From owner-svn-src-stable-9@freebsd.org Mon Sep 14 09:31:01 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E9A1EA03D7F; Mon, 14 Sep 2015 09:31:01 +0000 (UTC) (envelope-from ed@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CEF9B1B9A; Mon, 14 Sep 2015 09:31:01 +0000 (UTC) (envelope-from ed@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8E9V1ik073447; Mon, 14 Sep 2015 09:31:01 GMT (envelope-from ed@FreeBSD.org) Received: (from ed@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8E9V1gY073098; Mon, 14 Sep 2015 09:31:01 GMT (envelope-from ed@FreeBSD.org) Message-Id: <201509140931.t8E9V1gY073098@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ed set sender to ed@FreeBSD.org using -f From: Ed Schouten Date: Mon, 14 Sep 2015 09:31:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287777 - stable/9/sys/teken X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2015 09:31:02 -0000 Author: ed Date: Mon Sep 14 09:31:00 2015 New Revision: 287777 URL: https://svnweb.freebsd.org/changeset/base/287777 Log: MFC r286798 and r286827: Stop parsing digits if the value already exceeds UINT_MAX / 100. There is no need for us to support parsing values that are larger than the maximum terminal window size. In this case that would be the maximum of unsigned short. The problem with parsing larger values is that they can cause integer overflows when adjusting the cursor position, leading to all sorts of failing assertions. MFC r286981 and r287098: Don't truncate cursor arithmetic to 16 bits. When updating the row number when the cursor position escape sequence is issued, we should make sure to store the intermediate result in a 32-bit integer. If we fail to do this, the cursor may be set above the origin region, which is bad. This could cause libteken to crash when INVARIANTS is enabled, due to the strict set of assertions that libteken has. PR: 202326, 202540, 202612 Submitted by: kwcu csie org Modified: stable/9/sys/teken/teken.c stable/9/sys/teken/teken_subr.h Directory Properties: stable/9/ (props changed) stable/9/sys/ (props changed) Modified: stable/9/sys/teken/teken.c ============================================================================== --- stable/9/sys/teken/teken.c Mon Sep 14 09:12:28 2015 (r287776) +++ stable/9/sys/teken/teken.c Mon Sep 14 09:31:00 2015 (r287777) @@ -29,12 +29,14 @@ #include #if defined(__FreeBSD__) && defined(_KERNEL) #include +#include #include #include #define teken_assert(x) MPASS(x) #else /* !(__FreeBSD__ && _KERNEL) */ #include #include +#include #include #include #include @@ -405,18 +407,24 @@ teken_state_numbers(teken_t *t, teken_ch teken_assert(t->t_curnum < T_NUMSIZE); if (c >= '0' && c <= '9') { - /* - * Don't do math with the default value of 1 when a - * custom number is inserted. - */ if (t->t_stateflags & TS_FIRSTDIGIT) { + /* First digit. */ t->t_stateflags &= ~TS_FIRSTDIGIT; - t->t_nums[t->t_curnum] = 0; - } else { - t->t_nums[t->t_curnum] *= 10; + t->t_nums[t->t_curnum] = c - '0'; + } else if (t->t_nums[t->t_curnum] < UINT_MAX / 100) { + /* + * There is no need to continue parsing input + * once the value exceeds the size of the + * terminal. It would only allow for integer + * overflows when performing arithmetic on the + * cursor position. + * + * Ignore any further digits if the value is + * already UINT_MAX / 100. + */ + t->t_nums[t->t_curnum] = + t->t_nums[t->t_curnum] * 10 + c - '0'; } - - t->t_nums[t->t_curnum] += c - '0'; return (1); } else if (c == ';') { if (t->t_stateflags & TS_FIRSTDIGIT) Modified: stable/9/sys/teken/teken_subr.h ============================================================================== --- stable/9/sys/teken/teken_subr.h