Date: Fri, 30 Apr 2010 14:28:02 GMT From: Alexander Motin <mav@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 177521 for review Message-ID: <201004301428.o3UES288015384@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@177521?ac=10 Change 177521 by mav@mav_mavtest on 2010/04/30 14:27:56 IFC Affected files ... .. //depot/projects/scottl-camlock/src/UPDATING#30 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ChangeLog#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/README#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/auth-options.c#4 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/auth2-pubkey.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/channels.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/clientloop.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/config.h#7 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/config.h.in#4 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/defines.h#6 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/key.c#4 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/key.h#4 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/loginrec.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/logintest.c#2 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/openbsd-compat/bsd-arc4random.c#3 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/servconf.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/session.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ssh-keygen.1#4 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ssh-keygen.c#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ssh-pkcs11-helper.c#2 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ssh.1#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ssh_config#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/ssh_config.5#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/sshd_config#6 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/sshd_config.5#5 integrate .. //depot/projects/scottl-camlock/src/crypto/openssh/version.h#5 integrate .. //depot/projects/scottl-camlock/src/etc/rc.d/named#5 integrate .. //depot/projects/scottl-camlock/src/gnu/usr.bin/groff/tmac/mdoc.local#9 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/hast.conf.5#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/hast.h#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/hastd.c#3 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/metadata.c#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/parse.y#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/primary.c#4 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/proto.c#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/proto.h#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/proto_common.c#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/proto_tcp4.c#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/secondary.c#2 integrate .. //depot/projects/scottl-camlock/src/sbin/hastd/token.l#2 integrate .. //depot/projects/scottl-camlock/src/sbin/ifconfig/ifconfig.8#12 integrate .. //depot/projects/scottl-camlock/src/sbin/ifconfig/ifieee80211.c#12 integrate .. //depot/projects/scottl-camlock/src/sbin/tunefs/tunefs.c#5 integrate .. //depot/projects/scottl-camlock/src/share/man/man4/bwn.4#3 integrate .. //depot/projects/scottl-camlock/src/share/man/man4/sge.4#2 integrate .. //depot/projects/scottl-camlock/src/share/man/man4/vlan.4#5 integrate .. //depot/projects/scottl-camlock/src/share/man/man9/ieee80211.9#5 integrate .. //depot/projects/scottl-camlock/src/share/man/man9/ieee80211_node.9#5 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/amd64/io.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/amd64/pmap.c#43 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/include/iodev.h#4 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/include/pmap.h#16 integrate .. //depot/projects/scottl-camlock/src/sys/amd64/include/vmparam.h#8 integrate .. //depot/projects/scottl-camlock/src/sys/arm/arm/pmap.c#30 integrate .. //depot/projects/scottl-camlock/src/sys/arm/include/pmap.h#20 integrate .. //depot/projects/scottl-camlock/src/sys/cam/ata/ata_xpt.c#86 integrate .. //depot/projects/scottl-camlock/src/sys/cam/cam_xpt.c#155 integrate .. //depot/projects/scottl-camlock/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_pool.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c#7 integrate .. //depot/projects/scottl-camlock/src/sys/conf/files#74 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/acpica_prep.sh#7 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/changes.txt#9 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/common/adisasm.c#9 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslcompile.c#9 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslcompiler.h#10 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/asldefine.