From owner-svn-src-releng@FreeBSD.ORG Tue Apr 8 18:27:48 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CD080949; Tue, 8 Apr 2014 18:27:48 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B71D41245; Tue, 8 Apr 2014 18:27:48 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s38IRmol049105; Tue, 8 Apr 2014 18:27:48 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s38IRlGS049095; Tue, 8 Apr 2014 18:27:47 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201404081827.s38IRlGS049095@svn.freebsd.org> From: Xin LI Date: Tue, 8 Apr 2014 18:27:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r264267 - in releng/10.0: . crypto/openssl/crypto/bn crypto/openssl/crypto/ec crypto/openssl/ssl sys/conf sys/fs/nfsserver X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 18:27:49 -0000 Author: delphij Date: Tue Apr 8 18:27:46 2014 New Revision: 264267 URL: http://svnweb.freebsd.org/changeset/base/264267 Log: Fix NFS deadlock vulnerability. [SA-14:05] Fix "Heartbleed" vulnerability and ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] Approved by: so Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/crypto/bn/bn.h releng/10.0/crypto/openssl/crypto/bn/bn_lib.c releng/10.0/crypto/openssl/crypto/ec/ec2_mult.c releng/10.0/crypto/openssl/ssl/d1_both.c releng/10.0/crypto/openssl/ssl/t1_lib.c releng/10.0/sys/conf/newvers.sh releng/10.0/sys/fs/nfsserver/nfs_nfsdserv.c Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/UPDATING Tue Apr 8 18:27:46 2014 (r264267) @@ -16,6 +16,12 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140408: p1 FreeBSD-SA-14:05.nfsserver + FreeBSD-SA-14:06.openssl + Fix deadlock in the NFS server. [SA-14:05] + + Fix multiple vulnerabilities in OpenSSL. [SA-14:06] + 20131223: The behavior of gss_pseudo_random() for the krb5 mechanism has changed, for applications requesting a longer random string Modified: releng/10.0/crypto/openssl/crypto/bn/bn.h ============================================================================== --- releng/10.0/crypto/openssl/crypto/bn/bn.h Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/crypto/openssl/crypto/bn/bn.h Tue Apr 8 18:27:46 2014 (r264267) @@ -538,6 +538,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -774,11 +776,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: releng/10.0/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 18:27:46 2014 (r264267) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: releng/10.0/crypto/openssl/crypto/ec/ec2_mult.c ============================================================================== --- releng/10.0/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 18:27:46 2014 (r264267) @@ -208,11 +208,15 @@ static int gf2m_Mxy(const EC_GROUP *grou return ret; } + /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation" (CHES '99, LNCS 1717). + * + * To protect against side-channel attack the function uses constant time swap, + * avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -246,6 +250,11 @@ static int ec_GF2m_montgomery_point_mult x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -270,16 +279,12 @@ static int ec_GF2m_montgomery_point_mult word = scalar->d[i]; while (mask) { - if (word & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(word & mask, x1, x2, group->field.top); + BN_consttime_swap(word & mask, z1, z2, group->field.top); mask >>= 1; } mask = BN_TBIT; Modified: releng/10.0/crypto/openssl/ssl/d1_both.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/d1_both.c Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/crypto/openssl/ssl/d1_both.c Tue Apr 8 18:27:46 2014 (r264267) @@ -1458,26 +1458,36 @@ dtls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; + unsigned int write_length = 1 /* heartbeat type */ + + 2 /* heartbeat length */ + + payload + padding; int r; + if (write_length > SSL3_RT_MAX_PLAIN_LENGTH) + return 0; + /* Allocate memory for the response, size is 1 byte * message type, plus 2 bytes payload length, plus * payload, plus padding */ - buffer = OPENSSL_malloc(1 + 2 + payload + padding); + buffer = OPENSSL_malloc(write_length); bp = buffer; /* Enter response type, length and copy payload */ @@ -1488,11 +1498,11 @@ dtls1_process_heartbeat(SSL *s) /* Random padding */ RAND_pseudo_bytes(bp, padding); - r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, 3 + payload + padding); + r = dtls1_write_bytes(s, TLS1_RT_HEARTBEAT, buffer, write_length); if (r >= 0 && s->msg_callback) s->msg_callback(1, s->version, TLS1_RT_HEARTBEAT, - buffer, 3 + payload + padding, + buffer, write_length, s, s->msg_callback_arg); OPENSSL_free(buffer); Modified: releng/10.0/crypto/openssl/ssl/t1_lib.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/t1_lib.c Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/crypto/openssl/ssl/t1_lib.c Tue Apr 8 18:27:46 2014 (r264267) @@ -2486,16 +2486,20 @@ tls1_process_heartbeat(SSL *s) unsigned int payload; unsigned int padding = 16; /* Use minimum padding */ - /* Read type and payload length first */ - hbtype = *p++; - n2s(p, payload); - pl = p; - if (s->msg_callback) s->msg_callback(0, s->version, TLS1_RT_HEARTBEAT, &s->s3->rrec.data[0], s->s3->rrec.length, s, s->msg_callback_arg); + /* Read type and payload length first */ + if (1 + 2 + 16 > s->s3->rrec.length) + return 0; /* silently discard */ + hbtype = *p++; + n2s(p, payload); + if (1 + 2 + payload + 16 > s->s3->rrec.length) + return 0; /* silently discard per RFC 6520 sec. 4 */ + pl = p; + if (hbtype == TLS1_HB_REQUEST) { unsigned char *buffer, *bp; Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/sys/conf/newvers.sh Tue Apr 8 18:27:46 2014 (r264267) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE" +BRANCH="RELEASE-p1" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.0/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- releng/10.0/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 18:27:39 2014 (r264266) +++ releng/10.0/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 18:27:46 2014 (r264267) @@ -1457,10 +1457,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, nfsvno_relpathbuf(&fromnd); goto out; } + /* + * Unlock dp in this code section, so it is unlocked before + * tdp gets locked. This avoids a potential LOR if tdp is the + * parent directory of dp. + */ if (nd->nd_flag & ND_NFSV4) { tdp = todp; tnes = *toexp; - tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0); + if (dp != tdp) { + NFSVOPUNLOCK(dp, 0); + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 0); /* Might lock tdp. */ + } else { + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 1); + NFSVOPUNLOCK(dp, 0); + } } else { tfh.nfsrvfh_len = 0; error = nfsrv_mtofh(nd, &tfh); @@ -1481,10 +1494,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, tnes = *exp; tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); + NFSVOPUNLOCK(dp, 0); } else { + NFSVOPUNLOCK(dp, 0); nd->nd_cred->cr_uid = nd->nd_saveduid; nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL, - 0, p); + 0, p); /* Locks tdp. */ if (tdp) { tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); @@ -1499,7 +1514,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, if (error) { if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1514,7 +1529,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, } if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1523,7 +1538,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, /* * Done parsing, now down to business. */ - nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp); + nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp); if (nd->nd_repstat) { if (nd->nd_flag & ND_NFSV3) { nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret, From owner-svn-src-releng@FreeBSD.ORG Tue Apr 8 23:16:11 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E7FBF101; Tue, 8 Apr 2014 23:16:10 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D04E41305; Tue, 8 Apr 2014 23:16:10 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s38NGAI3068759; Tue, 8 Apr 2014 23:16:10 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s38NG5mu068730; Tue, 8 Apr 2014 23:16:05 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201404082316.s38NG5mu068730@svn.freebsd.org> From: Xin LI Date: Tue, 8 Apr 2014 23:16:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r264284 - in releng: 8.3 8.3/crypto/openssl/crypto/bn 8.3/crypto/openssl/crypto/ec 8.3/sys/conf 8.3/sys/fs/nfsserver 8.4 8.4/crypto/openssl/crypto/bn 8.4/crypto/openssl/crypto/ec 8.4/sy... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 23:16:11 -0000 Author: delphij Date: Tue Apr 8 23:16:05 2014 New Revision: 264284 URL: http://svnweb.freebsd.org/changeset/base/264284 Log: Fix NFS deadlock vulnerability. [SA-14:05] Fix ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] Approved by: so Modified: releng/8.3/UPDATING releng/8.3/crypto/openssl/crypto/bn/bn.h releng/8.3/crypto/openssl/crypto/bn/bn_lib.c releng/8.3/crypto/openssl/crypto/ec/ec2_mult.c releng/8.3/sys/conf/newvers.sh releng/8.3/sys/fs/nfsserver/nfs_nfsdserv.c releng/8.4/UPDATING releng/8.4/crypto/openssl/crypto/bn/bn.h releng/8.4/crypto/openssl/crypto/bn/bn_lib.c releng/8.4/crypto/openssl/crypto/ec/ec2_mult.c releng/8.4/sys/conf/newvers.sh releng/8.4/sys/fs/nfsserver/nfs_nfsdserv.c releng/9.1/UPDATING releng/9.1/crypto/openssl/crypto/bn/bn.h releng/9.1/crypto/openssl/crypto/bn/bn_lib.c releng/9.1/crypto/openssl/crypto/ec/ec2_mult.c releng/9.1/sys/conf/newvers.sh releng/9.1/sys/fs/nfsserver/nfs_nfsdserv.c releng/9.2/UPDATING releng/9.2/crypto/openssl/crypto/bn/bn.h releng/9.2/crypto/openssl/crypto/bn/bn_lib.c releng/9.2/crypto/openssl/crypto/ec/ec2_mult.c releng/9.2/sys/conf/newvers.sh releng/9.2/sys/fs/nfsserver/nfs_nfsdserv.c Modified: releng/8.3/UPDATING ============================================================================== --- releng/8.3/UPDATING Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.3/UPDATING Tue Apr 8 23:16:05 2014 (r264284) @@ -15,6 +15,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140408: p15 FreeBSD-SA-14:05.nfsserver + FreeBSD-SA-14:06.openssl + Fix deadlock in the NFS server. [SA-14:05] + + Fix for ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] + 20140114: p14 FreeBSD-SA-14:01.bsnmpd FreeBSD-SA-14:02.ntpd FreeBSD-SA-14:04.bind Modified: releng/8.3/crypto/openssl/crypto/bn/bn.h ============================================================================== --- releng/8.3/crypto/openssl/crypto/bn/bn.h Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.3/crypto/openssl/crypto/bn/bn.h Tue Apr 8 23:16:05 2014 (r264284) @@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: releng/8.3/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.3/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 23:16:05 2014 (r264284) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: releng/8.3/crypto/openssl/crypto/ec/ec2_mult.c ============================================================================== --- releng/8.3/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.3/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 23:16:05 2014 (r264284) @@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *grou /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". + * + * To protect against side-channel attack the function uses constant time + * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_mult x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_mult { for (; j >= 0; j--) { - if (scalar->d[i] & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); mask >>= 1; } j = BN_BITS2 - 1; Modified: releng/8.3/sys/conf/newvers.sh ============================================================================== --- releng/8.3/sys/conf/newvers.sh Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.3/sys/conf/newvers.sh Tue Apr 8 23:16:05 2014 (r264284) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.3" -BRANCH="RELEASE-p14" +BRANCH="RELEASE-p15" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.3/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- releng/8.3/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.3/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 23:16:05 2014 (r264284) @@ -1446,10 +1446,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, nfsvno_relpathbuf(&fromnd); goto out; } + /* + * Unlock dp in this code section, so it is unlocked before + * tdp gets locked. This avoids a potential LOR if tdp is the + * parent directory of dp. + */ if (nd->nd_flag & ND_NFSV4) { tdp = todp; tnes = *toexp; - tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0); + if (dp != tdp) { + NFSVOPUNLOCK(dp, 0); + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 0); /* Might lock tdp. */ + } else { + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 1); + NFSVOPUNLOCK(dp, 0); + } } else { tfh.nfsrvfh_len = 0; error = nfsrv_mtofh(nd, &tfh); @@ -1470,10 +1483,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, tnes = *exp; tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); + NFSVOPUNLOCK(dp, 0); } else { + NFSVOPUNLOCK(dp, 0); nd->nd_cred->cr_uid = nd->nd_saveduid; nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL, - 0, p); + 0, p); /* Locks tdp. */ if (tdp) { tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); @@ -1488,7 +1503,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, if (error) { if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1503,7 +1518,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, } if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1512,7 +1527,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, /* * Done parsing, now down to business. */ - nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp); + nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp); if (nd->nd_repstat) { if (nd->nd_flag & ND_NFSV3) { nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret, Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.4/UPDATING Tue Apr 8 23:16:05 2014 (r264284) @@ -15,6 +15,12 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140408: p8 FreeBSD-SA-14:05.nfsserver + FreeBSD-SA-14:06.openssl + Fix deadlock in the NFS server. [SA-14:05] + + Fix for ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] + 20140114: p7 FreeBSD-SA-14:01.bsnmpd FreeBSD-SA-14:02.ntpd FreeBSD-SA-14:04.bind Modified: releng/8.4/crypto/openssl/crypto/bn/bn.h ============================================================================== --- releng/8.4/crypto/openssl/crypto/bn/bn.h Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.4/crypto/openssl/crypto/bn/bn.h Tue Apr 8 23:16:05 2014 (r264284) @@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: releng/8.4/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.4/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 23:16:05 2014 (r264284) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: releng/8.4/crypto/openssl/crypto/ec/ec2_mult.c ============================================================================== --- releng/8.4/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.4/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 23:16:05 2014 (r264284) @@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *grou /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". + * + * To protect against side-channel attack the function uses constant time + * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_mult x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_mult { for (; j >= 0; j--) { - if (scalar->d[i] & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); mask >>= 1; } j = BN_BITS2 - 1; Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.4/sys/conf/newvers.sh Tue Apr 8 23:16:05 2014 (r264284) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p7" +BRANCH="RELEASE-p8" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- releng/8.4/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/8.4/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 23:16:05 2014 (r264284) @@ -1446,10 +1446,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, nfsvno_relpathbuf(&fromnd); goto out; } + /* + * Unlock dp in this code section, so it is unlocked before + * tdp gets locked. This avoids a potential LOR if tdp is the + * parent directory of dp. + */ if (nd->nd_flag & ND_NFSV4) { tdp = todp; tnes = *toexp; - tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0); + if (dp != tdp) { + NFSVOPUNLOCK(dp, 0); + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 0); /* Might lock tdp. */ + } else { + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 1); + NFSVOPUNLOCK(dp, 0); + } } else { tfh.nfsrvfh_len = 0; error = nfsrv_mtofh(nd, &tfh); @@ -1470,10 +1483,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, tnes = *exp; tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); + NFSVOPUNLOCK(dp, 0); } else { + NFSVOPUNLOCK(dp, 0); nd->nd_cred->cr_uid = nd->nd_saveduid; nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL, - 0, p); + 0, p); /* Locks tdp. */ if (tdp) { tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); @@ -1488,7 +1503,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, if (error) { if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1503,7 +1518,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, } if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1512,7 +1527,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, /* * Done parsing, now down to business. */ - nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp); + nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp); if (nd->nd_repstat) { if (nd->nd_flag & ND_NFSV3) { nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret, Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.1/UPDATING Tue Apr 8 23:16:05 2014 (r264284) @@ -9,6 +9,12 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140408: p11 FreeBSD-SA-14:05.nfsserver + FreeBSD-SA-14:06.openssl + Fix deadlock in the NFS server. [SA-14:05] + + Fix for ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] + 20140114: p10 FreeBSD-SA-14:01.bsnmpd FreeBSD-SA-14:02.ntpd FreeBSD-SA-14:04.bind Modified: releng/9.1/crypto/openssl/crypto/bn/bn.h ============================================================================== --- releng/9.1/crypto/openssl/crypto/bn/bn.h Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.1/crypto/openssl/crypto/bn/bn.h Tue Apr 8 23:16:05 2014 (r264284) @@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: releng/9.1/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- releng/9.1/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.1/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 23:16:05 2014 (r264284) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: releng/9.1/crypto/openssl/crypto/ec/ec2_mult.c ============================================================================== --- releng/9.1/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.1/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 23:16:05 2014 (r264284) @@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *grou /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". + * + * To protect against side-channel attack the function uses constant time + * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_mult x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_mult { for (; j >= 0; j--) { - if (scalar->d[i] & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); mask >>= 1; } j = BN_BITS2 - 1; Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.1/sys/conf/newvers.sh Tue Apr 8 23:16:05 2014 (r264284) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.1/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- releng/9.1/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.1/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 23:16:05 2014 (r264284) @@ -1446,10 +1446,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, nfsvno_relpathbuf(&fromnd); goto out; } + /* + * Unlock dp in this code section, so it is unlocked before + * tdp gets locked. This avoids a potential LOR if tdp is the + * parent directory of dp. + */ if (nd->nd_flag & ND_NFSV4) { tdp = todp; tnes = *toexp; - tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0); + if (dp != tdp) { + NFSVOPUNLOCK(dp, 0); + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 0); /* Might lock tdp. */ + } else { + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 1); + NFSVOPUNLOCK(dp, 0); + } } else { tfh.nfsrvfh_len = 0; error = nfsrv_mtofh(nd, &tfh); @@ -1470,10 +1483,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, tnes = *exp; tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); + NFSVOPUNLOCK(dp, 0); } else { + NFSVOPUNLOCK(dp, 0); nd->nd_cred->cr_uid = nd->nd_saveduid; nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL, - 0, p); + 0, p); /* Locks tdp. */ if (tdp) { tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); @@ -1488,7 +1503,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, if (error) { if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1503,7 +1518,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, } if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1512,7 +1527,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, /* * Done parsing, now down to business. */ - nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp); + nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp); if (nd->nd_repstat) { if (nd->nd_flag & ND_NFSV3) { nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret, Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.2/UPDATING Tue Apr 8 23:16:05 2014 (r264284) @@ -11,6 +11,12 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140408: p4 FreeBSD-SA-14:05.nfsserver + FreeBSD-SA-14:06.openssl + Fix deadlock in the NFS server. [SA-14:05] + + Fix for ECDSA Cache Side-channel Attack in OpenSSL. [SA-14:06] + 20140114: p3 FreeBSD-SA-14:01.bsnmpd FreeBSD-SA-14:02.ntpd FreeBSD-SA-14:04.bind Modified: releng/9.2/crypto/openssl/crypto/bn/bn.h ============================================================================== --- releng/9.2/crypto/openssl/crypto/bn/bn.h Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.2/crypto/openssl/crypto/bn/bn.h Tue Apr 8 23:16:05 2014 (r264284) @@ -511,6 +511,8 @@ BIGNUM *BN_mod_inverse(BIGNUM *ret, BIGNUM *BN_mod_sqrt(BIGNUM *ret, const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); + /* Deprecated versions */ #ifndef OPENSSL_NO_DEPRECATED BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, @@ -740,11 +742,20 @@ int RAND_pseudo_bytes(unsigned char *buf #define bn_fix_top(a) bn_check_top(a) +#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) +#define bn_wcheck_size(bn, words) \ + do { \ + const BIGNUM *_bnum2 = (bn); \ + assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ + } while(0) + #else /* !BN_DEBUG */ #define bn_pollute(a) #define bn_check_top(a) #define bn_fix_top(a) bn_correct_top(a) +#define bn_check_size(bn, bits) +#define bn_wcheck_size(bn, words) #endif Modified: releng/9.2/crypto/openssl/crypto/bn/bn_lib.c ============================================================================== --- releng/9.2/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.2/crypto/openssl/crypto/bn/bn_lib.c Tue Apr 8 23:16:05 2014 (r264284) @@ -824,3 +824,55 @@ int bn_cmp_part_words(const BN_ULONG *a, } return bn_cmp_words(a,b,cl); } + +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} Modified: releng/9.2/crypto/openssl/crypto/ec/ec2_mult.c ============================================================================== --- releng/9.2/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.2/crypto/openssl/crypto/ec/ec2_mult.c Tue Apr 8 23:16:05 2014 (r264284) @@ -208,9 +208,12 @@ static int gf2m_Mxy(const EC_GROUP *grou /* Computes scalar*point and stores the result in r. * point can not equal r. - * Uses algorithm 2P of + * Uses a modified algorithm 2P of * Lopex, J. and Dahab, R. "Fast multiplication on elliptic curves over * GF(2^m) without precomputation". + * + * To protect against side-channel attack the function uses constant time + * swap avoiding conditional branches. */ static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, const EC_POINT *point, BN_CTX *ctx) @@ -244,6 +247,11 @@ static int ec_GF2m_montgomery_point_mult x2 = &r->X; z2 = &r->Y; + bn_wexpand(x1, group->field.top); + bn_wexpand(z1, group->field.top); + bn_wexpand(x2, group->field.top); + bn_wexpand(z2, group->field.top); + if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ if (!BN_one(z1)) goto err; /* z1 = 1 */ if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ @@ -266,16 +274,12 @@ static int ec_GF2m_montgomery_point_mult { for (; j >= 0; j--) { - if (scalar->d[i] & mask) - { - if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; - if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; - } - else - { - if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; - if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; - } + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); + if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; + if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; + BN_consttime_swap(scalar->d[i] & mask, x1, x2, group->field.top); + BN_consttime_swap(scalar->d[i] & mask, z1, z2, group->field.top); mask >>= 1; } j = BN_BITS2 - 1; Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.2/sys/conf/newvers.sh Tue Apr 8 23:16:05 2014 (r264284) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/sys/fs/nfsserver/nfs_nfsdserv.c ============================================================================== --- releng/9.2/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 22:36:39 2014 (r264283) +++ releng/9.2/sys/fs/nfsserver/nfs_nfsdserv.c Tue Apr 8 23:16:05 2014 (r264284) @@ -1457,10 +1457,23 @@ nfsrvd_rename(struct nfsrv_descript *nd, nfsvno_relpathbuf(&fromnd); goto out; } + /* + * Unlock dp in this code section, so it is unlocked before + * tdp gets locked. This avoids a potential LOR if tdp is the + * parent directory of dp. + */ if (nd->nd_flag & ND_NFSV4) { tdp = todp; tnes = *toexp; - tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 0); + if (dp != tdp) { + NFSVOPUNLOCK(dp, 0); + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 0); /* Might lock tdp. */ + } else { + tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, + p, 1); + NFSVOPUNLOCK(dp, 0); + } } else { tfh.nfsrvfh_len = 0; error = nfsrv_mtofh(nd, &tfh); @@ -1481,10 +1494,12 @@ nfsrvd_rename(struct nfsrv_descript *nd, tnes = *exp; tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); + NFSVOPUNLOCK(dp, 0); } else { + NFSVOPUNLOCK(dp, 0); nd->nd_cred->cr_uid = nd->nd_saveduid; nfsd_fhtovp(nd, &tfh, LK_EXCLUSIVE, &tdp, &tnes, NULL, - 0, p); + 0, p); /* Locks tdp. */ if (tdp) { tdirfor_ret = nfsvno_getattr(tdp, &tdirfor, nd->nd_cred, p, 1); @@ -1499,7 +1514,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, if (error) { if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1514,7 +1529,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, } if (tdp) vrele(tdp); - vput(dp); + vrele(dp); nfsvno_relpathbuf(&fromnd); nfsvno_relpathbuf(&tond); goto out; @@ -1523,7 +1538,7 @@ nfsrvd_rename(struct nfsrv_descript *nd, /* * Done parsing, now down to business. */ - nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 1, exp, p, &fdirp); + nd->nd_repstat = nfsvno_namei(nd, &fromnd, dp, 0, exp, p, &fdirp); if (nd->nd_repstat) { if (nd->nd_flag & ND_NFSV3) { nfsrv_wcc(nd, fdirfor_ret, &fdirfor, fdiraft_ret, From owner-svn-src-releng@FreeBSD.ORG Wed Apr 30 04:04:43 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C71F5E2F; Wed, 30 Apr 2014 04:04:43 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B374A11BE; Wed, 30 Apr 2014 04:04:43 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3U44h7g014262; Wed, 30 Apr 2014 04:04:43 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3U44gdH014256; Wed, 30 Apr 2014 04:04:42 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201404300404.s3U44gdH014256@svn.freebsd.org> From: Xin LI Date: Wed, 30 Apr 2014 04:04:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r265124 - in releng/10.0: . crypto/openssl/ssl etc/defaults sys/conf sys/netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 04:04:43 -0000 Author: delphij Date: Wed Apr 30 04:04:42 2014 New Revision: 265124 URL: http://svnweb.freebsd.org/changeset/base/265124 Log: Fix devfs rules not applied by default for jails. Fix OpenSSL use-after-free vulnerability. Fix TCP reassembly vulnerability. Security: FreeBSD-SA-14:07.devfs Security: CVE-2014-3001 Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Security: FreeBSD-SA-14:09.openssl Security: CVE-2010-5298 Approved by: so Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/ssl/s3_pkt.c releng/10.0/etc/defaults/rc.conf releng/10.0/sys/conf/newvers.sh releng/10.0/sys/netinet/tcp_reass.c Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Wed Apr 30 04:04:20 2014 (r265123) +++ releng/10.0/UPDATING Wed Apr 30 04:04:42 2014 (r265124) @@ -16,6 +16,16 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140430: p2 FreeBSD-SA-14:07.devfs + FreeBSD-SA-14:08.tcp + FreeBSD-SA-14:09.openssl + + Fix devfs rules not applied by default for jails. [SA-14:07] + + Fix TCP reassembly vulnerability. [SA-14:08] + + Fix OpenSSL use-after-free vulnerability. [SA-14:09] + 20140408: p1 FreeBSD-SA-14:05.nfsserver FreeBSD-SA-14:06.openssl Fix deadlock in the NFS server. [SA-14:05] Modified: releng/10.0/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/s3_pkt.c Wed Apr 30 04:04:20 2014 (r265123) +++ releng/10.0/crypto/openssl/ssl/s3_pkt.c Wed Apr 30 04:04:42 2014 (r265124) @@ -1055,7 +1055,7 @@ start: { s->rstate=SSL_ST_READ_HEADER; rr->off=0; - if (s->mode & SSL_MODE_RELEASE_BUFFERS) + if (s->mode & SSL_MODE_RELEASE_BUFFERS && s->s3->rbuf.left == 0) ssl3_release_read_buffer(s); } } Modified: releng/10.0/etc/defaults/rc.conf ============================================================================== --- releng/10.0/etc/defaults/rc.conf Wed Apr 30 04:04:20 2014 (r265123) +++ releng/10.0/etc/defaults/rc.conf Wed Apr 30 04:04:42 2014 (r265124) @@ -649,7 +649,7 @@ devfs_rulesets="/etc/defaults/devfs.rule devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to # apply (must be mounted already, i.e. fstab(5)) -devfs_load_rulesets="NO" # Enable to always load the default rulesets +devfs_load_rulesets="YES" # Enable to always load the default rulesets performance_cx_lowest="HIGH" # Online CPU idle state performance_cpu_freq="NONE" # Online CPU frequency economy_cx_lowest="HIGH" # Offline CPU idle state Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Wed Apr 30 04:04:20 2014 (r265123) +++ releng/10.0/sys/conf/newvers.sh Wed Apr 30 04:04:42 2014 (r265124) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p1" +BRANCH="RELEASE-p2" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.0/sys/netinet/tcp_reass.c ============================================================================== --- releng/10.0/sys/netinet/tcp_reass.c Wed Apr 30 04:04:20 2014 (r265123) +++ releng/10.0/sys/netinet/tcp_reass.c Wed Apr 30 04:04:42 2014 (r265124) @@ -205,7 +205,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd * Investigate why and re-evaluate the below limit after the behaviour * is understood. */ - if (th->th_seq != tp->rcv_nxt && + if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) && tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) { V_tcp_reass_overflows++; TCPSTAT_INC(tcps_rcvmemdrop); @@ -228,7 +228,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd */ te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); if (te == NULL) { - if (th->th_seq != tp->rcv_nxt) { + if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) { TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; @@ -276,7 +276,8 @@ tcp_reass(struct tcpcb *tp, struct tcphd TCPSTAT_INC(tcps_rcvduppack); TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp); m_freem(m); - uma_zfree(V_tcp_reass_zone, te); + if (te != &tqs) + uma_zfree(V_tcp_reass_zone, te); tp->t_segqlen--; /* * Try to present any queued data From owner-svn-src-releng@FreeBSD.ORG Wed Apr 30 04:05:50 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A24B6F6B; Wed, 30 Apr 2014 04:05:50 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8C5B611CB; Wed, 30 Apr 2014 04:05:50 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s3U45oTK014547; Wed, 30 Apr 2014 04:05:50 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s3U45mtu014533; Wed, 30 Apr 2014 04:05:48 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201404300405.s3U45mtu014533@svn.freebsd.org> From: Xin LI Date: Wed, 30 Apr 2014 04:05:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r265125 - in releng: 8.3 8.3/sys/conf 8.3/sys/netinet 8.4 8.4/sys/conf 8.4/sys/netinet 9.1 9.1/sys/conf 9.1/sys/netinet 9.2 9.2/sys/conf 9.2/sys/netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Apr 2014 04:05:50 -0000 Author: delphij Date: Wed Apr 30 04:05:47 2014 New Revision: 265125 URL: http://svnweb.freebsd.org/changeset/base/265125 Log: Fix TCP reassembly vulnerability. Security: FreeBSD-SA-14:08.tcp Security: CVE-2014-3000 Approved by: so Modified: releng/8.3/UPDATING releng/8.3/sys/conf/newvers.sh releng/8.3/sys/netinet/tcp_reass.c releng/8.4/UPDATING releng/8.4/sys/conf/newvers.sh releng/8.4/sys/netinet/tcp_reass.c releng/9.1/UPDATING releng/9.1/sys/conf/newvers.sh releng/9.1/sys/netinet/tcp_reass.c releng/9.2/UPDATING releng/9.2/sys/conf/newvers.sh releng/9.2/sys/netinet/tcp_reass.c Modified: releng/8.3/UPDATING ============================================================================== --- releng/8.3/UPDATING Wed Apr 30 04:04:42 2014 (r265124) +++ releng/8.3/UPDATING Wed Apr 30 04:05:47 2014 (r265125) @@ -15,6 +15,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140430: p16 FreeBSD-SA-14:08.tcp + + Fix TCP reassembly vulnerability. [SA-14:08] + 20140408: p15 FreeBSD-SA-14:05.nfsserver FreeBSD-SA-14:06.openssl Fix deadlock in the NFS server. [SA-14:05] Modified: releng/8.3/sys/conf/newvers.sh ============================================================================== --- releng/8.3/sys/conf/newvers.sh Wed Apr 30 04:04:42 2014 (r265124) +++ releng/8.3/sys/conf/newvers.sh Wed Apr 30 04:05:47 2014 (r265125) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.3" -BRANCH="RELEASE-p15" +BRANCH="RELEASE-p16" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.3/sys/netinet/tcp_reass.c ============================================================================== --- releng/8.3/sys/netinet/tcp_reass.c Wed Apr 30 04:04:42 2014 (r265124) +++ releng/8.3/sys/netinet/tcp_reass.c Wed Apr 30 04:05:47 2014 (r265125) @@ -211,7 +211,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd * Investigate why and re-evaluate the below limit after the behaviour * is understood. */ - if (th->th_seq != tp->rcv_nxt && + if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) && tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) { V_tcp_reass_overflows++; TCPSTAT_INC(tcps_rcvmemdrop); @@ -234,7 +234,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd */ te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); if (te == NULL) { - if (th->th_seq != tp->rcv_nxt) { + if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) { TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; @@ -282,7 +282,8 @@ tcp_reass(struct tcpcb *tp, struct tcphd TCPSTAT_INC(tcps_rcvduppack); TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp); m_freem(m); - uma_zfree(V_tcp_reass_zone, te); + if (te != &tqs) + uma_zfree(V_tcp_reass_zone, te); tp->t_segqlen--; /* * Try to present any queued data Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Wed Apr 30 04:04:42 2014 (r265124) +++ releng/8.4/UPDATING Wed Apr 30 04:05:47 2014 (r265125) @@ -15,6 +15,10 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140430: p9 FreeBSD-SA-14:08.tcp + + Fix TCP reassembly vulnerability. [SA-14:08] + 20140408: p8 FreeBSD-SA-14:05.nfsserver FreeBSD-SA-14:06.openssl Fix deadlock in the NFS server. [SA-14:05] Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Wed Apr 30 04:04:42 2014 (r265124) +++ releng/8.4/sys/conf/newvers.sh Wed Apr 30 04:05:47 2014 (r265125) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p8" +BRANCH="RELEASE-p9" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/sys/netinet/tcp_reass.c ============================================================================== --- releng/8.4/sys/netinet/tcp_reass.c Wed Apr 30 04:04:42 2014 (r265124) +++ releng/8.4/sys/netinet/tcp_reass.c Wed Apr 30 04:05:47 2014 (r265125) @@ -211,7 +211,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd * Investigate why and re-evaluate the below limit after the behaviour * is understood. */ - if (th->th_seq != tp->rcv_nxt && + if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) && tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) { V_tcp_reass_overflows++; TCPSTAT_INC(tcps_rcvmemdrop); @@ -234,7 +234,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd */ te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); if (te == NULL) { - if (th->th_seq != tp->rcv_nxt) { + if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) { TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; @@ -282,7 +282,8 @@ tcp_reass(struct tcpcb *tp, struct tcphd TCPSTAT_INC(tcps_rcvduppack); TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp); m_freem(m); - uma_zfree(V_tcp_reass_zone, te); + if (te != &tqs) + uma_zfree(V_tcp_reass_zone, te); tp->t_segqlen--; /* * Try to present any queued data Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Wed Apr 30 04:04:42 2014 (r265124) +++ releng/9.1/UPDATING Wed Apr 30 04:05:47 2014 (r265125) @@ -9,6 +9,10 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140430: p12 FreeBSD-SA-14:08.tcp + + Fix TCP reassembly vulnerability. [SA-14:08] + 20140408: p11 FreeBSD-SA-14:05.nfsserver FreeBSD-SA-14:06.openssl Fix deadlock in the NFS server. [SA-14:05] Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Wed Apr 30 04:04:42 2014 (r265124) +++ releng/9.1/sys/conf/newvers.sh Wed Apr 30 04:05:47 2014 (r265125) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.1/sys/netinet/tcp_reass.c ============================================================================== --- releng/9.1/sys/netinet/tcp_reass.c Wed Apr 30 04:04:42 2014 (r265124) +++ releng/9.1/sys/netinet/tcp_reass.c Wed Apr 30 04:05:47 2014 (r265125) @@ -211,7 +211,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd * Investigate why and re-evaluate the below limit after the behaviour * is understood. */ - if (th->th_seq != tp->rcv_nxt && + if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) && tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) { V_tcp_reass_overflows++; TCPSTAT_INC(tcps_rcvmemdrop); @@ -234,7 +234,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd */ te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); if (te == NULL) { - if (th->th_seq != tp->rcv_nxt) { + if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) { TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; @@ -282,7 +282,8 @@ tcp_reass(struct tcpcb *tp, struct tcphd TCPSTAT_INC(tcps_rcvduppack); TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp); m_freem(m); - uma_zfree(V_tcp_reass_zone, te); + if (te != &tqs) + uma_zfree(V_tcp_reass_zone, te); tp->t_segqlen--; /* * Try to present any queued data Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Wed Apr 30 04:04:42 2014 (r265124) +++ releng/9.2/UPDATING Wed Apr 30 04:05:47 2014 (r265125) @@ -11,6 +11,10 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140430: p5 FreeBSD-SA-14:08.tcp + + Fix TCP reassembly vulnerability. [SA-14:08] + 20140408: p4 FreeBSD-SA-14:05.nfsserver FreeBSD-SA-14:06.openssl Fix deadlock in the NFS server. [SA-14:05] Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Wed Apr 30 04:04:42 2014 (r265124) +++ releng/9.2/sys/conf/newvers.sh Wed Apr 30 04:05:47 2014 (r265125) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/sys/netinet/tcp_reass.c ============================================================================== --- releng/9.2/sys/netinet/tcp_reass.c Wed Apr 30 04:04:42 2014 (r265124) +++ releng/9.2/sys/netinet/tcp_reass.c Wed Apr 30 04:05:47 2014 (r265125) @@ -205,7 +205,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd * Investigate why and re-evaluate the below limit after the behaviour * is understood. */ - if (th->th_seq != tp->rcv_nxt && + if ((th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) && tp->t_segqlen >= (so->so_rcv.sb_hiwat / tp->t_maxseg) + 1) { V_tcp_reass_overflows++; TCPSTAT_INC(tcps_rcvmemdrop); @@ -228,7 +228,7 @@ tcp_reass(struct tcpcb *tp, struct tcphd */ te = uma_zalloc(V_tcp_reass_zone, M_NOWAIT); if (te == NULL) { - if (th->th_seq != tp->rcv_nxt) { + if (th->th_seq != tp->rcv_nxt || !TCPS_HAVEESTABLISHED(tp->t_state)) { TCPSTAT_INC(tcps_rcvmemdrop); m_freem(m); *tlenp = 0; @@ -276,7 +276,8 @@ tcp_reass(struct tcpcb *tp, struct tcphd TCPSTAT_INC(tcps_rcvduppack); TCPSTAT_ADD(tcps_rcvdupbyte, *tlenp); m_freem(m); - uma_zfree(V_tcp_reass_zone, te); + if (te != &tqs) + uma_zfree(V_tcp_reass_zone, te); tp->t_segqlen--; /* * Try to present any queued data From owner-svn-src-releng@FreeBSD.ORG Tue May 13 23:22:29 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A108F73A; Tue, 13 May 2014 23:22:29 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8E1AC29D8; Tue, 13 May 2014 23:22:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4DNMT84058500; Tue, 13 May 2014 23:22:29 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4DNMSh6058494; Tue, 13 May 2014 23:22:28 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201405132322.s4DNMSh6058494@svn.freebsd.org> From: Xin LI Date: Tue, 13 May 2014 23:22:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r265987 - in releng/10.0: . crypto/openssl/ssl sys/conf sys/dev/ciss X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2014 23:22:29 -0000 Author: delphij Date: Tue May 13 23:22:28 2014 New Revision: 265987 URL: http://svnweb.freebsd.org/changeset/base/265987 Log: Fix OpenSSL NULL pointer deference vulnerability. [SA-14:09] Security: FreeBSD-SA-14:09.openssl Security: CVE-2014-0198 Fix data corruption with ciss(4). [EN-14:05] Errata: FreeBSD-EN-14:05.ciss Approved by: so Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/ssl/s3_pkt.c releng/10.0/sys/conf/newvers.sh releng/10.0/sys/dev/ciss/ciss.c Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Tue May 13 23:19:16 2014 (r265986) +++ releng/10.0/UPDATING Tue May 13 23:22:28 2014 (r265987) @@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140513: p3 FreeBSD-SA-14:10.openssl + FreeBSD-EN-14:05.ciss + + Fix OpenSSL NULL pointer deference vulnerability. [SA-14:10] + + Fix data corruption with ciss(4). [EN-14:05] + 20140430: p2 FreeBSD-SA-14:07.devfs FreeBSD-SA-14:08.tcp FreeBSD-SA-14:09.openssl Modified: releng/10.0/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/s3_pkt.c Tue May 13 23:19:16 2014 (r265986) +++ releng/10.0/crypto/openssl/ssl/s3_pkt.c Tue May 13 23:22:28 2014 (r265987) @@ -657,6 +657,10 @@ static int do_ssl3_write(SSL *s, int typ if (i <= 0) return(i); /* if it went, fall through and send more stuff */ + /* we may have released our buffer, so get it again */ + if (wb->buf == NULL) + if (!ssl3_setup_write_buffer(s)) + return -1; } if (len == 0 && !create_empty_fragment) Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Tue May 13 23:19:16 2014 (r265986) +++ releng/10.0/sys/conf/newvers.sh Tue May 13 23:22:28 2014 (r265987) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p2" +BRANCH="RELEASE-p3" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.0/sys/dev/ciss/ciss.c ============================================================================== --- releng/10.0/sys/dev/ciss/ciss.c Tue May 13 23:19:16 2014 (r265986) +++ releng/10.0/sys/dev/ciss/ciss.c Tue May 13 23:22:28 2014 (r265987) @@ -180,8 +180,6 @@ static int ciss_cam_emulate(struct ciss_ static void ciss_cam_poll(struct cam_sim *sim); static void ciss_cam_complete(struct ciss_request *cr); static void ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio); -static struct cam_periph *ciss_find_periph(struct ciss_softc *sc, - int bus, int target); static int ciss_name_device(struct ciss_softc *sc, int bus, int target); /* periodic status monitoring */ @@ -3398,27 +3396,6 @@ ciss_cam_complete_fixup(struct ciss_soft /******************************************************************************** - * Find a peripheral attached at (target) - */ -static struct cam_periph * -ciss_find_periph(struct ciss_softc *sc, int bus, int target) -{ - struct cam_periph *periph; - struct cam_path *path; - int status; - - status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]), - target, 0); - if (status == CAM_REQ_CMP) { - periph = cam_periph_find(path, NULL); - xpt_free_path(path); - } else { - periph = NULL; - } - return(periph); -} - -/******************************************************************************** * Name the device at (target) * * XXX is this strictly correct? @@ -3427,12 +3404,22 @@ static int ciss_name_device(struct ciss_softc *sc, int bus, int target) { struct cam_periph *periph; + struct cam_path *path; + int status; if (CISS_IS_PHYSICAL(bus)) return (0); - if ((periph = ciss_find_periph(sc, bus, target)) != NULL) { + + status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]), + target, 0); + + if (status == CAM_REQ_CMP) { + mtx_lock(&sc->ciss_mtx); + periph = cam_periph_find(path, NULL); sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d", periph->periph_name, periph->unit_number); + mtx_unlock(&sc->ciss_mtx); + xpt_free_path(path); return(0); } sc->ciss_logical[bus][target].cl_name[0] = 0; From owner-svn-src-releng@FreeBSD.ORG Tue May 13 23:24:21 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 981B0871; Tue, 13 May 2014 23:24:21 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7907729E6; Tue, 13 May 2014 23:24:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4DNOLkb058800; Tue, 13 May 2014 23:24:21 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4DNOE0m058757; Tue, 13 May 2014 23:24:14 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201405132324.s4DNOE0m058757@svn.freebsd.org> From: Xin LI Date: Tue, 13 May 2014 23:24:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r265988 - in releng: 9.1 9.1/etc 9.1/etc/mtree 9.1/etc/pkg 9.1/share 9.1/share/keys 9.1/share/keys/pkg 9.1/share/keys/pkg/trusted 9.1/share/man/man7 9.1/sys/conf 9.1/sys/dev/ciss 9.1/us... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2014 23:24:21 -0000 Author: delphij Date: Tue May 13 23:24:14 2014 New Revision: 265988 URL: http://svnweb.freebsd.org/changeset/base/265988 Log: Add pkg bootstrapping, configuration and public keys. [EN-14:03] Improve build repeatability for kldxref(8). [EN-14:04] Fix data corruption with ciss(4). [EN-14:05] Approved by: so Added: releng/9.1/etc/pkg/ releng/9.1/etc/pkg/FreeBSD.conf (contents, props changed) releng/9.1/etc/pkg/Makefile (contents, props changed) releng/9.1/share/keys/ releng/9.1/share/keys/Makefile (contents, props changed) releng/9.1/share/keys/pkg/ releng/9.1/share/keys/pkg/Makefile (contents, props changed) releng/9.1/share/keys/pkg/trusted/ releng/9.1/share/keys/pkg/trusted/Makefile (contents, props changed) releng/9.1/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (contents, props changed) releng/9.2/etc/pkg/ releng/9.2/etc/pkg/FreeBSD.conf (contents, props changed) releng/9.2/etc/pkg/Makefile (contents, props changed) releng/9.2/share/keys/ releng/9.2/share/keys/Makefile (contents, props changed) releng/9.2/share/keys/pkg/ releng/9.2/share/keys/pkg/Makefile (contents, props changed) releng/9.2/share/keys/pkg/trusted/ releng/9.2/share/keys/pkg/trusted/Makefile (contents, props changed) releng/9.2/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (contents, props changed) Modified: releng/9.1/UPDATING releng/9.1/etc/Makefile releng/9.1/etc/mtree/BSD.root.dist releng/9.1/etc/mtree/BSD.usr.dist releng/9.1/share/Makefile releng/9.1/share/man/man7/hier.7 releng/9.1/sys/conf/newvers.sh releng/9.1/sys/dev/ciss/ciss.c releng/9.1/usr.sbin/kldxref/kldxref.c releng/9.1/usr.sbin/pkg/pkg.c releng/9.2/UPDATING releng/9.2/etc/Makefile releng/9.2/etc/mtree/BSD.root.dist releng/9.2/etc/mtree/BSD.usr.dist releng/9.2/share/Makefile releng/9.2/share/man/man7/hier.7 releng/9.2/sys/conf/newvers.sh releng/9.2/sys/dev/ciss/ciss.c releng/9.2/usr.sbin/kldxref/kldxref.c releng/9.2/usr.sbin/pkg/pkg.c Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/UPDATING Tue May 13 23:24:14 2014 (r265988) @@ -9,6 +9,16 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140513: p13 FreeBSD-EN-14:03.pkg + FreeBSD-EN-14:04.kldxref + FreeBSD-EN-14:05.ciss + + Add pkg bootstrapping, configuration and public keys. [EN-14:03] + + Improve build repeatability for kldxref(8). [EN-14:04] + + Fix data corruption with ciss(4). [EN-14:05] + 20140430: p12 FreeBSD-SA-14:08.tcp Fix TCP reassembly vulnerability. [SA-14:08] Modified: releng/9.1/etc/Makefile ============================================================================== --- releng/9.1/etc/Makefile Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/etc/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -205,6 +205,7 @@ distribution: ${_+_}cd ${.CURDIR}/devd; ${MAKE} install ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install + ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap Modified: releng/9.1/etc/mtree/BSD.root.dist ============================================================================== --- releng/9.1/etc/mtree/BSD.root.dist Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/etc/mtree/BSD.root.dist Tue May 13 23:24:14 2014 (r265988) @@ -52,6 +52,8 @@ weekly .. .. + pkg + .. ppp .. rc.d Modified: releng/9.1/etc/mtree/BSD.usr.dist ============================================================================== --- releng/9.1/etc/mtree/BSD.usr.dist Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/etc/mtree/BSD.usr.dist Tue May 13 23:24:14 2014 (r265988) @@ -398,6 +398,14 @@ .. .. .. + keys + pkg + revoked + .. + trusted + .. + .. + .. locale UTF-8 .. Added: releng/9.1/etc/pkg/FreeBSD.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.1/etc/pkg/FreeBSD.conf Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,16 @@ +# $FreeBSD$ +# +# To disable this repository, instead of modifying or removing this file, +# create a /usr/local/etc/pkg/repos/FreeBSD.conf file: +# +# mkdir -p /usr/local/etc/pkg/repos +# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf +# + +FreeBSD: { + url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/share/keys/pkg", + enabled: yes +} Added: releng/9.1/etc/pkg/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.1/etc/pkg/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= FreeBSD.conf + +FILESDIR= /etc/pkg +FILESMODE= 644 + +.include Modified: releng/9.1/share/Makefile ============================================================================== --- releng/9.1/share/Makefile Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/share/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -10,6 +10,7 @@ SUBDIR= ${_colldef} \ ${_doc} \ ${_examples} \ ${_i18n} \ + keys \ ${_man} \ ${_me} \ misc \ Added: releng/9.1/share/keys/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.1/share/keys/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= pkg + +.include Added: releng/9.1/share/keys/pkg/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.1/share/keys/pkg/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= trusted + +.include Added: releng/9.1/share/keys/pkg/trusted/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.1/share/keys/pkg/trusted/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= pkg.freebsd.org.2013102301 + +FILESDIR= /usr/share/keys/pkg/trusted +FILESMODE= 644 + +.include Added: releng/9.1/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.1/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,4 @@ +# $FreeBSD$ + +function: "sha256" +fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438" Modified: releng/9.1/share/man/man7/hier.7 ============================================================================== --- releng/9.1/share/man/man7/hier.7 Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/share/man/man7/hier.7 Tue May 13 23:24:14 2014 (r265988) @@ -32,7 +32,7 @@ .\" @(#)hier.7 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 25, 2008 +.Dd October 29, 2013 .Dt HIER 7 .Os .Sh NAME @@ -546,6 +546,16 @@ ASCII text files used by various games device description file for device name .It Pa info/ GNU Info hypertext system +.It Pa keys/ +known trusted and revoked keys. +.Bl -tag -width ".Pa keys/pkg/" -compact +.It Pa keys/pkg/ +fingerprints for +.Xr pkg 7 +and +.Xr pkg 8 +.El +.Pp .It Pa locale/ localization files; see Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/sys/conf/newvers.sh Tue May 13 23:24:14 2014 (r265988) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p12" +BRANCH="RELEASE-p13" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.1/sys/dev/ciss/ciss.c ============================================================================== --- releng/9.1/sys/dev/ciss/ciss.c Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/sys/dev/ciss/ciss.c Tue May 13 23:24:14 2014 (r265988) @@ -179,8 +179,6 @@ static int ciss_cam_emulate(struct ciss_ static void ciss_cam_poll(struct cam_sim *sim); static void ciss_cam_complete(struct ciss_request *cr); static void ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio); -static struct cam_periph *ciss_find_periph(struct ciss_softc *sc, - int bus, int target); static int ciss_name_device(struct ciss_softc *sc, int bus, int target); /* periodic status monitoring */ @@ -3338,27 +3336,6 @@ ciss_cam_complete_fixup(struct ciss_soft /******************************************************************************** - * Find a peripheral attached at (target) - */ -static struct cam_periph * -ciss_find_periph(struct ciss_softc *sc, int bus, int target) -{ - struct cam_periph *periph; - struct cam_path *path; - int status; - - status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]), - target, 0); - if (status == CAM_REQ_CMP) { - periph = cam_periph_find(path, NULL); - xpt_free_path(path); - } else { - periph = NULL; - } - return(periph); -} - -/******************************************************************************** * Name the device at (target) * * XXX is this strictly correct? @@ -3367,12 +3344,22 @@ static int ciss_name_device(struct ciss_softc *sc, int bus, int target) { struct cam_periph *periph; + struct cam_path *path; + int status; if (CISS_IS_PHYSICAL(bus)) return (0); - if ((periph = ciss_find_periph(sc, bus, target)) != NULL) { + + status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]), + target, 0); + + if (status == CAM_REQ_CMP) { + mtx_lock(&sc->ciss_mtx); + periph = cam_periph_find(path, NULL); sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d", periph->periph_name, periph->unit_number); + mtx_unlock(&sc->ciss_mtx); + xpt_free_path(path); return(0); } sc->ciss_logical[bus][target].cl_name[0] = 0; Modified: releng/9.1/usr.sbin/kldxref/kldxref.c ============================================================================== --- releng/9.1/usr.sbin/kldxref/kldxref.c Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/usr.sbin/kldxref/kldxref.c Tue May 13 23:24:14 2014 (r265988) @@ -275,6 +275,16 @@ usage(void) exit(1); } +static int +compare(const FTSENT *const *a, const FTSENT *const *b) +{ + if ((*a)->fts_info == FTS_D && (*b)->fts_info != FTS_D) + return 1; + if ((*a)->fts_info != FTS_D && (*b)->fts_info == FTS_D) + return -1; + return strcmp((*a)->fts_name, (*b)->fts_name); +} + int main(int argc, char *argv[]) { @@ -316,7 +326,7 @@ main(int argc, char *argv[]) err(1, "%s", argv[0]); } - ftsp = fts_open(argv, fts_options, 0); + ftsp = fts_open(argv, fts_options, compare); if (ftsp == NULL) exit(1); Modified: releng/9.1/usr.sbin/pkg/pkg.c ============================================================================== --- releng/9.1/usr.sbin/pkg/pkg.c Tue May 13 23:22:28 2014 (r265987) +++ releng/9.1/usr.sbin/pkg/pkg.c Tue May 13 23:24:14 2014 (r265988) @@ -282,10 +282,7 @@ static int bootstrap_pkg(void) { FILE *remote; - FILE *config; - char *site; char url[MAXPATHLEN]; - char conf[MAXPATHLEN]; char abi[BUFSIZ]; char tmppkg[MAXPATHLEN]; char buf[10240]; @@ -300,7 +297,6 @@ bootstrap_pkg(void) last = 0; ret = -1; remote = NULL; - config = NULL; printf("Bootstrapping pkg please wait\n"); @@ -355,26 +351,6 @@ bootstrap_pkg(void) if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0) ret = install_pkg_static(pkgstatic, tmppkg); - snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf", - getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE); - - if (access(conf, R_OK) == -1) { - site = strrchr(url, '/'); - if (site == NULL) - goto cleanup; - site[0] = '\0'; - site = strrchr(url, '/'); - if (site == NULL) - goto cleanup; - site[0] = '\0'; - - config = fopen(conf, "w+"); - if (config == NULL) - goto cleanup; - fprintf(config, "packagesite: %s\n", url); - fclose(config); - } - goto cleanup; fetchfail: @@ -391,7 +367,11 @@ cleanup: static const char confirmation_message[] = "The package management tool is not yet installed on your system.\n" -"Do you want to fetch and install it now? [y/N]: "; +"The mechanism for doing this is not secure on FreeBSD 9.1. To securely install\n" +"pkg(8), use ports from a portsnap checkout:\n" +" # portsnap fetch extract\n" +" # make -C /usr/ports/ports-mgmt/pkg install clean\n" +"Do you still want to fetch and install it now? [y/N]: "; static int pkg_query_yes_no(void) Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/UPDATING Tue May 13 23:24:14 2014 (r265988) @@ -11,6 +11,16 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140513: p6 FreeBSD-EN-14:03.pkg + FreeBSD-EN-14:04.kldxref + FreeBSD-EN-14:05.ciss + + Add pkg bootstrapping, configuration and public keys. [EN-14:03] + + Improve build repeatability for kldxref(8). [EN-14:04] + + Fix data corruption with ciss(4). [EN-14:05] + 20140430: p5 FreeBSD-SA-14:08.tcp Fix TCP reassembly vulnerability. [SA-14:08] Modified: releng/9.2/etc/Makefile ============================================================================== --- releng/9.2/etc/Makefile Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/etc/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -224,6 +224,7 @@ distribution: ${_+_}cd ${.CURDIR}/devd; ${MAKE} install ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install + ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap Modified: releng/9.2/etc/mtree/BSD.root.dist ============================================================================== --- releng/9.2/etc/mtree/BSD.root.dist Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/etc/mtree/BSD.root.dist Tue May 13 23:24:14 2014 (r265988) @@ -52,6 +52,8 @@ weekly .. .. + pkg + .. ppp .. rc.d Modified: releng/9.2/etc/mtree/BSD.usr.dist ============================================================================== --- releng/9.2/etc/mtree/BSD.usr.dist Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/etc/mtree/BSD.usr.dist Tue May 13 23:24:14 2014 (r265988) @@ -402,6 +402,14 @@ .. .. .. + keys + pkg + revoked + .. + trusted + .. + .. + .. locale UTF-8 .. Added: releng/9.2/etc/pkg/FreeBSD.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.2/etc/pkg/FreeBSD.conf Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,16 @@ +# $FreeBSD$ +# +# To disable this repository, instead of modifying or removing this file, +# create a /usr/local/etc/pkg/repos/FreeBSD.conf file: +# +# mkdir -p /usr/local/etc/pkg/repos +# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf +# + +FreeBSD: { + url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/share/keys/pkg", + enabled: yes +} Added: releng/9.2/etc/pkg/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.2/etc/pkg/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= FreeBSD.conf + +FILESDIR= /etc/pkg +FILESMODE= 644 + +.include Modified: releng/9.2/share/Makefile ============================================================================== --- releng/9.2/share/Makefile Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/share/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -11,6 +11,7 @@ SUBDIR= ${_colldef} \ dtrace \ ${_examples} \ ${_i18n} \ + keys \ ${_man} \ ${_me} \ misc \ Added: releng/9.2/share/keys/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.2/share/keys/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= pkg + +.include Added: releng/9.2/share/keys/pkg/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.2/share/keys/pkg/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= trusted + +.include Added: releng/9.2/share/keys/pkg/trusted/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.2/share/keys/pkg/trusted/Makefile Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= pkg.freebsd.org.2013102301 + +FILESDIR= /usr/share/keys/pkg/trusted +FILESMODE= 644 + +.include Added: releng/9.2/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.2/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 Tue May 13 23:24:14 2014 (r265988) @@ -0,0 +1,4 @@ +# $FreeBSD$ + +function: "sha256" +fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438" Modified: releng/9.2/share/man/man7/hier.7 ============================================================================== --- releng/9.2/share/man/man7/hier.7 Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/share/man/man7/hier.7 Tue May 13 23:24:14 2014 (r265988) @@ -32,7 +32,7 @@ .\" @(#)hier.7 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd January 21, 2010 +.Dd October 29, 2013 .Dt HIER 7 .Os .Sh NAME @@ -546,6 +546,16 @@ ASCII text files used by various games device description file for device name .It Pa info/ GNU Info hypertext system +.It Pa keys/ +known trusted and revoked keys. +.Bl -tag -width ".Pa keys/pkg/" -compact +.It Pa keys/pkg/ +fingerprints for +.Xr pkg 7 +and +.Xr pkg 8 +.El +.Pp .It Pa locale/ localization files; see Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/sys/conf/newvers.sh Tue May 13 23:24:14 2014 (r265988) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/sys/dev/ciss/ciss.c ============================================================================== --- releng/9.2/sys/dev/ciss/ciss.c Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/sys/dev/ciss/ciss.c Tue May 13 23:24:14 2014 (r265988) @@ -180,8 +180,6 @@ static int ciss_cam_emulate(struct ciss_ static void ciss_cam_poll(struct cam_sim *sim); static void ciss_cam_complete(struct ciss_request *cr); static void ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio); -static struct cam_periph *ciss_find_periph(struct ciss_softc *sc, - int bus, int target); static int ciss_name_device(struct ciss_softc *sc, int bus, int target); /* periodic status monitoring */ @@ -3389,27 +3387,6 @@ ciss_cam_complete_fixup(struct ciss_soft /******************************************************************************** - * Find a peripheral attached at (target) - */ -static struct cam_periph * -ciss_find_periph(struct ciss_softc *sc, int bus, int target) -{ - struct cam_periph *periph; - struct cam_path *path; - int status; - - status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]), - target, 0); - if (status == CAM_REQ_CMP) { - periph = cam_periph_find(path, NULL); - xpt_free_path(path); - } else { - periph = NULL; - } - return(periph); -} - -/******************************************************************************** * Name the device at (target) * * XXX is this strictly correct? @@ -3418,12 +3395,22 @@ static int ciss_name_device(struct ciss_softc *sc, int bus, int target) { struct cam_periph *periph; + struct cam_path *path; + int status; if (CISS_IS_PHYSICAL(bus)) return (0); - if ((periph = ciss_find_periph(sc, bus, target)) != NULL) { + + status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]), + target, 0); + + if (status == CAM_REQ_CMP) { + mtx_lock(&sc->ciss_mtx); + periph = cam_periph_find(path, NULL); sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d", periph->periph_name, periph->unit_number); + mtx_unlock(&sc->ciss_mtx); + xpt_free_path(path); return(0); } sc->ciss_logical[bus][target].cl_name[0] = 0; Modified: releng/9.2/usr.sbin/kldxref/kldxref.c ============================================================================== --- releng/9.2/usr.sbin/kldxref/kldxref.c Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/usr.sbin/kldxref/kldxref.c Tue May 13 23:24:14 2014 (r265988) @@ -274,6 +274,16 @@ usage(void) exit(1); } +static int +compare(const FTSENT *const *a, const FTSENT *const *b) +{ + if ((*a)->fts_info == FTS_D && (*b)->fts_info != FTS_D) + return 1; + if ((*a)->fts_info != FTS_D && (*b)->fts_info == FTS_D) + return -1; + return strcmp((*a)->fts_name, (*b)->fts_name); +} + int main(int argc, char *argv[]) { @@ -315,7 +325,7 @@ main(int argc, char *argv[]) err(1, "%s", argv[0]); } - ftsp = fts_open(argv, fts_options, 0); + ftsp = fts_open(argv, fts_options, compare); if (ftsp == NULL) exit(1); Modified: releng/9.2/usr.sbin/pkg/pkg.c ============================================================================== --- releng/9.2/usr.sbin/pkg/pkg.c Tue May 13 23:22:28 2014 (r265987) +++ releng/9.2/usr.sbin/pkg/pkg.c Tue May 13 23:24:14 2014 (r265988) @@ -284,13 +284,10 @@ bootstrap_pkg(void) { struct url *u; FILE *remote; - FILE *config; - char *site; struct dns_srvinfo *mirrors, *current; /* To store _https._tcp. + hostname + \0 */ char zone[MAXHOSTNAMELEN + 13]; char url[MAXPATHLEN]; - char conf[MAXPATHLEN]; char abi[BUFSIZ]; char tmppkg[MAXPATHLEN]; char buf[10240]; @@ -306,7 +303,6 @@ bootstrap_pkg(void) max_retry = 3; ret = -1; remote = NULL; - config = NULL; current = mirrors = NULL; printf("Bootstrapping pkg please wait\n"); @@ -387,26 +383,6 @@ bootstrap_pkg(void) if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0) ret = install_pkg_static(pkgstatic, tmppkg); - snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf", - getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE); - - if (access(conf, R_OK) == -1) { - site = strrchr(url, '/'); - if (site == NULL) - goto cleanup; - site[0] = '\0'; - site = strrchr(url, '/'); - if (site == NULL) - goto cleanup; - site[0] = '\0'; - - config = fopen(conf, "w+"); - if (config == NULL) - goto cleanup; - fprintf(config, "packagesite: %s\n", url); - fclose(config); - } - goto cleanup; fetchfail: @@ -423,7 +399,11 @@ cleanup: static const char confirmation_message[] = "The package management tool is not yet installed on your system.\n" -"Do you want to fetch and install it now? [y/N]: "; +"The mechanism for doing this is not secure on FreeBSD 9.2. To securely install\n" +"pkg(8), use ports from a portsnap checkout:\n" +" # portsnap fetch extract\n" +" # make -C /usr/ports/ports-mgmt/pkg install clean\n" +"Do you still want to fetch and install it now? [y/N]: "; static int pkg_query_yes_no(void) From owner-svn-src-releng@FreeBSD.ORG Tue May 13 23:24:36 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 81DF0996; Tue, 13 May 2014 23:24:36 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 62B3329E9; Tue, 13 May 2014 23:24:36 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s4DNOarK058877; Tue, 13 May 2014 23:24:36 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s4DNOXAN058859; Tue, 13 May 2014 23:24:33 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201405132324.s4DNOXAN058859@svn.freebsd.org> From: Xin LI Date: Tue, 13 May 2014 23:24:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r265989 - in releng/8.4: . etc etc/mtree etc/pkg share share/keys share/keys/pkg share/keys/pkg/trusted share/man/man7 sys/conf usr.sbin/kldxref usr.sbin/pkg X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 May 2014 23:24:36 -0000 Author: delphij Date: Tue May 13 23:24:32 2014 New Revision: 265989 URL: http://svnweb.freebsd.org/changeset/base/265989 Log: Add pkg bootstrapping, configuration and public keys. [EN-14:03] Improve build repeatability for kldxref(8). [EN-14:04] Approved by: so Added: releng/8.4/etc/pkg/ releng/8.4/etc/pkg/FreeBSD.conf (contents, props changed) releng/8.4/etc/pkg/Makefile (contents, props changed) releng/8.4/share/keys/ releng/8.4/share/keys/Makefile (contents, props changed) releng/8.4/share/keys/pkg/ releng/8.4/share/keys/pkg/Makefile (contents, props changed) releng/8.4/share/keys/pkg/trusted/ releng/8.4/share/keys/pkg/trusted/Makefile (contents, props changed) releng/8.4/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 (contents, props changed) Modified: releng/8.4/UPDATING releng/8.4/etc/Makefile releng/8.4/etc/mtree/BSD.root.dist releng/8.4/etc/mtree/BSD.usr.dist releng/8.4/share/Makefile releng/8.4/share/man/man7/hier.7 releng/8.4/sys/conf/newvers.sh releng/8.4/usr.sbin/kldxref/kldxref.c releng/8.4/usr.sbin/pkg/pkg.c Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/UPDATING Tue May 13 23:24:32 2014 (r265989) @@ -15,6 +15,13 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140513: p10 FreeBSD-EN-14:03.pkg + FreeBSD-EN-14:04.kldxref + + Add pkg bootstrapping, configuration and public keys. [EN-14:03] + + Improve build repeatability for kldxref(8). [EN-14:04] + 20140430: p9 FreeBSD-SA-14:08.tcp Fix TCP reassembly vulnerability. [SA-14:08] Modified: releng/8.4/etc/Makefile ============================================================================== --- releng/8.4/etc/Makefile Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/etc/Makefile Tue May 13 23:24:32 2014 (r265989) @@ -172,6 +172,7 @@ distribution: ${_+_}cd ${.CURDIR}/devd; ${MAKE} install ${_+_}cd ${.CURDIR}/gss; ${MAKE} install ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install + ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap Modified: releng/8.4/etc/mtree/BSD.root.dist ============================================================================== --- releng/8.4/etc/mtree/BSD.root.dist Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/etc/mtree/BSD.root.dist Tue May 13 23:24:32 2014 (r265989) @@ -52,6 +52,8 @@ weekly .. .. + pkg + .. ppp .. rc.d Modified: releng/8.4/etc/mtree/BSD.usr.dist ============================================================================== --- releng/8.4/etc/mtree/BSD.usr.dist Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/etc/mtree/BSD.usr.dist Tue May 13 23:24:32 2014 (r265989) @@ -340,6 +340,14 @@ .. info .. + keys + pkg + revoked + .. + trusted + .. + .. + .. locale UTF-8 .. Added: releng/8.4/etc/pkg/FreeBSD.conf ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/8.4/etc/pkg/FreeBSD.conf Tue May 13 23:24:32 2014 (r265989) @@ -0,0 +1,16 @@ +# $FreeBSD$ +# +# To disable this repository, instead of modifying or removing this file, +# create a /usr/local/etc/pkg/repos/FreeBSD.conf file: +# +# mkdir -p /usr/local/etc/pkg/repos +# echo "FreeBSD: { enabled: no }" > /usr/local/etc/pkg/repos/FreeBSD.conf +# + +FreeBSD: { + url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", + mirror_type: "srv", + signature_type: "fingerprints", + fingerprints: "/usr/share/keys/pkg", + enabled: yes +} Added: releng/8.4/etc/pkg/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/8.4/etc/pkg/Makefile Tue May 13 23:24:32 2014 (r265989) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= FreeBSD.conf + +FILESDIR= /etc/pkg +FILESMODE= 644 + +.include Modified: releng/8.4/share/Makefile ============================================================================== --- releng/8.4/share/Makefile Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/share/Makefile Tue May 13 23:24:32 2014 (r265989) @@ -9,6 +9,7 @@ SUBDIR= ${_colldef} \ ${_dict} \ ${_doc} \ ${_examples} \ + keys \ ${_man} \ ${_me} \ misc \ Added: releng/8.4/share/keys/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/8.4/share/keys/Makefile Tue May 13 23:24:32 2014 (r265989) @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= pkg + +.include Added: releng/8.4/share/keys/pkg/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/8.4/share/keys/pkg/Makefile Tue May 13 23:24:32 2014 (r265989) @@ -0,0 +1,5 @@ +# $FreeBSD$ + +SUBDIR= trusted + +.include Added: releng/8.4/share/keys/pkg/trusted/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/8.4/share/keys/pkg/trusted/Makefile Tue May 13 23:24:32 2014 (r265989) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +NO_OBJ= + +FILES= pkg.freebsd.org.2013102301 + +FILESDIR= /usr/share/keys/pkg/trusted +FILESMODE= 644 + +.include Added: releng/8.4/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/8.4/share/keys/pkg/trusted/pkg.freebsd.org.2013102301 Tue May 13 23:24:32 2014 (r265989) @@ -0,0 +1,4 @@ +# $FreeBSD$ + +function: "sha256" +fingerprint: "b0170035af3acc5f3f3ae1859dc717101b4e6c1d0a794ad554928ca0cbb2f438" Modified: releng/8.4/share/man/man7/hier.7 ============================================================================== --- releng/8.4/share/man/man7/hier.7 Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/share/man/man7/hier.7 Tue May 13 23:24:32 2014 (r265989) @@ -32,7 +32,7 @@ .\" @(#)hier.7 8.1 (Berkeley) 6/5/93 .\" $FreeBSD$ .\" -.Dd May 25, 2008 +.Dd October 29, 2013 .Dt HIER 7 .Os .Sh NAME @@ -546,6 +546,16 @@ ASCII text files used by various games device description file for device name .It Pa info/ GNU Info hypertext system +.It Pa keys/ +known trusted and revoked keys. +.Bl -tag -width ".Pa keys/pkg/" -compact +.It Pa keys/pkg/ +fingerprints for +.Xr pkg 7 +and +.Xr pkg 8 +.El +.Pp .It Pa locale/ localization files; see Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/sys/conf/newvers.sh Tue May 13 23:24:32 2014 (r265989) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p9" +BRANCH="RELEASE-p10" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/usr.sbin/kldxref/kldxref.c ============================================================================== --- releng/8.4/usr.sbin/kldxref/kldxref.c Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/usr.sbin/kldxref/kldxref.c Tue May 13 23:24:32 2014 (r265989) @@ -275,6 +275,16 @@ usage(void) exit(1); } +static int +compare(const FTSENT *const *a, const FTSENT *const *b) +{ + if ((*a)->fts_info == FTS_D && (*b)->fts_info != FTS_D) + return 1; + if ((*a)->fts_info != FTS_D && (*b)->fts_info == FTS_D) + return -1; + return strcmp((*a)->fts_name, (*b)->fts_name); +} + int main(int argc, char *argv[]) { @@ -316,7 +326,7 @@ main(int argc, char *argv[]) err(1, "%s", argv[0]); } - ftsp = fts_open(argv, fts_options, 0); + ftsp = fts_open(argv, fts_options, compare); if (ftsp == NULL) exit(1); Modified: releng/8.4/usr.sbin/pkg/pkg.c ============================================================================== --- releng/8.4/usr.sbin/pkg/pkg.c Tue May 13 23:24:14 2014 (r265988) +++ releng/8.4/usr.sbin/pkg/pkg.c Tue May 13 23:24:32 2014 (r265989) @@ -284,13 +284,10 @@ bootstrap_pkg(void) { struct url *u; FILE *remote; - FILE *config; - char *site; struct dns_srvinfo *mirrors, *current; /* To store _https._tcp. + hostname + \0 */ char zone[MAXHOSTNAMELEN + 13]; char url[MAXPATHLEN]; - char conf[MAXPATHLEN]; char abi[BUFSIZ]; char tmppkg[MAXPATHLEN]; char buf[10240]; @@ -306,7 +303,6 @@ bootstrap_pkg(void) max_retry = 3; ret = -1; remote = NULL; - config = NULL; current = mirrors = NULL; printf("Bootstrapping pkg please wait\n"); @@ -387,26 +383,6 @@ bootstrap_pkg(void) if ((ret = extract_pkg_static(fd, pkgstatic, MAXPATHLEN)) == 0) ret = install_pkg_static(pkgstatic, tmppkg); - snprintf(conf, MAXPATHLEN, "%s/etc/pkg.conf", - getenv("LOCALBASE") ? getenv("LOCALBASE") : _LOCALBASE); - - if (access(conf, R_OK) == -1) { - site = strrchr(url, '/'); - if (site == NULL) - goto cleanup; - site[0] = '\0'; - site = strrchr(url, '/'); - if (site == NULL) - goto cleanup; - site[0] = '\0'; - - config = fopen(conf, "w+"); - if (config == NULL) - goto cleanup; - fprintf(config, "packagesite: %s\n", url); - fclose(config); - } - goto cleanup; fetchfail: @@ -423,7 +399,11 @@ cleanup: static const char confirmation_message[] = "The package management tool is not yet installed on your system.