Mon Sep 14 09:12:28 2015 (r287776) +++ stable/9/sys/teken/teken_subr.h Mon Sep 14 09:31:00 2015 (r287777) @@ -324,13 +324,13 @@ static void teken_subr_cursor_position(teken_t *t, unsigned int row, unsigned int col) { - t->t_cursor.tp_row = t->t_originreg.ts_begin + row - 1; - if (t->t_cursor.tp_row >= t->t_originreg.ts_end) - t->t_cursor.tp_row = t->t_originreg.ts_end - 1; - - t->t_cursor.tp_col = col - 1; - if (t->t_cursor.tp_col >= t->t_winsize.tp_col) - t->t_cursor.tp_col = t->t_winsize.tp_col - 1; + row = row - 1 + t->t_originreg.ts_begin; + t->t_cursor.tp_row = row < t->t_originreg.ts_end ? + row : t->t_originreg.ts_end - 1; + + col--; + t->t_cursor.tp_col = col < t->t_winsize.tp_col ? + col : t->t_winsize.tp_col - 1; t->t_stateflags &= ~TS_WRAPPED; teken_funcs_cursor(t); @@ -583,9 +583,9 @@ static void teken_subr_horizontal_position_absolute(teken_t *t, unsigned int col) { - t->t_cursor.tp_col = col - 1; - if (t->t_cursor.tp_col >= t->t_winsize.tp_col) - t->t_cursor.tp_col = t->t_winsize.tp_col - 1; + col--; + t->t_cursor.tp_col = col < t->t_winsize.tp_col ? + col : t->t_winsize.tp_col - 1; t->t_stateflags &= ~TS_WRAPPED; teken_funcs_cursor(t); @@ -1297,9 +1297,9 @@ static void teken_subr_vertical_position_absolute(teken_t *t, unsigned int row) { - t->t_cursor.tp_row = t->t_originreg.ts_begin + row - 1; - if (t->t_cursor.tp_row >= t->t_originreg.ts_end) - t->t_cursor.tp_row = t->t_originreg.ts_end - 1; + row = row - 1 + t->t_originreg.ts_begin; + t->t_cursor.tp_row = row < t->t_originreg.ts_end ? + row : t->t_originreg.ts_end - 1; t->t_stateflags &= ~TS_WRAPPED; teken_funcs_cursor(t); From owner-svn-src-stable-9@freebsd.org Mon Sep 14 15:47:21 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7E746A046DA; Mon, 14 Sep 2015 15:47:21 +0000 (UTC) (envelope-from avatar@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6EA281BCE; Mon, 14 Sep 2015 15:47:21 +0000 (UTC) (envelope-from avatar@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8EFlL6r037777; Mon, 14 Sep 2015 15:47:21 GMT (envelope-from avatar@FreeBSD.org) Received: (from avatar@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8EFlLjb037776; Mon, 14 Sep 2015 15:47:21 GMT (envelope-from avatar@FreeBSD.org) Message-Id: <201509141547.t8EFlLjb037776@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avatar set sender to avatar@FreeBSD.org using -f From: Tai-hwa Liang Date: Mon, 14 Sep 2015 15:47:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287787 - stable/9/sys/dev/sound/midi X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2015 15:47:21 -0000 Author: avatar Date: Mon Sep 14 15:47:20 2015 New Revision: 287787 URL: https://svnweb.freebsd.org/changeset/base/287787 Log: MFC r286887: Using the error return code documented in the comment. Though there is no direct midi_uninit() caller amongst existing drivers at this moment, a quick experiment indicates that EBUSY gives users more precise error message once drivers start to honour this result. For example, emu_midi_detach() should check the result of mpu401_uninit() and block module unloading if there is any MIDI I/O in progress. Modified: stable/9/sys/dev/sound/midi/midi.