From owner-svn-src-stable@freebsd.org Sun Feb 28 10:27:36 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3397AB6189; Sun, 28 Feb 2016 10:27:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6756DB67; Sun, 28 Feb 2016 10:27:36 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1aZyZU-000Ed9-Ta; Sun, 28 Feb 2016 13:27:28 +0300 Date: Sun, 28 Feb 2016 13:27:28 +0300 From: Slawa Olhovchenkov To: Bryan Drewery Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: Re: svn commit: r296146 - stable/9/sys/dev/filemon Message-ID: <20160228102728.GA94639@zxy.spb.ru> References: <201602272057.u1RKvYfF035338@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201602272057.u1RKvYfF035338@repo.freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2016 10:27:36 -0000 On Sat, Feb 27, 2016 at 08:57:34PM +0000, Bryan Drewery wrote: > Author: bdrewery > Date: Sat Feb 27 20:57:34 2016 > New Revision: 296146 > URL: https://svnweb.freebsd.org/changeset/base/296146 > > Log: > MFC r242088: > > Desupport pre-FreeBSD 7.1. > > Modified: > stable/9/sys/dev/filemon/filemon.c > Directory Properties: > stable/9/sys/ (props changed) > stable/9/sys/dev/ (props changed) > -#if __FreeBSD_version < 701000 Not specialy to this commit, just for information: what purpose to have in src tree, already divided to branches, pieces of code under #if? Of couse, question not about external maintained code. From owner-svn-src-stable@freebsd.org Sun Feb 28 12:29:44 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DE8DEAA708F; Sun, 28 Feb 2016 12:29:44 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: from spindle.one-eyed-alien.net (spindle.one-eyed-alien.net [199.48.129.229]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BD9001B82; Sun, 28 Feb 2016 12:29:44 +0000 (UTC) (envelope-from brooks@spindle.one-eyed-alien.net) Received: by spindle.one-eyed-alien.net (Postfix, from userid 3001) id BB8845A9F0E; Sun, 28 Feb 2016 12:20:09 +0000 (UTC) Date: Sun, 28 Feb 2016 12:20:09 +0000 From: Brooks Davis To: Slawa Olhovchenkov Cc: Bryan Drewery , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: Re: svn commit: r296146 - stable/9/sys/dev/filemon Message-ID: <20160228122008.GA27425@spindle.one-eyed-alien.net> References: <201602272057.u1RKvYfF035338@repo.freebsd.org> <20160228102728.GA94639@zxy.spb.ru> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YZ5djTAD1cGYuMQK" Content-Disposition: inline In-Reply-To: <20160228102728.GA94639@zxy.spb.ru> User-Agent: Mutt/1.5.24 (2015-08-30) X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2016 12:29:45 -0000 --YZ5djTAD1cGYuMQK Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Feb 28, 2016 at 01:27:28PM +0300, Slawa Olhovchenkov wrote: > On Sat, Feb 27, 2016 at 08:57:34PM +0000, Bryan Drewery wrote: >=20 > > Author: bdrewery > > Date: Sat Feb 27 20:57:34 2016 > > New Revision: 296146 > > URL: https://svnweb.freebsd.org/changeset/base/296146 > >=20 > > Log: > > MFC r242088: > > =20 > > Desupport pre-FreeBSD 7.1. > >=20 > > Modified: > > stable/9/sys/dev/filemon/filemon.c > > Directory Properties: > > stable/9/sys/ (props changed) > > stable/9/sys/dev/ (props changed) > > -#if __FreeBSD_version < 701000 >=20 > Not specialy to this commit, just for information: what purpose to > have in src tree, already divided to branches, pieces of code under > #if? >=20 > Of couse, question not about external maintained code. Filemon started as externally maintained code and initially it was a bit ambiguous which direction changes would flow. Sometimes it's also useful to allow code in HEAD to just work when copied to stable so people can see if their problem is fixed without having to merge too much. In general though, we should remove code like this in things maintained entirely in tree. -- Brooks --YZ5djTAD1cGYuMQK Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW0uX3AAoJEKzQXbSebgfAlNIIAKCcVI5XPitD/GJoiddzvm2A Kcg7SH0KBA6TkUwMxGqeaW+zzgSgsPqXD1AmNhvpaSexG9Ue5VqsOJoxakajEvAt j5ZE7ypUAq6neNb4gXoNHEmyIH/1fKLsC87QFhkCP49AAi+gga9ywcD0g9df9N+m m9ZOpAJwLRe/NBI1AnKMeNylvCL9jp9u1Cgi7oXOc2SjquemkR90X+KszhH5E/j+ LFRsPdMdoFZ7pg7stQ8QYNHY1rGZ+LsNZb342kK77UgsNYyevi/SEgGdwfVD5zN5 6iuoW1zXrUGppRkey9Z0OPVaEgPVxQimjtQi83ESMYlmA/IFQBx0TO3Gg01+I40= =mXzP -----END PGP SIGNATURE----- --YZ5djTAD1cGYuMQK-- From owner-svn-src-stable@freebsd.org Sun Feb 28 12:37:26 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B36AAAA7432; Sun, 28 Feb 2016 12:37:26 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 76EA2A9; Sun, 28 Feb 2016 12:37:26 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1aa0bE-000HNB-62; Sun, 28 Feb 2016 15:37:24 +0300 Date: Sun, 28 Feb 2016 15:37:24 +0300 From: Slawa Olhovchenkov To: Brooks Davis Cc: Bryan Drewery , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: Re: svn commit: r296146 - stable/9/sys/dev/filemon Message-ID: <20160228123724.GC11654@zxy.spb.ru> References: <201602272057.u1RKvYfF035338@repo.freebsd.org> <20160228102728.GA94639@zxy.spb.ru> <20160228122008.GA27425@spindle.one-eyed-alien.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160228122008.GA27425@spindle.one-eyed-alien.net> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Feb 2016 12:37:26 -0000 On Sun, Feb 28, 2016 at 12:20:09PM +0000, Brooks Davis wrote: > On Sun, Feb 28, 2016 at 01:27:28PM +0300, Slawa Olhovchenkov wrote: > > On Sat, Feb 27, 2016 at 08:57:34PM +0000, Bryan Drewery wrote: > > > > > Author: bdrewery > > > Date: Sat Feb 27 20:57:34 2016 > > > New Revision: 296146 > > > URL: https://svnweb.freebsd.org/changeset/base/296146 > > > > > > Log: > > > MFC r242088: > > > > > > Desupport pre-FreeBSD 7.1. > > > > > > Modified: > > > stable/9/sys/dev/filemon/filemon.c > > > Directory Properties: > > > stable/9/sys/ (props changed) > > > stable/9/sys/dev/ (props changed) > > > -#if __FreeBSD_version < 701000 > > > > Not specialy to this commit, just for information: what purpose to > > have in src tree, already divided to branches, pieces of code under > > #if? > > > > Of couse, question not about external maintained code. > > Filemon started as externally maintained code and initially it was > a bit ambiguous which direction changes would flow. I.e. historical behaviour. > Sometimes it's also useful to allow code in HEAD to just work when > copied to stable so people can see if their problem is fixed without > having to merge too much. Please, check me: in mostly cases this is equivalent of MFC in one commit (and have same complexity as MFC) but w/o actualy MFC. > In general though, we should remove code like > this in things maintained entirely in tree. Thanks! From owner-svn-src-stable@freebsd.org Mon Feb 29 15:45:44 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C8E43AB8AD3; Mon, 29 Feb 2016 15:45:44 +0000 (UTC) (envelope-from jimharris@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 95617B6A; Mon, 29 Feb 2016 15:45:44 +0000 (UTC) (envelope-from jimharris@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1TFjh2X097139; Mon, 29 Feb 2016 15:45:43 GMT (envelope-from jimharris@FreeBSD.org) Received: (from jimharris@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1TFjhID097138; Mon, 29 Feb 2016 15:45:43 GMT (envelope-from jimharris@FreeBSD.org) Message-Id: <201602291545.u1TFjhID097138@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jimharris set sender to jimharris@FreeBSD.org using -f From: Jim Harris Date: Mon, 29 Feb 2016 15:45:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296191 - stable/10/sys/dev/nvme X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Feb 2016 15:45:44 -0000 Author: jimharris Date: Mon Feb 29 15:45:43 2016 New Revision: 296191 URL: https://svnweb.freebsd.org/changeset/base/296191 Log: MFC r295944: nvme: fix intx handler to not dereference ioq during initialization This was a regression from r293328, which deferred allocation of the controller's ioq array until after interrupts are enabled during boot. Approved by: re (gjb) Sponsored by: Intel Modified: stable/10/sys/dev/nvme/nvme_ctrlr.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/nvme/nvme_ctrlr.c ============================================================================== --- stable/10/sys/dev/nvme/nvme_ctrlr.c Mon Feb 29 14:46:39 2016 (r296190) +++ stable/10/sys/dev/nvme/nvme_ctrlr.c Mon Feb 29 15:45:43 2016 (r296191) @@ -810,7 +810,7 @@ nvme_ctrlr_intx_handler(void *arg) nvme_qpair_process_completions(&ctrlr->adminq); - if (ctrlr->ioq[0].cpl) + if (ctrlr->ioq && ctrlr->ioq[0].cpl) nvme_qpair_process_completions(&ctrlr->ioq[0]); nvme_mmio_write_4(ctrlr, intmc, 1); From owner-svn-src-stable@freebsd.org Mon Feb 29 16:44:56 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 31786AB7279; Mon, 29 Feb 2016 16:44:56 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id 1556511AF; Mon, 29 Feb 2016 16:44:56 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [IPv6:::1]) by freefall.freebsd.org (Postfix) with ESMTP id 0BFC41DDF; Mon, 29 Feb 2016 16:44:56 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from mail.xzibition.com (localhost [172.31.3.2]) by mail.xzibition.com (Postfix) with ESMTP id 8763F1C5E7; Mon, 29 Feb 2016 16:44:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at mail.xzibition.com Received: from mail.xzibition.com ([172.31.3.2]) by mail.xzibition.com (mail.xzibition.com [172.31.3.2]) (amavisd-new, port 10026) with LMTP id egVCx0Xuu0ZQ; Mon, 29 Feb 2016 16:44:51 +0000 (UTC) Subject: Re: svn commit: r296146 - stable/9/sys/dev/filemon DKIM-Filter: OpenDKIM Filter v2.9.2 mail.xzibition.com 84A0F1C5E1 To: Slawa Olhovchenkov , Brooks Davis References: <201602272057.u1RKvYfF035338@repo.freebsd.org> <20160228102728.GA94639@zxy.spb.ru> <20160228122008.GA27425@spindle.one-eyed-alien.net> <20160228123724.GC11654@zxy.spb.ru> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org From: Bryan Drewery Organization: FreeBSD Message-ID: <56D47581.60802@FreeBSD.org> Date: Mon, 29 Feb 2016 08:44:49 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <20160228123724.GC11654@zxy.spb.ru> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Feb 2016 16:44:56 -0000 On 2/28/16 4:37 AM, Slawa Olhovchenkov wrote: > On Sun, Feb 28, 2016 at 12:20:09PM +0000, Brooks Davis wrote: >=20 >> On Sun, Feb 28, 2016 at 01:27:28PM +0300, Slawa Olhovchenkov wrote: >>> On Sat, Feb 27, 2016 at 08:57:34PM +0000, Bryan Drewery wrote: >>> >>>> Author: bdrewery >>>> Date: Sat Feb 27 20:57:34 2016 >>>> New Revision: 296146 >>>> URL: https://svnweb.freebsd.org/changeset/base/296146 >>>> >>>> Log: >>>> MFC r242088: >>>> =20 >>>> Desupport pre-FreeBSD 7.1. >>>> >>>> Modified: >>>> stable/9/sys/dev/filemon/filemon.c >>>> Directory Properties: >>>> stable/9/sys/ (props changed) >>>> stable/9/sys/dev/ (props changed) >>>> -#if __FreeBSD_version < 701000 >>> >>> Not specialy to this commit, just for information: what purpose to >>> have in src tree, already divided to branches, pieces of code under >>> #if? >>> >>> Of couse, question not about external maintained code. >> >> Filemon started as externally maintained code and initially it was >> a bit ambiguous which direction changes would flow. >=20 > I.e. historical behaviour. >=20 >> Sometimes it's also useful to allow code in HEAD to just work when >> copied to stable so people can see if their problem is fixed without >> having to merge too much. >=20 > Please, check me: in mostly cases this is equivalent of MFC in one > commit (and have same complexity as MFC) but w/o actualy MFC. Yes. For example, in the MFC of some filemon changes to stable/10 and stable/9 I had to make this change directly in the MFC that I was not expecting and did not get audited well in SVN: > diff --git a/sys/dev/filemon/filemon_wrapper.c b/sys/dev/filemon/filemo= n_wrapper.c > index a20ece5..d08aa6f 100644 > --- a/sys/dev/filemon/filemon_wrapper.c > +++ b/sys/dev/filemon/filemon_wrapper.c > @@ -424,7 +424,7 @@ filemon_event_process_exit(void *arg __unused, stru= ct proc *p) >=20 > if ((filemon =3D filemon_pid_check(p)) !