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslfiles.c#7 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslglobal.h#9 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/asllisting.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslmain.c#9 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslpredef.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslresource.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype1.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype1i.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype2.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype2d.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype2e.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype2q.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/aslrestype2w.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/compiler/asltypes.h#11 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/debugger/dbcmds.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/debugger/dbdisply.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/events/evgpe.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/events/evgpeblk.c#7 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/events/evgpeinit.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/events/evgpeutil.c#1 branch .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/executer/exconfig.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/executer/exoparg1.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/executer/exsystem.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/acevents.h#4 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/acglobal.h#7 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/acinterp.h#5 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/aclocal.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/acpiosxf.h#3 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/acpixf.h#9 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/actypes.h#5 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/include/amlresrc.h#3 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/osunixxf.c#7 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/tables/tbfind.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/tables/tbinstal.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/tables/tbutils.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/tables/tbxface.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/utilities/utcopy.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/utilities/utglobal.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/dev/acpica/utilities/uttrack.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/contrib/ipfilter/netinet/ip_auth.c#10 integrate .. //depot/projects/scottl-camlock/src/sys/dev/acpica/Osd/OsdHardware.c#10 integrate .. //depot/projects/scottl-camlock/src/sys/dev/ahci/ahci.c#108 integrate .. //depot/projects/scottl-camlock/src/sys/dev/ata/ata-all.c#54 integrate .. //depot/projects/scottl-camlock/src/sys/dev/atkbdc/atkbdc.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/dev/atkbdc/atkbdc_ebus.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/atkbdc/atkbdc_isa.c#6 integrate .. //depot/projects/scottl-camlock/src/sys/dev/atkbdc/atkbdcreg.h#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/bce/if_bce.c#20 integrate .. //depot/projects/scottl-camlock/src/sys/dev/bce/if_bcereg.h#15 integrate .. //depot/projects/scottl-camlock/src/sys/dev/ciss/ciss.c#29 integrate .. //depot/projects/scottl-camlock/src/sys/dev/drm/via_dmablit.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/drm/via_video.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/e1000/if_em.c#18 integrate .. //depot/projects/scottl-camlock/src/sys/dev/io/iodev.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/dev/io/iodev.h#1 branch .. //depot/projects/scottl-camlock/src/sys/dev/mii/brgphy.c#22 integrate .. //depot/projects/scottl-camlock/src/sys/dev/msk/if_msk.c#21 integrate .. //depot/projects/scottl-camlock/src/sys/dev/msk/if_mskreg.h#12 integrate .. //depot/projects/scottl-camlock/src/sys/dev/sge/if_sge.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/dev/sge/if_sgereg.h#2 integrate .. //depot/projects/scottl-camlock/src/sys/dev/siis/siis.c#46 integrate .. //depot/projects/scottl-camlock/src/sys/dev/sound/pcm/buffer.c#13 integrate .. //depot/projects/scottl-camlock/src/sys/fs/nfsclient/nfs_clnode.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/fs/nfsclient/nfs_clrpcops.c#8 integrate .. //depot/projects/scottl-camlock/src/sys/i386/i386/io.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/i386/i386/pmap.c#47 integrate .. //depot/projects/scottl-camlock/src/sys/i386/include/iodev.h#4 integrate .. //depot/projects/scottl-camlock/src/sys/i386/include/pmap.h#23 integrate .. //depot/projects/scottl-camlock/src/sys/i386/xen/pmap.c#18 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/ia64/iodev_machdep.