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/dev/ (props changed) Modified: stable/9/sys/dev/sound/midi/midi.c ============================================================================== --- stable/9/sys/dev/sound/midi/midi.c Mon Sep 14 15:44:03 2015 (r287786) +++ stable/9/sys/dev/sound/midi/midi.c Mon Sep 14 15:47:20 2015 (r287787) @@ -403,7 +403,7 @@ midi_uninit(struct snd_midi *m) { int err; - err = ENXIO; + err = EBUSY; mtx_lock(&midistat_lock); mtx_lock(&m->lock); if (m->busy) { From owner-svn-src-stable-9@freebsd.org Mon Sep 14 18:58:31 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9E577A049BB; Mon, 14 Sep 2015 18:58:31 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8ECE31AEA; Mon, 14 Sep 2015 18:58:31 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8EIwVVC017711; Mon, 14 Sep 2015 18:58:31 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8EIwVpR017710; Mon, 14 Sep 2015 18:58:31 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201509141858.t8EIwVpR017710@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Mon, 14 Sep 2015 18:58:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287796 - stable/9/usr.bin/tftp X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Sep 2015 18:58:31 -0000 Author: delphij Date: Mon Sep 14 18:58:30 2015 New Revision: 287796 URL: https://svnweb.freebsd.org/changeset/base/287796 Log: MFC r287320: - uri is expected to be nul-terminated (strchr used later), so use strlcpy instead of strncpy. - replace the other two cases of strncpy+\0 with strlcpy. Modified: stable/9/usr.bin/tftp/main.c Directory Properties: stable/9/usr.bin/tftp/ (props changed) Modified: stable/9/usr.bin/tftp/main.c ============================================================================== --- stable/9/usr.bin/tftp/main.c Mon Sep 14 18:57:50 2015 (r287795) +++ stable/9/usr.bin/tftp/main.c Mon Sep 14 18:58:30 2015 (r287796) @@ -223,7 +223,7 @@ urihandling(char *URI) char line[MAXLINE]; int i; - strncpy(uri, URI, ARG_MAX); + strlcpy(uri, URI, ARG_MAX); host = uri + 7; if ((s = strchr(host, '/')) == NULL) { @@ -320,11 +320,10 @@ setpeer0(char *host, const char *lport) /* res->ai_addr <= sizeof(peeraddr) is guaranteed */ memcpy(&peer_sock, res->ai_addr, res->ai_addrlen); if (res->ai_canonname) { - (void) strncpy(hostname, res->ai_canonname, + (void) strlcpy(hostname, res->ai_canonname, sizeof(hostname)); } else - (void) strncpy(hostname, host, sizeof(hostname)); - hostname[sizeof(hostname)-1] = 0; + (void) strlcpy(hostname, host, sizeof(hostname)); connected = 1; } From owner-svn-src-stable-9@freebsd.org Tue Sep 15 06:21:35 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 58DFCA03184; Tue, 15 Sep 2015 06:21:35 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 486EE1094; Tue, 15 Sep 2015 06:21:35 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8F6LZRr002163; Tue, 15 Sep 2015 06:21:35 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8F6LY0t002159; Tue, 15 Sep 2015 06:21:34 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201509150621.t8F6LY0t002159@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Tue, 15 Sep 2015 06:21:34 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287811 - stable/9/usr.sbin/pkg X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 06:21:35 -0000 Author: bapt Date: Tue Sep 15 06:21:33 2015 New Revision: 287811 URL: https://svnweb.freebsd.org/changeset/base/287811 Log: MFC: r287579, r287810 (adapted to old openssl APIs) Implement pubkey support for the bootstrap Note that to not interfer with finger print it expects a signature on pkg itself which is named pkg.txz.pubkeysign To generate it: echo -n "$(sha256 -q pkg.txz)" | openssl dgst -sha256 -sign /thekey \ -binary -out ./pkg.txz.pubkeysig Note the "echo -n" which prevent signing the '\n' one would get otherwise PR: 202622 Modified: stable/9/usr.sbin/pkg/config.c stable/9/usr.sbin/pkg/config.h stable/9/usr.sbin/pkg/pkg.c Directory Properties: stable/9/usr.sbin/pkg/ (props changed) Modified: stable/9/usr.sbin/pkg/config.c ============================================================================== --- stable/9/usr.sbin/pkg/config.c