From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 27 19:20:59 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 052C2106566B; Mon, 27 Aug 2012 19:20:59 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E38528FC0C; Mon, 27 Aug 2012 19:20:58 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7RJKwML044457; Mon, 27 Aug 2012 19:20:58 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7RJKwhe044455; Mon, 27 Aug 2012 19:20:58 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201208271920.q7RJKwhe044455@svn.freebsd.org> From: Martin Matuska Date: Mon, 27 Aug 2012 19:20:58 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239745 - vendor/illumos/dist/man/man5 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 19:20:59 -0000 Author: mm Date: Mon Aug 27 19:20:58 2012 New Revision: 239745 URL: http://svn.freebsd.org/changeset/base/239745 Log: Add zpool-features.5 vendor manual page, revision 13753:2aba784c276b Obtained from: ssh://anonhg@hg.illumos.org/illumos-gate Added: vendor/illumos/dist/man/man5/ vendor/illumos/dist/man/man5/zpool-features.5 Added: vendor/illumos/dist/man/man5/zpool-features.5 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor/illumos/dist/man/man5/zpool-features.5 Mon Aug 27 19:20:58 2012 (r239745) @@ -0,0 +1,173 @@ +'\" te +.\" Copyright (c) 2012 by Delphix. All rights reserved. +.\" The contents of this file are subject to the terms of the Common Development +.\" and Distribution License (the "License"). You may not use this file except +.\" in compliance with the License. You can obtain a copy of the license at +.\" usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. +.\" +.\" See the License for the specific language governing permissions and +.\" limitations under the License. When distributing Covered Code, include this +.\" CDDL HEADER in each file and include the License file at +.\" usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this +.\" CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your +.\" own identifying information: +.\" Portions Copyright [yyyy] [name of copyright owner] +.TH ZPOOL-FEATURES 5 "Mar 16, 2012" +.SH NAME +zpool\-features \- ZFS pool feature descriptions +.SH DESCRIPTION +.sp +.LP +ZFS pool on\-disk format versions are specified via "features" which replace +the old on\-disk format numbers (the last supported on\-disk format number is +28). To enable a feature on a pool use the \fBupgrade\fR subcommand of the +\fBzpool\fR(1M) command, or set the \fBfeature@\fR\fIfeature_name\fR property +to \fBenabled\fR. +.sp +.LP +The pool format does not affect file system version compatibility or the ability +to send file systems between pools. +.sp +.LP +Since most features can be enabled independently of each other the on\-disk +format of the pool is specified by the set of all features marked as +\fBactive\fR on the pool. If the pool was created by another software version +this set may include unsupported features. +.SS "Identifying features" +.sp +.LP +Every feature has a guid of the form \fIcom.example:feature_name\fR. The reverse +DNS name ensures that the feature's guid is unique across all ZFS +implementations. When unsupported features are encountered on a pool they will +be identified by their guids. Refer to the documentation for the ZFS +implementation that created the pool for information about those features. +.sp +.LP +Each supported feature also has a short name. By convention a feature's short +name is the portion of its guid which follows the ':' (e.g. +\fIcom.example:feature_name\fR would have the short name \fIfeature_name\fR), +however a feature's short name may differ across ZFS implementations if +following the convention would result in name conflicts. +.SS "Feature states" +.sp +.LP +Features can be in one of three states: +.sp +.ne 2 +.na +\fB\fBactive\fR\fR +.ad +.RS 12n +This feature's on\-disk format changes are in effect on the pool. Support for +this feature is required to import the pool in read\-write mode. If this +feature is not read-only compatible, support is also required to import the pool +in read\-only mode (see "Read\-only compatibility"). +.RE + +.sp +.ne 2 +.na +\fB\fBenabled\fR\fR +.ad +.RS 12n +An administrator has marked this feature as enabled on the pool, but the +feature's on\-disk format changes have not been made yet. The pool can still be +imported by software that does not support this feature, but changes may be made +to the on\-disk format at any time which will move the feature to the +\fBactive\fR state. Some features may support returning to the \fBenabled\fR +state after becoming \fBactive\fR. See feature\-specific documentation for +details. +.RE + +.sp +.ne 2 +.na +\fBdisabled\fR +.ad +.RS 12n +This feature's on\-disk format changes have not been made and will not be made +unless an administrator moves the feature to the \fBenabled\fR state. Features +cannot be disabled once they have been enabled. +.RE + +.sp +.LP +The state of supported features is exposed through pool properties of the form +\fIfeature@short_name\fR. +.SS "Read\-only compatibility" +.sp +.LP +Some features may make on\-disk format changes that do not interfere with other +software's ability to read from the pool. These features are referred to as +"read\-only compatible". If all unsupported features on a pool are read\-only +compatible, the pool can be imported in read\-only mode by setting the +\fBreadonly\fR property during import (see \fBzpool\fR(1M) for details on +importing pools). +.SS "Unsupported features" +.sp +.LP +For each unsupported feature enabled on an imported pool a pool property +named \fIunsupported@feature_guid\fR will indicate why the import was allowed +despite the unsupported feature. Possible values for this property are: + +.sp +.ne 2 +.na +\fB\fBinactive\fR\fR +.ad +.RS 12n +The feature is in the \fBenabled\fR state and therefore the pool's on\-disk +format is still compatible with software that does not support this feature. +.RE + +.sp +.ne 2 +.na +\fB\fBreadonly\fR\fR +.ad +.RS 12n +The feature is read\-only compatible and the pool has been imported in +read\-only mode. +.RE + +.SS "Feature dependencies" +.sp +.LP +Some features depend on other features being enabled in order to function +properly. Enabling a feature will automatically enable any features it +depends on. +.SH FEATURES +.sp +.LP +The following features are supported on this system: +.sp +.ne 2 +.na +\fB\fBasync_destroy\fR\fR +.ad +.RS 4n +.TS +l l . +GUID com.delphix:async_destroy +READ\-ONLY COMPATIBLE yes +DEPENDENCIES none +.TE + +Destroying a file system requires traversing all of its data in order to +return its used space to the pool. Without \fBasync_destroy\fR the file system +is not fully removed until all space has been reclaimed. If the destroy +operation is interrupted by a reboot or power outage the next attempt to open +the pool will need to complete the destroy operation synchronously. + +When \fBasync_destroy\fR is enabled the file system's data will be reclaimed +by a background process, allowing the destroy operation to complete without +traversing the entire file system. The background process is able to resume +interrupted destroys after the pool has been opened, eliminating the need +to finish interrupted destroys as part of the open operation. The amount +of space remaining to be reclaimed by the background process is available +through the \fBfreeing\fR property. + +This feature is only \fBactive\fR while \fBfreeing\fR is non\-zero. +.RE +.SH "SEE ALSO" +\fBzpool\fR(1M) From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 27 19:25:21 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 39AB6106566C; Mon, 27 Aug 2012 19:25:21 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 2010C8FC27; Mon, 27 Aug 2012 19:25:21 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7RJPKgt044995; Mon, 27 Aug 2012 19:25:20 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7RJPKhE044973; Mon, 27 Aug 2012 19:25:20 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201208271925.q7RJPKhE044973@svn.freebsd.org> From: Martin Matuska Date: Mon, 27 Aug 2012 19:25:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-sys MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239746 - vendor-sys/illumos/dist/common/zfs vendor-sys/illumos/dist/uts/common/fs/zfs vendor-sys/illumos/dist/uts/common/fs/zfs/sys vendor/illumos/dist/cmd/zinject vendor/illumos/dist/... X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 19:25:21 -0000 Author: mm Date: Mon Aug 27 19:25:20 2012 New Revision: 239746 URL: http://svn.freebsd.org/changeset/base/239746 Log: Update vendor/illumos/dist and vendor/illumos-gate/dist to illumos-gate revision 13782:8f78aae28a63 Obtained from: ssh://anonhg@hg.illumos.org/illumos-gate Modified: vendor-sys/illumos/dist/common/zfs/zfeature_common.c vendor-sys/illumos/dist/common/zfs/zfeature_common.h vendor-sys/illumos/dist/uts/common/fs/zfs/bpobj.c vendor-sys/illumos/dist/uts/common/fs/zfs/dmu_objset.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dataset.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_deadlist.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dir.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_pool.c vendor-sys/illumos/dist/uts/common/fs/zfs/spa.c vendor-sys/illumos/dist/uts/common/fs/zfs/sys/bpobj.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu_objset.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_dataset.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_pool.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/zap.h vendor-sys/illumos/dist/uts/common/fs/zfs/zap.c vendor-sys/illumos/dist/uts/common/fs/zfs/zfeature.c vendor-sys/illumos/dist/uts/common/fs/zfs/zfs_vfsops.c vendor-sys/illumos/dist/uts/common/fs/zfs/zvol.c Changes in other areas also in this revision: Modified: vendor/illumos/dist/cmd/zinject/zinject.c vendor/illumos/dist/lib/libzfs/common/libzfs_dataset.c vendor/illumos/dist/man/man5/zpool-features.5 Modified: vendor-sys/illumos/dist/common/zfs/zfeature_common.c ============================================================================== --- vendor-sys/illumos/dist/common/zfs/zfeature_common.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/common/zfs/zfeature_common.c Mon Aug 27 19:25:20 2012 (r239746) @@ -153,4 +153,7 @@ zpool_feature_init(void) zfeature_register(SPA_FEATURE_ASYNC_DESTROY, "com.delphix:async_destroy", "async_destroy", "Destroy filesystems asynchronously.", B_TRUE, B_FALSE, NULL); + zfeature_register(SPA_FEATURE_EMPTY_BPOBJ, + "com.delphix:empty_bpobj", "empty_bpobj", + "Snapshots use less space.", B_TRUE, B_FALSE, NULL); } Modified: vendor-sys/illumos/dist/common/zfs/zfeature_common.h ============================================================================== --- vendor-sys/illumos/dist/common/zfs/zfeature_common.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/common/zfs/zfeature_common.h Mon Aug 27 19:25:20 2012 (r239746) @@ -51,6 +51,7 @@ typedef int (zfeature_func_t)(zfeature_i enum spa_feature { SPA_FEATURE_ASYNC_DESTROY, + SPA_FEATURE_EMPTY_BPOBJ, SPA_FEATURES } spa_feature_t; Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/bpobj.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/bpobj.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/bpobj.c Mon Aug 27 19:25:20 2012 (r239746) @@ -20,13 +20,61 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2011 by Delphix. All rights reserved. + * Copyright (c) 2012 by Delphix. All rights reserved. */ #include #include #include #include +#include +#include + +/* + * Return an empty bpobj, preferably the empty dummy one (dp_empty_bpobj). + */ +uint64_t +bpobj_alloc_empty(objset_t *os, int blocksize, dmu_tx_t *tx) +{ + zfeature_info_t *empty_bpobj_feat = + &spa_feature_table[SPA_FEATURE_EMPTY_BPOBJ]; + spa_t *spa = dmu_objset_spa(os); + dsl_pool_t *dp = dmu_objset_pool(os); + + if (spa_feature_is_enabled(spa, empty_bpobj_feat)) { + if (!spa_feature_is_active(spa, empty_bpobj_feat)) { + ASSERT3U(dp->dp_empty_bpobj, ==, 0); + dp->dp_empty_bpobj = + bpobj_alloc(os, SPA_MAXBLOCKSIZE, tx); + VERIFY(zap_add(os, + DMU_POOL_DIRECTORY_OBJECT, + DMU_POOL_EMPTY_BPOBJ, sizeof (uint64_t), 1, + &dp->dp_empty_bpobj, tx) == 0); + } + spa_feature_incr(spa, empty_bpobj_feat, tx); + ASSERT(dp->dp_empty_bpobj != 0); + return (dp->dp_empty_bpobj); + } else { + return (bpobj_alloc(os, blocksize, tx)); + } +} + +void +bpobj_decr_empty(objset_t *os, dmu_tx_t *tx) +{ + zfeature_info_t *empty_bpobj_feat = + &spa_feature_table[SPA_FEATURE_EMPTY_BPOBJ]; + dsl_pool_t *dp = dmu_objset_pool(os); + + spa_feature_decr(dmu_objset_spa(os), empty_bpobj_feat, tx); + if (!spa_feature_is_active(dmu_objset_spa(os), empty_bpobj_feat)) { + VERIFY3U(0, ==, zap_remove(dp->dp_meta_objset, + DMU_POOL_DIRECTORY_OBJECT, + DMU_POOL_EMPTY_BPOBJ, tx)); + VERIFY3U(0, ==, dmu_object_free(os, dp->dp_empty_bpobj, tx)); + dp->dp_empty_bpobj = 0; + } +} uint64_t bpobj_alloc(objset_t *os, int blocksize, dmu_tx_t *tx) @@ -53,6 +101,7 @@ bpobj_free(objset_t *os, uint64_t obj, d int epb; dmu_buf_t *dbuf = NULL; + ASSERT(obj != dmu_objset_pool(os)->dp_empty_bpobj); VERIFY3U(0, ==, bpobj_open(&bpo, os, obj)); mutex_enter(&bpo.bpo_lock); @@ -320,6 +369,12 @@ bpobj_enqueue_subobj(bpobj_t *bpo, uint6 ASSERT(bpo->bpo_havesubobj); ASSERT(bpo->bpo_havecomp); + ASSERT(bpo->bpo_object != dmu_objset_pool(bpo->bpo_os)->dp_empty_bpobj); + + if (subobj == dmu_objset_pool(bpo->bpo_os)->dp_empty_bpobj) { + bpobj_decr_empty(bpo->bpo_os, tx); + return; + } VERIFY3U(0, ==, bpobj_open(&subbpo, bpo->bpo_os, subobj)); VERIFY3U(0, ==, bpobj_space(&subbpo, &used, &comp, &uncomp)); @@ -388,6 +443,7 @@ bpobj_enqueue(bpobj_t *bpo, const blkptr blkptr_t *bparray; ASSERT(!BP_IS_HOLE(bp)); + ASSERT(bpo->bpo_object != dmu_objset_pool(bpo->bpo_os)->dp_empty_bpobj); /* We never need the fill count. */ stored_bp.blk_fill = 0; Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/dmu_objset.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/dmu_objset.