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/ia64/pmap.c#26 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/include/iodev.h#3 integrate .. //depot/projects/scottl-camlock/src/sys/ia64/include/pmap.h#11 integrate .. //depot/projects/scottl-camlock/src/sys/kern/imgact_elf.c#17 integrate .. //depot/projects/scottl-camlock/src/sys/kern/kern_exec.c#25 integrate .. //depot/projects/scottl-camlock/src/sys/kern/kern_gzio.c#2 integrate .. //depot/projects/scottl-camlock/src/sys/kern/kern_ntptime.c#9 integrate .. //depot/projects/scottl-camlock/src/sys/kern/kern_proc.c#23 integrate .. //depot/projects/scottl-camlock/src/sys/kern/kern_sig.c#33 integrate .. //depot/projects/scottl-camlock/src/sys/kern/subr_witness.c#22 integrate .. //depot/projects/scottl-camlock/src/sys/kern/sys_pipe.c#17 integrate .. //depot/projects/scottl-camlock/src/sys/kern/sys_process.c#23 integrate .. //depot/projects/scottl-camlock/src/sys/kern/uipc_cow.c#8 integrate .. //depot/projects/scottl-camlock/src/sys/kern/vfs_bio.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/mips/include/pmap.h#7 integrate .. //depot/projects/scottl-camlock/src/sys/mips/mips/pmap.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/modules/acpi/acpi/Makefile#17 integrate .. //depot/projects/scottl-camlock/src/sys/modules/usb/usb/Makefile#3 integrate .. //depot/projects/scottl-camlock/src/sys/net/bpf_zerocopy.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/net/flowtable.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/net/if.c#46 integrate .. //depot/projects/scottl-camlock/src/sys/net/if_gif.c#20 integrate .. //depot/projects/scottl-camlock/src/sys/net/if_gif.h#11 integrate .. //depot/projects/scottl-camlock/src/sys/net/route.c#25 integrate .. //depot/projects/scottl-camlock/src/sys/net80211/ieee80211_amrr.c#5 integrate .. //depot/projects/scottl-camlock/src/sys/net80211/ieee80211_ht.h#7 integrate .. //depot/projects/scottl-camlock/src/sys/net80211/ieee80211_node.c#20 integrate .. //depot/projects/scottl-camlock/src/sys/net80211/ieee80211_rssadapt.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/net80211/ieee80211_var.h#24 integrate .. //depot/projects/scottl-camlock/src/sys/netgraph/ng_pipe.c#4 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/icmp6.h#12 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/if_ether.c#31 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/in.c#34 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/in_gif.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/in_proto.c#17 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/in_rmx.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/ip_icmp.c#19 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/ip_icmp.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/ip_input.c#32 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/ip_var.h#19 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_hostcache.c#16 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_input.c#34 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_output.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_reass.c#9 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_sack.c#14 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_subr.c#29 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_syncache.c#28 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_timewait.c#11 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/tcp_var.h#29 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/udp_usrreq.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/netinet/udp_var.h#13 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/frag6.c#16 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/icmp6.c#23 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/in6_gif.c#12 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/in6_ifattach.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/in6_proto.c#21 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/in6_rmx.c#13 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/in6_src.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/in6_var.h#17 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/ip6_input.c#25 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/ip6_mroute.c#18 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/ip6_var.h#15 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/nd6.c#32 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/nd6.h#10 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/nd6_nbr.c#18 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/nd6_rtr.c#20 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/raw_ip6.c#23 integrate .. //depot/projects/scottl-camlock/src/sys/netinet6/scope6.c#12 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ah_var.h#4 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/esp_var.h#4 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipcomp_var.h#5 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipip_var.h#5 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipsec.c#19 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipsec.h#10 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/ipsec6.h#7 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/key.c#22 integrate .. //depot/projects/scottl-camlock/src/sys/netipsec/xform_esp.c#12 integrate .. //depot/projects/scottl-camlock/src/sys/pc98/pc98/machdep.c#21 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/aim/mmu_oea.c#10 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/aim/mmu_oea64.