From owner-svn-src-stable-9@freebsd.org Sun Jul 5 19:33:31 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 62761AF17; Sun, 5 Jul 2015 19:33:31 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 518C21167; Sun, 5 Jul 2015 19:33:31 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t65JXVnb017703; Sun, 5 Jul 2015 19:33:31 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t65JXVts017702; Sun, 5 Jul 2015 19:33:31 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201507051933.t65JXVts017702@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Sun, 5 Jul 2015 19:33:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285175 - stable/9/sys/x86/x86 X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2015 19:33:31 -0000 Author: marius Date: Sun Jul 5 19:33:30 2015 New Revision: 285175 URL: https://svnweb.freebsd.org/changeset/base/285175 Log: MFC: r281751 Refine the workaround for Intel HSD131 [1] added in r269052 (MFCed to stable/9 in r269593): - Use the full mask described by the erratum as with a sufficiently high number of these false-positives, the overflow bit (bit 62) additionally gets set [7]. - HSD131 has been brought into several other Haswell-derived CPUs including to the next generation, i. e. Intel Broadwell. Thus, also skip reporting of these benign errors by default on CPU models affected by HSM142, HSW131 and BDM48 [2 - 5], describing the HSD131 silicon bug for additional models. Also, Celeron 2955U with a CPU ID of 0x45 have been reported to be covered by this fault [6], with the specification update concerned with HSM142 [2] only referring to 0x3c and 0x46. Submitted by: David Froehlich [7] Approved by: re (kib) http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-desktop-specification-update.pdf [1] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/4th-gen-core-family-mobile-specification-update.pdf [2] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/5th-gen-core-family-spec-update.pdf [3] http://www.intel.de/content/dam/www/public/us/en/documents/specification-updates/core-m-processor-family-spec-update.pdf [4] http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e3-1200v3-spec-update.pdf [5] https://lists.freebsd.org/pipermail/freebsd-hackers/2015-January/046878.html [6] Modified: stable/9/sys/x86/x86/mca.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/x86/x86/mca.c ============================================================================== --- stable/9/sys/x86/x86/mca.c Sun Jul 5 19:32:10 2015 (r285174) +++ stable/9/sys/x86/x86/mca.c Sun Jul 5 19:33:30 2015 (r285175) @@ -254,15 +254,24 @@ mca_mute(const struct mca_record *rec) { /* - * Skip spurious corrected parity errors generated by desktop Haswell - * (see HSD131 erratum) unless reporting is enabled. - * Note that these errors also have been observed with D0-stepping, - * while the revision 014 desktop Haswell specification update only - * talks about C0-stepping. + * Skip spurious corrected parity errors generated by Intel Haswell- + * and Broadwell-based CPUs (see HSD131, HSM142, HSW131 and BDM48 + * erratum respectively), unless reporting is enabled. + * Note that these errors also have been observed with the D0-stepping + * of Haswell, while at least initially the CPU specification updates + * suggested only the C0-stepping to be affected. Similarly, Celeron + * 2955U with a CPU ID of 0x45 apparently are also concerned with the + * same problem, with HSM142 only referring to 0x3c and 0x46. */ - if (rec->mr_cpu_vendor_id == CPU_VENDOR_INTEL && - rec->mr_cpu_id == 0x306c3 && rec->mr_bank == 0 && - rec->mr_status == 0x90000040000f0005 && !intel6h_HSD131) + if (cpu_vendor_id == CPU_VENDOR_INTEL && + CPUID_TO_FAMILY(cpu_id) == 0x6 && + (CPUID_TO_MODEL(cpu_id) == 0x3c || /* HSD131, HSM142, HSW131 */ + CPUID_TO_MODEL(cpu_id) == 0x3d || /* BDM48 */ + CPUID_TO_MODEL(cpu_id) == 0x45 || + CPUID_TO_MODEL(cpu_id) == 0x46) && /* HSM142 */ + rec->mr_bank == 0 && + (rec->mr_status & 0xa0000000ffffffff) == 0x80000000000f0005 && + !intel6h_HSD131) return (1); return (0); From owner-svn-src-stable-9@freebsd.org Sun Jul 5 20:16:47 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1C3A1A711; Sun, 5 Jul 2015 20:16:47 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B55E91CEC; Sun, 5 Jul 2015 20:16:46 +0000 (UTC) (envelope-from marius@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t65KGkkI037543; Sun, 5 Jul 2015 20:16:46 GMT (envelope-from marius@FreeBSD.org) Received: (from marius@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t65KGkIj037542; Sun, 5 Jul 2015 20:16:46 GMT (envelope-from marius@FreeBSD.org) Message-Id: <201507052016.t65KGkIj037542@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: marius set sender to marius@FreeBSD.org using -f From: Marius Strobl Date: Sun, 5 Jul 2015 20:16:46 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285178 - stable/9/sys/dev/re X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2015 20:16:47 -0000 Author: marius Date: Sun Jul 5 20:16:45 2015 New Revision: 285178 URL: https://svnweb.freebsd.org/changeset/base/285178 Log: MFC: r281337 Don't enable RX and TX before their initial configuration is done, i. e. after setting up interrupt moderation but before turning interrupts on. This matches what Realtek's r8168 Linux driver does as of version 8.039.00 and fixes problems with certain incarnations of certain MAC revisions like the interface requiring an extra up/down-cycle after boot to start working or DMA configuration not being adhered to. PR: 193743, 197535 Modified: stable/9/sys/dev/re/if_re.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/dev/ (props changed) Modified: stable/9/sys/dev/re/if_re.c ============================================================================== --- stable/9/sys/dev/re/if_re.c Sun Jul 5 20:16:38 2015 (r285177) +++ stable/9/sys/dev/re/if_re.c Sun Jul 5 20:16:45 2015 (r285178) @@ -3195,11 +3195,6 @@ re_init_locked(struct rl_softc *sc) ~0x00080000); /* - * Enable transmit and receive. - */ - CSR_WRITE_1(sc, RL_COMMAND, RL_CMD_TX_ENB|RL_CMD_RX_ENB); - - /* * Set the initial TX configuration. */ if (sc->rl_testmode) { @@ -3225,6 +3220,11 @@ re_init_locked(struct rl_softc *sc) CSR_WRITE_2(sc, RL_INTRMOD, 0x5100); } + /* + * Enable transmit and receive. + */ + CSR_WRITE_1(sc, RL_COMMAND, RL_CMD_TX_ENB | RL_CMD_RX_ENB); + #ifdef DEVICE_POLLING /* * Disable interrupts if we are polling. @@ -3248,10 +3248,6 @@ re_init_locked(struct rl_softc *sc) /* Start RX/TX process. */ CSR_WRITE_4(sc, RL_MISSEDPKT, 0); -#ifdef notdef - /* Enable receiver and transmitter. */ - CSR_WRITE_1(sc, RL_COMMAND, RL_CMD_TX_ENB|RL_CMD_RX_ENB); -#endif /* * Initialize the timer interrupt register so that From owner-svn-src-stable-9@freebsd.org Mon Jul 6 08:24:58 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1A18BA91B; Mon, 6 Jul 2015 08:24:58 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 097E411DE; Mon, 6 Jul 2015 08:24:58 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t668OvPO005579; Mon, 6 Jul 2015 08:24:57 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t668Ovda005578; Mon, 6 Jul 2015 08:24:57 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201507060824.t668Ovda005578@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Mon, 6 Jul 2015 08:24:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285197 - stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 08:24:58 -0000 Author: avg Date: Mon Jul 6 08:24:57 2015 New Revision: 285197 URL: https://svnweb.freebsd.org/changeset/base/285197 Log: MFC r271226: MFV r271223: 5117 space map reallocation can cause corruption In dnode_sync(), do dnode_increase_indirection() before processing. Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Mon Jul 6 05:57:41 2015 (r285196) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Mon Jul 6 08:24:57 2015 (r285197) @@ -688,6 +688,11 @@ dnode_sync(dnode_t *dn, dmu_tx_t *tx) return; } + if (dn->dn_next_nlevels[txgoff]) { + dnode_increase_indirection(dn, tx); + dn->dn_next_nlevels[txgoff] = 0; + } + if (dn->dn_next_nblkptr[txgoff]) { /* this should only happen on a realloc */ ASSERT(dn->dn_allocated_txg == tx->tx_txg); @@ -712,11 +717,6 @@ dnode_sync(dnode_t *dn, dmu_tx_t *tx) mutex_exit(&dn->dn_mtx); } - if (dn->dn_next_nlevels[txgoff]) { - dnode_increase_indirection(dn, tx); - dn->dn_next_nlevels[txgoff] = 0; - } - dbuf_sync_list(list, tx); if (!DMU_OBJECT_IS_SPECIAL(dn->dn_object)) { From owner-svn-src-stable-9@freebsd.org Mon Jul 6 08:27:42 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34A0CA980; Mon, 6 Jul 2015 08:27:42 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 18210145D; Mon, 6 Jul 2015 08:27:42 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t668Rfvk006012; Mon, 6 Jul 2015 08:27:41 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t668ReVc006007; Mon, 6 Jul 2015 08:27:40 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201507060827.t668ReVc006007@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Mon, 6 Jul 2015 08:27:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285198 - stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 08:27:42 -0000 Author: avg Date: Mon Jul 6 08:27:39 2015 New Revision: 285198 URL: https://svnweb.freebsd.org/changeset/base/285198 Log: MFC r268713: MFV r268702: 4975 missing mutex_destroy() calls in zfs Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c Directory Properties: stable/9/sys/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c Mon Jul 6 08:24:57 2015 (r285197) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c Mon Jul 6 08:27:39 2015 (r285198) @@ -1351,6 +1351,12 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_ if (dr->dt.dl.dr_data != db->db_buf) VERIFY(arc_buf_remove_ref(dr->dt.dl.dr_data, db)); } + + if (db->db_level != 0) { + mutex_destroy(&dr->dt.di.dr_mtx); + list_destroy(&dr->dt.di.dr_children); + } + kmem_free(dr, sizeof (dbuf_dirty_record_t)); ASSERT(db->db_dirtycnt > 0); Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c Mon Jul 6 08:24:57 2015 (r285197) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c Mon Jul 6 08:27:39 2015 (r285198) @@ -1083,6 +1083,11 @@ dnode_hold_impl(objset_t *os, uint64_t o } if (winner = dmu_buf_set_user(&db->db, children_dnodes, NULL, dnode_buf_pageout)) { + + for (i = 0; i < epb; i++) { + zrl_destroy(&dnh[i].dnh_zrlock); + } + kmem_free(children_dnodes, sizeof (dnode_children_t) + (epb - 1) * sizeof (dnode_handle_t)); children_dnodes = winner; Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Mon Jul 6 08:24:57 2015 (r285197) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Mon Jul 6 08:27:39 2015 (r285198) @@ -479,8 +479,8 @@ dnode_undirty_dbufs(list_t *list) dr->dt.dl.dr_data == db->db_buf); dbuf_unoverride(dr); } else { - list_destroy(&dr->dt.di.dr_children); mutex_destroy(&dr->dt.di.dr_mtx); + list_destroy(&dr->dt.di.dr_children); } kmem_free(dr, sizeof (dbuf_dirty_record_t)); dbuf_rele_and_unlock(db, (void *)(uintptr_t)txg); Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c Mon Jul 6 08:24:57 2015 (r285197) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dsl_dataset.c Mon Jul 6 08:27:39 2015 (r285198) @@ -270,6 +270,7 @@ dsl_dataset_evict(dmu_buf_t *db, void *d if (mutex_owned(&ds->ds_opening_lock)) mutex_exit(&ds->ds_opening_lock); mutex_destroy(&ds->ds_opening_lock); + mutex_destroy(&ds->ds_sendstream_lock); refcount_destroy(&ds->ds_longholds); kmem_free(ds, sizeof (dsl_dataset_t)); @@ -398,6 +399,7 @@ dsl_dataset_hold_obj(dsl_pool_t *dp, uin if (err != 0) { mutex_destroy(&ds->ds_lock); mutex_destroy(&ds->ds_opening_lock); + mutex_destroy(&ds->ds_sendstream_lock); refcount_destroy(&ds->ds_longholds); bplist_destroy(&ds->ds_pending_deadlist); dsl_deadlist_close(&ds->ds_deadlist); @@ -454,6 +456,7 @@ dsl_dataset_hold_obj(dsl_pool_t *dp, uin dsl_dir_rele(ds->ds_dir, ds); mutex_destroy(&ds->ds_lock); mutex_destroy(&ds->ds_opening_lock); + mutex_destroy(&ds->ds_sendstream_lock); refcount_destroy(&ds->ds_longholds); kmem_free(ds, sizeof (dsl_dataset_t)); if (err != 0) { Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c Mon Jul 6 08:24:57 2015 (r285197) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sa.c Mon Jul 6 08:27:39 2015 (r285198) @@ -1111,6 +1111,9 @@ fail: if (sa->sa_user_table) kmem_free(sa->sa_user_table, sa->sa_user_table_sz); mutex_exit(&sa->sa_lock); + avl_destroy(&sa->sa_layout_hash_tree); + avl_destroy(&sa->sa_layout_num_tree); + mutex_destroy(&sa->sa_lock); kmem_free(sa, sizeof (sa_os_t)); return ((error == ECKSUM) ? EIO : error); } @@ -1146,6 +1149,7 @@ sa_tear_down(objset_t *os) avl_destroy(&sa->sa_layout_hash_tree); avl_destroy(&sa->sa_layout_num_tree); + mutex_destroy(&sa->sa_lock); kmem_free(sa, sizeof (sa_os_t)); os->os_sa = NULL; From owner-svn-src-stable-9@freebsd.org Mon Jul 6 10:41:33 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DCA44993ED9; Mon, 6 Jul 2015 10:41:32 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C29A61585; Mon, 6 Jul 2015 10:41:32 +0000 (UTC) (envelope-from avg@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t66AfWs8073985; Mon, 6 Jul 2015 10:41:32 GMT (envelope-from avg@FreeBSD.org) Received: (from avg@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t66AfU5Z073979; Mon, 6 Jul 2015 10:41:30 GMT (envelope-from avg@FreeBSD.org) Message-Id: <201507061041.t66AfU5Z073979@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: avg set sender to avg@FreeBSD.org using -f From: Andriy Gapon Date: Mon, 6 Jul 2015 10:41:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285203 - in stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs: . sys X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Jul 2015 10:41:33 -0000 Author: avg Date: Mon Jul 6 10:41:29 2015 New Revision: 285203 URL: https://svnweb.freebsd.org/changeset/base/285203 Log: MFC r284593: MFV r284412: 5911 ZFS "hangs" while deleting file illumos/illumos-gate@46e1baa6cf6d5432f5fd231bb588df8f9570c858 https://www.illumos.org/issues/5911 Sometimes ZFS appears to hang while deleting a file. It is actually making slow progress at the file deletion, but other operations (administrative and writes via the data path) "hang" until the file removal completes, which can take a long time if the file has many blocks. The deletion (or most of it) happens in a single txg, and the sync thread spends most of its time reading indirect blocks... Reviewed by: Bayard Bell Reviewed by: Alek Pinchuk Reviewed by: Simon Klinkert Reviewed by: Dan McDonald Approved by: Richard Lowe Author: Matthew Ahrens PR: 199775 Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_tx.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dbuf.h Directory Properties: stable/9/sys/ (props changed) stable/9/sys/cddl/contrib/opensolaris/ (props changed) Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c Mon Jul 6 10:40:51 2015 (r285202) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dbuf.c Mon Jul 6 10:41:29 2015 (r285203) @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. * Copyright (c) 2013, Joyent, Inc. All rights reserved. */ @@ -1294,6 +1294,16 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_ dbuf_dirty_record_t *dr, **drp; ASSERT(txg != 0); + + /* + * Due to our use of dn_nlevels below, this can only be called + * in open context, unless we are operating on the MOS. + * From syncing context, dn_nlevels may be different from the + * dn_nlevels used when dbuf was dirtied. + */ + ASSERT(db->db_objset == + dmu_objset_pool(db->db_objset)->dp_meta_objset || + txg != spa_syncing_txg(dmu_objset_spa(db->db_objset))); ASSERT(db->db_blkid != DMU_BONUS_BLKID); ASSERT0(db->db_level); ASSERT(MUTEX_HELD(&db->db_mtx)); @@ -1316,11 +1326,8 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_ ASSERT(db->db.db_size != 0); - /* - * Any space we accounted for in dp_dirty_* will be cleaned up by - * dsl_pool_sync(). This is relatively rare so the discrepancy - * is not a big deal. - */ + dsl_pool_undirty_space(dmu_objset_pool(dn->dn_objset), + dr->dr_accounted, txg); *drp = dr->dr_next; @@ -1335,7 +1342,7 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_ list_remove(&dr->dr_parent->dt.di.dr_children, dr); mutex_exit(&dr->dr_parent->dt.di.dr_mtx); } else if (db->db_blkid == DMU_SPILL_BLKID || - db->db_level+1 == dn->dn_nlevels) { + db->db_level + 1 == dn->dn_nlevels) { ASSERT(db->db_blkptr == NULL || db->db_parent == dn->dn_dbuf); mutex_enter(&dn->dn_mtx); list_remove(&dn->dn_dirty_records[txg & TXG_MASK], dr); @@ -1352,11 +1359,6 @@ dbuf_undirty(dmu_buf_impl_t *db, dmu_tx_ VERIFY(arc_buf_remove_ref(dr->dt.dl.dr_data, db)); } - if (db->db_level != 0) { - mutex_destroy(&dr->dt.di.dr_mtx); - list_destroy(&dr->dt.di.dr_children); - } - kmem_free(dr, sizeof (dbuf_dirty_record_t)); ASSERT(db->db_dirtycnt > 0); @@ -2277,7 +2279,7 @@ dbuf_sync_indirect(dbuf_dirty_record_t * zio = dr->dr_zio; mutex_enter(&dr->dt.di.dr_mtx); - dbuf_sync_list(&dr->dt.di.dr_children, tx); + dbuf_sync_list(&dr->dt.di.dr_children, db->db_level - 1, tx); ASSERT(list_head(&dr->dt.di.dr_children) == NULL); mutex_exit(&dr->dt.di.dr_mtx); zio_nowait(zio); @@ -2423,7 +2425,7 @@ dbuf_sync_leaf(dbuf_dirty_record_t *dr, } void -dbuf_sync_list(list_t *list, dmu_tx_t *tx) +dbuf_sync_list(list_t *list, int level, dmu_tx_t *tx) { dbuf_dirty_record_t *dr; @@ -2440,6 +2442,10 @@ dbuf_sync_list(list_t *list, dmu_tx_t *t DMU_META_DNODE_OBJECT); break; } + if (dr->dr_dbuf->db_blkid != DMU_BONUS_BLKID && + dr->dr_dbuf->db_blkid != DMU_SPILL_BLKID) { + VERIFY3U(dr->dr_dbuf->db_level, ==, level); + } list_remove(list, dr); if (dr->dr_dbuf->db_level > 0) dbuf_sync_indirect(dr, tx); Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_tx.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_tx.c Mon Jul 6 10:40:51 2015 (r285202) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dmu_tx.c Mon Jul 6 10:41:29 2015 (r285203) @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. * Copyright 2011 Nexenta Systems, Inc. All rights reserved. - * Copyright (c) 2013 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. */ #include @@ -652,7 +652,7 @@ dmu_tx_hold_free(dmu_tx_t *tx, uint64_t uint64_t ibyte = i << shift; err = dnode_next_offset(dn, 0, &ibyte, 2, 1, 0); i = ibyte >> shift; - if (err == ESRCH) + if (err == ESRCH || i > end) break; if (err) { tx->tx_err = err; Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c Mon Jul 6 10:40:51 2015 (r285202) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode.c Mon Jul 6 10:41:29 2015 (r285203) @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. */ #include @@ -1455,6 +1455,16 @@ out: rw_downgrade(&dn->dn_struct_rwlock); } +static void +dnode_dirty_l1(dnode_t *dn, uint64_t l1blkid, dmu_tx_t *tx) +{ + dmu_buf_impl_t *db = dbuf_hold_level(dn, 1, l1blkid, FTAG); + if (db != NULL) { + dmu_buf_will_dirty(&db->db, tx); + dbuf_rele(db, FTAG); + } +} + void dnode_free_range(dnode_t *dn, uint64_t off, uint64_t len, dmu_tx_t *tx) { @@ -1575,27 +1585,67 @@ dnode_free_range(dnode_t *dn, uint64_t o nblks += 1; /* - * Dirty the first and last indirect blocks, as they (and/or their - * parents) will need to be written out if they were only - * partially freed. Interior indirect blocks will be themselves freed, - * by free_children(), so they need not be dirtied. Note that these - * interior blocks have already been prefetched by dmu_tx_hold_free(). + * Dirty all the indirect blocks in this range. Note that only + * the first and last indirect blocks can actually be written + * (if they were partially freed) -- they must be dirtied, even if + * they do not exist on disk yet. The interior blocks will + * be freed by free_children(), so they will not actually be written. + * Even though these interior blocks will not be written, we + * dirty them for two reasons: + * + * - It ensures that the indirect blocks remain in memory until + * syncing context. (They have already been prefetched by + * dmu_tx_hold_free(), so we don't have to worry about reading + * them serially here.) + * + * - The dirty space accounting will put pressure on the txg sync + * mechanism to begin syncing, and to delay transactions if there + * is a large amount of freeing. Even though these indirect + * blocks will not be written, we could need to write the same + * amount of space if we copy the freed BPs into deadlists. */ if (dn->dn_nlevels > 1) { uint64_t first, last; first = blkid >> epbs; - if (db = dbuf_hold_level(dn, 1, first, FTAG)) { - dmu_buf_will_dirty(&db->db, tx); - dbuf_rele(db, FTAG); - } + dnode_dirty_l1(dn, first, tx); if (trunc) last = dn->dn_maxblkid >> epbs; else last = (blkid + nblks - 1) >> epbs; - if (last > first && (db = dbuf_hold_level(dn, 1, last, FTAG))) { - dmu_buf_will_dirty(&db->db, tx); - dbuf_rele(db, FTAG); + if (last != first) + dnode_dirty_l1(dn, last, tx); + + int shift = dn->dn_datablkshift + dn->dn_indblkshift - + SPA_BLKPTRSHIFT; + for (uint64_t i = first + 1; i < last; i++) { + /* + * Set i to the blockid of the next non-hole + * level-1 indirect block at or after i. Note + * that dnode_next_offset() operates in terms of + * level-0-equivalent bytes. + */ + uint64_t ibyte = i << shift; + int err = dnode_next_offset(dn, DNODE_FIND_HAVELOCK, + &ibyte, 2, 1, 0); + i = ibyte >> shift; + if (i >= last) + break; + + /* + * Normally we should not see an error, either + * from dnode_next_offset() or dbuf_hold_level() + * (except for ESRCH from dnode_next_offset). + * If there is an i/o error, then when we read + * this block in syncing context, it will use + * ZIO_FLAG_MUSTSUCCEED, and thus hang/panic according + * to the "failmode" property. dnode_next_offset() + * doesn't have a flag to indicate MUSTSUCCEED. + */ + if (err != 0) + break; + + dnode_dirty_l1(dn, i, tx); } } Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Mon Jul 6 10:40:51 2015 (r285202) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/dnode_sync.c Mon Jul 6 10:41:29 2015 (r285203) @@ -21,7 +21,7 @@ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2012, 2014 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. */ #include @@ -717,7 +717,7 @@ dnode_sync(dnode_t *dn, dmu_tx_t *tx) mutex_exit(&dn->dn_mtx); } - dbuf_sync_list(list, tx); + dbuf_sync_list(list, dn->dn_phys->dn_nlevels - 1, tx); if (!DMU_OBJECT_IS_SPECIAL(dn->dn_object)) { ASSERT3P(list_head(list), ==, NULL); Modified: stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dbuf.h ============================================================================== --- stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dbuf.h Mon Jul 6 10:40:51 2015 (r285202) +++ stable/9/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/sys/dbuf.h Mon Jul 6 10:41:29 2015 (r285203) @@ -20,7 +20,7 @@ */ /* * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. - * Copyright (c) 2013 by Delphix. All rights reserved. + * Copyright (c) 2012, 2015 by Delphix. All rights reserved. * Copyright (c) 2013 by Saso Kiselkov. All rights reserved. */ @@ -280,7 +280,7 @@ void dbuf_evict(dmu_buf_impl_t *db); void dbuf_setdirty(dmu_buf_impl_t *db, dmu_tx_t *tx); void dbuf_unoverride(dbuf_dirty_record_t *dr); -void dbuf_sync_list(list_t *list, dmu_tx_t *tx); +void dbuf_sync_list(list_t *list, int level, dmu_tx_t *tx); void dbuf_release_bp(dmu_buf_impl_t *db); void dbuf_free_range(struct dnode *dn, uint64_t start, uint64_t end, From owner-svn-src-stable-9@freebsd.org Tue Jul 7 21:43:24 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8C950995E8A; Tue, 7 Jul 2015 21:43:24 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7BD0E1A15; Tue, 7 Jul 2015 21:43:24 +0000 (UTC) (envelope-from delphij@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t67LhOBX035141; Tue, 7 Jul 2015 21:43:24 GMT (envelope-from delphij@FreeBSD.org) Received: (from delphij@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t67LhOop035140; Tue, 7 Jul 2015 21:43:24 GMT (envelope-from delphij@FreeBSD.org) Message-Id: <201507072143.t67LhOop035140@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: delphij set sender to delphij@FreeBSD.org using -f From: Xin LI Date: Tue, 7 Jul 2015 21:43:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285257 - in stable: 8/contrib/bind9/lib/dns 9/contrib/bind9/lib/dns X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 21:43:24 -0000 Author: delphij Date: Tue Jul 7 21:43:23 2015 New Revision: 285257 URL: https://svnweb.freebsd.org/changeset/base/285257 Log: Fix BIND resolver remote denial of service when validating. Security: CVE-2015-4620 Security: FreeBSD-SA-15:11.bind Modified: stable/9/contrib/bind9/lib/dns/validator.c Changes in other areas also in this revision: Modified: stable/8/contrib/bind9/lib/dns/validator.c Modified: stable/9/contrib/bind9/lib/dns/validator.c ============================================================================== --- stable/9/contrib/bind9/lib/dns/validator.c Tue Jul 7 21:05:20 2015 (r285256) +++ stable/9/contrib/bind9/lib/dns/validator.c Tue Jul 7 21:43:23 2015 (r285257) @@ -1420,7 +1420,6 @@ compute_keytag(dns_rdata_t *rdata, dns_r */ static isc_boolean_t isselfsigned(dns_validator_t *val) { - dns_fixedname_t fixed; dns_rdataset_t *rdataset, *sigrdataset; dns_rdata_t rdata = DNS_RDATA_INIT; dns_rdata_t sigrdata = DNS_RDATA_INIT; @@ -1476,8 +1475,7 @@ isselfsigned(dns_validator_t *val) { result = dns_dnssec_verify3(name, rdataset, dstkey, ISC_TRUE, val->view->maxbits, - mctx, &sigrdata, - dns_fixedname_name(&fixed)); + mctx, &sigrdata, NULL); dst_key_free(&dstkey); if (result != ISC_R_SUCCESS) continue; From owner-svn-src-stable-9@freebsd.org Tue Jul 7 23:37:18 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C7304996452; Tue, 7 Jul 2015 23:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B6DF3114F; Tue, 7 Jul 2015 23:37:18 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t67NbIvH095931; Tue, 7 Jul 2015 23:37:18 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t67NbIDc095930; Tue, 7 Jul 2015 23:37:18 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201507072337.t67NbIDc095930@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Tue, 7 Jul 2015 23:37:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285259 - in stable: 8/release/doc/share/xml 9/release/doc/share/xml X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Jul 2015 23:37:18 -0000 Author: gjb Date: Tue Jul 7 23:37:16 2015 New Revision: 285259 URL: https://svnweb.freebsd.org/changeset/base/285259 Log: Document SA-15:11.bind. Sponsored by: The FreeBSD Foundation Modified: stable/9/release/doc/share/xml/security.xml Changes in other areas also in this revision: Modified: stable/8/release/doc/share/xml/security.xml Modified: stable/9/release/doc/share/xml/security.xml ============================================================================== --- stable/9/release/doc/share/xml/security.xml Tue Jul 7 21:44:01 2015 (r285258) +++ stable/9/release/doc/share/xml/security.xml Tue Jul 7 23:37:16 2015 (r285259) @@ -155,6 +155,13 @@ 16 June 2015 Multiple vulnerabilities + + + FreeBSD-SA-15:11.bind + 7 July 2015 + Resolver remote denial of service + From owner-svn-src-stable-9@freebsd.org Thu Jul 9 22:55:44 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E13E839E5; Thu, 9 Jul 2015 22:55:44 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B7ECC1BD3; Thu, 9 Jul 2015 22:55:44 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t69Mtiu2041404; Thu, 9 Jul 2015 22:55:44 GMT (envelope-from jamie@FreeBSD.org) Received: (from jamie@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t69MtiG8041402; Thu, 9 Jul 2015 22:55:44 GMT (envelope-from jamie@FreeBSD.org) Message-Id: <201507092255.t69MtiG8041402@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jamie set sender to jamie@FreeBSD.org using -f From: Jamie Gritton Date: Thu, 9 Jul 2015 22:55:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285343 - stable/9/lib/libjail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 22:55:45 -0000 Author: jamie Date: Thu Jul 9 22:55:43 2015 New Revision: 285343 URL: https://svnweb.freebsd.org/changeset/base/285343 Log: MFC r241197: Fix some memory allocation errors: * jail_setv will leak a parameter name if jailparam_import fails. * jailparam_all loses the jailparam pointer on realloc error (a clear freshman mistake). * If jailparam_init fails, the caller doesn't need to jailparam_free the buffer. That's not really clear, so set things to NULL allowing jailparam_free to work without error (though it's still not required). Modified: stable/9/lib/libjail/jail.c Directory Properties: stable/9/lib/libjail/ (props changed) Modified: stable/9/lib/libjail/jail.c ============================================================================== --- stable/9/lib/libjail/jail.c Thu Jul 9 22:46:28 2015 (r285342) +++ stable/9/lib/libjail/jail.c Thu Jul 9 22:55:43 2015 (r285343) @@ -85,19 +85,22 @@ jail_setv(int flags, ...) (void)va_arg(tap, char *); va_end(tap); jp = alloca(njp * sizeof(struct jailparam)); - for (njp = 0; (name = va_arg(ap, char *)) != NULL; njp++) { + for (njp = 0; (name = va_arg(ap, char *)) != NULL;) { value = va_arg(ap, char *); - if (jailparam_init(jp + njp, name) < 0 || - jailparam_import(jp + njp, value) < 0) { - jailparam_free(jp, njp); - va_end(ap); - return (-1); - } + if (jailparam_init(jp + njp, name) < 0) + goto error; + if (jailparam_import(jp + njp++, value) < 0) + goto error; } va_end(ap); jid = jailparam_set(jp, njp, flags); jailparam_free(jp, njp); return (jid); + + error: + jailparam_free(jp, njp); + va_end(ap); + return (-1); } /* @@ -195,7 +198,7 @@ jail_getv(int flags, ...) int jailparam_all(struct jailparam **jpp) { - struct jailparam *jp; + struct jailparam *jp, *tjp; size_t mlen1, mlen2, buflen; int njp, nlist; int mib1[CTL_MAXNAME], mib2[CTL_MAXNAME - 2]; @@ -242,11 +245,10 @@ jailparam_all(struct jailparam **jpp) /* Add the parameter to the list */ if (njp >= nlist) { nlist *= 2; - jp = realloc(jp, nlist * sizeof(*jp)); - if (jp == NULL) { - jailparam_free(jp, njp); - return (-1); - } + tjp = realloc(jp, nlist * sizeof(*jp)); + if (tjp == NULL) + goto error; + jp = tjp; } if (jailparam_init(jp + njp, buf + sizeof(SJPARAM)) < 0) goto error; @@ -277,6 +279,8 @@ jailparam_init(struct jailparam *jp, con } if (jailparam_type(jp) < 0) { jailparam_free(jp, 1); + jp->jp_name = NULL; + jp->jp_value = NULL; return (-1); } return (0); From owner-svn-src-stable-9@freebsd.org Thu Jul 9 23:10:01 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EABAD3B57; Thu, 9 Jul 2015 23:10:00 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DAC3FB; Thu, 9 Jul 2015 23:10:00 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t69NA08d047317; Thu, 9 Jul 2015 23:10:00 GMT (envelope-from jamie@FreeBSD.org) Received: (from jamie@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t69NA0Sg047306; Thu, 9 Jul 2015 23:10:00 GMT (envelope-from jamie@FreeBSD.org) Message-Id: <201507092310.t69NA0Sg047306@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jamie set sender to jamie@FreeBSD.org using -f From: Jamie Gritton Date: Thu, 9 Jul 2015 23:10:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285344 - stable/9/usr.sbin/jls X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 23:10:01 -0000 Author: jamie Date: Thu Jul 9 23:09:59 2015 New Revision: 285344 URL: https://svnweb.freebsd.org/changeset/base/285344 Log: MFC r279081: Allow parameters listed on the command line to override the -v option, instead of crashing. MFC r279083: Fix the logic for skipping parameters (with -s) that have "jailsys" parents (such as host.hostname); these were being skipped all the time. That it went this long without anyone noticing is a sign that this feature isn't actually used by anyone, but it's there so it might as well work. MFC r279123: Allow for parameters added with the JP_OPT flag to not exist. That's why the flag exists in the first place. Modified: stable/9/usr.sbin/jls/jls.8 stable/9/usr.sbin/jls/jls.c Directory Properties: stable/9/usr.sbin/jls/ (props changed) Modified: stable/9/usr.sbin/jls/jls.8 ============================================================================== --- stable/9/usr.sbin/jls/jls.8 Thu Jul 9 22:55:43 2015 (r285343) +++ stable/9/usr.sbin/jls/jls.8 Thu Jul 9 23:09:59 2015 (r285344) @@ -92,7 +92,8 @@ skipping read-only and unused parameters Implies .Fl nq . .It Fl v -Print a multiple-line summary per jail, with the following parameters: +Extend the standard display with a multiple-line summary per jail, +containing the following parameters: jail identifier (jid), hostname (host.hostname), path (path), jail name (name), jail state (dying), cpuset ID (cpuset), IP address(es) (ip4.addr and ip6.addr). Modified: stable/9/usr.sbin/jls/jls.c ============================================================================== --- stable/9/usr.sbin/jls/jls.c Thu Jul 9 22:55:43 2015 (r285343) +++ stable/9/usr.sbin/jls/jls.c Thu Jul 9 23:09:59 2015 (r285344) @@ -78,7 +78,7 @@ static void quoted_print(char *str); int main(int argc, char **argv) { - char *dot, *ep, *jname; + char *dot, *ep, *jname, *pname; int c, i, jflags, jid, lastjid, pflags, spc; jname = NULL; @@ -166,20 +166,23 @@ main(int argc, char **argv) JP_USER); add_param("path", NULL, (size_t)0, NULL, JP_USER); } - } else + } else { + pflags &= ~PRINT_VERBOSE; while (optind < argc) add_param(argv[optind++], NULL, (size_t)0, NULL, JP_USER); + } if (pflags & PRINT_SKIP) { /* Check for parameters with jailsys parents. */ for (i = 0; i < nparams; i++) { if ((params[i].jp_flags & JP_USER) && (dot = strchr(params[i].jp_name, '.'))) { - *dot = 0; - param_parent[i] = add_param(params[i].jp_name, + pname = alloca((dot - params[i].jp_name) + 1); + strlcpy(pname, params[i].jp_name, + (dot - params[i].jp_name) + 1); + param_parent[i] = add_param(pname, NULL, (size_t)0, NULL, JP_OPT); - *dot = '.'; } } } @@ -291,10 +294,8 @@ add_param(const char *name, void *value, param->jp_flags |= flags; return param - params; } - if (jailparam_init(param, name) < 0) - errx(1, "%s", jail_errmsg); - param->jp_flags = flags; - if ((value != NULL ? jailparam_import_raw(param, value, valuelen) + if (jailparam_init(param, name) < 0 || + (value != NULL ? jailparam_import_raw(param, value, valuelen) : jailparam_import(param, value)) < 0) { if (flags & JP_OPT) { nparams--; @@ -302,6 +303,7 @@ add_param(const char *name, void *value, } errx(1, "%s", jail_errmsg); } + param->jp_flags = flags; return param - params; } From owner-svn-src-stable-9@freebsd.org Thu Jul 9 23:40:30 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E88903FE2; Thu, 9 Jul 2015 23:40:30 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D8F74147; Thu, 9 Jul 2015 23:40:30 +0000 (UTC) (envelope-from jamie@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t69NeUQS062659; Thu, 9 Jul 2015 23:40:30 GMT (envelope-from jamie@FreeBSD.org) Received: (from jamie@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t69NeUnl062655; Thu, 9 Jul 2015 23:40:30 GMT (envelope-from jamie@FreeBSD.org) Message-Id: <201507092340.t69NeUnl062655@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: jamie set sender to jamie@FreeBSD.org using -f From: Jamie Gritton Date: Thu, 9 Jul 2015 23:40:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285345 - stable/9/usr.sbin/jail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Jul 2015 23:40:31 -0000 Author: jamie Date: Thu Jul 9 23:40:29 2015 New Revision: 285345 URL: https://svnweb.freebsd.org/changeset/base/285345 Log: MFC r241196: Move properly to the next parameter when jailparam_init fails (i.e. on an unknown parameter), to avoid freeing bogus pointers. MFC r256256 (partial): - Fix a minor bug in jail(8) which prevented it from returning false when jail -r failed. Modified: stable/9/usr.sbin/jail/config.c stable/9/usr.sbin/jail/jail.c Directory Properties: stable/9/usr.sbin/jail/ (props changed) Modified: stable/9/usr.sbin/jail/config.c ============================================================================== --- stable/9/usr.sbin/jail/config.c Thu Jul 9 23:09:59 2015 (r285344) +++ stable/9/usr.sbin/jail/config.c Thu Jul 9 23:40:29 2015 (r285345) @@ -688,6 +688,7 @@ import_params(struct cfjail *j) if (jailparam_init(jp, p->name) < 0) { error = -1; jail_warnx(j, "%s", jail_errmsg); + jp++; continue; } if (TAILQ_EMPTY(&p->val)) Modified: stable/9/usr.sbin/jail/jail.c ============================================================================== --- stable/9/usr.sbin/jail/jail.c Thu Jul 9 23:09:59 2015 (r285344) +++ stable/9/usr.sbin/jail/jail.c Thu Jul 9 23:40:29 2015 (r285345) @@ -470,10 +470,12 @@ main(int argc, char **argv) if (dep_check(j)) continue; if (j->jid < 0) { - if (!(j->flags & (JF_DEPEND | JF_WILD)) - && verbose >= 0) - jail_quoted_warnx(j, - "not found", NULL); + if (!