
       </day>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-16:10.linux</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:09.ntp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:08.bind</name>
         </advisory>
       </day>
 
       <day>
         <name>14</name>
 
         <advisory>
           <name>FreeBSD-SA-16:07.openssh</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:06.bsnmpd</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:05.tcp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:04.linux</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:03.linux</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:02.ntp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-16:01.sctp</name>
         </advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2015</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>16</name>
 
         <advisory>
           <name>FreeBSD-SA-15:27.bind</name>
         </advisory>
       </day>
 
       <day>
         <name>6</name>
 
         <advisory>
           <name>FreeBSD-SA-15:26.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>26</name>
 
         <advisory>
           <name>FreeBSD-SA-15:25.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>29</name>
 
         <advisory>
           <name>FreeBSD-SA-15:24.rpcbind</name>
         </advisory>
       </day>
 
       <day>
         <name>2</name>
 
         <advisory>
           <name>FreeBSD-SA-15:23.bind</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-15:22.openssh</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:21.amd64</name>
         </advisory>
       </day>
 
       <day>
         <name>18</name>
 
         <advisory>
           <name>FreeBSD-SA-15:20.expat</name>
         </advisory>
       </day>
 
       <day>
         <name>5</name>
 
         <advisory>
           <name>FreeBSD-SA-15:19.routed</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:18.bsdpatch</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>28</name>
 
         <advisory>
           <name>FreeBSD-SA-15:17.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:16.openssh</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:15.tcp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:14.bsdpatch</name>
         </advisory>
       </day>
 
       <day>
         <name>21</name>
 
         <advisory>
           <name>FreeBSD-SA-15:13.tcp</name>
         </advisory>
       </day>
 
       <day>
         <name>9</name>
 
         <advisory>
           <name>FreeBSD-SA-15:12.openssl</name>
         </advisory>
       </day>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-15:11.bind</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>12</name>
 
         <advisory>
           <name>FreeBSD-SA-15:10.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-15:09.ipv6</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:08.bsdinstall</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:07.ntp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
         <name>19</name>
 
         <advisory>
           <name>FreeBSD-SA-15:06.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
         <name>25</name>
 
         <advisory>
           <name>FreeBSD-SA-15:05.bind</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:04.igmp</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-15:03.sctp</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-15:02.kmem</name>
         </advisory>
       </day>
 
       <day>
         <name>14</name>
 
         <advisory>
           <name>FreeBSD-SA-15:01.openssl</name>
         </advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2014</name>
 
     <month>
       <name>12</name>
 
       <day>
         <name>23</name>
 
         <advisory>
           <name>FreeBSD-SA-14:31.ntp</name>
         </advisory>
       </day>
 
       <day>
         <name>17</name>
 
         <advisory>
           <name>FreeBSD-SA-14:30.unbound</name>
         </advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:29.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:28.file</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:27.stdio</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>04</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:26.ftp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:25.setlogin</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:24.sshd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>21</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:23.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:22.namei</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:21.routed</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:20.rtsold</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:19.tcp</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:18.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:17.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:16.file</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:15.iconv</name>
 	</advisory>
       </day>
 
       <day>
 	<name>5</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:14.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:13.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:12.ktrace</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:11.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:10.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:09.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:08.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:07.devfs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>08</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:06.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:05.nfsserver</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:03.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-14:01.bsnmpd</name>
 	</advisory>
       </day>
     </month>
 
   </year>
 
   <year>
     <name>2013</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:14.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:13.nullfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:12.ifioctl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:11.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:10.sctp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:09.ip_multicast</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:08.nfsserver</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:07.bind</name>
 	</advisory>
       </day>
 
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:06.mmap</name>
 	</advisory>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:05.nfsserver</name>
 	</advisory>
       </day>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:03.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-13:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2012</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:08.linux</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:07.hostapd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:05.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:04.sysret</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:02.crypt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-12:01.openssl</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2011</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:10.pam</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:09.pam_ssh</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:08.telnetd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:07.chroot</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:05.unix</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:04.compress</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:03.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-11:01.mountd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2010</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:10.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:09.pseudofs</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:08.bzip2</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:07.mbuf</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>27</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:06.nfsclient</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:05.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:04.jail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:03.zfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:02.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-10:01.bind</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2009</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:17.freebsd-update</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:16.rtld</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:15.ssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:14.devfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:13.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:12.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>10</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:11.ntpd</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:10.ipv6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:09.pipe</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:08.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:07.libc</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:06.ktimer</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>16</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:05.telnetd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:04.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:03.ntpd</name>
 	</advisory>
       </day>
 
       <day>
 	<name>7</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:02.openssl</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-09:01.lukemftpd</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2008</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:13.protosw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:12.ftpd</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>24</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:11.arc4random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>2</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:10.nd6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:09.icmp6</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:08.nmount</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:07.amd64</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:06.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>17</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:05.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:04.ipsec</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:03.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>18</name>
 