\n" -"Do you want to fetch and install it now? [y/N]: "; +"The mechanism for doing this is not secure on FreeBSD 8. To securely install\n" +"pkg(8), use ports from a portsnap checkout:\n" +" # portsnap fetch extract\n" +" # make -C /usr/ports/ports-mgmt/pkg install clean\n" +"Do you still want to fetch and install it now? [y/N]: "; static int pkg_query_yes_no(void) From owner-svn-src-releng@FreeBSD.ORG Tue Jun 3 19:02:55 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 11DF52AF; Tue, 3 Jun 2014 19:02:55 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4226B2B6C; Tue, 3 Jun 2014 19:02:54 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s53J2sX3027470; Tue, 3 Jun 2014 19:02:54 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s53J2qrq027461; Tue, 3 Jun 2014 19:02:52 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406031902.s53J2qrq027461@svn.freebsd.org> From: Xin LI Date: Tue, 3 Jun 2014 19:02:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267017 - in releng/10.0: . contrib/openpam/lib/libpam contrib/sendmail/src sys/conf sys/kern sys/sys sys/vm X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:02:55 -0000 Author: delphij Date: Tue Jun 3 19:02:52 2014 New Revision: 267017 URL: http://svnweb.freebsd.org/changeset/base/267017 Log: Fix sendmail improper close-on-exec flag handling. [SA-14:11] Fix incorrect error handling in PAM policy parser. [SA-14:13] Fix triple-fault when executing from a threaded process. [EN-14:06] Approved by: so Modified: releng/10.0/UPDATING releng/10.0/contrib/openpam/lib/libpam/openpam_configure.c releng/10.0/contrib/sendmail/src/conf.c releng/10.0/sys/conf/newvers.sh releng/10.0/sys/kern/kern_exec.c releng/10.0/sys/sys/proc.h releng/10.0/sys/vm/vm_map.c Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/UPDATING Tue Jun 3 19:02:52 2014 (r267017) @@ -16,6 +16,17 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140603: p4 FreeBSD-SA-14:11.sendmail + FreeBSD-SA-14:13.pam + FreeBSD-EN-14:06.exec + + Fix sendmail improper close-on-exec flag handling. [SA-14:11] + + Fix incorrect error handling in PAM policy parser. [SA-14:13] + + Fix triple-fault when executing from a threaded process. + [EN-14:06] + 20140513: p3 FreeBSD-SA-14:10.openssl FreeBSD-EN-14:05.ciss Modified: releng/10.0/contrib/openpam/lib/libpam/openpam_configure.c ============================================================================== --- releng/10.0/contrib/openpam/lib/libpam/openpam_configure.c Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/contrib/openpam/lib/libpam/openpam_configure.c Tue Jun 3 19:02:52 2014 (r267017) @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2012 Dag-Erling Smørgrav + * Copyright (c) 2004-2014 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -193,6 +193,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid facility", filename, lineno); + errno = EINVAL; goto fail; } if (facility != fclt && facility != PAM_FACILITY_ANY) { @@ -208,18 +209,28 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid service name", filename, lineno); + errno = EINVAL; goto fail; } if (wordv[i] != NULL) { openpam_log(PAM_LOG_ERROR, "%s(%d): garbage at end of line", filename, lineno); + errno = EINVAL; goto fail; } ret = openpam_load_chain(pamh, servicename, fclt); FREEV(wordc, wordv); - if (ret < 0) + if (ret < 0) { + /* + * Bogus errno, but this ensures that the + * outer loop does not just ignore the + * error and keep searching. + */ + if (errno == ENOENT) + errno = EINVAL; goto fail; + } continue; } @@ -229,6 +240,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid control flag", filename, lineno); + errno = EINVAL; goto fail; } @@ -238,6 +250,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid module name", filename, lineno); + errno = EINVAL; goto fail; } @@ -247,8 +260,11 @@ openpam_parse_chain(pam_handle_t *pamh, this->flag = ctlf; /* load module */ - if ((this->module = openpam_load_module(modulename)) == NULL) + if ((this->module = openpam_load_module(modulename)) == NULL) { + if (errno == ENOENT) + errno = ENOEXEC; goto fail; + } /* * The remaining items in wordv are the module's @@ -281,7 +297,11 @@ openpam_parse_chain(pam_handle_t *pamh, * The loop ended because openpam_readword() returned NULL, which * can happen for four different reasons: an I/O error (ferror(f) * is true), a memory allocation failure (ferror(f) is false, - * errno is non-zero) + * feof(f) is false, errno is non-zero), the file ended with an + * unterminated quote or backslash escape (ferror(f) is false, + * feof(f) is true, errno is non-zero), or the end of the file was + * reached without error (ferror(f) is false, feof(f) is true, + * errno is zero). */ if (ferror(f) || errno != 0) goto syserr; @@ -402,6 +422,9 @@ openpam_load_chain(pam_handle_t *pamh, } ret = openpam_load_file(pamh, service, facility, filename, style); + /* success */ + if (ret > 0) + RETURNN(ret); /* the file exists, but an error occurred */ if (ret == -1 && errno != ENOENT) RETURNN(ret); @@ -411,7 +434,8 @@ openpam_load_chain(pam_handle_t *pamh, } /* no hit */ - RETURNN(0); + errno = ENOENT; + RETURNN(-1); } /* @@ -432,8 +456,10 @@ openpam_configure(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "invalid service name"); RETURNC(PAM_SYSTEM_ERR); } - if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) - goto load_err; + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) { + if (errno != ENOENT) + goto load_err; + } for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { if (pamh->chains[fclt] != NULL) continue; Modified: releng/10.0/contrib/sendmail/src/conf.c ============================================================================== --- releng/10.0/contrib/sendmail/src/conf.c Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/contrib/sendmail/src/conf.c Tue Jun 3 19:02:52 2014 (r267017) @@ -5265,8 +5265,8 @@ closefd_walk(lowest, fd) */ void -sm_close_on_exec(highest, lowest) - int highest, lowest; +sm_close_on_exec(lowest, highest) + int lowest, highest; { #if HASFDWALK (void) fdwalk(closefd_walk, &lowest); Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/sys/conf/newvers.sh Tue Jun 3 19:02:52 2014 (r267017) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p3" +BRANCH="RELEASE-p4" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.0/sys/kern/kern_exec.c ============================================================================== --- releng/10.0/sys/kern/kern_exec.c Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/sys/kern/kern_exec.c Tue Jun 3 19:02:52 2014 (r267017) @@ -283,6 +283,7 @@ kern_execve(td, args, mac_p) struct mac *mac_p; { struct proc *p = td->td_proc; + struct vmspace *oldvmspace; int error; AUDIT_ARG_ARGV(args->begin_argv, args->argc, @@ -299,6 +300,8 @@ kern_execve(td, args, mac_p) PROC_UNLOCK(p); } + KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); + oldvmspace = td->td_proc->p_vmspace; error = do_execve(td, args, mac_p); if (p->p_flag & P_HADTHREADS) { @@ -313,6 +316,12 @@ kern_execve(td, args, mac_p) thread_single_end(); PROC_UNLOCK(p); } + if ((td->td_pflags & TDP_EXECVMSPC) != 0) { + KASSERT(td->td_proc->p_vmspace != oldvmspace, + ("oldvmspace still used")); + vmspace_free(oldvmspace); + td->td_pflags &= ~TDP_EXECVMSPC; + } return (error); } Modified: releng/10.0/sys/sys/proc.h ============================================================================== --- releng/10.0/sys/sys/proc.h Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/sys/sys/proc.h Tue Jun 3 19:02:52 2014 (r267017) @@ -966,4 +966,5 @@ curthread_pflags_restore(int save) #endif /* _KERNEL */ +#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ #endif /* !_SYS_PROC_H_ */ Modified: releng/10.0/sys/vm/vm_map.c ============================================================================== --- releng/10.0/sys/vm/vm_map.c Tue Jun 3 19:02:42 2014 (r267016) +++ releng/10.0/sys/vm/vm_map.c Tue Jun 3 19:02:52 2014 (r267017) @@ -3725,6 +3725,8 @@ vmspace_exec(struct proc *p, vm_offset_t struct vmspace *oldvmspace = p->p_vmspace; struct vmspace *newvmspace; + KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, + ("vmspace_exec recursed")); newvmspace = vmspace_alloc(minuser, maxuser, NULL); if (newvmspace == NULL) return (ENOMEM); @@ -3741,7 +3743,7 @@ vmspace_exec(struct proc *p, vm_offset_t PROC_VMSPACE_UNLOCK(p); if (p == curthread->td_proc) pmap_activate(curthread); - vmspace_free(oldvmspace); + curthread->td_pflags |= TDP_EXECVMSPC; return (0); } From owner-svn-src-releng@FreeBSD.ORG Tue Jun 3 19:03:15 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57E6F3DA; Tue, 3 Jun 2014 19:03:15 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 26E132B73; Tue, 3 Jun 2014 19:03:15 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s53J3Fh2027635; Tue, 3 Jun 2014 19:03:15 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s53J3Bhb027614; Tue, 3 Jun 2014 19:03:11 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406031903.s53J3Bhb027614@svn.freebsd.org> From: Xin LI Date: Tue, 3 Jun 2014 19:03:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267018 - in releng: 9.1 9.1/contrib/sendmail/src 9.1/sys/conf 9.1/sys/kern 9.1/sys/sys 9.1/sys/vm 9.2 9.2/contrib/openpam/lib 9.2/contrib/sendmail/src 9.2/sys/conf 9.2/sys/kern 9.2/sys... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:03:15 -0000 Author: delphij Date: Tue Jun 3 19:03:11 2014 New Revision: 267018 URL: http://svnweb.freebsd.org/changeset/base/267018 Log: Fix sendmail improper close-on-exec flag handling. [SA-14:11] Fix ktrace memory disclosure. [SA-14:12] Fix incorrect error handling in PAM policy parser. [SA-14:13] Fix triple-fault when executing from a threaded process. [EN-14:06] Approved by: so Modified: releng/9.1/UPDATING releng/9.1/contrib/sendmail/src/conf.c releng/9.1/sys/conf/newvers.sh releng/9.1/sys/kern/kern_exec.c releng/9.1/sys/kern/kern_ktrace.c releng/9.1/sys/sys/proc.h releng/9.1/sys/vm/vm_map.c releng/9.2/UPDATING releng/9.2/contrib/openpam/lib/openpam_configure.c releng/9.2/contrib/sendmail/src/conf.c releng/9.2/sys/conf/newvers.sh releng/9.2/sys/kern/kern_exec.c releng/9.2/sys/kern/kern_ktrace.c releng/9.2/sys/sys/proc.h releng/9.2/sys/vm/vm_map.c Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/UPDATING Tue Jun 3 19:03:11 2014 (r267018) @@ -9,6 +9,20 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140603: p14 FreeBSD-SA-14:11.sendmail + FreeBSD-SA-14:12.ktrace + FreeBSD-SA-14:13.pam + FreeBSD-EN-14:06.exec + + Fix sendmail improper close-on-exec flag handling. [SA-14:11] + + Fix ktrace memory disclosure. [SA-14:12] + + Fix incorrect error handling in PAM policy parser. [SA-14:13] + + Fix triple-fault when executing from a threaded process. + [EN-14:06] + 20140513: p13 FreeBSD-EN-14:03.pkg FreeBSD-EN-14:04.kldxref FreeBSD-EN-14:05.ciss Modified: releng/9.1/contrib/sendmail/src/conf.c ============================================================================== --- releng/9.1/contrib/sendmail/src/conf.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/contrib/sendmail/src/conf.c Tue Jun 3 19:03:11 2014 (r267018) @@ -5256,8 +5256,8 @@ closefd_walk(lowest, fd) */ void -sm_close_on_exec(highest, lowest) - int highest, lowest; +sm_close_on_exec(lowest, highest) + int lowest, highest; { #if HASFDWALK (void) fdwalk(closefd_walk, &lowest); Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/sys/conf/newvers.sh Tue Jun 3 19:03:11 2014 (r267018) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p13" +BRANCH="RELEASE-p14" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.1/sys/kern/kern_exec.c ============================================================================== --- releng/9.1/sys/kern/kern_exec.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/sys/kern/kern_exec.c Tue Jun 3 19:03:11 2014 (r267018) @@ -280,6 +280,7 @@ kern_execve(td, args, mac_p) struct mac *mac_p; { struct proc *p = td->td_proc; + struct vmspace *oldvmspace; int error; AUDIT_ARG_ARGV(args->begin_argv, args->argc, @@ -296,6 +297,8 @@ kern_execve(td, args, mac_p) PROC_UNLOCK(p); } + KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); + oldvmspace = td->td_proc->p_vmspace; error = do_execve(td, args, mac_p); if (p->p_flag & P_HADTHREADS) { @@ -310,6 +313,12 @@ kern_execve(td, args, mac_p) thread_single_end(); PROC_UNLOCK(p); } + if ((td->td_pflags & TDP_EXECVMSPC) != 0) { + KASSERT(td->td_proc->p_vmspace != oldvmspace, + ("oldvmspace still used")); + vmspace_free(oldvmspace); + td->td_pflags &= ~TDP_EXECVMSPC; + } return (error); } Modified: releng/9.1/sys/kern/kern_ktrace.c ============================================================================== --- releng/9.1/sys/kern/kern_ktrace.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/sys/kern/kern_ktrace.c Tue Jun 3 19:03:11 2014 (r267018) @@ -119,6 +119,7 @@ static int data_lengths[] = { 0, /* KTR_SYSCTL */ sizeof(struct ktr_proc_ctor), /* KTR_PROCCTOR */ 0, /* KTR_PROCDTOR */ + 0, /* unused */ sizeof(struct ktr_fault), /* KTR_FAULT */ sizeof(struct ktr_faultend), /* KTR_FAULTEND */ }; Modified: releng/9.1/sys/sys/proc.h ============================================================================== --- releng/9.1/sys/sys/proc.h Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/sys/sys/proc.h Tue Jun 3 19:03:11 2014 (r267018) @@ -968,4 +968,5 @@ curthread_pflags_restore(int save) #endif /* _KERNEL */ +#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ #endif /* !_SYS_PROC_H_ */ Modified: releng/9.1/sys/vm/vm_map.c ============================================================================== --- releng/9.1/sys/vm/vm_map.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.1/sys/vm/vm_map.c Tue Jun 3 19:03:11 2014 (r267018) @@ -3631,6 +3631,8 @@ vmspace_exec(struct proc *p, vm_offset_t struct vmspace *oldvmspace = p->p_vmspace; struct vmspace *newvmspace; + KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, + ("vmspace_exec recursed")); newvmspace = vmspace_alloc(minuser, maxuser); if (newvmspace == NULL) return (ENOMEM); @@ -3647,7 +3649,7 @@ vmspace_exec(struct proc *p, vm_offset_t PROC_VMSPACE_UNLOCK(p); if (p == curthread->td_proc) pmap_activate(curthread); - vmspace_free(oldvmspace); + curthread->td_pflags |= TDP_EXECVMSPC; return (0); } Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/UPDATING Tue Jun 3 19:03:11 2014 (r267018) @@ -11,6 +11,20 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140603: p7 FreeBSD-SA-14:11.sendmail + FreeBSD-SA-14:12.ktrace + FreeBSD-SA-14:13.pam + FreeBSD-EN-14:06.exec + + Fix sendmail improper close-on-exec flag handling. [SA-14:11] + + Fix ktrace memory disclosure. [SA-14:12] + + Fix incorrect error handling in PAM policy parser. [SA-14:13] + + Fix triple-fault when executing from a threaded process. + [EN-14:06] + 20140513: p6 FreeBSD-EN-14:03.pkg FreeBSD-EN-14:04.kldxref FreeBSD-EN-14:05.ciss Modified: releng/9.2/contrib/openpam/lib/openpam_configure.c ============================================================================== --- releng/9.2/contrib/openpam/lib/openpam_configure.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/contrib/openpam/lib/openpam_configure.c Tue Jun 3 19:03:11 2014 (r267018) @@ -1,6 +1,6 @@ /*- * Copyright (c) 2001-2003 Networks Associates Technology, Inc. - * Copyright (c) 2004-2012 Dag-Erling Smørgrav + * Copyright (c) 2004-2014 Dag-Erling Smørgrav * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -194,6 +194,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid facility", filename, lineno); + errno = EINVAL; goto fail; } if (facility != fclt && facility != PAM_FACILITY_ANY) { @@ -209,18 +210,28 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid service name", filename, lineno); + errno = EINVAL; goto fail; } if (wordv[i] != NULL) { openpam_log(PAM_LOG_ERROR, "%s(%d): garbage at end of line", filename, lineno); + errno = EINVAL; goto fail; } ret = openpam_load_chain(pamh, servicename, fclt); FREEV(wordc, wordv); - if (ret < 0) + if (ret < 0) { + /* + * Bogus errno, but this ensures that the + * outer loop does not just ignore the + * error and keep searching. + */ + if (errno == ENOENT) + errno = EINVAL; goto fail; + } continue; } @@ -230,6 +241,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid control flag", filename, lineno); + errno = EINVAL; goto fail; } @@ -239,6 +251,7 @@ openpam_parse_chain(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "%s(%d): missing or invalid module name", filename, lineno); + errno = EINVAL; goto fail; } @@ -248,8 +261,11 @@ openpam_parse_chain(pam_handle_t *pamh, this->flag = ctlf; /* load module */ - if ((this->module = openpam_load_module(modulename)) == NULL) + if ((this->module = openpam_load_module(modulename)) == NULL) { + if (errno == ENOENT) + errno = ENOEXEC; goto fail; + } /* * The remaining items in wordv are the module's @@ -282,7 +298,11 @@ openpam_parse_chain(pam_handle_t *pamh, * The loop ended because openpam_readword() returned NULL, which * can happen for four different reasons: an I/O error (ferror(f) * is true), a memory allocation failure (ferror(f) is false, - * errno is non-zero) + * feof(f) is false, errno is non-zero), the file ended with an + * unterminated quote or backslash escape (ferror(f) is false, + * feof(f) is true, errno is non-zero), or the end of the file was + * reached without error (ferror(f) is false, feof(f) is true, + * errno is zero). */ if (ferror(f) || errno != 0) goto syserr; @@ -411,6 +431,9 @@ openpam_load_chain(pam_handle_t *pamh, } ret = openpam_load_file(pamh, service, facility, filename, style); + /* success */ + if (ret > 0) + RETURNN(ret); /* the file exists, but an error occurred */ if (ret == -1 && errno != ENOENT) RETURNN(ret); @@ -420,7 +443,8 @@ openpam_load_chain(pam_handle_t *pamh, } /* no hit */ - RETURNN(0); + errno = ENOENT; + RETURNN(-1); } /* @@ -441,8 +465,10 @@ openpam_configure(pam_handle_t *pamh, openpam_log(PAM_LOG_ERROR, "invalid service name"); RETURNC(PAM_SYSTEM_ERR); } - if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) - goto load_err; + if (openpam_load_chain(pamh, service, PAM_FACILITY_ANY) < 0) { + if (errno != ENOENT) + goto load_err; + } for (fclt = 0; fclt < PAM_NUM_FACILITIES; ++fclt) { if (pamh->chains[fclt] != NULL) continue; Modified: releng/9.2/contrib/sendmail/src/conf.c ============================================================================== --- releng/9.2/contrib/sendmail/src/conf.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/contrib/sendmail/src/conf.c Tue Jun 3 19:03:11 2014 (r267018) @@ -5265,8 +5265,8 @@ closefd_walk(lowest, fd) */ void -sm_close_on_exec(highest, lowest) - int highest, lowest; +sm_close_on_exec(lowest, highest) + int lowest, highest; { #if HASFDWALK (void) fdwalk(closefd_walk, &lowest); Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/sys/conf/newvers.sh Tue Jun 3 19:03:11 2014 (r267018) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p6" +BRANCH="RELEASE-p7" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/sys/kern/kern_exec.c ============================================================================== --- releng/9.2/sys/kern/kern_exec.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/sys/kern/kern_exec.c Tue Jun 3 19:03:11 2014 (r267018) @@ -280,6 +280,7 @@ kern_execve(td, args, mac_p) struct mac *mac_p; { struct proc *p = td->td_proc; + struct vmspace *oldvmspace; int error; AUDIT_ARG_ARGV(args->begin_argv, args->argc, @@ -296,6 +297,8 @@ kern_execve(td, args, mac_p) PROC_UNLOCK(p); } + KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); + oldvmspace = td->td_proc->p_vmspace; error = do_execve(td, args, mac_p); if (p->p_flag & P_HADTHREADS) { @@ -310,6 +313,12 @@ kern_execve(td, args, mac_p) thread_single_end(); PROC_UNLOCK(p); } + if ((td->td_pflags & TDP_EXECVMSPC) != 0) { + KASSERT(td->td_proc->p_vmspace != oldvmspace, + ("oldvmspace still used")); + vmspace_free(oldvmspace); + td->td_pflags &= ~TDP_EXECVMSPC; + } return (error); } Modified: releng/9.2/sys/kern/kern_ktrace.c ============================================================================== --- releng/9.2/sys/kern/kern_ktrace.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/sys/kern/kern_ktrace.c Tue Jun 3 19:03:11 2014 (r267018) @@ -119,6 +119,7 @@ static int data_lengths[] = { 0, /* KTR_SYSCTL */ sizeof(struct ktr_proc_ctor), /* KTR_PROCCTOR */ 0, /* KTR_PROCDTOR */ + 0, /* unused */ sizeof(struct ktr_fault), /* KTR_FAULT */ sizeof(struct ktr_faultend), /* KTR_FAULTEND */ }; Modified: releng/9.2/sys/sys/proc.h ============================================================================== --- releng/9.2/sys/sys/proc.h Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/sys/sys/proc.h Tue Jun 3 19:03:11 2014 (r267018) @@ -977,4 +977,5 @@ curthread_pflags_restore(int save) #endif /* _KERNEL */ +#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ #endif /* !_SYS_PROC_H_ */ Modified: releng/9.2/sys/vm/vm_map.c ============================================================================== --- releng/9.2/sys/vm/vm_map.c Tue Jun 3 19:02:52 2014 (r267017) +++ releng/9.2/sys/vm/vm_map.c Tue Jun 3 19:03:11 2014 (r267018) @@ -3669,6 +3669,8 @@ vmspace_exec(struct proc *p, vm_offset_t struct vmspace *oldvmspace = p->p_vmspace; struct vmspace *newvmspace; + KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, + ("vmspace_exec recursed")); newvmspace = vmspace_alloc(minuser, maxuser); if (newvmspace == NULL) return (ENOMEM); @@ -3685,7 +3687,7 @@ vmspace_exec(struct proc *p, vm_offset_t PROC_VMSPACE_UNLOCK(p); if (p == curthread->td_proc) pmap_activate(curthread); - vmspace_free(oldvmspace); + curthread->td_pflags |= TDP_EXECVMSPC; return (0); } From owner-svn-src-releng@FreeBSD.ORG Tue Jun 3 19:03:25 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2E1DE50C; Tue, 3 Jun 2014 19:03:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0E6192B77; Tue, 3 Jun 2014 19:03:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s53J3Ogt027712; Tue, 3 Jun 2014 19:03:24 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s53J3N5R027701; Tue, 3 Jun 2014 19:03:23 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406031903.s53J3N5R027701@svn.freebsd.org> From: Xin LI Date: Tue, 3 Jun 2014 19:03:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267019 - in releng/8.4: . contrib/sendmail/src sys/conf sys/kern sys/sys sys/vm X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Jun 2014 19:03:25 -0000 Author: delphij Date: Tue Jun 3 19:03:23 2014 New Revision: 267019 URL: http://svnweb.freebsd.org/changeset/base/267019 Log: Fix sendmail improper close-on-exec flag handling. [SA-14:11] Fix ktrace memory disclosure. [SA-14:12] Fix triple-fault when executing from a threaded process. [EN-14:06] Approved by: so Modified: releng/8.4/UPDATING releng/8.4/contrib/sendmail/src/conf.c releng/8.4/sys/conf/newvers.sh releng/8.4/sys/kern/kern_exec.c releng/8.4/sys/kern/kern_ktrace.c releng/8.4/sys/sys/proc.h releng/8.4/sys/vm/vm_map.c Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/UPDATING Tue Jun 3 19:03:23 2014 (r267019) @@ -15,6 +15,17 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140603: p11 FreeBSD-SA-14:11.sendmail + FreeBSD-SA-14:12.ktrace + FreeBSD-EN-14:06.exec + + Fix sendmail improper close-on-exec flag handling. [SA-14:11] + + Fix ktrace memory disclosure. [SA-14:12] + + Fix triple-fault when executing from a threaded process. + [EN-14:06] + 20140513: p10 FreeBSD-EN-14:03.pkg FreeBSD-EN-14:04.kldxref Modified: releng/8.4/contrib/sendmail/src/conf.c ============================================================================== --- releng/8.4/contrib/sendmail/src/conf.c Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/contrib/sendmail/src/conf.c Tue Jun 3 19:03:23 2014 (r267019) @@ -5265,8 +5265,8 @@ closefd_walk(lowest, fd) */ void -sm_close_on_exec(highest, lowest) - int highest, lowest; +sm_close_on_exec(lowest, highest) + int lowest, highest; { #if HASFDWALK (void) fdwalk(closefd_walk, &lowest); Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/sys/conf/newvers.sh Tue Jun 3 19:03:23 2014 (r267019) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/sys/kern/kern_exec.c ============================================================================== --- releng/8.4/sys/kern/kern_exec.c Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/sys/kern/kern_exec.c Tue Jun 3 19:03:23 2014 (r267019) @@ -278,6 +278,7 @@ kern_execve(td, args, mac_p) struct mac *mac_p; { struct proc *p = td->td_proc; + struct vmspace *oldvmspace; int error; AUDIT_ARG_ARGV(args->begin_argv, args->argc, @@ -294,6 +295,8 @@ kern_execve(td, args, mac_p) PROC_UNLOCK(p); } + KASSERT((td->td_pflags & TDP_EXECVMSPC) == 0, ("nested execve")); + oldvmspace = td->td_proc->p_vmspace; error = do_execve(td, args, mac_p); if (p->p_flag & P_HADTHREADS) { @@ -308,6 +311,12 @@ kern_execve(td, args, mac_p) thread_single_end(); PROC_UNLOCK(p); } + if ((td->td_pflags & TDP_EXECVMSPC) != 0) { + KASSERT(td->td_proc->p_vmspace != oldvmspace, + ("oldvmspace still used")); + vmspace_free(oldvmspace); + td->td_pflags &= ~TDP_EXECVMSPC; + } return (error); } Modified: releng/8.4/sys/kern/kern_ktrace.c ============================================================================== --- releng/8.4/sys/kern/kern_ktrace.c Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/sys/kern/kern_ktrace.c Tue Jun 3 19:03:23 2014 (r267019) @@ -117,6 +117,7 @@ static int data_lengths[] = { 0, /* KTR_SYSCTL */ sizeof(struct ktr_proc_ctor), /* KTR_PROCCTOR */ 0, /* KTR_PROCDTOR */ + 0, /* unused */ sizeof(struct ktr_fault), /* KTR_FAULT */ sizeof(struct ktr_faultend), /* KTR_FAULTEND */ }; Modified: releng/8.4/sys/sys/proc.h ============================================================================== --- releng/8.4/sys/sys/proc.h Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/sys/sys/proc.h Tue Jun 3 19:03:23 2014 (r267019) @@ -938,4 +938,5 @@ curthread_pflags_restore(int save) #endif /* _KERNEL */ +#define TDP_EXECVMSPC 0x40000000 /* Execve destroyed old vmspace */ #endif /* !_SYS_PROC_H_ */ Modified: releng/8.4/sys/vm/vm_map.c ============================================================================== --- releng/8.4/sys/vm/vm_map.c Tue Jun 3 19:03:11 2014 (r267018) +++ releng/8.4/sys/vm/vm_map.c Tue Jun 3 19:03:23 2014 (r267019) @@ -3521,6 +3521,8 @@ vmspace_exec(struct proc *p, vm_offset_t struct vmspace *oldvmspace = p->p_vmspace; struct vmspace *newvmspace; + KASSERT((curthread->td_pflags & TDP_EXECVMSPC) == 0, + ("vmspace_exec recursed")); newvmspace = vmspace_alloc(minuser, maxuser); if (newvmspace == NULL) return (ENOMEM); @@ -3537,7 +3539,7 @@ vmspace_exec(struct proc *p, vm_offset_t PROC_VMSPACE_UNLOCK(p); if (p == curthread->td_proc) pmap_activate(curthread); - vmspace_free(oldvmspace); + curthread->td_pflags |= TDP_EXECVMSPC; return (0); } From owner-svn-src-releng@FreeBSD.ORG Thu Jun 5 12:33:29 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 529C2993; Thu, 5 Jun 2014 12:33:29 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3CEDC2598; Thu, 5 Jun 2014 12:33:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s55CXTsT038724; Thu, 5 Jun 2014 12:33:29 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s55CXNHu038670; Thu, 5 Jun 2014 12:33:23 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406051233.s55CXNHu038670@svn.freebsd.org> From: Xin LI Date: Thu, 5 Jun 2014 12:33:23 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267104 - in releng: 10.0 10.0/crypto/openssl/ssl 10.0/sys/conf 8.4 8.4/crypto/openssl/ssl 8.4/sys/conf 9.1 9.1/crypto/openssl/ssl 9.1/sys/conf 9.2 9.2/crypto/openssl/ssl 9.2/sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jun 2014 12:33:29 -0000 Author: delphij Date: Thu Jun 5 12:33:23 2014 New Revision: 267104 URL: http://svnweb.freebsd.org/changeset/base/267104 Log: Fix OpenSSL multiple vulnerabilities. Security: CVE-2014-0195, CVE-2014-0221, CVE-2014-0224, CVE-2014-3470 Security: SA-14:14.openssl Approved by: so Modified: releng/10.0/UPDATING releng/10.0/crypto/openssl/ssl/d1_both.c releng/10.0/crypto/openssl/ssl/s3_clnt.c releng/10.0/crypto/openssl/ssl/s3_pkt.c releng/10.0/crypto/openssl/ssl/s3_srvr.c releng/10.0/crypto/openssl/ssl/ssl3.h releng/10.0/sys/conf/newvers.sh releng/8.4/UPDATING releng/8.4/crypto/openssl/ssl/d1_both.c releng/8.4/crypto/openssl/ssl/s3_clnt.c releng/8.4/crypto/openssl/ssl/s3_pkt.c releng/8.4/crypto/openssl/ssl/s3_srvr.c releng/8.4/crypto/openssl/ssl/ssl3.h releng/8.4/sys/conf/newvers.sh releng/9.1/UPDATING releng/9.1/crypto/openssl/ssl/d1_both.c releng/9.1/crypto/openssl/ssl/s3_clnt.c releng/9.1/crypto/openssl/ssl/s3_pkt.c releng/9.1/crypto/openssl/ssl/s3_srvr.c releng/9.1/crypto/openssl/ssl/ssl3.h releng/9.1/sys/conf/newvers.sh releng/9.2/UPDATING releng/9.2/crypto/openssl/ssl/d1_both.c releng/9.2/crypto/openssl/ssl/s3_clnt.c releng/9.2/crypto/openssl/ssl/s3_pkt.c releng/9.2/crypto/openssl/ssl/s3_srvr.c releng/9.2/crypto/openssl/ssl/ssl3.h releng/9.2/sys/conf/newvers.sh Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/UPDATING Thu Jun 5 12:33:23 2014 (r267104) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140605: p5 FreeBSD-SA-14:14.openssl + Fix OpenSSL multiple vulnerabilities. [SA-14:14] + 20140603: p4 FreeBSD-SA-14:11.sendmail FreeBSD-SA-14:13.pam FreeBSD-EN-14:06.exec Modified: releng/10.0/crypto/openssl/ssl/d1_both.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:33:23 2014 (r267104) @@ -626,7 +626,16 @@ dtls1_reassemble_fragment(SSL *s, struct frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. @@ -783,6 +792,7 @@ dtls1_get_message_fragment(SSL *s, int s int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -841,8 +851,7 @@ dtls1_get_message_fragment(SSL *s, int s s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { Modified: releng/10.0/crypto/openssl/ssl/s3_clnt.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -559,6 +559,7 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; @@ -916,6 +917,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ @@ -2511,6 +2513,13 @@ int ssl3_send_client_key_exchange(SSL *s int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? Modified: releng/10.0/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -1301,6 +1301,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1435,7 +1444,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); Modified: releng/10.0/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- releng/10.0/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:33:23 2014 (r267104) @@ -673,6 +673,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -700,6 +701,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; @@ -770,7 +772,10 @@ int ssl3_accept(SSL *s) s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #else if (s->s3->next_proto_neg_seen) + { + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->s3->tmp.next_state=SSL3_ST_SR_NEXT_PROTO_A; + } else s->s3->tmp.next_state=SSL3_ST_SR_FINISHED_A; #endif Modified: releng/10.0/crypto/openssl/ssl/ssl3.h ============================================================================== --- releng/10.0/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:33:23 2014 (r267104) @@ -399,6 +399,7 @@ typedef struct ssl3_buffer_st * effected, but we can't prevent that. */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +#define SSL3_FLAGS_CCS_OK 0x0080 #ifndef OPENSSL_NO_SSL_INTERN Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Thu Jun 5 12:32:38 2014 (r267103) +++ releng/10.0/sys/conf/newvers.sh Thu Jun 5 12:33:23 2014 (r267104) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p4" +BRANCH="RELEASE-p5" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/UPDATING Thu Jun 5 12:33:23 2014 (r267104) @@ -15,6 +15,9 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140605: p12 FreeBSD-SA-14:14.openssl + Fix OpenSSL multiple vulnerabilities. [SA-14:14] + 20140603: p11 FreeBSD-SA-14:11.sendmail FreeBSD-SA-14:12.ktrace FreeBSD-EN-14:06.exec Modified: releng/8.4/crypto/openssl/ssl/d1_both.c ============================================================================== --- releng/8.4/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:33:23 2014 (r267104) @@ -620,7 +620,16 @@ dtls1_reassemble_fragment(SSL *s, struct frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. @@ -777,6 +786,7 @@ dtls1_get_message_fragment(SSL *s, int s int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -835,8 +845,7 @@ dtls1_get_message_fragment(SSL *s, int s s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { Modified: releng/8.4/crypto/openssl/ssl/s3_clnt.c ============================================================================== --- releng/8.4/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -491,6 +491,7 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; @@ -777,6 +778,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ @@ -2170,6 +2172,13 @@ int ssl3_send_client_key_exchange(SSL *s int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? Modified: releng/8.4/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/8.4/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -1147,6 +1147,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1278,7 +1287,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); Modified: releng/8.4/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- releng/8.4/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:33:23 2014 (r267104) @@ -523,6 +523,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -533,6 +534,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; Modified: releng/8.4/crypto/openssl/ssl/ssl3.h ============================================================================== --- releng/8.4/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:33:23 2014 (r267104) @@ -344,6 +344,7 @@ typedef struct ssl3_buffer_st * effected, but we can't prevent that. */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +#define SSL3_FLAGS_CCS_OK 0x0080 typedef struct ssl3_state_st { Modified: releng/8.4/sys/conf/newvers.sh ============================================================================== --- releng/8.4/sys/conf/newvers.sh Thu Jun 5 12:32:38 2014 (r267103) +++ releng/8.4/sys/conf/newvers.sh Thu Jun 5 12:33:23 2014 (r267104) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="8.4" -BRANCH="RELEASE-p11" +BRANCH="RELEASE-p12" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/UPDATING Thu Jun 5 12:33:23 2014 (r267104) @@ -9,6 +9,9 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140605: p15 FreeBSD-SA-14:14.openssl + Fix OpenSSL multiple vulnerabilities. [SA-14:14] + 20140603: p14 FreeBSD-SA-14:11.sendmail FreeBSD-SA-14:12.ktrace FreeBSD-SA-14:13.pam Modified: releng/9.1/crypto/openssl/ssl/d1_both.c ============================================================================== --- releng/9.1/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:33:23 2014 (r267104) @@ -620,7 +620,16 @@ dtls1_reassemble_fragment(SSL *s, struct frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. @@ -777,6 +786,7 @@ dtls1_get_message_fragment(SSL *s, int s int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -835,8 +845,7 @@ dtls1_get_message_fragment(SSL *s, int s s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { Modified: releng/9.1/crypto/openssl/ssl/s3_clnt.c ============================================================================== --- releng/9.1/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -491,6 +491,7 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; @@ -777,6 +778,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ @@ -2170,6 +2172,13 @@ int ssl3_send_client_key_exchange(SSL *s int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? Modified: releng/9.1/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/9.1/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -1147,6 +1147,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1278,7 +1287,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); Modified: releng/9.1/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- releng/9.1/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:33:23 2014 (r267104) @@ -523,6 +523,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -533,6 +534,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; Modified: releng/9.1/crypto/openssl/ssl/ssl3.h ============================================================================== --- releng/9.1/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:33:23 2014 (r267104) @@ -344,6 +344,7 @@ typedef struct ssl3_buffer_st * effected, but we can't prevent that. */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +#define SSL3_FLAGS_CCS_OK 0x0080 typedef struct ssl3_state_st { Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.1/sys/conf/newvers.sh Thu Jun 5 12:33:23 2014 (r267104) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p14" +BRANCH="RELEASE-p15" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/UPDATING Thu Jun 5 12:33:23 2014 (r267104) @@ -11,6 +11,9 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140605: p8 FreeBSD-SA-14:14.openssl + Fix OpenSSL multiple vulnerabilities. [SA-14:14] + 20140603: p7 FreeBSD-SA-14:11.sendmail FreeBSD-SA-14:12.ktrace FreeBSD-SA-14:13.pam Modified: releng/9.2/crypto/openssl/ssl/d1_both.c ============================================================================== --- releng/9.2/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/crypto/openssl/ssl/d1_both.c Thu Jun 5 12:33:23 2014 (r267104) @@ -620,7 +620,16 @@ dtls1_reassemble_fragment(SSL *s, struct frag->msg_header.frag_off = 0; } else + { frag = (hm_fragment*) item->data; + if (frag->msg_header.msg_len != msg_hdr->msg_len) + { + item = NULL; + frag = NULL; + goto err; + } + } + /* If message is already reassembled, this must be a * retransmit and can be dropped. @@ -777,6 +786,7 @@ dtls1_get_message_fragment(SSL *s, int s int i,al; struct hm_header_st msg_hdr; + redo: /* see if we have the required fragment already */ if ((frag_len = dtls1_retrieve_buffered_fragment(s,max,ok)) || *ok) { @@ -835,8 +845,7 @@ dtls1_get_message_fragment(SSL *s, int s s->msg_callback_arg); s->init_num = 0; - return dtls1_get_message_fragment(s, st1, stn, - max, ok); + goto redo; } else /* Incorrectly formated Hello request */ { Modified: releng/9.2/crypto/openssl/ssl/s3_clnt.c ============================================================================== --- releng/9.2/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/crypto/openssl/ssl/s3_clnt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -491,6 +491,7 @@ int ssl3_connect(SSL *s) case SSL3_ST_CR_FINISHED_A: case SSL3_ST_CR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_CR_FINISHED_A, SSL3_ST_CR_FINISHED_B); if (ret <= 0) goto end; @@ -777,6 +778,7 @@ int ssl3_get_server_hello(SSL *s) SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); goto f_err; } + s->s3->flags |= SSL3_FLAGS_CCS_OK; s->hit=1; } else /* a miss or crap from the other end */ @@ -2170,6 +2172,13 @@ int ssl3_send_client_key_exchange(SSL *s int ecdh_clnt_cert = 0; int field_size = 0; + if (s->session->sess_cert == NULL) + { + ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_UNEXPECTED_MESSAGE); + SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_UNEXPECTED_MESSAGE); + goto err; + } + /* Did we send out the client's * ECDH share for use in premaster * computation as part of client certificate? Modified: releng/9.2/crypto/openssl/ssl/s3_pkt.c ============================================================================== --- releng/9.2/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/crypto/openssl/ssl/s3_pkt.c Thu Jun 5 12:33:23 2014 (r267104) @@ -1147,6 +1147,15 @@ start: goto f_err; } + if (!