(j->flags & (JF_DEPEND|JF_WILD))) { + if (verbose >= 0) + jail_quoted_warnx(j, + "not found", NULL); + failed(j); + } goto jail_remove_done; } j->comparam = stopcommands; From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:28:45 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F1FFB996991; Sat, 11 Jul 2015 03:28:44 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D5FB11A83; Sat, 11 Jul 2015 03:28:44 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3Si0m086839; Sat, 11 Jul 2015 03:28:44 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3SiCD086838; Sat, 11 Jul 2015 03:28:44 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110328.t6B3SiCD086838@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:28:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285367 - stable/9/lib/libsm X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:28:45 -0000 Author: gshapiro Date: Sat Jul 11 03:28:43 2015 New Revision: 285367 URL: https://svnweb.freebsd.org/changeset/base/285367 Log: MFC: libsm/path.c is about to disappear in the merge of sendmail 8.15.2. It is an empty file now so it is safe to remove before the merge. Modified: stable/9/lib/libsm/Makefile Directory Properties: stable/9/lib/libsm/ (props changed) Modified: stable/9/lib/libsm/Makefile ============================================================================== --- stable/9/lib/libsm/Makefile Sat Jul 11 03:12:34 2015 (r285366) +++ stable/9/lib/libsm/Makefile Sat Jul 11 03:28:43 2015 (r285367) @@ -29,7 +29,7 @@ SRCS+= assert.c debug.c errstring.c exc. smstdio.c snprintf.c sscanf.c stdio.c strio.c ungetc.c \ vasprintf.c vfprintf.c vfscanf.c vprintf.c vsnprintf.c \ wbuf.c wsetup.c string.c stringf.c \ - xtrap.c strto.c test.c path.c strcasecmp.c strrevcmp.c \ + xtrap.c strto.c test.c strcasecmp.c strrevcmp.c \ signal.c clock.c config.c sem.c shm.c mbdb.c strexit.c cf.c ldap.c \ niprop.c mpeix.c memstat.c util.c inet6_ntop.c CLEANFILES+=sm_os.h From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:32:14 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 21BEF996B5B; Sat, 11 Jul 2015 03:32:14 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10B4C1F25; Sat, 11 Jul 2015 03:32:14 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3WDPZ091049; Sat, 11 Jul 2015 03:32:13 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3WDwg091048; Sat, 11 Jul 2015 03:32:13 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110332.t6B3WDwg091048@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:32:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285369 - stable/9/usr.sbin/sendmail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:32:14 -0000 Author: gshapiro Date: Sat Jul 11 03:32:13 2015 New Revision: 285369 URL: https://svnweb.freebsd.org/changeset/base/285369 Log: By default, sendmail 8.15 uses uncompressed IPv6 addresses. Keep current FreeBSD 10 and earlier behavior of using compressed IPv6 addresses in configuration, maps, rulesets, etc. (FreeBSD 11 and later will use the new default of uncompressed IPv6 addresses.) Modified: stable/9/usr.sbin/sendmail/Makefile Modified: stable/9/usr.sbin/sendmail/Makefile ============================================================================== --- stable/9/usr.sbin/sendmail/Makefile Sat Jul 11 03:29:04 2015 (r285368) +++ stable/9/usr.sbin/sendmail/Makefile Sat Jul 11 03:32:13 2015 (r285369) @@ -40,7 +40,7 @@ CFLAGS+= -I${SMDIR} -I${SENDMAIL_DIR}/in CFLAGS+= ${DBMDEF} ${NIS} -DTCPWRAPPERS ${MAPS} .if ${MK_INET6_SUPPORT} != "no" -CFLAGS+= -DNETINET6 +CFLAGS+= -DNETINET6 -DIPV6_FULL=0 .endif WARNS?= 1 From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:34:42 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77979996C57; Sat, 11 Jul 2015 03:34:42 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6735D25A; Sat, 11 Jul 2015 03:34:42 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3YgCx091495; Sat, 11 Jul 2015 03:34:42 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3Ygvu091494; Sat, 11 Jul 2015 03:34:42 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110334.t6B3Ygvu091494@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:34:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285371 - stable/9/usr.sbin/sendmail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:34:42 -0000 Author: gshapiro Date: Sat Jul 11 03:34:41 2015 New Revision: 285371 URL: https://svnweb.freebsd.org/changeset/base/285371 Log: MFC: Temporarily disable WARNS while addressing a non-issue with the upstream code Modified: stable/9/usr.sbin/sendmail/Makefile Directory Properties: stable/9/usr.sbin/sendmail/ (props changed) Modified: stable/9/usr.sbin/sendmail/Makefile ============================================================================== --- stable/9/usr.sbin/sendmail/Makefile Sat Jul 11 03:32:22 2015 (r285370) +++ stable/9/usr.sbin/sendmail/Makefile Sat Jul 11 03:34:41 2015 (r285371) @@ -43,7 +43,7 @@ CFLAGS+= ${DBMDEF} ${NIS} -DTCPWRAPPERS CFLAGS+= -DNETINET6 -DIPV6_FULL=0 .endif -WARNS?= 1 +WARNS?= 0 DPADD= ${LIBUTIL} ${LIBWRAP} LDADD= -lutil -lwrap From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:42:06 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 77C91996ED7; Sat, 11 Jul 2015 03:42:06 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 64173AA5; Sat, 11 Jul 2015 03:42:06 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3g6hP096072; Sat, 11 Jul 2015 03:42:06 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3g2b4096052; Sat, 11 Jul 2015 03:42:02 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110342.t6B3g2b4096052@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:42:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285373 - in stable/9/contrib/sendmail: . cf cf/cf cf/feature cf/hack cf/m4 contrib doc/op editmap include/sendmail include/sm libmilter libmilter/docs libsm libsmdb makemap src X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:42:06 -0000 Author: gshapiro Date: Sat Jul 11 03:42:01 2015 New Revision: 285373 URL: https://svnweb.freebsd.org/changeset/base/285373 Log: MFC: Merge sendmail 8.15.2 Added: stable/9/contrib/sendmail/cf/feature/bcc.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/bcc.m4 stable/9/contrib/sendmail/cf/feature/nopercenthack.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/nopercenthack.m4 stable/9/contrib/sendmail/cf/feature/prefixmod.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/prefixmod.m4 stable/9/contrib/sendmail/cf/feature/tls_session_features.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/feature/tls_session_features.m4 stable/9/contrib/sendmail/cf/hack/xconnect.m4 - copied unchanged from r285229, head/contrib/sendmail/cf/hack/xconnect.m4 stable/9/contrib/sendmail/contrib/AuthRealm.p0 - copied unchanged from r285229, head/contrib/sendmail/contrib/AuthRealm.p0 Deleted: stable/9/contrib/sendmail/libsm/path.c Modified: stable/9/contrib/sendmail/CACerts stable/9/contrib/sendmail/FAQ stable/9/contrib/sendmail/INSTALL stable/9/contrib/sendmail/KNOWNBUGS stable/9/contrib/sendmail/PGPKEYS stable/9/contrib/sendmail/README stable/9/contrib/sendmail/RELEASE_NOTES stable/9/contrib/sendmail/cf/README stable/9/contrib/sendmail/cf/cf/Makefile stable/9/contrib/sendmail/cf/cf/submit.cf stable/9/contrib/sendmail/cf/cf/submit.mc stable/9/contrib/sendmail/cf/feature/block_bad_helo.m4 stable/9/contrib/sendmail/cf/feature/ldap_routing.m4 stable/9/contrib/sendmail/cf/m4/cfhead.m4 stable/9/contrib/sendmail/cf/m4/proto.m4 stable/9/contrib/sendmail/cf/m4/version.m4 stable/9/contrib/sendmail/doc/op/op.me stable/9/contrib/sendmail/editmap/editmap.c stable/9/contrib/sendmail/include/sendmail/sendmail.h stable/9/contrib/sendmail/include/sm/bdb.h stable/9/contrib/sendmail/include/sm/cdefs.h stable/9/contrib/sendmail/include/sm/conf.h stable/9/contrib/sendmail/include/sm/errstring.h stable/9/contrib/sendmail/include/sm/fdset.h stable/9/contrib/sendmail/libmilter/docs/smfi_setsymlist.html stable/9/contrib/sendmail/libmilter/engine.c stable/9/contrib/sendmail/libmilter/handler.c stable/9/contrib/sendmail/libmilter/listener.c stable/9/contrib/sendmail/libmilter/signal.c stable/9/contrib/sendmail/libmilter/smfi.c stable/9/contrib/sendmail/libmilter/worker.c stable/9/contrib/sendmail/libsm/Makefile.m4 stable/9/contrib/sendmail/libsm/errstring.c stable/9/contrib/sendmail/libsm/local.h stable/9/contrib/sendmail/libsm/mbdb.c stable/9/contrib/sendmail/libsm/refill.c stable/9/contrib/sendmail/libsm/stdio.c stable/9/contrib/sendmail/libsm/vfprintf.c stable/9/contrib/sendmail/libsmdb/smdb.c stable/9/contrib/sendmail/makemap/makemap.c stable/9/contrib/sendmail/src/README stable/9/contrib/sendmail/src/TRACEFLAGS stable/9/contrib/sendmail/src/TUNING stable/9/contrib/sendmail/src/bf.c stable/9/contrib/sendmail/src/collect.c stable/9/contrib/sendmail/src/conf.c stable/9/contrib/sendmail/src/daemon.c stable/9/contrib/sendmail/src/deliver.c stable/9/contrib/sendmail/src/envelope.c stable/9/contrib/sendmail/src/err.c stable/9/contrib/sendmail/src/headers.c stable/9/contrib/sendmail/src/main.c stable/9/contrib/sendmail/src/map.c stable/9/contrib/sendmail/src/mci.c stable/9/contrib/sendmail/src/milter.c stable/9/contrib/sendmail/src/parseaddr.c stable/9/contrib/sendmail/src/queue.c stable/9/contrib/sendmail/src/readcf.c stable/9/contrib/sendmail/src/recipient.c stable/9/contrib/sendmail/src/savemail.c stable/9/contrib/sendmail/src/sendmail.8 stable/9/contrib/sendmail/src/sendmail.h stable/9/contrib/sendmail/src/sfsasl.c stable/9/contrib/sendmail/src/sm_resolve.c stable/9/contrib/sendmail/src/srvrsmtp.c stable/9/contrib/sendmail/src/tls.c stable/9/contrib/sendmail/src/usersmtp.c stable/9/contrib/sendmail/src/util.c stable/9/contrib/sendmail/src/version.c Directory Properties: stable/9/contrib/sendmail/ (props changed) Modified: stable/9/contrib/sendmail/CACerts ============================================================================== --- stable/9/contrib/sendmail/CACerts Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/CACerts Sat Jul 11 03:42:01 2015 (r285373) @@ -10,6 +10,102 @@ Certificate: Data: Version: 3 (0x2) Serial Number: + 92:91:67:de:e0:ef:2c:e4 + Signature Algorithm: sha1WithRSAEncryption + Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + Validity + Not Before: Mar 2 19:15:29 2015 GMT + Not After : Mar 1 19:15:29 2018 GMT + Subject: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:b9:1a:a1:56:ce:cb:16:af:4f:96:ba:2a:70:31: + 70:d3:86:6c:7a:46:26:47:42:3f:de:49:57:3e:08: + 1e:10:25:bf:06:8f:ca:fd:f4:5e:6a:01:7d:31:4d: + 50:88:18:43:71:66:65:42:9c:90:97:0d:95:f2:14: + ef:d7:5e:77:ef:7d:b5:49:3f:02:bb:83:20:f7:e6: + fc:9a:cd:13:df:60:41:28:8e:39:07:a6:a4:40:98: + 15:1e:46:b6:04:2e:f9:ab:32:d1:8b:fe:52:81:f1: + d2:e1:c3:cf:bf:ab:40:a7:f0:e4:e5:a2:82:37:30: + 8c:10:7d:aa:a8:7c:7e:76:cc:5f:1a:24:d0:8c:94: + f6:f2:7f:4a:be:2f:38:67:c0:06:e6:9e:51:ad:55: + d0:cb:26:71:cf:f4:af:7d:5a:41:81:16:fb:26:ec: + f0:35:01:6e:db:f9:e9:00:d7:d0:89:7b:cf:88:16: + 8b:1c:8f:77:1f:5d:ef:70:04:28:76:c5:1b:c6:23: + 8d:49:6b:f0:b8:21:56:d6:7d:68:6c:be:21:e3:e6: + e3:1d:6f:a5:ea:dc:83:e4:27:b3:6f:5f:1b:3d:33: + a1:d5:d3:f0:73:1a:12:eb:d9:95:00:71:59:16:b4: + e4:60:38:b2:2e:7f:b7:d4:c5:e9:3f:74:e4:48:38: + 29:89 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 + X509v3 Authority Key Identifier: + keyid:B1:69:DB:5E:9B:CE:1A:B4:1D:B2:6A:FC:5A:22:97:B6:24:14:6F:32 + DirName:/C=US/ST=California/L=Berkeley/O=Endmail Org/OU=MTA/CN=Claus Assmann CA RSA 2015/emailAddress=ca+ca-rsa2015@esmtp.org + serial:92:91:67:DE:E0:EF:2C:E4 + + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + email:ca+ca-rsa2015@esmtp.org + X509v3 Issuer Alternative Name: + email:ca+ca-rsa2015@esmtp.org + Signature Algorithm: sha1WithRSAEncryption + 0a:ce:07:39:77:08:c5:3a:00:04:e8:a0:3b:f7:d2:4c:79:02: + 23:0b:da:c0:55:39:82:71:0a:0c:83:e2:de:f2:3b:fe:23:bc: + 9b:13:34:d1:29:0a:16:3f:01:7d:9f:fb:4b:aa:12:dc:3b:7e: + b9:27:7b:ec:0c:3f:c0:d9:f5:d8:a8:a1:9c:1c:3a:2f:40:df: + 27:1a:1a:a0:74:00:19:b7:82:0e:f9:45:86:bf:32:da:0e:72: + 0a:4c:2c:39:21:63:c3:1f:61:6e:e2:4d:ba:7a:26:1a:15:ce: + b1:f6:1a:59:04:70:ed:e8:72:05:4c:fc:84:c6:a5:f4:e2:4a: + 40:e4:42:70:87:9a:a7:02:26:3a:47:34:09:e0:7b:88:ca:fb: + 99:d9:9b:bb:0c:52:8a:93:d5:59:30:0b:55:42:b4:bb:d2:b1: + 49:55:81:a4:70:a0:49:19:f2:4f:61:94:af:e9:d7:62:68:65: + 97:67:00:26:b8:9b:b2:2c:d0:2c:83:7d:3e:b3:31:73:b9:55: + 49:53:fa:a3:ad:1b:02:67:08:9e:ce:9e:eb:9f:47:0d:6c:95: + e9:6c:30:92:c1:94:67:ad:d9:e3:b9:61:ea:a9:72:98:81:3a: + 62:80:70:20:9a:3e:c4:1f:6f:bd:b4:00:ec:b1:fe:71:da:91: + 15:89:f7:8f +-----BEGIN CERTIFICATE----- +MIIFJzCCBA+gAwIBAgIJAJKRZ97g7yzkMA0GCSqGSIb3DQEBBQUAMIGlMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTERMA8GA1UEBwwIQmVya2VsZXkx +FDASBgNVBAoMC0VuZG1haWwgT3JnMQwwCgYDVQQLDANNVEExIjAgBgNVBAMMGUNs +YXVzIEFzc21hbm4gQ0EgUlNBIDIwMTUxJjAkBgkqhkiG9w0BCQEWF2NhK2NhLXJz +YTIwMTVAZXNtdHAub3JnMB4XDTE1MDMwMjE5MTUyOVoXDTE4MDMwMTE5MTUyOVow +gaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMREwDwYDVQQHDAhC +ZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAKBgNVBAsMA01UQTEiMCAG +A1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEmMCQGCSqGSIb3DQEJARYX +Y2ErY2EtcnNhMjAxNUBlc210cC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQC5GqFWzssWr0+WuipwMXDThmx6RiZHQj/eSVc+CB4QJb8Gj8r99F5q +AX0xTVCIGENxZmVCnJCXDZXyFO/XXnfvfbVJPwK7gyD35vyazRPfYEEojjkHpqRA +mBUeRrYELvmrMtGL/lKB8dLhw8+/q0Cn8OTlooI3MIwQfaqofH52zF8aJNCMlPby +f0q+LzhnwAbmnlGtVdDLJnHP9K99WkGBFvsm7PA1AW7b+ekA19CJe8+IFoscj3cf +Xe9wBCh2xRvGI41Ja/C4IVbWfWhsviHj5uMdb6Xq3IPkJ7NvXxs9M6HV0/BzGhLr +2ZUAcVkWtORgOLIuf7fUxek/dORIOCmJAgMBAAGjggFWMIIBUjAdBgNVHQ4EFgQU +sWnbXpvOGrQdsmr8WiKXtiQUbzIwgdoGA1UdIwSB0jCBz4AUsWnbXpvOGrQdsmr8 +WiKXtiQUbzKhgaukgagwgaUxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9y +bmlhMREwDwYDVQQHDAhCZXJrZWxleTEUMBIGA1UECgwLRW5kbWFpbCBPcmcxDDAK +BgNVBAsMA01UQTEiMCAGA1UEAwwZQ2xhdXMgQXNzbWFubiBDQSBSU0EgMjAxNTEm +MCQGCSqGSIb3DQEJARYXY2ErY2EtcnNhMjAxNUBlc210cC5vcmeCCQCSkWfe4O8s +5DAMBgNVHRMEBTADAQH/MCIGA1UdEQQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAu +b3JnMCIGA1UdEgQbMBmBF2NhK2NhLXJzYTIwMTVAZXNtdHAub3JnMA0GCSqGSIb3 +DQEBBQUAA4IBAQAKzgc5dwjFOgAE6KA799JMeQIjC9rAVTmCcQoMg+Le8jv+I7yb +EzTRKQoWPwF9n/tLqhLcO365J3vsDD/A2fXYqKGcHDovQN8nGhqgdAAZt4IO+UWG +vzLaDnIKTCw5IWPDH2Fu4k26eiYaFc6x9hpZBHDt6HIFTPyExqX04kpA5EJwh5qn +AiY6RzQJ4HuIyvuZ2Zu7DFKKk9VZMAtVQrS70rFJVYGkcKBJGfJPYZSv6ddiaGWX +ZwAmuJuyLNAsg30+szFzuVVJU/qjrRsCZwiezp7rn0cNbJXpbDCSwZRnrdnjuWHq +qXKYgTpigHAgmj7EH2+9tADssf5x2pEVifeP +-----END CERTIFICATE----- + + +Certificate: + Data: + Version: 3 (0x2) + Serial Number: f1:41:b3:3d:ba:bd:33:49 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=California, L=Berkeley, O=Endmail Org, OU=MTA, CN=Claus Assmann CA RSA 2012/emailAddress=ca+ca-rsa2012@esmtp.org Modified: stable/9/contrib/sendmail/FAQ ============================================================================== --- stable/9/contrib/sendmail/FAQ Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/FAQ Sat Jul 11 03:42:01 2015 (r285373) @@ -1,8 +1,4 @@ The FAQ is no longer maintained with the sendmail release. It is available at http://www.sendmail.org/faq/ . -A plain-text version of the questions only, with URLs referring to -the answers, is posted to comp.mail.sendmail on the 10th and 25th -of each month. - -$Revision: 8.24 $, Last updated $Date: 1999-02-07 03:21:03 $ +$Revision: 8.25 $, Last updated $Date: 2014-01-27 12:49:52 $ Modified: stable/9/contrib/sendmail/INSTALL ============================================================================== --- stable/9/contrib/sendmail/INSTALL Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/INSTALL Sat Jul 11 03:42:01 2015 (r285373) @@ -28,8 +28,9 @@ sendmail/SECURITY for more installation /etc/mail/submit.cf. This can be done in the cf/cf by using "sh ./Build install-cf". - Please read sendmail/SECURITY before continuing; you have to create a - new user smmsp and a new group smmsp for the default installation. + Please read sendmail/SECURITY before continuing; you may have to create + a new user smmsp and a new group smmsp for the default installation + if you are updating from a really old version. Then install the sendmail binary built in step 3 by cd-ing back to sendmail/ and running "sh ./Build install". Modified: stable/9/contrib/sendmail/KNOWNBUGS ============================================================================== --- stable/9/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/KNOWNBUGS Sat Jul 11 03:42:01 2015 (r285373) @@ -62,9 +62,9 @@ This list is not guaranteed to be comple libmilter and hence the communication fails. This can be avoided by increasing the constant MILTER_CHUNK_SIZE in include/libmilter/mfdef.h and recompiling sendmail, libmilter, and - all (statically linked) milters (or by using an undocumented compile - time option: _FFR_MAXDATASIZE; you have to read the source code in - order to use this properly). + all (statically linked) milters (or by using undocumented compile + time options: _FFR_MAXDATASIZE/_FFR_MDS_NEGOTIATE; you have to + read the source code in order to use these properly). * Sender addresses whose domain part cause a temporary A record lookup failure but have a valid MX record will be temporarily rejected in @@ -102,6 +102,11 @@ Kresolve sequence dnsmx canon Header addresses that have the \231 character (and possibly others in the range \201 - \237) behave in odd and usually unexpected ways. +* AuthRealm for Cyrus SASL may not work as expected. The man page + and the actual usage for sasl_server_new() seem to differ. + Feedback for the "correct" usage is welcome, a patch to match + the description of the man page is in contrib/AuthRealm.p0. + * accept() problem on SVR4. Apparently, the sendmail daemon loop (doing accept()s on the network) @@ -252,7 +257,7 @@ Kresolve sequence dnsmx canon * Race condition for delivery to set-user-ID files - Sendmail will deliver to a fail if the file is owned by the DefaultUser + Sendmail will deliver to a file if the file is owned by the DefaultUser or has the set-user-ID bit set. Unfortunately, some systems clear that bit when a file is modified. Sendmail compensates by resetting the file mode back to it's original settings. Unfortunately, there's still a Modified: stable/9/contrib/sendmail/PGPKEYS ============================================================================== --- stable/9/contrib/sendmail/PGPKEYS Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/PGPKEYS Sat Jul 11 03:42:01 2015 (r285373) @@ -141,6 +141,185 @@ gpExpdV7qPrw9k01j5rod5PjZlG8zV0= =SR28 -----END PGP PUBLIC KEY BLOCK----- + +pub 2048R/0xAAF5B5DE05BDCC53 2015-01-02 +fingerprint: 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53 +uid Sendmail Signing Key/2015 + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mQENBFSl4rQBCADRCzgFSJkzyoOHw9/9L/+G3mzA1fWR7TgCE0WxGX7PDzyLDaUS +a4XpCDtadjXyr7c5YPo1T7ybxUH39yvUgEHBiPQDssik+bbpOiHL7V0sUDAYfKSq +YC8/MG42Oj/zd+0WUhnI+RckFYPBNDQ+sZC6ErLDxCYDZMYhG4vhJOGqAKpglNTb +w4Fdx4LNmL3e4t3z4IEtnzAqeGVxIZm8MGGFhKkb8ufpgh8Jiz4Q6cOis0ZD9K6f +LvMPRJXSBy9jBtmS2oI2e9Q5LLhmzd1PVyA8jwAlK0QfJLmlRrgRUfHFKhkf+EuW +tTi592OYCZ9bw7QVSiGVQUK+7VACfM+FQR81ABEBAAG0MVNlbmRtYWlsIFNpZ25p +bmcgS2V5LzIwMTUgPHNlbmRtYWlsQFNlbmRtYWlsLk9SRz6JATgEEwECACIFAlSl +4rQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEKr1td4FvcxTTPMH/29J +kNmt6EGNo/eLQySB8HTenfJjZaQxwPRhq22kWgr/7WP1BR2411bopyNk4IZ0rcDr +tnyeJj4UWKJljVuXyTDQPtU8uUlgiOT8QiHEbge7MOzxrn0cy6KIOgKq+vtuxa28 +McaxjENR7XVIDFkesQ7P/yLkcCjlE6jaD4r9OIKpqEVMPs1WUFff+rsgTo7mdcgR +QowQOgYqNil5awQ5Y2Gol71hZ6oRcpqMwSd6w4dEEx2U8rF8oqJuoxeUTgNCSv0n +iFtewLznocmxlrxe1mQAeLfRmUAG4LSL6p5wx1lRjJA3gtyWRjY0404jGxkATLG4 +AtK2OkHj8MbrWLP7PKyJARwEEAECAAYFAlSl5AQACgkQYd4R7OJ2OnPHXAf/Y6Rk +rROF45+SgbsEIiDXQBcBOoO1GKe0nFTc1jfAKUHAQ94fqcDxNeFRA9fNIA2d7XNI +0Lw6W7X3RcEkF58xytIe/Y+EXDmOt/BUbpch9KIz6J9pqBhPdyHvG+ZeyA3A+TGT +ZGnnnAxNFtCjt2IID9lzZSLuWhH8+DNC2Vp15NngDTa1VIk17n5iIvi7r3V5cdIE +MblKLGm+ZaiTeccVLjwMKIUSgrLP87+yF/aaZH2kotuI7f3tD1ycN0sVZJxcFS+c +GFw7uvOarDBSm0Q/FgfhDUOJLy4w5SqVmgPEIAeogz94q0JXxSSr1XWQBD8X9XwF +f3+dPXmgMHXLGRWclYkBHAQQAQIABgUCVKXkPAAKCRA9aLJdUgfK08cnB/96BV+v +xyBx35TPg8eI/WIskdQAIpCQsm6FoO1ejbMzfWn9bImCewOp1UMlowdfQC52Hdp8 +EXnuwCpJ3rtnZctRld5dNM/clbZ+r3lr78wX7hqPUajlvxe+TMpyZbJirLn1f5Ba +yoysE4oICfzJivPfixZd7oFVr9EkftbatYenl0rgf/0lJTKRDIqNGezeeyfxaKdX +qd545wqis7PrrXDOrEq815aosG09KQBhIoPgti2us1R95nSm9z6dVCY/nSDOxL+a +Vyq/XD5KSUqbZVocY+fbR3dNX5haTvawuG0GPvl+YvYb2lW4hhi7Q4aUL7Dd4c9c +vk5+WAvfJwHtbxrgiQEcBBABAgAGBQJUpeREAAoJEI5a6fvO7vQ7OWUH/2NNxhlI +JEtvD+Nj2oPGgVQJrlFI1pbzyMCtD+6iy8Lfnp2DK+qKPMjBw96LUqcXC32VFPQr +17iyZDv26MSb/acmdIfTPpPTwJ6zEmMI8mXradeuoiWxeVHSg7n+D3u0xtikmb9Y +uRKv0yx43fcL70bqV5DzyXQte0chfRnOiwMrImWdgDekkmxE9udbtgK24rifNVGa +TBB6eHJAsFVu5Y38hsZLe10bCKyUCqT6Qywfy3RCMpXYeo6fXOk0fKatG2oi3CZp +LI+AnjmAJ0t2oMkrwUxogkK3LkShJT/aJYIR24eZm0GdzwRHZxXKClGFvdJslIea +TKHSXNK41eEIfreJARwEEAECAAYFAlSl5EgACgkQOaTHfal4hLAXfwf+M0YmlHd4 +1sfvckYhOYf99n1BGnfQx5RJn+X+EBjGyOfPKMBPQuZIlwAI20T+cFnR3WmgrmlO +IBG8qVcSDoValzNPcr0V3WGDrT75fYhf5iYj2ZsZDBUqE1VF3dAVUw40x2c1n+98 +7lbq3NtolSPYk07h5rhEhmkjdNcixv/exVCTGVwaT4X9ZHY8heETmF5tsCtPavpr +i/DjcDQQQ0sQ8um1eX41j2bhrN4MERUC5oadvSULaA2QUoWgCrzVG8zx715Au77N +jLtfA31hJI0GP/dpSREaYlqA0nwVDR5tz1TyTNwPN1ylxjQmjKXtJwx3jUtlT9Zh +qxRf+ngYHpWArokBHAQQAQIABgUCVKXkTAAKCRBgTfvyhUEKvl11B/9aYJBEEQZp +JWAT6HPmQK//i2x4y1euQfaHsjqJALvvPrgiTp/ZE3o6dKHhs+SbawsB57RtootN +maQr7x2drvBojWhJJdaouAh345qOfZYb0bD9klkr6W+Mjl5T0xWIKFEyIZn0Tcbr +8ekHgSIx2trL8LduSJou2bdPMh46PORzEpuQQ4IAyV0uRyBdNFOPwTy2OdXs51fr +M7lp1hJp84+y2a6z3vz3VCs2A9LzlnXKZ6bXljpd5dQfrmrSNXltPKA3jVLkWi8+ +rh9f1rAGsj1e6N1aVF2uJ1Y3u+U0XQ/dwa1vDF3y4KVObxYM9eNGbF4J8lGkUy2a +gZ1s1X8QzEDUiJwEEAECAAYFAlSl5FAACgkQEolum6d/JCmUSQP+KEz6xSvPSbFP +Hip4JiX1Wbvd+t3TyL0u9Fv/POwUrFIHVpTkCwOz6jsBH3TdGGiYOP5F8k/US2jU +3WB0J1mK5Rn3GwLhUGNTEeuaJZCuKE+j3qwMFmDqC/2IxEvlWtrIbTqkgf7cRv/O +O7VNv+EL0axtsrOcwZlUWe6Lc4571oaInAQQAQIABgUCVKXkUwAKCRDYqvDK9rMH +KX7xBACUFTBRCmboY/GRTHMZW1DGfcO2vMxwnYKqWomuzi/YonDCWtoTpeMDaAhY +NnIchC1mlYteIE94/+ZsoYsZeaR3fe7CN6h/deBu4tW/dQ+TW1ZPF6EuVhoviKgz +rd3rb+gcS0f0PgSPyg5LGtoMGMD9/gx1NJOTFec83jmBI95Gb4icBBABAgAGBQJU +peRXAAoJEJdDARhwk7hBAUED/0oyeD2Z4wMQ6IQEprOAWbR+vIRzaThemmCGobRw +UlM44nUXqKSM1+naLEVz/JzBuKWG00zTz6Su3NesWoFzDDUGYcIJggbOm39Pc+V8 +eXV86An64/v3P6gypJc+q9P+FFGGO884wFmYN634Mi4SDBVFUzffcghueAFcxtzt +0mH5iJwEEAECAAYFAlSl5FoACgkQHnuzyK+VliVGdwP/fmdK9MdWIzPD/6eYm6JZ +zbksaGWiqpwgp9IEr/OhSmGkXuwUsP35PFJ8FsJbEV5x/y6pP3UNp6EFRN/116ue +jp5vVM7nnj2K3V8f85J4dXCRbv+kek+Ufo1Qzm5kgvRuBxX1sXpxFX6yBM0Y6WuV +gszdbTVNlS04q6bnPFE9L4uInAQQAQIABgUCVKXkXgAKCRBwoCRNHvmSUZ/7A/9W +yQJrrdrs2SuYtoxov/pL/TVMejbnxsF8Y0dRtM/KiquP57PMQSmLqy4fTRzAMHBv +XK1aKfewTVfGKLcHIzfMfv2XcPpWfwcyMeZKtcSr25lWl9GJZP221rCok76XYwqk +BPPp0pjSwdy0Qq4sd3N3ESZmqAMWJ7ouMmlQ7VWReYicBBABAgAGBQJUpeRhAAoJ +EMjV7SmV9hdxLv0EALX3yjI2KDNG1mo5ctCSYlIlhXHQ6csHuUK9lzj9R1gVEzDU +0dEZH0+a5UXh5xf8nyTDLytUe8PxTtPit3AOP6TvTJlANULh/3MKS6317RwUe2e0 +OitWbhQAOYfpYAkSdXZACzPacxrefkxmSM3Pq+SYoumZTI2N6AvVu8MeCS0GiJwE +EAECAAYFAlSl5GQACgkQIYPhsTlvB4mWJgP/XAlvlBityADJkdN+3mp/OtdYzw04 ++dBdNtmLqWUiMZg6rPPHUQi7dfBKi95FFe2U8hxSRk8oLzSzmh/M/CP72mxKh4pi +PbmEkmKHYlNdyfCCNqXdjkBXFAKXAes/4DaBlZwvLjPtrupEaW2eYdU8cSrdeGuv +1PMLRPxRr3nPCb+InAQQAQIABgUCVKXkaAAKCRCJaWK4Z4wKA3ZVA/4iYD+xrYv0 +8I+0GZJRdEL5f7T97a7Vtf5xSxUhHDww4xC9gs8LzEGWZXoNaZEVl4j+63EnCIbY +o4g+c4m81D5NWFqeJWhWpcyvejo9hfGM3ZK/XbiF+ZTzznU5YJclGaZ7t8TY8gcx +GSWxUzxBJQcSEzAKKi286ielMAXocNx10oicBBABAgAGBQJUpeRrAAoJEDgi20fM +N08tDkwD/2F5j5irsDw+MQyLKpfPv3GRJ5J3ebOPpLQkQ5T34+qeIw4LkcXW9OJA +ohW47JLb7R8zwAlUoqmmNXtxTM0r0FlTYGPOVEnSEkMqqa3KR68B3jWAGXXdqig9 +yBxYRleawQ4ltnegBn8q7gC4MwnIAZxzK+Y8cM0Rk/FjC9+NhwrviJwEEAECAAYF +AlSl5G8ACgkQnBy94uNcVjUfvgQAlQijnoE3de1CanB0JqIN+h+XOLOpalFti+B7 +Swc2ZlnlQ9mofYPK5UHlbsiC7/TilD6xm4YEFKim9sOIMi8FNka8+EH+/d1DmS4M +qVPDssxTG6VOzn7tYOuC9qIw15IpfbHW2bk/YIImwP9nViKCMLIGw+ZgK+uiRQx9 +fT8O1NqInAQQAQIABgUCVKXkcgAKCRBvUpPYo5umVYKeA/9n63K1nF3DNY3Hckvz +tN8OrPmyCIOh+7t4sc5NHhTK0+BQTv+cgG6ig7K2cdI6VBAovs/c/u7+RrcMhp7l +45AVnycfKcNaMHKFyMHDk9FZgpRG/bv1zwDxdh+scUc3IekqkSiQ2wTjDQ5Q/BMK +L5zfOSnTOoltWjpVgsjdM75Ol4icBBABAgAGBQJUpeR2AAoJEO9YlmTUMuGd8R0D +/3mhriMu/cp3DXHnlDykqLJI1q5K4xCHOWwFYZ8DxW116AVjluJYYW1HmWcJrjK3 +cwuN3FUcsIjafanIJWCsdeZaPAyFEfUBEW0YXIIpBXRw2N7jNtrd5X6Zjptd+zW+ +4dUzvT1pqVtdPHjova3fcGLSmcdZYbddotaGi7xi7kXviJwEEAECAAYFAlSl5HoA +CgkQwZwdJRLTRh0iwwP/Y/pwp9ttAMuQUz6oH71BTkUrzu9LiI7vhrYxEquFdzCO +dE4jBNB3LGfwzjhJRtjmQ/gVhjXWWrDYnOXt3gNxb9KzmTHmSDu65cBxX54Un0pZ ++MXjjWOT2l8+GA1lXeICIoZjJL88/zEZAiaH67ch2LEix1fOaJmXJzUSmP1pR3KI +nAQQAQIABgUCVKXkfgAKCRDAKcpAFvTM6XVwA/9Eb+Dwn2lmEFFo64gj8ocpWzP8 +/sD86PP5KkZ+b/HQnGB3lsQTwsGytDvJfutLDa05sS/HWZ9wXPltX/G3omp/A1G5 +qEKzVSe0vEWedpf9wn82Ll6hzaiS5qX7r0+FpyUjY8arNrze5S4Q6Q2kjl8YduXl +wG877igRHkGpAtApxYhGBBARAgAGBQJUpeSHAAoJEBj1A4AkwngCRCMAnjHfd5db +KK6DJxrWVnEbyXs/QJGKAJsErKkiUX55B8k/P3cyzyXIaOujBYicBBABAgAGBQJU +peSOAAoJEHxLZ22gDhVjCDQD/j7DE5wyhpjHrtf0hsQcaQoVHWZb2JTLZUMRAQyj +zKMTSs0GslamlxLZmyV1HqkB+41zuJeBQtRV4gjqa5DQmWDRC2mHl7o9A40v4SDa +O1jmfU5hfJSMecucPyEcfaAG4BIMvBo6TL484uHBi45SN4Ik3f2wc6D1XOluD1vB +gIwpiJwEEAECAAYFAlSl5JMACgkQ1uCh/k++Kt2s6gP/RNcMKtx4u61vz+Aji/Fa +H9q03JxQaRgmN1q2AvZQ/NTWTXU7Y5GnH4kW/8rOoUQiR+agJsvTt4ciM+y33pZ/ +ZZLkAuo0uKelEHhdQhtRbSktKBHSgDWbiqaJJIxazeLpxcSgaoM6RW/7aIFdMtEl +ALAzTACYlTN/nKWWICn8GnGIRgQQEQIABgUCVKXkmAAKCRAh+cW892qb9aWOAKCg +aznvUX8PIvKPzoHld39xWlJ+FgCg76wrEc1h9IiIgUoqH5NWVCxcHneInAQQAQIA +BgUCVKXkngAKCRC92o/WP+p9/ancA/0Z4JHZT7NRBMr47zQvSwE4eLpSE5QDGXi7 +RNmOUgZxrxsFWRZLJCVupXDBQVZEhOBRZYqXPw1eDglOU952oj5OjaHsYnSEu7jz +VUwlp2BxZQ3mnepdUcQz1A3k2cPZ0I6KFP9hP88GU+77nubB7IqRH/Q3QKMgO0eW +yd5kYugyYYkBHAQQAQIABgUCVKXkpwAKCRC9J20ub8+ohR46CADMEvAns+L+BkVN +d9INsiR1rONrNRPT6w4dnBeTLaykkuMjc6+7s+UuXm6AMAelI28pG+fJyt/lZAGx +QLS9zFgREge0lVbOZVeAYeC1YyFsrJE4Lr2quq3fajj23tnsHmCv16znMHrh/E1m +Udm4145NprijrZn+PsjuVWYV+pxiLpLM0YBdGNwCEMi/KCQ1fcaiAZZWSqLmHIe0 +ubWDdqq8/5JRQ22SEnqP2FT/lfOmKTxMNmE0uEr4+C4fG2nd38BvzpHu9eN/4Nwx +IwzK5DhbAj+I57+VDncgkNGe1q4QY/5LaZQh/nHIcmX1ln23f9Lxkr6EYYZ1ptq+ +A8buvD+XiQEcBBABAgAGBQJUp+zrAAoJEBCQryClqlvm6AgIAKAR8HY4G9AD2jDb +ouS4Al4QICagwQ0Y7Rc2/fHyPQEAP714EimakPFVFDbSD6SW569Qtdxr+ggH4wFI +bzd21pCgIUC6nVoDotIjplMdYkNfq8AODpxn3HTBnNQ7e609xnWxFo/+httKoWok +fEP9qZk4MJq7lE75iX+wohjLwoF6v0tCB8CrBFJcfKrDvXQSGvKiaEp4g0sEfyXv +gL6X0xKMflupofdnFLJliV0WqGhBOGUghPdLsA02E3e1utj6WABmudMytRxWB8is +SWGaywaEKLSdCgi+XlQVypKeWNMbZZZcftVZ91r4iNTAkw4cv5Wea+YnngfurGCq +J/jUq7aJAiIEEgEKAAwFAlSn7r4FgweGH4AACgkQZhs61tgqu9C9Aw/+JMTXzwni +NPwBxkbcNWbnWODVEElmDloHNpr3z+ryF1XNgbiOY8dn7uwRnPoeCDhIDwvNkK+x +h4xmjH0970v1ltbzcZv0wnK6UeHQssqN9NGsXM9rbodYRIam4yxbwd1ddOC9QZFM +ToRVWiqCzGOVYL50a24OYKClGjm4ncRznXJrNwYMEjxQ3j5FOkXIn0096z3szWCY +6yDpPzOsl2TPwdjMKZWoMEDh/SvY3AxAXo1XqDCj2/+C8dDwO7kn+QAl3fUGmkI6 +dUHCAJm/WtSyvINdphzhZ1ZdkPhqDUKcR0JTX03QJ6bnu5vmmOncWm2NA7rP74fq +KE9XzT808xP0GBwR1co7Eq+/751j2TA33JSlt/hIgi5aEWc4laCingJ02yaW8tUS +DCoVNITaXcF/B47hjBgovQk8TOTsQ0nkSYvOoh05OYBmzl17G57QuPx1stRJ29QA +VLGem1v1mXAuNdHH0kNE+/Rv0A2vGqauLx9ba84RfbXMM4SJw8CjhX6OxhAM8xoU +tO6T56XZS8qLtWLkNQNZNdNlAo6tYk/cTrjdX1M63nYjoVbuc0nic6Wp+dQk/DEb +wsiIpFoisvMK6EH49v70/c9Gtg6rk5z2yBHMZsjo2Y0TheTKwKIUEz0MuTncH8jD +yB/NtQkrbiBdEqRJUoKKUtS0B4cUYTUyd+SJAhwEEAEKAAYFAlSn8agACgkQ8Ar2 +6sJF0gs2yA//cgc+g1wPRFzJeQGv5UFR3TCAMtS+/bzY3UU/eG2Jmbv2qwPbn+kx +RH5dYlZ72VHXEggBaEweCBrBWsweX5dGEMNDLNlI9ArAjjhBAZFFUQKj55EzIZpp +YTbvgxOD2ENKU2HfeQYCGFYZr3L2DXQ1k0U7VnaElBQV3o88CMi7bIsQq2aWk+c6 +Cy15UVr0niVLm95EUZM4yYm2gOGJXUeaGIExSBtiwuzvAiDEGaqfPGAi1ePkNmLJ +3UzYfgiQumSh1kDVlQkCc8UQiF6ckEma618cmmaHs5vZvHsTX5O2/qPkLpXunA/7 +5yM/Jde8a5VbNGWyZ4rmstlWR5rPd7r3uP85miHn7Arait3aGo8RQeAHzOdTvMqS +n3oCotQlOvBhOo7qA8oYQVlU0+77gOfZZeEXDZG13lU95ptFhdsGstIQH67jPQ6z +TpVnd28ip92ysrwvxPhOzO74yKcYoKtzwLctcvptlKTkrFMHP3wJwqbaSfJGK4JE +rjT8WnnWyHY465nTDN9AKkoH4WQNozniWX8OkF3CpPj7ow8roFXlPOxXH4QsaQu3 +Kk31APn/A925d4xyYuWYHZ7A/FzsHafFHPMoG3iwZyuFhfl1UXVvEd8w9mEcxXoh +2iCy87TdpesG0GDzSmWwEYEPkg20BD2+vdc0EekALDjAGM+lfBxN67KIRgQQEQIA +BgUCVKgM0gAKCRAJp6JK0eWCB94UAJ98O6S6r1hFnCLrbU3GeqrA4DCtBQCfcza/ +WoVLc3/+bOf1jzjJ/eJ20IyJAiIEEwEKAAwFAlSoCRMFgweGH4AACgkQhS2G+DXA +JIrWURAAvgl1LkqB9pRPViK1U+xa3b5zt0O/fLbov59aLhA4uPJ10BgaKptflLim +aE2EsS4Mnk0DQgGEBjlywJ5Ft3aMk3vbRz7lDE3zQ3oWa7+N4fcG7WWsAxmh0NtX +Ak7orN6rQcyGgWgpF7wOau79i4VO7oLHKeS7QNs7X59CW+k64TAJabxi74PRoVMz +843qWPjsuFIYM7n/nF0vdECwhSE8zUgcYG2n5CdA0Lq7XRE+II11VOT2XEXFMyR/ +Qh2m7l+jy12MEzHQfGC1HYBo/Zi/MRIN53Rd2LLJWQdMxz/BDiuSxZhKVeCRe7gT +Mc2k3VrmfViBoaUE0zqMbx0j29XUbNQNU3afE8MOBkmyd6AQjoswBEsgU9uyCJYD +Jq3V1stwSVBm9G7X/l8GFlPawLg/uM9gTYb2JYUYPlphTAwVcL469rKQNMhPj2ww +zT7NzjwFb9XrmyiIrqH5z2ieG+LRjajOPVPwBsqZ3gOA+z9QkU1lRYEJOTlEYCkv +8oA6ZeFm31S4JoeogbCDaMiqDszkFtYGBUgGEbnHoCgXi7aINSb17VZ8LTzpD4V9 +vGdFVuE3vJf2POMERP+buLV8OiG38cBJXb+JVSC+pkpm+32nY0UR5ccDPwAC3cGq +SbI6ftKlQeaYp3UEncFUaB8NNZings3jzRexPjzUzo0vhRkkIs2InAQQAQIABgUC +VKg5iQAKCRBfHshviAyeVbEVBACL9Vve0dF0UqO+DN4PzrTOx2JzRw7ujhcrZ6I/ +TCXjANGLWUheylRWhvxMojvbhZEg2835+9l6tpD7BVnrfkBE+LYIKFTusye+WYre +dAaHFpuN6XfmsXmhXaSodhH9gKS+oftYX61qUmiE7L98nvINNBMnFVkptCQVDl8o +GWiMRYhGBBMRAgAGBQJUqBAmAAoJEMSxB5iFeWojCtoAoLa2/SUyfC5EiKdvEbap +49v6XPyxAJ9mPvhe75aTOU7uWoa+c0wn6fXIcrkBDQRUpeK0AQgA7ctg3cJD4eTw +j4sQ94AtSYjwT+Yp7r2s6h4cHUge6AMZy9ixtyg87JnviRFob2zeo2JFDAwtl7Zs +GHo+py/mJwfQKmUsXUmQqgHJFXDiiux+4+dYOXZyVYKP5bTV0JVlKjRjSWNnh7Bv +yZNUZlrLz5ZKF1NAYKJAw4fx3TFbC4K3hvDwHQW3croPQYq0wNq6as956LHYjUOB +Q5K0uy4TXY2EcIyAy253UX9MAFgacuP1jf3ITEVZpcebzl+gcaB54gXqOfmgQQP5 +PmQDyb96ZxFsKa5UfsS3Kh0PeERa5TDlgiw55O55pUSGKKfYfOXvqpJ/ZKYl+ado +wgsmbq09UwARAQABiQEfBBgBAgAJBQJUpeK0AhsMAAoJEKr1td4FvcxTNO0IAJ2b +V48mulcdCS8G3t8qRHlEXGbxgYBQRa500M9fdgRyIWBxubP7r6/nLFDGiIpdUVmT +g9F3r1JsyK6Q7+VUp9XLirj/gT1kwxXT/UHHIQO8ObtPbfFtqISaBjaklTOUPCud ++nOpzRIfct6CZM0xAVIoqm4kaRFaWefxRiyeosDQ7tCD4lDRwxNJE2deE1WmOeN1 +YCJHa8QaewJXtUvqMq6pRmTlzSn+5/w3gV3XVF+CHjGD/COeSm7CGazLmlypN4n8 +ib9eRg0K2rAqKfUbn+aFwmqSBhBcw/UhOoXnteNQvd9KNdKiHERJEI3qZ2rLAlYf +uYT6oSAR9rPSpsZpyTI= +=Jib4 +-----END PGP PUBLIC KEY BLOCK----- + + Type Bits KeyID Created Expires Algorithm Use pub 2048 E2763A73 2014-01-02 ------- RSA Sign & Encrypt fingerprint: 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73 @@ -2613,4 +2792,3 @@ DnF3FZZEzV7oqPwC2jzv/1dD6GFhtgy0cnyoPGUJ =nES8 -----END PGP PUBLIC KEY BLOCK----- -$Revision: 8.46 $, Last updated $Date: 2014-01-18 00:20:24 $ Modified: stable/9/contrib/sendmail/README ============================================================================== --- stable/9/contrib/sendmail/README Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/README Sat Jul 11 03:42:01 2015 (r285373) @@ -211,29 +211,11 @@ There are other files you should read. +--------------+ There are several related RFCs that you may wish to read -- they are -available via anonymous FTP to several sites. For a list of the -primary repositories see: - - http://www.isi.edu/in-notes/rfc-retrieval.txt - -They are also online at: +available from several sites, see + http://www.rfc-editor.org/ http://www.ietf.org/ -They can also be retrieved via electronic mail by sending -email to one of: - - mail-server@nisc.sri.com - Put "send rfcNNN" in message body - nis-info@nis.nsf.net - Put "send RFCnnn.TXT-1" in message body - sendrfc@jvnc.net - Put "RFCnnn" as Subject: line - -For further instructions see: - - http://www.isi.edu/in-notes/rfc-editor/rfc-info - Important RFCs for electronic mail are: RFC821 SMTP protocol Modified: stable/9/contrib/sendmail/RELEASE_NOTES ============================================================================== --- stable/9/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/RELEASE_NOTES Sat Jul 11 03:42:01 2015 (r285373) @@ -5,6 +5,165 @@ This listing shows the version of the se of the sendmail configuration files, the date of release, and a summary of the changes in that release. +8.15.2/8.15.2 2015/07/03 + If FEATURE(`nopercenthack') is used then some bogus input triggered + a recursion which was caught and logged as + SYSERR: rewrite: excessive recursion (max 50) ... + Fix based on patch from Ondrej Holas. + DHParameters now by default uses an included 2048 bit prime. + The value 'none' previously caused a log entry claiming + there was an error "cannot read or set DH parameters". + Also note that this option applies to the server side only. + The U= mailer field didn't accept group names containing hyphens, + underbars, or periods. Based on patch from David Gwynne + of the University of Queensland. + CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again. + Patch from Lars-Johan Liman of Netnod Internet Exchange. + CONFIG: New option UseCompressedIPv6Addresses to select between + compressed and uncompressed IPv6 addresses. The default + value depends on the compile-time option IPV6_FULL: + For 1 the default is False, for 0 it is True, thus + preserving the current behaviour. Based on patch from + John Beck of Oracle. + CONFIG: Account for IPv6 localhost addresses in + FEATURE(`block_bad_helo'). Suggested by Andrey Chernov + from FreeBSD and Robert Scheck from the Fedora Project. + CONFIG: Account for IPv6 localhost addresses in check_mail ruleset. + LIBMILTER: Deal with more invalid protocol data to avoid potential + crashes. Problem noted by Dimitri Kirchner. + LIBMILTER: Allow a milter to specify an empty macro list ("", not + NULL) in smfi_setsymlist() so no macro is sent for the + selected stage. + MAKEMAP: A change to check TrustedUser in fewer cases which was + made in 2013 caused a potential regression when makemap + was run as root (which should not be done anyway). + Note: sendmail often contains options "For Future Releases" + (prefix _FFR_) which might be enabled in a subsequent + version or might simply be removed as they turned out not + to be really useful. These features are usually not + documented but if they are, then the required (FFR) + options are listed in + - doc/op/op.* for rulesets and macros, + - cf/README for mc/cf options. + +8.15.1/8.15.1 2014/12/06 + SECURITY: Properly set the close-on-exec flag for file descriptors + (except stdin, stdout, and stderr) before executing mailers. + If header rewriting fails due to a temporary map lookup failure, + queue the mail for later retry instead of sending it + without rewriting the header. Note: this is done + while the mail is being sent and hence the transaction + is aborted, which only works for SMTP/LMTP mailers + hence the handling of temporary map failures is + suppressed for other mailers. SMTP/LMTP servers may + complain about aborted transactions when this problem + occurs. + See also "DNS Lookups" in sendmail/TUNING. + Incompatible Change: Use uncompressed IPv6 addresses by default, + i.e., they will not contain "::". For example, + instead of ::1 it will be 0:0:0:0:0:0:0:1. This + permits a zero subnet to have a more specific match, + such as different map entries for IPv6:0:0 vs IPv6:0. + This change requires that configuration data + (including maps, files, classes, custom ruleset, + etc) must use the same format, so make certain such + configuration data is updated before using 8.15. + As a very simple check search for patterns like + 'IPv6:[0-9a-fA-F:]*::' and 'IPv6::'. If necessary, + the prior format can be retained by compiling with: + APPENDDEF(`conf_sendmail_ENVDEF', `-DIPV6_FULL=0') + in your devtools/Site/site.config.m4 file. + If debugging is turned on (-d0.14) also print the OpenSSL + versions, both build time and run time + (provided STARTTLS is compiled in). + If a connection to the MTA is dropped by the client before its + hostname can be validated, treat it as "may be forged", + so that the unvalidated hostname is not passed to a + milter in xxfi_connect(). + Add a timeout for communication with socket map servers + which can be specified using the -d option. + Add a compile time option HESIOD_ALLOW_NUMERIC_LOGIN to allow + numeric logins even if HESIOD is enabled. + The new option CertFingerprintAlgorithm specifies the finger- + print algorithm (digest) to use for the presented cert. + If the option is not set, md5 is used and the macro + {cert_md5} contains the cert fingerprint. + However, if the option is set, the specified algorithm + (e.g., sha1) is used and the macro {cert_fp} contains + the cert fingerprint. + That is, as long as the option is not set, the behaviour + does not change, but otherwise, {cert_md5} is superseded + by {cert_fp} even if you set CertFingerprintAlgorithm + to md5. + The options ServerSSLOptions and ClientSSLOptions can be used + to set SSL options for the server and client side + respectively. See SSL_CTX_set_options(3) for a list. + Note: this change turns on SSL_OP_NO_SSLv2 and + SSL_OP_NO_TICKET for the client. See doc/op/op.me + for details. + The option CipherList sets the list of ciphers for STARTTLS. + See ciphers(1) for possible values. + Do not log "STARTTLS: internal error: tls_verify_cb: ssl == NULL" + if a CRLFfile is in use (and LogLevel is 14 or higher.) + Store a more specific TLS protocol version in ${tls_version} + instead of a generic one, e.g., TLSv1 instead of + TLSv1/SSLv3. + Properly set {client_port} value on little endian machines. + Patch from Kelsey Cummings of Sonic.net. + Per RFC 3848, indicate in the Received: header whether SSL or + SMTP AUTH was negotiated by setting the protocol clause + to ESMTPS, ESMTPA, or ESMTPSA instead of ESMTP. + If the 'C' flag is listed as TLSSrvOptions the requirement for the + TLS server to have a cert is removed. This only works + under very specific circumstances and should only be used + if the consequences are understood, e.g., clients + may not work with a server using this. + The options ClientCertFile, ClientKeyFile, ServerCertFile, and + ServerKeyFile can take a second file name, which must be + separated from the first with a comma (note: do not use + any spaces) to set up a second cert/key pair. This can + be used to have certs of different types, e.g., RSA + and DSA. + A new map type "arpa" is available to reverse an IP (IPv4 or IPv6) + address. It returns the string for the PTR lookup, but + without trailing {ip6,in-addr}.arpa. + New operation mode 'C' just checks the configuration file, e.g., + sendmail -C new.cf -bC + will perform a basic syntax/consistency check of new.cf. + The mailer flag 'I' is deprecated and will be removed in a + future version. + Allow local (not just TCP) socket connections to the server, e.g., + O DaemonPortOptions=Family=local, Addr=/var/mta/server.sock + can be used. + If the new option MaxQueueAge is set to a value greater than zero, + entries in the queue will be retried during a queue run + only if the individual retry time has been reached which + is doubled for each attempt. The maximum retry time is + limited by the specified value. + New DontBlameSendmail option GroupReadableDefaultAuthInfoFile + to relax requirement for DefaultAuthInfo file. + Reset timeout after receiving a message to appropriate value if + STARTTLS is in use. Based on patch by Kelsey Cummings + of Sonic.net. + Report correct error messages from the LDAP library for a range of + small negative return values covering those used by OpenLDAP. + Fix compilation with Berkeley DB 5.0 and 6.0. Patch from + Allan E Johannesen of Worcester Polytechnic Institute. + CONFIG: FEATURE(`nopercenthack') takes one parameter: reject or + nospecial which describes whether to disallow "%" in the + local part of an address. + DEVTOOLS: Fix regression in auto-detection of libraries when only + shared libraries are available. Problem reported by + Bryan Costales. + LIBMILTER: Mark communication socket as close-on-exec in case + a user's filter starts other applications. + Based on patch from Paul Howarth. + Portability: + SunOS 5.12 has changed the API for sigwait(2) to conform + with XPG7. Based on patch from Roger Faulkner of Oracle. + Deleted Files: + libsm/path.c + 8.14.9/8.14.9 2014/05/21 SECURITY: Properly set the close-on-exec flag for file descriptors (except stdin, stdout, and stderr) before executing mailers. @@ -681,7 +840,7 @@ summary of the changes in that release. LIBMILTER: The "hostname" argument of the xxfi_connect() callback previously was the equivalent of {client_ptr}. However, this did not match the documentation of the function, hence - it has been changed to {client_name}. See doc/op/op.