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/dmu_objset.c Mon Aug 27 19:25:20 2012 (r239746) @@ -1236,15 +1236,6 @@ dmu_objset_is_dirty(objset_t *os, uint64 !list_is_empty(&os->os_free_dnodes[txg & TXG_MASK])); } -boolean_t -dmu_objset_is_dirty_anywhere(objset_t *os) -{ - for (int t = 0; t < TXG_SIZE; t++) - if (dmu_objset_is_dirty(os, t)) - return (B_TRUE); - return (B_FALSE); -} - static objset_used_cb_t *used_cbs[DMU_OST_NUMTYPES]; void Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dataset.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dataset.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dataset.c Mon Aug 27 19:25:20 2012 (r239746) @@ -1210,6 +1210,17 @@ dsl_dataset_dirty(dsl_dataset_t *ds, dmu } } +boolean_t +dsl_dataset_is_dirty(dsl_dataset_t *ds) +{ + for (int t = 0; t < TXG_SIZE; t++) { + if (txg_list_member(&ds->ds_dir->dd_pool->dp_dirty_datasets, + ds, t)) + return (B_TRUE); + } + return (B_FALSE); +} + /* * The unique space in the head dataset can be calculated by subtracting * the space used in the most recent snapshot, that is still being used @@ -3432,9 +3443,6 @@ dsl_dataset_set_quota_sync(void *arg1, v if (ds->ds_quota != effective_value) { dmu_buf_will_dirty(ds->ds_dbuf, tx); ds->ds_quota = effective_value; - - spa_history_log_internal_ds(ds, "set refquota", tx, - "refquota=%lld", (longlong_t)ds->ds_quota); } } @@ -3538,9 +3546,6 @@ dsl_dataset_set_reservation_sync(void *a dsl_dir_diduse_space(ds->ds_dir, DD_USED_REFRSRV, delta, 0, 0, tx); mutex_exit(&ds->ds_dir->dd_lock); - - spa_history_log_internal_ds(ds, "set refreservation", tx, - "refreservation=%lld", (longlong_t)effective_value); } int Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_deadlist.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_deadlist.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_deadlist.c Mon Aug 27 19:25:20 2012 (r239746) @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2011 by Delphix. All rights reserved. + * Copyright (c) 2012 by Delphix. All rights reserved. */ #include @@ -163,12 +163,49 @@ dsl_deadlist_free(objset_t *os, uint64_t for (zap_cursor_init(&zc, os, dlobj); zap_cursor_retrieve(&zc, &za) == 0; - zap_cursor_advance(&zc)) - bpobj_free(os, za.za_first_integer, tx); + zap_cursor_advance(&zc)) { + uint64_t obj = za.za_first_integer; + if (obj == dmu_objset_pool(os)->dp_empty_bpobj) + bpobj_decr_empty(os, tx); + else + bpobj_free(os, obj, tx); + } zap_cursor_fini(&zc); VERIFY3U(0, ==, dmu_object_free(os, dlobj, tx)); } +static void +dle_enqueue(dsl_deadlist_t *dl, dsl_deadlist_entry_t *dle, + const blkptr_t *bp, dmu_tx_t *tx) +{ + if (dle->dle_bpobj.bpo_object == + dmu_objset_pool(dl->dl_os)->dp_empty_bpobj) { + uint64_t obj = bpobj_alloc(dl->dl_os, SPA_MAXBLOCKSIZE, tx); + bpobj_close(&dle->dle_bpobj); + bpobj_decr_empty(dl->dl_os, tx); + VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); + VERIFY3U(0, ==, zap_update_int_key(dl->dl_os, dl->dl_object, + dle->dle_mintxg, obj, tx)); + } + bpobj_enqueue(&dle->dle_bpobj, bp, tx); +} + +static void +dle_enqueue_subobj(dsl_deadlist_t *dl, dsl_deadlist_entry_t *dle, + uint64_t obj, dmu_tx_t *tx) +{ + if (dle->dle_bpobj.bpo_object != + dmu_objset_pool(dl->dl_os)->dp_empty_bpobj) { + bpobj_enqueue_subobj(&dle->dle_bpobj, obj, tx); + } else { + bpobj_close(&dle->dle_bpobj); + bpobj_decr_empty(dl->dl_os, tx); + VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); + VERIFY3U(0, ==, zap_update_int_key(dl->dl_os, dl->dl_object, + dle->dle_mintxg, obj, tx)); + } +} + void dsl_deadlist_insert(dsl_deadlist_t *dl, const blkptr_t *bp, dmu_tx_t *tx) { @@ -197,7 +234,7 @@ dsl_deadlist_insert(dsl_deadlist_t *dl, dle = avl_nearest(&dl->dl_tree, where, AVL_BEFORE); else dle = AVL_PREV(&dl->dl_tree, dle); - bpobj_enqueue(&dle->dle_bpobj, bp, tx); + dle_enqueue(dl, dle, bp, tx); } /* @@ -217,7 +254,7 @@ dsl_deadlist_add_key(dsl_deadlist_t *dl, dle = kmem_alloc(sizeof (*dle), KM_SLEEP); dle->dle_mintxg = mintxg; - obj = bpobj_alloc(dl->dl_os, SPA_MAXBLOCKSIZE, tx); + obj = bpobj_alloc_empty(dl->dl_os, SPA_MAXBLOCKSIZE, tx); VERIFY3U(0, ==, bpobj_open(&dle->dle_bpobj, dl->dl_os, obj)); avl_add(&dl->dl_tree, dle); @@ -243,8 +280,7 @@ dsl_deadlist_remove_key(dsl_deadlist_t * dle = avl_find(&dl->dl_tree, &dle_tofind, NULL); dle_prev = AVL_PREV(&dl->dl_tree, dle); - bpobj_enqueue_subobj(&dle_prev->dle_bpobj, - dle->dle_bpobj.bpo_object, tx); + dle_enqueue_subobj(dl, dle_prev, dle->dle_bpobj.bpo_object, tx); avl_remove(&dl->dl_tree, dle); bpobj_close(&dle->dle_bpobj); @@ -302,7 +338,7 @@ dsl_deadlist_clone(dsl_deadlist_t *dl, u if (dle->dle_mintxg >= maxtxg) break; - obj = bpobj_alloc(dl->dl_os, SPA_MAXBLOCKSIZE, tx); + obj = bpobj_alloc_empty(dl->dl_os, SPA_MAXBLOCKSIZE, tx); VERIFY3U(0, ==, zap_add_int_key(dl->dl_os, newobj, dle->dle_mintxg, obj, tx)); } @@ -400,7 +436,7 @@ dsl_deadlist_insert_bpobj(dsl_deadlist_t dle = avl_find(&dl->dl_tree, &dle_tofind, &where); if (dle == NULL) dle = avl_nearest(&dl->dl_tree, where, AVL_BEFORE); - bpobj_enqueue_subobj(&dle->dle_bpobj, obj, tx); + dle_enqueue_subobj(dl, dle, obj, tx); } static int Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dir.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dir.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dir.c Mon Aug 27 19:25:20 2012 (r239746) @@ -1050,9 +1050,6 @@ dsl_dir_set_quota_sync(void *arg1, void mutex_enter(&dd->dd_lock); dd->dd_phys->dd_quota = effective_value; mutex_exit(&dd->dd_lock); - - spa_history_log_internal_dd(dd, "set quota", tx, - "quota=%lld", (longlong_t)effective_value); } int @@ -1172,9 +1169,6 @@ dsl_dir_set_reservation_sync(void *arg1, DSL_PROP_CHECK_PREDICTION(dd, psa); dsl_dir_set_reservation_sync_impl(dd, value, tx); - - spa_history_log_internal_dd(dd, "set reservation", tx, - "reservation=%lld", (longlong_t)value); } int Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_pool.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_pool.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_pool.c Mon Aug 27 19:25:20 2012 (r239746) @@ -126,8 +126,6 @@ dsl_pool_open(dsl_pool_t *dp) dsl_dataset_t *ds; uint64_t obj; - ASSERT(!dmu_objset_is_dirty_anywhere(dp->dp_meta_objset)); - rw_enter(&dp->dp_config_rwlock, RW_WRITER); err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_ROOT_DATASET, sizeof (uint64_t), 1, @@ -184,6 +182,15 @@ dsl_pool_open(dsl_pool_t *dp) goto out; } + if (spa_feature_is_active(dp->dp_spa, + &spa_feature_table[SPA_FEATURE_EMPTY_BPOBJ])) { + err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT, + DMU_POOL_EMPTY_BPOBJ, sizeof (uint64_t), 1, + &dp->dp_empty_bpobj); + if (err != 0) + goto out; + } + err = zap_lookup(dp->dp_meta_objset, DMU_POOL_DIRECTORY_OBJECT, DMU_POOL_TMP_USERREFS, sizeof (uint64_t), 1, &dp->dp_tmp_userrefs_obj); Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/spa.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/spa.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/spa.c Mon Aug 27 19:25:20 2012 (r239746) @@ -714,7 +714,7 @@ spa_change_guid_sync(void *arg1, void *a vdev_config_dirty(rvd); spa_config_exit(spa, SCL_STATE, FTAG); - spa_history_log_internal(spa, "guid change", tx, "old=%lld new=%lld", + spa_history_log_internal(spa, "guid change", tx, "old=%llu new=%llu", oldguid, *newguid); } Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/sys/bpobj.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/sys/bpobj.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/sys/bpobj.h Mon Aug 27 19:25:20 2012 (r239746) @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012 by Delphix. All rights reserved. */ #ifndef _SYS_BPOBJ_H @@ -67,7 +68,9 @@ typedef struct bpobj { typedef int bpobj_itor_t(void *arg, const blkptr_t *bp, dmu_tx_t *tx); uint64_t bpobj_alloc(objset_t *mos, int blocksize, dmu_tx_t *tx); +uint64_t bpobj_alloc_empty(objset_t *os, int blocksize, dmu_tx_t *tx); void bpobj_free(objset_t *os, uint64_t obj, dmu_tx_t *tx); +void bpobj_decr_empty(objset_t *os, dmu_tx_t *tx); int bpobj_open(bpobj_t *bpo, objset_t *mos, uint64_t object); void bpobj_close(bpobj_t *bpo); Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu.h Mon Aug 27 19:25:20 2012 (r239746) @@ -305,6 +305,7 @@ typedef void dmu_buf_evict_func_t(struct #define DMU_POOL_SCAN "scan" #define DMU_POOL_FREE_BPOBJ "free_bpobj" #define DMU_POOL_BPTREE_OBJ "bptree_obj" +#define DMU_POOL_EMPTY_BPOBJ "empty_bpobj" /* * Allocate an object from this objset. The range of object numbers Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu_objset.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu_objset.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu_objset.h Mon Aug 27 19:25:20 2012 (r239746) @@ -152,7 +152,6 @@ timestruc_t dmu_objset_snap_cmtime(objse /* called from dsl */ void dmu_objset_sync(objset_t *os, zio_t *zio, dmu_tx_t *tx); boolean_t dmu_objset_is_dirty(objset_t *os, uint64_t txg); -boolean_t dmu_objset_is_dirty_anywhere(objset_t *os); objset_t *dmu_objset_create_impl(spa_t *spa, struct dsl_dataset *ds, blkptr_t *bp, dmu_objset_type_t type, dmu_tx_t *tx); int dmu_objset_open_impl(spa_t *spa, struct dsl_dataset *ds, blkptr_t *bp, Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_dataset.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_dataset.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_dataset.h Mon Aug 27 19:25:20 2012 (r239746) @@ -262,6 +262,7 @@ int dsl_dataset_space_written(dsl_datase uint64_t *usedp, uint64_t *compp, uint64_t *uncompp); int dsl_dataset_space_wouldfree(dsl_dataset_t *firstsnap, dsl_dataset_t *last, uint64_t *usedp, uint64_t *compp, uint64_t *uncompp); +boolean_t dsl_dataset_is_dirty(dsl_dataset_t *ds); int dsl_dsobj_to_dsname(char *pname, uint64_t obj, char *buf); Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_pool.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_pool.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_pool.h Mon Aug 27 19:25:20 2012 (r239746) @@ -88,6 +88,7 @@ typedef struct dsl_pool { uint64_t dp_tmp_userrefs_obj; bpobj_t dp_free_bpobj; uint64_t dp_bptree_obj; + uint64_t dp_empty_bpobj; struct dsl_scan *dp_scan; Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/sys/zap.h ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/sys/zap.h Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/sys/zap.h Mon Aug 27 19:25:20 2012 (r239746) @@ -300,6 +300,8 @@ int zap_increment_int(objset_t *os, uint /* Here the key is an int and the value is a different int. */ int zap_add_int_key(objset_t *os, uint64_t obj, uint64_t key, uint64_t value, dmu_tx_t *tx); +int zap_update_int_key(objset_t *os, uint64_t obj, + uint64_t key, uint64_t value, dmu_tx_t *tx); int zap_lookup_int_key(objset_t *os, uint64_t obj, uint64_t key, uint64_t *valuep); Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/zap.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/zap.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/zap.c Mon Aug 27 19:25:20 2012 (r239746) @@ -1094,6 +1094,16 @@ zap_add_int_key(objset_t *os, uint64_t o } int +zap_update_int_key(objset_t *os, uint64_t obj, + uint64_t key, uint64_t value, dmu_tx_t *tx) +{ + char name[20]; + + (void) snprintf(name, sizeof (name), "%llx", (longlong_t)key); + return (zap_update(os, obj, name, 8, 1, &value, tx)); +} + +int zap_lookup_int_key(objset_t *os, uint64_t obj, uint64_t key, uint64_t *valuep) { char name[20]; Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/zfeature.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/zfeature.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/zfeature.c Mon Aug 27 19:25:20 2012 (r239746) @@ -221,7 +221,12 @@ feature_get_refcount(objset_t *os, uint6 uint64_t refcount; uint64_t zapobj = feature->fi_can_readonly ? write_obj : read_obj; - ASSERT(0 != zapobj); + /* + * If the pool is currently being created, the feature objects may not + * have been allocated yet. Act as though all features are disabled. + */ + if (zapobj == 0) + return (ENOTSUP); err = zap_lookup(os, zapobj, feature->fi_guid, sizeof (uint64_t), 1, &refcount); Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/zfs_vfsops.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/zfs_vfsops.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/zfs_vfsops.c Mon Aug 27 19:25:20 2012 (r239746) @@ -1831,9 +1831,9 @@ zfsvfs_teardown(zfsvfs_t *zfsvfs, boolea /* * Evict cached data */ - if (dmu_objset_is_dirty_anywhere(zfsvfs->z_os)) - if (!(zfsvfs->z_vfs->vfs_flag & VFS_RDONLY)) - txg_wait_synced(dmu_objset_pool(zfsvfs->z_os), 0); + if (dsl_dataset_is_dirty(dmu_objset_ds(zfsvfs->z_os)) && + !(zfsvfs->z_vfs->vfs_flag & VFS_RDONLY)) + txg_wait_synced(dmu_objset_pool(zfsvfs->z_os), 0); (void) dmu_objset_evict_dbufs(zfsvfs->z_os); return (0); Modified: vendor-sys/illumos/dist/uts/common/fs/zfs/zvol.c ============================================================================== --- vendor-sys/illumos/dist/uts/common/fs/zfs/zvol.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor-sys/illumos/dist/uts/common/fs/zfs/zvol.c Mon Aug 27 19:25:20 2012 (r239746) @@ -641,8 +641,18 @@ zvol_last_close(zvol_state_t *zv) { zil_close(zv->zv_zilog); zv->zv_zilog = NULL; + dmu_buf_rele(zv->zv_dbuf, zvol_tag); zv->zv_dbuf = NULL; + + /* + * Evict cached data + */ + if (dsl_dataset_is_dirty(dmu_objset_ds(zv->zv_objset)) && + !