Tue Sep 15 05:56:16 2015 (r287810) +++ stable/9/usr.sbin/pkg/config.c Tue Sep 15 06:21:33 2015 (r287811) @@ -131,6 +131,15 @@ static struct config_entry c[] = { false, true, }, + [PUBKEY] = { + PKG_CONFIG_STRING, + "PUBKEY", + NULL, + NULL, + NULL, + false, + false + } }; static const char * @@ -347,6 +356,8 @@ config_parse(const ucl_object_t *obj, pk sbuf_cpy(buf, "SIGNATURE_TYPE"); else if (strcasecmp(key, "fingerprints") == 0) sbuf_cpy(buf, "FINGERPRINTS"); + else if (strcasecmp(key, "pubkey") == 0) + sbuf_cpy(buf, "PUBKEY"); else if (strcasecmp(key, "enabled") == 0) { if ((cur->type != UCL_BOOLEAN) || !ucl_object_toboolean(cur)) Modified: stable/9/usr.sbin/pkg/config.h ============================================================================== --- stable/9/usr.sbin/pkg/config.h Tue Sep 15 05:56:16 2015 (r287810) +++ stable/9/usr.sbin/pkg/config.h Tue Sep 15 06:21:33 2015 (r287811) @@ -40,6 +40,7 @@ typedef enum { SIGNATURE_TYPE, FINGERPRINTS, REPOS_DIR, + PUBKEY, CONFIG_SIZE } pkg_config_key; Modified: stable/9/usr.sbin/pkg/pkg.c ============================================================================== --- stable/9/usr.sbin/pkg/pkg.c Tue Sep 15 05:56:16 2015 (r287810) +++ stable/9/usr.sbin/pkg/pkg.c Tue Sep 15 06:21:33 2015 (r287811) @@ -66,6 +66,11 @@ struct sig_cert { bool trusted; }; +struct pubkey { + unsigned char *sig; + int siglen; +}; + typedef enum { HASH_UNKNOWN, HASH_SHA256, @@ -481,7 +486,30 @@ cleanup: } static RSA * -load_rsa_public_key_buf(unsigned char *cert, int certlen) +load_rsa_public_key_file(const char *file) +{ + RSA *rsa = NULL; + BIO *bp; + char errbuf[1024]; + + bp = BIO_new_file(file, "r"); + if (!bp) + errx(EXIT_FAILURE, "Unable to read %s", file); + + if (!PEM_read_bio_RSA_PUBKEY(bp, &rsa, NULL, NULL)) { + warn("error reading public key: %s", + ERR_error_string(ERR_get_error(), errbuf)); + BIO_free(bp); + return (NULL); + } + + BIO_free(bp); + + return (rsa); +} + +static RSA * +load_rsa_public_key_buf(const unsigned char *cert, int certlen) { RSA *rsa = NULL; BIO *bp; @@ -500,8 +528,8 @@ load_rsa_public_key_buf(unsigned char *c static bool -rsa_verify_cert(int fd, unsigned char *key, int keylen, - unsigned char *sig, int siglen) +rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, + int keylen, unsigned char *sig, int siglen) { char sha256[SHA256_DIGEST_LENGTH *2 +1]; char hash[SHA256_DIGEST_LENGTH]; @@ -518,7 +546,11 @@ rsa_verify_cert(int fd, unsigned char *k sha256_buf_bin(sha256, strlen(sha256), hash); - rsa = load_rsa_public_key_buf(key, keylen); + if (sigfile != NULL) { + rsa = load_rsa_public_key_file(sigfile); + } else { + rsa = load_rsa_public_key_buf(key, keylen); + } if (rsa == NULL) return (false); ret = RSA_verify(NID_sha256, hash, sizeof(hash), sig, siglen, rsa); @@ -533,6 +565,35 @@ rsa_verify_cert(int fd, unsigned char *k return (true); } +static struct pubkey * +read_pubkey(int fd) +{ + struct pubkey *pk; + struct sbuf *sig; + char buf[4096]; + int r; + + if (lseek(fd, 0, 0) == -1) { + warn("lseek"); + return (NULL); + } + + sig = sbuf_new_auto(); + + while ((r = read(fd, buf, sizeof(buf))) >0) { + sbuf_bcat(sig, buf, r); + } + + sbuf_finish(sig); + pk = calloc(1, sizeof(struct pubkey)); + pk->siglen = sbuf_len(sig); + pk->sig = calloc(1, pk->siglen); + memcpy(pk->sig, sbuf_data(sig), pk->siglen); + sbuf_delete(sig); + + return (pk); +} + static struct sig_cert * parse_cert(int fd) { int my_fd; @@ -606,6 +667,45 @@ parse_cert(int fd) { } static bool +verify_pubsignature(int fd_pkg, int fd_sig) +{ + struct pubkey *pk; + const char *pubkey; + bool ret; + + pk = NULL; + pubkey = NULL; + ret = false; + if (config_string(PUBKEY, &pubkey) != 