         <release>
           <name>FreeBSD 6.3-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:02.libc</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-08:01.pty</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2007</name>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:10.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:09.random</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
 	<name>3</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:08.openssl</name>
 	</advisory>
       </day>
     </month>
 
 
     <month>
       <name>8</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:07.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:06.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
 	<name>12</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:05.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:04.file</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>26</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:03.ipv6</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:02.bind</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
         <name>15</name>
 
         <release>
           <name>FreeBSD 6.2-RELEASE</name>
         </release>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-07:01.jail</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2006</name>
 
     <month>
       <name>12</name>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:26.gtar</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:25.kmem</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>11</name>
 
       <day>
 	<name>8</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:24.libarchive</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
 	<name>30</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:22.openssh</name>
 	</advisory>
       </day>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:23.openssl</name>
 	</advisory>
       </day>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:21.gzip</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:20.bind</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:19.openssl</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>8</name>
 
       <day>
 	<name>23</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:18.ppp</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
 	<name>14</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:17.sendmail</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
 	<name>31</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:16.smbfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:15.ypserv</name>
 	</advisory>
       </day>
 
       <day>
         <name>25</name>
 
         <release>
           <name>FreeBSD 5.5-RELEASE</name>
         </release>
       </day>
 
       <day>
         <name>9</name>
 
         <release>
           <name>FreeBSD 6.1-RELEASE</name>
         </release>
       </day>
 
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>19</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:14.fpu</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:13.sendmail</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:12.opie</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:11.ipsec</name>
 	</advisory>
       </day>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:10.nfs</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:09.openssh</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>2</name>
 
       <day>
 	<name>1</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:08.sack</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
       <day>
 	<name>25</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:07.pf</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:06.kmem</name>
 	</advisory>
       </day>
 
       <day>
 	<name>18</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:05.80211</name>
 	</advisory>
       </day>
 
       <day>
 	<name>11</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:04.ipfw</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:03.cpio</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:02.ee</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-06:01.texindex</name>
 	</advisory>
       </day>
     </month>
   </year>
 
   <year>
     <name>2005</name>
 
     <month>
       <name>11</name>
 
       <day>
         <name>4</name>
 
         <release>
           <name>FreeBSD 6.0-RELEASE</name>
         </release>
       </day>
     </month>
 
     <month>
       <name>10</name>
 
       <day>
         <name>11</name>
 
         <advisory>
           <name>FreeBSD-SA-05:21.openssl</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>9</name>
 
       <day>
         <name>7</name>
 
         <advisory>
           <name>FreeBSD-SA-05:20.cvsbug</name>
         </advisory>
       </day>
     </month>
 
     <month>
       <name>7</name>
 
       <day>
         <name>27</name>
 
         <advisory>
           <name>FreeBSD-SA-05:19.ipsec</name>
         </advisory>
 
         <advisory>
           <name>FreeBSD-SA-05:18.zlib</name>
         </advisory>
       </day>
 
       <day>
         <name>20</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:17.devfs</name>
 	</advisory>
       </day>
 
       <day>
         <name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:16.zlib</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>6</name>
 
       <day>
         <name>29</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:15.tcp</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:14.bzip2</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:13.ipfw</name>
 	</advisory>
       </day>
 
       <day>
         <name>9</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:12.bind9</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:11.gzip</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:10.tcpdump</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>5</name>
 
       <day>
         <name>13</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:09.htt</name>
 	</advisory>
       </day>
 
       <day>
 	<name>9</name>
 
 	<release>
 	  <name>FreeBSD 5.4-RELEASE</name>
 	</release>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:08.kmem</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:07.ldt</name>
 	</advisory>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:06.iir</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>4</name>
 
       <day>
 	<name>22</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:05.cvs</name>
 	</advisory>
       </day>
 
       <day>
 	<name>15</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:04.ifconf</name>
 	</advisory>
       </day>
 
       <day>
 	<name>6</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:03.amd64</name>
 	</advisory>
       </day>
 
       <day>
 	<name>4</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:02.sendfile</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>3</name>
 
       <day>
 	<name>28</name>
 
 	<advisory>
 	  <name>FreeBSD-SA-05:01.telnet</name>
 	</advisory>
       </day>
     </month>
 
     <month>
       <name>1</name>
 
 	<day>
 	  <name>25</name>
 
 	  <release>
 	    <name>FreeBSD 4.11-RELEASE</name>
 	  </release>
 	</day>
     </month>
   </year>
 
     <year>
       <name>2004</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>1</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:17.procfs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>11</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:16.fetch</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>6</name>
 
 	  <release>
 	    <name>FreeBSD 5.3-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
         <name>10</name>
 