(zv->zv_flags & ZVOL_RDONLY)) + txg_wait_synced(dmu_objset_pool(zv->zv_objset), 0); + (void) dmu_objset_evict_dbufs(zv->zv_objset); + dmu_objset_disown(zv->zv_objset, zvol_tag); zv->zv_objset = NULL; } From owner-svn-src-vendor@FreeBSD.ORG Mon Aug 27 19:25:21 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 58EFE1065673; Mon, 27 Aug 2012 19:25:21 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 394858FC31; Mon, 27 Aug 2012 19:25:21 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7RJPKP7045003; Mon, 27 Aug 2012 19:25:20 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7RJPKRD044999; Mon, 27 Aug 2012 19:25:20 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201208271925.q7RJPKRD044999@svn.freebsd.org> From: Martin Matuska Date: Mon, 27 Aug 2012 19:25:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239746 - vendor-sys/illumos/dist/common/zfs vendor-sys/illumos/dist/uts/common/fs/zfs vendor-sys/illumos/dist/uts/common/fs/zfs/sys vendor/illumos/dist/cmd/zinject vendor/illumos/dist/... X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 19:25:21 -0000 Author: mm Date: Mon Aug 27 19:25:20 2012 New Revision: 239746 URL: http://svn.freebsd.org/changeset/base/239746 Log: Update vendor/illumos/dist and vendor/illumos-gate/dist to illumos-gate revision 13782:8f78aae28a63 Obtained from: ssh://anonhg@hg.illumos.org/illumos-gate Modified: vendor/illumos/dist/cmd/zinject/zinject.c vendor/illumos/dist/lib/libzfs/common/libzfs_dataset.c vendor/illumos/dist/man/man5/zpool-features.5 Changes in other areas also in this revision: Modified: vendor-sys/illumos/dist/common/zfs/zfeature_common.c vendor-sys/illumos/dist/common/zfs/zfeature_common.h vendor-sys/illumos/dist/uts/common/fs/zfs/bpobj.c vendor-sys/illumos/dist/uts/common/fs/zfs/dmu_objset.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dataset.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_deadlist.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_dir.c vendor-sys/illumos/dist/uts/common/fs/zfs/dsl_pool.c vendor-sys/illumos/dist/uts/common/fs/zfs/spa.c vendor-sys/illumos/dist/uts/common/fs/zfs/sys/bpobj.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dmu_objset.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_dataset.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/dsl_pool.h vendor-sys/illumos/dist/uts/common/fs/zfs/sys/zap.h vendor-sys/illumos/dist/uts/common/fs/zfs/zap.c vendor-sys/illumos/dist/uts/common/fs/zfs/zfeature.c vendor-sys/illumos/dist/uts/common/fs/zfs/zfs_vfsops.c vendor-sys/illumos/dist/uts/common/fs/zfs/zvol.c Modified: vendor/illumos/dist/cmd/zinject/zinject.c ============================================================================== --- vendor/illumos/dist/cmd/zinject/zinject.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor/illumos/dist/cmd/zinject/zinject.c Mon Aug 27 19:25:20 2012 (r239746) @@ -294,11 +294,9 @@ static int iter_handlers(int (*func)(int, const char *, zinject_record_t *, void *), void *data) { - zfs_cmd_t zc; + zfs_cmd_t zc = { 0 }; int ret; - zc.zc_guid = 0; - while (ioctl(zfs_fd, ZFS_IOC_INJECT_LIST_NEXT, &zc) == 0) if ((ret = func((int)zc.zc_guid, zc.zc_name, &zc.zc_inject_record, data)) != 0) @@ -421,7 +419,7 @@ static int cancel_one_handler(int id, const char *pool, zinject_record_t *record, void *data) { - zfs_cmd_t zc; + zfs_cmd_t zc = { 0 }; zc.zc_guid = (uint64_t)id; @@ -454,7 +452,7 @@ cancel_all_handlers(void) static int cancel_handler(int id) { - zfs_cmd_t zc; + zfs_cmd_t zc = { 0 }; zc.zc_guid = (uint64_t)id; @@ -476,7 +474,7 @@ static int register_handler(const char *pool, int flags, zinject_record_t *record, int quiet) { - zfs_cmd_t zc; + zfs_cmd_t zc = { 0 }; (void) strcpy(zc.zc_name, pool); zc.zc_inject_record = *record; @@ -533,7 +531,7 @@ register_handler(const char *pool, int f int perform_action(const char *pool, zinject_record_t *record, int cmd) { - zfs_cmd_t zc; + zfs_cmd_t zc = { 0 }; ASSERT(cmd == VDEV_STATE_DEGRADED || cmd == VDEV_STATE_FAULTED); (void) strlcpy(zc.zc_name, pool, sizeof (zc.zc_name)); Modified: vendor/illumos/dist/lib/libzfs/common/libzfs_dataset.c ============================================================================== --- vendor/illumos/dist/lib/libzfs/common/libzfs_dataset.c Mon Aug 27 19:20:58 2012 (r239745) +++ vendor/illumos/dist/lib/libzfs/common/libzfs_dataset.c Mon Aug 27 19:25:20 2012 (r239746) @@ -3511,7 +3511,7 @@ zfs_rollback(zfs_handle_t *zhp, zfs_hand zhp->zfs_type == ZFS_TYPE_VOLUME); /* - * Destroy all recent snapshots and its dependends. + * Destroy all recent snapshots and their dependents. */ cb.cb_force = force; cb.cb_target = snap->zfs_name; Modified: vendor/illumos/dist/man/man5/zpool-features.5 ============================================================================== --- vendor/illumos/dist/man/man5/zpool-features.5 Mon Aug 27 19:20:58 2012 (r239745) +++ vendor/illumos/dist/man/man5/zpool-features.5 Mon Aug 27 19:25:20 2012 (r239746) @@ -169,5 +169,33 @@ through the \fBfreeing\fR property. This feature is only \fBactive\fR while \fBfreeing\fR is non\-zero. .RE + +.sp +.ne 2 +.na +\fB\fBempty_bpobj\fR\fR +.ad +.RS 4n +.TS +l l . +GUID com.delphix:empty_bpobj +READ\-ONLY COMPATIBLE yes +DEPENDENCIES none +.TE + +This feature increases the performance of creating and using a large +number of snapshots of a single filesystem or volume, and also reduces +the disk space required. + +When there are many snapshots, each snapshot uses many Block Pointer +Objects (bpobj's) to track blocks associated with that snapshot. +However, in common use cases, most of these bpobj's are empty. This +feature allows us to create each bpobj on-demand, thus eliminating the +empty bpobjs. + +This feature is \fBactive\fR while there are any filesystems, volumes, +or snapshots which were created after enabling this feature. +.RE + .SH "SEE ALSO" \fBzpool\fR(1M) From owner-svn-src-vendor@FreeBSD.ORG Wed Aug 29 15:46:02 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1A53A106566B; Wed, 29 Aug 2012 15:46:02 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 019058FC15; Wed, 29 Aug 2012 15:46:02 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7TFk1aK070731; Wed, 29 Aug 2012 15:46:01 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7TFk1Ol070716; Wed, 29 Aug 2012 15:46:01 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201208291546.q7TFk1Ol070716@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Wed, 29 Aug 2012 15:46:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239844 - in vendor-crypto/openssh/dist: . contrib/caldera contrib/cygwin contrib/redhat contrib/suse lib openbsd-compat regress scp sftp sftp-server ssh ssh-add ssh-agent ssh-keygen ss... X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 15:46:02 -0000 Author: des Date: Wed Aug 29 15:46:01 2012 New Revision: 239844 URL: http://svn.freebsd.org/changeset/base/239844 Log: Vendor import of OpenSSH 6.0p1. Added: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c (contents, props changed) vendor-crypto/openssh/dist/openbsd-compat/strnlen.c (contents, props changed) vendor-crypto/openssh/dist/sandbox-seccomp-filter.c (contents, props changed) Deleted: vendor-crypto/openssh/dist/lib/ vendor-crypto/openssh/dist/scp/ vendor-crypto/openssh/dist/sftp/ vendor-crypto/openssh/dist/sftp-server/ vendor-crypto/openssh/dist/ssh/ vendor-crypto/openssh/dist/ssh-add/ vendor-crypto/openssh/dist/ssh-agent/ vendor-crypto/openssh/dist/ssh-keygen/ vendor-crypto/openssh/dist/ssh-keyscan/ vendor-crypto/openssh/dist/ssh-keysign/ vendor-crypto/openssh/dist/sshd/ Modified: vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/INSTALL vendor-crypto/openssh/dist/LICENCE vendor-crypto/openssh/dist/Makefile.in vendor-crypto/openssh/dist/PROTOCOL.mux vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/audit-bsm.c vendor-crypto/openssh/dist/auth-options.c vendor-crypto/openssh/dist/auth2-pubkey.c vendor-crypto/openssh/dist/auth2.c vendor-crypto/openssh/dist/authfile.c vendor-crypto/openssh/dist/channels.c vendor-crypto/openssh/dist/channels.h vendor-crypto/openssh/dist/clientloop.c vendor-crypto/openssh/dist/clientloop.h vendor-crypto/openssh/dist/compat.c vendor-crypto/openssh/dist/compat.h vendor-crypto/openssh/dist/config.h.in vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/caldera/openssh.spec vendor-crypto/openssh/dist/contrib/cygwin/Makefile vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/defines.h vendor-crypto/openssh/dist/dh.c vendor-crypto/openssh/dist/entropy.c vendor-crypto/openssh/dist/entropy.h vendor-crypto/openssh/dist/key.c vendor-crypto/openssh/dist/mac.c vendor-crypto/openssh/dist/misc.c vendor-crypto/openssh/dist/moduli vendor-crypto/openssh/dist/moduli.c vendor-crypto/openssh/dist/monitor.c vendor-crypto/openssh/dist/mux.c vendor-crypto/openssh/dist/openbsd-compat/Makefile.in vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.c vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h vendor-crypto/openssh/dist/openbsd-compat/getcwd.c vendor-crypto/openssh/dist/openbsd-compat/getgrouplist.c vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname.c vendor-crypto/openssh/dist/openbsd-compat/glob.c vendor-crypto/openssh/dist/openbsd-compat/inet_ntop.c vendor-crypto/openssh/dist/openbsd-compat/mktemp.c vendor-crypto/openssh/dist/openbsd-compat/openbsd-compat.h vendor-crypto/openssh/dist/openbsd-compat/openssl-compat.h vendor-crypto/openssh/dist/openbsd-compat/port-linux.c vendor-crypto/openssh/dist/openbsd-compat/setenv.c vendor-crypto/openssh/dist/openbsd-compat/sha2.c vendor-crypto/openssh/dist/openbsd-compat/sha2.h vendor-crypto/openssh/dist/openbsd-compat/strlcpy.c vendor-crypto/openssh/dist/packet.c vendor-crypto/openssh/dist/packet.h vendor-crypto/openssh/dist/readconf.c vendor-crypto/openssh/dist/readconf.h vendor-crypto/openssh/dist/regress/keytype.sh vendor-crypto/openssh/dist/roaming.h vendor-crypto/openssh/dist/roaming_client.c vendor-crypto/openssh/dist/roaming_common.c vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/scp.1 vendor-crypto/openssh/dist/scp.c vendor-crypto/openssh/dist/servconf.c vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/sftp-client.c vendor-crypto/openssh/dist/sftp-glob.c vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/sftp.1 vendor-crypto/openssh/dist/sftp.c vendor-crypto/openssh/dist/ssh-add.0 vendor-crypto/openssh/dist/ssh-add.1 vendor-crypto/openssh/dist/ssh-add.c vendor-crypto/openssh/dist/ssh-ecdsa.c vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keygen.1 vendor-crypto/openssh/dist/ssh-keygen.c vendor-crypto/openssh/dist/ssh-keyscan.1 vendor-crypto/openssh/dist/ssh-keyscan.c vendor-crypto/openssh/dist/ssh-pkcs11-client.c vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.1 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/ssh_config.5 vendor-crypto/openssh/dist/sshd.0 vendor-crypto/openssh/dist/sshd.8 vendor-crypto/openssh/dist/sshd.c vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/sshd_config.5 vendor-crypto/openssh/dist/umac.c vendor-crypto/openssh/dist/version.h Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/ChangeLog Wed Aug 29 15:46:01 2012 (r239844) @@ -1,3 +1,334 @@ +20120420 + - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update for release 6.0 + - (djm) [README] Update URL to release notes. + - (djm) Release openssh-6.0 + +20120419 + - (djm) [configure.ac] Fix compilation error on FreeBSD, whose libutil + contains openpty() but not login() + +20120404 + - (djm) [Makefile.in configure.ac sandbox-seccomp-filter.c] Add sandbox + mode for Linux's new seccomp filter; patch from Will Drewry; feedback + and ok dtucker@ + +20120330 + - (dtucker) [contrib/redhat/openssh.spec] Bug #1992: remove now-gone WARNING + file from spec file. From crighter at nuclioss com. + - (djm) [entropy.c] bz#1991: relax OpenSSL version test to allow running + openssh binaries on a newer fix release than they were compiled on. + with and ok dtucker@ + - (djm) [openbsd-compat/bsd-cygwin_util.h] #undef _WIN32 to avoid incorrect + assumptions when building on Cygwin; patch from Corinna Vinschen + +20120309 + - (djm) [openbsd-compat/port-linux.c] bz#1960: fix crash on SELinux + systems where sshd is run in te wrong context. Patch from Sven + Vermeulen; ok dtucker@ + - (djm) [packet.c] bz#1963: Fix IPQoS not being set on non-mapped v4-in-v6 + addressed connections. ok dtucker@ + +20120224 + - (dtucker) [audit-bsm.c configure.ac] bug #1968: enable workarounds for BSM + audit breakage in Solaris 11. Patch from Magnus Johansson. + +20120215 + - (tim) [openbsd-compat/bsd-misc.h sshd.c] Fix conflicting return type for + unsetenv due to rev 1.14 change to setenv.c. Cast unsetenv to void in sshd.c + ok dtucker@ + - (tim) [defines.h] move chunk introduced in 1.125 before MAXPATHLEN so + it actually works. + - (tim) [regress/keytype.sh] stderr redirection needs to be inside back quote + to work. Spotted by Angel Gonzalez + +20120214 + - (djm) [openbsd-compat/bsd-cygwin_util.c] Add PROGRAMFILES to list of + preserved Cygwin environment variables; from Corinna Vinschen + +20120211 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/01/05 00:16:56 + [monitor.c] + memleak on error path + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + - miod@cvs.openbsd.org 2012/01/08 13:17:11 + [ssh-ecdsa.c] + Fix memory leak in ssh_ecdsa_verify(); from Loganaden Velvindron, + ok markus@ + - miod@cvs.openbsd.org 2012/01/16 20:34:09 + [ssh-pkcs11-client.c] + Fix a memory leak in pkcs11_rsa_private_encrypt(), reported by Jan Klemkow. + While there, be sure to buffer_clear() between send_msg() and recv_msg(). + ok markus@ + - dtucker@cvs.openbsd.org 2012/01/18 21:46:43 + [clientloop.c] + Ensure that $DISPLAY contains only valid characters before using it to + extract xauth data so that it can't be used to play local shell + metacharacter games. Report from r00t_ati at ihteam.net, ok markus. + - markus@cvs.openbsd.org 2012/01/25 19:26:43 + [packet.c] + do not permit SSH2_MSG_SERVICE_REQUEST/ACCEPT during rekeying; + ok dtucker@, djm@ + - markus@cvs.openbsd.org 2012/01/25 19:36:31 + [authfile.c] + memleak in key_load_file(); from Jan Klemkow + - markus@cvs.openbsd.org 2012/01/25 19:40:09 + [packet.c packet.h] + packet_read_poll() is not used anymore. + - markus@cvs.openbsd.org 2012/02/09 20:00:18 + [version.h] + move from 6.0-beta to 6.0 + +20120206 + - (djm) [ssh-keygen.c] Don't fail in do_gen_all_hostkeys on platforms + that don't support ECC. Patch from Phil Oleson + +20111219 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/02 00:43:57 + [mac.c] + fix bz#1934: newer OpenSSL versions will require HMAC_CTX_Init before + HMAC_init (this change in policy seems insane to me) + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2011/12/07 05:44:38 + [auth2.c dh.c packet.c roaming.h roaming_client.c roaming_common.c] + fix some harmless and/or unreachable int overflows; + reported