=3D NULL) { > len =3D snprintf(filemon->msgbufr, sizeof(filemon->msgb= ufr), > - "X %d %d %d\n", p->p_pid, p->p_xexit, p->p_xsig); > + "X %d %d\n", p->p_pid, W_EXITCODE(p->p_xstat, 0)); >=20 > filemon_output(filemon, filemon->msgbufr, len); It is possible to add both versions in head such that the MFC is safe and easy, but it pollutes head and I think it generally should not be don= e. >=20 >> In general though, we should remove code like >> this in things maintained entirely in tree. >=20 > Thanks! >=20 --=20 Regards, Bryan Drewery From owner-svn-src-stable@freebsd.org Mon Feb 29 18:55:28 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7DACAB8942; Mon, 29 Feb 2016 18:55:28 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7A118137A; Mon, 29 Feb 2016 18:55:28 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1TItRW8054780; Mon, 29 Feb 2016 18:55:27 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1TItRLT054777; Mon, 29 Feb 2016 18:55:27 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201602291855.u1TItRLT054777@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Mon, 29 Feb 2016 18:55:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r296219 - in stable/9: . sys/compat/linux sys/sys X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Feb 2016 18:55:28 -0000 Author: rene (doc,ports committer) Date: Mon Feb 29 18:55:27 2016 New Revision: 296219 URL: https://svnweb.freebsd.org/changeset/base/296219 Log: MFC r271982: Bump the default version of the Linux emulation layer to 2.6.18 to support the CentOS 6 ports out of the box. MFC r271990: Add a note to UPDATING Approved by: dchagin Differential Revision: https://reviews.freebsd.org/D5418 Modified: stable/9/UPDATING (contents, props changed) stable/9/sys/compat/linux/linux_mib.c stable/9/sys/sys/param.h Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/UPDATING ============================================================================== --- stable/9/UPDATING Mon Feb 29 18:35:16 2016 (r296218) +++ stable/9/UPDATING Mon Feb 29 18:55:27 2016 (r296219) @@ -30,6 +30,14 @@ Items affecting the ports and packages s sendmail default for client connections has been raised to 1024 bits. +20140922: + At svn r271982, The default linux compat kernel ABI has been adjusted + to 2.6.18 in support of the linux-c6 compat ports infrastructure + update. If you wish to continue using the linux-f10 compat ports, + add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are + encouraged to update their linux-compat packages to linux-c6 during + their next update cycle. + 20140717: It is no longer necessary to include the dwarf version in your DEBUG options in your kernel config file. The bug that required it to be Modified: stable/9/sys/compat/linux/linux_mib.c ============================================================================== --- stable/9/sys/compat/linux/linux_mib.c Mon Feb 29 18:35:16 2016 (r296218) +++ stable/9/sys/compat/linux/linux_mib.c Mon Feb 29 18:55:27 2016 (r296219) @@ -129,9 +129,9 @@ struct linux_prison { static struct linux_prison lprison0 = { .pr_osname = "Linux", - .pr_osrelease = "2.6.16", + .pr_osrelease = "2.6.18", .pr_oss_version = 0x030600, - .pr_osrel = 2006016 + .pr_osrel = 2006018 }; static unsigned linux_osd_jail_slot; Modified: stable/9/sys/sys/param.h ============================================================================== --- stable/9/sys/sys/param.h Mon Feb 29 18:35:16 2016 (r296218) +++ stable/9/sys/sys/param.h Mon Feb 29 18:55:27 2016 (r296219) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 903508 /* Master, propagated to newvers */ +#define __FreeBSD_version 903509 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, From owner-svn-src-stable@freebsd.org Mon Feb 29 18:58:27 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC302AB8AC3; Mon, 29 Feb 2016 18:58:27 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BC9EA176C; Mon, 29 Feb 2016 18:58:27 +0000 (UTC) (envelope-from rene@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u1TIwQSQ054907; Mon, 29 Feb 2016 18:58:26 GMT (envelope-from rene@FreeBSD.org) Received: (from rene@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u1TIwQ7I054906; Mon, 29 Feb 2016 18:58:26 GMT (envelope-from rene@FreeBSD.org) Message-Id: <201602291858.u1TIwQ7I054906@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: rene set sender to rene@FreeBSD.org using -f From: Rene Ladan Date: Mon, 29 Feb 2016 18:58:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r296220 - stable/9 X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Feb 2016 18:58:28 -0000 Author: rene (doc,ports committer) Date: Mon Feb 29 18:58:26 2016 New Revision: 296220 URL: https://svnweb.freebsd.org/changeset/base/296220 Log: UPDATING: move the note about the Linux kernel version bump to the top and adjust the date and SVN revision number. Modified: stable/9/UPDATING Modified: stable/9/UPDATING ============================================================================== --- stable/9/UPDATING Mon Feb 29 18:55:27 2016 (r296219) +++ stable/9/UPDATING Mon Feb 29 18:58:26 2016 (r296220) @@ -11,6 +11,14 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20160229: + At svn r296219, the default linux compat kernel ABI has been adjusted + to 2.6.18 in support of the linux-c6 compat ports infrastructure + update. If you wish to continue using the linux-f10 compat ports, + add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are + encouraged to update their linux-compat packages to linux-c6 during + their next update cycle. + 20151026: NTP has been upgraded to 4.2.8p4. The configuration file syntax has been changed, thus mergemaster @@ -30,14 +38,6 @@ Items affecting the ports and packages s sendmail default for client connections has been raised to 1024 bits. -20140922: - At svn r271982, The default linux compat kernel ABI has been adjusted - to 2.6.18 in support of the linux-c6 compat ports infrastructure - update. If you wish to continue using the linux-f10 compat ports, - add compat.linux.osrelease=2.6.16 to your local sysctl.conf. Users are - encouraged to update their linux-compat packages to linux-c6 during - their next update cycle. - 20140717: It is no longer necessary to include the dwarf version in your DEBUG options in your kernel config file. The bug that required it to be From owner-svn-src-stable@freebsd.org Tue Mar 1 02:07:16 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 03375AA99D2; Tue, 1 Mar 2016 02:07:16 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D2A45138A; Tue, 1 Mar 2016 02:07:15 +0000 (UTC) (envelope-from sephe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2127EJB082030; Tue, 1 Mar 2016 02:07:14 GMT (envelope-from sephe@FreeBSD.org) Received: (from sephe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2127E7X082027; Tue, 1 Mar 2016 02:07:14 GMT (envelope-from sephe@FreeBSD.org) Message-Id: <201603010207.u2127E7X082027@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: sephe set sender to sephe@FreeBSD.org using -f From: Sepherosa Ziehau Date: Tue, 1 Mar 2016 02:07:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296248 - in stable/10/sys/dev/hyperv: netvsc vmbus X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2016 02:07:16 -0000 Author: sephe Date: Tue Mar 1 02:07:14 2016 New Revision: 296248 URL: https://svnweb.freebsd.org/changeset/base/296248 Log: MFC [Hyper-V]: r296028 hyperv: Wait 5 seconds for hyperv result, instead of 500ms This addresses various devices (network, stoarge) attach failure. Approved by: re (gjb) Reported by: Hongxiong Xian Tested by: Hongxiong Xian Sponsored by: Microsoft OSTC Differential Revision: https://reviews.freebsd.org/D5435 Modified: stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c stable/10/sys/dev/hyperv/vmbus/hv_channel.c stable/10/sys/dev/hyperv/vmbus/hv_connection.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c ============================================================================== --- stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c Tue Mar 1 01:04:53 2016 (r296247) +++ stable/10/sys/dev/hyperv/netvsc/hv_rndis_filter.c Tue Mar 1 02:07:14 2016 (r296248) @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -358,7 +359,7 @@ hv_rf_send_offload_request(struct hv_dev goto cleanup; } - ret = sema_timedwait(&request->wait_sema, 500); + ret = sema_timedwait(&request->wait_sema, 5 * hz); if (ret != 0) { device_printf(dev, "hv send offload request timeout\n"); goto cleanup; @@ -625,7 +626,7 @@ hv_rf_set_packet_filter(rndis_device *de * us when the response has arrived. In the failure case, * sema_timedwait() returns a non-zero status after waiting 5 seconds. */ - ret = sema_timedwait(&request->wait_sema, 500); + ret = sema_timedwait(&request->wait_sema, 5 * hz); if (ret == 0) { /* Response received, check status */ set_complete = &request->response_msg.msg.set_complete; Modified: stable/10/sys/dev/hyperv/vmbus/hv_channel.c ============================================================================== --- stable/10/sys/dev/hyperv/vmbus/hv_channel.c Tue Mar 1 01:04:53 2016 (r296247) +++ stable/10/sys/dev/hyperv/vmbus/hv_channel.c Tue Mar 1 02:07:14 2016 (r296248) @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -192,7 +193,7 @@ hv_vmbus_channel_open( if (ret != 0) goto cleanup; - ret = sema_timedwait(&open_info->wait_sema, 500); /* KYS 5 seconds */ + ret = sema_timedwait(&open_info->wait_sema, 5 * hz); /* KYS 5 seconds */ if (ret) { if(bootverbose) @@ -437,7 +438,7 @@ hv_vmbus_channel_establish_gpadl( } } - ret = sema_timedwait(&msg_info->wait_sema, 500); /* KYS 5 seconds*/ + ret = sema_timedwait(&msg_info->wait_sema, 5 * hz); /* KYS 5 seconds*/ if (ret != 0) goto cleanup; @@ -497,7 +498,7 @@ hv_vmbus_channel_teardown_gpdal( if (ret != 0) goto cleanup; - ret = sema_timedwait(&info->wait_sema, 500); /* KYS 5 seconds */ + ret = sema_timedwait(&info->wait_sema, 5 * hz); /* KYS 5 seconds */ cleanup: /* Modified: stable/10/sys/dev/hyperv/vmbus/hv_connection.c ============================================================================== --- stable/10/sys/dev/hyperv/vmbus/hv_connection.c Tue Mar 1 01:04:53 2016 (r296247) +++ stable/10/sys/dev/hyperv/vmbus/hv_connection.c Tue Mar 1 02:07:14 2016 (r296248) @@ -30,6 +30,7 @@ __FBSDID("$FreeBSD$"); #include +#include #include #include #include @@ -126,7 +127,7 @@ hv_vmbus_negotiate_version(hv_vmbus_chan /** * Wait for the connection response */ - ret = sema_timedwait(&msg_info->wait_sema, 500); /* KYS 5 seconds */ + ret = sema_timedwait(&msg_info->wait_sema, 5 * hz); /* KYS 5 seconds */ mtx_lock_spin(&hv_vmbus_g_connection.channel_msg_lock); TAILQ_REMOVE( From owner-svn-src-stable@freebsd.org Tue Mar 1 17:33:28 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D24B9ABE1F8; Tue, 1 Mar 2016 17:33:28 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A2F4F1E69; Tue, 1 Mar 2016 17:33:28 +0000 (UTC) (envelope-from