 	<day>
 	  <name>4</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:15.syscons</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>9</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:14.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
         <name>6</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:13.linux</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:12.jailroute</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.10-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:11.msync</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:10.cvs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:09.kadmind</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-04:08.heimdal</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:07.cvs</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:06.ipv6</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:05.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:04.tcp</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>26</name>
 
 	  <release>
 	    <name>FreeBSD 5.2.1-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:03.jail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:02.shmat</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-04:01.mksnap_ffs</name>
 	  </advisory>
 	</day>
 
 
 	<day>
 	  <name>12</name>
 
 	  <release>
 	    <name>FreeBSD 5.2-RELEASE</name>
 	  </release>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2003</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:19.bind</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>27</name>
 
 	  <release>
 	    <name>FreeBSD 4.9-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>5</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:15.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:18.openssl</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-03:17.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>2</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:16.filedesc</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:14.arp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:13.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:12.openssh</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:11.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1170</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:10.ibcs2</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1164</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:09.signal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1163</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:08.realpath</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1158</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>9</name>
 
 	  <release>
 	    <name>FreeBSD 5.1-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>8</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:02</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>7</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-03:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <release>
 	    <name>FreeBSD 4.8-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:07.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1122</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:06.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1118</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:05.xdr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1117</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>3</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:04.sendmail</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1112</ulink>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:03.syncookies</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1106</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:02.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1105</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-03:01.cvs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1100</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>19</name>
 
 	  <release>
 	    <name>FreeBSD 5.0-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:44.filedesc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1090</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2002</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:43.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1084</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:41.smrsh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1082</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:42.resolv</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1083</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:40.kadmind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1081</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>10</name>
 
 	  <release>
 	    <name>FreeBSD 4.7-RELEASE</name>
 	  </release>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:06</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:39.libkvm</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1051</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:05</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:38.signed-error</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1041</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6.2-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:37.kqueue</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1033</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:36.nfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1032</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:35.ffs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1031</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:33.openssl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1023</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:34.rpc</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1024</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:32.pppd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1022</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:31.openssh</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:30.ktrace</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:29.tcpdump</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:28.resolv</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:04</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <release>
 	    <name>FreeBSD 4.6-RELEASE</name>
 	  </release>
 	</day>
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:27.rc</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:26.accept</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:03</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:25.bzip2</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-02:24.k5su</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:02</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:23.stdio</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1021</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:22.mmap</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:21.tcpip</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/980</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:20.syncache</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/979</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SN-02:01</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:19.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/960</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:18.zlib</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/978</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:17.mod_frontpage</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/954</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:16.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/953</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:15.cyrus-sasl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/952</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:14.pam-pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/951</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:13.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/945</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:12.squid</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/938</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:11.snmp</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/936</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:10.rsync</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/928</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:09.fstatfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/927</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>29</name>
 