Xi Wang, ok markus@ + +20111125 + - OpenBSD CVS Sync + - oga@cvs.openbsd.org 2011/11/16 12:24:28 + [sftp.c] + Don't leak list in complete_cmd_parse if there are no commands found. + Discovered when I was ``borrowing'' this code for something else. + ok djm@ + +20111121 + - (dtucker) [configure.ac] Set _FORTIFY_SOURCE. ok djm@ + +20111104 + - (dtucker) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/10/18 05:15:28 + [ssh.c] + ssh(1): skip attempting to create ~/.ssh when -F is passed; ok markus@ + - djm@cvs.openbsd.org 2011/10/18 23:37:42 + [ssh-add.c] + add -k to usage(); reminded by jmc@ + - djm@cvs.openbsd.org 2011/10/19 00:06:10 + [moduli.c] + s/tmpfile/tmp/ to make this -Wshadow clean + - djm@cvs.openbsd.org 2011/10/19 10:39:48 + [umac.c] + typo in comment; patch from Michael W. Bombardieri + - djm@cvs.openbsd.org 2011/10/24 02:10:46 + [ssh.c] + bz#1943: unbreak stdio forwarding when ControlPersist is in user - ssh + was incorrectly requesting the forward in both the control master and + slave. skip requesting it in the master to fix. ok markus@ + - djm@cvs.openbsd.org 2011/10/24 02:13:13 + [session.c] + bz#1859: send tty break to pty master instead of (probably already + closed) slave side; "looks good" markus@ + - dtucker@cvs.openbsd.org 011/11/04 00:09:39 + [moduli] + regenerated moduli file; ok deraadt + - (dtucker) [INSTALL LICENCE configure.ac openbsd-compat/Makefile.in + openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/getrrsetbyname.c] + bz 1320: Add optional support for LDNS, a BSD licensed DNS resolver library + which supports DNSSEC. Patch from Simon Vallet (svallet at genoscope cns fr) + with some rework from myself and djm. ok djm. + +20111025 + - (dtucker) [contrib/cygwin/Makefile] Continue if installing a doc file + fails. Patch from Corinna Vinschen. + +20111018 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/10/04 14:17:32 + [sftp-glob.c] + silence error spam for "ls */foo" in directory with files; bz#1683 + - dtucker@cvs.openbsd.org 2011/10/16 11:02:46 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add optional checkpoints for moduli screening. feedback & ok deraadt + - jmc@cvs.openbsd.org 2011/10/16 15:02:41 + [ssh-keygen.c] + put -K in the right place (usage()); + - stsp@cvs.openbsd.org 2011/10/16 15:51:39 + [moduli.c] + add missing includes to unbreak tree; fix from rpointel + - djm@cvs.openbsd.org 2011/10/18 04:58:26 + [auth-options.c key.c] + remove explict search for \0 in packet strings, this job is now done + implicitly by buffer_get_cstring; ok markus + - djm@cvs.openbsd.org 2011/10/18 05:00:48 + [ssh-add.1 ssh-add.c] + new "ssh-add -k" option to load plain keys (skipping certificates); + "looks ok" markus@ + +20111001 + - (dtucker) [openbsd-compat/mktemp.c] Fix compiler warning. ok djm + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2011/09/23 00:22:04 + [channels.c auth-options.c servconf.c channels.h sshd.8] + Add wildcard support to PermitOpen, allowing things like "PermitOpen + localhost:*". bz #1857, ok djm markus. + - markus@cvs.openbsd.org 2011/09/23 07:45:05 + [mux.c readconf.h channels.h compat.h compat.c ssh.c readconf.c channels.c + version.h] + unbreak remote portforwarding with dynamic allocated listen ports: + 1) send the actual listen port in the open message (instead of 0). + this allows multiple forwardings with a dynamic listen port + 2) update the matching permit-open entry, so we can identify where + to connect to + report: den at skbkontur.ru and P. Szczygielski + feedback and ok djm@ + - djm@cvs.openbsd.org 2011/09/25 05:44:47 + [auth2-pubkey.c] + improve the AuthorizedPrincipalsFile debug log message to include + file and line number + - dtucker@cvs.openbsd.org 2011/09/30 00:47:37 + [sshd.c] + don't attempt privsep cleanup when not using privsep; ok markus@ + - djm@cvs.openbsd.org 2011/09/30 21:22:49 + [sshd.c] + fix inverted test that caused logspam; spotted by henning@ + +20110929 + - (djm) [configure.ac defines.h] No need to detect sizeof(char); patch + from des AT des.no + - (dtucker) [configure.ac openbsd-compat/Makefile.in + openbsd-compat/strnlen.c] Add strnlen to the compat library. + +20110923 + - (djm) [openbsd-compat/getcwd.c] Remove OpenBSD rcsid marker since we no + longer want to sync this file (OpenBSD uses a __getcwd syscall now, we + want this longhand version) + - (djm) [openbsd-compat/getgrouplist.c] Remove OpenBSD rcsid marker: the + upstream version is YPified and we don't want this + - (djm) [openbsd-compat/mktemp.c] forklift upgrade to -current version. + The file was totally rewritten between what we had in tree and -current. + - (djm) [openbsd-compat/sha2.c openbsd-compat/sha2.h] Remove OpenBSD rcsid + marker. The upstream API has changed (function and structure names) + enough to put it out of sync with other providers of this interface. + - (djm) [openbsd-compat/setenv.c] Forklift upgrade, including inclusion + of static __findenv() function from upstream setenv.c + - OpenBSD CVS Sync + - millert@cvs.openbsd.org 2006/05/05 15:27:38 + [openbsd-compat/strlcpy.c] + Convert do {} while loop -> while {} for clarity. No binary change + on most architectures. From Oliver Smith. OK deraadt@ and henning@ + - tobias@cvs.openbsd.org 2007/10/21 11:09:30 + [openbsd-compat/mktemp.c] + Comment fix about time consumption of _gettemp. + FreeBSD did this in revision 1.20. + OK deraadt@, krw@ + - deraadt@cvs.openbsd.org 2008/07/22 21:47:45 + [openbsd-compat/mktemp.c] + use arc4random_uniform(); ok djm millert + - millert@cvs.openbsd.org 2008/08/21 16:54:44 + [openbsd-compat/mktemp.c] + Remove useless code, the kernel will set errno appropriately if an + element in the path does not exist. OK deraadt@ pvalchev@ + - otto@cvs.openbsd.org 2008/12/09 19:38:38 + [openbsd-compat/inet_ntop.c] + fix inet_ntop(3) prototype; ok millert@ libc to be bumbed very soon + +20110922 + - OpenBSD CVS Sync + - pyr@cvs.openbsd.org 2011/05/12 07:15:10 + [openbsd-compat/glob.c] + When the max number of items for a directory has reached GLOB_LIMIT_READDIR + an error is returned but closedir() is not called. + spotted and fix provided by Frank Denis obsd-tech@pureftpd.org + ok otto@, millert@ + - stsp@cvs.openbsd.org 2011/09/20 10:18:46 + [glob.c] + In glob(3), limit recursion during matching attempts. Similar to + fnmatch fix. Also collapse consecutive '*' (from NetBSD). + ok miod deraadt + - djm@cvs.openbsd.org 2011/09/22 06:27:29 + [glob.c] + fix GLOB_KEEPSTAT without GLOB_NOSORT; the implicit sort was being + applied only to the gl_pathv vector and not the corresponding gl_statv + array. reported in OpenSSH bz#1935; feedback and okay matthew@ + - djm@cvs.openbsd.org 2011/08/26 01:45:15 + [ssh.1] + Add some missing ssh_config(5) options that can be used in ssh(1)'s + -o argument. Patch from duclare AT guu.fi + - djm@cvs.openbsd.org 2011/09/05 05:56:13 + [scp.1 sftp.1] + mention ControlPersist and KbdInteractiveAuthentication in the -o + verbiage in these pages too (prompted by jmc@) + - djm@cvs.openbsd.org 2011/09/05 05:59:08 + [misc.c] + fix typo in IPQoS parsing: there is no "AF14" class, but there is + an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk + - jmc@cvs.openbsd.org 2011/09/05 07:01:44 + [scp.1] + knock out a useless Ns; + - deraadt@cvs.openbsd.org 2011/09/07 02:18:31 + [ssh-keygen.1] + typo (they vs the) found by Lawrence Teo + - djm@cvs.openbsd.org 2011/09/09 00:43:00 + [ssh_config.5 sshd_config.5] + fix typo in IPQoS parsing: there is no "AF14" class, but there is + an "AF21" class. Spotted by giesen AT snickers.org; ok markus stevesk + - djm@cvs.openbsd.org 2011/09/09 00:44:07 + [PROTOCOL.mux] + MUX_C_CLOSE_FWD includes forward type in message (though it isn't + implemented anyway) + - djm@cvs.openbsd.org 2011/09/09 22:37:01 + [scp.c] + suppress adding '--' to remote commandlines when the first argument + does not start with '-'. saves breakage on some difficult-to-upgrade + embedded/router platforms; feedback & ok dtucker ok markus + - djm@cvs.openbsd.org 2011/09/09 22:38:21 + [sshd.c] + kill the preauth privsep child on fatal errors in the monitor; + ok markus@ + - djm@cvs.openbsd.org 2011/09/09 22:46:44 + [channels.c channels.h clientloop.h mux.c ssh.c] + support for cancelling local and remote port forwards via the multiplex + socket. Use ssh -O cancel -L xx:xx:xx -R yy:yy:yy user@host" to request + the cancellation of the specified forwardings; ok markus@ + - markus@cvs.openbsd.org 2011/09/10 22:26:34 + [channels.c channels.h clientloop.c ssh.1] + support cancellation of local/dynamic forwardings from ~C commandline; + ok & feedback djm@ + - okan@cvs.openbsd.org 2011/09/11 06:59:05 + [ssh.1] + document new -O cancel command; ok djm@ + - markus@cvs.openbsd.org 2011/09/11 16:07:26 + [sftp-client.c] + fix leaks in do_hardlink() and do_readlink(); bz#1921 + from Loganaden Velvindron + - markus@cvs.openbsd.org 2011/09/12 08:46:15 + [sftp-client.c] + fix leak in do_lsreaddir(); ok djm + - djm@cvs.openbsd.org 2011/09/22 06:29:03 + [sftp.c] + don't let remote_glob() implicitly sort its results in do_globbed_ls() - + in all likelihood, they will be resorted anyway + +20110909 + - (dtucker) [entropy.h] Bug #1932: remove old definition of init_rng. From + Colin Watson. + 20110906 - (djm) [README version.h] Correct version - (djm) [contrib/redhat/openssh.spec] Correct restorcon => restorecon Modified: vendor-crypto/openssh/dist/INSTALL ============================================================================== --- vendor-crypto/openssh/dist/INSTALL Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/INSTALL Wed Aug 29 15:46:01 2012 (r239844) @@ -80,6 +80,12 @@ these multi-platform ports: http://www.thrysoee.dk/editline/ http://sourceforge.net/projects/libedit/ +LDNS: + +LDNS is a DNS BSD-licensed resolver library which supports DNSSEC. + +http://nlnetlabs.nl/projects/ldns/ + Autoconf: If you modify configure.ac or configure doesn't exist (eg if you checked @@ -260,4 +266,4 @@ Please refer to the "reporting bugs" sec http://www.openssh.com/ -$Id: INSTALL,v 1.86 2011/05/05 03:48:37 djm Exp $ +$Id: INSTALL,v 1.87 2011/11/04 00:25:25 dtucker Exp $ Modified: vendor-crypto/openssh/dist/LICENCE ============================================================================== --- vendor-crypto/openssh/dist/LICENCE Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/LICENCE Wed Aug 29 15:46:01 2012 (r239844) @@ -207,6 +207,7 @@ OpenSSH contains no GPL code. The SCO Group Daniel Walsh Red Hat, Inc + Simon Vallet / Genoscope * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: vendor-crypto/openssh/dist/Makefile.in ============================================================================== --- vendor-crypto/openssh/dist/Makefile.in Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/Makefile.in Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.325 2011/08/05 20:15:18 djm Exp $ +# $Id: Makefile.in,v 1.326 2012/04/04 01:27:57 djm Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -90,7 +90,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o \ - sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o + sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ + sandbox-seccomp-filter.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 Modified: vendor-crypto/openssh/dist/PROTOCOL.mux ============================================================================== --- vendor-crypto/openssh/dist/PROTOCOL.mux Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/PROTOCOL.mux Wed Aug 29 15:46:01 2012 (r239844) @@ -133,6 +133,7 @@ A client may request the master to close uint32 MUX_C_CLOSE_FWD uint32 request id + uint32 forwarding type string listen host string listen port string connect host @@ -218,4 +219,4 @@ XXX inject packet (what about replies) XXX server->client error/warning notifications XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.7 2011/05/08 12:52:01 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.8 2011/09/09 00:44:07 djm Exp $ Modified: vendor-crypto/openssh/dist/README ============================================================================== --- vendor-crypto/openssh/dist/README Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/README Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.9 for the release notes. +See http://www.openssh.com/txt/release-6.0 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.77.2.2 2011/09/06 23:11:20 djm Exp $ +$Id: README,v 1.80 2012/04/20 04:11:04 djm Exp $ Modified: vendor-crypto/openssh/dist/audit-bsm.c ============================================================================== --- vendor-crypto/openssh/dist/audit-bsm.c Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/audit-bsm.c Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -/* $Id: audit-bsm.c,v 1.7 2011/01/17 10:15:29 dtucker Exp $ */ +/* $Id: audit-bsm.c,v 1.8 2012/02/23 23:40:43 dtucker Exp $ */ /* * TODO @@ -45,6 +45,10 @@ #include #include +#ifdef BROKEN_BSM_API +#include +#endif + #include "ssh.h" #include "log.h" #include "key.h" @@ -114,6 +118,12 @@ extern int aug_daemon_session(void); extern Authctxt *the_authctxt; static AuditInfoTermID ssh_bsm_tid; +#ifdef BROKEN_BSM_API +/* For some reason this constant is no longer defined + in Solaris 11. */ +#define BSM_TEXTBUFSZ 256 +#endif + /* Below is the low-level BSM interface code */ /* @@ -161,6 +171,65 @@ aug_get_machine(char *host, u_int32_t *a } #endif +#ifdef BROKEN_BSM_API +/* + In Solaris 11 the audit daemon has been moved to SMF. In the process + they simply dropped getacna() from the API, since it read from a now + non-existent config file. This function re-implements getacna() to + read from the SMF repository instead. + */ +int +getacna(char *auditstring, int len) +{ + scf_handle_t *handle = NULL; + scf_property_t *property = NULL; + scf_value_t *value = NULL; + int ret = 0; + + handle = scf_handle_create(SCF_VERSION); + if (handle == NULL) + return -2; /* The man page for getacna on Solaris 10 states + we should return -2 in case of error and set + errno to indicate the error. We don't bother + with errno