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/booke/pmap.c#13 integrate .. //depot/projects/scottl-camlock/src/sys/powerpc/include/pmap.h#12 integrate .. //depot/projects/scottl-camlock/src/sys/sparc64/include/pmap.h#10 integrate .. //depot/projects/scottl-camlock/src/sys/sparc64/sparc64/pmap.c#25 integrate .. //depot/projects/scottl-camlock/src/sys/sun4v/include/pmap.h#5 integrate .. //depot/projects/scottl-camlock/src/sys/sun4v/sun4v/pmap.c#12 integrate .. //depot/projects/scottl-camlock/src/sys/sys/param.h#43 integrate .. //depot/projects/scottl-camlock/src/sys/ufs/ffs/ffs_softdep.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/ufs/ffs/ffs_vfsops.c#25 integrate .. //depot/projects/scottl-camlock/src/sys/vm/device_pager.c#15 integrate .. //depot/projects/scottl-camlock/src/sys/vm/sg_pager.c#3 integrate .. //depot/projects/scottl-camlock/src/sys/vm/swap_pager.c#24 integrate .. //depot/projects/scottl-camlock/src/sys/vm/uma_core.c#18 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_contig.c#21 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_fault.c#32 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_glue.c#19 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_kern.c#13 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_mmap.c#22 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_object.c#23 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_page.c#27 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_page.h#15 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_pageout.c#21 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vm_param.h#6 integrate .. //depot/projects/scottl-camlock/src/sys/vm/vnode_pager.c#18 integrate .. //depot/projects/scottl-camlock/src/usr.sbin/acpi/acpidb/Makefile#7 integrate .. //depot/projects/scottl-camlock/src/usr.sbin/acpi/iasl/Makefile#6 integrate Differences ... ==== //depot/projects/scottl-camlock/src/UPDATING#30 (text+ko) ==== @@ -22,6 +22,14 @@ machines to maximize performance. (To disable malloc debugging, run ln -s aj /etc/malloc.conf.) + +20100429: + 'vm_page's are now hashed by physical address to an array of mutexes. + Currently this is only used to serialize access to hold_count. Over + time the page queue mutex will be peeled away. This changes the size + of pmap on every architecture. And requires all callers of vm_page_hold + and vm_page_unhold to be updated. + 20100402: WITH_CTF can now be specified in src.conf (not recommended, there are some problems with static executables), make.conf (would also @@ -1130,4 +1138,4 @@ Contact Warner Losh if you have any questions about your use of this document. -$FreeBSD: src/UPDATING,v 1.657 2010/04/02 06:55:31 netchild Exp $ +$FreeBSD: src/UPDATING,v 1.658 2010/04/30 00:46:43 kmacy Exp $ ==== //depot/projects/scottl-camlock/src/crypto/openssh/ChangeLog#5 (text+ko) ==== @@ -1,4 +1,120 @@ -20100307 +20100410 + - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo + back so we disable the IPv6 tests if we don't have it. + +20100409 + - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong + ones. Based on a patch from Roumen Petrov. + - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we + have it and the path is not provided to --with-libedit. Based on a patch + from Iain Morgan. + - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable + utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@ + +20100326 + - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection + for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson + - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally + by Ingo Weinhold via Scott McCreary, ok djm@ + - (djm) OpenBSD CVS Sync + - djm@cvs.openbsd.org 2010/03/25 23:38:28 + [servconf.c] + from portable: getcwd(NULL, 0) doesn't work on all platforms, so + use a stack buffer; ok dtucker@ + - djm@cvs.openbsd.org 2010/03/26 00:26:58 + [ssh.1] + mention that -S none disables connection sharing; from Colin Watson + - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms - + set up SELinux execution context before chroot() call. From Russell + Coker via Colin watson; bz#1726 ok dtucker@ + - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721 + ok dtucker@ + - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using + pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold). + - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys; + bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@ + - (dtucker) OpenBSD CVS Sync + - dtucker@cvs.openbsd.org 2010/03/26 01:06:13 + [ssh_config.5] + Reformat default value of PreferredAuthentications entry (current + formatting implies ", " is acceptable as a separator, which it's not. + ok djm@ + +20100324 + - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory + containing the services file explicitely case-insensitive. This allows to + tweak the Windows services file reliably. Patch from vinschen at redhat. + +20100321 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/03/08 09:41:27 + [ssh-keygen.1] + sort the list of constraints (to -O); ok djm + - jmc@cvs.openbsd.org 2010/03/10 07:40:35 + [ssh-keygen.1] + typos; from Ross Richardson + closes prs 6334 and 6335 + - djm@cvs.openbsd.org 2010/03/10 23:27:17 + [auth2-pubkey.c] + correct certificate logging and make it more consistent between + authorized_keys and TrustedCAKeys; ok markus@ + - djm@cvs.openbsd.org 2010/03/12 01:06:25 + [servconf.c] + unbreak AuthorizedKeys option with a $HOME-relative path; reported by + vinschen AT redhat.com, ok dtucker@ + - markus@cvs.openbsd.org 2010/03/12 11:37:40 + [servconf.c] + do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths + free() (not xfree()) the buffer returned by getcwd() + - djm@cvs.openbsd.org 2010/03/13 21:10:38 + [clientloop.c] + protocol conformance fix: send language tag when disconnecting normally; + spotted by 1.41421 AT gmail.com, ok markus@ deraadt@ + - djm@cvs.openbsd.org 2010/03/13 21:45:46 + [ssh-keygen.1] + Certificates are named *-cert.pub, not *_cert.pub; committing a diff + from stevesk@ ok me + - jmc@cvs.openbsd.org 2010/03/13 23:38:13 + [ssh-keygen.1] + fix a formatting error (args need quoted); noted by stevesk + - stevesk@cvs.openbsd.org 2010/03/15 19:40:02 + [key.c key.h ssh-keygen.c] + also print certificate type (user or host) for ssh-keygen -L + ok djm kettenis + - stevesk@cvs.openbsd.org 2010/03/16 15:46:52 + [auth-options.c] + spelling in error message. ok djm kettenis + - djm@cvs.openbsd.org 2010/03/16 16:36:49 + [version.h] + crank version to openssh-5.5 since we have a few fixes since 5.4; + requested deraadt@ kettenis@ + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Crank version numbers + +20100314 + - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix + compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot + AT fefe.de + - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for + ssh-pkcs11-helper to repair static builds (we do the same for + ssh-keyscan). Reported by felix-mindrot AT fefe.de + +20100312 + - (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir) + - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets. + Patch from Corinna Vinschen. + - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install + on a Cygwin installation. Patch from Corinna Vinschen. + +20100311 + - (tim) [contrib/suse/openssh.spec] crank version number here too. + report by imorgan AT nas.nasa.gov + +20100309 + - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO + so setting it in CFLAGS correctly skips IPv6 tests. + +20100428 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/03/07 22:16:01 [ssh-keygen.c] ==== //depot/projects/scottl-camlock/src/crypto/openssh/README#5 (text+ko) ==== @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.4 for the release notes. +See http://www.openssh.com/txt/release-5.5 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.72 2010/03/07 22:41:02 djm Exp $ +$Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $ ==== //depot/projects/scottl-camlock/src/crypto/openssh/auth-options.c#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */ +/* $OpenBSD: auth-options.c,v 1.49 2010/03/16 15:46:52 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -434,7 +434,7 @@ goto out; } if (strlen(command) != clen) { - error("force-command constrain contains \\0"); + error("force-command constraint contains \\0"); goto out; } if (cert_forced_command != NULL) { @@ -454,7 +454,7 @@ goto out; } if (strlen(allowed) != clen) { - error("source-address constrain contains \\0"); + error("source-address constraint contains \\0"); goto out; } if (cert_source_address_done++) { ==== //depot/projects/scottl-camlock/src/crypto/openssh/auth2-pubkey.c#5 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: auth2-pubkey.c,v 1.21 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: auth2-pubkey.c,v 1.22 2010/03/10 23:27:17 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -240,22 +240,26 @@ continue; if (!key_equal(found, key->cert->signature_key)) continue; - debug("matching CA found: file %s, line %lu", - file, linenum); fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); - verbose("Found matching %s CA: %s", - key_type(found), fp); - xfree(fp); + debug("matching CA found: file %s, line %lu, %s %s", + file, linenum, key_type(found), fp); if (key_cert_check_authority(key, 0, 0, pw->pw_name, &reason) != 0) { + xfree(fp); error("%s", reason); auth_debug_add("%s", reason); continue; } if (auth_cert_constraints(&key->cert->constraints, - pw) != 0) + pw) != 0) { + xfree(fp); continue; + } + verbose("Accepted certificate ID \"%s\" " + "signed by %s CA %s via %s", key->cert->key_id, + key_type(found), fp, file); + xfree(fp); found_key = 1; break; } else if (!key_is_cert_authority && key_equal(found, key)) { @@ -281,15 +285,15 @@ static int user_cert_trusted_ca(struct passwd *pw, Key *key) { - char *key_fp, *ca_fp; + char *ca_fp; const char *reason; int ret = 0; if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) return 0; - key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); - ca_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); + ca_fp = key_fingerprint(key->cert->signature_key, + SSH_FP_MD5, SSH_FP_HEX); if (key_in_file(key->cert->signature_key, options.trusted_user_ca_keys, 1) != 1) { @@ -306,13 +310,12 @@ if (auth_cert_constraints(&key->cert->constraints, pw) != 0) goto out; - verbose("%s certificate %s allowed by trusted %s key %s", - key_type(key), key_fp, key_type(key->cert->signature_key), ca_fp); + verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s", + key->cert->key_id, key_type(key->cert->signature_key), ca_fp, + options.trusted_user_ca_keys); ret = 1; out: - if (key_fp != NULL) - xfree(key_fp); if (ca_fp != NULL) xfree(ca_fp); return ret; ==== //depot/projects/scottl-camlock/src/crypto/openssh/channels.c#5 (text+ko) ==== @@ -3252,7 +3252,11 @@ sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); if (sock < 0) { - if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { + if ((errno != EINVAL) && (errno != EAFNOSUPPORT) +#ifdef EPFNOSUPPORT + && (errno != EPFNOSUPPORT) +#endif + ) { error("socket: %.100s", strerror(errno)); freeaddrinfo(aitop); return -1; ==== //depot/projects/scottl-camlock/src/crypto/openssh/clientloop.c#5 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: clientloop.c,v 1.218 2010/01/28 00:21:18 djm Exp $ */ +/* $OpenBSD: clientloop.c,v 1.219 2010/03/13 21:10:38 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1484,6 +1484,7 @@ packet_start(SSH2_MSG_DISCONNECT); packet_put_int(SSH2_DISCONNECT_BY_APPLICATION); packet_put_cstring("disconnected by user"); + packet_put_cstring(""); /* language tag */ packet_send(); packet_write_wait(); } ==== //depot/projects/scottl-camlock/src/crypto/openssh/config.h#7 (text+ko) ==== @@ -124,7 +124,7 @@ #define DISABLE_WTMPX 1 /* Enable for PKCS#11 support */ -#define ENABLE_PKCS11 +#define ENABLE_PKCS11 /**/ /* Builtin PRNG command timeout */ #define ENTROPY_TIMEOUT_MSEC 200 @@ -456,6 +456,9 @@ /* Define to 1 if you have the `getutxline' function. */ #define HAVE_GETUTXLINE 1 +/* Define to 1 if you have the `getutxuser' function. */ +#define HAVE_GETUTXUSER 1 + /* Define to 1 if you have the `get_default_context_with_level' function. */ /* #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL */ @@ -552,6 +555,9 @@ /* Define if system has libiaf that supports set_id */ /* #undef HAVE_LIBIAF */ +/* Define to 1 if you have the `network' library (-lnetwork). */ +/* #undef HAVE_LIBNETWORK */ + /* Define to 1 if you have the `nsl' library (-lnsl). */ /* #undef HAVE_LIBNSL */ @@ -805,6 +811,9 @@ /* Define to 1 if you have the `setutent' function. */ /* #undef HAVE_SETUTENT */ +/* Define to 1 if you have the `setutxdb' function. */ +#define HAVE_SETUTXDB 1 + /* Define to 1 if you have the `setutxent' function. */ #define HAVE_SETUTXENT 1 @@ -1416,8 +1425,8 @@ /* Define if you want SELinux support. */ /* #undef WITH_SELINUX */ -/* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ #if defined __BIG_ENDIAN__ # define WORDS_BIGENDIAN 1 #elif ! defined __LITTLE_ENDIAN__ ==== //depot/projects/scottl-camlock/src/crypto/openssh/config.h.in#4 (text+ko) ==== @@ -80,9 +80,6 @@ /* Define if you want to specify the path to your lastlog file */ #undef CONF_LASTLOG_FILE -/* Define if you want to specify the path to your utmpx file */ -#undef CONF_UTMPX_FILE - /* Define if you want to specify the path to your utmp file */ #undef CONF_UTMP_FILE @@ -455,6 +452,9 @@ /* Define to 1 if you have the `getutxline' function. */ #undef HAVE_GETUTXLINE +/* Define to 1 if you have the `getutxuser' function. */ +#undef HAVE_GETUTXUSER + /* Define to 1 if you have the `get_default_context_with_level' function. */ #undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL @@ -551,6 +551,9 @@ /* Define if system has libiaf that supports set_id */ #undef HAVE_LIBIAF +/* Define to 1 if you have the `network' library (-lnetwork). */ +#undef HAVE_LIBNETWORK + /* Define to 1 if you have the `nsl' library (-lnsl). */ #undef HAVE_LIBNSL @@ -804,6 +807,9 @@ /* Define to 1 if you