ian@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u21HXR4m059945; Tue, 1 Mar 2016 17:33:27 GMT (envelope-from ian@FreeBSD.org) Received: (from ian@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u21HXRbq059944; Tue, 1 Mar 2016 17:33:27 GMT (envelope-from ian@FreeBSD.org) Message-Id: <201603011733.u21HXRbq059944@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ian set sender to ian@FreeBSD.org using -f From: Ian Lepore Date: Tue, 1 Mar 2016 17:33:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r296270 - stable/8/etc/mtree X-SVN-Group: stable-8 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Mar 2016 17:33:28 -0000 Author: ian Date: Tue Mar 1 17:33:27 2016 New Revision: 296270 URL: https://svnweb.freebsd.org/changeset/base/296270 Log: MFC r255949: Create /var/cache with mode 0755. pkg(8) expects this directory to exist, this allows using pkg on 8-stable. Modified: stable/8/etc/mtree/BSD.var.dist Directory Properties: stable/8/etc/ (props changed) Modified: stable/8/etc/mtree/BSD.var.dist ============================================================================== --- stable/8/etc/mtree/BSD.var.dist Tue Mar 1 16:10:15 2016 (r296269) +++ stable/8/etc/mtree/BSD.var.dist Tue Mar 1 17:33:27 2016 (r296270) @@ -24,6 +24,8 @@ /set gname=wheel backups .. + cache mode=0755 + .. crash .. cron From owner-svn-src-stable@freebsd.org Wed Mar 2 01:24:42 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CF9B7AC00D3; Wed, 2 Mar 2016 01:24:42 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9DC401493; Wed, 2 Mar 2016 01:24:42 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u221OfD2099822; Wed, 2 Mar 2016 01:24:41 GMT (envelope-from bdrewery@FreeBSD.org) Received: (from bdrewery@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u221OfqO099821; Wed, 2 Mar 2016 01:24:41 GMT (envelope-from bdrewery@FreeBSD.org) Message-Id: <201603020124.u221OfqO099821@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: bdrewery set sender to bdrewery@FreeBSD.org using -f From: Bryan Drewery Date: Wed, 2 Mar 2016 01:24:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296288 - stable/10/share/man/man5 X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 01:24:42 -0000 Author: bdrewery Date: Wed Mar 2 01:24:41 2016 New Revision: 296288 URL: https://svnweb.freebsd.org/changeset/base/296288 Log: MFC r295995: BDECFLAGS has not been available since r82604 removed /etc/defaults/make.conf. Approved by: re (gjb) Modified: stable/10/share/man/man5/make.conf.5 Directory Properties: stable/10/ (props changed) Modified: stable/10/share/man/man5/make.conf.5 ============================================================================== --- stable/10/share/man/man5/make.conf.5 Wed Mar 2 00:18:05 2016 (r296287) +++ stable/10/share/man/man5/make.conf.5 Wed Mar 2 01:24:41 2016 (r296288) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 17, 2014 +.Dd February 24, 2016 .Dt MAKE.CONF 5 .Os .Sh NAME @@ -141,16 +141,6 @@ Optimization levels other than and .Fl O2 are not supported. -.Va BDECFLAGS -is provided as a set of -.Xr cc 1 -settings suggested by -.An "Bruce Evans" Aq bde@FreeBSD.org -for developing and testing changes. -They can be used, if set, by: -.Bd -literal -offset indent -CFLAGS+=${BDECFLAGS} -.Ed .It Va CPUTYPE .Pq Vt str Controls which processor should be targeted for generated From owner-svn-src-stable@freebsd.org Wed Mar 2 13:38:22 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C6E85ABF3E8; Wed, 2 Mar 2016 13:38:22 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 99CF61A5E; Wed, 2 Mar 2016 13:38:22 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u22DcLDf017866; Wed, 2 Mar 2016 13:38:21 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u22DcL9l017864; Wed, 2 Mar 2016 13:38:21 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201603021338.u22DcL9l017864@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Wed, 2 Mar 2016 13:38:21 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296311 - in stable/10: sbin/ipfw sys/netpfil/ipfw X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 13:38:22 -0000 Author: ae Date: Wed Mar 2 13:38:21 2016 New Revision: 296311 URL: https://svnweb.freebsd.org/changeset/base/296311 Log: MFC r295969: Fix bug in filling and handling ipfw's O_DSCP opcode. Due to integer overflow CS4 token was handled as BE. PR: 207459 Approved by: re (gjb) Modified: stable/10/sbin/ipfw/ipfw2.c stable/10/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/ipfw/ipfw2.c ============================================================================== --- stable/10/sbin/ipfw/ipfw2.c Wed Mar 2 11:18:17 2016 (r296310) +++ stable/10/sbin/ipfw/ipfw2.c Wed Mar 2 13:38:21 2016 (r296311) @@ -779,7 +779,7 @@ fill_dscp(ipfw_insn *cmd, char *av, int errx(EX_DATAERR, "Invalid DSCP value"); } - if (code > 32) + if (code >= 32) *high |= 1 << (code - 32); else *low |= 1 << code; Modified: stable/10/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 2 11:18:17 2016 (r296310) +++ stable/10/sys/netpfil/ipfw/ip_fw2.c Wed Mar 2 13:38:21 2016 (r296311) @@ -1678,7 +1678,7 @@ do { \ break; /* DSCP bitmask is stored as low_u32 high_u32 */ - if (x > 32) + if (x >= 32) match = *(p + 1) & (1 << (x - 32)); else match = *p & (1 << x); From owner-svn-src-stable@freebsd.org Wed Mar 2 13:54:45 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 75B78ABFC35; Wed, 2 Mar 2016 13:54:45 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 46F2415FE; Wed, 2 Mar 2016 13:54:45 +0000 (UTC) (envelope-from ae@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u22Dsigx024167; Wed, 2 Mar 2016 13:54:44 GMT (envelope-from ae@FreeBSD.org) Received: (from ae@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u22Dsi30024165; Wed, 2 Mar 2016 13:54:44 GMT (envelope-from ae@FreeBSD.org) Message-Id: <201603021354.u22Dsi30024165@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: ae set sender to ae@FreeBSD.org using -f From: "Andrey V. Elsukov" Date: Wed, 2 Mar 2016 13:54:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r296312 - in stable/9: sbin/ipfw sys/netpfil/ipfw X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 13:54:45 -0000 Author: ae Date: Wed Mar 2 13:54:43 2016 New Revision: 296312 URL: https://svnweb.freebsd.org/changeset/base/296312 Log: MFC r295969: Fix bug in filling and handling ipfw's O_DSCP opcode. Due to integer overflow CS4 token was handled as BE. PR: 207459 Modified: stable/9/sbin/ipfw/ipfw2.c stable/9/sys/netpfil/ipfw/ip_fw2.c Directory Properties: stable/9/sbin/ipfw/ (props changed) stable/9/sys/ (props changed) stable/9/sys/netpfil/ (props changed) Modified: stable/9/sbin/ipfw/ipfw2.c ============================================================================== --- stable/9/sbin/ipfw/ipfw2.c Wed Mar 2 13:38:21 2016 (r296311) +++ stable/9/sbin/ipfw/ipfw2.c Wed Mar 2 13:54:43 2016 (r296312) @@ -779,7 +779,7 @@ fill_dscp(ipfw_insn *cmd, char *av, int errx(EX_DATAERR, "Invalid DSCP value"); } - if (code > 32) + if (code >= 32) *high |= 1 << (code - 32); else *low |= 1 << code; Modified: stable/9/sys/netpfil/ipfw/ip_fw2.c ============================================================================== --- stable/9/sys/netpfil/ipfw/ip_fw2.c Wed Mar 2 13:38:21 2016 (r296311) +++ stable/9/sys/netpfil/ipfw/ip_fw2.c Wed Mar 2 13:54:43 2016 (r296312) @@ -1679,7 +1679,7 @@ do { \ break; /* DSCP bitmask is stored as low_u32 high_u32 */ - if (x > 32) + if (x >= 32) match = *(p + 1) & (1 << (x - 32)); else match = *p & (1 << x); From owner-svn-src-stable@freebsd.org Wed Mar 2 15:43:04 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED4E8AC04D8; Wed, 2 Mar 2016 15:43:03 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 978EC19A9; Wed, 2 Mar 2016 15:43:03 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u22Fh2wg057680; Wed, 2 Mar 2016 15:43:02 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u22Fh1Tk057669; Wed, 2 Mar 2016 15:43:01 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201603021543.u22Fh1Tk057669@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Wed, 2 Mar 2016 15:43:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296317 - in stable/10: crypto/openssl crypto/openssl/apps crypto/openssl/crypto crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/crypto/bn/asm crypto/openssl/crypto/ds... X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Mar 2016 15:43:04 -0000 Author: delphij Date: Wed Mar 2 15:43:01 2016 New Revision: 296317 URL: https://svnweb.freebsd.org/changeset/base/296317 Log: Merge OpenSSL 1.0.1s. This is a security update. Relnotes: yes Approved by: re (so@ implicit) Modified: stable/10/crypto/openssl/CHANGES stable/10/crypto/openssl/Configure stable/10/crypto/openssl/Makefile stable/10/crypto/openssl/NEWS stable/10/crypto/openssl/README stable/10/crypto/openssl/apps/s_server.c stable/10/crypto/openssl/crypto/bio/b_print.c stable/10/crypto/openssl/crypto/bio/bio.h stable/10/crypto/openssl/crypto/bn/Makefile stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl stable/10/crypto/openssl/crypto/bn/bn.h stable/10/crypto/openssl/crypto/bn/bn_exp.c stable/10/crypto/openssl/crypto/bn/bn_print.c stable/10/crypto/openssl/crypto/bn/bn_recp.c stable/10/crypto/openssl/crypto/dsa/dsa_ameth.c stable/10/crypto/openssl/crypto/modes/ctr128.c stable/10/crypto/openssl/crypto/opensslconf.h stable/10/crypto/openssl/crypto/opensslv.h stable/10/crypto/openssl/crypto/perlasm/x86_64-xlate.pl stable/10/crypto/openssl/crypto/rsa/rsa_sign.c stable/10/crypto/openssl/crypto/srp/srp.h stable/10/crypto/openssl/crypto/srp/srp_vfy.c stable/10/crypto/openssl/doc/apps/ciphers.pod stable/10/crypto/openssl/doc/apps/s_client.pod stable/10/crypto/openssl/doc/apps/s_server.pod stable/10/crypto/openssl/doc/ssl/SSL_CTX_new.pod stable/10/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod stable/10/crypto/openssl/doc/ssl/ssl.pod stable/10/crypto/openssl/ssl/Makefile stable/10/crypto/openssl/ssl/s2_lib.c stable/10/crypto/openssl/ssl/s3_lib.c stable/10/crypto/openssl/ssl/ssl_lib.c stable/10/crypto/openssl/util/libeay.num stable/10/crypto/openssl/util/mk1mf.pl stable/10/crypto/openssl/util/pl/BC-32.pl stable/10/crypto/openssl/util/pl/Mingw32.pl stable/10/crypto/openssl/util/pl/OS2-EMX.pl stable/10/crypto/openssl/util/pl/VC-32.pl stable/10/crypto/openssl/util/pl/linux.pl stable/10/crypto/openssl/util/pl/netware.pl stable/10/crypto/openssl/util/pl/ultrix.pl stable/10/crypto/openssl/util/pl/unix.pl stable/10/secure/lib/libcrypto/Makefile.inc stable/10/secure/lib/libcrypto/amd64/x86_64-mont5.S stable/10/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 stable/10/secure/lib/libcrypto/man/ASN1_STRING_length.3 stable/10/secure/lib/libcrypto/man/ASN1_STRING_new.3 stable/10/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 stable/10/secure/lib/libcrypto/man/ASN1_generate_nconf.3 stable/10/secure/lib/libcrypto/man/BIO_ctrl.3 stable/10/secure/lib/libcrypto/man/BIO_f_base64.3 stable/10/secure/lib/libcrypto/man/BIO_f_buffer.3 stable/10/secure/lib/libcrypto/man/BIO_f_cipher.3 stable/10/secure/lib/libcrypto/man/BIO_f_md.3 stable/10/secure/lib/libcrypto/man/BIO_f_null.3 stable/10/secure/lib/libcrypto/man/BIO_f_ssl.3 stable/10/secure/lib/libcrypto/man/BIO_find_type.3 stable/10/secure/lib/libcrypto/man/BIO_new.3 stable/10/secure/lib/libcrypto/man/BIO_new_CMS.3 stable/10/secure/lib/libcrypto/man/BIO_push.3 stable/10/secure/lib/libcrypto/man/BIO_read.3 stable/10/secure/lib/libcrypto/man/BIO_s_accept.3 stable/10/secure/lib/libcrypto/man/BIO_s_bio.3 