(s->s3->flags & SSL3_FLAGS_CCS_OK)) + { + al=SSL_AD_UNEXPECTED_MESSAGE; + SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_CCS_RECEIVED_EARLY); + goto f_err; + } + + s->s3->flags &= ~SSL3_FLAGS_CCS_OK; + rr->length=0; if (s->msg_callback) @@ -1278,7 +1287,7 @@ int ssl3_do_change_cipher_spec(SSL *s) if (s->s3->tmp.key_block == NULL) { - if (s->session == NULL) + if (s->session == NULL || s->session->master_key_length == 0) { /* might happen if dtls1_read_bytes() calls this */ SSLerr(SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC,SSL_R_CCS_RECEIVED_EARLY); Modified: releng/9.2/crypto/openssl/ssl/s3_srvr.c ============================================================================== --- releng/9.2/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/crypto/openssl/ssl/s3_srvr.c Thu Jun 5 12:33:23 2014 (r267104) @@ -523,6 +523,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_CERT_VRFY_A: case SSL3_ST_SR_CERT_VRFY_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; /* we should decide if we expected this one */ ret=ssl3_get_cert_verify(s); if (ret <= 0) goto end; @@ -533,6 +534,7 @@ int ssl3_accept(SSL *s) case SSL3_ST_SR_FINISHED_A: case SSL3_ST_SR_FINISHED_B: + s->s3->flags |= SSL3_FLAGS_CCS_OK; ret=ssl3_get_finished(s,SSL3_ST_SR_FINISHED_A, SSL3_ST_SR_FINISHED_B); if (ret <= 0) goto end; Modified: releng/9.2/crypto/openssl/ssl/ssl3.h ============================================================================== --- releng/9.2/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/crypto/openssl/ssl/ssl3.h Thu Jun 5 12:33:23 2014 (r267104) @@ -344,6 +344,7 @@ typedef struct ssl3_buffer_st * effected, but we can't prevent that. */ #define SSL3_FLAGS_SGC_RESTART_DONE 0x0040 +#define SSL3_FLAGS_CCS_OK 0x0080 typedef struct ssl3_state_st { Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Thu Jun 5 12:32:38 2014 (r267103) +++ releng/9.2/sys/conf/newvers.sh Thu Jun 5 12:33:23 2014 (r267104) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p7" +BRANCH="RELEASE-p8" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@FreeBSD.ORG Fri Jun 20 00:11:35 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A0F7E5F0; Fri, 20 Jun 2014 00:11:35 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 73F8B2993; Fri, 20 Jun 2014 00:11:35 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5K0BZ4W039491; Fri, 20 Jun 2014 00:11:35 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5K0BZ9w039490; Fri, 20 Jun 2014 00:11:35 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406200011.s5K0BZ9w039490@svn.freebsd.org> From: Glen Barber Date: Fri, 20 Jun 2014 00:11:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267654 - releng/9.3 X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 00:11:35 -0000 Author: gjb Date: Fri Jun 20 00:11:34 2014 New Revision: 267654 URL: http://svnweb.freebsd.org/changeset/base/267654 Log: Copy stable/9 to releng/9.3 as part of the 9.3-RELEASE cycle. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Added: releng/9.3/ - copied from r267653, stable/9/ From owner-svn-src-releng@FreeBSD.ORG Fri Jun 20 00:13:57 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3657775B; Fri, 20 Jun 2014 00:13:57 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1681A29AF; Fri, 20 Jun 2014 00:13:57 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5K0Dvmx039933; Fri, 20 Jun 2014 00:13:57 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5K0DvMv039932; Fri, 20 Jun 2014 00:13:57 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406200013.s5K0DvMv039932@svn.freebsd.org> From: Glen Barber Date: Fri, 20 Jun 2014 00:13:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267655 - in releng/9.3: . contrib/top lib lib/libthr/thread share/man/man4 share/mk sys/dev/usb/wlan usr.sbin X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 00:13:57 -0000 Author: gjb Date: Fri Jun 20 00:13:56 2014 New Revision: 267655 URL: http://svnweb.freebsd.org/changeset/base/267655 Log: Remove svn:mergeinfo carried over from stable/9. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: Directory Properties: releng/9.3/ (props changed) releng/9.3/COPYRIGHT (props changed) releng/9.3/MAINTAINERS (props changed) releng/9.3/Makefile (props changed) releng/9.3/Makefile.inc1 (props changed) releng/9.3/ObsoleteFiles.inc (props changed) releng/9.3/UPDATING (props changed) releng/9.3/bin/ (props changed) releng/9.3/bin/cat/ (props changed) releng/9.3/bin/cp/ (props changed) releng/9.3/bin/csh/ (props changed) releng/9.3/bin/date/ (props changed) releng/9.3/bin/dd/ (props changed) releng/9.3/bin/df/ (props changed) releng/9.3/bin/ed/ (props changed) releng/9.3/bin/expr/ (props changed) releng/9.3/bin/getfacl/ (props changed) releng/9.3/bin/kenv/ (props changed) releng/9.3/bin/ln/ (props changed) releng/9.3/bin/mkdir/ (props changed) releng/9.3/bin/mv/ (props changed) releng/9.3/bin/pkill/ (props changed) releng/9.3/bin/ps/ (props changed) releng/9.3/bin/pwait/ (props changed) releng/9.3/bin/rcp/ (props changed) releng/9.3/bin/rm/ (props changed) releng/9.3/bin/setfacl/ (props changed) releng/9.3/bin/sh/ (props changed) releng/9.3/bin/sleep/ (props changed) releng/9.3/bin/test/ (props changed) releng/9.3/bin/uuidgen/ (props changed) releng/9.3/cddl/ (props changed) releng/9.3/cddl/contrib/ (props changed) releng/9.3/cddl/contrib/dtracetoolkit/ (props changed) releng/9.3/cddl/contrib/opensolaris/ (props changed) releng/9.3/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/llquantize/ (props changed) releng/9.3/cddl/contrib/opensolaris/cmd/dtrace/test/tst/common/print/ (props changed) releng/9.3/cddl/contrib/opensolaris/cmd/zfs/ (props changed) releng/9.3/cddl/contrib/opensolaris/cmd/zpool/ (props changed) releng/9.3/cddl/contrib/opensolaris/lib/libdtrace/common/ (props changed) releng/9.3/cddl/contrib/opensolaris/lib/libzfs/ (props changed) releng/9.3/cddl/lib/ (props changed) releng/9.3/cddl/lib/drti/ (props changed) releng/9.3/cddl/lib/libdtrace/ (props changed) releng/9.3/cddl/usr.bin/zinject/ (props changed) releng/9.3/contrib/ (props changed) releng/9.3/contrib/bind9/ (props changed) releng/9.3/contrib/binutils/ (props changed) releng/9.3/contrib/bmake/ (props changed) releng/9.3/contrib/bsnmp/ (props changed) releng/9.3/contrib/bsnmp/snmp_mibII/ (props changed) releng/9.3/contrib/bzip2/ (props changed) releng/9.3/contrib/compiler-rt/ (props changed) releng/9.3/contrib/dialog/ (props changed) releng/9.3/contrib/diff/ (props changed) releng/9.3/contrib/ee/ (props changed) releng/9.3/contrib/expat/ (props changed) releng/9.3/contrib/file/ (props changed) releng/9.3/contrib/gcc/ (props changed) releng/9.3/contrib/gcclibs/ (props changed) releng/9.3/contrib/gdb/ (props changed) releng/9.3/contrib/gdtoa/ (props changed) releng/9.3/contrib/gnu-sort/ (props changed) releng/9.3/contrib/gperf/ (props changed) releng/9.3/contrib/groff/ (props changed) releng/9.3/contrib/less/ (props changed) releng/9.3/contrib/libarchive/ (props changed) releng/9.3/contrib/libarchive/cpio/ (props changed) releng/9.3/contrib/libarchive/libarchive/ (props changed) releng/9.3/contrib/libarchive/libarchive_fe/ (props changed) releng/9.3/contrib/libarchive/tar/ (props changed) releng/9.3/contrib/libc++/ (props changed) releng/9.3/contrib/libc-pwcache/ (props changed) releng/9.3/contrib/libc-vis/ (props changed) releng/9.3/contrib/libcxxrt/ (props changed) releng/9.3/contrib/libpcap/ (props changed) releng/9.3/contrib/libstdc++/ (props changed) releng/9.3/contrib/libucl/ (props changed) releng/9.3/contrib/llvm/ (props changed) releng/9.3/contrib/llvm/tools/clang/ (props changed) releng/9.3/contrib/mknod/ (props changed) releng/9.3/contrib/mtree/ (props changed) releng/9.3/contrib/ncurses/ (props changed) releng/9.3/contrib/netcat/ (props changed) releng/9.3/contrib/ntp/ (props changed) releng/9.3/contrib/nvi/ (props changed) releng/9.3/contrib/one-true-awk/ (props changed) releng/9.3/contrib/openbsm/ (props changed) releng/9.3/contrib/openpam/ (props changed) releng/9.3/contrib/openresolv/ (props changed) releng/9.3/contrib/opie/ (props changed) releng/9.3/contrib/pf/ (props changed) releng/9.3/contrib/pnpinfo/ (props changed) releng/9.3/contrib/sendmail/ (props changed) releng/9.3/contrib/tcpdump/ (props changed) releng/9.3/contrib/tcsh/ (props changed) releng/9.3/contrib/telnet/ (props changed) releng/9.3/contrib/tnftp/ (props changed) releng/9.3/contrib/top/ (props changed) releng/9.3/contrib/top/install-sh (props changed) releng/9.3/contrib/traceroute/ (props changed) releng/9.3/contrib/tzcode/ (props changed) releng/9.3/contrib/tzcode/stdtime/ (props changed) releng/9.3/contrib/tzcode/zic/ (props changed) releng/9.3/contrib/tzdata/ (props changed) releng/9.3/contrib/unvis/ (props changed) releng/9.3/contrib/vis/ (props changed) releng/9.3/contrib/wpa/ (props changed) releng/9.3/contrib/xz/ (props changed) releng/9.3/crypto/heimdal/ (props changed) releng/9.3/crypto/openssh/ (props changed) releng/9.3/crypto/openssl/ (props changed) releng/9.3/etc/ (props changed) releng/9.3/etc/mtree/ (props changed) releng/9.3/etc/rc.d/ (props changed) releng/9.3/games/bcd/ (props changed) releng/9.3/games/caesar/ (props changed) releng/9.3/games/factor/ (props changed) releng/9.3/games/fortune/ (props changed) releng/9.3/games/fortune/fortune/ (props changed) releng/9.3/games/grdc/ (props changed) releng/9.3/games/morse/ (props changed) releng/9.3/games/number/ (props changed) releng/9.3/games/pom/ (props changed) releng/9.3/games/random/ (props changed) releng/9.3/gnu/lib/ (props changed) releng/9.3/gnu/lib/csu/ (props changed) releng/9.3/gnu/lib/libgcc/ (props changed) releng/9.3/gnu/lib/libgomp/ (props changed) releng/9.3/gnu/lib/libstdc++/ (props changed) releng/9.3/gnu/lib/libsupc++/ (props changed) releng/9.3/gnu/usr.bin/binutils/ (props changed) releng/9.3/gnu/usr.bin/binutils/libbinutils/ (props changed) releng/9.3/gnu/usr.bin/cc/c++/ (props changed) releng/9.3/gnu/usr.bin/cc/cc_tools/ (props changed) releng/9.3/gnu/usr.bin/cc/include/ (props changed) releng/9.3/gnu/usr.bin/gdb/ (props changed) releng/9.3/gnu/usr.bin/gdb/kgdb/ (props changed) releng/9.3/gnu/usr.bin/gperf/ (props changed) releng/9.3/gnu/usr.bin/groff/ (props changed) releng/9.3/gnu/usr.bin/send-pr/ (props changed) releng/9.3/include/ (props changed) releng/9.3/include/arpa/ (props changed) releng/9.3/kerberos5/ (props changed) releng/9.3/kerberos5/lib/libgssapi_krb5/ (props changed) releng/9.3/lib/ (props changed) releng/9.3/lib/Makefile (props changed) releng/9.3/lib/bind/ (props changed) releng/9.3/lib/clang/ (props changed) releng/9.3/lib/clang/include/ (props changed) releng/9.3/lib/csu/ (props changed) releng/9.3/lib/libarchive/ (props changed) releng/9.3/lib/libbluetooth/ (props changed) releng/9.3/lib/libc/ (props changed) releng/9.3/lib/libc++/ (props changed) releng/9.3/lib/libc/stdtime/ (props changed) releng/9.3/lib/libc/sys/ (props changed) releng/9.3/lib/libc/uuid/ (props changed) releng/9.3/lib/libcam/ (props changed) releng/9.3/lib/libcompiler_rt/ (props changed) releng/9.3/lib/libcrypt/ (props changed) releng/9.3/lib/libcxxrt/ (props changed) releng/9.3/lib/libdwarf/ (props changed) releng/9.3/lib/libedit/ (props changed) releng/9.3/lib/libelf/ (props changed) releng/9.3/lib/libexpat/ (props changed) releng/9.3/lib/libfetch/ (props changed) releng/9.3/lib/libgeom/ (props changed) releng/9.3/lib/libgpib/ (props changed) releng/9.3/lib/libgssapi/ (props changed) releng/9.3/lib/libiconv_modules/ (props changed) releng/9.3/lib/libipsec/ (props changed) releng/9.3/lib/libjail/ (props changed) releng/9.3/lib/libkiconv/ (props changed) releng/9.3/lib/libkvm/ (props changed) releng/9.3/lib/libmagic/ (props changed) releng/9.3/lib/libmemstat/ (props changed) releng/9.3/lib/libncp/ (props changed) releng/9.3/lib/libnetbsd/ (props changed) releng/9.3/lib/libnetgraph/ (props changed) releng/9.3/lib/libopie/ (props changed) releng/9.3/lib/libpam/ (props changed) releng/9.3/lib/libpcap/ (props changed) releng/9.3/lib/libpmc/ (props changed) releng/9.3/lib/libproc/ (props changed) releng/9.3/lib/libprocstat/ (props changed) releng/9.3/lib/libradius/ (props changed) releng/9.3/lib/librpcsec_gss/ (props changed) releng/9.3/lib/librpcsvc/ (props changed) releng/9.3/lib/librt/ (props changed) releng/9.3/lib/libsbuf/ (props changed) releng/9.3/lib/libsm/ (props changed) releng/9.3/lib/libstand/ (props changed) releng/9.3/lib/libstdbuf/ (props changed) releng/9.3/lib/libtacplus/ (props changed) releng/9.3/lib/libthr/ (props changed) releng/9.3/lib/libthr/thread/thr_setprio.c (props changed) releng/9.3/lib/libthr/thread/thr_setschedparam.c (props changed) releng/9.3/lib/libthread_db/ (props changed) releng/9.3/lib/libucl/ (props changed) releng/9.3/lib/libulog/ (props changed) releng/9.3/lib/libusb/ (props changed) releng/9.3/lib/libusbhid/ (props changed) releng/9.3/lib/libutil/ (props changed) releng/9.3/lib/libvgl/ (props changed) releng/9.3/lib/libypclnt/ (props changed) releng/9.3/lib/libz/ (props changed) releng/9.3/lib/msun/ (props changed) releng/9.3/lib/ncurses/form/ (props changed) releng/9.3/lib/ncurses/menu/ (props changed) releng/9.3/lib/ncurses/ncurses/ (props changed) releng/9.3/lib/ncurses/panel/ (props changed) releng/9.3/libexec/atrun/ (props changed) releng/9.3/libexec/bootpd/ (props changed) releng/9.3/libexec/comsat/ (props changed) releng/9.3/libexec/ftpd/ (props changed) releng/9.3/libexec/getty/ (props changed) releng/9.3/libexec/mail.local/ (props changed) releng/9.3/libexec/pppoed/ (props changed) releng/9.3/libexec/rbootd/ (props changed) releng/9.3/libexec/rshd/ (props changed) releng/9.3/libexec/rtld-elf/ (props changed) releng/9.3/libexec/save-entropy/ (props changed) releng/9.3/libexec/smrsh/ (props changed) releng/9.3/libexec/tftpd/ (props changed) releng/9.3/libexec/ypxfr/ (props changed) releng/9.3/release/ (props changed) releng/9.3/release/doc/ (props changed) releng/9.3/release/doc/en_US.ISO8859-1/hardware/ (props changed) releng/9.3/release/ia64/ (props changed) releng/9.3/release/picobsd/tinyware/passwd/ (props changed) releng/9.3/rescue/ (props changed) releng/9.3/rescue/rescue/ (props changed) releng/9.3/sbin/ (props changed) releng/9.3/sbin/atacontrol/ (props changed) releng/9.3/sbin/atm/atmconfig/ (props changed) releng/9.3/sbin/bsdlabel/ (props changed) releng/9.3/sbin/camcontrol/ (props changed) releng/9.3/sbin/ccdconfig/ (props changed) releng/9.3/sbin/ddb/ (props changed) releng/9.3/sbin/devd/ (props changed) releng/9.3/sbin/devfs/ (props changed) releng/9.3/sbin/dhclient/ (props changed) releng/9.3/sbin/dump/ (props changed) releng/9.3/sbin/dumpfs/ (props changed) releng/9.3/sbin/fdisk/ (props changed) releng/9.3/sbin/fdisk_pc98/ (props changed) releng/9.3/sbin/fsck_ffs/ (props changed) releng/9.3/sbin/fsck_msdosfs/ (props changed) releng/9.3/sbin/fsdb/ (props changed) releng/9.3/sbin/fsirand/ (props changed) releng/9.3/sbin/gbde/ (props changed) releng/9.3/sbin/geom/ (props changed) releng/9.3/sbin/geom/class/mirror/ (props changed) releng/9.3/sbin/geom/class/multipath/ (props changed) releng/9.3/sbin/geom/class/part/ (props changed) releng/9.3/sbin/geom/class/raid/ (props changed) releng/9.3/sbin/geom/class/raid3/ (props changed) releng/9.3/sbin/geom/class/sched/ (props changed) releng/9.3/sbin/geom/class/virstor/ (props changed) releng/9.3/sbin/ggate/ (props changed) releng/9.3/sbin/growfs/ (props changed) releng/9.3/sbin/gvinum/ (props changed) releng/9.3/sbin/hastctl/ (props changed) releng/9.3/sbin/hastd/ (props changed) releng/9.3/sbin/ifconfig/ (props changed) releng/9.3/sbin/init/ (props changed) releng/9.3/sbin/ipf/ (props changed) releng/9.3/sbin/ipfw/ (props changed) releng/9.3/sbin/iscontrol/ (props changed) releng/9.3/sbin/kldload/ (props changed) releng/9.3/sbin/mca/ (props changed) releng/9.3/sbin/md5/ (props changed) releng/9.3/sbin/mdconfig/ (props changed) releng/9.3/sbin/mdmfs/ (props changed) releng/9.3/sbin/mount/ (props changed) releng/9.3/sbin/mount_cd9660/ (props changed) releng/9.3/sbin/mount_msdosfs/ (props changed) releng/9.3/sbin/mount_nfs/ (props changed) releng/9.3/sbin/mount_ntfs/ (props changed) releng/9.3/sbin/mount_nullfs/ (props changed) releng/9.3/sbin/mount_unionfs/ (props changed) releng/9.3/sbin/natd/ (props changed) releng/9.3/sbin/newfs/ (props changed) releng/9.3/sbin/newfs_msdos/ (props changed) releng/9.3/sbin/nvmecontrol/ (props changed) releng/9.3/sbin/ping6/ (props changed) releng/9.3/sbin/quotacheck/ (props changed) releng/9.3/sbin/rcorder/ (props changed) releng/9.3/sbin/reboot/ (props changed) releng/9.3/sbin/recoverdisk/ (props changed) releng/9.3/sbin/restore/ (props changed) releng/9.3/sbin/route/ (props changed) releng/9.3/sbin/routed/rtquery/ (props changed) releng/9.3/sbin/savecore/ (props changed) releng/9.3/sbin/setkey/ (props changed) releng/9.3/sbin/shutdown/ (props changed) releng/9.3/sbin/swapon/ (props changed) releng/9.3/sbin/sysctl/ (props changed) releng/9.3/sbin/tunefs/ (props changed) releng/9.3/sbin/umount/ (props changed) releng/9.3/secure/lib/libcrypt/ (props changed) releng/9.3/secure/lib/libcrypto/ (props changed) releng/9.3/secure/lib/libssh/ (props changed) releng/9.3/secure/lib/libssl/ (props changed) releng/9.3/secure/libexec/ssh-keysign/ (props changed) releng/9.3/secure/usr.bin/openssl/ (props changed) releng/9.3/secure/usr.bin/ssh/ (props changed) releng/9.3/secure/usr.sbin/sshd/ (props changed) releng/9.3/share/ (props changed) releng/9.3/share/doc/ (props changed) releng/9.3/share/doc/bind9/ (props changed) releng/9.3/share/doc/smm/ (props changed) releng/9.3/share/dtrace/ (props changed) releng/9.3/share/examples/ (props changed) releng/9.3/share/examples/csh/ (props changed) releng/9.3/share/examples/cvsup/ (props changed) releng/9.3/share/examples/diskless/ (props changed) releng/9.3/share/examples/etc/ (props changed) releng/9.3/share/examples/kld/dyn_sysctl/ (props changed) releng/9.3/share/examples/ppp/ (props changed) releng/9.3/share/examples/printing/ (props changed) releng/9.3/share/examples/scsi_target/ (props changed) releng/9.3/share/examples/ses/ (props changed) releng/9.3/share/i18n/csmapper/ (props changed) releng/9.3/share/info/ (props changed) releng/9.3/share/man/ (props changed) releng/9.3/share/man/man3/ (props changed) releng/9.3/share/man/man4/ (props changed) releng/9.3/share/man/man4/run.4 (props changed) releng/9.3/share/man/man4/runfw.4 (props changed) releng/9.3/share/man/man5/ (props changed) releng/9.3/share/man/man7/ (props changed) releng/9.3/share/man/man8/ (props changed) releng/9.3/share/man/man9/ (props changed) releng/9.3/share/misc/ (props changed) releng/9.3/share/mk/ (props changed) releng/9.3/share/mk/bsd.arch.inc.mk (props changed) releng/9.3/share/mk/bsd.sys.mk (props changed) releng/9.3/share/skel/ (props changed) releng/9.3/share/syscons/ (props changed) releng/9.3/share/syscons/keymaps/ (props changed) releng/9.3/share/termcap/ (props changed) releng/9.3/share/zoneinfo/ (props changed) releng/9.3/sys/ (props changed) releng/9.3/sys/amd64/include/xen/ (props changed) releng/9.3/sys/boot/ (props changed) releng/9.3/sys/boot/forth/ (props changed) releng/9.3/sys/boot/i386/efi/ (props changed) releng/9.3/sys/boot/i386/gptboot/ (props changed) releng/9.3/sys/boot/ia64/efi/ (props changed) releng/9.3/sys/boot/ia64/ski/ (props changed) releng/9.3/sys/boot/powerpc/boot1.chrp/ (props changed) releng/9.3/sys/boot/powerpc/ofw/ (props changed) releng/9.3/sys/cddl/contrib/opensolaris/ (props changed) releng/9.3/sys/conf/ (props changed) releng/9.3/sys/contrib/dev/acpica/ (props changed) releng/9.3/sys/contrib/dev/run/ (props changed) releng/9.3/sys/contrib/octeon-sdk/ (props changed) releng/9.3/sys/contrib/pf/ (props changed) releng/9.3/sys/contrib/x86emu/ (props changed) releng/9.3/sys/dev/ (props changed) releng/9.3/sys/dev/e1000/ (props changed) releng/9.3/sys/dev/isp/ (props changed) releng/9.3/sys/dev/ixgbe/ (props changed) releng/9.3/sys/dev/puc/ (props changed) releng/9.3/sys/dev/usb/wlan/if_run.c (props changed) releng/9.3/sys/dev/usb/wlan/if_runreg.h (props changed) releng/9.3/sys/fs/ (props changed) releng/9.3/sys/fs/ntfs/ (props changed) releng/9.3/sys/modules/ (props changed) releng/9.3/sys/modules/ixgbe/ (props changed) releng/9.3/sys/net/ (props changed) releng/9.3/sys/netpfil/ (props changed) releng/9.3/sys/sys/ (props changed) releng/9.3/tools/ (props changed) releng/9.3/tools/build/ (props changed) releng/9.3/tools/build/options/ (props changed) releng/9.3/tools/diag/ (props changed) releng/9.3/tools/kerneldoc/ (props changed) releng/9.3/tools/regression/ (props changed) releng/9.3/tools/regression/aio/aiotest/ (props changed) releng/9.3/tools/regression/bin/sh/ (props changed) releng/9.3/tools/regression/bin/test/ (props changed) releng/9.3/tools/regression/doat/ (props changed) releng/9.3/tools/regression/fifo/ (props changed) releng/9.3/tools/regression/fsx/ (props changed) releng/9.3/tools/regression/lib/libc/ (props changed) releng/9.3/tools/regression/netinet/ (props changed) releng/9.3/tools/regression/pipe/ (props changed) releng/9.3/tools/regression/security/cap_test/ (props changed) releng/9.3/tools/regression/sockets/ (props changed) releng/9.3/tools/regression/usr.sbin/ (props changed) releng/9.3/tools/regression/usr.sbin/etcupdate/ (props changed) releng/9.3/tools/test/ (props changed) releng/9.3/tools/test/auxinfo/ (props changed) releng/9.3/tools/test/pthread_vfork/ (props changed) releng/9.3/tools/tools/ (props changed) releng/9.3/tools/tools/ath/ (props changed) releng/9.3/tools/tools/bootparttest/ (props changed) releng/9.3/tools/tools/cxgbetool/ (props changed) releng/9.3/tools/tools/ether_reflect/ (props changed) releng/9.3/tools/tools/mcgrab/ (props changed) releng/9.3/tools/tools/nanobsd/ (props changed) releng/9.3/tools/tools/netmap/ (props changed) releng/9.3/tools/tools/syscall_timing/ (props changed) releng/9.3/tools/tools/sysdoc/ (props changed) releng/9.3/tools/tools/umastat/ (props changed) releng/9.3/tools/tools/vimage/ (props changed) releng/9.3/tools/tools/zfsboottest/ (props changed) releng/9.3/usr.bin/ (props changed) releng/9.3/usr.bin/apply/ (props changed) releng/9.3/usr.bin/ar/ (props changed) releng/9.3/usr.bin/at/ (props changed) releng/9.3/usr.bin/bc/ (props changed) releng/9.3/usr.bin/bmake/ (props changed) releng/9.3/usr.bin/brandelf/ (props changed) releng/9.3/usr.bin/bsdiff/ (props changed) releng/9.3/usr.bin/c89/ (props changed) releng/9.3/usr.bin/c99/ (props changed) releng/9.3/usr.bin/calendar/ (props changed) releng/9.3/usr.bin/calendar/calendars/ (props changed) releng/9.3/usr.bin/chpass/ (props changed) releng/9.3/usr.bin/clang/ (props changed) releng/9.3/usr.bin/comm/ (props changed) releng/9.3/usr.bin/compress/ (props changed) releng/9.3/usr.bin/cpio/ (props changed) releng/9.3/usr.bin/csup/ (props changed) releng/9.3/usr.bin/ctlstat/ (props changed) releng/9.3/usr.bin/cut/ (props changed) releng/9.3/usr.bin/dc/ (props changed) releng/9.3/usr.bin/dig/ (props changed) releng/9.3/usr.bin/du/ (props changed) releng/9.3/usr.bin/ee/ (props changed) releng/9.3/usr.bin/fetch/ (props changed) releng/9.3/usr.bin/find/ (props changed) releng/9.3/usr.bin/finger/ (props changed) releng/9.3/usr.bin/fstat/ (props changed) releng/9.3/usr.bin/gcore/ (props changed) releng/9.3/usr.bin/gprof/ (props changed) releng/9.3/usr.bin/grep/ (props changed) releng/9.3/usr.bin/gzip/ (props changed) releng/9.3/usr.bin/hexdump/ (props changed) releng/9.3/usr.bin/host/ (props changed) releng/9.3/usr.bin/indent/ (props changed) releng/9.3/usr.bin/ipcrm/ (props changed) releng/9.3/usr.bin/join/ (props changed) releng/9.3/usr.bin/kdump/ (props changed) releng/9.3/usr.bin/killall/ (props changed) releng/9.3/usr.bin/ktrace/ (props changed) releng/9.3/usr.bin/ktrdump/ (props changed) releng/9.3/usr.bin/last/ (props changed) releng/9.3/usr.bin/lastcomm/ (props changed) releng/9.3/usr.bin/ldd/ (props changed) releng/9.3/usr.bin/less/ (props changed) releng/9.3/usr.bin/lex/ (props changed) releng/9.3/usr.bin/limits/ (props changed) releng/9.3/usr.bin/locale/ (props changed) releng/9.3/usr.bin/lock/ (props changed) releng/9.3/usr.bin/lockf/ (props changed) releng/9.3/usr.bin/login/ (props changed) releng/9.3/usr.bin/lsvfs/ (props changed) releng/9.3/usr.bin/m4/ (props changed) releng/9.3/usr.bin/mail/ (props changed) releng/9.3/usr.bin/make/ (props changed) releng/9.3/usr.bin/makewhatis/ (props changed) releng/9.3/usr.bin/man/ (props changed) releng/9.3/usr.bin/minigzip/ (props changed) releng/9.3/usr.bin/ministat/ (props changed) releng/9.3/usr.bin/mkcsmapper/ (props changed) releng/9.3/usr.bin/mkesdb/ (props changed) releng/9.3/usr.bin/mklocale/ (props changed) releng/9.3/usr.bin/mktemp/ (props changed) releng/9.3/usr.bin/msgs/ (props changed) releng/9.3/usr.bin/mt/ (props changed) releng/9.3/usr.bin/ncal/ (props changed) releng/9.3/usr.bin/ncplist/ (props changed) releng/9.3/usr.bin/ncplogin/ (props changed) releng/9.3/usr.bin/netstat/ (props changed) releng/9.3/usr.bin/newgrp/ (props changed) releng/9.3/usr.bin/nfsstat/ (props changed) releng/9.3/usr.bin/nslookup/ (props changed) releng/9.3/usr.bin/passwd/ (props changed) releng/9.3/usr.bin/pr/ (props changed) releng/9.3/usr.bin/printf/ (props changed) releng/9.3/usr.bin/procstat/ (props changed) releng/9.3/usr.bin/protect/ (props changed) releng/9.3/usr.bin/rctl/ (props changed) releng/9.3/usr.bin/rlogin/ (props changed) releng/9.3/usr.bin/rpcgen/ (props changed) releng/9.3/usr.bin/rsh/ (props changed) releng/9.3/usr.bin/rwho/ (props changed) releng/9.3/usr.bin/script/ (props changed) releng/9.3/usr.bin/sed/ (props changed) releng/9.3/usr.bin/seq/ (props changed) releng/9.3/usr.bin/sockstat/ (props changed) releng/9.3/usr.bin/split/ (props changed) releng/9.3/usr.bin/stat/ (props changed) releng/9.3/usr.bin/stdbuf/ (props changed) releng/9.3/usr.bin/su/ (props changed) releng/9.3/usr.bin/systat/ (props changed) releng/9.3/usr.bin/tail/ (props changed) releng/9.3/usr.bin/talk/ (props changed) releng/9.3/usr.bin/tar/ (props changed) releng/9.3/usr.bin/tftp/ (props changed) releng/9.3/usr.bin/top/ (props changed) releng/9.3/usr.bin/touch/ (props changed) releng/9.3/usr.bin/truss/ (props changed) releng/9.3/usr.bin/unvis/ (props changed) releng/9.3/usr.bin/unzip/ (props changed) releng/9.3/usr.bin/usbhidaction/ (props changed) releng/9.3/usr.bin/usbhidctl/ (props changed) releng/9.3/usr.bin/users/ (props changed) releng/9.3/usr.bin/uuencode/ (props changed) releng/9.3/usr.bin/vacation/ (props changed) releng/9.3/usr.bin/vis/ (props changed) releng/9.3/usr.bin/vmstat/ (props changed) releng/9.3/usr.bin/w/ (props changed) releng/9.3/usr.bin/wall/ (props changed) releng/9.3/usr.bin/who/ (props changed) releng/9.3/usr.bin/whois/ (props changed) releng/9.3/usr.bin/write/ (props changed) releng/9.3/usr.bin/xinstall/ (props changed) releng/9.3/usr.bin/xlint/ (props changed) releng/9.3/usr.bin/yes/ (props changed) releng/9.3/usr.sbin/ (props changed) releng/9.3/usr.sbin/Makefile (props changed) releng/9.3/usr.sbin/ac/ (props changed) releng/9.3/usr.sbin/acpi/acpidump/ (props changed) releng/9.3/usr.sbin/adduser/ (props changed) releng/9.3/usr.sbin/amd/ (props changed) releng/9.3/usr.sbin/ancontrol/ (props changed) releng/9.3/usr.sbin/apmd/ (props changed) releng/9.3/usr.sbin/arp/ (props changed) releng/9.3/usr.sbin/authpf/ (props changed) releng/9.3/usr.sbin/bluetooth/ath3kfw/ (props changed) releng/9.3/usr.sbin/bluetooth/bthidd/ (props changed) releng/9.3/usr.sbin/bluetooth/hccontrol/ (props changed) releng/9.3/usr.sbin/bluetooth/sdpd/ (props changed) releng/9.3/usr.sbin/boot0cfg/ (props changed) releng/9.3/usr.sbin/bootparamd/ (props changed) releng/9.3/usr.sbin/bsdconfig/ (props changed) releng/9.3/usr.sbin/bsdinstall/ (props changed) releng/9.3/usr.sbin/bsdinstall/scripts/ (props changed) releng/9.3/usr.sbin/bsnmpd/ (props changed) releng/9.3/usr.sbin/bsnmpd/modules/snmp_hostres/ (props changed) releng/9.3/usr.sbin/bsnmpd/modules/snmp_wlan/ (props changed) releng/9.3/usr.sbin/bsnmpd/tools/bsnmptools/ (props changed) releng/9.3/usr.sbin/btxld/ (props changed) releng/9.3/usr.sbin/burncd/ (props changed) releng/9.3/usr.sbin/cdcontrol/ (props changed) releng/9.3/usr.sbin/chkgrp/ (props changed) releng/9.3/usr.sbin/config/ (props changed) releng/9.3/usr.sbin/cpucontrol/ (props changed) releng/9.3/usr.sbin/crashinfo/ (props changed) releng/9.3/usr.sbin/cron/ (props changed) releng/9.3/usr.sbin/cron/crontab/ (props changed) releng/9.3/usr.sbin/crunch/ (props changed) releng/9.3/usr.sbin/ctladm/ (props changed) releng/9.3/usr.sbin/ctm/ctm_dequeue/ (props changed) releng/9.3/usr.sbin/daemon/ (props changed) releng/9.3/usr.sbin/diskinfo/ (props changed) releng/9.3/usr.sbin/edquota/ (props changed) releng/9.3/usr.sbin/etcupdate/ (props changed) releng/9.3/usr.sbin/flowctl/ (props changed) releng/9.3/usr.sbin/freebsd-update/ (props changed) releng/9.3/usr.sbin/fwcontrol/ (props changed) releng/9.3/usr.sbin/gpioctl/ (props changed) releng/9.3/usr.sbin/gssd/ (props changed) releng/9.3/usr.sbin/i2c/ (props changed) releng/9.3/usr.sbin/ifmcstat/ (props changed) releng/9.3/usr.sbin/inetd/ (props changed) releng/9.3/usr.sbin/iostat/ (props changed) releng/9.3/usr.sbin/ip6addrctl/ (props changed) releng/9.3/usr.sbin/jail/ (props changed) releng/9.3/usr.sbin/jls/ (props changed) releng/9.3/usr.sbin/kbdcontrol/ (props changed) releng/9.3/usr.sbin/kbdmap/ (props changed) releng/9.3/usr.sbin/keyserv/ (props changed) releng/9.3/usr.sbin/kgmon/ (props changed) releng/9.3/usr.sbin/kldxref/ (props changed) releng/9.3/usr.sbin/lpr/ (props changed) releng/9.3/usr.sbin/lpr/filters/ (props changed) releng/9.3/usr.sbin/lpr/lpd/ (props changed) releng/9.3/usr.sbin/makefs/ (props changed) releng/9.3/usr.sbin/memcontrol/ (props changed) releng/9.3/usr.sbin/mergemaster/ (props changed) releng/9.3/usr.sbin/mfiutil/ (props changed) releng/9.3/usr.sbin/mixer/ (props changed) releng/9.3/usr.sbin/mountd/ (props changed) releng/9.3/usr.sbin/moused/ (props changed) releng/9.3/usr.sbin/mptutil/ (props changed) releng/9.3/usr.sbin/mtest/ (props changed) releng/9.3/usr.sbin/mtree/ (props changed) releng/9.3/usr.sbin/named/ (props changed) releng/9.3/usr.sbin/ndiscvt/ (props changed) releng/9.3/usr.sbin/ndp/ (props changed) releng/9.3/usr.sbin/newsyslog/ (props changed) releng/9.3/usr.sbin/nfscbd/ (props changed) releng/9.3/usr.sbin/nfsd/ (props changed) releng/9.3/usr.sbin/nmtree/ (props changed) releng/9.3/usr.sbin/ntp/ (props changed) releng/9.3/usr.sbin/pc-sysinstall/ (props changed) releng/9.3/usr.sbin/pciconf/ (props changed) releng/9.3/usr.sbin/pkg/ (props changed) releng/9.3/usr.sbin/pkg_install/ (props changed) releng/9.3/usr.sbin/pkg_install/add/ (props changed) releng/9.3/usr.sbin/pkg_install/info/ (props changed) releng/9.3/usr.sbin/pkg_install/updating/ (props changed) releng/9.3/usr.sbin/pmcannotate/ (props changed) releng/9.3/usr.sbin/pmccontrol/ (props changed) releng/9.3/usr.sbin/pmcstat/ (props changed) releng/9.3/usr.sbin/portsnap/ (props changed) releng/9.3/usr.sbin/portsnap/portsnap/ (props changed) releng/9.3/usr.sbin/powerd/ (props changed) releng/9.3/usr.sbin/ppp/ (props changed) releng/9.3/usr.sbin/pw/ (props changed) releng/9.3/usr.sbin/pwd_mkdb/ (props changed) releng/9.3/usr.sbin/rarpd/ (props changed) releng/9.3/usr.sbin/route6d/ (props changed) releng/9.3/usr.sbin/rpc.lockd/ (props changed) releng/9.3/usr.sbin/rpc.statd/ (props changed) releng/9.3/usr.sbin/rpc.yppasswdd/ (props changed) releng/9.3/usr.sbin/rpc.ypupdated/ (props changed) releng/9.3/usr.sbin/rpc.ypxfrd/ (props changed) releng/9.3/usr.sbin/rrenumd/ (props changed) releng/9.3/usr.sbin/rtadvctl/ (props changed) releng/9.3/usr.sbin/rtadvd/ (props changed) releng/9.3/usr.sbin/rtprio/ (props changed) releng/9.3/usr.sbin/rtsold/ (props changed) releng/9.3/usr.sbin/rwhod/ (props changed) releng/9.3/usr.sbin/sa/ (props changed) releng/9.3/usr.sbin/sade/ (props changed) releng/9.3/usr.sbin/sendmail/ (props changed) releng/9.3/usr.sbin/service/ (props changed) releng/9.3/usr.sbin/services_mkdb/ (props changed) releng/9.3/usr.sbin/setfib/ (props changed) releng/9.3/usr.sbin/smbmsg/ (props changed) releng/9.3/usr.sbin/syslogd/ (props changed) releng/9.3/usr.sbin/sysrc/ (props changed) releng/9.3/usr.sbin/tcpdrop/ (props changed) releng/9.3/usr.sbin/tcpdump/ (props changed) releng/9.3/usr.sbin/timed/ (props changed) releng/9.3/usr.sbin/timed/timed/ (props changed) releng/9.3/usr.sbin/traceroute6/ (props changed) releng/9.3/usr.sbin/tzsetup/ (props changed) releng/9.3/usr.sbin/uhsoctl/ (props changed) releng/9.3/usr.sbin/usbdump/ (props changed) releng/9.3/usr.sbin/utxrm/ (props changed) releng/9.3/usr.sbin/vidcontrol/ (props changed) releng/9.3/usr.sbin/vipw/ (props changed) releng/9.3/usr.sbin/wake/ (props changed) releng/9.3/usr.sbin/watch/ (props changed) releng/9.3/usr.sbin/watchdogd/ (props changed) releng/9.3/usr.sbin/wlandebug/ (props changed) releng/9.3/usr.sbin/wpa/ (props changed) releng/9.3/usr.sbin/wpa/hostapd/ (props changed) releng/9.3/usr.sbin/wpa/wpa_supplicant/ (props changed) releng/9.3/usr.sbin/yp_mkdb/ (props changed) releng/9.3/usr.sbin/ypbind/ (props changed) releng/9.3/usr.sbin/yppush/ (props changed) releng/9.3/usr.sbin/ypserv/ (props changed) releng/9.3/usr.sbin/zic/ (props changed) From owner-svn-src-releng@FreeBSD.ORG Fri Jun 20 00:18:25 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C3ECC8C1; Fri, 20 Jun 2014 00:18:25 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B0B3829D1; Fri, 20 Jun 2014 00:18:25 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5K0IPU4040744; Fri, 20 Jun 2014 00:18:25 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5K0IPnA040743; Fri, 20 Jun 2014 00:18:25 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406200018.s5K0IPnA040743@svn.freebsd.org> From: Glen Barber Date: Fri, 20 Jun 2014 00:18:25 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267656 - releng/9.3/sys/sys X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 00:18:25 -0000 Author: gjb Date: Fri Jun 20 00:18:25 2014 New Revision: 267656 URL: http://svnweb.freebsd.org/changeset/base/267656 Log: Update __FreeBSD_version now that releng/9.3 is branched. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/sys/sys/param.h Modified: releng/9.3/sys/sys/param.h ============================================================================== --- releng/9.3/sys/sys/param.h Fri Jun 20 00:13:56 2014 (r267655) +++ releng/9.3/sys/sys/param.h Fri Jun 20 00:18:25 2014 (r267656) @@ -58,7 +58,7 @@ * in the range 5 to 9. */ #undef __FreeBSD_version -#define __FreeBSD_version 902512 /* Master, propagated to newvers */ +#define __FreeBSD_version 903000 /* Master, propagated to newvers */ /* * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD, From owner-svn-src-releng@FreeBSD.ORG Fri Jun 20 21:35:40 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1E759B65; Fri, 20 Jun 2014 21:35:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 0B3382DA3; Fri, 20 Jun 2014 21:35:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5KLZdMt043890; Fri, 20 Jun 2014 21:35:39 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5KLZdJG043889; Fri, 20 Jun 2014 21:35:39 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406202135.s5KLZdJG043889@svn.freebsd.org> From: Glen Barber Date: Fri, 20 Jun 2014 21:35:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267691 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jun 2014 21:35:40 -0000 Author: gjb Date: Fri Jun 20 21:35:39 2014 New Revision: 267691 URL: http://svnweb.freebsd.org/changeset/base/267691 Log: Remove the '' surrounding the 9.3R installation documentation. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Fri Jun 20 21:18:35 2014 (r267690) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Fri Jun 20 21:35:39 2014 (r267691) @@ -744,12 +744,10 @@ supported using to the instructions in /usr/src/UPDATING. - For more specific information about upgrading instructions, see http://www.FreeBSD.org/releases/9.3R/installation.html. - ?