0) { + warnx("No CONFIG_PUBKEY defined"); + goto cleanup; + } + + if ((pk = read_pubkey(fd_sig)) == NULL) { + warnx("Error reading signature"); + goto cleanup; + } + + /* Verify the signature. */ + printf("Verifying signature with public key %s... ", pubkey); + if (rsa_verify_cert(fd_pkg, pubkey, NULL, 0, pk->sig, + pk->siglen) == false) { + fprintf(stderr, "Signature is not valid\n"); + goto cleanup; + } + + ret = true; + +cleanup: + if (pk) { + free(pk->sig); + free(pk); + } + + return (ret); +} + +static bool verify_signature(int fd_pkg, int fd_sig) { struct fingerprint_list *trusted, *revoked; @@ -683,7 +783,7 @@ verify_signature(int fd_pkg, int fd_sig) /* Verify the signature. */ printf("Verifying signature with trusted certificate %s... ", sc->name); - if (rsa_verify_cert(fd_pkg, sc->cert, sc->certlen, sc->sig, + if (rsa_verify_cert(fd_pkg, NULL, sc->cert, sc->certlen, sc->sig, sc->siglen) == false) { printf("failed\n"); fprintf(stderr, "Signature is not valid\n"); @@ -751,24 +851,42 @@ bootstrap_pkg(bool force) if (signature_type != NULL && strcasecmp(signature_type, "NONE") != 0) { - if (strcasecmp(signature_type, "FINGERPRINTS") != 0) { - warnx("Signature type %s is not supported for " - "bootstrapping.", signature_type); - goto cleanup; - } + if (strcasecmp(signature_type, "FINGERPRINTS") == 0) { + + snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX", + getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP); + snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig", + packagesite); + + if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) { + fprintf(stderr, "Signature for pkg not " + "available.\n"); + goto fetchfail; + } - snprintf(tmpsig, MAXPATHLEN, "%s/pkg.txz.sig.XXXXXX", - getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP); - snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.sig", - packagesite); + if (verify_signature(fd_pkg, fd_sig) == false) + goto cleanup; + } else if (strcasecmp(signature_type, "PUBKEY") == 0) { - if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) { - fprintf(stderr, "Signature for pkg not available.\n"); - goto fetchfail; - } + snprintf(tmpsig, MAXPATHLEN, + "%s/pkg.txz.pubkeysig.XXXXXX", + getenv("TMPDIR") ? getenv("TMPDIR") : _PATH_TMP); + snprintf(url, MAXPATHLEN, "%s/Latest/pkg.txz.pubkeysig", + packagesite); + + if ((fd_sig = fetch_to_fd(url, tmpsig)) == -1) { + fprintf(stderr, "Signature for pkg not " + "available.\n"); + goto fetchfail; + } - if (verify_signature(fd_pkg, fd_sig) == false) + if (verify_pubsignature(fd_pkg, fd_sig) == false) + goto cleanup; + } else { + warnx("Signature type %s is not supported for " + "bootstrapping.", signature_type); goto cleanup; + } } if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0) @@ -842,21 +960,37 @@ bootstrap_pkg_local(const char *pkgpath, } if (signature_type != NULL && strcasecmp(signature_type, "NONE") != 0) { - if (strcasecmp(signature_type, "FINGERPRINTS") != 0) { - warnx("Signature type %s is not supported for " - "bootstrapping.", signature_type); - goto cleanup; - } + if (strcasecmp(signature_type, "FINGERPRINTS") == 0) { - snprintf(path, sizeof(path), "%s.sig", pkgpath); + snprintf(path, sizeof(path), "%s.sig", pkgpath); - if ((fd_sig = open(path, O_RDONLY)) == -1) { - fprintf(stderr, "Signature for pkg not available.\n"); - goto cleanup; - } + if ((fd_sig = open(path, O_RDONLY)) == -1) { + fprintf(stderr, "Signature for pkg not " + "available.\n"); + goto cleanup; + } - if (verify_signature(fd_pkg, fd_sig) == false) + if (verify_signature(fd_pkg, fd_sig) == false) + goto cleanup; + + } else if (strcasecmp(signature_type, "PUBKEY") == 0) { + + snprintf(path, sizeof(path), "%s.pubkeysig", pkgpath); + + if ((fd_sig = open(path, O_RDONLY)) == -1) { + fprintf(stderr, "Signature for pkg not " + "available.