stable/10/secure/lib/libcrypto/man/BIO_s_connect.3 stable/10/secure/lib/libcrypto/man/BIO_s_fd.3 stable/10/secure/lib/libcrypto/man/BIO_s_file.3 stable/10/secure/lib/libcrypto/man/BIO_s_mem.3 stable/10/secure/lib/libcrypto/man/BIO_s_null.3 stable/10/secure/lib/libcrypto/man/BIO_s_socket.3 stable/10/secure/lib/libcrypto/man/BIO_set_callback.3 stable/10/secure/lib/libcrypto/man/BIO_should_retry.3 stable/10/secure/lib/libcrypto/man/BN_BLINDING_new.3 stable/10/secure/lib/libcrypto/man/BN_CTX_new.3 stable/10/secure/lib/libcrypto/man/BN_CTX_start.3 stable/10/secure/lib/libcrypto/man/BN_add.3 stable/10/secure/lib/libcrypto/man/BN_add_word.3 stable/10/secure/lib/libcrypto/man/BN_bn2bin.3 stable/10/secure/lib/libcrypto/man/BN_cmp.3 stable/10/secure/lib/libcrypto/man/BN_copy.3 stable/10/secure/lib/libcrypto/man/BN_generate_prime.3 stable/10/secure/lib/libcrypto/man/BN_mod_inverse.3 stable/10/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 stable/10/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 stable/10/secure/lib/libcrypto/man/BN_new.3 stable/10/secure/lib/libcrypto/man/BN_num_bytes.3 stable/10/secure/lib/libcrypto/man/BN_rand.3 stable/10/secure/lib/libcrypto/man/BN_set_bit.3 stable/10/secure/lib/libcrypto/man/BN_swap.3 stable/10/secure/lib/libcrypto/man/BN_zero.3 stable/10/secure/lib/libcrypto/man/CMS_add0_cert.3 stable/10/secure/lib/libcrypto/man/CMS_add1_recipient_cert.3 stable/10/secure/lib/libcrypto/man/CMS_add1_signer.3 stable/10/secure/lib/libcrypto/man/CMS_compress.3 stable/10/secure/lib/libcrypto/man/CMS_decrypt.3 stable/10/secure/lib/libcrypto/man/CMS_encrypt.3 stable/10/secure/lib/libcrypto/man/CMS_final.3 stable/10/secure/lib/libcrypto/man/CMS_get0_RecipientInfos.3 stable/10/secure/lib/libcrypto/man/CMS_get0_SignerInfos.3 stable/10/secure/lib/libcrypto/man/CMS_get0_type.3 stable/10/secure/lib/libcrypto/man/CMS_get1_ReceiptRequest.3 stable/10/secure/lib/libcrypto/man/CMS_sign.3 stable/10/secure/lib/libcrypto/man/CMS_sign_receipt.3 stable/10/secure/lib/libcrypto/man/CMS_uncompress.3 stable/10/secure/lib/libcrypto/man/CMS_verify.3 stable/10/secure/lib/libcrypto/man/CMS_verify_receipt.3 stable/10/secure/lib/libcrypto/man/CONF_modules_free.3 stable/10/secure/lib/libcrypto/man/CONF_modules_load_file.3 stable/10/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 stable/10/secure/lib/libcrypto/man/DH_generate_key.3 stable/10/secure/lib/libcrypto/man/DH_generate_parameters.3 stable/10/secure/lib/libcrypto/man/DH_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/DH_new.3 stable/10/secure/lib/libcrypto/man/DH_set_method.3 stable/10/secure/lib/libcrypto/man/DH_size.3 stable/10/secure/lib/libcrypto/man/DSA_SIG_new.3 stable/10/secure/lib/libcrypto/man/DSA_do_sign.3 stable/10/secure/lib/libcrypto/man/DSA_dup_DH.3 stable/10/secure/lib/libcrypto/man/DSA_generate_key.3 stable/10/secure/lib/libcrypto/man/DSA_generate_parameters.3 stable/10/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/DSA_new.3 stable/10/secure/lib/libcrypto/man/DSA_set_method.3 stable/10/secure/lib/libcrypto/man/DSA_sign.3 stable/10/secure/lib/libcrypto/man/DSA_size.3 stable/10/secure/lib/libcrypto/man/ERR_GET_LIB.3 stable/10/secure/lib/libcrypto/man/ERR_clear_error.3 stable/10/secure/lib/libcrypto/man/ERR_error_string.3 stable/10/secure/lib/libcrypto/man/ERR_get_error.3 stable/10/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 stable/10/secure/lib/libcrypto/man/ERR_load_strings.3 stable/10/secure/lib/libcrypto/man/ERR_print_errors.3 stable/10/secure/lib/libcrypto/man/ERR_put_error.3 stable/10/secure/lib/libcrypto/man/ERR_remove_state.3 stable/10/secure/lib/libcrypto/man/ERR_set_mark.3 stable/10/secure/lib/libcrypto/man/EVP_BytesToKey.3 stable/10/secure/lib/libcrypto/man/EVP_DigestInit.3 stable/10/secure/lib/libcrypto/man/EVP_DigestSignInit.3 stable/10/secure/lib/libcrypto/man/EVP_DigestVerifyInit.3 stable/10/secure/lib/libcrypto/man/EVP_EncryptInit.3 stable/10/secure/lib/libcrypto/man/EVP_OpenInit.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_ctrl.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_CTX_new.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_cmp.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_decrypt.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_derive.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_encrypt.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_get_default_digest.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_keygen.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_new.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_print_private.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_sign.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify.3 stable/10/secure/lib/libcrypto/man/EVP_PKEY_verify_recover.3 stable/10/secure/lib/libcrypto/man/EVP_SealInit.3 stable/10/secure/lib/libcrypto/man/EVP_SignInit.3 stable/10/secure/lib/libcrypto/man/EVP_VerifyInit.3 stable/10/secure/lib/libcrypto/man/OBJ_nid2obj.3 stable/10/secure/lib/libcrypto/man/OPENSSL_Applink.3 stable/10/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 stable/10/secure/lib/libcrypto/man/OPENSSL_config.3 stable/10/secure/lib/libcrypto/man/OPENSSL_ia32cap.3 stable/10/secure/lib/libcrypto/man/OPENSSL_load_builtin_modules.3 stable/10/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 stable/10/secure/lib/libcrypto/man/PEM_write_bio_CMS_stream.3 stable/10/secure/lib/libcrypto/man/PEM_write_bio_PKCS7_stream.3 stable/10/secure/lib/libcrypto/man/PKCS12_create.3 stable/10/secure/lib/libcrypto/man/PKCS12_parse.3 stable/10/secure/lib/libcrypto/man/PKCS7_decrypt.3 stable/10/secure/lib/libcrypto/man/PKCS7_encrypt.3 stable/10/secure/lib/libcrypto/man/PKCS7_sign.3 stable/10/secure/lib/libcrypto/man/PKCS7_sign_add_signer.3 stable/10/secure/lib/libcrypto/man/PKCS7_verify.3 stable/10/secure/lib/libcrypto/man/RAND_add.3 stable/10/secure/lib/libcrypto/man/RAND_bytes.3 stable/10/secure/lib/libcrypto/man/RAND_cleanup.3 stable/10/secure/lib/libcrypto/man/RAND_egd.3 stable/10/secure/lib/libcrypto/man/RAND_load_file.3 stable/10/secure/lib/libcrypto/man/RAND_set_rand_method.3 stable/10/secure/lib/libcrypto/man/RSA_blinding_on.3 stable/10/secure/lib/libcrypto/man/RSA_check_key.3 stable/10/secure/lib/libcrypto/man/RSA_generate_key.3 stable/10/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/RSA_new.3 stable/10/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 stable/10/secure/lib/libcrypto/man/RSA_print.3 stable/10/secure/lib/libcrypto/man/RSA_private_encrypt.3 stable/10/secure/lib/libcrypto/man/RSA_public_encrypt.3 stable/10/secure/lib/libcrypto/man/RSA_set_method.3 stable/10/secure/lib/libcrypto/man/RSA_sign.3 stable/10/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 stable/10/secure/lib/libcrypto/man/RSA_size.3 stable/10/secure/lib/libcrypto/man/SMIME_read_CMS.3 stable/10/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 stable/10/secure/lib/libcrypto/man/SMIME_write_CMS.3 stable/10/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 stable/10/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 stable/10/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 stable/10/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 stable/10/secure/lib/libcrypto/man/X509_NAME_print_ex.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_error.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_get_ex_new_index.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_new.3 stable/10/secure/lib/libcrypto/man/X509_STORE_CTX_set_verify_cb.3 stable/10/secure/lib/libcrypto/man/X509_STORE_set_verify_cb_func.3 stable/10/secure/lib/libcrypto/man/X509_VERIFY_PARAM_set_flags.3 stable/10/secure/lib/libcrypto/man/X509_new.3 stable/10/secure/lib/libcrypto/man/X509_verify_cert.3 stable/10/secure/lib/libcrypto/man/bio.3 stable/10/secure/lib/libcrypto/man/blowfish.3 stable/10/secure/lib/libcrypto/man/bn.3 stable/10/secure/lib/libcrypto/man/bn_internal.3 stable/10/secure/lib/libcrypto/man/buffer.3 stable/10/secure/lib/libcrypto/man/crypto.3 stable/10/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 stable/10/secure/lib/libcrypto/man/d2i_CMS_ContentInfo.3 stable/10/secure/lib/libcrypto/man/d2i_DHparams.3 stable/10/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 stable/10/secure/lib/libcrypto/man/d2i_ECPrivateKey.3 stable/10/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 stable/10/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 stable/10/secure/lib/libcrypto/man/d2i_X509.3 stable/10/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 stable/10/secure/lib/libcrypto/man/d2i_X509_CRL.3 stable/10/secure/lib/libcrypto/man/d2i_X509_NAME.3 stable/10/secure/lib/libcrypto/man/d2i_X509_REQ.3 stable/10/secure/lib/libcrypto/man/d2i_X509_SIG.3 stable/10/secure/lib/libcrypto/man/des.3 stable/10/secure/lib/libcrypto/man/dh.3 stable/10/secure/lib/libcrypto/man/dsa.3 stable/10/secure/lib/libcrypto/man/ecdsa.3 stable/10/secure/lib/libcrypto/man/engine.3 stable/10/secure/lib/libcrypto/man/err.3 stable/10/secure/lib/libcrypto/man/evp.3 stable/10/secure/lib/libcrypto/man/hmac.3 stable/10/secure/lib/libcrypto/man/i2d_CMS_bio_stream.3 stable/10/secure/lib/libcrypto/man/i2d_PKCS7_bio_stream.3 stable/10/secure/lib/libcrypto/man/lh_stats.3 stable/10/secure/lib/libcrypto/man/lhash.3 stable/10/secure/lib/libcrypto/man/md5.3 stable/10/secure/lib/libcrypto/man/mdc2.3 stable/10/secure/lib/libcrypto/man/pem.3 stable/10/secure/lib/libcrypto/man/rand.3 stable/10/secure/lib/libcrypto/man/rc4.3 stable/10/secure/lib/libcrypto/man/ripemd.3 stable/10/secure/lib/libcrypto/man/rsa.3 stable/10/secure/lib/libcrypto/man/sha.3 stable/10/secure/lib/libcrypto/man/threads.3 stable/10/secure/lib/libcrypto/man/ui.3 stable/10/secure/lib/libcrypto/man/ui_compat.3 stable/10/secure/lib/libcrypto/man/x509.3 stable/10/secure/lib/libcrypto/opensslconf-arm.h stable/10/secure/lib/libcrypto/opensslconf-ia64.h stable/10/secure/lib/libcrypto/opensslconf-mips.h stable/10/secure/lib/libcrypto/opensslconf-powerpc.h stable/10/secure/lib/libcrypto/opensslconf-sparc64.h stable/10/secure/lib/libcrypto/opensslconf-x86.h stable/10/secure/lib/libssl/Makefile.man stable/10/secure/lib/libssl/man/SSL_CIPHER_get_name.3 stable/10/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 stable/10/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 stable/10/secure/lib/libssl/man/SSL_CTX_add_session.3 stable/10/secure/lib/libssl/man/SSL_CTX_ctrl.3 stable/10/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 stable/10/secure/lib/libssl/man/SSL_CTX_free.3 stable/10/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 stable/10/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 stable/10/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 stable/10/secure/lib/libssl/man/SSL_CTX_new.3 stable/10/secure/lib/libssl/man/SSL_CTX_sess_number.3 stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 stable/10/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_sessions.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_mode.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_options.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_psk_client_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_read_ahead.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_timeout.