> Upgrading &os; should only be attempted after backing up all data and From owner-svn-src-releng@FreeBSD.ORG Sat Jun 21 01:05:47 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9274F556; Sat, 21 Jun 2014 01:05:47 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7EC842D9D; Sat, 21 Jun 2014 01:05:47 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5L15lZJ044073; Sat, 21 Jun 2014 01:05:47 GMT (envelope-from np@svn.freebsd.org) Received: (from np@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5L15lAr044071; Sat, 21 Jun 2014 01:05:47 GMT (envelope-from np@svn.freebsd.org) Message-Id: <201406210105.s5L15lAr044071@svn.freebsd.org> From: Navdeep Parhar Date: Sat, 21 Jun 2014 01:05:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267698 - releng/9.3/sys/dev/cxgbe X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2014 01:05:47 -0000 Author: np Date: Sat Jun 21 01:05:46 2014 New Revision: 267698 URL: http://svnweb.freebsd.org/changeset/base/267698 Log: Merge r267600, which was MFC'd to stable/9 as r267695. cxgbe(4): Fix bug in the fast rx buffer recycle path. In some cases rx buffers were getting recycled when they should have been left alone. Approved by: re (gjb) Modified: releng/9.3/sys/dev/cxgbe/adapter.h releng/9.3/sys/dev/cxgbe/t4_sge.c Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/dev/cxgbe/adapter.h ============================================================================== --- releng/9.3/sys/dev/cxgbe/adapter.h Sat Jun 21 00:53:56 2014 (r267697) +++ releng/9.3/sys/dev/cxgbe/adapter.h Sat Jun 21 01:05:46 2014 (r267698) @@ -253,7 +253,8 @@ struct cluster_metadata { struct fl_sdesc { caddr_t cl; - uint8_t nmbuf; + uint8_t nimbuf; /* # of inline mbufs with ref on the cluster */ + uint8_t nembuf; /* # of allocated mbufs with ref */ struct cluster_layout cll; }; Modified: releng/9.3/sys/dev/cxgbe/t4_sge.c ============================================================================== --- releng/9.3/sys/dev/cxgbe/t4_sge.c Sat Jun 21 00:53:56 2014 (r267697) +++ releng/9.3/sys/dev/cxgbe/t4_sge.c Sat Jun 21 01:05:46 2014 (r267698) @@ -1469,22 +1469,22 @@ get_scatter_segment(struct adapter *sc, /* copy data to mbuf */ bcopy(payload, mtod(m, caddr_t), len); - } else if (sd->nmbuf * MSIZE < cll->region1) { + } else if (sd->nimbuf * MSIZE < cll->region1) { /* * There's spare room in the cluster for an mbuf. Create one - * and associate it with the payload that's in the cluster too. + * and associate it with the payload that's in the cluster. */ MPASS(clm != NULL); - m = (struct mbuf *)(sd->cl + sd->nmbuf * MSIZE); + m = (struct mbuf *)(sd->cl + sd->nimbuf * MSIZE); /* No bzero required */ if (m_init(m, NULL, 0, M_NOWAIT, MT_DATA, flags | M_NOFREE)) return (NULL); fl->mbuf_inlined++; m_extaddref(m, payload, padded_len, &clm->refcount, rxb_free, swz->zone, sd->cl); - sd->nmbuf++; + sd->nimbuf++; } else { @@ -1498,10 +1498,11 @@ get_scatter_segment(struct adapter *sc, if (m == NULL) return (NULL); fl->mbuf_allocated++; - if (clm != NULL) + if (clm != NULL) { m_extaddref(m, payload, padded_len, &clm->refcount, rxb_free, swz->zone, sd->cl); - else { + sd->nembuf++; + } else { m_cljset(m, sd->cl, swz->type); sd->cl = NULL; /* consumed, not a recycle candidate */ } @@ -3024,7 +3025,7 @@ refill_fl(struct adapter *sc, struct sge if (sd->cl != NULL) { - if (sd->nmbuf == 0) { + if (sd->nimbuf + sd->nembuf == 0) { /* * Fast recycle without involving any atomics on * the cluster's metadata (if the cluster has @@ -3033,6 +3034,11 @@ refill_fl(struct adapter *sc, struct sge * fit within a single mbuf each. */ fl->cl_fast_recycled++; +#ifdef INVARIANTS + clm = cl_metadata(sc, fl, &sd->cll, sd->cl); + if (clm != NULL) + MPASS(clm->refcount == 1); +#endif goto recycled_fast; } @@ -3078,7 +3084,8 @@ recycled: #endif clm->refcount = 1; } - sd->nmbuf = 0; + sd->nimbuf = 0; + sd->nembuf = 0; recycled_fast: fl->pending++; fl->needed--; @@ -3147,7 +3154,7 @@ free_fl_sdesc(struct adapter *sc, struct cll = &sd->cll; clm = cl_metadata(sc, fl, cll, sd->cl); - if (sd->nmbuf == 0 || + if (sd->nimbuf + sd->nembuf == 0 || (clm && atomic_fetchadd_int(&clm->refcount, -1) == 1)) { uma_zfree(sc->sge.sw_zone_info[cll->zidx].zone, sd->cl); } From owner-svn-src-releng@FreeBSD.ORG Sat Jun 21 01:12:00 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 32126767; Sat, 21 Jun 2014 01:12:00 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1E0CC2E46; Sat, 21 Jun 2014 01:12:00 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5L1BxEG048236; Sat, 21 Jun 2014 01:11:59 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5L1BxZt048235; Sat, 21 Jun 2014 01:11:59 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406210111.s5L1BxZt048235@svn.freebsd.org> From: Glen Barber Date: Sat, 21 Jun 2014 01:11:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267699 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2014 01:12:00 -0000 Author: gjb Date: Sat Jun 21 01:11:59 2014 New Revision: 267699 URL: http://svnweb.freebsd.org/changeset/base/267699 Log: Spell '14' correctly. Submitted by: delphij Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jun 21 01:05:46 2014 (r267698) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jun 21 01:11:59 2014 (r267699) @@ -110,7 +110,7 @@ FreeBSD-SA-14:01.bsnmpd - 1 January 2014 + 14 January 2014 Fix &man.bsnmpd.1; remote denial of service vulnerability @@ -118,7 +118,7 @@ FreeBSD-SA-14:02.ntpd - 1 January 2014 + 14 January 2014 Disable monitor feature in &man.ntpd.8; by default @@ -126,7 +126,7 @@ FreeBSD-SA-14:04.bind - 1 January 2014 + 14 January 2014 Remote denial of service vulnerability From owner-svn-src-releng@FreeBSD.ORG Sat Jun 21 23:35:12 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 727AE7AD; Sat, 21 Jun 2014 23:35:12 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5F2DE2EA1; Sat, 21 Jun 2014 23:35:12 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5LNZCT7066477; Sat, 21 Jun 2014 23:35:12 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5LNZCFG066476; Sat, 21 Jun 2014 23:35:12 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406212335.s5LNZCFG066476@svn.freebsd.org> From: Glen Barber Date: Sat, 21 Jun 2014 23:35:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267707 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Jun 2014 23:35:12 -0000 Author: gjb Date: Sat Jun 21 23:35:11 2014 New Revision: 267707 URL: http://svnweb.freebsd.org/changeset/base/267707 Log: Reword the compatibility note regarding earlier versions of FreeBSD prior to 9.0. Submitted by: wblock Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jun 21 19:29:40 2014 (r267706) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Sat Jun 21 23:35:11 2014 (r267707) @@ -759,10 +759,10 @@ User-Visible Incompatibilities - &os; 9.0 and later have several incompatibilities in - system configuration which you might want to know before - upgrading your system. Please read this section and - the &os; 9.0 and later versions have several + configuration incompatibilities with earlier versions of &os;. + These differences are best understood before upgrading. + Please read this section and the Upgrading Section in 9.0-RELEASE Release Notes carefully before submitting a problem report and/or posting a question From owner-svn-src-releng@FreeBSD.ORG Mon Jun 23 15:04:34 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 91C82876; Mon, 23 Jun 2014 15:04:34 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7D53C21C6; Mon, 23 Jun 2014 15:04:34 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5NF4Y3W081948; Mon, 23 Jun 2014 15:04:34 GMT (envelope-from tuexen@svn.freebsd.org) Received: (from tuexen@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5NF4X62081938; Mon, 23 Jun 2014 15:04:33 GMT (envelope-from tuexen@svn.freebsd.org) Message-Id: <201406231504.s5NF4X62081938@svn.freebsd.org> From: Michael Tuexen Date: Mon, 23 Jun 2014 15:04:33 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267799 - releng/9.3/sys/netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 15:04:34 -0000 Author: tuexen Date: Mon Jun 23 15:04:32 2014 New Revision: 267799 URL: http://svnweb.freebsd.org/changeset/base/267799 Log: MFC r267780: Honor jails for unbound SCTP sockets when selecting source addresses, reporting IP-addresses to the peer during the handshake, adding addresses to the host, reporting the addresses via the sysctl interface (used by netstat, for example) and reporting the addresses to the application via socket options. This issue was reported by Bernd Walter. Approved by: re (glebius@) Modified: releng/9.3/sys/netinet/sctp_asconf.c releng/9.3/sys/netinet/sctp_output.c releng/9.3/sys/netinet/sctp_pcb.c releng/9.3/sys/netinet/sctp_sysctl.c releng/9.3/sys/netinet/sctp_usrreq.c releng/9.3/sys/netinet/sctputil.c Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/netinet/sctp_asconf.c ============================================================================== --- releng/9.3/sys/netinet/sctp_asconf.c Mon Jun 23 15:03:51 2014 (r267798) +++ releng/9.3/sys/netinet/sctp_asconf.c Mon Jun 23 15:04:32 2014 (r267799) @@ -1889,14 +1889,22 @@ sctp_addr_mgmt_assoc(struct sctp_inpcb * * this is boundall or subset bound w/ASCONF allowed */ - /* first, make sure it's a good address family */ + /* first, make sure that the address is IPv4 or IPv6 and not jailed */ switch (ifa->address.sa.sa_family) { #ifdef INET6 case AF_INET6: + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &ifa->address.sin6.sin6_addr) != 0) { + return; + } break; #endif #ifdef INET case AF_INET: + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &ifa->address.sin.sin_addr) != 0) { + return; + } break; #endif default: @@ -2122,6 +2130,10 @@ sctp_asconf_iterator_stcb(struct sctp_in /* we skip unspecifed addresses */ continue; } + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (stcb->asoc.scope.local_scope == 0) { continue; @@ -2152,6 +2164,10 @@ sctp_asconf_iterator_stcb(struct sctp_in /* we skip unspecifed addresses */ continue; } + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if (stcb->asoc.scope.ipv4_local_scope == 0 && IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { continue; @@ -2465,6 +2481,10 @@ sctp_find_valid_localaddr(struct sctp_tc /* skip unspecifed addresses */ continue; } + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if (stcb->asoc.scope.ipv4_local_scope == 0 && IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) continue; @@ -2498,6 +2518,10 @@ sctp_find_valid_localaddr(struct sctp_tc */ continue; } + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (stcb->asoc.scope.local_scope == 0 && IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) continue; @@ -3112,6 +3136,10 @@ sctp_check_address_list_all(struct sctp_ #ifdef INET case AF_INET: sin = (struct sockaddr_in *)&sctp_ifa->address.sin; + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if ((ipv4_scope == 0) && (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { /* private address not in scope */ @@ -3122,6 +3150,10 @@ sctp_check_address_list_all(struct sctp_ #ifdef INET6 case AF_INET6: sin6 = (struct sockaddr_in6 *)&sctp_ifa->address.sin6; + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if ((local_scope == 0) && (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr))) { continue; @@ -3407,6 +3439,10 @@ sctp_asconf_send_nat_state_update(struct #ifdef INET case AF_INET: to = &sctp_ifap->address.sin; + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &to->sin_addr) != 0) { + continue; + } if (IN4_ISPRIVATE_ADDRESS(&to->sin_addr)) { continue; } @@ -3418,6 +3454,10 @@ sctp_asconf_send_nat_state_update(struct #ifdef INET6 case AF_INET6: to6 = &sctp_ifap->address.sin6; + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &to6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LOOPBACK(&to6->sin6_addr)) { continue; } Modified: releng/9.3/sys/netinet/sctp_output.c ============================================================================== --- releng/9.3/sys/netinet/sctp_output.c Mon Jun 23 15:03:51 2014 (r267798) +++ releng/9.3/sys/netinet/sctp_output.c Mon Jun 23 15:04:32 2014 (r267799) @@ -2060,6 +2060,20 @@ sctp_add_addresses_to_i_ia(struct sctp_i continue; } LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { +#ifdef INET + if ((sctp_ifap->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifap->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifap->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifap->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if (sctp_is_addr_restricted(stcb, sctp_ifap)) { continue; } @@ -2089,6 +2103,20 @@ skip_count: continue; } LIST_FOREACH(sctp_ifap, &sctp_ifnp->ifalist, next_ifa) { +#ifdef INET + if ((sctp_ifap->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifap->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifap->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifap->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if (sctp_is_addr_restricted(stcb, sctp_ifap)) { continue; } @@ -2453,6 +2481,20 @@ sctp_choose_boundspecific_inp(struct sct if (sctp_ifn) { /* is a preferred one on the interface we route out? */ LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { +#ifdef INET + if ((sctp_ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) continue; @@ -2576,6 +2618,20 @@ sctp_choose_boundspecific_stcb(struct sc if (sctp_ifn) { /* first try for a preferred address on the ep */ LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { +#ifdef INET + if ((sctp_ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) continue; if (sctp_is_addr_in_ep(inp, sctp_ifa)) { @@ -2596,6 +2652,20 @@ sctp_choose_boundspecific_stcb(struct sc } /* next try for an acceptable address on the ep */ LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { +#ifdef INET + if ((sctp_ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) continue; if (sctp_is_addr_in_ep(inp, sctp_ifa)) { @@ -2700,6 +2770,7 @@ sctp_from_the_top2: static struct sctp_ifa * sctp_select_nth_preferred_addr_from_ifn_boundall(struct sctp_ifn *ifn, + struct sctp_inpcb *inp, struct sctp_tcb *stcb, int non_asoc_addr_ok, uint8_t dest_is_loop, @@ -2721,6 +2792,20 @@ sctp_select_nth_preferred_addr_from_ifn_ } #endif /* INET6 */ LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { +#ifdef INET + if ((ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) continue; @@ -2806,6 +2891,7 @@ sctp_select_nth_preferred_addr_from_ifn_ static int sctp_count_num_preferred_boundall(struct sctp_ifn *ifn, + struct sctp_inpcb *inp, struct sctp_tcb *stcb, int non_asoc_addr_ok, uint8_t dest_is_loop, @@ -2816,6 +2902,21 @@ sctp_count_num_preferred_boundall(struct int num_eligible_addr = 0; LIST_FOREACH(ifa, &ifn->ifalist, next_ifa) { +#ifdef INET + if ((ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((ifa->address.sa.sa_family == AF_INET6) && + (stcb != NULL) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) { continue; @@ -2847,7 +2948,8 @@ sctp_count_num_preferred_boundall(struct } static struct sctp_ifa * -sctp_choose_boundall(struct sctp_tcb *stcb, +sctp_choose_boundall(struct sctp_inpcb *inp, + struct sctp_tcb *stcb, struct sctp_nets *net, sctp_route_t * ro, uint32_t vrf_id, @@ -2902,7 +3004,7 @@ sctp_choose_boundall(struct sctp_tcb *st cur_addr_num = net->indx_of_eligible_next_to_use; } num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, - stcb, + inp, stcb, non_asoc_addr_ok, dest_is_loop, dest_is_priv, fam); @@ -2929,7 +3031,7 @@ sctp_choose_boundall(struct sctp_tcb *st */ SCTPDBG(SCTP_DEBUG_OUTPUT2, "cur_addr_num:%d\n", cur_addr_num); - sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, + sctp_ifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, dest_is_priv, cur_addr_num, fam, ro); /* if sctp_ifa is NULL something changed??, fall to plan b. */ @@ -2960,7 +3062,7 @@ bound_all_plan_b: SCTPDBG(SCTP_DEBUG_OUTPUT2, "already seen\n"); continue; } - num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, stcb, non_asoc_addr_ok, + num_preferred = sctp_count_num_preferred_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, dest_is_priv, fam); SCTPDBG(SCTP_DEBUG_OUTPUT2, "Found ifn:%p %d preferred source addresses\n", @@ -2982,7 +3084,7 @@ bound_all_plan_b: if (cur_addr_num >= num_preferred) { cur_addr_num = 0; } - sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, stcb, non_asoc_addr_ok, dest_is_loop, + sifa = sctp_select_nth_preferred_addr_from_ifn_boundall(sctp_ifn, inp, stcb, non_asoc_addr_ok, dest_is_loop, dest_is_priv, cur_addr_num, fam, ro); if (sifa == NULL) continue; @@ -3010,6 +3112,22 @@ again_with_private_addresses_allowed: } LIST_FOREACH(sctp_ifa, &emit_ifn->ifalist, next_ifa) { SCTPDBG(SCTP_DEBUG_OUTPUT2, "ifa:%p\n", (void *)sctp_ifa); +#ifdef INET + if ((sctp_ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin.sin_addr) != 0)) { + SCTPDBG(SCTP_DEBUG_OUTPUT2, "Jailed\n"); + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin6.sin6_addr) != 0)) { + SCTPDBG(SCTP_DEBUG_OUTPUT2, "Jailed\n"); + continue; + } +#endif if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) { SCTPDBG(SCTP_DEBUG_OUTPUT2, "Defer\n"); @@ -3060,6 +3178,20 @@ plan_d: continue; } LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { +#ifdef INET + if ((sctp_ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) continue; @@ -3110,6 +3242,20 @@ out: LIST_FOREACH(sctp_ifa, &sctp_ifn->ifalist, next_ifa) { struct sctp_ifa *tmp_sifa; +#ifdef INET + if ((sctp_ifa->address.sa.sa_family == AF_INET) && + (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin.sin_addr) != 0)) { + continue; + } +#endif +#ifdef INET6 + if ((sctp_ifa->address.sa.sa_family == AF_INET6) && + (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sctp_ifa->address.sin6.sin6_addr) != 0)) { + continue; + } +#endif if ((sctp_ifa->localifa_flags & SCTP_ADDR_DEFER_USE) && (non_asoc_addr_ok == 0)) continue; @@ -3295,7 +3441,7 @@ sctp_source_address_selection(struct sct /* * Bound all case */ - answer = sctp_choose_boundall(stcb, net, ro, vrf_id, + answer = sctp_choose_boundall(inp, stcb, net, ro, vrf_id, dest_is_priv, dest_is_loop, non_asoc_addr_ok, fam); SCTP_IPI_ADDR_RUNLOCK(); Modified: releng/9.3/sys/netinet/sctp_pcb.c ============================================================================== --- releng/9.3/sys/netinet/sctp_pcb.c Mon Jun 23 15:03:51 2014 (r267798) +++ releng/9.3/sys/netinet/sctp_pcb.c Mon Jun 23 15:04:32 2014 (r267799) @@ -898,6 +898,10 @@ sctp_does_stcb_own_this_addr(struct sctp IN4_ISPRIVATE_ADDRESS(&sin->sin_addr)) { continue; } + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if (sin->sin_addr.s_addr == rsin->sin_addr.s_addr) { SCTP_IPI_ADDR_RUNLOCK(); return (1); @@ -913,6 +917,10 @@ sctp_does_stcb_own_this_addr(struct sctp sin6 = &sctp_ifa->address.sin6; rsin6 = (struct sockaddr_in6 *)to; + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; @@ -1060,6 +1068,39 @@ sctp_tcb_special_locate(struct sctp_inpc SCTP_INP_RUNLOCK(inp); continue; } + switch (to->sa_family) { +#ifdef INET + case AF_INET: + { + struct sockaddr_in *sin; + + sin = (struct sockaddr_in *)to; + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + SCTP_INP_RUNLOCK(inp); + continue; + } + break; + } +#endif +#ifdef INET6 + case AF_INET6: + { + struct sockaddr_in6 *sin6; + + sin6 = (struct sockaddr_in6 *)to; + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + SCTP_INP_RUNLOCK(inp); + continue; + } + break; + } +#endif + default: + SCTP_INP_RUNLOCK(inp); + continue; + } if (inp->def_vrf_id != vrf_id) { SCTP_INP_RUNLOCK(inp); continue; @@ -1628,23 +1669,45 @@ sctp_endpoint_probe(struct sockaddr *nam if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) && (inp->sctp_lport == lport)) { /* got it */ + switch (nam->sa_family) { #ifdef INET - if ((nam->sa_family == AF_INET) && - (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && - SCTP_IPV6_V6ONLY(inp)) { - /* IPv4 on a IPv6 socket with ONLY IPv6 set */ - SCTP_INP_RUNLOCK(inp); - continue; - } + case AF_INET: + if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) && + SCTP_IPV6_V6ONLY(inp)) { + /* + * IPv4 on a IPv6 socket with ONLY + * IPv6 set + */ + SCTP_INP_RUNLOCK(inp); + continue; + } + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + SCTP_INP_RUNLOCK(inp); + continue; + } + break; #endif #ifdef INET6 - /* A V6 address and the endpoint is NOT bound V6 */ - if (nam->sa_family == AF_INET6 && - (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { - SCTP_INP_RUNLOCK(inp); - continue; - } + case AF_INET6: + /* + * A V6 address and the endpoint is NOT + * bound V6 + */ + if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) == 0) { + SCTP_INP_RUNLOCK(inp); + continue; + } + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + SCTP_INP_RUNLOCK(inp); + continue; + } + break; #endif + default: + break; + } /* does a VRF id match? */ fnd = 0; if (inp->def_vrf_id == vrf_id) @@ -2403,6 +2466,7 @@ sctp_inpcb_alloc(struct socket *so, uint /* setup socket pointers */ inp->sctp_socket = so; inp->ip_inp.inp.inp_socket = so; + inp->ip_inp.inp.inp_cred = crhold(so->so_cred); #ifdef INET6 if (INP_SOCKAF(so) == AF_INET6) { if (MODULE_GLOBAL(ip6_auto_flowlabel)) { @@ -2421,6 +2485,7 @@ sctp_inpcb_alloc(struct socket *so, uint /* init the small hash table we use to track asocid <-> tcb */ inp->sctp_asocidhash = SCTP_HASH_INIT(SCTP_STACK_VTAG_HASH_SIZE, &inp->hashasocidmark); if (inp->sctp_asocidhash == NULL) { + crfree(inp->ip_inp.inp.inp_cred); SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); SCTP_INP_INFO_WUNLOCK(); return (ENOBUFS); @@ -2435,6 +2500,7 @@ sctp_inpcb_alloc(struct socket *so, uint ((struct in6pcb *)(&inp->ip_inp.inp))->in6p_sp = pcb_sp; } if (error != 0) { + crfree(inp->ip_inp.inp.inp_cred); SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); SCTP_INP_INFO_WUNLOCK(); return error; @@ -2465,6 +2531,7 @@ sctp_inpcb_alloc(struct socket *so, uint */ SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, EOPNOTSUPP); so->so_pcb = NULL; + crfree(inp->ip_inp.inp.inp_cred); SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); return (EOPNOTSUPP); } @@ -2484,6 +2551,7 @@ sctp_inpcb_alloc(struct socket *so, uint SCTP_PRINTF("Out of SCTP-INPCB->hashinit - no resources\n"); SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_PCB, ENOBUFS); so->so_pcb = NULL; + crfree(inp->ip_inp.inp.inp_cred); SCTP_ZONE_FREE(SCTP_BASE_INFO(ipi_zone_ep), inp); return (ENOBUFS); } @@ -3630,6 +3698,7 @@ sctp_inpcb_free(struct sctp_inpcb *inp, inp->sctp_tcbhash = NULL; } /* Now we must put the ep memory back into the zone pool */ + crfree(inp->ip_inp.inp.inp_cred); INP_LOCK_DESTROY(&inp->ip_inp.inp); SCTP_INP_LOCK_DESTROY(inp); SCTP_INP_READ_DESTROY(inp); Modified: releng/9.3/sys/netinet/sctp_sysctl.c ============================================================================== --- releng/9.3/sys/netinet/sctp_sysctl.c Mon Jun 23 15:03:51 2014 (r267798) +++ releng/9.3/sys/netinet/sctp_sysctl.c Mon Jun 23 15:04:32 2014 (r267799) @@ -252,6 +252,10 @@ copy_out_local_addresses(struct sctp_inp sin = (struct sockaddr_in *)&sctp_ifa->address.sa; if (sin->sin_addr.s_addr == 0) continue; + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if ((ipv4_local_scope == 0) && (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) continue; } else { @@ -267,6 +271,10 @@ copy_out_local_addresses(struct sctp_inp sin6 = (struct sockaddr_in6 *)&sctp_ifa->address.sa; if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) continue; + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; Modified: releng/9.3/sys/netinet/sctp_usrreq.c ============================================================================== --- releng/9.3/sys/netinet/sctp_usrreq.c Mon Jun 23 15:03:51 2014 (r267798) +++ releng/9.3/sys/netinet/sctp_usrreq.c Mon Jun 23 15:04:32 2014 (r267799) @@ -1197,6 +1197,10 @@ sctp_fill_up_addresses_vrf(struct sctp_i */ continue; } + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if ((ipv4_local_scope == 0) && (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { continue; @@ -1238,6 +1242,10 @@ sctp_fill_up_addresses_vrf(struct sctp_i */ continue; } + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; @@ -5239,6 +5247,43 @@ sctp_setopt(struct socket *so, int optna error = EINVAL; goto out_of_it; } + } else { + switch (sspp->sspp_addr.ss_family) { +#ifdef INET + case AF_INET: + { + struct sockaddr_in *sin; + + sin = (struct sockaddr_in *)&sspp->sspp_addr; + if (prison_check_ip4(inp->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + goto out_of_it; + } + break; + } +#endif +#ifdef INET6 + case AF_INET6: + { + struct sockaddr_in6 *sin6; + + sin6 = (struct sockaddr_in6 *)&sspp->sspp_addr; + if (prison_check_ip6(inp->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + goto out_of_it; + } + break; + } +#endif + default: + SCTP_LTRACE_ERR_RET(inp, NULL, NULL, SCTP_FROM_SCTP_USRREQ, EINVAL); + error = EINVAL; + goto out_of_it; + } } if (sctp_set_primary_ip_address_sa(stcb, (struct sockaddr *)&sspp->sspp_addr) != 0) { Modified: releng/9.3/sys/netinet/sctputil.c ============================================================================== --- releng/9.3/sys/netinet/sctputil.c Mon Jun 23 15:03:51 2014 (r267798) +++ releng/9.3/sys/netinet/sctputil.c Mon Jun 23 15:04:32 2014 (r267799) @@ -6693,6 +6693,10 @@ sctp_local_addr_count(struct sctp_tcb *s */ continue; } + if (prison_check_ip4(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin->sin_addr) != 0) { + continue; + } if ((ipv4_local_scope == 0) && (IN4_ISPRIVATE_ADDRESS(&sin->sin_addr))) { continue; @@ -6713,6 +6717,10 @@ sctp_local_addr_count(struct sctp_tcb *s if (IN6_IS_ADDR_UNSPECIFIED(&sin6->sin6_addr)) { continue; } + if (prison_check_ip6(stcb->sctp_ep->ip_inp.inp.inp_cred, + &sin6->sin6_addr) != 0) { + continue; + } if (IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) { if (local_scope == 0) continue; From owner-svn-src-releng@FreeBSD.ORG Mon Jun 23 19:36:58 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 28C3380C; Mon, 23 Jun 2014 19:36:58 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 162F02BDE; Mon, 23 Jun 2014 19:36:58 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5NJavaT010666; Mon, 23 Jun 2014 19:36:57 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5NJavWZ010665; Mon, 23 Jun 2014 19:36:57 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406231936.s5NJavWZ010665@svn.freebsd.org> From: Glen Barber Date: Mon, 23 Jun 2014 19:36:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267804 - releng/9.3/release/pkg_repos X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 19:36:58 -0000 Author: gjb Date: Mon Jun 23 19:36:57 2014 New Revision: 267804 URL: http://svnweb.freebsd.org/changeset/base/267804 Log: Switch the DVD pkg(8) repository to 'release_3' now that the 9.3-RELEASE package builds are complete. This is a direct commit to releng/9.3. Approved by: re (marius) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/pkg_repos/release-dvd.conf Modified: releng/9.3/release/pkg_repos/release-dvd.conf ============================================================================== --- releng/9.3/release/pkg_repos/release-dvd.conf Mon Jun 23 18:40:21 2014 (r267803) +++ releng/9.3/release/pkg_repos/release-dvd.conf Mon Jun 23 19:36:57 2014 (r267804) @@ -1,6 +1,6 @@ # $FreeBSD$ release: { - url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", + url: "pkg+http://pkg.FreeBSD.org/${ABI}/release_3", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", From owner-svn-src-releng@FreeBSD.ORG Mon Jun 23 19:37:12 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F2259949; Mon, 23 Jun 2014 19:37:11 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E02D12BF1; Mon, 23 Jun 2014 19:37:11 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5NJbBup010752; Mon, 23 Jun 2014 19:37:11 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5NJbBYs010751; Mon, 23 Jun 2014 19:37:11 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406231937.s5NJbBYs010751@svn.freebsd.org> From: Glen Barber Date: Mon, 23 Jun 2014 19:37:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267805 - releng/9.3/release/scripts X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 19:37:12 -0000 Author: gjb Date: Mon Jun 23 19:37:11 2014 New Revision: 267805 URL: http://svnweb.freebsd.org/changeset/base/267805 Log: Packages for KDE4 will not immediately be available for 9.3-RELEASE, so include XFCE4 on the DVD in its place. This is a direct commit to releng/9.3. Approved by: re (marius) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/scripts/pkg-stage.sh Modified: releng/9.3/release/scripts/pkg-stage.sh ============================================================================== --- releng/9.3/release/scripts/pkg-stage.sh Mon Jun 23 19:36:57 2014 (r267804) +++ releng/9.3/release/scripts/pkg-stage.sh Mon Jun 23 19:37:11 2014 (r267805) @@ -28,7 +28,7 @@ www/firefox www/links x11-drivers/xf86-video-vmware x11/gnome2 -x11/kde4 +x11-wm/xfce4 x11/xorg" # If NOPORTS is set for the release, do not attempt to build pkg(8). From owner-svn-src-releng@FreeBSD.ORG Mon Jun 23 19:47:26 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 66124C8B; Mon, 23 Jun 2014 19:47:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 532B42CE9; Mon, 23 Jun 2014 19:47:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5NJlQ1w015406; Mon, 23 Jun 2014 19:47:26 GMT (envelope-from tuexen@svn.freebsd.org) Received: (from tuexen@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5NJlQxQ015404; Mon, 23 Jun 2014 19:47:26 GMT (envelope-from tuexen@svn.freebsd.org) Message-Id: <201406231947.s5NJlQxQ015404@svn.freebsd.org> From: Michael Tuexen Date: Mon, 23 Jun 2014 19:47:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267806 - releng/9.3/sys/netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Jun 2014 19:47:26 -0000 Author: tuexen Date: Mon Jun 23 19:47:25 2014 New Revision: 267806 URL: http://svnweb.freebsd.org/changeset/base/267806 Log: MFC r267781: Fix a bug in the setsockopt()-handling of the SCTP specific option SCTP_PEER_ADDR_THLDS: Use the provided address as intended. MFC r267781: Fix a bug which incorrectly allowed two listening SCTP sockets on the same port bound to the wildcard address. Approved by: re (gjb@) Modified: releng/9.3/sys/netinet/sctp_usrreq.c Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/netinet/sctp_usrreq.c ============================================================================== --- releng/9.3/sys/netinet/sctp_usrreq.c Mon Jun 23 19:37:11 2014 (r267805) +++ releng/9.3/sys/netinet/sctp_usrreq.c Mon Jun 23 19:47:25 2014 (r267806) @@ -5642,7 +5642,7 @@ sctp_setopt(struct socket *so, int optna SCTP_FIND_STCB(inp, stcb, thlds->spt_assoc_id); net = NULL; if (stcb) { - net = sctp_findnet(stcb, (struct sockaddr *)&thlds->spt_assoc_id); + net = sctp_findnet(stcb, (struct sockaddr *)&thlds->spt_address); } else { /* * We increment here since @@ -5653,7 +5653,7 @@ sctp_setopt(struct socket *so, int optna */ SCTP_INP_INCR_REF(inp); stcb = sctp_findassociation_ep_addr(&inp, - (struct sockaddr *)&thlds->spt_assoc_id, + (struct sockaddr *)&thlds->spt_address, &net, NULL, NULL); if (stcb == NULL) { SCTP_INP_DECR_REF(inp); @@ -5662,7 +5662,7 @@ sctp_setopt(struct socket *so, int optna if (stcb && (net == NULL)) { struct sockaddr *sa; - sa = (struct sockaddr *)&thlds->spt_assoc_id; + sa = (struct sockaddr *)&thlds->spt_address; #ifdef INET if (sa->sa_family == AF_INET) { @@ -6098,30 +6098,29 @@ sctp_listen(struct socket *so, int backl if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_PORTREUSE)) { /* See if we have a listener */ struct sctp_inpcb *tinp; - union sctp_sockstore store, *sp; + union sctp_sockstore store; - sp = &store; if ((inp->sctp_flags & SCTP_PCB_FLAGS_BOUNDALL) == 0) { /* not bound all */ struct sctp_laddr *laddr; LIST_FOREACH(laddr, &inp->sctp_addr_list, sctp_nxt_addr) { memcpy(&store, &laddr->ifa->address, sizeof(store)); - switch (sp->sa.sa_family) { + switch (store.sa.sa_family) { #ifdef INET case AF_INET: - sp->sin.sin_port = inp->sctp_lport; + store.sin.sin_port = inp->sctp_lport; break; #endif #ifdef INET6 case AF_INET6: - sp->sin6.sin6_port = inp->sctp_lport; + store.sin6.sin6_port = inp->sctp_lport; break; #endif default: break; } - tinp = sctp_pcb_findep(&sp->sa, 0, 0, inp->def_vrf_id); + tinp = sctp_pcb_findep(&store.sa, 0, 0, inp->def_vrf_id); if (tinp && (tinp != inp) && ((tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) == 0) && ((tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && @@ -6139,20 +6138,6 @@ sctp_listen(struct socket *so, int backl } else { /* Setup a local addr bound all */ memset(&store, 0, sizeof(store)); - switch (sp->sa.sa_family) { -#ifdef INET - case AF_INET: - store.sin.sin_port = inp->sctp_lport; - break; -#endif -#ifdef INET6 - case AF_INET6: - sp->sin6.sin6_port = inp->sctp_lport; - break; -#endif - default: - break; - } #ifdef INET6 if (inp->sctp_flags & SCTP_PCB_FLAGS_BOUND_V6) { store.sa.sa_family = AF_INET6; @@ -6165,7 +6150,21 @@ sctp_listen(struct socket *so, int backl store.sa.sa_len = sizeof(struct sockaddr_in); } #endif - tinp = sctp_pcb_findep(&sp->sa, 0, 0, inp->def_vrf_id); + switch (store.sa.sa_family) { +#ifdef INET + case AF_INET: + store.sin.sin_port = inp->sctp_lport; + break; +#endif +#ifdef INET6 + case AF_INET6: + store.sin6.sin6_port = inp->sctp_lport; + break; +#endif + default: + break; + } + tinp = sctp_pcb_findep(&store.sa, 0, 0, inp->def_vrf_id); if (tinp && (tinp != inp) && ((tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_ALLGONE) == 0) && ((tinp->sctp_flags & SCTP_PCB_FLAGS_SOCKET_GONE) == 0) && From owner-svn-src-releng@FreeBSD.ORG Tue Jun 24 19:05:11 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 759589F8; Tue, 24 Jun 2014 19:05:11 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5A5662D5C; Tue, 24 Jun 2014 19:05:11 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJ5BLm089587; Tue, 24 Jun 2014 19:05:11 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5OJ58t2089557; Tue, 24 Jun 2014 19:05:08 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406241905.s5OJ58t2089557@svn.freebsd.org> From: Xin LI Date: Tue, 24 Jun 2014 19:05:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267829 - in releng/10.0: . contrib/file contrib/file/Magdir lib/libc/iconv lib/libiconv_modules/BIG5 lib/libiconv_modules/HZ lib/libiconv_modules/VIQR sys/amd64/amd64 sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:05:11 -0000 Author: delphij Date: Tue Jun 24 19:05:08 2014 New Revision: 267829 URL: http://svnweb.freebsd.org/changeset/base/267829 Log: Fix iconv(3) NULL pointer dereference and out-of-bounds array access. [SA-14:15] Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16] Worked around bug with PCID implementation. [EN-14:07] Security: CVE-2014-3951 Security: FreeBSD-SA-14:15.iconv Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so Modified: releng/10.0/UPDATING releng/10.0/contrib/file/Magdir/commands releng/10.0/contrib/file/ascmagic.c releng/10.0/contrib/file/file.h releng/10.0/contrib/file/funcs.c releng/10.0/contrib/file/softmagic.c releng/10.0/lib/libc/iconv/citrus_prop.c releng/10.0/lib/libc/iconv/citrus_prop.h releng/10.0/lib/libiconv_modules/BIG5/citrus_big5.c releng/10.0/lib/libiconv_modules/HZ/citrus_hz.c releng/10.0/lib/libiconv_modules/VIQR/citrus_viqr.c releng/10.0/sys/amd64/amd64/pmap.c releng/10.0/sys/conf/newvers.sh Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/UPDATING Tue Jun 24 19:05:08 2014 (r267829) @@ -16,6 +16,18 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140624: p6 FreeBSD-SA-14:15.iconv + FreeBSD-SA-14:16.file + FreeBSD-EN-14:07.pmap + + Fix iconv(3) NULL pointer dereference and out-of-bounds array + access. [SA-14:15] + + Fix multiple vulnerabilities in file(1) and libmagic(3). + [SA-14:16] + + Worked around bug with PCID implementation. [EN-14:07] + 20140605: p5 FreeBSD-SA-14:14.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:14] Modified: releng/10.0/contrib/file/Magdir/commands ============================================================================== --- releng/10.0/contrib/file/Magdir/commands Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/contrib/file/Magdir/commands Tue Jun 24 19:05:08 2014 (r267829) @@ -49,7 +49,8 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex =^\\s*BEGIN\\s*[{] awk script text +0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text +!:strength - 12 # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable Modified: releng/10.0/contrib/file/ascmagic.c ============================================================================== --- releng/10.0/contrib/file/ascmagic.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/contrib/file/ascmagic.c Tue Jun 24 19:05:08 2014 (r267829) @@ -147,7 +147,7 @@ file_ascmagic_with_encoding(struct magic == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) + (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) rv = -1; } Modified: releng/10.0/contrib/file/file.h ============================================================================== --- releng/10.0/contrib/file/file.h Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/contrib/file/file.h Tue Jun 24 19:05:08 2014 (r267829) @@ -414,7 +414,7 @@ protected int file_encoding(struct magic unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - int, int); + size_t, int, int); protected struct mlist *file_apprentice(struct magic_set *, const char *, int); protected uint64_t file_signextend(struct magic_set *, struct magic *, uint64_t); Modified: releng/10.0/contrib/file/funcs.c ============================================================================== --- releng/10.0/contrib/file/funcs.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/contrib/file/funcs.c Tue Jun 24 19:05:08 2014 (r267829) @@ -228,7 +228,7 @@ file_buffer(struct magic_set *ms, int fd /* try soft magic tests */ if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - if ((m = file_softmagic(ms, ubuf, nb, BINTEST, + if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, looks_text)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); Modified: releng/10.0/contrib/file/softmagic.c ============================================================================== --- releng/10.0/contrib/file/softmagic.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/contrib/file/softmagic.c Tue Jun 24 19:05:08 2014 (r267829) @@ -43,9 +43,9 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.1 private int match(struct magic_set *, struct magic *, uint32_t, - const unsigned char *, size_t, int, int); + const unsigned char *, size_t, int, int, int); private int mget(struct magic_set *, const unsigned char *, - struct magic *, size_t, unsigned int, int); + struct magic *, size_t, unsigned int, int, int); private int magiccheck(struct magic_set *, struct magic *); private int32_t mprint(struct magic_set *, struct magic *); private int32_t moffset(struct magic_set *, struct magic *); @@ -60,6 +60,7 @@ private void cvt_16(union VALUETYPE *, c private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -67,13 +68,13 @@ private void cvt_64(union VALUETYPE *, c /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - int mode, int text) + size_t level, int mode, int text) { struct mlist *ml; int rv; for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, - text)) != 0) + text, level)) != 0) return rv; return 0; @@ -108,7 +109,8 @@ file_softmagic(struct magic_set *ms, con */ private int match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, - const unsigned char *s, size_t nbytes, int mode, int text) + const unsigned char *s, size_t nbytes, int mode, int text, + int recursion_level) { uint32_t magindex = 0; unsigned int cont_level = 0; @@ -140,7 +142,7 @@ match(struct magic_set *ms, struct magic ms->line = m->lineno; /* if main entry matches, print it... */ - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -223,7 +225,7 @@ match(struct magic_set *ms, struct magic continue; } #endif - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -1018,12 +1020,18 @@ mcopy(struct magic_set *ms, union VALUET private int mget(struct magic_set *ms, const unsigned char *s, - struct magic *m, size_t nbytes, unsigned int cont_level, int text) + struct magic *m, size_t nbytes, unsigned int cont_level, int text, + int recursion_level) { uint32_t offset = ms->offset; uint32_t count = m->str_range; union VALUETYPE *p = &ms->ms_value; + if (recursion_level >= 20) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) return -1; @@ -1073,7 +1081,7 @@ mget(struct magic_set *ms, const unsigne } switch (m->in_type) { case FILE_BYTE: - if (nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1108,7 +1116,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_BESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1160,7 +1168,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1212,7 +1220,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_SHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1249,7 +1257,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1320,7 +1328,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1390,7 +1398,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_MELONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1460,7 +1468,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1527,14 +1535,14 @@ mget(struct magic_set *ms, const unsigne /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1553,21 +1561,21 @@ mget(struct magic_set *ms, const unsigne case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; @@ -1577,13 +1585,15 @@ mget(struct magic_set *ms, const unsigne break; case FILE_INDIRECT: + if (offset == 0) + return 0; if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && file_printf(ms, "%s", m->desc) == -1) return -1; if (nbytes < offset) return 0; return file_softmagic(ms, s + offset, nbytes - offset, - BINTEST, text); + recursion_level, BINTEST, text); case FILE_DEFAULT: /* nothing to check */ default: Modified: releng/10.0/lib/libc/iconv/citrus_prop.c ============================================================================== --- releng/10.0/lib/libc/iconv/citrus_prop.