have the `setutent' function. */ #undef HAVE_SETUTENT +/* Define to 1 if you have the `setutxdb' function. */ +#undef HAVE_SETUTXDB + /* Define to 1 if you have the `setutxent' function. */ #undef HAVE_SETUTXENT ==== //depot/projects/scottl-camlock/src/crypto/openssh/defines.h#6 (text+ko) ==== @@ -25,7 +25,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.159 2010/01/13 23:44:34 tim Exp $ */ +/* $Id: defines.h,v 1.160 2010/04/09 08:13:27 dtucker Exp $ */ /* Constants */ ==== //depot/projects/scottl-camlock/src/crypto/openssh/key.c#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.85 2010/03/04 01:44:57 djm Exp $ */ +/* $OpenBSD: key.c,v 1.86 2010/03/15 19:40:02 stevesk Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -802,6 +802,19 @@ } const char * +key_cert_type(const Key *k) +{ + switch (k->cert->type) { + case SSH2_CERT_TYPE_USER: + return "user"; + case SSH2_CERT_TYPE_HOST: + return "host"; + default: + return "unknown"; + } +} + +const char * key_ssh_name(const Key *k) { switch (k->type) { ==== //depot/projects/scottl-camlock/src/crypto/openssh/key.h#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: key.h,v 1.29 2010/03/15 19:40:02 stevesk Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. @@ -82,6 +82,7 @@ char *key_fingerprint(Key *, enum fp_type, enum fp_rep); u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); const char *key_type(const Key *); +const char *key_cert_type(const Key *); int key_write(const Key *, FILE *); int key_read(Key *, char **); u_int key_size(const Key *); ==== //depot/projects/scottl-camlock/src/crypto/openssh/loginrec.c#5 (text+ko) ==== @@ -146,7 +146,7 @@ */ #include "includes.h" -__RCSID("$FreeBSD: src/crypto/openssh/loginrec.c,v 1.20 2010/03/09 19:16:43 des Exp $"); +__RCSID("$FreeBSD: src/crypto/openssh/loginrec.c,v 1.21 2010/04/28 10:36:33 des Exp $"); #include <sys/types.h> #include <sys/stat.h> @@ -510,6 +510,10 @@ #ifdef USE_LASTLOG return(lastlog_get_entry(li)); #else /* !USE_LASTLOG */ +#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \ + defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER) + return (utmpx_get_entry(li)); +#endif #if 1 return (utmpx_get_entry(li)); @@ -1614,7 +1618,8 @@ #endif /* HAVE_GETLASTLOGXBYNAME */ #endif /* USE_LASTLOG */ -#if 1 +#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \ + defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER) int utmpx_get_entry(struct logininfo *li) { @@ -1637,7 +1642,7 @@ endutxent(); return (1); } -#endif +#endif /* USE_UTMPX && HAVE_SETUTXDB && UTXDB_LASTLOGIN && HAVE_GETUTXUSER */ #ifdef USE_BTMP /* ==== //depot/projects/scottl-camlock/src/crypto/openssh/logintest.c#2 (text+ko) ==== @@ -264,7 +264,7 @@ printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE); #endif #ifdef USE_UTMPX - printf("\tUSE_UTMPX (UTMPX_FILE=%s)\n", UTMPX_FILE); + printf("\tUSE_UTMPX\n"); #endif #ifdef USE_WTMP printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE); ==== //depot/projects/scottl-camlock/src/crypto/openssh/openbsd-compat/bsd-arc4random.c#3 (text+ko) ==== @@ -84,7 +84,7 @@ } #endif /* !HAVE_ARC4RANDOM */ -#ifndef ARC4RANDOM_BUF +#ifndef HAVE_ARC4RANDOM_BUF void arc4random_buf(void *_buf, size_t n) { @@ -102,7 +102,7 @@ } #endif /* !HAVE_ARC4RANDOM_BUF */ -#ifndef ARC4RANDOM_UNIFORM +#ifndef HAVE_ARC4RANDOM_UNIFORM /* * Calculate a uniformly distributed random number less than upper_bound * avoiding "modulo bias". ==== //depot/projects/scottl-camlock/src/crypto/openssh/servconf.c#5 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.c,v 1.204 2010/03/04 10:36:03 djm Exp $ */ +/* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -11,7 +11,7 @@ */ #include "includes.h" -__RCSID("$FreeBSD: src/crypto/openssh/servconf.c,v 1.53 2010/03/09 19:16:43 des Exp $"); +__RCSID("$FreeBSD: src/crypto/openssh/servconf.c,v 1.54 2010/04/28 10:36:33 des Exp $"); #include <sys/types.h> #include <sys/socket.h> @@ -474,15 +474,14 @@ char * derelativise_path(const char *path) { - char *expanded, *ret, *cwd; + char *expanded, *ret, cwd[MAXPATHLEN]; expanded = tilde_expand_filename(path, getuid()); if (*expanded == '/') return expanded; - if ((cwd = getcwd(NULL, 0)) == NULL) + if (getcwd(cwd, sizeof(cwd)) == NULL) fatal("%s: getcwd: %s", __func__, strerror(errno)); xasprintf(&ret, "%s/%s", cwd, expanded); - xfree(cwd); xfree(expanded); return ret; } @@ -1227,7 +1226,17 @@ charptr = (opcode == sAuthorizedKeysFile) ? &options->authorized_keys_file : &options->authorized_keys_file2; - goto parse_filename; + arg = strdelim(&cp); + if (!arg || *arg == '\0') + fatal("%s line %d: missing file name.", + filename, linenum); + if (*activep && *charptr == NULL) { + *charptr = tilde_expand_filename(arg, getuid()); + /* increase optional counter */ + if (intptr != NULL) + *intptr = *intptr + 1; + } + break; case sClientAliveInterval: intptr = &options->client_alive_interval; ==== //depot/projects/scottl-camlock/src/crypto/openssh/session.c#5 (text+ko) ==== @@ -34,7 +34,7 @@ */ #include "includes.h" -__RCSID("$FreeBSD: src/crypto/openssh/session.c,v 1.54 2010/03/09 19:16:43 des Exp $"); +__RCSID("$FreeBSD: src/crypto/openssh/session.c,v 1.55 2010/04/28 10:36:33 des Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -1581,6 +1581,10 @@ } #endif /* HAVE_SETPCRED */ +#ifdef WITH_SELINUX + ssh_selinux_setup_exec_context(pw->pw_name); +#endif + if (options.chroot_directory != NULL && strcasecmp(options.chroot_directory, "none") != 0) { tmp = tilde_expand_filename(options.chroot_directory, @@ -1605,10 +1609,6 @@ if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); - -#ifdef WITH_SELINUX - ssh_selinux_setup_exec_context(pw->pw_name); -#endif } static void ==== //depot/projects/scottl-camlock/src/crypto/openssh/ssh-keygen.1#4 (text+ko) ==== @@ -1,5 +1,5 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.88 2010/03/08 00:28:55 djm Exp $ -.\" $FreeBSD: src/crypto/openssh/ssh-keygen.1,v 1.5 2010/03/09 19:16:43 des Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.92 2010/03/13 23:38:13 jmc Exp $ +.\" $FreeBSD: src/crypto/openssh/ssh-keygen.1,v 1.6 2010/04/28 10:36:33 des Exp $ .\" .\" -*- nroff -*- .\" @@ -38,7 +38,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd March 8 2010 +.Dd March 13 2010 .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -308,8 +308,15 @@ section for details. The constraints that are valid for user certificates are: .Bl -tag -width Ds -.It Ic no-x11-forwarding -Disable X11 forwarding (permitted by default). +.It Ic clear +Clear all enabled permissions. +This is useful for clearing the default set of permissions so permissions may +be added individually. +.It Ic force-command Ns = Ns Ar command +Forces the execution of +.Ar command +instead of any shell or command specified by the user when +the certificate is used for authentication. .It Ic no-agent-forwarding Disable .Xr ssh-agent 1 @@ -324,12 +331,8 @@ by .Xr sshd 8 (permitted by default). -.It Ic clear -Clear all enabled permissions. -This is useful for clearing the default set of permissions so permissions may -be added individually. -.It Ic permit-x11-forwarding -Allows X11 forwarding. +.It Ic no-x11-forwarding +Disable X11 forwarding (permitted by default). .It Ic permit-agent-forwarding Allows .Xr ssh-agent 1 @@ -343,14 +346,10 @@ .Pa ~/.ssh/rc by .Xr sshd 8 . -.It Ic force-command=command -Forces the execution of -.Ar command -instead of any shell or command specified by the user when -the certificate is used for authentication. -.It Ic source-address=address_list -Restrict the source addresses from which the certificate is considered valid -from. +.It Ic permit-x11-forwarding +Allows X11 forwarding. +.It Ic source-address Ns = Ns Ar address_list +Restrict the source addresses from which the certificate is considered valid. The .Ar address_list is a comma-separated list of one or more address/netmask pairs in CIDR @@ -415,7 +414,7 @@ of a minus sign followed by a relative time in the format described in the .Sx TIME FORMATS section of -.Xr ssh_config 5 . +.Xr sshd_config 5 . The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting with a plus character. .Pp @@ -520,7 +519,7 @@ .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub .Pp The resultant certificate will be placed in -.Pa /path/to/user_key_cert.pub . +.Pa /path/to/user_key-cert.pub . A host certificate requires the .Fl h option: @@ -528,7 +527,7 @@ .Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub .Pp The host certificate will be output to -.Pa /path/to/host_key_cert.pub . +.Pa /path/to/host_key-cert.pub . In both cases, .Ar key_id is a "key identifier" that is logged by the server when the certificate @@ -540,7 +539,7 @@ To generate a certificate for a specified set of principals: .Pp .Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub -.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub +.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" .Pp Additional limitations on the validity and use of user certificates may be specified through certificate constraints. ==== //depot/projects/scottl-camlock/src/crypto/openssh/ssh-keygen.c#5 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.184 2010/03/07 22:16:01 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.185 2010/03/15 19:40:02 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1393,7 +1393,8 @@ SSH_FP_MD5, SSH_FP_HEX); printf("%s:\n", identity_file); - printf(" %s certificate %s\n", key_type(key), key_fp); + printf(" %s %s certificate %s\n", key_type(key), + key_cert_type(key), key_fp); printf(" Signed by %s CA %s\n", key_type(key->cert->signature_key), ca_fp); printf(" Key ID \"%s\"\n", key->cert->key_id); ==== //depot/projects/scottl-camlock/src/crypto/openssh/ssh-pkcs11-helper.c#2 (text+ko) ==== >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201004301428.o3UES288015384>