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 stable/10/secure/lib/libssl/man/SSL_CTX_set_verify.3 stable/10/secure/lib/libssl/man/SSL_CTX_use_certificate.3 stable/10/secure/lib/libssl/man/SSL_CTX_use_psk_identity_hint.3 stable/10/secure/lib/libssl/man/SSL_SESSION_free.3 stable/10/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 stable/10/secure/lib/libssl/man/SSL_SESSION_get_time.3 stable/10/secure/lib/libssl/man/SSL_accept.3 stable/10/secure/lib/libssl/man/SSL_alert_type_string.3 stable/10/secure/lib/libssl/man/SSL_clear.3 stable/10/secure/lib/libssl/man/SSL_connect.3 stable/10/secure/lib/libssl/man/SSL_do_handshake.3 stable/10/secure/lib/libssl/man/SSL_free.3 stable/10/secure/lib/libssl/man/SSL_get_SSL_CTX.3 stable/10/secure/lib/libssl/man/SSL_get_ciphers.3 stable/10/secure/lib/libssl/man/SSL_get_client_CA_list.3 stable/10/secure/lib/libssl/man/SSL_get_current_cipher.3 stable/10/secure/lib/libssl/man/SSL_get_default_timeout.3 stable/10/secure/lib/libssl/man/SSL_get_error.3 stable/10/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 stable/10/secure/lib/libssl/man/SSL_get_ex_new_index.3 stable/10/secure/lib/libssl/man/SSL_get_fd.3 stable/10/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 stable/10/secure/lib/libssl/man/SSL_get_peer_certificate.3 stable/10/secure/lib/libssl/man/SSL_get_psk_identity.3 stable/10/secure/lib/libssl/man/SSL_get_rbio.3 stable/10/secure/lib/libssl/man/SSL_get_session.3 stable/10/secure/lib/libssl/man/SSL_get_verify_result.3 stable/10/secure/lib/libssl/man/SSL_get_version.3 stable/10/secure/lib/libssl/man/SSL_library_init.3 stable/10/secure/lib/libssl/man/SSL_load_client_CA_file.3 stable/10/secure/lib/libssl/man/SSL_new.3 stable/10/secure/lib/libssl/man/SSL_pending.3 stable/10/secure/lib/libssl/man/SSL_read.3 stable/10/secure/lib/libssl/man/SSL_rstate_string.3 stable/10/secure/lib/libssl/man/SSL_session_reused.3 stable/10/secure/lib/libssl/man/SSL_set_bio.3 stable/10/secure/lib/libssl/man/SSL_set_connect_state.3 stable/10/secure/lib/libssl/man/SSL_set_fd.3 stable/10/secure/lib/libssl/man/SSL_set_session.3 stable/10/secure/lib/libssl/man/SSL_set_shutdown.3 stable/10/secure/lib/libssl/man/SSL_set_verify_result.3 stable/10/secure/lib/libssl/man/SSL_shutdown.3 stable/10/secure/lib/libssl/man/SSL_state_string.3 stable/10/secure/lib/libssl/man/SSL_want.3 stable/10/secure/lib/libssl/man/SSL_write.3 stable/10/secure/lib/libssl/man/d2i_SSL_SESSION.3 stable/10/secure/lib/libssl/man/ssl.3 stable/10/secure/usr.bin/openssl/man/CA.pl.1 stable/10/secure/usr.bin/openssl/man/asn1parse.1 stable/10/secure/usr.bin/openssl/man/c_rehash.1 stable/10/secure/usr.bin/openssl/man/ca.1 stable/10/secure/usr.bin/openssl/man/ciphers.1 stable/10/secure/usr.bin/openssl/man/cms.1 stable/10/secure/usr.bin/openssl/man/crl.1 stable/10/secure/usr.bin/openssl/man/crl2pkcs7.1 stable/10/secure/usr.bin/openssl/man/dgst.1 stable/10/secure/usr.bin/openssl/man/dhparam.1 stable/10/secure/usr.bin/openssl/man/dsa.1 stable/10/secure/usr.bin/openssl/man/dsaparam.1 stable/10/secure/usr.bin/openssl/man/ec.1 stable/10/secure/usr.bin/openssl/man/ecparam.1 stable/10/secure/usr.bin/openssl/man/enc.1 stable/10/secure/usr.bin/openssl/man/errstr.1 stable/10/secure/usr.bin/openssl/man/gendsa.1 stable/10/secure/usr.bin/openssl/man/genpkey.1 stable/10/secure/usr.bin/openssl/man/genrsa.1 stable/10/secure/usr.bin/openssl/man/nseq.1 stable/10/secure/usr.bin/openssl/man/ocsp.1 stable/10/secure/usr.bin/openssl/man/openssl.1 stable/10/secure/usr.bin/openssl/man/passwd.1 stable/10/secure/usr.bin/openssl/man/pkcs12.1 stable/10/secure/usr.bin/openssl/man/pkcs7.1 stable/10/secure/usr.bin/openssl/man/pkcs8.1 stable/10/secure/usr.bin/openssl/man/pkey.1 stable/10/secure/usr.bin/openssl/man/pkeyparam.1 stable/10/secure/usr.bin/openssl/man/pkeyutl.1 stable/10/secure/usr.bin/openssl/man/rand.1 stable/10/secure/usr.bin/openssl/man/req.1 stable/10/secure/usr.bin/openssl/man/rsa.1 stable/10/secure/usr.bin/openssl/man/rsautl.1 stable/10/secure/usr.bin/openssl/man/s_client.1 stable/10/secure/usr.bin/openssl/man/s_server.1 stable/10/secure/usr.bin/openssl/man/s_time.1 stable/10/secure/usr.bin/openssl/man/sess_id.1 stable/10/secure/usr.bin/openssl/man/smime.1 stable/10/secure/usr.bin/openssl/man/speed.1 stable/10/secure/usr.bin/openssl/man/spkac.1 stable/10/secure/usr.bin/openssl/man/ts.1 stable/10/secure/usr.bin/openssl/man/tsget.1 stable/10/secure/usr.bin/openssl/man/verify.1 stable/10/secure/usr.bin/openssl/man/version.1 stable/10/secure/usr.bin/openssl/man/x509.1 stable/10/secure/usr.bin/openssl/man/x509v3_config.1 Modified: stable/10/crypto/openssl/CHANGES ============================================================================== --- stable/10/crypto/openssl/CHANGES Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/CHANGES Wed Mar 2 15:43:01 2016 (r296317) @@ -2,6 +2,138 @@ OpenSSL CHANGES _______________ + Changes between 1.0.1r and 1.0.1s [1 Mar 2016] + + * Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + Builds that are not configured with "enable-weak-ssl-ciphers" will not + provide any "EXPORT" or "LOW" strength ciphers. + [Viktor Dukhovni] + + * Disable SSLv2 default build, default negotiation and weak ciphers. SSLv2 + is by default disabled at build-time. Builds that are not configured with + "enable-ssl2" will not support SSLv2. Even if "enable-ssl2" is used, + users who want to negotiate SSLv2 via the version-flexible SSLv23_method() + will need to explicitly call either of: + + SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); + or + SSL_clear_options(ssl, SSL_OP_NO_SSLv2); + + as appropriate. Even if either of those is used, or the application + explicitly uses the version-specific SSLv2_method() or its client and + server variants, SSLv2 ciphers vulnerable to exhaustive search key + recovery have been removed. Specifically, the SSLv2 40-bit EXPORT + ciphers, and SSLv2 56-bit DES are no longer available. + (CVE-2016-0800) + [Viktor Dukhovni] + + *) Fix a double-free in DSA code + + A double free bug was discovered when OpenSSL parses malformed DSA private + keys and could lead to a DoS attack or memory corruption for applications + that receive DSA private keys from untrusted sources. This scenario is + considered rare. + + This issue was reported to OpenSSL by Adam Langley(Google/BoringSSL) using + libFuzzer. + (CVE-2016-0705) + [Stephen Henson] + + *) Disable SRP fake user seed to address a server memory leak. + + Add a new method SRP_VBASE_get1_by_user that handles the seed properly. + + SRP_VBASE_get_by_user had inconsistent memory management behaviour. + In order to fix an unavoidable memory leak, SRP_VBASE_get_by_user + was changed to ignore the "fake user" SRP seed, even if the seed + is configured. + + Users should use SRP_VBASE_get1_by_user instead. Note that in + SRP_VBASE_get1_by_user, caller must free the returned value. Note + also that even though configuring the SRP seed attempts to hide + invalid usernames by continuing the handshake with fake + credentials, this behaviour is not constant time and no strong + guarantees are made that the handshake is indistinguishable from + that of a valid user. + (CVE-2016-0798) + [Emilia Käsper] + + *) Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + + In the BN_hex2bn function the number of hex digits is calculated using an + int value |i|. Later |bn_expand| is called with a value of |i * 4|. For + large values of |i| this can result in |bn_expand| not allocating any + memory because |i * 4| is negative. This can leave the internal BIGNUM data + field as NULL leading to a subsequent NULL ptr deref. For very large values + of |i|, the calculation |i * 4| could be a positive value smaller than |i|. + In this case memory is allocated to the internal BIGNUM data field, but it + is insufficiently sized leading to heap corruption. A similar issue exists + in BN_dec2bn. This could have security consequences if BN_hex2bn/BN_dec2bn + is ever called by user applications with very large untrusted hex/dec data. + This is anticipated to be a rare occurrence. + + All OpenSSL internal usage of these functions use data that is not expected + to be untrusted, e.g. config file data or application command line + arguments. If user developed applications generate config file data based + on untrusted data then it is possible that this could also lead to security + consequences. This is also anticipated to be rare. + + This issue was reported to OpenSSL by Guido Vranken. + (CVE-2016-0797) + [Matt Caswell] + + *) Fix memory issues in BIO_*printf functions + + The internal |fmtstr| function used in processing a "%s" format string in + the BIO_*printf functions could overflow while calculating the length of a + string and cause an OOB read when printing very long strings. + + Additionally the internal |doapr_outch| function can attempt to write to an + OOB memory location (at an offset from the NULL pointer) in the event of a + memory allocation failure. In 1.0.2 and below this could be caused where + the size of a buffer to be allocated is greater than INT_MAX. E.g. this + could be in processing a very long "%s" format string. Memory leaks can + also occur. + + The first issue may mask the second issue dependent on compiler behaviour. + These problems could enable attacks where large amounts of untrusted data + is passed to the BIO_*printf functions. If applications use these functions + in this way then they could be vulnerable. OpenSSL itself uses these + functions when printing out human-readable dumps of ASN.1 data. Therefore + applications that print this data could be vulnerable if the data is from + untrusted sources. OpenSSL command line applications could also be + vulnerable where they print out ASN.1 data, or if untrusted data is passed + as command line arguments. + + Libssl is not considered directly vulnerable. Additionally certificates etc + received via remote connections via libssl are also unlikely to be able to + trigger these issues because of message size limits enforced within libssl. + + This issue was reported to OpenSSL Guido Vranken. + (CVE-2016-0799) + [Matt Caswell] + + *) Side channel attack on modular exponentiation + + A side-channel attack was found which makes use of cache-bank conflicts on + the Intel Sandy-Bridge microarchitecture which could lead to the recovery + of RSA keys. The ability to exploit this issue is limited as it relies on + an attacker who has control of code in a thread running on the same + hyper-threaded core as the victim thread which is performing decryptions. + + This issue was reported to OpenSSL by Yuval Yarom, The University of + Adelaide and NICTA, Daniel Genkin, Technion and Tel Aviv University, and + Nadia Heninger, University of Pennsylvania with more information at + http://cachebleed.info. + (CVE-2016-0702) + [Andy Polyakov] + + *) Change the req app to generate a 2048-bit RSA/DSA key by default, + if no keysize is specified with default_bits. This fixes an + omission in an earlier change that changed all RSA/DSA key generation + apps to use 2048 bits by default. + [Emilia Käsper] + Changes between 1.0.1q and 1.0.1r [28 Jan 2016] *) Protection for DH small subgroup attacks @@ -62,7 +194,7 @@ [Emilia Käsper] *) In DSA_generate_parameters_ex, if the provided seed is too short, - return an error + use a random seed, as already documented. [Rich Salz and Ismo Puustinen ] Changes between 1.0.1o and 1.0.1p [9 Jul 2015] Modified: stable/10/crypto/openssl/Configure ============================================================================== --- stable/10/crypto/openssl/Configure Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/Configure Wed Mar 2 15:43:01 