* + it has been changed to {client_name}. See doc/op/op.me about these macros. 8.13.7/8.13.7 2006/06/14 @@ -3509,11 +3668,11 @@ summary of the changes in that release. Add new STARTTLS related options CACERTPath, CACERTFile, ClientCertFile, ClientKeyFile, DHParameters, RandFile, ServerCertFile, and ServerKeyFile. These are documented in - cf/README and doc/op/op.*. + cf/README and doc/op/op.me. New STARTTLS related macros: ${cert_issuer}, ${cert_subject}, ${tls_version}, ${cipher}, ${cipher_bits}, ${verify}, ${server_name}, and ${server_addr}. These are documented - in cf/README and doc/op/op.*. + in cf/README and doc/op/op.me. Add support for the Entropy Gathering Daemon (EGD) for better random data. New DontBlameSendmail option InsufficientEntropy for systems which Modified: stable/9/contrib/sendmail/cf/README ============================================================================== --- stable/9/contrib/sendmail/cf/README Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/cf/README Sat Jul 11 03:42:01 2015 (r285373) @@ -158,6 +158,26 @@ FEATURE(`local_procmail'). ******************************************************************* +Note: +Some rulesets, features, and options are only useful if the sendmail +binary has been compiled with the appropriate options, e.g., the +ruleset tls_server is only invoked if sendmail has been compiled +with STARTTLS. This is usually obvious from the context and hence +not further specified here. +There are also so called "For Future Releases" (FFR) compile time +options which might be included in a subsequent version or might +simply be removed as they turned out not to be really useful. +These are generally not documented but if they are, then the required +compile time options are listed in doc/op/op.* for rulesets and +macros, and for mc/cf specific options they are usually listed here. +In addition to compile time options for the sendmail binary, there +can also be FFRs for mc/cf which in general can be enabled when the +configuration file is generated by defining them at the top of your +.mc file: + +define(`_FFR_NAME_HERE', 1) + + +----------------------------+ | A BRIEF INTRODUCTION TO M4 | +----------------------------+ @@ -397,6 +417,10 @@ SMTP_MAILER_CHARSET [undefined] If defin that ARRIVE from an address that resolves to one of the SMTP mailers and which are converted to MIME will be labeled with this character set. +RELAY_MAILER_CHARSET [undefined] If defined, messages containing 8-bit data + that ARRIVE from an address that resolves to the + relay mailers and which are converted to MIME will + be labeled with this character set. SMTP_MAILER_LL [990] The maximum line length for SMTP mailers (except the relay mailer). RELAY_MAILER_LL [2040] The maximum line length for the relay mailer. @@ -743,6 +767,16 @@ nouucp Don't route UUCP addresses. Thi 2. don't remove "!" from OperatorChars if `reject' is given as parameter. +nopercenthack Don't treat % as routing character. This feature takes one + parameter: + `reject': reject addresses which have % in the local + part unless it originates from a system + that is allowed to relay. + `nospecial': don't do anything special with %. + Warnings: 1. See the notice in the anti-spam section. + 2. Don't remove % from OperatorChars if `reject' is + given as parameter. + nocanonify Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this @@ -1441,7 +1475,7 @@ msp Defines config file for Message Sub by default. If you have a machine with IPv6 only, change it to - FEATURE(`msp', `[IPv6:::1]') + FEATURE(`msp', `[IPv6:0:0:0:0:0:0:0:1]') If you want to continue using '[localhost]', (the behavior up to 8.12.6), use @@ -1499,8 +1533,12 @@ block_bad_helo Reject messages from SMTP - connections from IP addresses in class $={R}. Currently access_db lookups can not be used to (selectively) disable this test, moreover, + FEATURE(`delay_checks') - is required. + + is required. Note, the block_bad_helo feature automatically + adds the IPv6 and IPv4 localhost IP addresses to $={w} (local + host names) and $={R} (relay permitted). require_rdns Reject mail from connecting SMTP clients without proper rDNS (reverse DNS), functional gethostbyaddr() resolution. @@ -2442,17 +2480,19 @@ should only be used for sites which have that they provide a gateway for. Use this FEATURE with caution as it can allow spammers to relay through your server if not setup properly. -NOTICE: It is possible to relay mail through a system which the anti-relay -rules do not prevent: the case of a system that does use FEATURE(`nouucp', -`nospecial') (system A) and relays local messages to a mail hub (e.g., via -LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use -FEATURE(`nouucp') at all, addresses of the form - would be relayed to . -System A doesn't recognize `!' as an address separator and therefore -forwards it to the mail hub which in turns relays it because it came from -a trusted local host. So if a mailserver allows UUCP (bang-format) -addresses, all systems from which it allows relaying should do the same -or reject those addresses. +NOTICE: It is possible to relay mail through a system which the +anti-relay rules do not prevent: the case of a system that does use +FEATURE(`nouucp', `nospecial') / FEATURE(`nopercenthack', `nospecial') +(system A) and relays local messages to a mail hub (e.g., via +LOCAL_RELAY or LUSER_RELAY) (system B). If system B doesn't use the +same feature (nouucp / nopercenthack) at all, addresses of the form + / +would be relayed to . +System A doesn't recognize `!' / `%' as an address separator and +therefore forwards it to the mail hub which in turns relays it +because it came from a trusted local host. So if a mailserver +allows UUCP (bang-format) / %-hack addresses, all systems from which +it allows relaying should do the same or reject those addresses. As of 8.9, sendmail will refuse mail if the MAIL FROM: parameter has an unresolvable domain (i.e., one that DNS, your local name service, @@ -3160,17 +3200,49 @@ TLS_Clt:laptop.example.com PERM+VER TLS_Rcpt:darth@endmail.org ENCR:112+CN:smtp.endmail.org -Disabling STARTTLS And Setting SMTP Server Features ---------------------------------------------------- +TLS Options per Session +----------------------- By default STARTTLS is used whenever possible. However, there are -some broken MTAs that don't properly implement STARTTLS. To be able -to send to (or receive from) those MTAs, the ruleset try_tls -(srv_features) can be used that work together with the access map. -Entries for the access map must be tagged with Try_TLS (Srv_Features) -and refer to the hostname or IP address of the connecting system. -A default case can be specified by using just the tag. For example, -the following entries in the access map: +MTAs with STARTTLS interoperability issues. To be able to send to +(or receive from) those MTAs several features are available: + +1) Various TLS options be be set per IP/domain. +2) STARTTLS can be turned off for specific IP addresses/domains. + +About 1): the rulesets tls_srv_features and tls_clt_features can +be used to return a (semicolon separated) list of TLS related +options: + +- Options: compare {Server,Client}SSLOptions. +- CipherList: same as the global option. +- CertFile, KeyFile: {Server,Client}{Cert,Key}File + +If FEATURE(`tls_session_features') is used, then default rulesets +are activated which look up entries in the access map with the tags +TLS_Srv_features and TLS_Clt_features, respectively. +For example, these entries: + + TLS_Srv_features:10.0.2.4 CipherList=MEDIUM+aRSA; + TLS_Clt_features:10.1.0.1 Options=SSL_OP_NO_TLSv1_2; CipherList=ALL:-EXPORT + +specify a cipherlist with MEDIUM strength ciphers that use RSA +certificates only for the client with the IP address 10.0.2.4, +and turn off TLSv1.2 when connecting to the server with the IP +address 10.1.0.1 as well as setting a specific cipherlist. +If FEATURE(`tls_session_features') is not used the user can provide +their own rulesets which must return the appropriate data. +If the rulesets are not defined or do not return a value, the +default TLS options are not modified. +(These rulesets require the sendmail binary to be built with +_FFR_TLS_SE_OPTS enabled.) + +About 2): the ruleset try_tls (srv_features) can be used that work +together with the access map. Entries for the access map must be +tagged with Try_TLS (Srv_Features) and refer to the hostname or IP +address of the connecting system. A default case can be specified +by using just the tag. For example, the following entries in the +access map: Try_TLS:broken.server NO Srv_Features:my.domain v @@ -3756,6 +3828,12 @@ confSINGLE_THREAD_DELIVERY SingleThread cached but otherwise idle connection to a host will prevent other sendmails from connecting to the other host. +confUSE_COMPRESSED_IPV6_ADDRESSES + UseCompressedIPv6Addresses + [undefined] If set, use the compressed + form of IPv6 addresses, such as + IPV6:::1, instead of the uncompressed + form, such as IPv6:0:0:0:0:0:0:0:1. confUSE_ERRORS_TO* UseErrorsTo [False] Use the Errors-To: header to deliver error messages. This should not be necessary because of general @@ -3990,6 +4068,13 @@ confWORK_TIME_FACTOR RetryFactor [90000] confQUEUE_SORT_ORDER QueueSortOrder [Priority] Queue sort algorithm: Priority, Host, Filename, Random, Modification, or Time. +confMAX_QUEUE_AGE MaxQueueAge [undefined] If set to a value greater + than zero, entries in the queue + will be retried during a queue run + only if the individual retry time + has been reached which is doubled + for each attempt. The maximum retry + time is limited by the specified value. confMIN_QUEUE_AGE MinQueueAge [0] The minimum amount of time a job must sit in the queue between queue runs. This allows you to set the @@ -4208,7 +4293,7 @@ confAUTH_MECHANISMS AuthMechanisms [GSSA confAUTH_REALM AuthRealm [undefined] The authentication realm that is passed to the Cyrus SASL library. If no realm is specified, - $j is used. + $j is used. See KNOWNBUGS. confDEF_AUTH_INFO DefaultAuthInfo [undefined] Name of file that contains authentication information for outgoing connections. This file must @@ -4241,6 +4326,14 @@ confTLS_SRV_OPTIONS TLSSrvOptions If thi verification is performed, i.e., the server doesn't ask for a certificate. +confSERVER_SSL_OPTIONS ServerSSLOptions [undefined] SSL related + options for server side. See + SSL_CTX_set_options(3) for a list. +confCLIENT_SSL_OPTIONS ClientSSLOptions [undefined] SSL related + options for client side. See + SSL_CTX_set_options(3) for a list. +confCIPHER_LIST CipherList [undefined] Cipher list for TLS. + See ciphers(1) for possible values. confLDAP_DEFAULT_SPEC LDAPDefaultSpec [undefined] Default map specification for LDAP maps. The value should only contain LDAP @@ -4250,10 +4343,11 @@ confLDAP_DEFAULT_SPEC LDAPDefaultSpec [u maps unless they are specified in the individual map specification ('K' command). -confCACERT_PATH CACertPath [undefined] Path to directory - with certs of CAs. -confCACERT CACertFile [undefined] File containing one CA - cert. +confCACERT_PATH