\n"); + goto cleanup; + } + + if (verify_pubsignature(fd_pkg, fd_sig) == false) + goto cleanup; + + } else { + warnx("Signature type %s is not supported for " + "bootstrapping.", signature_type); goto cleanup; + } } if ((ret = extract_pkg_static(fd_pkg, pkgstatic, MAXPATHLEN)) == 0) From owner-svn-src-stable-9@freebsd.org Tue Sep 15 06:22:51 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B84D6A03367; Tue, 15 Sep 2015 06:22:51 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A8B521307; Tue, 15 Sep 2015 06:22:51 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8F6Mpsk004258; Tue, 15 Sep 2015 06:22:51 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8F6MpRO004257; Tue, 15 Sep 2015 06:22:51 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201509150622.t8F6MpRO004257@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Tue, 15 Sep 2015 06:22:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287812 - stable/9/usr.sbin/pkg X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 06:22:51 -0000 Author: bapt Date: Tue Sep 15 06:22:50 2015 New Revision: 287812 URL: https://svnweb.freebsd.org/changeset/base/287812 Log: MFC: r281039 Allow fetching pkg(8) even if servers/proxies are not passing Content-length Modified: stable/9/usr.sbin/pkg/pkg.c Directory Properties: stable/9/usr.sbin/pkg/ (props changed) Modified: stable/9/usr.sbin/pkg/pkg.c ============================================================================== --- stable/9/usr.sbin/pkg/pkg.c Tue Sep 15 06:21:33 2015 (r287811) +++ stable/9/usr.sbin/pkg/pkg.c Tue Sep 15 06:22:50 2015 (r287812) @@ -47,7 +47,6 @@ __FBSDID("$FreeBSD$"); #include #include #include -#include #include #include @@ -182,14 +181,11 @@ fetch_to_fd(const char *url, char *path) /* To store _https._tcp. + hostname + \0 */ int fd; int retry, max_retry; - off_t done, r; - time_t now, last; + ssize_t r; char buf[10240]; char zone[MAXHOSTNAMELEN + 13]; static const char *mirror_type = NULL; - done = 0; - last = 0; max_retry = 3; current = mirrors = NULL; remote = NULL; @@ -239,19 +235,16 @@ fetch_to_fd(const char *url, char *path) } } - while (done < st.size) { - if ((r = fread(buf, 1, sizeof(buf), remote)) < 1) - break; - + while ((r = fread(buf, 1, sizeof(buf), remote)) > 0) { if (write(fd, buf, r) != r) { warn("write()"); goto fetchfail; } + } - done += r; - now = time(NULL); - if (now > last || done == st.size) - last = now; + if (r != 0) { + warn("An error occurred while fetching pkg(8)"); + goto fetchfail; } if (ferror(remote)) From owner-svn-src-stable-9@freebsd.org Tue Sep 15 08:34:33 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C2B2EA0356B; Tue, 15 Sep 2015 08:34:33 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B370C1CCC; Tue, 15 Sep 2015 08:34:33 +0000 (UTC) (envelope-from bapt@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8F8YX45062573; Tue, 15 Sep 2015 08:34:33 GMT (envelope-from bapt@FreeBSD.org) Received: (from bapt@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8F8YXPu062572; Tue, 15 Sep 2015 08:34:33 GMT (envelope-from bapt@FreeBSD.org) Message-Id: <201509150834.t8F8YXPu062572@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bapt set sender to bapt@FreeBSD.org using -f From: Baptiste Daroussin Date: Tue, 15 Sep 2015 08:34:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287814 - stable/9/usr.sbin/pkg X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Sep 2015 08:34:33 -0000 Author: bapt Date: Tue Sep 15 08:34:32 2015 New Revision: 287814 URL: https://svnweb.freebsd.org/changeset/base/287814 Log: Fix build with gcc Modified: stable/9/usr.sbin/pkg/pkg.c Modified: stable/9/usr.sbin/pkg/pkg.c ============================================================================== --- stable/9/usr.sbin/pkg/pkg.c Tue Sep 15 06:48:19 2015 (r287813) +++ stable/9/usr.sbin/pkg/pkg.c Tue Sep 15 08:34:32 2015 (r287814) @@ -502,7 +502,7 @@ load_rsa_public_key_file(const char *fil } static RSA * -load_rsa_public_key_buf(const unsigned char *cert, int certlen) +load_rsa_public_key_buf(unsigned char *cert, int certlen) { RSA *rsa = NULL; BIO *bp; @@ -521,7 +521,7 @@ load_rsa_public_key_buf(const unsigned c static bool -rsa_verify_cert(int fd, const char *sigfile, const unsigned char *key, +rsa_verify_cert(int fd, const char *sigfile, unsigned char *key, int keylen, unsigned char *sig, int siglen) { char sha256[SHA256_DIGEST_LENGTH *2 +1]; From owner-svn-src-stable-9@freebsd.org Wed Sep 16 00:45:49 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CED799C2F4D; Wed, 16 Sep 2015 00:45:49 +0000 (UTC) (envelope-from yongari@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BF7EA1E63; Wed, 16 Sep 2015 00:45:49 +0000 (UTC) (envelope-from yongari@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8G0jnpq086191; Wed, 16 Sep 2015 00:45:49 GMT (envelope-from yongari@FreeBSD.org) Received: (from yongari@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8G0jnMs086190; Wed, 16 Sep 2015 00:45:49 GMT (envelope-from yongari@FreeBSD.org) Message-Id: <201509160045.t8G0jnMs086190@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: yongari set sender to yongari@FreeBSD.org using -f From: Pyun YongHyeon Date: Wed, 16 Sep 2015 00:45:49 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287840 - stable/9/sys/dev/msk X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2015 00:45:49 -0000 Author: yongari Date: Wed Sep 16 00:45:48 2015 New Revision: 287840 URL: https://svnweb.freebsd.org/changeset/base/287840 Log: MFC r287238: Set DMA alignment constraint of status, TX and RX LEs(List Elements in Marvell terms) to 32768. 32768 looks overkill but it will ensure correct DMAed update. This change addresses occasional watchdog timeouts reported on 10.2-RELEASE. Modified: stable/9/sys/dev/msk/if_mskreg.h Directory Properties: stable/9/sys/ (props changed) stable/9/sys/dev/ (props changed) Modified: stable/9/sys/dev/msk/if_mskreg.h ============================================================================== --- stable/9/sys/dev/msk/if_mskreg.h Wed Sep 16 00:25:40 2015 (r287839) +++ stable/9/sys/dev/msk/if_mskreg.h Wed Sep 16 00:45:48 2015 (r287840) @@ -2175,13 +2175,8 @@ #define MSK_ADDR_LO(x) ((uint64_t) (x) & 0xffffffffUL) #define MSK_ADDR_HI(x) ((uint64_t) (x) >> 32) -/* - * At first I guessed 8 bytes, the size of a single descriptor, would be - * required alignment constraints. But, it seems that Yukon II have 4096 - * bytes boundary alignment constraints. - */ -#define MSK_RING_ALIGN 4096 -#define MSK_STAT_ALIGN 4096 +#define MSK_RING_ALIGN 32768 +#define MSK_STAT_ALIGN 32768 /* Rx descriptor data structure */ struct msk_rx_desc { From owner-svn-src-stable-9@freebsd.org Wed Sep 16 23:33:14 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 576A49CEB0F; Wed, 16 Sep 2015 23:33:14 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 479C41DD5; Wed, 16 Sep 2015 23:33:14 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8GNXEc5057281; Wed, 16 Sep 2015 23:33:14 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8GNXEnv057280; Wed, 16 Sep 2015 23:33:14 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201509162333.t8GNXEnv057280@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Wed, 