2016 (r296317) @@ -58,6 +58,10 @@ my $usage="Usage: Configure [no- # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support # 386 generate 80386 code +# enable-weak-ssl-ciphers +# Enable EXPORT and LOW SSLv3 ciphers that are disabled by +# default. Note, weak SSLv2 ciphers are unconditionally +# disabled. # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through @@ -724,10 +728,12 @@ my %disabled = ( # "what" => "co "md2" => "default", "rc5" => "default", "rfc3779" => "default", - "sctp" => "default", + "sctp" => "default", "shared" => "default", + "ssl2" => "default", "store" => "experimental", "unit-test" => "default", + "weak-ssl-ciphers" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); Modified: stable/10/crypto/openssl/Makefile ============================================================================== --- stable/10/crypto/openssl/Makefile Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/Makefile Wed Mar 2 15:43:01 2016 (r296317) @@ -4,7 +4,7 @@ ## Makefile for OpenSSL ## -VERSION=1.0.1r +VERSION=1.0.1s MAJOR=1 MINOR=0.1 SHLIB_VERSION_NUMBER=1.0.0 @@ -13,7 +13,7 @@ SHLIB_MAJOR=1 SHLIB_MINOR=0.0 SHLIB_EXT= PLATFORM=dist -OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-store no-unit-test no-zlib no-zlib-dynamic static-engine +OPTIONS= no-ec_nistp_64_gcc_128 no-gmp no-jpake no-krb5 no-md2 no-rc5 no-rfc3779 no-sctp no-shared no-ssl2 no-store no-unit-test no-weak-ssl-ciphers no-zlib no-zlib-dynamic static-engine CONFIGURE_ARGS=dist SHLIB_TARGET= @@ -61,7 +61,7 @@ OPENSSLDIR=/usr/local/ssl CC= cc CFLAG= -O -DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST +DEPFLAG= -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL2 -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST -DOPENSSL_NO_WEAK_SSL_CIPHERS PEX_LIBS= EX_LIBS= EXE_EXT= Modified: stable/10/crypto/openssl/NEWS ============================================================================== --- stable/10/crypto/openssl/NEWS Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/NEWS Wed Mar 2 15:43:01 2016 (r296317) @@ -5,6 +5,19 @@ This file gives a brief overview of the major changes between each OpenSSL release. For more details please read the CHANGES file. + Major changes between OpenSSL 1.0.1r and OpenSSL 1.0.1s [1 Mar 2016] + + o Disable weak ciphers in SSLv3 and up in default builds of OpenSSL. + o Disable SSLv2 default build, default negotiation and weak ciphers + (CVE-2016-0800) + o Fix a double-free in DSA code (CVE-2016-0705) + o Disable SRP fake user seed to address a server memory leak + (CVE-2016-0798) + o Fix BN_hex2bn/BN_dec2bn NULL pointer deref/heap corruption + (CVE-2016-0797) + o Fix memory issues in BIO_*printf functions (CVE-2016-0799) + o Fix side channel attack on modular exponentiation (CVE-2016-0702) + Major changes between OpenSSL 1.0.1q and OpenSSL 1.0.1r [28 Jan 2016] o Protection for DH small subgroup attacks Modified: stable/10/crypto/openssl/README ============================================================================== --- stable/10/crypto/openssl/README Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/README Wed Mar 2 15:43:01 2016 (r296317) @@ -1,5 +1,5 @@ - OpenSSL 1.0.1r 28 Jan 2016 + OpenSSL 1.0.1s 1 Mar 2016 Copyright (c) 1998-2015 The OpenSSL Project Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson Modified: stable/10/crypto/openssl/apps/s_server.c ============================================================================== --- stable/10/crypto/openssl/apps/s_server.c Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/apps/s_server.c Wed Mar 2 15:43:01 2016 (r296317) @@ -416,6 +416,8 @@ typedef struct srpsrvparm_st { static int MS_CALLBACK ssl_srp_server_param_cb(SSL *s, int *ad, void *arg) { srpsrvparm *p = (srpsrvparm *) arg; + int ret = SSL3_AL_FATAL; + if (p->login == NULL && p->user == NULL) { p->login = SSL_get_srp_username(s); BIO_printf(bio_err, "SRP username = \"%s\"\n", p->login); @@ -424,21 +426,25 @@ static int MS_CALLBACK ssl_srp_server_pa if (p->user == NULL) { BIO_printf(bio_err, "User %s doesn't exist\n", p->login); - return SSL3_AL_FATAL; + goto err; } + if (SSL_set_srp_server_param (s, p->user->N, p->user->g, p->user->s, p->user->v, p->user->info) < 0) { *ad = SSL_AD_INTERNAL_ERROR; - return SSL3_AL_FATAL; + goto err; } BIO_printf(bio_err, "SRP parameters set: username = \"%s\" info=\"%s\" \n", p->login, p->user->info); - /* need to check whether there are memory leaks */ + ret = SSL_ERROR_NONE; + +err: + SRP_user_pwd_free(p->user); p->user = NULL; p->login = NULL; - return SSL_ERROR_NONE; + return ret; } #endif @@ -2244,9 +2250,10 @@ static int sv_body(char *hostname, int s #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, k) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during write\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2300,9 +2307,10 @@ static int sv_body(char *hostname, int s #ifndef OPENSSL_NO_SRP while (SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2387,9 +2395,10 @@ static int init_ssl_connection(SSL *con) while (i <= 0 && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2616,9 +2625,10 @@ static int www_body(char *hostname, int && SSL_get_error(con, i) == SSL_ERROR_WANT_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP during accept %s\n", srp_callback_parm.login); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); @@ -2658,9 +2668,10 @@ static int www_body(char *hostname, int if (BIO_should_io_special(io) && BIO_get_retry_reason(io) == BIO_RR_SSL_X509_LOOKUP) { BIO_printf(bio_s_out, "LOOKUP renego during read\n"); + SRP_user_pwd_free(srp_callback_parm.user); srp_callback_parm.user = - SRP_VBASE_get_by_user(srp_callback_parm.vb, - srp_callback_parm.login); + SRP_VBASE_get1_by_user(srp_callback_parm.vb, + srp_callback_parm.login); if (srp_callback_parm.user) BIO_printf(bio_s_out, "LOOKUP done %s\n", srp_callback_parm.user->info); Modified: stable/10/crypto/openssl/crypto/bio/b_print.c ============================================================================== --- stable/10/crypto/openssl/crypto/bio/b_print.c Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bio/b_print.c Wed Mar 2 15:43:01 2016 (r296317) @@ -125,16 +125,16 @@ # define LLONG long #endif -static void fmtstr(char **, char **, size_t *, size_t *, - const char *, int, int, int); -static void fmtint(char **, char **, size_t *, size_t *, - LLONG, int, int, int, int); -static void fmtfp(char **, char **, size_t *, size_t *, - LDOUBLE, int, int, int); -static void doapr_outch(char **, char **, size_t *, size_t *, int); -static void _dopr(char **sbuffer, char **buffer, - size_t *maxlen, size_t *retlen, int *truncated, - const char *format, va_list args); +static int fmtstr(char **, char **, size_t *, size_t *, + const char *, int, int, int); +static int fmtint(char **, char **, size_t *, size_t *, + LLONG, int, int, int, int); +static int fmtfp(char **, char **, size_t *, size_t *, + LDOUBLE, int, int, int); +static int doapr_outch(char **, char **, size_t *, size_t *, int); +static int _dopr(char **sbuffer, char **buffer, + size_t *maxlen, size_t *retlen, int *truncated, + const char *format, va_list args); /* format read states */ #define DP_S_DEFAULT 0 @@ -165,7 +165,7 @@ static void _dopr(char **sbuffer, char * #define char_to_int(p) (p - '0') #define OSSL_MAX(p,q) ((p >= q) ? p : q) -static void +static int _dopr(char **sbuffer, char **buffer, size_t *maxlen, @@ -196,7 +196,8 @@ _dopr(char **sbuffer, if (ch == '%') state = DP_S_FLAGS; else - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; ch = *format++; break; case DP_S_FLAGS: @@ -302,8 +303,9 @@ _dopr(char **sbuffer, value = va_arg(args, int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 10, min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, 10, min, + max, flags)) + return 0; break; case 'X': flags |= DP_F_UP; @@ -326,17 +328,19 @@ _dopr(char **sbuffer, value = (LLONG) va_arg(args, unsigned int); break; } - fmtint(sbuffer, buffer, &currlen, maxlen, value, - ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), - min, max, flags); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, value, + ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), + min, max, flags)) + return 0; break; case 'f': if (cflags == DP_C_LDOUBLE) fvalue = va_arg(args, LDOUBLE); else fvalue = va_arg(args, double); - fmtfp(sbuffer, buffer, &currlen, maxlen, - fvalue, min, max, flags); + if (!fmtfp(sbuffer, buffer, &currlen, maxlen, fvalue, min, max, + flags)) + return 0; break; case 'E': flags |= DP_F_UP; @@ -355,8 +359,9 @@ _dopr(char **sbuffer, fvalue = va_arg(args, double); break; case 'c': - doapr_outch(sbuffer, buffer, &currlen, maxlen, - va_arg(args, int)); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, + va_arg(args, int))) + return 0; break; case 's': strvalue = va_arg(args, char *); @@ -366,13 +371,15 @@ _dopr(char **sbuffer, else max = *maxlen; } - fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, - flags, min, max); + if (!fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, + flags, min, max)) + return 0; break; case 'p': value = (long)va_arg(args, void *); - fmtint(sbuffer, buffer, &currlen, maxlen, - value, 16, min, max, flags | DP_F_NUM); + if (!fmtint(sbuffer, buffer, &currlen, maxlen, + value, 16, min, max, flags | DP_F_NUM)) + return 0; break; case 'n': /* XXX */ if (cflags == DP_C_SHORT) { @@ -394,7 +401,8 @@ _dopr(char **sbuffer, } break; case '%': - doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, ch)) + return 0; break; case 'w': /* not supported yet, treat as next char */ @@ -418,46 +426,56 @@ _dopr(char **sbuffer, *truncated = (currlen > *maxlen - 1); if (*truncated) currlen = *maxlen - 1; - doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); + if(!doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0')) + return 0; *retlen = currlen - 1; - return; + return 1; } -static void +static int fmtstr(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, const char *value, int flags, int min, int max) { - int padlen, strln; + int padlen; + size_t strln; int cnt = 0; if (value == 0) value = ""; - for (strln = 0; value[strln]; ++strln) ; + + strln = strlen(value); + if (strln > INT_MAX) + strln = INT_MAX; + padlen = min - strln; - if (padlen < 0) + if (min < 0 || padlen < 0) padlen = 0; if (flags & DP_F_MINUS) padlen = -padlen; while ((padlen > 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; ++cnt; } while (*value && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *value++)) + return 0; ++cnt; } while ((padlen < 0) && (cnt < max)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; ++cnt; } + return 1; } -static void +static int fmtint(char **sbuffer, char **buffer, size_t *currlen, @@ -517,37 +535,44 @@ fmtint(char **sbuffer, /* spaces */ while (spadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --spadlen; } /* sign */ if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; /* prefix */ while (*prefix) { - doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, *prefix)) + return 0; prefix++; } /* zeros */ if (zpadlen > 0) { while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } } /* digits */ - while (place > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); + while (place > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place])) + return 0; + } /* left justified spaces */ while (spadlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++spadlen; } - return; + return 1; } static LDOUBLE abs_val(LDOUBLE value) @@ -578,7 +603,7 @@ static long roundv(LDOUBLE value) return intpart; } -static void +static int fmtfp(char **sbuffer, char **buffer, size_t *currlen, @@ -657,47 +682,61 @@ fmtfp(char **sbuffer, if ((flags & DP_F_ZERO) && (padlen > 0)) { if (signvalue) { - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; --padlen; signvalue = 0; } while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --padlen; } } while (padlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; --padlen; } - if (signvalue) - doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); + if (signvalue && !doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue)) + return 0; - while (iplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); + while (iplace > 0) { + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace])) + return 0; + } /* * Decimal point. This should probably use locale to find the correct * char to print out. */ if (max > 0 || (flags & DP_F_NUM)) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '.')) + return 0; - while (fplace > 0) - doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); + while (fplace > 0) { + if(!doapr_outch(sbuffer, buffer, currlen, maxlen, + fconvert[--fplace])) + return 0; + } } while (zpadlen > 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, '0')) + return 0; --zpadlen; } while (padlen < 0) { - doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); + if (!doapr_outch(sbuffer, buffer, currlen, maxlen, ' ')) + return 0; ++padlen; } + return 1; } -static void +#define BUFFER_INC 1024 + +static int doapr_outch(char **sbuffer, char **buffer, size_t *currlen, size_t *maxlen, int c) { @@ -708,24 +747,25 @@ doapr_outch(char **sbuffer, assert(*currlen <= *maxlen); if (buffer && *currlen == *maxlen) { - *maxlen += 1024; + if (*maxlen > INT_MAX - BUFFER_INC) + return 0; + + *maxlen += BUFFER_INC; if (*buffer == NULL) { *buffer = OPENSSL_malloc(*maxlen); - if (!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } + if (*buffer == NULL) + return 0; if (*currlen > 0) { assert(*sbuffer != NULL); memcpy(*buffer, *sbuffer, *currlen); } *sbuffer = NULL; } else { - *buffer = OPENSSL_realloc(*buffer, *maxlen); - if (!*buffer) { - /* Panic! Can't really do anything sensible. Just return */ - return; - } + char *tmpbuf; + tmpbuf = OPENSSL_realloc(*buffer, *maxlen); + if (tmpbuf == NULL) + return 0; + *buffer = tmpbuf; } } @@ -736,7 +776,7 @@ doapr_outch(char **sbuffer, (*buffer)[(*currlen)++] = (char)c; } - return; + return 1; } /***************************************************************************/ @@ -768,7 +808,11 @@ int BIO_vprintf(BIO *bio, const char *fo dynbuf = NULL; CRYPTO_push_info("doapr()"); - _dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, args); + if (!_dopr(&hugebufp, &dynbuf, &hugebufsize, &retlen, &ignored, format, + args)) { + OPENSSL_free(dynbuf); + return -1; + } if (dynbuf) { ret = BIO_write(bio, dynbuf, (int)retlen); OPENSSL_free(dynbuf); @@ -803,7 +847,8 @@ int BIO_vsnprintf(char *buf, size_t n, c size_t retlen; int truncated; - _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); + if(!_dopr(&buf, NULL, &n, &retlen, &truncated, format, args)) + return -1; if (truncated) /* Modified: stable/10/crypto/openssl/crypto/bio/bio.h ============================================================================== --- stable/10/crypto/openssl/crypto/bio/bio.h Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bio/bio.h Wed Mar 2 15:43:01 2016 (r296317) @@ -478,7 +478,7 @@ struct bio_dgram_sctp_prinfo { # define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) # define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) # define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) -# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,0,NULL) +# define BIO_get_conn_int_port(b) BIO_ctrl(b,BIO_C_GET_CONNECT,3,NULL) # define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) Modified: stable/10/crypto/openssl/crypto/bn/Makefile ============================================================================== --- stable/10/crypto/openssl/crypto/bn/Makefile Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bn/Makefile Wed Mar 2 15:43:01 2016 (r296317) @@ -243,7 +243,8 @@ bn_exp.o: ../../include/openssl/e_os2.h bn_exp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h bn_exp.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h -bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_exp.c bn_lcl.h +bn_exp.o: ../../include/openssl/symhacks.h ../constant_time_locl.h +bn_exp.o: ../cryptlib.h bn_exp.c bn_lcl.h bn_exp2.o: ../../e_os.h ../../include/openssl/bio.h ../../include/openssl/bn.h bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h bn_exp2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h Modified: stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl ============================================================================== --- stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Wed Mar 2 15:26:55 2016 (r296316) +++ stable/10/crypto/openssl/crypto/bn/asm/x86_64-mont5.pl Wed Mar 2 15:43:01 2016 (r296317) @@ -66,60 +66,113 @@ bn_mul_mont_gather5: .align 16 .Lmul_enter: mov ${num}d,${num}d - mov `($win64?56:8)`(%rsp),%r10d # load 7th argument + movd `($win64?56:8)`(%rsp),%xmm5 # load 7th argument + lea .Linc(%rip),%r10 push %rbx push %rbp push %r12 push %r13 push %r14 push %r15 -___ -$code.=<<___ if ($win64); - lea -0x28(%rsp),%rsp - movaps %xmm6,(%rsp) - movaps %xmm7,0x10(%rsp) + .Lmul_alloca: -___ -$code.=<<___; mov %rsp,%rax lea 2($num),%r11 neg %r11 - lea (%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)) + lea -264(%rsp,%r11,8),%rsp # tp=alloca(8*(num+2)+256+8) and \$-1024,%rsp # minimize TLB usage mov %rax,8(%rsp,$num,8) # tp[num+1]=%rsp .Lmul_body: - mov $bp,%r12 # reassign $bp + lea 128($bp),%r12 # reassign $bp (+size optimization) ___ $bp="%r12"; $STRIDE=2**5*8; # 5 is "window size" $N=$STRIDE/4; # should match cache line size $code.=<<___; - mov %r10,%r11 - shr \$`log($N/8)/log(2)`,%r10 - and \$`$N/8-1`,%r11 - not %r10 - lea .Lmagic_masks(%rip),%rax - and \$`2**5/($N/8)-1`,%r10 # 5 is "window size" - lea 96($bp,%r11,8),$bp # pointer within 1st cache line - movq 0(%rax,%r10,8),%xmm4 # set of masks denoting which - movq 8(%rax,%r10,8),%xmm5 # cache line contains element - movq 16(%rax,%r10,8),%xmm6 # denoted by 7th argument - movq 24(%rax,%r10,8),%xmm7 - - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 + movdqa 0(%r10),%xmm0 # 00000001000000010000000000000000 + movdqa 16(%r10),%xmm1 # 00000002000000020000000200000002 + lea 24-112(%rsp,$num,8),%r10# place the mask after tp[num+3] (+ICache optimization) + and \$-16,%r10 + + pshufd \$0,%xmm5,%xmm5 # broadcast index + movdqa %xmm1,%xmm4 + movdqa %xmm1,%xmm2 +___ +######################################################################## +# calculate mask by comparing 0..31 to index and save result to stack +# +$code.=<<___; + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 # compare to 1,0 + .byte 0x67 + movdqa %xmm4,%xmm3 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 # compare to 3,2 + movdqa %xmm0,`16*($k+0)+112`(%r10) + movdqa %xmm4,%xmm0 + + paddd %xmm2,%xmm3 + pcmpeqd %xmm5,%xmm2 # compare to 5,4 + movdqa %xmm1,`16*($k+1)+112`(%r10) + movdqa %xmm4,%xmm1 + + paddd %xmm3,%xmm0 + pcmpeqd %xmm5,%xmm3 # compare to 7,6 + movdqa %xmm2,`16*($k+2)+112`(%r10) + movdqa %xmm4,%xmm2 + + paddd %xmm0,%xmm1 + pcmpeqd %xmm5,%xmm0 + movdqa %xmm3,`16*($k+3)+112`(%r10) + movdqa %xmm4,%xmm3 +___ +} +$code.=<<___; # last iteration can be optimized + paddd %xmm1,%xmm2 + pcmpeqd %xmm5,%xmm1 + movdqa %xmm0,`16*($k+0)+112`(%r10) + + paddd %xmm2,%xmm3 + .byte 0x67 + pcmpeqd %xmm5,%xmm2 + movdqa %xmm1,`16*($k+1)+112`(%r10) + + pcmpeqd %xmm5,%xmm3 + movdqa %xmm2,`16*($k+2)+112`(%r10) + pand `16*($k+0)-128`($bp),%xmm0 # while it's still in register + + pand `16*($k+1)-128`($bp),%xmm1 + pand `16*($k+2)-128`($bp),%xmm2 + movdqa %xmm3,`16*($k+3)+112`(%r10) + pand `16*($k+3)-128`($bp),%xmm3 por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +for($k=0;$k<$STRIDE/16-4;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm4 + movdqa `16*($k+1)-128`($bp),%xmm5 + movdqa `16*($k+2)-128`($bp),%xmm2 + pand `16*($k+0)+112`(%r10),%xmm4 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+1)+112`(%r10),%xmm5 + por %xmm4,%xmm0 + pand `16*($k+2)+112`(%r10),%xmm2 + por %xmm5,%xmm1 + pand `16*($k+3)+112`(%r10),%xmm3 + por %xmm2,%xmm0 + por %xmm3,%xmm1 +___ +} +$code.=<<___; + por %xmm1,%xmm0 + pshufd \$0x4e,%xmm0,%xmm1 + por %xmm1,%xmm0 lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - movq %xmm0,$m0 # m0=bp[0] mov ($n0),$n0 # pull n0[0] value @@ -128,29 +181,14 @@ $code.=<<___; xor $i,$i # i=0 xor $j,$j # j=0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mov $n0,$m1 mulq $m0 # ap[0]*bp[0] mov %rax,$lo0 mov ($np),%rax - movq `3*$STRIDE/4-96`($bp),%xmm3 - pand %xmm6,%xmm2 - por %xmm1,%xmm0 - pand %xmm7,%xmm3 - imulq $lo0,$m1 # "tp[0]"*n0 mov %rdx,$hi0 - por %xmm2,%xmm0 - lea $STRIDE($bp),$bp - por %xmm3,%xmm0 - mulq $m1 # np[0]*m1 add %rax,$lo0 # discarded mov 8($ap),%rax @@ -183,8 +221,6 @@ $code.=<<___; cmp $num,$j jne .L1st - movq %xmm0,$m0 # bp[1] - add %rax,$hi1 mov ($ap),%rax # ap[0] adc \$0,%rdx @@ -204,33 +240,46 @@ $code.=<<___; jmp .Louter .align 16 .Louter: + lea 24+128(%rsp,$num,8),%rdx # where 256-byte mask is (+size optimization) + and \$-16,%rdx + pxor %xmm4,%xmm4 + pxor %xmm5,%xmm5 +___ +for($k=0;$k<$STRIDE/16;$k+=4) { +$code.=<<___; + movdqa `16*($k+0)-128`($bp),%xmm0 + movdqa `16*($k+1)-128`($bp),%xmm1 + movdqa `16*($k+2)-128`($bp),%xmm2 + movdqa `16*($k+3)-128`($bp),%xmm3 + pand `16*($k+0)-128`(%rdx),%xmm0 + pand `16*($k+1)-128`(%rdx),%xmm1 + por %xmm0,%xmm4 + pand `16*($k+2)-128`(%rdx),%xmm2 + por %xmm1,%xmm5 + pand `16*($k+3)-128`(%rdx),%xmm3 + por %xmm2,%xmm4 + por %xmm3,%xmm5 +___ +} +$code.