here, though, since the only use + of this function below doesn't check for errors + anyway. + */ + + ret = scf_handle_bind(handle); + if (ret == -1) + return -2; + + property = scf_property_create(handle); + if (property == NULL) + return -2; + + ret = scf_handle_decode_fmri(handle, + "svc:/system/auditd:default/:properties/preselection/naflags", + NULL, NULL, NULL, NULL, property, 0); + if (ret == -1) + return -2; + + value = scf_value_create(handle); + if (value == NULL) + return -2; + + ret = scf_property_get_value(property, value); + if (ret == -1) + return -2; + + ret = scf_value_get_astring(value, auditstring, len); + if (ret == -1) + return -2; + + scf_value_destroy(value); + scf_property_destroy(property); + scf_handle_destroy(handle); + + return 0; +} +#endif + /* * Check if the specified event is selected (enabled) for auditing. * Returns 1 if the event is selected, 0 if not and -1 on failure. @@ -213,7 +282,15 @@ bsm_audit_record(int typ, char *string, (void) au_write(ad, au_to_text(string)); (void) au_write(ad, AUToReturnFunc(typ, rc)); +#ifdef BROKEN_BSM_API + /* The last argument is the event modifier flags. For + some seemingly undocumented reason it was added in + Solaris 11. */ + rc = au_close(ad, AU_TO_WRITE, event_no, 0); +#else rc = au_close(ad, AU_TO_WRITE, event_no); +#endif + if (rc < 0) error("BSM audit: %s failed to write \"%s\" record: %s", __func__, string, strerror(errno)); Modified: vendor-crypto/openssh/dist/auth-options.c ============================================================================== --- vendor-crypto/openssh/dist/auth-options.c Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/auth-options.c Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.54 2010/12/24 21:41:48 djm Exp $ */ +/* $OpenBSD: auth-options.c,v 1.56 2011/10/18 04:58:26 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -341,7 +341,7 @@ auth_parse_options(struct passwd *pw, ch goto bad_option; } host = cleanhostname(host); - if (p == NULL || (port = a2port(p)) <= 0) { + if (p == NULL || (port = permitopen_port(p)) < 0) { debug("%.100s, line %lu: Bad permitopen port " "<%.100s>", file, linenum, p ? p : ""); auth_debug_add("%.100s, line %lu: " @@ -452,10 +452,6 @@ parse_option_list(u_char *optblob, size_ buffer_append(&data, data_blob, dlen); debug3("found certificate option \"%.100s\" len %u", name, dlen); - if (strlen(name) != nlen) { - error("Certificate constraint name contains \\0"); - goto out; - } found = 0; if ((which & OPTIONS_EXTENSIONS) != 0) { if (strcmp(name, "permit-X11-forwarding") == 0) { @@ -485,11 +481,6 @@ parse_option_list(u_char *optblob, size_ "corrupt", name); goto out; } - if (strlen(command) != clen) { - error("force-command constraint " - "contains \\0"); - goto out; - } if (*cert_forced_command != NULL) { error("Certificate has multiple " "force-command options"); @@ -506,11 +497,6 @@ parse_option_list(u_char *optblob, size_ "\"%s\" corrupt", name); goto out; } - if (strlen(allowed) != clen) { - error("source-address constraint " - "contains \\0"); - goto out; - } if ((*cert_source_address_done)++) { error("Certificate has multiple " "source-address options"); Modified: vendor-crypto/openssh/dist/auth2-pubkey.c ============================================================================== --- vendor-crypto/openssh/dist/auth2-pubkey.c Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/auth2-pubkey.c Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.29 2011/05/23 03:30:07 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.30 2011/09/25 05:44:47 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -238,8 +238,9 @@ match_principals_file(char *file, struct } for (i = 0; i < cert->nprincipals; i++) { if (strcmp(cp, cert->principals[i]) == 0) { - debug3("matched principal from file \"%.100s\"", - cert->principals[i]); + debug3("matched principal \"%.100s\" " + "from file \"%s\" on line %lu", + cert->principals[i], file, linenum); if (auth_parse_options(pw, line_opts, file, linenum) != 1) continue; Modified: vendor-crypto/openssh/dist/auth2.c ============================================================================== --- vendor-crypto/openssh/dist/auth2.c Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/auth2.c Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2.c,v 1.123 2011/03/10 02:52:57 djm Exp $ */ +/* $OpenBSD: auth2.c,v 1.124 2011/12/07 05:44:38 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -113,7 +113,7 @@ auth2_read_banner(void) close(fd); return (NULL); } - if (st.st_size > 1*1024*1024) { + if (st.st_size <= 0 || st.st_size > 1*1024*1024) { close(fd); return (NULL); } Modified: vendor-crypto/openssh/dist/authfile.c ============================================================================== --- vendor-crypto/openssh/dist/authfile.c Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/authfile.c Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -/* $OpenBSD: authfile.c,v 1.92 2011/06/14 22:49:18 markus Exp $ */ +/* $OpenBSD: authfile.c,v 1.93 2012/01/25 19:36:31 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -340,7 +340,7 @@ key_load_file(int fd, const char *filena filename == NULL ? "" : " "); return 0; } - buffer_init(blob); + buffer_clear(blob); for (;;) { if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) { if (errno == EPIPE) Modified: vendor-crypto/openssh/dist/channels.c ============================================================================== --- vendor-crypto/openssh/dist/channels.c Wed Aug 29 15:45:58 2012 (r239843) +++ vendor-crypto/openssh/dist/channels.c Wed Aug 29 15:46:01 2012 (r239844) @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.311 2011/06/22 22:08:42 djm Exp $ */ +/* $OpenBSD: channels.c,v 1.315 2011/09/23 07:45:05 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -125,6 +125,9 @@ static int num_permitted_opens = 0; /* Number of permitted host/port pair in the array permitted by the admin. */ static int num_adm_permitted_opens = 0; +/* special-case port number meaning allow any port */ +#define FWD_PERMIT_ANY_PORT 0 + /* * If this is true, all opens are permitted. This is the case on the server * on which we have to trust the client anyway, and the user could do @@ -302,6 +305,8 @@ channel_new(char *ctype, int type, int r buffer_init(&c->output); buffer_init(&c->extended); c->path = NULL; + c->listening_addr = NULL; + c->listening_port = 0; c->ostate = CHAN_OUTPUT_OPEN; c->istate = CHAN_INPUT_OPEN; c->flags = 0; @@ -411,6 +416,10 @@ channel_free(Channel *c) xfree(c->path); c->path = NULL; } + if (c->listening_addr) { + xfree(c->listening_addr); + c->listening_addr = NULL; + } while ((cc = TAILQ_FIRST(&c->status_confirms)) != NULL) { if (cc->abandon_cb != NULL) cc->abandon_cb(c, cc->ctx); @@ -2634,6 +2643,46 @@ channel_set_af(int af) IPv4or6 = af; } + +/* + * Determine whether or not a port forward listens to loopback, the + * specified address or wildcard. On the client, a specified bind + * address will always override gateway_ports. On the server, a + * gateway_ports of 1 (``yes'') will override the client's specification + * and force a wildcard bind, whereas a value of 2 (``clientspecified'') + * will bind to whatever address the client asked for. + * + * Special-case listen_addrs are: + * + * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR + * "" (empty string), "*" -> wildcard v4/v6 + * "localhost" -> loopback v4/v6 + */ +static const char * +channel_fwd_bind_addr(const char *listen_addr, int *wildcardp, + int is_client, int gateway_ports) +{ + const char *addr = NULL; + int wildcard = 0; + + if (listen_addr == NULL) { + /* No address specified: default to gateway_ports setting */ + if (gateway_ports) + wildcard = 1; + } else if (gateway_ports || is_client) { + if (((datafellows & SSH_OLD_FORWARD_ADDR) && + strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || + *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || + (!is_client && gateway_ports == 1)) + wildcard = 1; + else if (strcmp(listen_addr, "localhost") != 0) + addr = listen_addr; + } + if (wildcardp != NULL) + *wildcardp = wildcard; + return addr; +} + static int channel_setup_fwd_listener(int type, const char *listen_addr, u_short listen_port, int *allocated_listen_port, @@ -2659,36 +2708,9 @@ channel_setup_fwd_listener(int type, con return 0; } - /* - * Determine whether or not a port forward listens to loopback, - * specified address or wildcard. On the client, a specified bind - * address will always override gateway_ports. On the server, a - * gateway_ports of 1 (``yes'') will override the client's - * specification and force a wildcard bind, whereas a value of 2 - * (``clientspecified'') will bind to whatever address the client - * asked for. - * - * Special-case listen_addrs are: - * - * "0.0.0.0" -> wildcard v4/v6 if SSH_OLD_FORWARD_ADDR - * "" (empty string), "*" -> wildcard v4/v6 - * "localhost" -> loopback v4/v6 - */ - addr = NULL; - if (listen_addr == NULL) { - /* No address specified: default to gateway_ports setting */ - if (gateway_ports) - wildcard = 1; - } else if (gateway_ports || is_client) { - if (((datafellows & SSH_OLD_FORWARD_ADDR) && - strcmp(listen_addr, "0.0.0.0") == 0 && is_client == 0) || - *listen_addr == '\0' || strcmp(listen_addr, "*") == 0 || - (!is_client && gateway_ports == 1)) - wildcard = 1; - else if (strcmp(listen_addr, "localhost") != 0) - addr = listen_addr; - } - + /* Determine the bind address, cf. channel_fwd_bind_addr() comment */ + addr = channel_fwd_bind_addr(listen_addr, &wildcard, + is_client, gateway_ports); debug3("channel_setup_fwd_listener: type %d wildcard %d addr %s", type, wildcard, (addr == NULL) ? "NULL" : addr); @@ -2792,7 +2814,12 @@ channel_setup_fwd_listener(int type, con 0, "port listener", 1); c->path = xstrdup(host); c->host_port = port_to_connect; - c->listening_port = listen_port; + c->listening_addr = addr == NULL ? NULL : xstrdup(addr); + if (listen_port == 0 && allocated_listen_port != NULL && + !(datafellows & SSH_BUG_DYNAMIC_RPORT)) + c->listening_port = *allocated_listen_port; + else + c->listening_port = listen_port; success = 1; } if (success == 0) @@ -2810,9 +2837,44 @@ channel_cancel_rport_listener(const char for (i = 0; i < channels_alloc; i++) { Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_RPORT_LISTENER) + continue; + if (strcmp(c->path, host) == 0 && c->listening_port == port) { + debug2("%s: close channel %d", __func__, i); + channel_free(c); + found = 1; + } + } + + return (found); +} + +int +channel_cancel_lport_listener(const char *lhost, u_short lport, + int cport, int gateway_ports) +{ + u_int i; + int found = 0; + const char *addr = channel_fwd_bind_addr(lhost, NULL, 1, gateway_ports); - if (c != NULL && c->type == SSH_CHANNEL_RPORT_LISTENER && - strcmp(c->path, host) == 0 && c->listening_port == port) { + for (i = 0; i < channels_alloc; i++) { + Channel *c = channels[i]; + if (c == NULL || c->type != SSH_CHANNEL_PORT_LISTENER) + continue; + if (c->listening_port != lport) + continue; + if (cport == CHANNEL_CANCEL_PORT_STATIC) { + /* skip dynamic forwardings */ + if (c->host_port == 0) + continue; + } else { + if (c->host_port != cport) + continue; + } + if ((c->listening_addr == NULL && addr != NULL) || + (c->listening_addr != NULL && addr == NULL)) + continue; + if (addr == NULL || strcmp(c->listening_addr, addr) == 0) { debug2("%s: close channel %d", __func__, i); channel_free(c); found = 1; @@ -2843,37 +2905,44 @@ channel_setup_remote_fwd_listener(const } /* + * Translate the requested rfwd listen host to something usable for + * this server. + */ +static const char * +channel_rfwd_bind_host(const char *listen_host) +{ + if (listen_host == NULL) { + if (datafellows & SSH_BUG_RFWD_ADDR) + return "127.0.0.1"; + else + return "localhost"; + } else if (*listen_host == '\0' || strcmp(listen_host, "*") == 0) { + if (datafellows & SSH_BUG_RFWD_ADDR) + return "0.0.0.0"; + else + return ""; + } else + return listen_host; +} + +/* * Initiate forwarding of connections to port "port" on remote host through * the secure channel to host:port from local side. + * Returns handle (index) for updating the dynamic listen port with + * channel_update_permitted_opens(). */ - int channel_request_remote_forwarding(const char *listen_host, u_short listen_port, const char *host_to_connect, u_short port_to_connect) { - int type, success = 0; + int type, success = 0, idx = -1; /* Send the forward request to the remote side. */ if (compat20) { - const char *address_to_bind; - if (listen_host == NULL) { - if (datafellows & SSH_BUG_RFWD_ADDR) - address_to_bind = "127.0.0.1"; - else - address_to_bind = "localhost"; - } else if (*listen_host == '\0' || - strcmp(listen_host, "*") == 0) { - if (datafellows & SSH_BUG_RFWD_ADDR) - address_to_bind = "0.0.0.0"; - else - address_to_bind = ""; - } else - address_to_bind = listen_host; - packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("tcpip-forward"); - packet_put_char(1); /* boolean: want reply */ - packet_put_cstring(address_to_bind); + packet_put_char(1); /* boolean: want reply */ + packet_put_cstring(channel_rfwd_bind_host(listen_host)); packet_put_int(listen_port); packet_send(); packet_write_wait(); @@ -2905,25 +2974,25 @@ channel_request_remote_forwarding(const /* Record that connection to this host/port is permitted. */ permitted_opens = xrealloc(permitted_opens, num_permitted_opens + 1, sizeof(*permitted_opens)); - permitted_opens[num_permitted_opens].host_to_connect = xstrdup(host_to_connect); - permitted_opens[num_permitted_opens].port_to_connect = port_to_connect; - permitted_opens[num_permitted_opens].listen_port = listen_port; - num_permitted_opens++; + idx = num_permitted_opens++; + permitted_opens[idx].host_to_connect = xstrdup(host_to_connect); + permitted_opens[idx].port_to_connect = port_to_connect; + permitted_opens[idx].listen_port = listen_port; } - return (success ? 