16 Sep 2015 23:33:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287881 - in stable: 10/release/doc/share/xml 9/release/doc/share/xml X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Sep 2015 23:33:14 -0000 Author: gjb Date: Wed Sep 16 23:33:12 2015 New Revision: 287881 URL: https://svnweb.freebsd.org/changeset/base/287881 Log: Document EN-15:16, EN-15:17, EN-15:18. Sponsored by: The FreeBSD Foundation Modified: stable/9/release/doc/share/xml/errata.xml Changes in other areas also in this revision: Modified: stable/10/release/doc/share/xml/errata.xml Modified: stable/9/release/doc/share/xml/errata.xml ============================================================================== --- stable/9/release/doc/share/xml/errata.xml Wed Sep 16 23:09:31 2015 (r287880) +++ stable/9/release/doc/share/xml/errata.xml Wed Sep 16 23:33:12 2015 (r287881) @@ -108,6 +108,14 @@ Insufficient check of supported &man.pkg.7; signature methods. + + + FreeBSD-EN-15:18.pkg + 16 September 2015 + Implement pubkey support for + &man.pkg.7; bootstrap. + From owner-svn-src-stable-9@freebsd.org Thu Sep 17 00:37:41 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 024F39CE076; Thu, 17 Sep 2015 00:37:41 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E75ED18A3; Thu, 17 Sep 2015 00:37:40 +0000 (UTC) (envelope-from pfg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id t8H0be6j083011; Thu, 17 Sep 2015 00:37:40 GMT (envelope-from pfg@FreeBSD.org) Received: (from pfg@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id t8H0beLr083010; Thu, 17 Sep 2015 00:37:40 GMT (envelope-from pfg@FreeBSD.org) Message-Id: <201509170037.t8H0beLr083010@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: pfg set sender to pfg@FreeBSD.org using -f From: "Pedro F. Giffuni" Date: Thu, 17 Sep 2015 00:37:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r287891 - stable/9/usr.bin/calendar/calendars X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Sep 2015 00:37:41 -0000 Author: pfg Date: Thu Sep 17 00:37:40 2015 New Revision: 287891 URL: https://svnweb.freebsd.org/changeset/base/287891 Log: MFC r286891, r286893: calendar(1): add a few more dates to the Christian calendar Bring some well established holidays that also happen to be legal holidays in many Catholic countries. Modified: stable/9/usr.bin/calendar/calendars/calendar.christian Directory Properties: stable/9/usr.bin/calendar/ (props changed) stable/9/usr.bin/calendar/calendars/ (props changed) Modified: stable/9/usr.bin/calendar/calendars/calendar.christian ============================================================================== --- stable/9/usr.bin/calendar/calendars/calendar.christian Thu Sep 17 00:36:18 2015 (r287890) +++ stable/9/usr.bin/calendar/calendars/calendar.christian Thu Sep 17 00:37:40 2015 (r287891) @@ -5,8 +5,9 @@ */ #ifndef _calendar_christian_ -#define _calendar_christian_ +#define _calendar_christian_ +01/01 Solemnity of Mary, Mother of God 01/05 Last (twelfth) day of Christmastide 01/06 Epiphany Easter-47 Shrove Tuesday / Mardi Gras (day before Ash Wednesday) @@ -21,10 +22,13 @@ Easter+50 Whitmonday Easter+56 Trinity Sunday (7 days after Pentecost) Easter+60 Corpus Christi (11 days after Pentecost) 05/28* Rogation Sunday +08/15 Assumption of the Blessed Virgin Mary 10/18 Feast Day of St. Luke +11/01 All Saints' Day 11/SunLast First Sunday of Advent (4th Sunday before Christmas) 12/SunFirst First Sunday of Advent (4th Sunday before Christmas) 12/06 St. Nicholas' Day +12/08 Feast of the Immaculate Conception 12/24 Christmas Eve 12/25 Christmastide begins: First day of Christmas 12/26 Second day of Christmas (Boxing Day)