=<<___; + por %xmm5,%xmm4 + pshufd \$0x4e,%xmm4,%xmm0 + por %xmm4,%xmm0 + lea $STRIDE($bp),$bp + movq %xmm0,$m0 # m0=bp[i] + xor $j,$j # j=0 mov $n0,$m1 mov (%rsp),$lo0 - movq `0*$STRIDE/4-96`($bp),%xmm0 - movq `1*$STRIDE/4-96`($bp),%xmm1 - pand %xmm4,%xmm0 - movq `2*$STRIDE/4-96`($bp),%xmm2 - pand %xmm5,%xmm1 - mulq $m0 # ap[0]*bp[i] add %rax,$lo0 # ap[0]*bp[i]+tp[0] mov ($np),%rax adc \$0,%rdx *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable@freebsd.org Thu Mar 3 07:16:37 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 10F44AC23C9; Thu, 3 Mar 2016 07:16:37 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D65DF10F7; Thu, 3 Mar 2016 07:16:36 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u237GZ9m036846; Thu, 3 Mar 2016 07:16:35 GMT (envelope-from kp@FreeBSD.org) Received: (from kp@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u237GZhj036845; Thu, 3 Mar 2016 07:16:35 GMT (envelope-from kp@FreeBSD.org) Message-Id: <201603030716.u237GZhj036845@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kp set sender to kp@FreeBSD.org using -f From: Kristof Provost Date: Thu, 3 Mar 2016 07:16:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296340 - stable/10/sys/netpfil/pf X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2016 07:16:37 -0000 Author: kp Date: Thu Mar 3 07:16:35 2016 New Revision: 296340 URL: https://svnweb.freebsd.org/changeset/base/296340 Log: MFC: r296025: pf: Fix possible out-of-bounds write In the DIOCRSETADDRS ioctl() handler we allocate a table for struct pfr_addrs, which is processed in pfr_set_addrs(). At the users request we also provide feedback on the deleted addresses, by storing them after the new list ('bcopy(&ad, addr + size + i, sizeof(ad));' in pfr_set_addrs()). This means we write outside the bounds of the buffer we've just allocated. We need to look at pfrio_size2 instead (i.e. the size the user reserved for our feedback). That'd allow a malicious user to specify a smaller pfrio_size2 than pfrio_size though, in which case we'd still read outside of the allocated buffer. Instead we allocate the largest of the two values. Reported By: Paul J Murphy PR: 207463 Approved by: re (marius) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sys/netpfil/pf/pf_ioctl.c ============================================================================== --- stable/10/sys/netpfil/pf/pf_ioctl.c Thu Mar 3 07:07:44 2016 (r296339) +++ stable/10/sys/netpfil/pf/pf_ioctl.c Thu Mar 3 07:16:35 2016 (r296340) @@ -2714,13 +2714,14 @@ DIOCCHANGEADDR_error: case DIOCRSETADDRS: { struct pfioc_table *io = (struct pfioc_table *)addr; struct pfr_addr *pfras; - size_t totlen; + size_t totlen, count; if (io->pfrio_esize != sizeof(struct pfr_addr)) { error = ENODEV; break; } - totlen = io->pfrio_size * sizeof(struct pfr_addr); + count = max(io->pfrio_size, io->pfrio_size2); + totlen = count * sizeof(struct pfr_addr); pfras = malloc(totlen, M_TEMP, M_WAITOK); error = copyin(io->pfrio_buffer, pfras, totlen); if (error) { From owner-svn-src-stable@freebsd.org Fri Mar 4 01:29:11 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 55999A9378D; Fri, 4 Mar 2016 01:29:11 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 25F31ADC; Fri, 4 Mar 2016 01:29:11 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u241TAF7060028; Fri, 4 Mar 2016 01:29:10 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u241TAKU060026; Fri, 4 Mar 2016 01:29:10 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201603040129.u241TAKU060026@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Fri, 4 Mar 2016 01:29:10 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296374 - in stable/10/sys: conf sys X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2016 01:29:11 -0000 Author: marius Date: Fri Mar 4 01:29:09 2016 New Revision: 296374 URL: https://svnweb.freebsd.org/changeset/base/296374 Log: - Reset stable/10 back to -PRERELEASE status now that releng/10.3 has been branched. - Update __FreeBSD_version to reflect the new -STABLE branch. Approved by: re (implicit) Modified: stable/10/sys/conf/newvers.sh stable/10/sys/sys/param.h Modified: stable/10/sys/conf/newvers.sh ============================================================================== --- stable/10/sys/conf/newvers.sh Fri Mar 4 01:27:38 2016 (r296373) +++ stable/10/sys/conf/newvers.sh Fri Mar 4 01:29:09 2016 (r296374) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.3" -BRANCH="BETA3" +BRANCH="PRERELEASE" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: stable/10/sys/sys/param.h ============================================================================== --- stable/10/sys/sys/param.h Fri Mar 4 01:27:38 2016 (r296373) +++ stable/10/sys/sys/param.h Fri Mar 4 01:29:09 2016 (r296374) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 1002509 /* Master, propagated to newvers */ +#define __FreeBSD_version 1003500 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, From owner-svn-src-stable@freebsd.org Thu Mar 3 23:25:32 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8495CA93337; Thu, 3 Mar 2016 23:25:32 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 54ADE9EE; Thu, 3 Mar 2016 23:25:32 +0000 (UTC) (envelope-from gnn@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u23NPVAq023636; Thu, 3 Mar 2016 23:25:31 GMT (envelope-from gnn@FreeBSD.org) Received: (from gnn@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u23NPVRs023635; Thu, 3 Mar 2016 23:25:31 GMT (envelope-from gnn@FreeBSD.org) Message-Id: <201603032325.u23NPVRs023635@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gnn set sender to gnn@FreeBSD.org using -f From: "George V. Neville-Neil" Date: Thu, 3 Mar 2016 23:25:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296370 - stable/10/sbin/pfctl X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2016 23:25:32 -0000 Author: gnn Date: Thu Mar 3 23:25:31 2016 New Revision: 296370 URL: https://svnweb.freebsd.org/changeset/base/296370 Log: MFC 285730 Only report the lack of ALTQ support if pfctl is using verbose (-v) mode. PR: 194935 Submitted by: Jim Thompson Approved by: re (gjb) Modified: stable/10/sbin/pfctl/pfctl.c Directory Properties: stable/10/ (props changed) Modified: stable/10/sbin/pfctl/pfctl.c ============================================================================== --- stable/10/sbin/pfctl/pfctl.c Thu Mar 3 23:15:46 2016 (r296369) +++ stable/10/sbin/pfctl/pfctl.c Thu Mar 3 23:25:31 2016 (r296370) @@ -1930,7 +1930,7 @@ pfctl_test_altqsupport(int dev, int opts if (ioctl(dev, DIOCGETALTQS, &pa)) { if (errno == ENODEV) { - if (!(opts & PF_OPT_QUIET)) + if (opts & PF_OPT_VERBOSE) fprintf(stderr, "No ALTQ support in kernel\n" "ALTQ related functions disabled\n"); return (0); From owner-svn-src-stable@freebsd.org Fri Mar 4 00:40:18 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 048C2A9495E; Fri, 4 Mar 2016 00:40:18 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B552C399; Fri, 4 Mar 2016 00:40:17 +0000 (UTC) (envelope-from jkim@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u240eGUY044596; Fri, 4 Mar 2016 00:40:16 GMT (envelope-from jkim@FreeBSD.org) Received: (from jkim@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u240eGeY044590; Fri, 4 Mar 2016 00:40:16 GMT (envelope-from jkim@FreeBSD.org) Message-Id: <201603040040.u240eGeY044590@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jkim set sender to jkim@FreeBSD.org using -f From: Jung-uk Kim Date: Fri, 4 Mar 2016 00:40:16 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r296371 - stable/10/secure/lib/libcrypto X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2016 00:40:18 -0000 Author: jkim Date: Fri Mar 4 00:40:15 2016 New Revision: 296371 URL: https://svnweb.freebsd.org/changeset/base/296371 Log: Re-enable SSLv2 support to restore ABI. Excerpt from CHANGES: Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via the version-flexible SSLv23_method() will need to explicitly call either of: SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); or SSL_clear_options(ssl, SSL_OP_NO_SSLv2); as appropriate. Even if either of those is used, or the application explicitly uses the version-specific SSLv2_method() or its client and server variants, SSLv2 ciphers vulnerable to exhaustive search key recovery have been removed. Specifically, the SSLv2 40-bit EXPORT ciphers, and SSLv2 56-bit DES are no longer available. Approved by: re (marius, gjb), so (delphij) Modified: stable/10/secure/lib/libcrypto/opensslconf-arm.h stable/10/secure/lib/libcrypto/opensslconf-ia64.h stable/10/secure/lib/libcrypto/opensslconf-mips.h stable/10/secure/lib/libcrypto/opensslconf-powerpc.h stable/10/secure/lib/libcrypto/opensslconf-sparc64.h stable/10/secure/lib/libcrypto/opensslconf-x86.h Modified: stable/10/secure/lib/libcrypto/opensslconf-arm.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-arm.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-arm.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-ia64.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-ia64.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-ia64.h Fri Mar 4 00:40:15 2016 (r296371) @@ -24,9 +24,6 @@ #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -69,9 +66,6 @@ # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-mips.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-mips.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-mips.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-powerpc.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-powerpc.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-powerpc.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-sparc64.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-sparc64.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-sparc64.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -75,9 +72,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif Modified: stable/10/secure/lib/libcrypto/opensslconf-x86.h ============================================================================== --- stable/10/secure/lib/libcrypto/opensslconf-x86.h Thu Mar 3 23:25:31 2016 (r296370) +++ stable/10/secure/lib/libcrypto/opensslconf-x86.h Fri Mar 4 00:40:15 2016 (r296371) @@ -27,9 +27,6 @@ extern "C" { #ifndef OPENSSL_NO_SCTP # define OPENSSL_NO_SCTP #endif -#ifndef OPENSSL_NO_SSL2 -# define OPENSSL_NO_SSL2 -#endif #ifndef OPENSSL_NO_STORE # define OPENSSL_NO_STORE #endif @@ -72,9 +69,6 @@ extern "C" { # if defined(OPENSSL_NO_SCTP) && !defined(NO_SCTP) # define NO_SCTP # endif -# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2) -# define NO_SSL2 -# endif # if defined(OPENSSL_NO_STORE) && !defined(NO_STORE) # define NO_STORE # endif From owner-svn-src-stable@freebsd.org Fri Mar 4 15:03:50 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 687F69DB025; Fri, 4 Mar 2016 15:03:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from zxy.spb.ru (zxy.spb.ru [195.70.199.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2CE2CDC1; Fri, 4 Mar 2016 15:03:50 +0000 (UTC) (envelope-from slw@zxy.spb.ru) Received: from slw by zxy.spb.ru with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1abrGV-000FwA-ND; Fri, 04 Mar 2016 18:03:39 +0300 Date: Fri, 4 Mar 2016 18:03:39 +0300 From: Slawa Olhovchenkov To: Jung-uk Kim Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: Re: svn commit: r296371 - stable/10/secure/lib/libcrypto Message-ID: <20160304150339.GB94639@zxy.spb.ru> References: <201603040040.u240eGeY044590@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201603040040.u240eGeY044590@repo.freebsd.org> User-Agent: Mutt/1.5.24 (2015-08-30) X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: slw@zxy.spb.ru X-SA-Exim-Scanned: No (on zxy.spb.ru); SAEximRunCond expanded to false X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Mar 2016 15:03:50 -0000 On Fri, Mar 04, 2016 at 12:40:16AM +0000, Jung-uk Kim wrote: > Author: jkim > Date: Fri Mar 4 00:40:15 2016 > New Revision: 296371 > URL: https://svnweb.freebsd.org/changeset/base/296371 > > Log: > Re-enable SSLv2 support to restore ABI. > > Excerpt from CHANGES: > > Even if "enable-ssl2" is used, users who want to negotiate SSLv2 via > the version-flexible SSLv23_method() will need to explicitly call > either of: > > SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv2); > or > SSL_clear_options(ssl, SSL_OP_NO_SSLv2); > > as appropriate. Even if either of those is used, or the application > explicitly uses the version-specific SSLv2_method() or its client and > server variants, SSLv2 ciphers vulnerable to exhaustive search key > recovery have been removed. Specifically, the SSLv2 40-bit EXPORT > ciphers, and SSLv2 56-bit DES are no longer available. > > Approved by: re (marius, gjb), so (delphij) > > Modified: > stable/10/secure/lib/libcrypto/opensslconf-arm.h > stable/10/secure/lib/libcrypto/opensslconf-ia64.h > stable/10/secure/lib/libcrypto/opensslconf-mips.h > stable/10/secure/lib/libcrypto/opensslconf-powerpc.h > stable/10/secure/lib/libcrypto/opensslconf-sparc64.h > stable/10/secure/lib/libcrypto/opensslconf-x86.h Need to re-mergered to 10.3 too?