CACertPath [undefined] Path to directory with + certificates of CAs which must contain + their hashes as filenames or links. +confCACERT CACertFile [undefined] File containing at least + one CA certificate. confSERVER_CERT ServerCertFile [undefined] File containing the cert of the server, i.e., this cert is used when sendmail acts as @@ -4281,6 +4375,10 @@ confRAND_FILE RandFile [undefined] File requires this option if the compile flag HASURANDOM is not set (see sendmail/README). +confCERT_FINGERPRINT_ALGORITHM CertFingerprintAlgorithm + [undefined] The fingerprint algorithm + (digest) to use for the presented + cert. confNICE_QUEUE_RUN NiceQueueRun [undefined] If set, the priority of queue runners is set the given value (nice(3)). Modified: stable/9/contrib/sendmail/cf/cf/Makefile ============================================================================== --- stable/9/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/cf/cf/Makefile Sat Jul 11 03:42:01 2015 (r285373) @@ -100,6 +100,7 @@ M4FILES=\ ${CFDIR}/feature/access_db.m4 \ ${CFDIR}/feature/allmasquerade.m4 \ ${CFDIR}/feature/always_add_domain.m4 \ + ${CFDIR}/feature/bcc.m4 \ ${CFDIR}/feature/bestmx_is_local.m4 \ ${CFDIR}/feature/bitdomain.m4 \ ${CFDIR}/feature/blacklist_recipients.m4 \ @@ -118,9 +119,11 @@ M4FILES=\ ${CFDIR}/feature/masquerade_envelope.m4 \ ${CFDIR}/feature/no_default_msa.m4 \ ${CFDIR}/feature/nocanonify.m4 \ + ${CFDIR}/feature/nopercenthack.m4 \ ${CFDIR}/feature/notsticky.m4 \ ${CFDIR}/feature/nouucp.m4 \ ${CFDIR}/feature/nullclient.m4 \ + ${CFDIR}/feature/prefixmod.m4 \ ${CFDIR}/feature/promiscuous_relay.m4 \ ${CFDIR}/feature/redirect.m4 \ ${CFDIR}/feature/ratecontrol.m4 \ @@ -131,12 +134,14 @@ M4FILES=\ ${CFDIR}/feature/relay_mail_from.m4 \ ${CFDIR}/feature/smrsh.m4 \ ${CFDIR}/feature/stickyhost.m4 \ + ${CFDIR}/feature/tls_session_features.m4 \ ${CFDIR}/feature/use_ct_file.m4 \ ${CFDIR}/feature/use_cw_file.m4 \ ${CFDIR}/feature/uucpdomain.m4 \ ${CFDIR}/feature/virtuser_entire_domain.m4 \ ${CFDIR}/feature/virtusertable.m4 \ ${CFDIR}/hack/cssubdomain.m4 \ + ${CFDIR}/hack/xconnect.m4 \ ${CFDIR}/m4/cf.m4 \ ${CFDIR}/m4/cfhead.m4 \ ${CFDIR}/m4/proto.m4 \ Modified: stable/9/contrib/sendmail/cf/cf/submit.cf ============================================================================== --- stable/9/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:34:57 2015 (r285372) +++ stable/9/contrib/sendmail/cf/cf/submit.cf Sat Jul 11 03:42:01 2015 (r285373) @@ -16,8 +16,8 @@ ##### ##### SENDMAIL CONFIGURATION FILE ##### -##### built by ca@lab.smi.sendmail.com on Tue May 20 12:12:52 PDT 2014 -##### in /home/ca/sm8.git/sendmail/OpenSource/sendmail-8.14.9/cf/cf +##### built by ca@sandman.dev-lab.sendmail.com on Thu Jul 2 05:24:31 PDT 2015 +##### in /x/ca/smi.git/sendmail/OpenSource/sendmail-8.15.2/cf/cf ##### using ../ as configuration include directory ##### ###################################################################### @@ -114,7 +114,7 @@ D{MTAHost}[127.0.0.1] # Configuration version number -DZ8.14.9/Submit +DZ8.15.2/Submit ############### @@ -202,6 +202,9 @@ O ConnectionCacheTimeout=5m # use Errors-To: header? O UseErrorsTo=False +# use compressed IPv6 address format? +#O UseCompressedIPv6Addresses + # log level O LogLevel=9 @@ -251,6 +254,9 @@ O PrivacyOptions=goaway,noetrn,restrictq # minimum time in queue before retry #O MinQueueAge=30m +# maximum time in queue before retry (if > 0; only for exponential delay) +#O MaxQueueAge + # how many jobs can you process in the queue? #O MaxQueueRunSize=0 @@ -501,6 +507,12 @@ O PidFile=/var/spool/clientmqueue/sm-cli # SMTP STARTTLS server options #O TLSSrvOptions +# SSL cipherlist +#O CipherList +# server side SSL options +#O ServerSSLOptions +# client side SSL options +#O ClientSSLOptions # Input mail filters #O InputMailFilters @@ -524,6 +536,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli #O DHParameters # Random data source (required for systems without /dev/urandom under OpenSSL) #O RandFile +# fingerprint algorithm (digest) to use for the presented cert +#O CertFingerprintAlgorithm # Maximum number of "useless" commands before slowing down #O MaxNOOPCommands=20 @@ -531,6 +545,8 @@ O PidFile=/var/spool/clientmqueue/sm-cli # Name to use for EHLO (defaults to $j) #O HeloName + + ############################ # QUEUE GROUP DEFINITIONS # ############################ @@ -645,6 +661,7 @@ R$- . $- :: $+ $@ $>Canonify2 $3 < @ $1 # if we have % signs, take the rightmost one R$* % $* $1 @ $2 First make them all @s. R$* @ $* @ $* $1 % $2 @ $3 Undo all but the last. + R$* @ $* $@ $>Canonify2 $1 < @ $2 > Insert < > and finish # else we must be a local name @@ -781,6 +798,7 @@ R$* $=O $* < @ *LOCAL* > $@ $>Parse0 $>canonify $1 $2 $3 ...@*LOCAL* -> ... R$* < @ *LOCAL* > $: $1 + # # Parse1 -- the bottom half of ruleset 0. # @@ -818,6 +836,8 @@ R$* < @$* > $* $#esmtp $@ $2 $: $1 < @ R$=L $#local $: @ $1 special local names R$+ $#local $: $1 regular local names + + ########################################################################### ### Ruleset 5 -- special rewriting after aliases have been expanded ### ########################################################################### @@ -1027,6 +1047,10 @@ R$* $| $* $: $2 R<@> < $* @ localhost > $: < ? $&{client_name} > < $1 @ localhost > R<@> < $* @ [127.0.0.1] > $: < ? $&{client_name} > < $1 @ [127.0.0.1] > +R<@> < $* @ [IPv6:0:0:0:0:0:0:0:1] > + $: < ? $&{client_name} > < $1 @ [IPv6:0:0:0:0:0:0:0:1] > +R<@> < $* @ [IPv6:::1] > + $: < ? $&{client_name} > < $1 @ [IPv6:::1] > R<@> < $* @ localhost.$m > $: < ? $&{client_name} > < $1 @ localhost.$m > R<@> < $* @ localhost.UUCP > @@ -1141,6 +1165,7 @@ R$* $: $&{client_addr} R$@ $@ RELAY originated locally R0 $@ RELAY originated locally R127.0.0.1 $@ RELAY originated locally +RIPv6:0:0:0:0:0:0:0:1 $@ RELAY originated locally RIPv6:::1 $@ RELAY originated locally R$=R $* $@ RELAY relayable IP address R$* $: [ $1 ] put brackets around it... @@ -1245,6 +1270,8 @@ STLS_connection RSOFTWARE $#error $@ 4.7.0 $: "403 TLS handshake." + + ###################################################################### ### RelayTLS: allow relaying based on TLS authentication ### @@ -1442,7 +1469,7 @@ Mrelay, P=[IPC], F=mDFMuXa8k, S=EnvFrom ### submit.mc ### # divert(-1) # # *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:50:07 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 65B5199705A; Sat, 11 Jul 2015 03:50:07 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 55650DBB; Sat, 11 Jul 2015 03:50:07 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3o7Lu097845; Sat, 11 Jul 2015 03:50:07 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3o7WB097844; Sat, 11 Jul 2015 03:50:07 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110350.t6B3o7WB097844@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:50:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285375 - stable/9/etc/sendmail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:50:07 -0000 Author: gshapiro Date: Sat Jul 11 03:50:06 2015 New Revision: 285375 URL: https://svnweb.freebsd.org/changeset/base/285375 Log: MFC: Minor changes to force commit these files so new freebsd*.cf files are built to use the new sendmail-8.15.2/cf tree. Modified: stable/9/etc/sendmail/freebsd.submit.mc Directory Properties: stable/9/etc/ (props changed) Modified: stable/9/etc/sendmail/freebsd.submit.mc ============================================================================== --- stable/9/etc/sendmail/freebsd.submit.mc Sat Jul 11 03:46:36 2015 (r285374) +++ stable/9/etc/sendmail/freebsd.submit.mc Sat Jul 11 03:50:06 2015 (r285375) @@ -7,7 +7,6 @@ divert(-1) # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # -# # # This is the FreeBSD configuration for a set-group-ID sm-msp sendmail From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:52:57 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2E4A9971C8; Sat, 11 Jul 2015 03:52:56 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DDDF61213; Sat, 11 Jul 2015 03:52:56 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3quti001468; Sat, 11 Jul 2015 03:52:56 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3quJf001467; Sat, 11 Jul 2015 03:52:56 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110352.t6B3quJf001467@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:52:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285377 - stable/9/contrib/sendmail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:52:57 -0000 Author: gshapiro Date: Sat Jul 11 03:52:55 2015 New Revision: 285377 URL: https://svnweb.freebsd.org/changeset/base/285377 Log: MFC: Update for sendmail 8.15.2 import Modified: stable/9/contrib/sendmail/FREEBSD-upgrade Directory Properties: stable/9/contrib/sendmail/ (props changed) Modified: stable/9/contrib/sendmail/FREEBSD-upgrade ============================================================================== --- stable/9/contrib/sendmail/FREEBSD-upgrade Sat Jul 11 03:50:17 2015 (r285376) +++ stable/9/contrib/sendmail/FREEBSD-upgrade Sat Jul 11 03:52:55 2015 (r285377) @@ -1,6 +1,6 @@ $FreeBSD$ -sendmail 8.14.9 +sendmail 8.15.2 originals can be found at: ftp://ftp.sendmail.org/pub/sendmail/ For the import of sendmail, the following directories were renamed: @@ -97,4 +97,4 @@ infrastructure in FreeBSD: usr.sbin/mailwrapper/Makefile gshapiro@FreeBSD.org -21-May-2014 +10-July-2015 From owner-svn-src-stable-9@freebsd.org Sat Jul 11 03:57:12 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CD73B997295; Sat, 11 Jul 2015 03:57:12 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BCEAC1657; Sat, 11 Jul 2015 03:57:12 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B3vCsj002175; Sat, 11 Jul 2015 03:57:12 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B3vC2g002174; Sat, 11 Jul 2015 03:57:12 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110357.t6B3vC2g002174@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 03:57:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285379 - stable/9/etc/sendmail X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 03:57:12 -0000 Author: gshapiro Date: Sat Jul 11 03:57:11 2015 New Revision: 285379 URL: https://svnweb.freebsd.org/changeset/base/285379 Log: Previous MFC to trigger new .cf builds didn't catch freebsd.mc. Modified: stable/9/etc/sendmail/freebsd.mc Modified: stable/9/etc/sendmail/freebsd.mc ============================================================================== --- stable/9/etc/sendmail/freebsd.mc Sat Jul 11 03:53:03 2015 (r285378) +++ stable/9/etc/sendmail/freebsd.mc Sat Jul 11 03:57:11 2015 (r285379) @@ -33,6 +33,7 @@ divert(-1) # SUCH DAMAGE. # + # # This is a generic configuration file for FreeBSD 6.X and later systems. # If you want to customize it, copy it to a name appropriate for your From owner-svn-src-stable-9@freebsd.org Sat Jul 11 04:54:47 2015 Return-Path: Delivered-To: svn-src-stable-9@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38DB9997ECA; Sat, 11 Jul 2015 04:54:47 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 281AA1B2C; Sat, 11 Jul 2015 04:54:47 +0000 (UTC) (envelope-from gshapiro@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.70]) by repo.freebsd.org (8.14.9/8.14.9) with ESMTP id t6B4slvk035292; Sat, 11 Jul 2015 04:54:47 GMT (envelope-from gshapiro@FreeBSD.org) Received: (from gshapiro@localhost) by repo.freebsd.org (8.14.9/8.14.9/Submit) id t6B4slTH035291; Sat, 11 Jul 2015 04:54:47 GMT (envelope-from gshapiro@FreeBSD.org) Message-Id: <201507110454.t6B4slTH035291@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gshapiro set sender to gshapiro@FreeBSD.org using -f From: Gregory Neil Shapiro Date: Sat, 11 Jul 2015 04:54:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r285382 - stable/9/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-9@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for only the 9-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Jul 2015 04:54:47 -0000 Author: gshapiro Date: Sat Jul 11 04:54:46 2015 New Revision: 285382 URL: https://svnweb.freebsd.org/changeset/base/285382 Log: Note merge of sendmail 8.15.2 Modified: stable/9/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: stable/9/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- stable/9/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jul 11 04:20:56 2015 (r285381) +++ stable/9/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jul 11 04:54:46 2015 (r285382) @@ -119,7 +119,8 @@ Contributed Software -   + The sendmail + utility has been updated to version 8.15.2.