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/lib/libc/iconv/citrus_prop.c Tue Jun 24 19:05:08 2014 (r267829) @@ -339,7 +339,7 @@ name_found: static int _citrus_prop_parse_element(struct _memstream * __restrict ms, - const _citrus_prop_hint_t * __restrict hints, void ** __restrict context) + const _citrus_prop_hint_t * __restrict hints, void * __restrict context) { int ch, errnum; #define _CITRUS_PROP_HINT_NAME_LEN_MAX 255 @@ -435,8 +435,7 @@ _citrus_prop_parse_variable(const _citru if (ch == EOF || ch == '\0') break; _memstream_ungetc(&ms, ch); - errnum = _citrus_prop_parse_element( - &ms, hints, (void ** __restrict)context); + errnum = _citrus_prop_parse_element(&ms, hints, context); if (errnum != 0) return (errnum); } Modified: releng/10.0/lib/libc/iconv/citrus_prop.h ============================================================================== --- releng/10.0/lib/libc/iconv/citrus_prop.h Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/lib/libc/iconv/citrus_prop.h Tue Jun 24 19:05:08 2014 (r267829) @@ -42,7 +42,7 @@ typedef struct _citrus_prop_hint_t _citr #define _CITRUS_PROP_CB0_T(_func_, _type_) \ typedef int (*_citrus_prop_##_func_##_cb_func_t) \ - (void ** __restrict, const char *, _type_); \ + (void * __restrict, const char *, _type_); \ typedef struct { \ _citrus_prop_##_func_##_cb_func_t func; \ } _citrus_prop_##_func_##_cb_t; @@ -52,7 +52,7 @@ _CITRUS_PROP_CB0_T(str, const char *) #define _CITRUS_PROP_CB1_T(_func_, _type_) \ typedef int (*_citrus_prop_##_func_##_cb_func_t) \ - (void ** __restrict, const char *, _type_, _type_); \ + (void * __restrict, const char *, _type_, _type_); \ typedef struct { \ _citrus_prop_##_func_##_cb_func_t func; \ } _citrus_prop_##_func_##_cb_t; Modified: releng/10.0/lib/libiconv_modules/BIG5/citrus_big5.c ============================================================================== --- releng/10.0/lib/libiconv_modules/BIG5/citrus_big5.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/lib/libiconv_modules/BIG5/citrus_big5.c Tue Jun 24 19:05:08 2014 (r267829) @@ -170,7 +170,7 @@ _citrus_BIG5_check_excludes(_BIG5Encodin } static int -_citrus_BIG5_fill_rowcol(void ** __restrict ctx, const char * __restrict s, +_citrus_BIG5_fill_rowcol(void * __restrict ctx, const char * __restrict s, uint64_t start, uint64_t end) { _BIG5EncodingInfo *ei; @@ -189,7 +189,7 @@ _citrus_BIG5_fill_rowcol(void ** __restr static int /*ARGSUSED*/ -_citrus_BIG5_fill_excludes(void ** __restrict ctx, +_citrus_BIG5_fill_excludes(void * __restrict ctx, const char * __restrict s __unused, uint64_t start, uint64_t end) { _BIG5EncodingInfo *ei; @@ -235,7 +235,6 @@ static int _citrus_BIG5_encoding_module_init(_BIG5EncodingInfo * __restrict ei, const void * __restrict var, size_t lenvar) { - void *ctx = (void *)ei; const char *s; int err; @@ -257,9 +256,9 @@ _citrus_BIG5_encoding_module_init(_BIG5E } /* fallback Big5-1984, for backward compatibility. */ - _citrus_BIG5_fill_rowcol((void **)&ctx, "row", 0xA1, 0xFE); - _citrus_BIG5_fill_rowcol((void **)&ctx, "col", 0x40, 0x7E); - _citrus_BIG5_fill_rowcol((void **)&ctx, "col", 0xA1, 0xFE); + _citrus_BIG5_fill_rowcol(ei, "row", 0xA1, 0xFE); + _citrus_BIG5_fill_rowcol(ei, "col", 0x40, 0x7E); + _citrus_BIG5_fill_rowcol(ei, "col", 0xA1, 0xFE); return (0); } Modified: releng/10.0/lib/libiconv_modules/HZ/citrus_hz.c ============================================================================== --- releng/10.0/lib/libiconv_modules/HZ/citrus_hz.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/lib/libiconv_modules/HZ/citrus_hz.c Tue Jun 24 19:05:08 2014 (r267829) @@ -65,8 +65,8 @@ typedef enum { } charset_t; typedef struct { - int end; int start; + int end; int width; } range_t; @@ -503,12 +503,12 @@ _citrus_HZ_encoding_module_uninit(_HZEnc } static int -_citrus_HZ_parse_char(void **context, const char *name __unused, const char *s) +_citrus_HZ_parse_char(void *context, const char *name __unused, const char *s) { escape_t *escape; void **p; - p = (void **)*context; + p = (void **)context; escape = (escape_t *)p[0]; if (escape->ch != '\0') return (EINVAL); @@ -520,14 +520,14 @@ _citrus_HZ_parse_char(void **context, co } static int -_citrus_HZ_parse_graphic(void **context, const char *name, const char *s) +_citrus_HZ_parse_graphic(void *context, const char *name, const char *s) { _HZEncodingInfo *ei; escape_t *escape; graphic_t *graphic; void **p; - p = (void **)*context; + p = (void **)context; escape = (escape_t *)p[0]; ei = (_HZEncodingInfo *)p[1]; graphic = malloc(sizeof(*graphic)); @@ -589,13 +589,13 @@ _CITRUS_PROP_HINT_END }; static int -_citrus_HZ_parse_escape(void **context, const char *name, const char *s) +_citrus_HZ_parse_escape(void *context, const char *name, const char *s) { _HZEncodingInfo *ei; escape_t *escape; void *p[2]; - ei = (_HZEncodingInfo *)*context; + ei = (_HZEncodingInfo *)context; escape = malloc(sizeof(*escape)); if (escape == NULL) return (EINVAL); Modified: releng/10.0/lib/libiconv_modules/VIQR/citrus_viqr.c ============================================================================== --- releng/10.0/lib/libiconv_modules/VIQR/citrus_viqr.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/lib/libiconv_modules/VIQR/citrus_viqr.c Tue Jun 24 19:05:08 2014 (r267829) @@ -431,7 +431,6 @@ static int _citrus_VIQR_encoding_module_init(_VIQREncodingInfo * __restrict ei, const void * __restrict var __unused, size_t lenvar __unused) { - const mnemonic_def_t *p; const char *s; size_t i, n; int errnum; @@ -455,7 +454,10 @@ _citrus_VIQR_encoding_module_init(_VIQRE return (errnum); } } - for (i = 0;; ++i) { + /* a + 1 < b + 1 here to silence gcc warning about unsigned < 0. */ + for (i = 0; i + 1 < mnemonic_ext_size + 1; ++i) { + const mnemonic_def_t *p; + p = &mnemonic_ext[i]; n = strlen(p->name); if (ei->mb_cur_max < n) Modified: releng/10.0/sys/amd64/amd64/pmap.c ============================================================================== --- releng/10.0/sys/amd64/amd64/pmap.c Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/sys/amd64/amd64/pmap.c Tue Jun 24 19:05:08 2014 (r267829) @@ -367,7 +367,7 @@ static int pmap_flags = PMAP_PDE_SUPERPA static struct unrhdr pcid_unr; static struct mtx pcid_mtx; -int pmap_pcid_enabled = 1; +int pmap_pcid_enabled = 0; SYSCTL_INT(_vm_pmap, OID_AUTO, pcid_enabled, CTLFLAG_RDTUN, &pmap_pcid_enabled, 0, "Is TLB Context ID enabled ?"); int invpcid_works = 0; Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Tue Jun 24 19:04:55 2014 (r267828) +++ releng/10.0/sys/conf/newvers.sh Tue Jun 24 19:05:08 2014 (r267829) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p5" +BRANCH="RELEASE-p6" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@FreeBSD.ORG Tue Jun 24 19:05:21 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5BC6CB7A; Tue, 24 Jun 2014 19:05:21 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 44AF92D5F; Tue, 24 Jun 2014 19:05:21 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJ5Ljp089698; Tue, 24 Jun 2014 19:05:21 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5OJ5K3k089685; Tue, 24 Jun 2014 19:05:20 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406241905.s5OJ5K3k089685@svn.freebsd.org> From: Xin LI Date: Tue, 24 Jun 2014 19:05:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267830 - in releng/9.3/contrib/file: . Magdir X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:05:21 -0000 Author: delphij Date: Tue Jun 24 19:05:19 2014 New Revision: 267830 URL: http://svnweb.freebsd.org/changeset/base/267830 Log: Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16] Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: re (implicit) Modified: releng/9.3/contrib/file/Magdir/commands releng/9.3/contrib/file/ascmagic.c releng/9.3/contrib/file/file.h releng/9.3/contrib/file/funcs.c releng/9.3/contrib/file/softmagic.c Modified: releng/9.3/contrib/file/Magdir/commands ============================================================================== --- releng/9.3/contrib/file/Magdir/commands Tue Jun 24 19:05:08 2014 (r267829) +++ releng/9.3/contrib/file/Magdir/commands Tue Jun 24 19:05:19 2014 (r267830) @@ -49,7 +49,8 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex =^\\s*BEGIN\\s*[{] awk script text +0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text +!:strength - 12 # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable Modified: releng/9.3/contrib/file/ascmagic.c ============================================================================== --- releng/9.3/contrib/file/ascmagic.c Tue Jun 24 19:05:08 2014 (r267829) +++ releng/9.3/contrib/file/ascmagic.c Tue Jun 24 19:05:19 2014 (r267830) @@ -147,7 +147,7 @@ file_ascmagic_with_encoding(struct magic == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) + (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) rv = -1; } Modified: releng/9.3/contrib/file/file.h ============================================================================== --- releng/9.3/contrib/file/file.h Tue Jun 24 19:05:08 2014 (r267829) +++ releng/9.3/contrib/file/file.h Tue Jun 24 19:05:19 2014 (r267830) @@ -414,7 +414,7 @@ protected int file_encoding(struct magic unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - int, int); + size_t, int, int); protected struct mlist *file_apprentice(struct magic_set *, const char *, int); protected uint64_t file_signextend(struct magic_set *, struct magic *, uint64_t); Modified: releng/9.3/contrib/file/funcs.c ============================================================================== --- releng/9.3/contrib/file/funcs.c Tue Jun 24 19:05:08 2014 (r267829) +++ releng/9.3/contrib/file/funcs.c Tue Jun 24 19:05:19 2014 (r267830) @@ -228,7 +228,7 @@ file_buffer(struct magic_set *ms, int fd /* try soft magic tests */ if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - if ((m = file_softmagic(ms, ubuf, nb, BINTEST, + if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, looks_text)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); Modified: releng/9.3/contrib/file/softmagic.c ============================================================================== --- releng/9.3/contrib/file/softmagic.c Tue Jun 24 19:05:08 2014 (r267829) +++ releng/9.3/contrib/file/softmagic.c Tue Jun 24 19:05:19 2014 (r267830) @@ -43,9 +43,9 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.1 private int match(struct magic_set *, struct magic *, uint32_t, - const unsigned char *, size_t, int, int); + const unsigned char *, size_t, int, int, int); private int mget(struct magic_set *, const unsigned char *, - struct magic *, size_t, unsigned int, int); + struct magic *, size_t, unsigned int, int, int); private int magiccheck(struct magic_set *, struct magic *); private int32_t mprint(struct magic_set *, struct magic *); private int32_t moffset(struct magic_set *, struct magic *); @@ -60,6 +60,7 @@ private void cvt_16(union VALUETYPE *, c private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -67,13 +68,13 @@ private void cvt_64(union VALUETYPE *, c /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - int mode, int text) + size_t level, int mode, int text) { struct mlist *ml; int rv; for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, - text)) != 0) + text, level)) != 0) return rv; return 0; @@ -108,7 +109,8 @@ file_softmagic(struct magic_set *ms, con */ private int match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, - const unsigned char *s, size_t nbytes, int mode, int text) + const unsigned char *s, size_t nbytes, int mode, int text, + int recursion_level) { uint32_t magindex = 0; unsigned int cont_level = 0; @@ -140,7 +142,7 @@ match(struct magic_set *ms, struct magic ms->line = m->lineno; /* if main entry matches, print it... */ - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -223,7 +225,7 @@ match(struct magic_set *ms, struct magic continue; } #endif - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -1018,12 +1020,18 @@ mcopy(struct magic_set *ms, union VALUET private int mget(struct magic_set *ms, const unsigned char *s, - struct magic *m, size_t nbytes, unsigned int cont_level, int text) + struct magic *m, size_t nbytes, unsigned int cont_level, int text, + int recursion_level) { uint32_t offset = ms->offset; uint32_t count = m->str_range; union VALUETYPE *p = &ms->ms_value; + if (recursion_level >= 20) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) return -1; @@ -1073,7 +1081,7 @@ mget(struct magic_set *ms, const unsigne } switch (m->in_type) { case FILE_BYTE: - if (nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1108,7 +1116,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_BESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1160,7 +1168,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1212,7 +1220,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_SHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1249,7 +1257,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1320,7 +1328,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1390,7 +1398,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_MELONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1460,7 +1468,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1527,14 +1535,14 @@ mget(struct magic_set *ms, const unsigne /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1553,21 +1561,21 @@ mget(struct magic_set *ms, const unsigne case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; @@ -1577,13 +1585,15 @@ mget(struct magic_set *ms, const unsigne break; case FILE_INDIRECT: + if (offset == 0) + return 0; if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && file_printf(ms, "%s", m->desc) == -1) return -1; if (nbytes < offset) return 0; return file_softmagic(ms, s + offset, nbytes - offset, - BINTEST, text); + recursion_level, BINTEST, text); case FILE_DEFAULT: /* nothing to check */ default: From owner-svn-src-releng@FreeBSD.ORG Tue Jun 24 19:05:40 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4E90DCE8; Tue, 24 Jun 2014 19:05:40 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 37BC02D67; Tue, 24 Jun 2014 19:05:40 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJ5e9c089864; Tue, 24 Jun 2014 19:05:40 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5OJ5b3V089835; Tue, 24 Jun 2014 19:05:37 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406241905.s5OJ5b3V089835@svn.freebsd.org> From: Xin LI Date: Tue, 24 Jun 2014 19:05:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267831 - in releng: 9.1 9.1/contrib/file 9.1/contrib/file/Magdir 9.1/crypto/heimdal/lib/gssapi/krb5 9.1/sys/conf 9.2 9.2/contrib/file 9.2/contrib/file/Magdir 9.2/crypto/heimdal/lib/gss... X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:05:40 -0000 Author: delphij Date: Tue Jun 24 19:05:36 2014 New Revision: 267831 URL: http://svnweb.freebsd.org/changeset/base/267831 Log: Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16] Fix gss_pseudo_random interoperability issue. [EN-14:08] Security: CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so Modified: releng/9.1/UPDATING releng/9.1/contrib/file/Magdir/commands releng/9.1/contrib/file/ascmagic.c releng/9.1/contrib/file/file.h releng/9.1/contrib/file/funcs.c releng/9.1/contrib/file/softmagic.c releng/9.1/crypto/heimdal/lib/gssapi/krb5/prf.c releng/9.1/sys/conf/newvers.sh releng/9.2/UPDATING releng/9.2/contrib/file/Magdir/commands releng/9.2/contrib/file/ascmagic.c releng/9.2/contrib/file/file.h releng/9.2/contrib/file/funcs.c releng/9.2/contrib/file/softmagic.c releng/9.2/crypto/heimdal/lib/gssapi/krb5/prf.c releng/9.2/sys/conf/newvers.sh Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/UPDATING Tue Jun 24 19:05:36 2014 (r267831) @@ -9,6 +9,14 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140624: p16 FreeBSD-SA-14:16.file + FreeBSD-EN-14:08.heimdal + + Fix multiple vulnerabilities in file(1) and libmagic(3). + [SA-14:16] + + Fix gss_pseudo_random interoperability issue. [EN-14:08] + 20140605: p15 FreeBSD-SA-14:14.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:14] Modified: releng/9.1/contrib/file/Magdir/commands ============================================================================== --- releng/9.1/contrib/file/Magdir/commands Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/contrib/file/Magdir/commands Tue Jun 24 19:05:36 2014 (r267831) @@ -49,7 +49,8 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex =^\\s*BEGIN\\s*[{] awk script text +0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text +!:strength - 12 # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable Modified: releng/9.1/contrib/file/ascmagic.c ============================================================================== --- releng/9.1/contrib/file/ascmagic.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/contrib/file/ascmagic.c Tue Jun 24 19:05:36 2014 (r267831) @@ -147,7 +147,7 @@ file_ascmagic_with_encoding(struct magic == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) + (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) rv = -1; } Modified: releng/9.1/contrib/file/file.h ============================================================================== --- releng/9.1/contrib/file/file.h Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/contrib/file/file.h Tue Jun 24 19:05:36 2014 (r267831) @@ -414,7 +414,7 @@ protected int file_encoding(struct magic unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - int, int); + size_t, int, int); protected struct mlist *file_apprentice(struct magic_set *, const char *, int); protected uint64_t file_signextend(struct magic_set *, struct magic *, uint64_t); Modified: releng/9.1/contrib/file/funcs.c ============================================================================== --- releng/9.1/contrib/file/funcs.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/contrib/file/funcs.c Tue Jun 24 19:05:36 2014 (r267831) @@ -228,7 +228,7 @@ file_buffer(struct magic_set *ms, int fd /* try soft magic tests */ if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - if ((m = file_softmagic(ms, ubuf, nb, BINTEST, + if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, looks_text)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); Modified: releng/9.1/contrib/file/softmagic.c ============================================================================== --- releng/9.1/contrib/file/softmagic.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/contrib/file/softmagic.c Tue Jun 24 19:05:36 2014 (r267831) @@ -43,9 +43,9 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.1 private int match(struct magic_set *, struct magic *, uint32_t, - const unsigned char *, size_t, int, int); + const unsigned char *, size_t, int, int, int); private int mget(struct magic_set *, const unsigned char *, - struct magic *, size_t, unsigned int, int); + struct magic *, size_t, unsigned int, int, int); private int magiccheck(struct magic_set *, struct magic *); private int32_t mprint(struct magic_set *, struct magic *); private int32_t moffset(struct magic_set *, struct magic *); @@ -60,6 +60,7 @@ private void cvt_16(union VALUETYPE *, c private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -67,13 +68,13 @@ private void cvt_64(union VALUETYPE *, c /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - int mode, int text) + size_t level, int mode, int text) { struct mlist *ml; int rv; for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, - text)) != 0) + text, level)) != 0) return rv; return 0; @@ -108,7 +109,8 @@ file_softmagic(struct magic_set *ms, con */ private int match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, - const unsigned char *s, size_t nbytes, int mode, int text) + const unsigned char *s, size_t nbytes, int mode, int text, + int recursion_level) { uint32_t magindex = 0; unsigned int cont_level = 0; @@ -140,7 +142,7 @@ match(struct magic_set *ms, struct magic ms->line = m->lineno; /* if main entry matches, print it... */ - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -223,7 +225,7 @@ match(struct magic_set *ms, struct magic continue; } #endif - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -1018,12 +1020,18 @@ mcopy(struct magic_set *ms, union VALUET private int mget(struct magic_set *ms, const unsigned char *s, - struct magic *m, size_t nbytes, unsigned int cont_level, int text) + struct magic *m, size_t nbytes, unsigned int cont_level, int text, + int recursion_level) { uint32_t offset = ms->offset; uint32_t count = m->str_range; union VALUETYPE *p = &ms->ms_value; + if (recursion_level >= 20) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) return -1; @@ -1073,7 +1081,7 @@ mget(struct magic_set *ms, const unsigne } switch (m->in_type) { case FILE_BYTE: - if (nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1108,7 +1116,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_BESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1160,7 +1168,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1212,7 +1220,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_SHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1249,7 +1257,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1320,7 +1328,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1390,7 +1398,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_MELONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1460,7 +1468,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1527,14 +1535,14 @@ mget(struct magic_set *ms, const unsigne /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1553,21 +1561,21 @@ mget(struct magic_set *ms, const unsigne case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; @@ -1577,13 +1585,15 @@ mget(struct magic_set *ms, const unsigne break; case FILE_INDIRECT: + if (offset == 0) + return 0; if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && file_printf(ms, "%s", m->desc) == -1) return -1; if (nbytes < offset) return 0; return file_softmagic(ms, s + offset, nbytes - offset, - BINTEST, text); + recursion_level, BINTEST, text); case FILE_DEFAULT: /* nothing to check */ default: Modified: releng/9.1/crypto/heimdal/lib/gssapi/krb5/prf.c ============================================================================== --- releng/9.1/crypto/heimdal/lib/gssapi/krb5/prf.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/crypto/heimdal/lib/gssapi/krb5/prf.c Tue Jun 24 19:05:36 2014 (r267831) @@ -117,7 +117,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_ num = 0; p = prf_out->value; while(desired_output_len > 0) { - _gsskrb5_encode_om_uint32(num, input.data); + _gsskrb5_encode_be_om_uint32(num, input.data); ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { OM_uint32 junk; Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.1/sys/conf/newvers.sh Tue Jun 24 19:05:36 2014 (r267831) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p15" +BRANCH="RELEASE-p16" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/UPDATING Tue Jun 24 19:05:36 2014 (r267831) @@ -11,6 +11,14 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140624: p9 FreeBSD-SA-14:16.file + FreeBSD-EN-14:08.heimdal + + Fix multiple vulnerabilities in file(1) and libmagic(3). + [SA-14:16] + + Fix gss_pseudo_random interoperability issue. [EN-14:08] + 20140605: p8 FreeBSD-SA-14:14.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:14] Modified: releng/9.2/contrib/file/Magdir/commands ============================================================================== --- releng/9.2/contrib/file/Magdir/commands Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/contrib/file/Magdir/commands Tue Jun 24 19:05:36 2014 (r267831) @@ -49,7 +49,8 @@ !:mime text/x-awk 0 string/wt #!\ /usr/bin/awk awk script text executable !:mime text/x-awk -0 regex =^\\s*BEGIN\\s*[{] awk script text +0 regex =^\\s{0,100}BEGIN\\s{0,100}[{] awk script text +!:strength - 12 # AT&T Bell Labs' Plan 9 shell 0 string/wt #!\ /bin/rc Plan 9 rc shell script text executable Modified: releng/9.2/contrib/file/ascmagic.c ============================================================================== --- releng/9.2/contrib/file/ascmagic.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/contrib/file/ascmagic.c Tue Jun 24 19:05:36 2014 (r267831) @@ -147,7 +147,7 @@ file_ascmagic_with_encoding(struct magic == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, - (size_t)(utf8_end - utf8_buf), TEXTTEST, text)) == 0) + (size_t)(utf8_end - utf8_buf), 0, TEXTTEST, text)) == 0) rv = -1; } Modified: releng/9.2/contrib/file/file.h ============================================================================== --- releng/9.2/contrib/file/file.h Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/contrib/file/file.h Tue Jun 24 19:05:36 2014 (r267831) @@ -414,7 +414,7 @@ protected int file_encoding(struct magic unichar **, size_t *, const char **, const char **, const char **); protected int file_is_tar(struct magic_set *, const unsigned char *, size_t); protected int file_softmagic(struct magic_set *, const unsigned char *, size_t, - int, int); + size_t, int, int); protected struct mlist *file_apprentice(struct magic_set *, const char *, int); protected uint64_t file_signextend(struct magic_set *, struct magic *, uint64_t); Modified: releng/9.2/contrib/file/funcs.c ============================================================================== --- releng/9.2/contrib/file/funcs.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/contrib/file/funcs.c Tue Jun 24 19:05:36 2014 (r267831) @@ -228,7 +228,7 @@ file_buffer(struct magic_set *ms, int fd /* try soft magic tests */ if ((ms->flags & MAGIC_NO_CHECK_SOFT) == 0) - if ((m = file_softmagic(ms, ubuf, nb, BINTEST, + if ((m = file_softmagic(ms, ubuf, nb, 0, BINTEST, looks_text)) != 0) { if ((ms->flags & MAGIC_DEBUG) != 0) (void)fprintf(stderr, "softmagic %d\n", m); Modified: releng/9.2/contrib/file/softmagic.c ============================================================================== --- releng/9.2/contrib/file/softmagic.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/contrib/file/softmagic.c Tue Jun 24 19:05:36 2014 (r267831) @@ -43,9 +43,9 @@ FILE_RCSID("@(#)$File: softmagic.c,v 1.1 private int match(struct magic_set *, struct magic *, uint32_t, - const unsigned char *, size_t, int, int); + const unsigned char *, size_t, int, int, int); private int mget(struct magic_set *, const unsigned char *, - struct magic *, size_t, unsigned int, int); + struct magic *, size_t, unsigned int, int, int); private int magiccheck(struct magic_set *, struct magic *); private int32_t mprint(struct magic_set *, struct magic *); private int32_t moffset(struct magic_set *, struct magic *); @@ -60,6 +60,7 @@ private void cvt_16(union VALUETYPE *, c private void cvt_32(union VALUETYPE *, const struct magic *); private void cvt_64(union VALUETYPE *, const struct magic *); +#define OFFSET_OOB(n, o, i) ((n) < (o) || (i) > ((n) - (o))) /* * softmagic - lookup one file in parsed, in-memory copy of database * Passed the name and FILE * of one file to be typed. @@ -67,13 +68,13 @@ private void cvt_64(union VALUETYPE *, c /*ARGSUSED1*/ /* nbytes passed for regularity, maybe need later */ protected int file_softmagic(struct magic_set *ms, const unsigned char *buf, size_t nbytes, - int mode, int text) + size_t level, int mode, int text) { struct mlist *ml; int rv; for (ml = ms->mlist->next; ml != ms->mlist; ml = ml->next) if ((rv = match(ms, ml->magic, ml->nmagic, buf, nbytes, mode, - text)) != 0) + text, level)) != 0) return rv; return 0; @@ -108,7 +109,8 @@ file_softmagic(struct magic_set *ms, con */ private int match(struct magic_set *ms, struct magic *magic, uint32_t nmagic, - const unsigned char *s, size_t nbytes, int mode, int text) + const unsigned char *s, size_t nbytes, int mode, int text, + int recursion_level) { uint32_t magindex = 0; unsigned int cont_level = 0; @@ -140,7 +142,7 @@ match(struct magic_set *ms, struct magic ms->line = m->lineno; /* if main entry matches, print it... */ - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -223,7 +225,7 @@ match(struct magic_set *ms, struct magic continue; } #endif - switch (mget(ms, s, m, nbytes, cont_level, text)) { + switch (mget(ms, s, m, nbytes, cont_level, text, recursion_level + 1)) { case -1: return -1; case 0: @@ -1018,12 +1020,18 @@ mcopy(struct magic_set *ms, union VALUET private int mget(struct magic_set *ms, const unsigned char *s, - struct magic *m, size_t nbytes, unsigned int cont_level, int text) + struct magic *m, size_t nbytes, unsigned int cont_level, int text, + int recursion_level) { uint32_t offset = ms->offset; uint32_t count = m->str_range; union VALUETYPE *p = &ms->ms_value; + if (recursion_level >= 20) { + file_error(ms, 0, "recursion nesting exceeded"); + return -1; + } + if (mcopy(ms, p, m->type, m->flag & INDIR, s, offset, nbytes, count) == -1) return -1; @@ -1073,7 +1081,7 @@ mget(struct magic_set *ms, const unsigne } switch (m->in_type) { case FILE_BYTE: - if (nbytes < (offset + 1)) + if (OFFSET_OOB(nbytes, offset, 1)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1108,7 +1116,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_BESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1160,7 +1168,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1212,7 +1220,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_SHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1249,7 +1257,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_BELONG: case FILE_BEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1320,7 +1328,7 @@ mget(struct magic_set *ms, const unsigne break; case FILE_LELONG: case FILE_LEID3: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1390,7 +1398,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_MELONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1460,7 +1468,7 @@ mget(struct magic_set *ms, const unsigne offset = ~offset; break; case FILE_LONG: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; if (off) { switch (m->in_op & FILE_OPS_MASK) { @@ -1527,14 +1535,14 @@ mget(struct magic_set *ms, const unsigne /* Verify we have enough data to match magic type */ switch (m->type) { case FILE_BYTE: - if (nbytes < (offset + 1)) /* should alway be true */ + if (OFFSET_OOB(nbytes, offset, 1)) return 0; break; case FILE_SHORT: case FILE_BESHORT: case FILE_LESHORT: - if (nbytes < (offset + 2)) + if (OFFSET_OOB(nbytes, offset, 2)) return 0; break; @@ -1553,21 +1561,21 @@ mget(struct magic_set *ms, const unsigne case FILE_FLOAT: case FILE_BEFLOAT: case FILE_LEFLOAT: - if (nbytes < (offset + 4)) + if (OFFSET_OOB(nbytes, offset, 4)) return 0; break; case FILE_DOUBLE: case FILE_BEDOUBLE: case FILE_LEDOUBLE: - if (nbytes < (offset + 8)) + if (OFFSET_OOB(nbytes, offset, 8)) return 0; break; case FILE_STRING: case FILE_PSTRING: case FILE_SEARCH: - if (nbytes < (offset + m->vallen)) + if (OFFSET_OOB(nbytes, offset, m->vallen)) return 0; break; @@ -1577,13 +1585,15 @@ mget(struct magic_set *ms, const unsigne break; case FILE_INDIRECT: + if (offset == 0) + return 0; if ((ms->flags & (MAGIC_MIME|MAGIC_APPLE)) == 0 && file_printf(ms, "%s", m->desc) == -1) return -1; if (nbytes < offset) return 0; return file_softmagic(ms, s + offset, nbytes - offset, - BINTEST, text); + recursion_level, BINTEST, text); case FILE_DEFAULT: /* nothing to check */ default: Modified: releng/9.2/crypto/heimdal/lib/gssapi/krb5/prf.c ============================================================================== --- releng/9.2/crypto/heimdal/lib/gssapi/krb5/prf.c Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/crypto/heimdal/lib/gssapi/krb5/prf.c Tue Jun 24 19:05:36 2014 (r267831) @@ -117,7 +117,7 @@ _gsskrb5_pseudo_random(OM_uint32 *minor_ num = 0; p = prf_out->value; while(desired_output_len > 0) { - _gsskrb5_encode_om_uint32(num, input.data); + _gsskrb5_encode_be_om_uint32(num, input.data); ret = krb5_crypto_prf(context, crypto, &input, &output); if (ret) { OM_uint32 junk; Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Tue Jun 24 19:05:19 2014 (r267830) +++ releng/9.2/sys/conf/newvers.sh Tue Jun 24 19:05:36 2014 (r267831) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p8" +BRANCH="RELEASE-p9" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@FreeBSD.ORG Tue Jun 24 19:05:49 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 00D60E1A; Tue, 24 Jun 2014 19:05:48 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E055A2D6B; Tue, 24 Jun 2014 19:05:48 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OJ5maW089973; Tue, 24 Jun 2014 19:05:48 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5OJ5m5G089962; Tue, 24 Jun 2014 19:05:48 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406241905.s5OJ5m5G089962@svn.freebsd.org> From: Xin LI Date: Tue, 24 Jun 2014 19:05:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267832 - in releng/8.4: . contrib/file crypto/heimdal/lib/gssapi/krb5 sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 19:05:49 -0000 Author: delphij Date: Tue Jun 24 19:05:47 2014 New Revision: 267832 URL: http://svnweb.freebsd.org/changeset/base/267832 Log: Fix multiple vulnerabilities in file(1) and libmagic(3). [SA-14:16] Fix gss_pseudo_random interoperability issue. [EN-14:08] Security: CVE-2012-1571, CVE-2013-7345, CVE-2014-1943, CVE-2014-2270 Security: FreeBSD-SA-14:16.file Approved by: so Modified: releng/8.4/UPDATING releng/8.4/contrib/file/ascmagic.c releng/8.4/contrib/file/cdf.c releng/8.4/contrib/file/cdf.h releng/8.4/contrib/file/cdf_time.c releng/8.4/contrib/file/file.h releng/8.4/contrib/file/funcs.c releng/8.4/contrib/file/readcdf.c releng/8.4/contrib/file/softmagic.c releng/8.4/crypto/heimdal/lib/gssapi/krb5/prf.c releng/8.4/sys/conf/newvers.sh Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Tue Jun 24 19:05:36 2014 (r267831) +++ releng/8.4/UPDATING Tue Jun 24 19:05:47 2014 (r267832) @@ -15,6 +15,14 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140624: p13 FreeBSD-SA-14:16.file + FreeBSD-EN-14:08.heimdal + + Fix multiple vulnerabilities in file(1) and libmagic(3). + [SA-14:16] + + Fix gss_pseudo_random interoperability issue. [EN-14:08] + 20140605: p12 FreeBSD-SA-14:14.openssl Fix OpenSSL multiple vulnerabilities. [SA-14:14] Modified: releng/8.4/contrib/file/ascmagic.c ============================================================================== --- releng/8.4/contrib/file/ascmagic.c Tue Jun 24 19:05:36 2014 (r267831) +++ releng/8.4/contrib/file/ascmagic.c Tue Jun 24 19:05:47 2014 (r267832) @@ -151,7 +151,7 @@ file_ascmagic_with_encoding(struct magic if ((utf8_end = encode_utf8(utf8_buf, mlen, ubuf, ulen)) == NULL) goto done; if ((rv = file_softmagic(ms, utf8_buf, (size_t)(utf8_end - utf8_buf), - TEXTTEST)) != 0) + 0, TEXTTEST)) != 0) goto done; else rv = -1; Modified: releng/8.4/contrib/file/cdf.c ============================================================================== --- releng/8.4/contrib/file/cdf.c Tue Jun 24 19:05:36 2014 (r267831) +++ releng/8.4/contrib/file/cdf.c Tue Jun 24 19:05:47 2014 (r267832) @@ -24,15 +24,18 @@ * POSSIBILITY OF SUCH DAMAGE. */ /* - * Parse composite document files, the format used in Microsoft Office - * document files before they switched to zipped xml. + * Parse Composite Document Files, the format used in Microsoft Office + * document files before they switched to zipped XML. * Info from: http://sc.openoffice.org/compdocfileformat.pdf + * + * N.B. This is the "Composite Document File" format, and not the + * "Compound Document Format", nor the "Channel Definition Format". */ #include "file.h" #ifndef lint -FILE_RCSID("@(#)$File: cdf.c,v 1.30 2009/05/06 14:29:47 christos Exp $") +FILE_RCSID("@(#)$File: cdf.c,v 1.49 2012/02/20 20:04:37 christos Exp $") #endif #include @@ -44,6 +47,9 @@ FILE_RCSID("@(#)$File: cdf.c,v 1.30 2009 #include #include #include +#ifdef HAVE_LIMITS_H +#include +#endif #ifndef EFTYPE #define EFTYPE EINVAL @@ -51,10 +57,6 @@ FILE_RCSID("@(#)$File: cdf.c,v 1.30 2009 #include "cdf.h" -#ifndef __arraycount -#define __arraycount(a) (sizeof(a) / sizeof(a[0])) -#endif - #ifdef CDF_DEBUG #define DPRINTF(a) printf a, fflush(stdout) #else @@ -68,19 +70,21 @@ static union { #define NEED_SWAP (cdf_bo.u == (uint32_t)0x01020304) -#define CDF_TOLE8(x) (NEED_SWAP ? cdf_tole8(x) : (uint64_t)(x)) -#define CDF_TOLE4(x) (NEED_SWAP ? cdf_tole4(x) : (uint32_t)(x)) -#define CDF_TOLE2(x) (NEED_SWAP ? cdf_tole2(x) : (uint16_t)(x)) +#define CDF_TOLE8(x) ((uint64_t)(NEED_SWAP ? _cdf_tole8(x) : (uint64_t)(x))) +#define CDF_TOLE4(x) ((uint32_t)(NEED_SWAP ? _cdf_tole4(x) : (uint32_t)(x))) +#define CDF_TOLE2(x) ((uint16_t)(NEED_SWAP ? _cdf_tole2(x) : (uint16_t)(x))) +#define CDF_GETUINT32(x, y) cdf_getuint32(x, y) + /* * swap a short */ -uint16_t -cdf_tole2(uint16_t sv) +static uint16_t +_cdf_tole2(uint16_t sv) { uint16_t rv; - uint8_t *s = (uint8_t *)(void *)&sv; - uint8_t *d = (uint8_t *)(void *)&rv; + uint8_t *s = (uint8_t *)(void *)&sv; + uint8_t *d = (uint8_t *)(void *)&rv; d[0] = s[1]; d[1] = s[0]; return rv; @@ -89,12 +93,12 @@ cdf_tole2(uint16_t sv) /* * swap an int */ -uint32_t -cdf_tole4(uint32_t sv) +static uint32_t +_cdf_tole4(uint32_t sv) { uint32_t rv; - uint8_t *s = (uint8_t *)(void *)&sv; - uint8_t *d = (uint8_t *)(void *)&rv; + uint8_t *s = (uint8_t *)(void *)&sv; + uint8_t *d = (uint8_t *)(void *)&rv; d[0] = s[3]; d[1] = s[2]; d[2] = s[1]; @@ -105,12 +109,12 @@ cdf_tole4(uint32_t sv) /* * swap a quad */ -uint64_t -cdf_tole8(uint64_t sv) +static uint64_t +_cdf_tole8(uint64_t sv) { uint64_t rv; - uint8_t *s = (uint8_t *)(void *)&sv; - uint8_t *d = (uint8_t *)(void *)&rv; + uint8_t *s = (uint8_t *)(void *)&sv; + uint8_t *d = (uint8_t *)(void *)&rv; d[0] = s[7]; d[1] = s[6]; d[2] = s[5]; @@ -122,11 +126,41 @@ cdf_tole8(uint64_t sv) return rv; } +/* + * grab a uint32_t from a possibly unaligned address, and return it in + * the native host order. + */ +static uint32_t +cdf_getuint32(const uint8_t *p, size_t offs) +{ + uint32_t rv; + (void)memcpy(&rv, p + offs * sizeof(uint32_t), sizeof(rv)); + return CDF_TOLE4(rv); +} + #define CDF_UNPACK(a) \ (void)memcpy(&(a), &buf[len], sizeof(a)), len += sizeof(a) #define CDF_UNPACKA(a) \ (void)memcpy((a), &buf[len], sizeof(a)), len += sizeof(a) +uint16_t +cdf_tole2(uint16_t sv) +{ + return CDF_TOLE2(sv); +} + +uint32_t +cdf_tole4(uint32_t sv) +{ + return CDF_TOLE4(sv); +} + +uint64_t +cdf_tole8(uint64_t sv) +{ + return CDF_TOLE8(sv); +} + void cdf_swap_header(cdf_header_t *h) { @@ -145,15 +179,15 @@ cdf_swap_header(cdf_header_t *h) h->h_min_size_standard_stream = CDF_TOLE4(h->h_min_size_standard_stream); h->h_secid_first_sector_in_short_sat = - CDF_TOLE4(h->h_secid_first_sector_in_short_sat); + CDF_TOLE4((uint32_t)h->h_secid_first_sector_in_short_sat); h->h_num_sectors_in_short_sat = CDF_TOLE4(h->h_num_sectors_in_short_sat); h->h_secid_first_sector_in_master_sat = - CDF_TOLE4(h->h_secid_first_sector_in_master_sat); + CDF_TOLE4((uint32_t)h->h_secid_first_sector_in_master_sat); h->h_num_sectors_in_master_sat = CDF_TOLE4(h->h_num_sectors_in_master_sat); for (i = 0; i < __arraycount(h->h_master_sat); i++) - h->h_master_sat[i] = CDF_TOLE4(h->h_master_sat[i]); + h->h_master_sat[i] = CDF_TOLE4((uint32_t)h->h_master_sat[i]); } void @@ -186,15 +220,15 @@ void cdf_swap_dir(cdf_directory_t *d) { d->d_namelen = CDF_TOLE2(d->d_namelen); - d->d_left_child = CDF_TOLE4(d->d_left_child); - d->d_right_child = CDF_TOLE4(d->d_right_child); - d->d_storage = CDF_TOLE4(d->d_storage); + d->d_left_child = CDF_TOLE4((uint32_t)d->d_left_child); + d->d_right_child = CDF_TOLE4((uint32_t)d->d_right_child); + d->d_storage = CDF_TOLE4((uint32_t)d->d_storage); d->d_storage_uuid[0] = CDF_TOLE8(d->d_storage_uuid[0]); d->d_storage_uuid[1] = CDF_TOLE8(d->d_storage_uuid[1]); d->d_flags = CDF_TOLE4(d->d_flags); - d->d_created = CDF_TOLE8(d->d_created); - d->d_modified = CDF_TOLE8(d->d_modified); - d->d_stream_first_sector = CDF_TOLE4(d->d_stream_first_sector); + d->d_created = CDF_TOLE8((uint64_t)d->d_created); + d->d_modified = CDF_TOLE8((uint64_t)d->d_modified); + d->d_stream_first_sector = CDF_TOLE4((uint32_t)d->d_stream_first_sector); d->d_size = CDF_TOLE4(d->d_size); } @@ -228,14 +262,18 @@ cdf_unpack_dir(cdf_directory_t *d, char } static int -cdf_check_stream_offset(const cdf_stream_t *sst, const void *p, size_t tail) +cdf_check_stream_offset(const cdf_stream_t *sst, const cdf_header_t *h, + const void *p, size_t tail, int line) { const char *b = (const char *)sst->sst_tab; const char *e = ((const char *)p) + tail; - if (e >= b && (size_t)(e - b) < sst->sst_dirlen * sst->sst_len) + (void)&line; + if (e >= b && (size_t)(e - b) < CDF_SEC_SIZE(h) * sst->sst_len) return 0; - DPRINTF((stderr, "offset begin %p end %p %zu >= %zu\n", b, e, - (size_t)(e - b), sst->sst_dirlen * sst->sst_len)); + DPRINTF(("%d: offset begin %p end %p %" SIZE_T_FORMAT "u" + " >= %" SIZE_T_FORMAT "u [%" SIZE_T_FORMAT "u %" + SIZE_T_FORMAT "u]\n", line, b, e, (size_t)(e - b), + CDF_SEC_SIZE(h) * sst->sst_len, CDF_SEC_SIZE(h), sst->sst_len)); errno = EFTYPE; return -1; } @@ -278,7 +316,8 @@ cdf_read_header(const cdf_info_t *info, cdf_unpack_header(h, buf); cdf_swap_header(h); if (h->h_magic != CDF_MAGIC) { - DPRINTF(("Bad magic 0x%llx != 0x%llx\n", + DPRINTF(("Bad magic 0x%" INT64_T_FORMAT "x != 0x%" + INT64_T_FORMAT "x\n", (unsigned long long)h->h_magic, (unsigned long long)CDF_MAGIC)); goto out; @@ -303,18 +342,27 @@ ssize_t cdf_read_sector(const cdf_info_t *info, void *buf, size_t offs, size_t len, const cdf_header_t *h, cdf_secid_t id) { - assert((size_t)CDF_SEC_SIZE(h) == len); - return cdf_read(info, (off_t)CDF_SEC_POS(h, id), - ((char *)buf) + offs, len); + size_t ss = CDF_SEC_SIZE(h); + size_t pos = CDF_SEC_POS(h, id); + assert(ss == len); + return cdf_read(info, (off_t)pos, ((char *)buf) + offs, len); } ssize_t cdf_read_short_sector(const cdf_stream_t *sst, void *buf, size_t offs, size_t len, const cdf_header_t *h, cdf_secid_t id) { - assert((size_t)CDF_SHORT_SEC_SIZE(h) == len); + size_t ss = CDF_SHORT_SEC_SIZE(h); + size_t pos = CDF_SHORT_SEC_POS(h, id); + assert(ss == len); + if (pos > CDF_SEC_SIZE(h) * sst->sst_len) { + DPRINTF(("Out of bounds read %" SIZE_T_FORMAT "u > %" + SIZE_T_FORMAT "u\n", + pos, CDF_SEC_SIZE(h) * sst->sst_len)); + return -1; + } (void)memcpy(((char *)buf) + offs, - ((const char *)sst->sst_tab) + CDF_SHORT_SEC_POS(h, id), len); + ((const char *)sst->sst_tab) + pos, len); return len; } @@ -334,17 +382,20 @@ cdf_read_sat(const cdf_info_t *info, cdf break; #define CDF_SEC_LIMIT (UINT32_MAX / (4 * ss)) - if (h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec || + if ((nsatpersec > 0 && + h->h_num_sectors_in_master_sat > CDF_SEC_LIMIT / nsatpersec) || i > CDF_SEC_LIMIT) { - DPRINTF(("Number of sectors in master SAT too big %u %zu\n", - h->h_num_sectors_in_master_sat, i)); + DPRINTF(("Number of sectors in master SAT too big %u %" + SIZE_T_FORMAT "u\n", h->h_num_sectors_in_master_sat, i)); errno = EFTYPE; return -1; } sat->sat_len = h->h_num_sectors_in_master_sat * nsatpersec + i; - DPRINTF(("sat_len = %zu ss = %zu\n", sat->sat_len, ss)); - if ((sat->sat_tab = calloc(sat->sat_len, ss)) == NULL) + DPRINTF(("sat_len = %" SIZE_T_FORMAT "u ss = %" SIZE_T_FORMAT "u\n", + sat->sat_len, ss)); + if ((sat->sat_tab = CAST(cdf_secid_t *, calloc(sat->sat_len, ss))) + == NULL) return -1; for (i = 0; i < __arraycount(h->h_master_sat); i++) { @@ -357,7 +408,7 @@ cdf_read_sat(const cdf_info_t *info, cdf } } - if ((msa = calloc(1, ss)) == NULL) + if ((msa = CAST(cdf_secid_t *, calloc(1, ss))) == NULL) goto out1; mid = h->h_secid_first_sector_in_master_sat; @@ -374,12 +425,12 @@ cdf_read_sat(const cdf_info_t *info, cdf goto out2; } for (k = 0; k < nsatpersec; k++, i++) { - sec = CDF_TOLE4(msa[k]); + sec = CDF_TOLE4((uint32_t)msa[k]); if (sec < 0) goto out; if (i >= sat->sat_len) { - DPRINTF(("Out of bounds reading MSA %u >= %u", - i, sat->sat_len)); + DPRINTF(("Out of bounds reading MSA %" SIZE_T_FORMAT + "u >= %" SIZE_T_FORMAT "u", i, sat->sat_len)); errno = EFTYPE; goto out2; } @@ -390,7 +441,7 @@ cdf_read_sat(const cdf_info_t *info, cdf goto out2; } } - mid = CDF_TOLE4(msa[nsatpersec]); + mid = CDF_TOLE4((uint32_t)msa[nsatpersec]); } out: sat->sat_len = i; @@ -422,7 +473,7 @@ cdf_count_chain(const cdf_sat_t *sat, cd errno = EFTYPE; return (size_t)-1; } - sid = CDF_TOLE4(sat->sat_tab[sid]); + sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]); } DPRINTF(("\n")); return i; @@ -452,7 +503,8 @@ cdf_read_long_sector_chain(const cdf_inf } if (i >= scn->sst_len) { DPRINTF(("Out of bounds reading long sector chain " - "%u > %u\n", i, scn->sst_len)); + "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, + scn->sst_len)); errno = EFTYPE; goto out; } @@ -465,7 +517,7 @@ cdf_read_long_sector_chain(const cdf_inf DPRINTF(("Reading long sector chain %d", sid)); goto out; } - sid = CDF_TOLE4(sat->sat_tab[sid]); + sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]); } return 0; out: @@ -497,7 +549,8 @@ cdf_read_short_sector_chain(const cdf_he } if (i >= scn->sst_len) { DPRINTF(("Out of bounds reading short sector chain " - "%u > %u\n", i, scn->sst_len)); + "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", + i, scn->sst_len)); errno = EFTYPE; goto out; } @@ -506,7 +559,7 @@ cdf_read_short_sector_chain(const cdf_he DPRINTF(("Reading short sector chain %d", sid)); goto out; } - sid = CDF_TOLE4(ssat->sat_tab[sid]); + sid = CDF_TOLE4((uint32_t)ssat->sat_tab[sid]); } return 0; out: @@ -520,7 +573,7 @@ cdf_read_sector_chain(const cdf_info_t * cdf_secid_t sid, size_t len, cdf_stream_t *scn) { - if (len < h->h_min_size_standard_stream) + if (len < h->h_min_size_standard_stream && sst->sst_tab != NULL) return cdf_read_short_sector_chain(h, ssat, sst, sid, len, scn); else @@ -543,11 +596,12 @@ cdf_read_dir(const cdf_info_t *info, con nd = ss / CDF_DIRECTORY_SIZE; dir->dir_len = ns * nd; - dir->dir_tab = calloc(dir->dir_len, sizeof(dir->dir_tab[0])); + dir->dir_tab = CAST(cdf_directory_t *, + calloc(dir->dir_len, sizeof(dir->dir_tab[0]))); if (dir->dir_tab == NULL) return -1; - if ((buf = malloc(ss)) == NULL) { + if ((buf = CAST(char *, malloc(ss))) == NULL) { free(dir->dir_tab); return -1; } @@ -566,7 +620,7 @@ cdf_read_dir(const cdf_info_t *info, con cdf_unpack_dir(&dir->dir_tab[i * nd + j], &buf[j * CDF_DIRECTORY_SIZE]); } - sid = CDF_TOLE4(sat->sat_tab[sid]); + sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]); } if (NEED_SWAP) for (i = 0; i < dir->dir_len; i++) @@ -592,7 +646,7 @@ cdf_read_ssat(const cdf_info_t *info, co if (ssat->sat_len == (size_t)-1) return -1; - ssat->sat_tab = calloc(ssat->sat_len, ss); + ssat->sat_tab = CAST(cdf_secid_t *, calloc(ssat->sat_len, ss)); if (ssat->sat_tab == NULL) return -1; @@ -604,7 +658,8 @@ cdf_read_ssat(const cdf_info_t *info, co } if (i >= ssat->sat_len) { DPRINTF(("Out of bounds reading short sector chain " - "%u > %u\n", i, ssat->sat_len)); + "%" SIZE_T_FORMAT "u > %" SIZE_T_FORMAT "u\n", i, + ssat->sat_len)); errno = EFTYPE; goto out; } @@ -613,7 +668,7 @@ cdf_read_ssat(const cdf_info_t *info, co DPRINTF(("Reading short sat sector %d", sid)); goto out; } - sid = CDF_TOLE4(sat->sat_tab[sid]); + sid = CDF_TOLE4((uint32_t)sat->sat_tab[sid]); } return 0; out: @@ -641,7 +696,7 @@ cdf_read_short_stream(const cdf_info_t * if (d->d_stream_first_sector < 0) goto out; - return cdf_read_long_sector_chain(info, h, sat, + return cdf_read_long_sector_chain(info, h, sat, d->d_stream_first_sector, d->d_size, scn); out: scn->sst_tab = NULL; @@ -668,44 +723,45 @@ cdf_read_summary_info(const cdf_info_t * const cdf_directory_t *d; static const char name[] = "\05SummaryInformation"; - for (i = 0; i < dir->dir_len; i++) - if (dir->dir_tab[i].d_type == CDF_DIR_TYPE_USER_STREAM && - cdf_namecmp(name, dir->dir_tab[i].d_name, sizeof(name)) + for (i = dir->dir_len; i > 0; i--) + if (dir->dir_tab[i - 1].d_type == CDF_DIR_TYPE_USER_STREAM && + cdf_namecmp(name, dir->dir_tab[i - 1].d_name, sizeof(name)) == 0) break; - if (i == dir->dir_len) { + if (i == 0) { DPRINTF(("Cannot find summary information section\n")); - errno = EFTYPE; + errno = ESRCH; return -1; } - d = &dir->dir_tab[i]; + d = &dir->dir_tab[i - 1]; return cdf_read_sector_chain(info, h, sat, ssat, sst, d->d_stream_first_sector, d->d_size, scn); } int -cdf_read_property_info(const cdf_stream_t *sst, uint32_t offs, - cdf_property_info_t **info, size_t *count, size_t *maxcount) +cdf_read_property_info(const cdf_stream_t *sst, const cdf_header_t *h, + uint32_t offs, cdf_property_info_t **info, size_t *count, size_t *maxcount) { const cdf_section_header_t *shp; cdf_section_header_t sh; - const uint32_t *p, *q, *e; + const uint8_t *p, *q, *e; int16_t s16; int32_t s32; uint32_t u32; int64_t s64; uint64_t u64; cdf_timestamp_t tp; - size_t i, o, nelements, j; + size_t i, o, o4, nelements, j; cdf_property_info_t *inp; if (offs > UINT32_MAX / 4) { errno = EFTYPE; goto out; } - shp = (const void *)((const char *)sst->sst_tab + offs); - if (cdf_check_stream_offset(sst, shp, sizeof(*shp)) == -1) + shp = CAST(const cdf_section_header_t *, (const void *) + ((const char *)sst->sst_tab + offs)); + if (cdf_check_stream_offset(sst, h, shp, sizeof(*shp), __LINE__) == -1) goto out; sh.sh_len = CDF_TOLE4(shp->sh_len); #define CDF_SHLEN_LIMIT (UINT32_MAX / 8) @@ -723,105 +779,137 @@ cdf_read_property_info(const cdf_stream_ if (*maxcount > CDF_PROP_LIMIT) goto out; *maxcount += sh.sh_properties; - inp = realloc(*info, *maxcount * sizeof(*inp)); + inp = CAST(cdf_property_info_t *, + realloc(*info, *maxcount * sizeof(*inp))); } else { *maxcount = sh.sh_properties; - inp = malloc(*maxcount * sizeof(*inp)); + inp = CAST(cdf_property_info_t *, + malloc(*maxcount * sizeof(*inp))); } if (inp == NULL) goto out; *info = inp; inp += *count; *count += sh.sh_properties; - p = (const void *)((const char *)sst->sst_tab + offs + sizeof(sh)); - e = (const void *)(((const char *)shp) + sh.sh_len); - if (cdf_check_stream_offset(sst, e, 0) == -1) + p = CAST(const uint8_t *, (const void *) + ((const char *)(const void *)sst->sst_tab + + offs + sizeof(sh))); + e = CAST(const uint8_t *, (const void *) + (((const char *)(const void *)shp) + sh.sh_len)); + if (cdf_check_stream_offset(sst, h, e, 0, __LINE__) == -1) goto out; for (i = 0; i < sh.sh_properties; i++) { - q = (const uint32_t *)((const char *)p + - CDF_TOLE4(p[(i << 1) + 1])) - 2; + size_t ofs = CDF_GETUINT32(p, (i << 1) + 1); + q = (const uint8_t *)(const void *) + ((const char *)(const void *)p + ofs + - 2 * sizeof(uint32_t)); if (q > e) { DPRINTF(("Ran of the end %p > %p\n", q, e)); goto out; } - inp[i].pi_id = CDF_TOLE4(p[i << 1]); - inp[i].pi_type = CDF_TOLE4(q[0]); - DPRINTF(("%d) id=%x type=%x offs=%x\n", i, inp[i].pi_id, - inp[i].pi_type, (const char *)q - (const char *)p)); + inp[i].pi_id = CDF_GETUINT32(p, i << 1); + inp[i].pi_type = CDF_GETUINT32(q, 0); + DPRINTF(("%" SIZE_T_FORMAT "u) id=%x type=%x offs=0x%tx,0x%x\n", + i, inp[i].pi_id, inp[i].pi_type, q - p, offs)); if (inp[i].pi_type & CDF_VECTOR) { - nelements = CDF_TOLE4(q[1]); + nelements = CDF_GETUINT32(q, 1); o = 2; } else { nelements = 1; o = 1; } + o4 = o * sizeof(uint32_t); if (inp[i].pi_type & (CDF_ARRAY|CDF_BYREF|CDF_RESERVED)) goto unknown; switch (inp[i].pi_type & CDF_TYPEMASK) { + case CDF_NULL: case CDF_EMPTY: break; case CDF_SIGNED16: if (inp[i].pi_type & CDF_VECTOR) goto unknown; - (void)memcpy(&s16, &q[o], sizeof(s16)); + (void)memcpy(&s16, &q[o4], sizeof(s16)); inp[i].pi_s16 = CDF_TOLE2(s16); break; case CDF_SIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; - (void)memcpy(&s32, &q[o], sizeof(s32)); - inp[i].pi_s32 = CDF_TOLE4(s32); + (void)memcpy(&s32, &q[o4], sizeof(s32)); + inp[i].pi_s32 = CDF_TOLE4((uint32_t)s32); break; case CDF_BOOL: case CDF_UNSIGNED32: if (inp[i].pi_type & CDF_VECTOR) goto unknown; - (void)memcpy(&u32, &q[o], sizeof(u32)); + (void)memcpy(&u32, &q[o4], sizeof(u32)); inp[i].pi_u32 = CDF_TOLE4(u32); break; case CDF_SIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; - (void)memcpy(&s64, &q[o], sizeof(s64)); - inp[i].pi_s64 = CDF_TOLE4(s64); + (void)memcpy(&s64, &q[o4], sizeof(s64)); + inp[i].pi_s64 = CDF_TOLE8((uint64_t)s64); break; case CDF_UNSIGNED64: if (inp[i].pi_type & CDF_VECTOR) goto unknown; - (void)memcpy(&u64, &q[o], sizeof(u64)); - inp[i].pi_u64 = CDF_TOLE4(u64); + (void)memcpy(&u64, &q[o4], sizeof(u64)); + inp[i].pi_u64 = CDF_TOLE8((uint64_t)u64); + break; + case CDF_FLOAT: + if (inp[i].pi_type & CDF_VECTOR) + goto unknown; + (void)memcpy(&u32, &q[o4], sizeof(u32)); + u32 = CDF_TOLE4(u32); + memcpy(&inp[i].pi_f, &u32, sizeof(inp[i].pi_f)); + break; + case CDF_DOUBLE: + if (inp[i].pi_type & CDF_VECTOR) + goto unknown; + (void)memcpy(&u64, &q[o4], sizeof(u64)); + u64 = CDF_TOLE8((uint64_t)u64); + memcpy(&inp[i].pi_d, &u64, sizeof(inp[i].pi_d)); break; case CDF_LENGTH32_STRING: + case CDF_LENGTH32_WSTRING: if (nelements > 1) { size_t nelem = inp - *info; if (*maxcount > CDF_PROP_LIMIT || nelements > CDF_PROP_LIMIT) goto out; *maxcount += nelements; - inp = realloc(*info, *maxcount * sizeof(*inp)); + inp = CAST(cdf_property_info_t *, + realloc(*info, *maxcount * sizeof(*inp))); if (inp == NULL) goto out; *info = inp; inp = *info + nelem; } - DPRINTF(("nelements = %d\n", nelements)); + DPRINTF(("nelements = %" SIZE_T_FORMAT "u\n", + nelements)); for (j = 0; j < nelements; j++, i++) { - uint32_t l = CDF_TOLE4(q[o]); + uint32_t l = CDF_GETUINT32(q, o); inp[i].pi_str.s_len = l; - inp[i].pi_str.s_buf = (const char *)(&q[o+1]); - DPRINTF(("l = %d, r = %d, s = %s\n", l, + inp[i].pi_str.s_buf = (const char *) + (const void *)(&q[o4 + sizeof(l)]); + DPRINTF(("l = %d, r = %" SIZE_T_FORMAT + "u, s = %s\n", l, CDF_ROUND(l, sizeof(l)), inp[i].pi_str.s_buf)); - l = 4 + CDF_ROUND(l, sizeof(l)); - o += l >> 2; + if (l & 1) + l++; + o += l >> 1; + if (q + o >= e) + goto out; + o4 = o * sizeof(uint32_t); } i--; break; case CDF_FILETIME: if (inp[i].pi_type & CDF_VECTOR) goto unknown; - (void)memcpy(&tp, &q[o], sizeof(tp)); - inp[i].pi_tp = CDF_TOLE8(tp); + (void)memcpy(&tp, &q[o4], sizeof(tp)); + inp[i].pi_tp = CDF_TOLE8((uint64_t)tp); break; case CDF_CLIPBOARD: if (inp[i].pi_type & CDF_VECTOR) @@ -831,7 +919,7 @@ cdf_read_property_info(const cdf_stream_ unknown: DPRINTF(("Don't know how to deal with %x\n", inp[i].pi_type)); - goto out; + break; } } return 0; @@ -841,16 +929,18 @@ out: } int -cdf_unpack_summary_info(const cdf_stream_t *sst, cdf_summary_info_header_t *ssi, - cdf_property_info_t **info, size_t *count) +cdf_unpack_summary_info(const cdf_stream_t *sst, const cdf_header_t *h, + cdf_summary_info_header_t *ssi, cdf_property_info_t **info, size_t *count) { size_t i, maxcount; - const cdf_summary_info_header_t *si = sst->sst_tab; - const cdf_section_declaration_t *sd = (const void *) - ((const char *)sst->sst_tab + CDF_SECTION_DECLARATION_OFFSET); + const cdf_summary_info_header_t *si = + CAST(const cdf_summary_info_header_t *, sst->sst_tab); + const cdf_section_declaration_t *sd = + CAST(const cdf_section_declaration_t *, (const void *) + ((const char *)sst->sst_tab + CDF_SECTION_DECLARATION_OFFSET)); - if (cdf_check_stream_offset(sst, si, sizeof(*si)) == -1 || - cdf_check_stream_offset(sst, sd, sizeof(*sd)) == -1) + if (cdf_check_stream_offset(sst, h, si, sizeof(*si), __LINE__) == -1 || + cdf_check_stream_offset(sst, h, sd, sizeof(*sd), __LINE__) == -1) return -1; ssi->si_byte_order = CDF_TOLE2(si->si_byte_order); ssi->si_os_version = CDF_TOLE2(si->si_os_version); @@ -867,9 +957,10 @@ cdf_unpack_summary_info(const cdf_stream errno = EFTYPE; return -1; } - if (cdf_read_property_info(sst, CDF_TOLE4(sd->sd_offset), - info, count, &maxcount) == -1) + if (cdf_read_property_info(sst, h, CDF_TOLE4(sd->sd_offset), + info, count, &maxcount) == -1) { return -1; + } } return 0; } @@ -926,32 +1017,32 @@ cdf_print_property_name(char *buf, size_ int cdf_print_elapsed_time(char *buf, size_t bufsiz, cdf_timestamp_t ts) { - size_t len = 0; + int len = 0; int days, hours, mins, secs; ts /= CDF_TIME_PREC; - secs = ts % 60; + secs = (int)(ts % 60); ts /= 60; - mins = ts % 60; + mins = (int)(ts % 60); ts /= 60; - hours = ts % 24; + hours = (int)(ts % 24); ts /= 24; - days = ts; + days = (int)ts; if (days) { len += snprintf(buf + len, bufsiz - len, "%dd+", days); - if (len >= bufsiz) + if ((size_t)len >= bufsiz) return len; } if (days || hours) { len += snprintf(buf + len, bufsiz - len, "%.2d:", hours); - if (len >= bufsiz) + if ((size_t)len >= bufsiz) return len; } len += snprintf(buf + len, bufsiz - len, "%.2d:", mins); - if (len >= bufsiz) + if ((size_t)len >= bufsiz) return len; len += snprintf(buf + len, bufsiz - len, "%.2d", secs); @@ -994,13 +1085,14 @@ cdf_dump_sat(const char *prefix, const c size_t i, j, s = size / sizeof(cdf_secid_t); for (i = 0; i < sat->sat_len; i++) { - (void)fprintf(stderr, "%s[%zu]:\n%.6d: ", prefix, i, i * s); + (void)fprintf(stderr, "%s[%" SIZE_T_FORMAT "u]:\n%.6" + SIZE_T_FORMAT "u: ", prefix, i, i * s); for (j = 0; j < s; j++) { (void)fprintf(stderr, "%5d, ", CDF_TOLE4(sat->sat_tab[s * i + j])); if ((j + 1) % 10 == 0) - (void)fprintf(stderr, "\n%.6d: ", - i * s + j + 1); + (void)fprintf(stderr, "\n%.6" SIZE_T_FORMAT + "u: ", i * s + j + 1); } (void)fprintf(stderr, "\n"); } @@ -1019,7 +1111,8 @@ cdf_dump(void *v, size_t len) if (j == 16) { j = 0; abuf[15] = '\0'; - (void)fprintf(stderr, "%s\n%.4x: ", abuf, i + 1); + (void)fprintf(stderr, "%s\n%.4" SIZE_T_FORMAT "x: ", + abuf, i + 1); } } (void)fprintf(stderr, "\n"); @@ -1051,7 +1144,8 @@ cdf_dump_dir(const cdf_info_t *info, con d = &dir->dir_tab[i]; for (j = 0; j < sizeof(name); j++) name[j] = (char)CDF_TOLE2(d->d_name[j]); - (void)fprintf(stderr, "Directory %zu: %s\n", i, name); + (void)fprintf(stderr, "Directory %" SIZE_T_FORMAT "u: %s\n", + i, name); if (d->d_type < __arraycount(types)) (void)fprintf(stderr, "Type: %s\n", types[d->d_type]); else @@ -1062,9 +1156,9 @@ cdf_dump_dir(const cdf_info_t *info, con (void)fprintf(stderr, "Right child: %d\n", d->d_right_child); (void)fprintf(stderr, "Flags: 0x%x\n", d->d_flags); cdf_timestamp_to_timespec(&ts, d->d_created); - (void)fprintf(stderr, "Created %s", ctime(&ts.tv_sec)); + (void)fprintf(stderr, "Created %s", cdf_ctime(&ts.tv_sec)); cdf_timestamp_to_timespec(&ts, d->d_modified); - (void)fprintf(stderr, "Modified %s", ctime(&ts.tv_sec)); + (void)fprintf(stderr, "Modified %s", cdf_ctime(&ts.tv_sec)); (void)fprintf(stderr, "Stream %d\n", d->d_stream_first_sector); (void)fprintf(stderr, "Size %d\n", d->d_size); switch (d->d_type) { @@ -1086,7 +1180,7 @@ cdf_dump_dir(const cdf_info_t *info, con default: break; } - + } } @@ -1096,12 +1190,14 @@ cdf_dump_property_info(const cdf_propert cdf_timestamp_t tp; struct timespec ts; char buf[64]; - size_t i; + size_t i, j; for (i = 0; i < count; i++) { cdf_print_property_name(buf, sizeof(buf), info[i].pi_id); - (void)fprintf(stderr, "%zu) %s: ", i, buf); + (void)fprintf(stderr, "%" SIZE_T_FORMAT "u) %s: ", i, buf); switch (info[i].pi_type) { + case CDF_NULL: + break; case CDF_SIGNED16: (void)fprintf(stderr, "signed 16 [%hd]\n", info[i].pi_s16); @@ -1114,11 +1210,26 @@ cdf_dump_property_info(const cdf_propert (void)fprintf(stderr, "unsigned 32 [%u]\n", info[i].pi_u32); break; + case CDF_FLOAT: + (void)fprintf(stderr, "float [%g]\n", + info[i].pi_f); + break; + case CDF_DOUBLE: + (void)fprintf(stderr, "double [%g]\n", + info[i].pi_d); + break; case CDF_LENGTH32_STRING: (void)fprintf(stderr, "string %u [%.*s]\n", info[i].pi_str.s_len, info[i].pi_str.s_len, info[i].pi_str.s_buf); break; + case CDF_LENGTH32_WSTRING: + (void)fprintf(stderr, "string %u [", + info[i].pi_str.s_len); + for (j = 0; j < info[i].pi_str.s_len - 1; j++) + (void)fputc(info[i].pi_str.s_buf[j << 1], stderr); + (void)fprintf(stderr, "]\n"); + break; case CDF_FILETIME: tp = info[i].pi_tp; if (tp < 1000000000000000LL) { @@ -1127,7 +1238,7 @@ cdf_dump_property_info(const cdf_propert } else { cdf_timestamp_to_timespec(&ts, tp); (void)fprintf(stderr, "timestamp %s", - ctime(&ts.tv_sec)); + cdf_ctime(&ts.tv_sec)); } break; case CDF_CLIPBOARD: @@ -1151,7 +1262,7 @@ cdf_dump_summary_info(const cdf_header_t size_t count; (void)&h; - if (cdf_unpack_summary_info(sst, &ssi, &info, &count) == -1) + if (cdf_unpack_summary_info(sst, h, &ssi, &info, &count) == -1) return; (void)fprintf(stderr, "Endian: %x\n", ssi.si_byte_order); (void)fprintf(stderr, "Os Version %d.%d\n", ssi.si_os_version & 0xff, @@ -1203,7 +1314,7 @@ main(int argc, char *argv[]) if (cdf_read_ssat(&info, &h, &sat, &ssat) == -1) err(1, "Cannot read ssat"); #ifdef CDF_DEBUG - cdf_dump_sat("SSAT", &h, &ssat, CDF_SHORT_SEC_SIZE(&h)); + cdf_dump_sat("SSAT", &ssat, CDF_SHORT_SEC_SIZE(&h)); #endif if (cdf_read_dir(&info, &h, &sat, &dir) == -1) Modified: releng/8.4/contrib/file/cdf.h ============================================================================== --- releng/8.4/contrib/file/cdf.h Tue Jun 24 19:05:36 2014 (r267831) +++ releng/8.4/contrib/file/cdf.h Tue Jun 24 19:05:47 2014 (r267832) @@ -24,20 +24,35 @@ * POSSIBILITY OF SUCH DAMAGE. */ /* - * Info from: http://sc.openoffice.org/compdocfileformat.pdf + * Parse Composite Document Files, the format used in Microsoft Office + * document files before they switched to zipped XML. + * Info from: http://sc.openoffice.org/compdocfileformat.pdf + * + * N.B. This is the "Composite Document File" format, and not the + * "Compound Document Format", nor the "Channel Definition Format". */ #ifndef _H_CDF_ #define _H_CDF_ +#ifdef WIN32 +#include +#define timespec timeval +#define tv_nsec tv_usec +#endif +#ifdef __DJGPP__ +#define timespec timeval +#define tv_nsec tv_usec +#endif + typedef int32_t cdf_secid_t; #define CDF_LOOP_LIMIT 10000 #define CDF_SECID_NULL 0 #define CDF_SECID_FREE -1 -#define CDF_SECID_END_OF_CHAIN -2 -#define CDF_SECID_SECTOR_ALLOCATION_TABLE -3 +#define CDF_SECID_END_OF_CHAIN -2 +#define CDF_SECID_SECTOR_ALLOCATION_TABLE -3 #define CDF_SECID_MASTER_SECTOR_ALLOCATION_TABLE -4 typedef struct { @@ -61,15 +76,15 @@ typedef struct { cdf_secid_t h_master_sat[436/4]; } cdf_header_t; -#define CDF_SEC_SIZE(h) (1 << (h)->h_sec_size_p2) +#define CDF_SEC_SIZE(h) ((size_t)(1 << (h)->h_sec_size_p2)) #define CDF_SEC_POS(h, secid) (CDF_SEC_SIZE(h) + (secid) * CDF_SEC_SIZE(h)) -#define CDF_SHORT_SEC_SIZE(h) (1 << (h)->h_short_sec_size_p2) +#define CDF_SHORT_SEC_SIZE(h) ((size_t)(1 << (h)->h_short_sec_size_p2)) #define CDF_SHORT_SEC_POS(h, secid) ((secid) * CDF_SHORT_SEC_SIZE(h)) -typedef int32_t cdf_dirid_t; +typedef int32_t cdf_dirid_t; #define CDF_DIRID_NULL -1 -typedef int64_t cdf_timestamp_t; +typedef int64_t cdf_timestamp_t; #define CDF_BASE_YEAR 1601 #define CDF_TIME_PREC 10000000 @@ -78,11 +93,11 @@ typedef struct { uint16_t d_namelen; uint8_t d_type; #define CDF_DIR_TYPE_EMPTY 0 -#define CDF_DIR_TYPE_USER_STORAGE 1 -#define CDF_DIR_TYPE_USER_STREAM 2 -#define CDF_DIR_TYPE_LOCKBYTES 3 -#define CDF_DIR_TYPE_PROPERTY 4 -#define CDF_DIR_TYPE_ROOT_STORAGE 5 +#define CDF_DIR_TYPE_USER_STORAGE 1 +#define CDF_DIR_TYPE_USER_STREAM 2 +#define CDF_DIR_TYPE_LOCKBYTES 3 +#define CDF_DIR_TYPE_PROPERTY 4 +#define CDF_DIR_TYPE_ROOT_STORAGE 5 uint8_t d_color; #define CDF_DIR_COLOR_READ 0 #define CDF_DIR_COLOR_BLACK 1 @@ -91,8 +106,8 @@ typedef struct { cdf_dirid_t d_storage; uint64_t d_storage_uuid[2]; uint32_t d_flags; - cdf_timestamp_t d_created; - cdf_timestamp_t d_modified; + cdf_timestamp_t d_created; + cdf_timestamp_t d_modified; cdf_secid_t d_stream_first_sector; uint32_t d_size; uint32_t d_unused0; @@ -154,7 +169,9 @@ typedef struct { int32_t _pi_s32; uint64_t _pi_u64; int64_t _pi_s64; - cdf_timestamp_t _pi_tp; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-releng@FreeBSD.ORG Tue Jun 24 20:35:20 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E260867F; Tue, 24 Jun 2014 20:35:20 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CF77F2AC6; Tue, 24 Jun 2014 20:35:20 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5OKZKZF033507; Tue, 24 Jun 2014 20:35:20 GMT (envelope-from jhb@svn.freebsd.org) Received: (from jhb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5OKZKbD033506; Tue, 24 Jun 2014 20:35:20 GMT (envelope-from jhb@svn.freebsd.org) Message-Id: <201406242035.s5OKZKbD033506@svn.freebsd.org> From: John Baldwin Date: Tue, 24 Jun 2014 20:35:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267841 - releng/9.3/sys/dev/acpica X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jun 2014 20:35:21 -0000 Author: jhb Date: Tue Jun 24 20:35:20 2014 New Revision: 267841 URL: http://svnweb.freebsd.org/changeset/base/267841 Log: MFC 253392: Workaround some broken BIOSes that specify edge-sensitive but active-low settings for ACPI-enumerated serial ports by forcing any IRQs that use an ISA IRQ value with these settings to active-high instead of active-low. This is known to occur with the BIOS on an Intel D2500CCE motherboard. Approved by: re (gjb) Modified: releng/9.3/sys/dev/acpica/acpi_resource.c Directory Properties: releng/9.3/ (props changed) releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/dev/acpica/acpi_resource.c ============================================================================== --- releng/9.3/sys/dev/acpica/acpi_resource.c Tue Jun 24 20:23:18 2014 (r267840) +++ releng/9.3/sys/dev/acpica/acpi_resource.c Tue Jun 24 20:35:20 2014 (r267841) @@ -135,6 +135,17 @@ acpi_config_intr(device_t dev, ACPI_RESO default: panic("%s: bad resource type %u", __func__, res->Type); } + +#if defined(__amd64__) || defined(__i386__) + /* + * XXX: Certain BIOSes have buggy AML that specify an IRQ that is + * edge-sensitive and active-lo. However, edge-sensitive IRQs + * should be active-hi. Force IRQs with an ISA IRQ value to be + * active-hi instead. + */ + if (irq < 16 && trig == ACPI_EDGE_SENSITIVE && pol == ACPI_ACTIVE_LOW) + pol = ACPI_ACTIVE_HIGH; +#endif BUS_CONFIG_INTR(dev, irq, (trig == ACPI_EDGE_SENSITIVE) ? INTR_TRIGGER_EDGE : INTR_TRIGGER_LEVEL, (pol == ACPI_ACTIVE_HIGH) ? INTR_POLARITY_HIGH : INTR_POLARITY_LOW); From owner-svn-src-releng@FreeBSD.ORG Wed Jun 25 00:33:31 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6534360D; Wed, 25 Jun 2014 00:33:31 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 526072137; Wed, 25 Jun 2014 00:33:31 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5P0XVhE049827; Wed, 25 Jun 2014 00:33:31 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5P0XVXh049826; Wed, 25 Jun 2014 00:33:31 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406250033.s5P0XVXh049826@svn.freebsd.org> From: Glen Barber Date: Wed, 25 Jun 2014 00:33:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267848 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2014 00:33:31 -0000 Author: gjb Date: Wed Jun 25 00:33:30 2014 New Revision: 267848 URL: http://svnweb.freebsd.org/changeset/base/267848 Log: Document FreeBSD-SA-14:16.file. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Wed Jun 25 00:19:58 2014 (r267847) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Wed Jun 25 00:33:30 2014 (r267848) @@ -182,6 +182,12 @@ 5 June 2014 Multiple vulnerabilities + + + SA-14:16.file + 24 June 2014 + Multiple vulnerabilities + From owner-svn-src-releng@FreeBSD.ORG Wed Jun 25 10:27:17 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9911388A; Wed, 25 Jun 2014 10:27:17 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 85F9A25A9; Wed, 25 Jun 2014 10:27:17 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5PARHWo035517; Wed, 25 Jun 2014 10:27:17 GMT (envelope-from marius@svn.freebsd.org) Received: (from marius@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5PARHxP035516; Wed, 25 Jun 2014 10:27:17 GMT (envelope-from marius@svn.freebsd.org) Message-Id: <201406251027.s5PARHxP035516@svn.freebsd.org> From: Marius Strobl Date: Wed, 25 Jun 2014 10:27:17 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267862 - releng/9.3/sys/geom/eli X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2014 10:27:17 -0000 Author: marius Date: Wed Jun 25 10:27:17 2014 New Revision: 267862 URL: http://svnweb.freebsd.org/changeset/base/267862 Log: MFC: r267145 Fix the keyfile being cleared prematurely after r259428 (MFCed to stable/9 in r266750). PR: 185084 Submitted by: fk@fabiankeil.de Reviewed by: pjd Approved by: re (glebius) Modified: releng/9.3/sys/geom/eli/g_eli.c Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/geom/eli/g_eli.c ============================================================================== --- releng/9.3/sys/geom/eli/g_eli.c Wed Jun 25 10:17:10 2014 (r267861) +++ releng/9.3/sys/geom/eli/g_eli.c Wed Jun 25 10:27:17 2014 (r267862) @@ -984,7 +984,6 @@ g_eli_keyfiles_load(struct hmac_ctx *ctx G_ELI_DEBUG(1, "Loaded keyfile %s for %s (type: %s).", file, provider, name); g_eli_crypto_hmac_update(ctx, data, size); - bzero(data, size); } } @@ -1133,6 +1132,7 @@ g_eli_taste(struct g_class *mp, struct g g_eli_keyfiles_clear(pp->name); return (NULL); } + g_eli_keyfiles_clear(pp->name); G_ELI_DEBUG(1, "Using Master Key %u for %s.", nkey, pp->name); break; } From owner-svn-src-releng@FreeBSD.ORG Wed Jun 25 19:22:41 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3ECD127D; Wed, 25 Jun 2014 19:22:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2C2F62BD3; Wed, 25 Jun 2014 19:22:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5PJMflZ091662; Wed, 25 Jun 2014 19:22:41 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5PJMf58091661; Wed, 25 Jun 2014 19:22:41 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406251922.s5PJMf58091661@svn.freebsd.org> From: Glen Barber Date: Wed, 25 Jun 2014 19:22:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267881 - releng/9.3/usr.bin/grep X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jun 2014 19:22:41 -0000 Author: gjb Date: Wed Jun 25 19:22:40 2014 New Revision: 267881 URL: http://svnweb.freebsd.org/changeset/base/267881 Log: MFS9 r267879: Fix a bug in bsdgrep(1) where patterns are not correctly detected. Certain criteria must be met for this bug to show up: * the -w flag is specified, and * neither -o or --color are specified, and * the pattern is part of another word in the line, and * the other word that contains the pattern occurs first PR: 181973 Approved by: re (marius) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/usr.bin/grep/util.c Directory Properties: releng/9.3/usr.bin/grep/ (props changed) Modified: releng/9.3/usr.bin/grep/util.c ============================================================================== --- releng/9.3/usr.bin/grep/util.c Wed Jun 25 19:08:40 2014 (r267880) +++ releng/9.3/usr.bin/grep/util.c Wed Jun 25 19:22:40 2014 (r267881) @@ -336,7 +336,7 @@ procline(struct str *l, int nottext) } /* One pass if we are not recording matches */ - if ((color == NULL && !oflag) || qflag || lflag) + if (!wflag && ((color == NULL && !oflag) || qflag || lflag)) break; if (st == (size_t)pmatch.rm_so) From owner-svn-src-releng@FreeBSD.ORG Thu Jun 26 03:27:14 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 692AFED3; Thu, 26 Jun 2014 03:27:14 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 545D625DA; Thu, 26 Jun 2014 03:27:14 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5Q3RD0g016066; Thu, 26 Jun 2014 03:27:13 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5Q3RCvj016058; Thu, 26 Jun 2014 03:27:12 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406260327.s5Q3RCvj016058@svn.freebsd.org> From: Glen Barber Date: Thu, 26 Jun 2014 03:27:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267892 - in releng/9.3/usr.sbin/bsdconfig: include share share/media share/packages X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2014 03:27:14 -0000 Author: gjb Date: Thu Jun 26 03:27:12 2014 New Revision: 267892 URL: http://svnweb.freebsd.org/changeset/base/267892 Log: MFS9 r267683 (dteske): - Replace pkg-tools with pkgng - Fix cosmetic typos - Use `pkg -vv' to obtain ABI - Unbreak the installer - Remove the env(1) but keep the var - Remove an unused variable - Improve debugging with f_eval_catch() - Fix package installation from physical media such as DVD - Fix PKG_ABI detection after pkg-1.2 - Fix failed attempt to send pkg(8) stderr to /dev/null - Export 'REPOS_DIR' when selected source medium is cdrom Approved by: re (glebius) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/usr.sbin/bsdconfig/include/messages.subr releng/9.3/usr.sbin/bsdconfig/share/common.subr releng/9.3/usr.sbin/bsdconfig/share/media/http.subr releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr releng/9.3/usr.sbin/bsdconfig/share/packages/packages.subr releng/9.3/usr.sbin/bsdconfig/share/variable.subr Directory Properties: releng/9.3/usr.sbin/bsdconfig/ (props changed) Modified: releng/9.3/usr.sbin/bsdconfig/include/messages.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/include/messages.subr Thu Jun 26 02:49:51 2014 (r267891) +++ releng/9.3/usr.sbin/bsdconfig/include/messages.subr Thu Jun 26 03:27:12 2014 (r267892) @@ -49,7 +49,7 @@ msg_assume_yes_to_all_non_critical_dialo msg_astro_desc="Applications related to astronomy." msg_attempt_automatic_dhcp_configuration="Attempt automatic DHCP configuration of interfaces" msg_attempt_ipv6_configuration_of_interfaces="Attempt IPv6 configuration of interfaces" -msg_attempting_to_fetch_file_from_selected_media="Attempting to fetch %s file from selected media." +msg_attempting_to_update_repository_catalogue="Attempting to update repository catalogue from selected media." msg_audio_desc="Audio utilities - most require a supported sound card." msg_australia="Australia" msg_austria="Austria" @@ -138,9 +138,12 @@ msg_ftp_desc="FTP client and server util msg_ftp_passive="FTP Passive" msg_ftp_username="FTP username" msg_games_desc="Various games and sundry amusements." +msg_generating_index_from_pkg_database="Generating INDEX from pkg(8) database\n(this can take a while)..." msg_geography_desc="Geography-related software." msg_german_desc="Ported software for Germanic countries." msg_germany="Germany" +msg_getting_package_categories_via_pkg_rquery="Getting package categories via pkg-rquery(8)..." +msg_getting_package_dependencies_via_pkg_rquery="Getting package dependencies via pkg-rquery(8)\n(this can take a while)..." msg_gnome_desc="Components of the Gnome Desktop environment." msg_gnustep_desc="Software for GNUstep desktop environment." msg_graphics_desc="Graphics libraries and utilities." @@ -176,7 +179,7 @@ msg_invalid_name_server_ip_address_speci msg_invalid_netmask_value="Invalid netmask value" msg_invalid_nfs_path_specification="Invalid NFS path specification. Must be of the form:\nhost:/full/pathname/to/FreeBSD/distdir" msg_io_error_while_reading_in_the_package="I/O error while reading in the %s package." -msg_io_or_format_error_on_index_file="I/O or format error on %s file.\nPlease verify media (or path to media) and try again." +msg_io_or_format_error_on_index_file="I/O or format error on INDEX file.\nPlease verify media (or path to media) and try again." msg_ipv4_address="IPv4 Address" msg_ipv4_gateway="IPv4 Gateway" msg_ipv6="IPv6" @@ -246,6 +249,7 @@ msg_no_gateway_has_been_set="No gateway msg_no_network_devices="No network devices available!" msg_no_package_name_passed_in_package_variable="No package name passed in package variable" msg_no_packages_were_selected_for_extraction="No packages were selected for extraction." +msg_no_pkg_database_found="No pkg(8) database found!" msg_no_such_file_or_directory="%s: %s: No such file or directory" msg_no_usb_devices_found="No USB devices found (try Options/Re-scan Devices)" msg_no_username="No username provided!" @@ -257,10 +261,8 @@ msg_ok="OK" msg_options="Options" msg_options_editor="Options Editor" msg_other="other" -msg_pkg_delete_failed="Warning: pkg_delete of %s failed.\n Run with debugging for details." msg_package_is_needed_by_other_installed_packages="Warning: Package %s is needed by\n %d other installed package%s." msg_package_not_installed_cannot_delete="Warning: package %s not installed\n No package can be deleted." -msg_package_read_successfully_waiting_for_pkg_add="Package %s read successfully - waiting for pkg_add(1)" msg_package_temp="Package Temp" msg_package_was_added_successfully="Package %s was added successfully" msg_packages="packages" @@ -270,7 +272,8 @@ msg_parallel_desc="Applications dealing msg_pear_desc="Software related to the Pear PHP framework." msg_perl5_desc="Utilities/modules for the PERL5 language." msg_permission_denied="%s: %s: Permission denied" -msg_pkg_add_apparently_did_not_like_the_package="pkg_add(1) apparently did not like the %s package." +msg_pkg_delete_failed="Warning: pkg-delete(8) of %s failed.\n Run with debugging for details." +msg_pkg_install_apparently_did_not_like_the_package="pkg-install(8) apparently did not like the %s package." msg_plan9_desc="Software from the Plan9 operating system." msg_please_check_the_url_and_try_again="No such directory: %s\nplease check the URL and try again.