0 : -1); + return (idx); } /* * Request cancellation of remote forwarding of connection host:port from * local side. */ -void +int channel_request_rforward_cancel(const char *host, u_short port) { int i; if (!compat20) - return; + return -1; for (i = 0; i < num_permitted_opens; i++) { if (permitted_opens[i].host_to_connect != NULL && @@ -2932,12 +3001,12 @@ channel_request_rforward_cancel(const ch } if (i >= num_permitted_opens) { debug("%s: requested forward not found", __func__); - return; + return -1; } packet_start(SSH2_MSG_GLOBAL_REQUEST); packet_put_cstring("cancel-tcpip-forward"); packet_put_char(0); - packet_put_cstring(host == NULL ? "" : host); + packet_put_cstring(channel_rfwd_bind_host(host)); packet_put_int(port); packet_send(); @@ -2945,6 +3014,8 @@ channel_request_rforward_cancel(const ch permitted_opens[i].port_to_connect = 0; xfree(permitted_opens[i].host_to_connect); permitted_opens[i].host_to_connect = NULL; + + return 0; } /* @@ -3013,6 +3084,35 @@ channel_add_permitted_opens(char *host, all_opens_permitted = 0; } +/* + * Update the listen port for a dynamic remote forward, after + * the actual 'newport' has been allocated. If 'newport' < 0 is + * passed then they entry will be invalidated. + */ +void +channel_update_permitted_opens(int idx, int newport) +{ + if (idx < 0 || idx >= num_permitted_opens) { + debug("channel_update_permitted_opens: index out of range:" + " %d num_permitted_opens %d", idx, num_permitted_opens); + return; + } + debug("%s allowed port %d for forwarding to host %s port %d", + newport > 0 ? "Updating" : "Removing", + newport, + permitted_opens[idx].host_to_connect, + permitted_opens[idx].port_to_connect); + if (newport >= 0) { + permitted_opens[idx].listen_port = + (datafellows & SSH_BUG_DYNAMIC_RPORT) ? 0 : newport; + } else { + permitted_opens[idx].listen_port = 0; + permitted_opens[idx].port_to_connect = 0; + xfree(permitted_opens[idx].host_to_connect); + permitted_opens[idx].host_to_connect = NULL; + } +} + int channel_add_adm_permitted_opens(char *host, int port) { @@ -3073,6 +3173,28 @@ channel_print_adm_permitted_opens(void) printf("\n"); } +/* returns port number, FWD_PERMIT_ANY_PORT or -1 on error */ +int +permitopen_port(const char *p) +{ + int port; + + if (strcmp(p, "*") == 0) + return FWD_PERMIT_ANY_PORT; + if ((port = a2port(p)) > 0) + return port; + return -1; +} + +static int +port_match(u_short allowedport, u_short requestedport) +{ + if (allowedport == FWD_PERMIT_ANY_PORT || *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Aug 29 15:51:04 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E4F0F106566C; Wed, 29 Aug 2012 15:51:04 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id B69B78FC17; Wed, 29 Aug 2012 15:51:04 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7TFp4r0071420; Wed, 29 Aug 2012 15:51:04 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7TFp49g071419; Wed, 29 Aug 2012 15:51:04 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201208291551.q7TFp49g071419@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Wed, 29 Aug 2012 15:51:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239846 - in vendor-crypto/openssh/dist: . openbsd-compat X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 15:51:05 -0000 Author: des Date: Wed Aug 29 15:51:04 2012 New Revision: 239846 URL: http://svn.freebsd.org/changeset/base/239846 Log: Remove autoprops :( Modified: Directory Properties: vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c (props changed) vendor-crypto/openssh/dist/openbsd-compat/strnlen.c (props changed) vendor-crypto/openssh/dist/sandbox-seccomp-filter.c (props changed) From owner-svn-src-vendor@FreeBSD.ORG Wed Aug 29 15:51:40 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AB524106568E; Wed, 29 Aug 2012 15:51:40 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7D9458FC20; Wed, 29 Aug 2012 15:51:40 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7TFpeKh071517; Wed, 29 Aug 2012 15:51:40 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7TFpepS071516; Wed, 29 Aug 2012 15:51:40 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201208291551.q7TFpepS071516@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Wed, 29 Aug 2012 15:51:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239847 - vendor-crypto/openssh/6.0p1 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 15:51:40 -0000 Author: des Date: Wed Aug 29 15:51:40 2012 New Revision: 239847 URL: http://svn.freebsd.org/changeset/base/239847 Log: Tag OpenSSH 6.0p1 Added: vendor-crypto/openssh/6.0p1/ - copied from r239846, vendor-crypto/openssh/dist/ From owner-svn-src-vendor@FreeBSD.ORG Wed Aug 29 15:55:55 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7E4EA106564A; Wed, 29 Aug 2012 15:55:55 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 65AD08FC12; Wed, 29 Aug 2012 15:55:55 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7TFtt7v072144; Wed, 29 Aug 2012 15:55:55 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7TFttHv072129; Wed, 29 Aug 2012 15:55:55 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201208291555.q7TFttHv072129@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Wed, 29 Aug 2012 15:55:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239849 - in vendor-crypto/openssh/dist: . contrib contrib/caldera contrib/cygwin contrib/redhat contrib/suse openbsd-compat regress X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 15:55:55 -0000 Author: des Date: Wed Aug 29 15:55:54 2012 New Revision: 239849 URL: http://svn.freebsd.org/changeset/base/239849 Log: Vendor import of OpenSSH 6.1p1. Modified: vendor-crypto/openssh/dist/ChangeLog vendor-crypto/openssh/dist/PROTOCOL.certkeys vendor-crypto/openssh/dist/PROTOCOL.mux vendor-crypto/openssh/dist/README vendor-crypto/openssh/dist/addrmatch.c vendor-crypto/openssh/dist/auth-krb5.c vendor-crypto/openssh/dist/auth-passwd.c vendor-crypto/openssh/dist/auth.c vendor-crypto/openssh/dist/channels.c vendor-crypto/openssh/dist/channels.h vendor-crypto/openssh/dist/clientloop.c vendor-crypto/openssh/dist/config.h.in vendor-crypto/openssh/dist/configure vendor-crypto/openssh/dist/configure.ac vendor-crypto/openssh/dist/contrib/Makefile vendor-crypto/openssh/dist/contrib/caldera/openssh.spec vendor-crypto/openssh/dist/contrib/cygwin/ssh-host-config vendor-crypto/openssh/dist/contrib/redhat/openssh.spec vendor-crypto/openssh/dist/contrib/suse/openssh.spec vendor-crypto/openssh/dist/dns.c vendor-crypto/openssh/dist/dns.h vendor-crypto/openssh/dist/jpake.c vendor-crypto/openssh/dist/key.c vendor-crypto/openssh/dist/key.h vendor-crypto/openssh/dist/mac.c vendor-crypto/openssh/dist/moduli vendor-crypto/openssh/dist/moduli.0 vendor-crypto/openssh/dist/moduli.c vendor-crypto/openssh/dist/monitor.c vendor-crypto/openssh/dist/mux.c vendor-crypto/openssh/dist/myproposal.h vendor-crypto/openssh/dist/openbsd-compat/bsd-cygwin_util.h vendor-crypto/openssh/dist/openbsd-compat/bsd-misc.h vendor-crypto/openssh/dist/openbsd-compat/getrrsetbyname-ldns.c vendor-crypto/openssh/dist/regress/addrmatch.sh vendor-crypto/openssh/dist/regress/cipher-speed.sh vendor-crypto/openssh/dist/regress/connect-privsep.sh vendor-crypto/openssh/dist/regress/forwarding.sh vendor-crypto/openssh/dist/regress/multiplex.sh vendor-crypto/openssh/dist/regress/reexec.sh vendor-crypto/openssh/dist/regress/sftp-cmds.sh vendor-crypto/openssh/dist/regress/test-exec.sh vendor-crypto/openssh/dist/regress/try-ciphers.sh vendor-crypto/openssh/dist/sandbox-rlimit.c vendor-crypto/openssh/dist/sandbox-seccomp-filter.c vendor-crypto/openssh/dist/sandbox-systrace.c vendor-crypto/openssh/dist/scp.0 vendor-crypto/openssh/dist/servconf.c vendor-crypto/openssh/dist/servconf.h vendor-crypto/openssh/dist/serverloop.c vendor-crypto/openssh/dist/session.c vendor-crypto/openssh/dist/sftp-client.c vendor-crypto/openssh/dist/sftp-server.0 vendor-crypto/openssh/dist/sftp.0 vendor-crypto/openssh/dist/sftp.c vendor-crypto/openssh/dist/ssh-add.0 vendor-crypto/openssh/dist/ssh-agent.0 vendor-crypto/openssh/dist/ssh-keygen.0 vendor-crypto/openssh/dist/ssh-keygen.1 vendor-crypto/openssh/dist/ssh-keygen.c vendor-crypto/openssh/dist/ssh-keyscan.0 vendor-crypto/openssh/dist/ssh-keyscan.1 vendor-crypto/openssh/dist/ssh-keyscan.c vendor-crypto/openssh/dist/ssh-keysign.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.0 vendor-crypto/openssh/dist/ssh-pkcs11-helper.c vendor-crypto/openssh/dist/ssh.0 vendor-crypto/openssh/dist/ssh.1 vendor-crypto/openssh/dist/ssh.c vendor-crypto/openssh/dist/ssh_config.0 vendor-crypto/openssh/dist/ssh_config.5 vendor-crypto/openssh/dist/sshconnect2.c vendor-crypto/openssh/dist/sshd.0 vendor-crypto/openssh/dist/sshd.8 vendor-crypto/openssh/dist/sshd.c vendor-crypto/openssh/dist/sshd_config vendor-crypto/openssh/dist/sshd_config.0 vendor-crypto/openssh/dist/sshd_config.5 vendor-crypto/openssh/dist/version.h Modified: vendor-crypto/openssh/dist/ChangeLog ============================================================================== --- vendor-crypto/openssh/dist/ChangeLog Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/ChangeLog Wed Aug 29 15:55:54 2012 (r239849) @@ -1,3 +1,298 @@ +20120828 + - (djm) Release openssh-6.1 + +20120828 + - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN + for compatibility with future mingw-w64 headers. Patch from vinschen at + redhat com. + +20120822 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update version numbers + +20120731 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2012/07/06 06:38:03 + [ssh-keygen.c] + missing full stop in usage(); + - djm@cvs.openbsd.org 2012/07/10 02:19:15 + [servconf.c servconf.h sshd.c sshd_config] + Turn on systrace sandboxing of pre-auth sshd by default for new installs + by shipping a config that overrides the current UsePrivilegeSeparation=yes + default. Make it easier to flip the default in the future by adding too. + prodded markus@ feedback dtucker@ "get it in" deraadt@ + - dtucker@cvs.openbsd.org 2012/07/13 01:35:21 + [servconf.c] + handle long comments in config files better. bz#2025, ok markus + - markus@cvs.openbsd.org 2012/07/22 18:19:21 + [version.h] + openssh 6.1 + +20120720 + - (dtucker) Import regened moduli file. + +20120706 + - (djm) [sandbox-seccomp-filter.c] fallback to rlimit if seccomp filter is + not available. Allows use of sshd compiled on host with a filter-capable + kernel on hosts that lack the support. bz#2011 ok dtucker@ + - (djm) [configure.ac] Recursively expand $(bindir) to ensure it has no + unexpanded $(prefix) embedded. bz#2007 patch from nix-corp AT + esperi.org.uk; ok dtucker@ +- (djm) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/07/06 00:41:59 + [moduli.c ssh-keygen.1 ssh-keygen.c] + Add options to specify starting line number and number of lines to process + when screening moduli candidates. This allows processing of different + parts of a candidate moduli file in parallel. man page help jmc@, ok djm@ + - djm@cvs.openbsd.org 2012/07/06 01:37:21 + [mux.c] + fix memory leak of passed-in environment variables and connection + context when new session message is malformed; bz#2003 from Bert.Wesarg + AT googlemail.com + - djm@cvs.openbsd.org 2012/07/06 01:47:38 + [ssh.c] + move setting of tty_flag to after config parsing so RequestTTY options + are correctly picked up. bz#1995 patch from przemoc AT gmail.com; + ok dtucker@ + +20120704 + - (dtucker) [configure.ac openbsd-compat/bsd-misc.h] Add setlinebuf for + platforms that don't have it. "looks good" tim@ + +20120703 + - (dtucker) [configure.ac] Detect platforms that can't use select(2) with + setrlimit(RLIMIT_NOFILE, rl_zero) and disable the rlimit sandbox on those. + - (dtucker) [configure.ac sandbox-rlimit.c] Test whether or not + setrlimit(RLIMIT_FSIZE, rl_zero) and skip it if it's not supported. Its + benefit is minor, so it's not worth disabling the sandbox if it doesn't + work. + +20120702 +- (dtucker) OpenBSD CVS Sync + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; + ok dtucker@ + - markus@cvs.openbsd.org 2012/06/30 14:35:09 + [sandbox-systrace.c sshd.c] + fix a during the load of the sandbox policies (child can still make + the read-syscall and wait forever for systrace-answers) by replacing + the read/write synchronisation with SIGSTOP/SIGCONT; + report and help hshoexer@; ok djm@, dtucker@ + - dtucker@cvs.openbsd.org 2012/07/02 08:50:03 + [ssh.c] + set interactive ToS for forwarded X11 sessions. ok djm@ + - dtucker@cvs.openbsd.org 2012/07/02 12:13:26 + [ssh-pkcs11-helper.c sftp-client.c] + fix a couple of "assigned but not used" warnings. ok markus@ + - dtucker@cvs.openbsd.org 2012/07/02 14:37:06 + [regress/connect-privsep.sh] + remove exit from end of test since it prevents reporting failure + - (dtucker) [regress/reexec.sh regress/sftp-cmds.sh regress/test-exec.sh] + Move cygwin detection to test-exec and use to skip reexec test on cygwin. + - (dtucker) [regress/test-exec.sh] Correct uname for cygwin/w2k. + +20120629 + - OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/06/21 00:16:07 + [addrmatch.c] + fix strlcpy truncation check. from carsten at debian org, ok markus + - dtucker@cvs.openbsd.org 2012/06/22 12:30:26 + [monitor.c sshconnect2.c] + remove dead code following 'for (;;)' loops. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/22 14:36:33 + [sftp.c] + Remove unused variable leftover from tab-completion changes. + From Steve.McClellan at radisys com, ok markus@ + - dtucker@cvs.openbsd.org 2012/06/26 11:02:30 + [sandbox-systrace.c] + Add mquery to the list of allowed syscalls for "UsePrivilegeSeparation + sandbox" since malloc now uses it. From johnw.mail at gmail com. + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [mac.c myproposal.h ssh_config.5 sshd_config.5] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - naddy@cvs.openbsd.org 2012/06/29 13:57:25 + [ssh_config.5 sshd_config.5] + match the documented MAC order of preference to the actual one; ok dtucker@ + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [regress/addrmatch.sh] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - djm@cvs.openbsd.org 2012/06/01 00:47:35 + [regress/multiplex.sh regress/forwarding.sh] + append to rather than truncate test log; bz#2013 from openssh AT + roumenpetrov.info + - djm@cvs.openbsd.org 2012/06/01 00:52:52 + [regress/sftp-cmds.sh] + don't delete .