 	  <release>
 	    <name>FreeBSD 4.5-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:08.exec</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/923</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:07.k5su</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/912</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:06.sudo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/909</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:05.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/894</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:04.mutt</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/893</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:03.mod_auth_pgsql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/892</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:02.pw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/891</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-02:01.pkg_add</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/898</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2001</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:64.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/870</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:63.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/871</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>08</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:62.uucp</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:61.squid</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:60.procmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.4-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:59.rmuser</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:58.lpd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:57.sendmail</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:56.tcp_wrappers</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:55.procfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:54.ports-telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:53.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:52.fragment</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:51.openssl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:50.windowmaker</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:49.telnetd</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:48.tcpdump</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:47.xinetd</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:46.w3m</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:45.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:44.gnupg</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:43.fetchmail</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:42.signal</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:41.hanterm</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:40.fts</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:39.tcp-isn</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:38.sudo</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:37.slrn</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:36.samba</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:35.licq</name>
 	  </advisory>
 	  <advisory>
 	    <name>FreeBSD-SA-01:34.hylafax</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <release>
 	    <name>FreeBSD 4.3-RELEASE</name>
 	  </release>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:33.ftpd-glob</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:32.ipfilter</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:31.ntpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:30.ufs-ext2fs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/738</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:29.rwhod</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/732</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:28.timed</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/731</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:27.cfengine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/730</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:26.interbase</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/729</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:23.icecast</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/728</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:25.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/716</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:24.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/715</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:22.dc20ctrl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/714</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:21.ja-elvis</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/713</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:20.mars_nwe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/712</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:19.ja-klock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/707</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:18.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/706</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:17.exmh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/705</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:16.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/704</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:15.tinyproxy</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/703</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:14.micq</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/702</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:13.sort</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/701</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:12.periodic</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/700</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:11.inetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/699</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:10.bind</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/698</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:09.crontab</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/697</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:08.ipfw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/696</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:07.xfree86</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:06.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/669</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:05.stunnel</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/668</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:04.joe</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/667</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:03.bash1</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/666</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:02.syslog-ng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/665</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-01:01.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/664</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>2000</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:81.ethereal</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/651</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:80.halflifeserver</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/650</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:79.oops</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/649</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:78.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/648</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:77.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/647</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:76.tcsh-csh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/628</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:75.php</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/627</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:74.gaim</name>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:73.thttpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/626</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:72.curl</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/625</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:71.mgetty</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/624</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:70.ppp-nat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/623</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:69.telnetd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/622</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:68.ncurses</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/621</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:67.gnupg</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/620</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:66.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/619</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:65.xfce</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/618</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:64.global</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/617</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:63.getnameinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/589</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:62.top</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/616</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:61.tcpdump</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/615</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>30</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:60.boa</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/586</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:59.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/585</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:58.chpass</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/584</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:57.muh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/570</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:56.lprng</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/569</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:55.xpdf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/568</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:54.fingerd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/567</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>06</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:52.tcp-iss</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/561</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>27</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:53.catopen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/562</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:51.mailman</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/550</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:50.listmanager</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/549</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:49.eject</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/548</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:48.xchat</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/547</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:47.pine</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/546</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:46.screen</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/545</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>31</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:45.esound</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/526</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:44.xlock</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/523</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:43.brouted</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/520</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:42.linux</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/530</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:41.elf</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/527</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:40.mopd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/521</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:39.netscape</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/528</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:38.zope</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/525</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:37.cvsweb</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/524</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:36.ntop</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/531</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:35.proftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/522</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:34.dhclient</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/529</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:33.kerberosIV</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/488</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:32.bitchx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/487</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:31.canna</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/486</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:30.openssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/485</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:29.wu-ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/489</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:28.majordomo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/484</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:27.XFree86-4</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/483</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:26.popper</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/482</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:24.libedit</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/481</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:23.ip-options</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/480</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:25.alpha-random</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/473</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:22.apsfilter</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/461</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:21.ssh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/459</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:20.krb5</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/452</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>23</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:19.semconfig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/451</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:18.gnapster.knapster</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/429</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:17.libmytinfo</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/442</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:16.golddig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/439</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:15.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/438</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:14.imap-uw</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/441</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:13.generic-nqs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/437</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:12.healthd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/436</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:11.ircii</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/440</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:10.orville-write</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:09.mtr</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/408</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:08.lynx</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/407</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:07.mh</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/411</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:06.htdig</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/403</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:05.mysql</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/402</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:04.delegate</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/392</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:03.asmon</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/391</ulink>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:02.procfs</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/380</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name>FreeBSD-SA-00:01.make</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1999</name>
 
       <month>
 	<name>9</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:06.amd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/318</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>15</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:05.fts</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/313</ulink>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:04.core</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/312</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:03.ftpd</name>
 	    <ulink lang="ja">http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/311</ulink>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:02.profil</name>
 	  </advisory>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-99:01.chflags</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1998</name>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:08.fragment</name>
 	  </advisory>
 	</day>
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>13</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:07.rst</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:06.icmp</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:05.nfs</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>02</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:04.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>14</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:03.ttcp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:02.mmap</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1997</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>09</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:06.f00f</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>01</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-98:01.land</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>10</name>
 
 	<day>
 	  <name>29</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:05.open</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>8</name>
 
 	<day>
 	  <name>19</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:04.procfs</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>07</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:03.sysinstall</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>3</name>
 
 	<day>
 	  <name>26</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:02.lpd</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>2</name>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-97:01.setlocale</name>
 	  </advisory>
 
 	</day>
 
       </month>
 
       <month>
 	<name>1</name>
 
 	<day>
 	  <name>18</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:21.talkd</name>
 	  </advisory>
 	</day>
 
       </month>
 
     </year>
 
     <year>
       <name>1996</name>
 
       <month>
 	<name>12</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:20.stack-overflow</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>10</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:19.modstat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>11</name>
 
 	<day>
 	  <name>25</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:18.lpr</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>7</name>
 
 	<day>
 	  <name>16</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:17.rzsz</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>12</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:16.rdist</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>04</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:15.ppp</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>6</name>
 
 	<day>
 	  <name>28</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:12.perl</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>24</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:14.ipfw</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>05</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:13.comsat</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>5</name>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:11.man</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>17</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:10.mount_union</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:09.vfsload</name>
 	  </advisory>
 	</day>
 
       </month>
 
       <month>
 	<name>4</name>
 
 	<day>
 	  <name>22</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:02.apache</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>21</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:08.syslog</name>
 	  </advisory>
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:01.sliplogin</name>
 	  </advisory>
 	</day>
 
 	<day>
 	  <name>20</name>
 
 	  <advisory>
 	    <name role="old">FreeBSD-SA-96:03.sendmail-suggestion</name>
 	  </advisory>
 	</day>
 
       </month>
     </year>
 
 </advisories>