* on cleanup due to unintended env expansion; pointed out in + bz#2014 by openssh AT roumenpetrov.info + - dtucker@cvs.openbsd.org 2012/06/26 12:06:59 + [regress/connect-privsep.sh] + test sandbox with every malloc option + - dtucker@cvs.openbsd.org 2012/06/28 05:07:45 + [regress/try-ciphers.sh regress/cipher-speed.sh] + Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs since they were removed + from draft6 of the spec and will not be in the RFC when published. Patch + from mdb at juniper net via bz#2023, ok markus. + - (dtucker) [myproposal.h] Remove trailing backslash to fix compile error. + - (dtucker) [key.c] ifdef out sha256 key types on platforms that don't have + the required functions in libcrypto. + +20120628 + - (dtucker) [openbsd-compat/getrrsetbyname-ldns.c] bz #2022: prevent null + pointer deref in the client when built with LDNS and using DNSSEC with a + CNAME. Patch from gregdlg+mr at hochet info. + +20120622 + - (dtucker) [contrib/cygwin/ssh-host-config] Ensure that user sshd runs as + can logon as a service. Patch from vinschen at redhat com. + +20120620 + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2011/12/02 00:41:56 + [mux.c] + fix bz#1948: ssh -f doesn't fork for multiplexed connection. + ok dtucker@ + - djm@cvs.openbsd.org 2011/12/04 23:16:12 + [mux.c] + revert: + > revision 1.32 + > date: 2011/12/02 00:41:56; author: djm; state: Exp; lines: +4 -1 + > fix bz#1948: ssh -f doesn't fork for multiplexed connection. + > ok dtucker@ + it interacts badly with ControlPersist + - djm@cvs.openbsd.org 2012/01/07 21:11:36 + [mux.c] + fix double-free in new session handler + NB. Id sync only + - djm@cvs.openbsd.org 2012/05/23 03:28:28 + [dns.c dns.h key.c key.h ssh-keygen.c] + add support for RFC6594 SSHFP DNS records for ECDSA key types. + patch from bugzilla-m67 AT nulld.me in bz#1978; ok + tweak markus@ + - djm@cvs.openbsd.org 2012/06/01 00:49:35 + [PROTOCOL.mux] + correct types of port numbers (integers, not strings); bz#2004 from + bert.wesarg AT googlemail.com + - djm@cvs.openbsd.org 2012/06/01 01:01:22 + [mux.c] + fix memory leak when mux socket creation fails; bz#2002 from bert.wesarg + AT googlemail.com + - dtucker@cvs.openbsd.org 2012/06/18 11:43:53 + [jpake.c] + correct sizeof usage. patch from saw at online.de, ok deraadt + - dtucker@cvs.openbsd.org 2012/06/18 11:49:58 + [ssh_config.5] + RSA instead of DSA twice. From Steve.McClellan at radisys com + - dtucker@cvs.openbsd.org 2012/06/18 12:07:07 + [ssh.1 sshd.8] + Remove mention of 'three' key files since there are now four. From + Steve.McClellan at radisys com. + - dtucker@cvs.openbsd.org 2012/06/18 12:17:18 + [ssh.1] + Clarify description of -W. Noted by Steve.McClellan at radisys com, + ok jmc + - markus@cvs.openbsd.org 2012/06/19 18:25:28 + [servconf.c servconf.h sshd_config.5] + sshd_config: extend Match to allow AcceptEnv and {Allow,Deny}{Users,Groups} + this allows 'Match LocalPort 1022' combined with 'AllowUser bauer' + ok djm@ (back in March) + - jmc@cvs.openbsd.org 2012/06/19 21:35:54 + [sshd_config.5] + tweak previous; ok markus + - djm@cvs.openbsd.org 2012/06/20 04:42:58 + [clientloop.c serverloop.c] + initialise accept() backoff timer to avoid EINVAL from select(2) in + rekeying + +20120519 + - (dtucker) [configure.ac] bz#2010: fix non-portable shell construct. Patch + from cjwatson at debian org. + - (dtucker) [configure.ac contrib/Makefile] bz#1996: use AC_PATH_TOOL to find + pkg-config so it does the right thing when cross-compiling. Patch from + cjwatson at debian org. +- (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2012/05/13 01:42:32 + [servconf.h servconf.c sshd.8 sshd.c auth.c sshd_config.5] + Add "Match LocalAddress" and "Match LocalPort" to sshd and adjust tests + to match. Feedback and ok djm@ markus@. + - dtucker@cvs.openbsd.org 2012/05/19 06:30:30 + [sshd_config.5] + Document PermitOpen none. bz#2001, patch from Loganaden Velvindron + +20120504 + - (dtucker) [configure.ac] Include rather than + to fix building on some plaforms. Fom bowman at math utah edu and + des at des no. + +20120427 + - (dtucker) [regress/addrmatch.sh] skip tests when running on a non-ipv6 + platform rather than exiting early, so that we still clean up and return + success or failure to test-exec.sh + +20120426 + - (djm) [auth-passwd.c] Handle crypt() returning NULL; from Paul Wouters + via Niels + - (djm) [auth-krb5.c] Save errno across calls that might modify it; + ok dtucker@ + +20120423 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/04/23 08:18:17 + [channels.c] + fix function proto/source mismatch + +20120422 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2012/02/29 11:21:26 + [ssh-keygen.c] + allow conversion of RSA1 keys to public PEM and PKCS8; "nice" markus@ + - guenther@cvs.openbsd.org 2012/03/15 03:10:27 + [session.c] + root should always be excluded from the test for /etc/nologin instead + of having it always enforced even when marked as ignorenologin. This + regressed when the logic was incompletely flipped around in rev 1.251 + ok halex@ millert@ + - djm@cvs.openbsd.org 2012/03/28 07:23:22 + [PROTOCOL.certkeys] + explain certificate extensions/crit split rationale. Mention requirement + that each appear at most once per cert. + - dtucker@cvs.openbsd.org 2012/03/29 23:54:36 + [channels.c channels.h servconf.c] + Add PermitOpen none option based on patch from Loganaden Velvindron + (bz #1949). ok djm@ + - djm@cvs.openbsd.org 2012/04/11 13:16:19 + [channels.c channels.h clientloop.c serverloop.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:17:54 + [auth.c] + Support "none" as an argument for AuthorizedPrincipalsFile to indicate + no file should be read. + - djm@cvs.openbsd.org 2012/04/11 13:26:40 + [sshd.c] + don't spin in accept() when out of fds (ENFILE/ENFILE) - back off for a + while; ok deraadt@ markus@ + - djm@cvs.openbsd.org 2012/04/11 13:34:17 + [ssh-keyscan.1 ssh-keyscan.c] + now that sshd defaults to offering ECDSA keys, ssh-keyscan should also + look for them by default; bz#1971 + - djm@cvs.openbsd.org 2012/04/12 02:42:32 + [servconf.c servconf.h sshd.c sshd_config sshd_config.5] + VersionAddendum option to allow server operators to append some arbitrary + text to the SSH-... banner; ok deraadt@ "don't care" markus@ + - djm@cvs.openbsd.org 2012/04/12 02:43:55 + [sshd_config sshd_config.5] + mention AuthorizedPrincipalsFile=none default + - djm@cvs.openbsd.org 2012/04/20 03:24:23 + [sftp.c] + setlinebuf(3) is more readable than setvbuf(.., _IOLBF, ...) + - jmc@cvs.openbsd.org 2012/04/20 16:26:22 + [ssh.1] + use "brackets" instead of "braces", for consistency; + 20120420 - (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Update for release 6.0 Modified: vendor-crypto/openssh/dist/PROTOCOL.certkeys ============================================================================== --- vendor-crypto/openssh/dist/PROTOCOL.certkeys Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/PROTOCOL.certkeys Wed Aug 29 15:55:54 2012 (r239849) @@ -162,6 +162,13 @@ extensions is a set of zero or more opti are not critical, and an implementation that encounters one that it does not recognise may safely ignore it. +Generally, critical options are used to control features that restrict +access where extensions are used to enable features that grant access. +This ensures that certificates containing unknown restrictions do not +inadvertently grant access while allowing new protocol features to be +enabled via extensions without breaking certificates' backwards +compatibility. + The reserved field is currently unused and is ignored in this version of the protocol. @@ -189,7 +196,7 @@ is a sequence of zero or more tuples: string data Options must be lexically ordered by "name" if they appear in the -sequence. +sequence. Each named option may only appear once in a certificate. The name field identifies the option and the data field encodes option-specific information (see below). All options are @@ -220,7 +227,9 @@ Extensions The extensions section of the certificate specifies zero or more non-critical certificate extensions. The encoding and ordering of -extensions in this field is identical to that of the critical options. +extensions in this field is identical to that of the critical options, +as is the requirement that each name appear only once. + If an implementation does not recognise an extension, then it should ignore it. @@ -253,4 +262,4 @@ permit-user-rc empty Fl of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.8 2010/08/31 11:54:45 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.9 2012/03/28 07:23:22 djm Exp $ Modified: vendor-crypto/openssh/dist/PROTOCOL.mux ============================================================================== --- vendor-crypto/openssh/dist/PROTOCOL.mux Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/PROTOCOL.mux Wed Aug 29 15:55:54 2012 (r239849) @@ -110,9 +110,9 @@ A client may request the master to estab uint32 request id uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port forwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. @@ -135,9 +135,9 @@ A client may request the master to close uint32 request id uint32 forwarding type string listen host - string listen port + uint32 listen port string connect host - string connect port + uint32 connect port A server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. @@ -219,4 +219,4 @@ XXX inject packet (what about replies) XXX server->client error/warning notifications XXX send signals via mux -$OpenBSD: PROTOCOL.mux,v 1.8 2011/09/09 00:44:07 djm Exp $ +$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $ Modified: vendor-crypto/openssh/dist/README ============================================================================== --- vendor-crypto/openssh/dist/README Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/README Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-6.0 for the release notes. +See http://www.openssh.com/txt/release-6.1 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.80 2012/04/20 04:11:04 djm Exp $ +$Id: README,v 1.81 2012/08/22 11:57:13 djm Exp $ Modified: vendor-crypto/openssh/dist/addrmatch.c ============================================================================== --- vendor-crypto/openssh/dist/addrmatch.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/addrmatch.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: addrmatch.c,v 1.5 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: addrmatch.c,v 1.6 2012/06/21 00:16:07 dtucker Exp $ */ /* * Copyright (c) 2004-2008 Damien Miller @@ -318,7 +318,7 @@ addr_pton_cidr(const char *p, struct xad char addrbuf[64], *mp, *cp; /* Don't modify argument */ - if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) > sizeof(addrbuf)) + if (p == NULL || strlcpy(addrbuf, p, sizeof(addrbuf)) >= sizeof(addrbuf)) return -1; if ((mp = strchr(addrbuf, '/')) != NULL) { Modified: vendor-crypto/openssh/dist/auth-krb5.c ============================================================================== --- vendor-crypto/openssh/dist/auth-krb5.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/auth-krb5.c Wed Aug 29 15:55:54 2012 (r239849) @@ -226,7 +226,7 @@ krb5_cleanup_proc(Authctxt *authctxt) #ifndef HEIMDAL krb5_error_code ssh_krb5_cc_gen(krb5_context ctx, krb5_ccache *ccache) { - int tmpfd, ret; + int tmpfd, ret, oerrno; char ccname[40]; mode_t old_umask; @@ -237,16 +237,18 @@ ssh_krb5_cc_gen(krb5_context ctx, krb5_c old_umask = umask(0177); tmpfd = mkstemp(ccname + strlen("FILE:")); + oerrno = errno; umask(old_umask); if (tmpfd == -1) { - logit("mkstemp(): %.100s", strerror(errno)); - return errno; + logit("mkstemp(): %.100s", strerror(oerrno)); + return oerrno; } if (fchmod(tmpfd,S_IRUSR | S_IWUSR) == -1) { - logit("fchmod(): %.100s", strerror(errno)); + oerrno = errno; + logit("fchmod(): %.100s", strerror(oerrno)); close(tmpfd); - return errno; + return oerrno; } close(tmpfd); Modified: vendor-crypto/openssh/dist/auth-passwd.c ============================================================================== --- vendor-crypto/openssh/dist/auth-passwd.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/auth-passwd.c Wed Aug 29 15:55:54 2012 (r239849) @@ -209,6 +209,7 @@ sys_auth_passwd(Authctxt *authctxt, cons * Authentication is accepted if the encrypted passwords * are identical. */ - return (strcmp(encrypted_password, pw_password) == 0); + return encrypted_password != NULL && + strcmp(encrypted_password, pw_password) == 0; } #endif Modified: vendor-crypto/openssh/dist/auth.c ============================================================================== --- vendor-crypto/openssh/dist/auth.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/auth.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: auth.c,v 1.94 2011/05/23 03:33:38 djm Exp $ */ +/* $OpenBSD: auth.c,v 1.96 2012/05/13 01:42:32 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -357,7 +357,8 @@ expand_authorized_keys(const char *filen char * authorized_principals_file(struct passwd *pw) { - if (options.authorized_principals_file == NULL) + if (options.authorized_principals_file == NULL || + strcasecmp(options.authorized_principals_file, "none") == 0) return NULL; return expand_authorized_keys(options.authorized_principals_file, pw); } @@ -544,9 +545,10 @@ getpwnamallow(const char *user) #endif #endif struct passwd *pw; + struct connection_info *ci = get_connection_info(1, options.use_dns); - parse_server_match_config(&options, user, - get_canonical_hostname(options.use_dns), get_remote_ipaddr()); + ci->user = user; + parse_server_match_config(&options, ci); #if defined(_AIX) && defined(HAVE_SETAUTHDB) aix_setauthdb(user); Modified: vendor-crypto/openssh/dist/channels.c ============================================================================== --- vendor-crypto/openssh/dist/channels.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/channels.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.c,v 1.315 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: channels.c,v 1.318 2012/04/23 08:18:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -311,6 +311,7 @@ channel_new(char *ctype, int type, int r c->istate = CHAN_INPUT_OPEN; c->flags = 0; channel_register_fds(c, rfd, wfd, efd, extusage, nonblock, 0); + c->notbefore = 0; c->self = found; c->type = type; c->ctype = ctype; @@ -1339,6 +1340,8 @@ channel_post_x11_listener(Channel *c, fd } if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1482,6 +1485,8 @@ channel_post_port_listener(Channel *c, f newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { error("accept: %.100s", strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } set_nodelay(newsock); @@ -1514,7 +1519,10 @@ channel_post_auth_listener(Channel *c, f addrlen = sizeof(addr); newsock = accept(c->sock, (struct sockaddr *)&addr, &addrlen); if (newsock < 0) { - error("accept from auth socket: %.100s", strerror(errno)); + error("accept from auth socket: %.100s", + strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } nc = channel_new("accepted auth socket", @@ -1917,6 +1925,8 @@ channel_post_mux_listener(Channel *c, fd if ((newsock = accept(c->sock, (struct sockaddr*)&addr, &addrlen)) == -1) { error("%s accept: %s", __func__, strerror(errno)); + if (errno == EMFILE || errno == ENFILE) + c->notbefore = time(NULL) + 1; return; } @@ -2067,16 +2077,21 @@ channel_garbage_collect(Channel *c) } static void -channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset) +channel_handler(chan_fn *ftab[], fd_set *readset, fd_set *writeset, + time_t *unpause_secs) { static int did_init = 0; u_int i, oalloc; Channel *c; + time_t now; if (!did_init) { channel_handler_init(); did_init = 1; } + now = time(NULL); + if (unpause_secs != NULL) + *unpause_secs = 0; for (i = 0, oalloc = channels_alloc; i < oalloc; i++) { c = channels[i]; if (c == NULL) @@ -2087,10 +2102,30 @@ channel_handler(chan_fn *ftab[], fd_set else continue; } - if (ftab[c->type] != NULL) - (*ftab[c->type])(c, readset, writeset); + if (ftab[c->type] != NULL) { + /* + * Run handlers that are not paused. + */ + if (c->notbefore <= now) + (*ftab[c->type])(c, readset, writeset); + else if (unpause_secs != NULL) { + /* + * Collect the time that the earliest + * channel comes off pause. + */ + debug3("%s: chan %d: skip for %d more seconds", + __func__, c->self, + (int)(c->notbefore - now)); + if (*unpause_secs == 0 || + (c->notbefore - now) < *unpause_secs) + *unpause_secs = c->notbefore - now; + } + } channel_garbage_collect(c); } + if (unpause_secs != NULL && *unpause_secs != 0) + debug3("%s: first channel unpauses in %d seconds", + __func__, (int)*unpause_secs); } /* @@ -2099,7 +2134,7 @@ channel_handler(chan_fn *ftab[], fd_set */ void channel_prepare_select(fd_set **readsetp, fd_set **writesetp, int *maxfdp, - u_int *nallocp, int rekeying) + u_int *nallocp, time_t *minwait_secs, int rekeying) { u_int n, sz, nfdset; @@ -2122,7 +2157,8 @@ channel_prepare_select(fd_set **readsetp memset(*writesetp, 0, sz); if (!rekeying) - channel_handler(channel_pre, *readsetp, *writesetp); + channel_handler(channel_pre, *readsetp, *writesetp, + minwait_secs); } /* @@ -2132,7 +2168,7 @@ channel_prepare_select(fd_set **readsetp void channel_after_select(fd_set *readset, fd_set *writeset) { - channel_handler(channel_post, readset, writeset); + channel_handler(channel_post, readset, writeset, NULL); } @@ -3127,6 +3163,17 @@ channel_add_adm_permitted_opens(char *ho } void +channel_disable_adm_local_opens(void) +{ + if (num_adm_permitted_opens == 0) { + permitted_adm_opens = xmalloc(sizeof(*permitted_adm_opens)); + permitted_adm_opens[num_adm_permitted_opens].host_to_connect + = NULL; + num_adm_permitted_opens = 1; + } +} + +void channel_clear_permitted_opens(void) { int i; @@ -3167,7 +3214,9 @@ channel_print_adm_permitted_opens(void) return; } for (i = 0; i < num_adm_permitted_opens; i++) - if (permitted_adm_opens[i].host_to_connect != NULL) + if (permitted_adm_opens[i].host_to_connect == NULL) + printf(" none"); + else printf(" %s:%d", permitted_adm_opens[i].host_to_connect, permitted_adm_opens[i].port_to_connect); printf("\n"); Modified: vendor-crypto/openssh/dist/channels.h ============================================================================== --- vendor-crypto/openssh/dist/channels.h Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/channels.h Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: channels.h,v 1.109 2011/09/23 07:45:05 markus Exp $ */ +/* $OpenBSD: channels.h,v 1.111 2012/04/11 13:16:19 djm Exp $ */ /* * Author: Tatu Ylonen @@ -105,6 +105,7 @@ struct Channel { int wfd_isatty; /* wfd is a tty */ int client_tty; /* (client) TTY has been requested */ int force_drain; /* force close on iEOF */ + time_t notbefore; /* Pause IO until deadline (time_t) */ int delayed; /* post-select handlers for newly created * channels are delayed until the first call * to a matching pre-select handler. @@ -238,7 +239,8 @@ void channel_input_status_confirm(int, /* file descriptor handling (read/write) */ -void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, int); +void channel_prepare_select(fd_set **, fd_set **, int *, u_int*, + time_t*, int); void channel_after_select(fd_set *, fd_set *); void channel_output_poll(void); @@ -253,6 +255,7 @@ void channel_set_af(int af); void channel_permit_all_opens(void); void channel_add_permitted_opens(char *, int); int channel_add_adm_permitted_opens(char *, int); +void channel_disable_adm_local_opens(void); void channel_update_permitted_opens(int, int); void channel_clear_permitted_opens(void); void channel_clear_adm_permitted_opens(void); Modified: vendor-crypto/openssh/dist/clientloop.c ============================================================================== --- vendor-crypto/openssh/dist/clientloop.c Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/clientloop.c Wed Aug 29 15:55:54 2012 (r239849) @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.238 2012/01/18 21:46:43 dtucker Exp $ */ +/* $OpenBSD: clientloop.c,v 1.240 2012/06/20 04:42:58 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -583,10 +583,12 @@ client_wait_until_can_do_something(fd_se { struct timeval tv, *tvp; int timeout_secs; + time_t minwait_secs = 0; int ret; /* Add any selections by the channel mechanism. */ - channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, rekeying); + channel_prepare_select(readsetp, writesetp, maxfdp, nallocp, + &minwait_secs, rekeying); if (!compat20) { /* Read from the connection, unless our buffers are full. */ @@ -639,6 +641,8 @@ client_wait_until_can_do_something(fd_se if (timeout_secs < 0) timeout_secs = 0; } + if (minwait_secs != 0) + timeout_secs = MIN(timeout_secs, (int)minwait_secs); if (timeout_secs == INT_MAX) tvp = NULL; else { Modified: vendor-crypto/openssh/dist/config.h.in ============================================================================== --- vendor-crypto/openssh/dist/config.h.in Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/config.h.in Wed Aug 29 15:55:54 2012 (r239849) @@ -822,6 +822,9 @@ /* Define to 1 if you have the `setgroups' function. */ #undef HAVE_SETGROUPS +/* Define to 1 if you have the `setlinebuf' function. */ +#undef HAVE_SETLINEBUF + /* Define to 1 if you have the `setlogin' function. */ #undef HAVE_SETLOGIN @@ -1374,6 +1377,9 @@ /* Sandbox using seccomp filter */ #undef SANDBOX_SECCOMP_FILTER +/* setrlimit RLIMIT_FSIZE works */ +#undef SANDBOX_SKIP_RLIMIT_FSIZE + /* Sandbox using systrace(4) */ #undef SANDBOX_SYSTRACE Modified: vendor-crypto/openssh/dist/configure ============================================================================== --- vendor-crypto/openssh/dist/configure Wed Aug 29 15:53:27 2012 (r239848) +++ vendor-crypto/openssh/dist/configure Wed Aug 29 15:55:54 2012 (r239849) @@ -1,5 +1,5 @@ #! /bin/sh -# From configure.ac Revision: 1.489 . +# From configure.ac Revision: 1.496 . # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.68 for OpenSSH Portable. # @@ -6927,7 +6927,8 @@ $as_echo "#define SSH_TUN_PREPEND_AF 1" for ac_header in linux/seccomp.h linux/filter.h linux/audit.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default" +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "#include +" if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : cat >>confdefs.h <<_ACEOF #define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 @@ -9137,8 +9138,9 @@ LIBEDIT_MSG="no" if test "${with_libedit+set}" = set; then : withval=$with_libedit; if test "x$withval" != "xno" ; then if test "x$withval" = "xyes" ; then - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 $as_echo_n "checking for $ac_word... " >&6; } if ${ac_cv_path_PKGCONFIG+:} false; then : @@ -9164,7 +9166,6 @@ done done IFS=$as_save_IFS - test -z "$ac_cv_path_PKGCONFIG" && ac_cv_path_PKGCONFIG="no" ;; esac fi @@ -9178,6 +9179,63 @@ $as_echo "no" >&6; } fi +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + if test "x$PKGCONFIG" != "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $PKGCONFIG knows about libedit" >&5 $as_echo_n "checking if $PKGCONFIG knows about libedit... " >&6; } @@ -9499,6 +9557,7 @@ for ac_func in \ seteuid \ setgroupent \ setgroups \ + setlinebuf \ setlogin \ setpassent\ setpcred \ @@ -11784,6 +11843,109 @@ if test "${with_sandbox+set}" = set; the fi + +# Some platforms (seems to be the ones that have a kernel poll(2)-type +# function with which they implement select(2)) use an extra file descriptor +# when calling select(2), which means we can't use the rlimit sandbox. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if select works with descriptor rlimit" >&5 +$as_echo_n "checking if select works with descriptor rlimit... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#ifdef HAVE_SYS_TIME_H +# include +#endif +#include +#ifdef HAVE_SYS_SELECT_H +# include +#endif +#include +#include +#include + +int +main () +{ + + struct rlimit rl_zero; + int fd, r; + fd_set fds; + + fd = open("/dev/null", O_RDONLY); + FD_ZERO(&fds); + FD_SET(fd, &fds); + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + setrlimit(RLIMIT_FSIZE, &rl_zero); + setrlimit(RLIMIT_NOFILE, &rl_zero); + r = select(fd+1, &fds, NULL, NULL, NULL); + exit (r == -1 ? 1 : 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + select_works_with_rlimit=yes +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + select_works_with_rlimit=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if setrlimit RLIMIT_FSIZE works" >&5 +$as_echo_n "checking if setrlimit RLIMIT_FSIZE works... " >&6; } +if test "$cross_compiling" = yes; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cross compiling: assuming yes" >&5 +$as_echo "$as_me: WARNING: cross compiling: assuming yes" >&2;} + +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +#include +#include + +int +main () +{ + + struct rlimit rl_zero; + + rl_zero.rlim_cur = rl_zero.rlim_max = 0; + exit(setrlimit(RLIMIT_FSIZE, &rl_zero) != 0); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +$as_echo "#define SANDBOX_SKIP_RLIMIT_FSIZE 1" >>confdefs.h + +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + if test "x$sandbox_arg" = "xsystrace" || \ ( test -z "$sandbox_arg" && test "x$have_systr_policy_kill" = "x1" ) ; then test "x$have_systr_policy_kill" != "x1" && \ @@ -11804,7 +11966,7 @@ $as_echo "#define SANDBOX_DARWIN 1" >>co elif test "x$sandbox_arg" = "xseccomp_filter" || \ ( test -z "$sandbox_arg" && \ - test "x$have_seccomp_filter" == "x1" && \ + test "x$have_seccomp_filter" = "x1" && \ test "x$ac_cv_header_linux_audit_h" = "xyes" && \ test "x$have_seccomp_audit_arch" = "x1" && \ test "x$have_linux_no_new_privs" = "x1" && \ @@ -11822,9 +11984,12 @@ elif test "x$sandbox_arg" = "xseccomp_fi $as_echo "#define SANDBOX_SECCOMP_FILTER 1" >>confdefs.h elif test "x$sandbox_arg" = "xrlimit" || \ - ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" ) ; then + ( test -z "$sandbox_arg" && test "x$ac_cv_func_setrlimit" = "xyes" && \ + test "x$select_works_with_rlimit" == "xyes" ) ; then test "x$ac_cv_func_setrlimit" != "xyes" && \ as_fn_error $? "rlimit sandbox requires setrlimit function" "$LINENO" 5 + test "x$select_works_with_rlimit" != "xyes" && \ + as_fn_error $? "rlimit sandbox requires select to work with rlimit" "$LINENO" 5 SANDBOX_STYLE="rlimit" $as_echo "#define SANDBOX_RLIMIT 1" >>confdefs.h @@ -14118,7 +14283,7 @@ $as_echo_n "checking if struct statvfs.f cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include #include #ifdef HAVE_SYS_TIME_H # include @@ -16077,13 +16242,16 @@ rm -f core *.core core.conftest.* gmon.o fi # make sure $bindir is in USER_PATH so scp will work - t_bindir=`eval echo ${bindir}` - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$prefix~"` ;; - esac - case $t_bindir in - NONE/*) t_bindir=`echo $t_bindir | sed "s~NONE~$ac_default_prefix~"` ;; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-vendor@FreeBSD.ORG Wed Aug 29 15:56:26 2012 Return-Path: Delivered-To: svn-src-vendor@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 691F610657D6; Wed, 29 Aug 2012 15:56:26 +0000 (UTC) (envelope-from des@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 3A7368FC17; Wed, 29 Aug 2012 15:56:26 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id q7TFuQYA072279; Wed, 29 Aug 2012 15:56:26 GMT (envelope-from des@svn.freebsd.org) Received: (from des@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id q7TFuQKp072278; Wed, 29 Aug 2012 15:56:26 GMT (envelope-from des@svn.freebsd.org) Message-Id: <201208291556.q7TFuQKp072278@svn.freebsd.org> From: Dag-Erling Smørgrav Date: Wed, 29 Aug 2012 15:56:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r239851 - vendor-crypto/openssh/6.1p1 X-BeenThere: svn-src-vendor@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the vendor work area tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Aug 2012 15:56:26 -0000 Author: des Date: Wed Aug 29 15:56:25 2012 New Revision: 239851 URL: http://svn.freebsd.org/changeset/base/239851 Log: Tag OpenSSH 6.1p1 Added: vendor-crypto/openssh/6.1p1/ - copied from r239850, vendor-crypto/openssh/dist/