\n" msg_please_enter_password="Please enter your password for sudo(8):" @@ -373,9 +376,12 @@ msg_unable_to_get_proper_ftp_path="Unabl msg_unable_to_initialize_media_type_for_package_extract="Unable to initialize media type for package extract." msg_unable_to_make_directory_mountpoint="Unable to make %s directory mountpoint for %s!" msg_unable_to_open="Unable to open %s" +msg_unable_to_pkg_rquery_package_categories="Unable to pkg-rquery(8) package categories!" +msg_unable_to_pkg_rquery_package_dependencies="Unable to pkg-rquery(8) package dependencies!" +msg_unable_to_update_pkg_from_selected_media="Unable to update pkg(8) from selected media." msg_uninstall="Uninstall" msg_uninstall_desc="Mark this package for deletion" -msg_uninstalling_package_waiting_for_pkg_delete="Uninstalling %s package - waiting for pkg_delete(1)" +msg_uninstalling_package_waiting_for_pkg_delete="Uninstalling %s package - waiting for pkg-delete(8)" msg_unknown="unknown" msg_unknown_user="Unknown user: %s" msg_url_was_not_found="%s was not found, maybe directory or release-version are wrong?" Modified: releng/9.3/usr.sbin/bsdconfig/share/common.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/share/common.subr Thu Jun 26 02:49:51 2014 (r267891) +++ releng/9.3/usr.sbin/bsdconfig/share/common.subr Thu Jun 26 03:27:12 2014 (r267892) @@ -60,7 +60,14 @@ FAILURE=1 # export UNAME_S="$( uname -s )" # Operating System (i.e. FreeBSD) export UNAME_P="$( uname -p )" # Processor Architecture (i.e. i386) +export UNAME_M="$( uname -m )" # Machine platform (i.e. i386) export UNAME_R="$( uname -r )" # Release Level (i.e. X.Y-RELEASE) +if [ ! "${PKG_ABI+set}" ]; then + export PKG_ABI="$( + ASSUME_ALWAYS_YES=1 pkg -vv 2> /dev/null | + awk '$1=="ABI"{print $3;exit}' + )" +fi # # Default behavior is to call f_debug_init() automatically when loaded. Modified: releng/9.3/usr.sbin/bsdconfig/share/media/http.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/share/media/http.subr Thu Jun 26 02:49:51 2014 (r267891) +++ releng/9.3/usr.sbin/bsdconfig/share/media/http.subr Thu Jun 26 03:27:12 2014 (r267892) @@ -77,7 +77,8 @@ f_dialog_menu_media_http() f_dialog_title_restore local prompt="$msg_please_select_the_site_closest_to_you_or_other" local menu_list=" - '$msg_main_site' 'ftp.freebsd.org' + 'dist $msg_main_site' 'ftp.freebsd.org' + 'pkg $msg_main_site' 'pkg.freebsd.org' 'URL' '$msg_specify_some_other_http_site' " # END-QUOTE local hline="$msg_select_a_site_thats_close" @@ -322,7 +323,7 @@ f_media_set_http() device_http set type $DEVICE_TYPE_HTTP device_http set init f_media_init_http device_http set get f_media_get_http - device_http set shutdown : + device_http set shutdown f_media_shutdown_http device_http set private device_network f_struct_copy device_http device_media f_struct_free device_http @@ -453,6 +454,11 @@ f_media_init_http() local dev="$1" f_dprintf "Init routine called for HTTP device. dev=[%s]" "$dev" + if [ "$HTTP_INITIALIZED" ]; then + f_dprintf "HTTP device already initialized." + return $SUCCESS + fi + # # First verify access # @@ -494,22 +500,31 @@ f_media_init_http() # local fdir hp f_getvar $VAR_HTTP_PATH%/ hp - for fdir in $HTTP_DIRS; do - setvar $VAR_HTTP_PATH "$hp/$fdir/$rel" - if f_http_check_access; then - http_found=$SUCCESS - break - fi - done + setvar $VAR_HTTP_PATH "$hp/$PKG_ABI/latest" + if [ "$PKG_ABI" ] && f_http_check_access; then + http_found=$SUCCESS + setvar $VAR_HTTP_PATH "$hp" + else + for fdir in $HTTP_DIRS; do + setvar $VAR_HTTP_PATH "$hp/$fdir/$rel" + if f_http_check_access; then + http_found=$SUCCESS + break + fi + done + fi esac - [ $http_found -eq $SUCCESS ] && break + if [ $http_found -eq $SUCCESS ]; then + HTTP_INITIALIZED=YES + break + fi f_getvar $VAR_HTTP_PATH http_path f_show_msg "$msg_please_check_the_url_and_try_again" \ "$http_path" - unset $VAR_HTTP_PATH + unset HTTP_INITIALIZED $VAR_HTTP_PATH f_media_set_http || break done @@ -561,6 +576,11 @@ f_media_get_http() f_getvar $VAR_HTTP_HOST http_host f_getvar $VAR_HTTP_PORT http_port + if [ ! "$HTTP_INITIALIZED" ]; then + f_dprintf "No HTTP connection open, can't get file %s" "$file" + return $FAILURE + fi + if ! { f_validate_ipaddr "$http_host" || f_validate_ipaddr6 "$http_host" || @@ -652,6 +672,18 @@ f_media_get_http() return $FAILURE } +# f_media_shutdown_http $device +# +# Shuts down the HTTP device. Return status should be ignored. Note that since +# we don't maintain an open connection to the HTTP server, nothing to do. +# +f_media_shutdown_http() +{ + [ "$HTTP_INITIALIZED" ] || return $SUCCESS + + unset HTTP_INITIALIZED +} + ############################################################ MAIN f_dprintf "%s: Successfully loaded." media/http.subr Modified: releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr Thu Jun 26 02:49:51 2014 (r267891) +++ releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr Thu Jun 26 03:27:12 2014 (r267892) @@ -43,24 +43,53 @@ f_include_lang $BSDCFG_LIBE/include/mess PACKAGE_INDEX= _INDEX_INITTED= +# +# Default path to pkg(8) repo-packagesite.sqlite database +# +SQLITE_REPO="/var/db/pkg/repo-packagesite.sqlite" + +# +# Default path to on-disk cache INDEX file +# +PACKAGES_INDEX_CACHEFILE="/var/run/bsdconfig/packages_INDEX.cache" + +# +# INDEX format for FreeBSD-6.0 or higher: +# +# package|port-origin|install-prefix|comment|port-desc-file|maintainer| +# categories|build-deps|run-deps|www-site|reserve|reserve|reserve|disc +# +INDEX_FORMAT="%n-%v" # package +INDEX_FORMAT="$INDEX_FORMAT|/usr/ports/%o" # port-origin +INDEX_FORMAT="$INDEX_FORMAT|%p" # install-prefix +INDEX_FORMAT="$INDEX_FORMAT|%c" # comment +INDEX_FORMAT="$INDEX_FORMAT|/usr/ports/%o/pkg-descr" # port-desc-file +INDEX_FORMAT="$INDEX_FORMAT|%m" # maintainer +INDEX_FORMAT="$INDEX_FORMAT|@CATEGORIES@" # place-holder +INDEX_FORMAT="$INDEX_FORMAT|" # build-deps +INDEX_FORMAT="$INDEX_FORMAT|@RUNDEPS@" # place-holder +INDEX_FORMAT="$INDEX_FORMAT|%w" # www-site +INDEX_FORMAT="$INDEX_FORMAT|" # reserved +INDEX_FORMAT="$INDEX_FORMAT|" # reserved +INDEX_FORMAT="$INDEX_FORMAT|" # reserved +INDEX_FORMAT="$INDEX_FORMAT|" # disc + ############################################################ FUNCTIONS -# f_index_initialize $path [$var_to_set] +# f_index_initialize [$var_to_set] # -# Read and initialize the global index. $path is to be relative to the chosen -# media (not necessarily the filesystem; e.g. FTP) -- this is usually going to -# be `packages/INDEX'. Returns success unless media cannot be initialized for -# any reason (e.g. user cancels media selection dialog) or an error occurs. The -# index is sorted before being loaded into $var_to_set. +# Read and initialize the global index. Returns success unless media cannot be +# initialized for any reason (e.g. user cancels media selection dialog or an +# error occurs). The index is sorted before being loaded into $var_to_set. # # NOTE: The index is processed with f_index_read() [below] after being loaded. # f_index_initialize() { - local __path="$1" __var_to_set="${2:-PACKAGE_INDEX}" + local __funcname=f_index_initialize + local __var_to_set="${2:-PACKAGE_INDEX}" [ "$_INDEX_INITTED" ] && return $SUCCESS - [ "$__path" ] || return $FAILURE # Got any media? f_media_verify || return $FAILURE @@ -68,20 +97,177 @@ f_index_initialize() # Does it move when you kick it? f_device_init device_media || return $FAILURE - f_show_info "$msg_attempting_to_fetch_file_from_selected_media" \ - "$__path" - eval "$__var_to_set"='$( f_device_get device_media "$__path" )' - if [ $? -ne $SUCCESS ]; then - f_show_msg "$msg_unable_to_get_file_from_selected_media" \ - "$__path" + f_show_info "$msg_attempting_to_update_repository_catalogue" + + # + # Generate $PACKAGESITE variable for pkg(8) based on media type + # + local __type __data __site + device_media get type __type + device_media get private __data + case "$__type" in + $DEVICE_TYPE_DIRECTORY) + __site="file://$__data/packages/$PKG_ABI" ;; + $DEVICE_TYPE_FLOPPY) + __site="file://${__data:-$MOUNTPOINT}/packages/$PKG_ABI" ;; + $DEVICE_TYPE_FTP) + f_getvar $VAR_FTP_PATH __site + __site="$__site/packages/$PKG_ABI" ;; + $DEVICE_TYPE_HTTP) + f_getvar $VAR_HTTP_PATH __site + __site="$__site/$PKG_ABI/latest" ;; + $DEVICE_TYPE_HTTP_PROXY) + f_getvar $VAR_HTTP_PROXY_PATH __site + __site="$__site/packages/$PKG_ABI" ;; + $DEVICE_TYPE_CDROM) + __site="file://$MOUNTPOINT/packages/$PKG_ABI" + export REPOS_DIR="$MOUNTPOINT/packages/repos" ;; + *) # UFS, DISK, CDROM, USB, DOS, NFS, etc. + __site="file://$MOUNTPOINT/packages/$PKG_ABI" + esac + + export PACKAGESITE="$__site" + f_dprintf "PACKAGESITE=[%s]" "$PACKAGESITE" + if ! f_eval_catch $__funcname pkg "pkg update"; then + f_show_err "$msg_unable_to_update_pkg_from_selected_media" + f_device_shutdown device_media + return $FAILURE + fi + + # + # Try to get contents from validated on-disk cache + # + + # + # Calculate digest used to determine if the on-disk persistant cache + # INDEX (containing this digest on the first line) is valid and can be + # used to quickly populate the environment. + # + local __sqlite_digest + if ! __sqlite_digest=$( md5 < "$SQLITE_REPO" 2> /dev/null ); then + f_show_err "$msg_no_pkg_database_found" + f_device_shutdown device_media + return $FAILURE + fi + + # + # Check to see if the persistant cache INDEX file exists + # + if [ -f "$PACKAGES_INDEX_CACHEFILE" ]; then + # + # Attempt to populate the environment with the (soon to be) + # validated on-disk cache. If validation fails, fall-back to + # generating a fresh cache. + # + if eval $__var_to_set='$( + ( # Get digest as the first word on first line + read digest rest_ignored + + # + # If the stored digest matches the calculated- + # one populate the environment from the on-disk + # cache and provide success exit status. + # + if [ "$digest" = "$__sqlite_digest" ]; then + cat + exit $SUCCESS + else + # Otherwise, return the current value + eval echo \"\$__var_to_set\" + exit $FAILURE + fi + ) < "$PACKAGES_INDEX_CACHEFILE" 2> /dev/null + )'; then + f_show_info \ + "$msg_located_index_now_reading_package_data_from_it" + if ! f_index_read "$__var_to_set"; then + f_show_err \ + "$msg_io_or_format_error_on_index_file" + return $FAILURE + fi + _INDEX_INITTED=1 + return $SUCCESS + fi + # Otherwise, fall-thru to create a fresh cache from scratch + fi + + # + # If we reach this point, we need to generate the data from scratch + # + + f_show_info "$msg_getting_package_categories_via_pkg_rquery" + if ! eval "$( pkg rquery "%n-%v %C" | awk ' + { categories[$1] = categories[$1] " " $2 } + END { + for (package in categories) + { + cats = categories[package] + sub(/^ /, "", cats) + gsub(/[^[:alnum:]_]/, "_", package) + printf "local _%s_categories=\"%s\";\n", package, cats + } + }' )"; then + f_show_err "$msg_unable_to_pkg_rquery_package_dependencies" f_device_shutdown device_media return $FAILURE fi + + f_show_info "$msg_getting_package_dependencies_via_pkg_rquery" + if ! eval "$( pkg rquery "%n-%v %dn-%dv" | awk ' + { rundeps[$1] = rundeps[$1] " " $2 } + END { + for (package in rundeps) + { + deps = rundeps[package] + sub(/^ /, "", deps) + gsub(/[^[:alnum:]_]/, "_", package) + printf "local _%s_rundeps=\"%s\";\n", package, deps + } + }' )"; then + f_show_err "$msg_unable_to_pkg_rquery_package_dependencies" + f_device_shutdown device_media + return $FAILURE + fi + + f_show_info "$msg_generating_index_from_pkg_database" + eval "$__var_to_set"='$( pkg rquery "$INDEX_FORMAT" | + while read LINE; do + package="${LINE%%|*}"; + f_str2varname "$package" varpkg; + eval f_replaceall \"\$LINE\" \"\|@CATEGORIES@\|\" \ + \"\|\$_${varpkg}_categories\|\" LINE + eval f_replaceall \"\$LINE\" \"\|@RUNDEPS@\|\" \ + \"\|\$_${varpkg}_rundeps\|\" LINE + echo "$LINE" + done + )' # always returns true (status of last item in pipe-chain) eval "$__var_to_set"='$( debug= f_getvar "$__var_to_set" | sort )' + # + # Attempt to create the persistant on-disk cache + # + + # Create a new temporary file to write to + local __tmpfile + if f_eval_catch -dk __tmpfile $__funcname mktemp \ + 'mktemp -t "%s"' "$pgm" + then + # Write the temporary file contents + echo "$__sqlite_digest" > "$__tmpfile" + debug= f_getvar "$__var_to_set" >> "$__tmpfile" + + # Finally, move the temporary file into place + case "$PACKAGES_INDEX_CACHEFILE" in + */*) f_eval_catch -d $funcname mkdir \ + 'mkdir -p "%s"' "${PACKAGES_INDEX_CACHEFILE%/*}" + esac + f_eval_catch -d $__funcname mv 'mv -f "%s" "%s"' \ + "$__tmpfile" "$PACKAGES_INDEX_CACHEFILE" + fi + f_show_info "$msg_located_index_now_reading_package_data_from_it" if ! f_index_read "$__var_to_set"; then - f_show_msg "$msg_io_or_format_error_on_index_file" "$__path" + f_show_err "$msg_io_or_format_error_on_index_file" return $FAILURE fi Modified: releng/9.3/usr.sbin/bsdconfig/share/packages/packages.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/share/packages/packages.subr Thu Jun 26 02:49:51 2014 (r267891) +++ releng/9.3/usr.sbin/bsdconfig/share/packages/packages.subr Thu Jun 26 03:27:12 2014 (r267892) @@ -53,7 +53,7 @@ f_include_lang $BSDCFG_LIBE/include/mess # # Package extensions to try # -PACKAGE_EXTENSIONS=".tbz .tbz2 .tgz" +PACKAGE_EXTENSIONS=".txz .tbz .tbz2 .tgz" # # Variables used to track runtime states @@ -164,24 +164,13 @@ f_package_deselect() # f_package_detect_installed # -# Detect installed packages. Currently this searches /var/db/pkg for directory +# Detect installed packages. Currently this uses pkg-query(8) for querying # entries and marks each entry as an installed/selected package. # f_package_detect_installed() { - local installed package varpkg - # - # XXX KLUDGE ALERT! This makes evil assumptions about how XXX - # packages register themselves and should *really* be done with - # `pkg_info -e ' except that this is too slow for an - # item check routine.. :-( - # - # NOTE: When transitioning to pkgng, make a single fork to `pkg' to - # produce a list of all installed packages and parse _that_ - # - installed=$( find -s /var/db/pkg -mindepth 1 -maxdepth 1 -type d | - sed -e 's:/var/db/pkg/::' ) - for package in $installed; do + local package varpkg + for package in $( pkg query "%n-%v" ); do f_str2varname $package varpkg export _mark_$varpkg=X # exported for awk(1) ENVIRON[] f_package_select $package @@ -983,23 +972,31 @@ f_package_extract() f_getvar $VAR_PKG_TMPDIR:-/var/tmp tmpdir f_quietly mkdir -p -m 1777 "$tmpdir" - local path + local path device_type + $device get type device_type case "$name" in */*) path="$name" ;; *) - case "$name" in - *-*|*_*) path="packages/All/$name" ;; - *) path="packages/Latest/$name" - esac + if [ "$device_type" = "$DEVICE_TYPE_HTTP" ]; then + path="$PKG_ABI/latest/All/$name" + else + path="packages/$PKG_ABI/All/$name" + fi esac - # We have a path, call the device strategy routine to get the file + # We have a path, call the device strategy routine to check the file local pkg_ext found= for pkg_ext in "" $PACKAGE_EXTENSIONS; do if f_device_get $device "$path$pkg_ext" $PROBE_EXIST; then path="$path$pkg_ext" - f_dprintf "$funcname: found path=[%s] dev=[%s]" \ - "$path" "$device" + found=1 + break + elif [ "$device_type" = "$DEVICE_TYPE_HTTP" ] && + f_device_get $device \ + "packages/$PKG_ABI/All/$name$pkg_ext" $PROBE_EXIST + then + # Mirroring physical media over HTTP + path="packages/$PKG_ABI/All/$name$pkg_ext" found=1 break fi @@ -1027,27 +1024,14 @@ f_package_extract() f_show_info "$msg_adding_package_from_media" "$name" "$devname" fi - # Get package data and pipe into pkg_add(1) while providing feedback - { - if ! f_device_get $device "$path"; then - $alert "$msg_io_error_while_reading_in_the_package" \ - "$name" \ - >&$DIALOG_TERMINAL_PASSTHRU_FD 2> /dev/null - [ "$no_confirm" ] && sleep 2 - else - f_show_info \ - "$msg_package_read_successfully_waiting_for_pkg_add" \ - "$name" >&$DIALOG_TERMINAL_PASSTHRU_FD 2> /dev/null - fi - } | { - if f_debugging; then - /usr/sbin/pkg_add -v - - else - f_quietly /usr/sbin/pkg_add - - fi - } + # Request the package be added via pkg-install(8) + if f_debugging; then + f_eval_catch $funcname pkg 'pkg -d install -y "%s"' "$name" + else + f_eval_catch $funcname pkg 'pkg install -y "%s"' "$name" + fi if [ $? -ne $SUCCESS ]; then - $alert "$msg_pkg_add_apparently_did_not_like_the_package" \ + $alert "$msg_pkg_install_apparently_did_not_like_the_package" \ "$name" [ "$no_confirm" ] && sleep 2 else @@ -1173,9 +1157,9 @@ f_package_delete() # f_show_info "$msg_uninstalling_package_waiting_for_pkg_delete" "$name" if f_debugging; then - pkg_delete -v "$name" + f_eval_catch $funcname pkg 'pkg -d delete -y "%s"' "$name" else - f_quietly pkg_delete "$name" + f_eval_catch $funcname pkg 'pkg delete -y "%s"' "$name" fi if [ $? -ne $SUCCESS ]; then f_show_msg "$msg_pkg_delete_failed" "$name" Modified: releng/9.3/usr.sbin/bsdconfig/share/variable.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/share/variable.subr Thu Jun 26 02:49:51 2014 (r267891) +++ releng/9.3/usr.sbin/bsdconfig/share/variable.subr Thu Jun 26 03:27:12 2014 (r267892) @@ -205,7 +205,7 @@ f_netinteractive() f_getvar $VAR_NETINTERACTIVE value && [ "$value" ] } -# f_zfsinteractive() +# f_zfsinteractive # # Has the user specifically requested the ZFS-portion of configuration and # setup to be performed interactively? Returns success if the user has asked From owner-svn-src-releng@FreeBSD.ORG Thu Jun 26 11:02:54 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0ED3DBD; Thu, 26 Jun 2014 11:02:54 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ED1AA2B50; Thu, 26 Jun 2014 11:02:53 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5QB2rek025368; Thu, 26 Jun 2014 11:02:53 GMT (envelope-from gavin@svn.freebsd.org) Received: (from gavin@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5QB2p3D025350; Thu, 26 Jun 2014 11:02:51 GMT (envelope-from gavin@svn.freebsd.org) Message-Id: <201406261102.s5QB2p3D025350@svn.freebsd.org> From: Gavin Atkinson Date: Thu, 26 Jun 2014 11:02:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267911 - in releng/9.3: . etc etc/mtree gnu/usr.bin gnu/usr.bin/binutils/libbfd gnu/usr.bin/send-pr share/man/man7 share/termcap sys/mips/rmi sys/modules/svr4 usr.bin X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2014 11:02:54 -0000 Author: gavin Date: Thu Jun 26 11:02:51 2014 New Revision: 267911 URL: http://svnweb.freebsd.org/changeset/base/267911 Log: Merge r267738 from stable/9: Remove send-pr and fix up all references to it. Replace it with a stub send-pr directing people towards the web site. Approved by: re (gjb), bugmeister Added: - copied from r267738, stable/9/usr.bin/send-pr/ Directory Properties: releng/9.3/usr.bin/send-pr/ (props changed) Deleted: releng/9.3/gnu/usr.bin/send-pr/ Modified: releng/9.3/MAINTAINERS (contents, props changed) releng/9.3/ObsoleteFiles.inc (contents, props changed) releng/9.3/etc/Makefile releng/9.3/etc/mtree/BSD.root.dist releng/9.3/gnu/usr.bin/Makefile releng/9.3/gnu/usr.bin/binutils/libbfd/Makefile releng/9.3/share/man/man7/hier.7 releng/9.3/share/termcap/termcap.src releng/9.3/sys/mips/rmi/rootfs_list.txt releng/9.3/sys/modules/svr4/README releng/9.3/usr.bin/Makefile Directory Properties: releng/9.3/etc/ (props changed) releng/9.3/gnu/usr.bin/ (props changed) releng/9.3/gnu/usr.bin/binutils/libbfd/ (props changed) releng/9.3/share/man/man7/ (props changed) releng/9.3/share/termcap/ (props changed) releng/9.3/sys/ (props changed) releng/9.3/sys/modules/svr4/ (props changed) releng/9.3/usr.bin/ (props changed) Modified: releng/9.3/MAINTAINERS ============================================================================== --- releng/9.3/MAINTAINERS Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/MAINTAINERS Thu Jun 26 11:02:51 2014 (r267911) @@ -114,7 +114,6 @@ lib/libbluetooth emax Pre-commit review lib/libsdp emax Pre-commit review preferred. usr.bin/bluetooth emax Pre-commit review preferred. usr.sbin/bluetooth emax Pre-commit review preferred. -gnu/usr.bin/send-pr bugmaster Pre-commit review requested. *env(3) secteam Due to the problematic security history of this code, please have patches reviewed by secteam. share/zoneinfo edwin Heads-up appreciated, since our data is coming Modified: releng/9.3/ObsoleteFiles.inc ============================================================================== --- releng/9.3/ObsoleteFiles.inc Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/ObsoleteFiles.inc Thu Jun 26 11:02:51 2014 (r267911) @@ -38,6 +38,10 @@ # xargs -n1 | sort | uniq -d; # done +# 20140614: send-pr removal +OLD_FILES+=usr/share/man/man1/send-pr.1.gz +OLD_FILES+=etc/gnats/freefall +OLD_DIRS+=etc/gnats # 20140512: new clang import which bumps version from 3.4 to 3.4.1. OLD_FILES+=usr/include/clang/3.4/__wmmintrin_aes.h OLD_FILES+=usr/include/clang/3.4/__wmmintrin_pclmul.h Modified: releng/9.3/etc/Makefile ============================================================================== --- releng/9.3/etc/Makefile Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/etc/Makefile Thu Jun 26 11:02:51 2014 (r267911) @@ -230,7 +230,6 @@ distribution: ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install ${_+_}cd ${.CURDIR}/pkg; ${MAKE} install ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install - ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap ${_+_}cd ${.CURDIR}/../usr.sbin/rmt; ${MAKE} etc-rmt ${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install Modified: releng/9.3/etc/mtree/BSD.root.dist ============================================================================== --- releng/9.3/etc/mtree/BSD.root.dist Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/etc/mtree/BSD.root.dist Thu Jun 26 11:02:51 2014 (r267911) @@ -30,8 +30,6 @@ .. devd .. - gnats - .. gss .. mail Modified: releng/9.3/gnu/usr.bin/Makefile ============================================================================== --- releng/9.3/gnu/usr.bin/Makefile Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/gnu/usr.bin/Makefile Thu Jun 26 11:02:51 2014 (r267911) @@ -16,7 +16,6 @@ SUBDIR= ${_binutils} \ patch \ ${_rcs} \ sdiff \ - send-pr \ sort \ ${_texinfo} Modified: releng/9.3/gnu/usr.bin/binutils/libbfd/Makefile ============================================================================== --- releng/9.3/gnu/usr.bin/binutils/libbfd/Makefile Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/gnu/usr.bin/binutils/libbfd/Makefile Thu Jun 26 11:02:51 2014 (r267911) @@ -84,7 +84,7 @@ bfdver.h: Makefile echo '#define BFD_VERSION 217500000' > ${.TARGET} echo '#define BFD_VERSION_DATE 20070703' >> ${.TARGET} echo '#define BFD_VERSION_STRING ${VERSION}' >> ${.TARGET} - echo '#define REPORT_BUGS_TO ""' >> ${.TARGET} + echo '#define REPORT_BUGS_TO ""' >> ${.TARGET} targmatch.h: targmatch.sed config.bfd sed -f ${.ALLSRC:M*.sed} ${.ALLSRC:M*.bfd} > ${.TARGET} Modified: releng/9.3/share/man/man7/hier.7 ============================================================================== --- releng/9.3/share/man/man7/hier.7 Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/share/man/man7/hier.7 Thu Jun 26 11:02:51 2014 (r267911) @@ -97,10 +97,6 @@ see .Xr rc 8 .It Pa bluetooth/ bluetooth configuration files -.It Pa gnats/ -gnats configuration files; -see -.Xr send-pr 1 .It Pa localtime local timezone information; see Modified: releng/9.3/share/termcap/termcap.src ============================================================================== --- releng/9.3/share/termcap/termcap.src Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/share/termcap/termcap.src Thu Jun 26 11:02:51 2014 (r267911) @@ -36,7 +36,7 @@ # John Kunze, Berkeley # Craig Leres, Berkeley # -# Please submit changes with send-pr(1). +# Please submit changes via https://bugs.freebsd.org/submit/ # # << EOH - after reordering, above header lines survive and this line dies >> # Modified: releng/9.3/sys/mips/rmi/rootfs_list.txt ============================================================================== --- releng/9.3/sys/mips/rmi/rootfs_list.txt Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/sys/mips/rmi/rootfs_list.txt Thu Jun 26 11:02:51 2014 (r267911) @@ -64,8 +64,6 @@ ./etc/defaults/rc.conf ./etc/devd ./etc/devd/asus.conf -./etc/gnats -./etc/gnats/freefall ./etc/gss ./etc/gss/mech ./etc/gss/qop Modified: releng/9.3/sys/modules/svr4/README ============================================================================== --- releng/9.3/sys/modules/svr4/README Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/sys/modules/svr4/README Thu Jun 26 11:02:51 2014 (r267911) @@ -30,7 +30,7 @@ To use it: It's early days yet, folks -- You'll probably have trouble getting 100% functionality out of most things (specifically, poll() on a socket doesn't look like it works at the moment, so Netscape doesn't work (among other -things)). Patches will be appreciated (use send-pr). +things)). Patches will be appreciated. - Mark Newton newton@atdot.dotat.org Modified: releng/9.3/usr.bin/Makefile ============================================================================== --- releng/9.3/usr.bin/Makefile Thu Jun 26 10:48:01 2014 (r267910) +++ releng/9.3/usr.bin/Makefile Thu Jun 26 11:02:51 2014 (r267911) @@ -139,6 +139,7 @@ SUBDIR= alias \ rwall \ script \ sed \ + send-pr \ seq \ shar \ showmount \ From owner-svn-src-releng@FreeBSD.ORG Thu Jun 26 17:58:30 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4B5BC9BB; Thu, 26 Jun 2014 17:58:30 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 35DF326FD; Thu, 26 Jun 2014 17:58:30 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5QHwU0s022741; Thu, 26 Jun 2014 17:58:30 GMT (envelope-from np@svn.freebsd.org) Received: (from np@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5QHwThl022739; Thu, 26 Jun 2014 17:58:29 GMT (envelope-from np@svn.freebsd.org) Message-Id: <201406261758.s5QHwThl022739@svn.freebsd.org> From: Navdeep Parhar Date: Thu, 26 Jun 2014 17:58:29 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267926 - in releng/9.3/sys: conf dev/cxgbe dev/cxgbe/firmware modules/cxgbe/t4_firmware modules/cxgbe/t5_firmware X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jun 2014 17:58:30 -0000 Author: np Date: Thu Jun 26 17:58:29 2014 New Revision: 267926 URL: http://svnweb.freebsd.org/changeset/base/267926 Log: Merge r267757, which was MFC'd to stable/9 as r267882: cxgbe(4): Update the bundled T4 and T5 firmwares to versions 1.11.27.0. Approved by: re (glebius) Obtained from: Chelsio Added: releng/9.3/sys/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu - copied unchanged from r267882, stable/9/sys/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu releng/9.3/sys/dev/cxgbe/firmware/t5fw-1.11.27.0.bin.uu - copied unchanged from r267882, stable/9/sys/dev/cxgbe/firmware/t5fw-1.11.27.0.bin.uu Deleted: releng/9.3/sys/dev/cxgbe/firmware/t4fw-1.9.12.0.bin.uu releng/9.3/sys/dev/cxgbe/firmware/t5fw-1.9.12.0.bin.uu Modified: releng/9.3/sys/conf/files releng/9.3/sys/dev/cxgbe/firmware/t4fw_cfg_uwire.txt releng/9.3/sys/dev/cxgbe/firmware/t4fw_interface.h releng/9.3/sys/dev/cxgbe/firmware/t5fw_cfg_uwire.txt releng/9.3/sys/dev/cxgbe/t4_sge.c releng/9.3/sys/modules/cxgbe/t4_firmware/Makefile releng/9.3/sys/modules/cxgbe/t5_firmware/Makefile Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/conf/files ============================================================================== --- releng/9.3/sys/conf/files Thu Jun 26 17:34:42 2014 (r267925) +++ releng/9.3/sys/conf/files Thu Jun 26 17:58:29 2014 (r267926) @@ -962,7 +962,7 @@ t4fw.fwo optional cxgbe \ no-implicit-rule \ clean "t4fw.fwo" t4fw.fw optional cxgbe \ - dependency "$S/dev/cxgbe/firmware/t4fw-1.9.12.0.bin.uu" \ + dependency "$S/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu" \ compile-with "${NORMAL_FW}" \ no-obj no-implicit-rule \ clean "t4fw.fw" @@ -986,7 +986,7 @@ t5fw.fwo optional cxgbe \ no-implicit-rule \ clean "t5fw.fwo" t5fw.fw optional cxgbe \ - dependency "$S/dev/cxgbe/firmware/t5fw-1.9.12.0.bin.uu" \ + dependency "$S/dev/cxgbe/firmware/t5fw-1.11.27.0.bin.uu" \ compile-with "${NORMAL_FW}" \ no-obj no-implicit-rule \ clean "t5fw.fw" Copied: releng/9.3/sys/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu (from r267882, stable/9/sys/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ releng/9.3/sys/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu Thu Jun 26 17:58:29 2014 (r267926, copy of r267882, stable/9/sys/dev/cxgbe/firmware/t4fw-1.11.27.0.bin.uu) @@ -0,0 +1,9019 @@ +/*- + * Copyright (c) 2014 Chelsio Communications, Inc. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ +begin-base64 644 t4fw +AAAD6QELGwAAAQkEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAA8wD2wPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAENoZWxzaW8gRlcgUlVOTUVNIERFQlVHPTAgKEJ1aWx0IFdlZCBKdW4gMTggMTc6 +MTk6MzMgUERUIDIwMTQgb24gY2xlb3BhdHJhLmFzaWNkZXNpZ25lcnMuY29tOi9ob21lL2Zpcm13 +YXJlL2N2cy9mdy1yZWxlYXNlKSwgVmVyc2lvbiBUNHh4IDAxLjBiLjFiLjAwAAAAAAAAAG/bT/dg +AMgA4QB78AAQAADhADC4eP///x/84UCAAAAB4QB7cAAAEAAf//zc4QGUcCAAAADhAZwE4QB5AAAC +AEDhAHmAAAYAQAACAAoABgAK4QB5BAAMAACAAAEC4QB7POEAe0ThAHvk4gAAAAABAADhAHuQIAAA +AAAAgADhAHsAAABAAeEAe5wAAEAAREREQuAAAADjAARzREREQOMACAAgAAJcAAAAAB//khAAAAAA +H/+SFAAAAAAf/5IYAAAAAB//khwf/8AAAAAAAAAAAADAABL/zRP/zZMgEv/NE//NhCAEMwGTIBH/ +zBL/zJIQEf/MEv/MkhAR/8wB9DER/8siCv+SEADkMQAFMQECABL/yALnMQIWABH/x4EQAQFfwCEC +EQHJERH/xBL/xJIQEf/EEv/EkhBgAA8R/78S/8OSEBH/vxL/wpIQgRAR/8HAIJIREv/AkhLAIJIT +Ev+/khCCEALyUGUv9xH/vccvkhAR/7ySEBL/vBP/vJMgwDKTIRP/u5MigiIS/7oT/7qTICMiIRT/ +uQQzAck4E/+4gzADgxQIMxEU/7akM5MhE/+qkyJgAAjCMJMhE/+nkyIS/7GQIJAhkCKQI5AkkCWQ +JpAnkCiQKZAqkCuQLJAtkC6QLyAmECAmEYIiEv+kwDAtNzAtNzQtNzgtNzwjPQFyM+0AAgAS/6HA +MC83AC83EC83IC83MCM9AXIz7QACABL/l8AwKDcwKDc0KDc4KDc8Iz0BcjPtEv+VwDAnNwAnNxAn +NyAnNzAjPQFyM+0S/5AV/5AW/5HAMNcgBWYBYAAZAAAAAAAAAAQ2BQACANMP0w8FMwxuOxQHRxQH +BEN2MeYENgUFMwxvO+0AAgAS/4MV/4EjCgACJwIHBEMEPgUFMwwHRxRvO/ADAgAS/33JLoMghCGF +IrwidDsOhlC0VZYwtDN0M/Rj/+YAZT/iZV/fEv9xwDIDLgUDAgAS/2jAMCg3QCg3RCg3SCg3TCM9 +AXIz7QACABL/ay0nAMARAUkxAEgxAQIAwAAU/2gE0jEV/2eUUBT/ZwTTMRX/ZpRQFP9mBNQxFf9m +lFAU/2UE1TEV/2WUUBD/ZQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf/AAA +H/wAAOMACfgf/AAAH/wAAOMACfgf/AAAH/wAAOMACfgf/4AAH/+KMOMACfgf/4owH/+KMOMAFCgf +/4owH/+KMOMAFCgf/4owH/+LuOMAFCgf/4u4H/+SCOMAFbAf/5IQH/+xHOMAHAgf/7EcH/+xHOMA +OxQf/8AAH//9yeMAOxQgAAAAIAABauMAeOAgAAF4IAABfOMAekwgAAF8IAABheMAelAgAAGYIAAB +nOMAelwgAAGcIAABpeMAemAgAAG4IAABvOMAemwgAAG8IAABxeMAenAgAAHYIAAB2OMAenwgAAHc +IAAB4uMAenwgAAH4IAAB+OMAeoQgAAH8IAAB/OMAeoQgAAIYIAACGOMAeoQgAAIcIAACHOMAeoQg +AAI4IAACOOMAeoQgAAI8IAACPOMAeoQgAAJYIAACWOMAeoQgAAJcIAACYuMAeoQgAAJ4IAACeOMA +eowgAAJ8IAACguMAeowgAAKYIAHZmeMAepQgAwAAIAMT/OMCUZggAxP8IAMT/OMCZZQgAxQAIAaQ +XOMCZZggBpBgIAaWEOMF4fggCAAAIAgOMOMF56ggCA4wIAkeUOMF9dggCR5QIAkfHOMHBfggCwAA +IAsAAOMHBsQgCwAAIAsAAOMHBsQgCwAAIAuPr+MHBsQAAAAAAAAAAAAAAAAgABGWIAARiCAAFXog +ABGIIAAU9SAAEYggABI9IAAUjSAAFBIgABGIIAATvSAAE3QgABMJIAARdSAAErQgABGIIAARiCAA +EYggABJcAAAAAP///////w/8///w////APwgAKejIACo4yAAqRMgAKjZIAComSAAqI8gAKhUIACo +SiAAqEAgAKfwIACpESAAp+YgAKfMAAAAAAAAAAAAAAAAAAAACgAAAAoAAAAUAAAACgAAAAoAAAAK +AAAACgAAAAoAAAAKAAAAAAAAAAAAAAAAAAEAAQABAAEAAQABAAEAAQABAAIAAwAEAAUABgAHAAgA +CQAKAA4AEQAVABkAHgAjAC0APABQAGQAyAEsAZAB9AAAAAAAAAAAAAAAAAAAAAAAAAABAAEAAgAC +AAMAAwADAAMABAAEAAQABAAEAAUABQAFAAUABQAFAAYABgAHAAcAAAACAAAABgAAAAoAAAAOAAAA +FAAAABwAAAAoAAAAOAAAAFAAAABwAAAAoAAAAOAAAAFAAAABwAAAAoAAAAOAAAAFAQAABwAAAAoA +AAAOAAAAFAAAABwAAAAoAAAAOAAAAFAAAABwAAAAoAAAAOAAAAFAAAABwAAAAoAAAAOAAP8AAQIC +AAAAAAAAAAAAAAAQIEAAAAAAAAAAAAAAAAAABAACAAEAAIAAQAAgABAACCBAgAAAAAAAAAAAAAAA +AAAgCJ5CIAieQiAIngEgCJ3RIAidmiAInYAgCJ2AIAie9iAInvYgCJ2AIAie9iAInvYgCJ2AIAie +9iAInUwgCJ72IAie9iAInvYgCJ72IAie9iAInvYgCJ72IAie9iAInvYgCJ72IAie9iAInvYgCJ72 +IAie9iAInvYgCJ72IAidYSADCawAAAAAIAMJsAAAAAEgAwm4AAAAAgAAAAAAAAAAIAMJlAAAAAEg +AwmYAAAAAiADDbgAAAD/IAMHrAAAAP8gAwesAAAAACADDbgAAAAAIAMIvAAAAAEgAwjEAAAABCAD +CMwAAAAIIAMI2AAAACAgAwjoAAAAQCADCPAAAACAIAMI+AAAAQAgAwkAAAACACADCRQAAAQAIAMJ +KAAACAAgAwlAAAAQACADCVQAACAAIAMJZAAAQAAgAwlwAACAACADCYQAAQAAAAAAAAAAAAAgAwio +AAAAECADCLAAAAARIAMIkAAAAAAgAwiUAAAAASADCJgAAAACIAMIoAAAAAMAAAAAAAD//wAAAAAA +AP//IAMIEAAAAQAgAwgcAAAAgCADCCwAAABAIAMIPAAAACAgAwhMAAAAECADCFwAAAAIIAMIaAAA +AAQgAwh0AAAAAiADCIAAAAABAAAAAAAAAAAAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAA +AQAAAAEAAAABAAAAAQAAAAEAAAABAAAAAQAAAAEAAAABAAAABwAAAAcAAAAGAAAABgAMNQAAEEaq +ABRYVQAYagAAACtoAAAjgwAAGGoAAA0GAAALKgAAAAAAAAAAAAAAAAAAaCsAAGgrAABsggAAb5wA +AEpoAABKaAAATSkAAEpoAABO6gAATJgAAFI9AABPuAABhqAAAYagAAII1gACCNYAAgjVAAII1QAC +iwsAAosLAAII1QACtnIAArZyAAMNQAAEBgcAAAAAAAAAAAAAAAAgCRYVIAkWFSAJFgogCRX/IAkV +8SAJFekgCRXpIAkWGCAJFhggCRXpIAkWGCAJFhggCRXpIAkWGCAJFekgCRYYIAkWGCAJFhggCRYY +IAkWGCAJFhggCRYYIAkWGCAJFhggCRYYIAkWGCAJFhggCRYYIAkWGCAJFhggCRYYIAkWGAACAgUF +CAgLCw4OEREUFBcXGhodHSAgIyMmJikpLCwvLzIyNTU4ODs7AAAAAAAAAAEDEREICBAJAwEAAAAA +AAAgBLdgIAGTPCAANnggAWi8IAGPhCABiXwgAUegIAPaHB//6jQgAJRkIACppB//3RAgAGG8IABT +IAAAAAAAAAAAIAFqcCAAgbAAAAAAAAAAAB//1fQf/8V8H//ClB//wDAgAE4gIABGRCAAQoAgAKBk +H//j6CAGZ7gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAGbACABergg +ALNIIACyfB//8Ggf/9CgH//MOCAAfyggBRkwIAEoGCABB6QgAPCgIADkqCAA2CwgAMqkIAC2ICAE +uxggA/YcIAEcmCAEFzQgAccsIABhfAAAAAAgALOkIAWDDCAApyAgAXK4IAACmCAAmiQAAAAAAAAA +AB//87AgALNkIAP4zAAAAAAAAAAAIANWRCAAJtQgAB0MIAAlwAAAAAAgADFwIAAuyCAAK8gAAAAA +IAA2OCABIFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgADPIIAS3AAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAA1eCADXdAgADSAAAAAAAAAAAAAAAAAAAAAAAAA +AAQAAAAEAAAACAsAAAAgAxFQCAAAACADEVwIAAAAIAMRaAoAAAAgAxF0DAAAACADEYASAAAAIAMR +kA0AAAAgAxGkDgAAACADEbQTAAAAIAMRxAoAAAAgAxHYDgAAACADEeQYAAAAIAMR9A0AAAAgAxIQ +DgAAACADEiAQAAAAIAMSMBIAAAAgAxJEDgAAACADElgQAAAAIAMSaBEAAAAgAxJ8CgAAACADEpAL +AAAAIAMSnA0AAAAgAxKoFAAAACADErgKAAAAIAMS0A8AAAAgAxLcBgAAACADEuwGAAAAIAMS9AYA +AAAgAxL8BgAAACADEwQGAAAAIAMTDAkAAAAgAxMUBgAAACADEyAEAAAAIAMTKAYAAAAgAxMwCwAA +ACADEzgLAAAAIAMTRAQAAAAgAxMoBAAAACADE1AJAAAAIAMTWAkAAAAgAxNkAAAAAAAAAAANAAAA +IAMTcAoAAAAgAxOABgAAACADE4wCAAAAIAMTlAMAAAAgAw2MAQAAACADE5gAAAAAAAAAANdqpHjo +x7dWJCBw28G9zu71fA+vR4fGKqgwRhP9RpUBaYCY2ItE96///1uxiVzXvmuQESL9mHGTpnlDjkm0 +CCH2HiViwECzQCZeWlHptseq1i8QXQJEFFPYoeaB59P7yCHhzebDNwfW9NUNh0VaFO2p4+kF/O+j ++GdvAtmNKkyK//o5Qodx9oFtnWEi/eU4DKS+6kRL3s+p9rtLYL6/vHAom37G6qEn+tTvMIUEiB0F +2dTQOebbmeUfonz4xKxWZfQpIkRDKv+Xq5Qjp/yToDllW1nDjwzMkv/v9H2FhF3Rb6h+T/4s5uCj +AUMUTggRofdTfoK9OvI1KtfSu+uG05EHDBEWBwwRFgcMERYHDBEWBQkOFAUJDhQFCQ4UBQkOFAQL +EBcECxAXBAsQFwQLEBcGCg8VBgoPFQYKDxUGCg8VH//AAAAEACAgBpYQIAaZwB/83gAf/53UIAaW +QB//nuQf/6IwA4AAAIEAAAAf/6IgAP/4AAEAAAAAEAAAgQQBAIEEAAABBAAAAQQBAIAAAAAABf// +H/+FYAYAAAAqAAAAH//P+CAEMngCAAAAgBAAAEFAAABBQAEAgwAAAf//v/+/////H/+XcAQAAAgg +AwuggYAAAAwAAAAf/5Jg//8AAP//AP8AAQAAAAD//x//raAf/5q0D////x//n+gf/OIAH/+kHB// +oOQf/6OQH/+kFB/84ODg//4A4QGSAB//l+QA////H/+fnB//m/QEQQAIBAEACKUAAADAAAAAwAQA +ADAAAAAf/6AgAAAPoAAA/4AgBpBgIAtUYOEALgAf/6AUH/+b/B//oPAf/5xgH/+gQOAAAKDhADC4 +AACAAOEAYBAAAEAA4QIQAOECMADhAlAA4QJwAOEAEAgf/OFA4QB7cB//sNwf/7DUH/zgCB//sNgf +/7D0H/+w7B//sPAf/7EMH/+xBB//sQgf/53UH/+toCAGlkAf/N4AH/+e5AEAAAAf/6BgH/+fbB// +nAQf/6DsAAD/gAAAEIAf/5JgH/+g+B//oPQf/6FYBAAACAUAAACD/wAAgQAAAAAQAAAqAAAAIAAH +7CADCsgf/4lwH/+FYB//ojBnRSMB782riZi63P4QMlR2H/+AAAAAPyggAw2Mz////yALBhAQAAAA +P////wIAAABAAAAA//9//yALBzAf/6IgIAAhsCALB9AIAAAAAP///yALCEAgCwdg9////yALCjAg +AB5Y//7//yALFCAAIAAAAABAAAwAAAAAAP//AACAAA0AAAAgACRg//v//w/2gAAAA///AAAn/yAL +GFAgCxiAAAEAAAAEAAAfgAA/H/+feCAAMXAgADOEIAAuyCALGRAgCxmwIAAryCALGgAgCxqQBAEA +COAAAAAf/5+EUwAAAFIAAABRAAAAIAHRpB//nFggCx0wIAsdkCALHWAgCyAQH/+fnCALIGAf/5v8 +H/+fUCALIgAUAAAAgAAAAIAAAAJ4AAAAgAAABoAAsAAAAAoAAOMwkv//8ACAALEA4QGaAAACAAAg +CyHAH/+ZmAAAfkAf/5+IAP/AAB//n4wf/5LkKAAAACYAAAAgCyIwH/+TIAYAAAAFgAAAIAtoEB// +m8ArAAAAIABJCB//nVA1AAAAA4AAAAMAAAAH////AD///4BAAAAID///H////yAAAAAAAMAAPQAA +AB//mBAHAAAAgQQBAIEEAAAf/52wAAA6mMMAAAAAAA//AEMAAAAACAAEAAAAIAtocB//sFAf/63A +H/+XcAAGAADhAHoAH/+X4B//n3AgoAAAH/+cCB//newf/534IAtooAADB4AgC2kQH/+Z4ABAAAAA +AAkAAAAwAv/8+H/AAAAAo/+7AKP/ugDgAwAAg/+2AA////8P//gA/wAAACALaVAgCyQwIAskYCAL +aeAADwAAAAoAAP//AA8f/590A//AAIP/wAAgC2pgIAtq0B//oAQf/OIAH/+kHB//rjD/YPAAH/+u +EB//pCAf/5IgBIAACB//gFAARAAA/x///wDAAAAAAIEA8AAAAIGAAAD/f///H/zgdB//mrT/v/// +//8AAACAAAAAAIbdH/+TEB/84gzuAAAADwAAAB//n5Qf/6QYAAAPSB/84ggf/5gMH/+AYCAGkkAA +ADAAAAAnEB//3IAgC3LwH/+g5B//oEQAAP/+H/+b8N6tvu8gAwYQNAAAAD8AAAAAAIkGAJkAAB// +rXgQAAcCAcCAAB//rEiZAAAAH/+uNACIAAiCgAABH/+tyB//rNQDFQAAAxEAAAAPA/8gCyjQIAsp +MCALKYAgCyngIAspACAA30QgCyuAIAsrsCALLAAgCyxgIADk8CkAAAAgAOtsIAtzQCALc6AgC3QQ +8PDw8P8A/wCqqqqqzMzMzB//sEAAAB3gH/+uSCAA/EggC3SgIAt1EAAPQkAgBB3QH/+fzB//oDAA +CQAAAABIAIIAAAAgASBYIAt1kCALdgAACQAIH/+tPDAAAAAf/62IAAAIBgAAiMwAAIkUfwAAACAL +enAgC3sAAADgACALeLAgC3rQH/+ZnAAEA/8KAAAAH/+sZB//n0Af/5tgg/+3AIP/tiAgCzSw4QAA +ADMAAAAf/6xUH/+uhAP/4AAAP/aQAAAdKB//rZAD//AAIAtlYCALZSAgC2WAH/+vkCALNPAaAAAA +H/+b+CALNUAgAWAwH/+tjB//ncQAD///AADerR//rUAgC3uQH/+cICADB2Af/5wQH/+eBCAAZeAf +/5zsIAAFzB//mSwf/5esIAt8oB//nGwf/6L0H/+jgCALfPDABAAAH/+eECADDFAgAGbA4AEAACAL +fjAgCzhAIACkrCAAojAgC32wIAt+ACAGkGAf/5m8IAs5sOD//gAgC1iAH/+kLCALQfAf/5RIIAtM +wCALTVAgC1AAIAtQMEgAAAAgAaMgH/+dYCABpSQf/5hgH/+a9B//neQf/5tMAAAK4AAACOwf/54c +IAaWNB//m9Qf/5fk4QAuAB//nijhAF4A4QIOAP//v//hAA4A4QGOAP//vv8f/5v0IAGqQCABtmjg +BQAAA/8AAB//m5QgAwugPAAAAAAF//+DAAAAH/+a/CABy+wf/6BUIAtXoAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAgYAAAAAAAAD/////////////////////H//70B//+9Af//uYH//7mB//+5gf//uY +H//1KB//+FAf//asH//2rB//9qwgBmmoAAAAAAAAAAAAAAAAAAAAACAGbSggBm0oAAAAAAAAAAAA +AAAAAAAAACAGaaggBmmoH//5RB//+UQf//lEH//5RB//+UQf//lEAAAAACABq1gAAAAAAAAAAAAA +AAAAAAAAAgEAAAAAAAAAAAAAAAAAAAQAAAAAAAAAgYAAAAAAABAFAAAAAAAABAAAAAAAAAAAAAAA +AAAAAACBAAAAAAAAGAUAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAACAKABHyixPyi9MPA+YxAQIAFvKJF/KKd2sGkGC0Zndj+FQPBVWz +4A8UAGP/+QAAAGwQCCggBScgBykxBfgghhXgGUUA+QAOhWF3AQCKIhbyfP3k+gXgDJUA8Ve8DeAP +pQDq8ngbxwKAAKaIK4KeCnkKKZK//WANg6IAnQAogp0JiAHoFgUkDVGAACjSCPcADaiSAJ0AK2Ku +7PJtFYq5gAAqYq0swn/sqwEEc/0AAP1ACh4iAJ0ALtYI/UAKHiIAnQAvIBSk/w8PRy8kFPXgDF3S +AJ0AGfJfLiIWLCEpiBUf8l2uzJ+A6iIeLmfCgAD9AGYVoA0lAP0ARhXgC2UA7fJWHVYCgAALqgKL +FJqB6QAVBEBBAACJFQgAiig8EP0gxhXgTAUA/SDmFaAMRQDsuzYEyIEAAG25BQgAhgkCYe7yRxWg +h4AAiBXuAAUNzwKAAKmI6IwgJaQ1AAALyQxtmQIIAmEtISnTD+ohKCboBQAADQ1PLSUp/UAHdGIA +nQD/5HAF4AwVAPogqBXgHuUA6iIeLs1CgAD4ICYV4AgFAPggBhWgDQUA6BYCJdmBAABYfoL+4AAX +N8UBAPfAAEcwDZUA7eadKAQKgAD5gAVZUgCdAMAg0Q8AAADqJAAJ2ASAAOxEAAroBIAAWIBp0qDR +DwAAAADAsA+JNOnWCC32LgAA+kBoHaAbxQD8AAIdoA0VAFiDnmP/wQAA6iQACtgEgABYgerSoNEP +AP/5WA2gCAUA6iQAA9hhAAD8AAIdoA2VAFiDkmP/kcCgWa5sHfH/iNj5H/IIkA+lAGP/pNogWAti +Y/5wAAAAAAD8AAId4AoFAPpFJB2v/CoAiifrRAAKaASAAPtEABWgDAUAWHn90qDRDwAAAGwQBi4i +EJQR5SEaKtAEgAAmIAf2QSgV4B/FAOoWACrHwoAA/wJSDeFmAQAHCULxIHAN4oUBAGSB8tTwKSAF +/EBIFaAbhQD+ngANsBpFAPsgD5UiAJ0A5/HWHgvWAADl8dMbTwKAAPTADBISAJ0ApZktkp4Hagoq +or/3oBG7UgCdACmSnQqZAe6UAASOSYAAjCmLKgwHPgy7DPdgCQPiAJ0AKiBOLSBMsaj7oA3sIAsV +ACgkTiowASkiGPNADfaSAJ0AKyAHLSEk+GAkFaAMVQD9QAQFMLsRAOCqEQ3agoAAC6oCG/G7CogC +KiEHLCEJC90C+wYADHqqAQDr8bYdUwKAAArMAiohIpjgiCCc453kC6oCmuL9AAAUMAplAAqIApjh +LSIQneUsIDgb8av4ACIdoE0VAPnBJhWgzBkADNg5HfGnlOgMvTn5pgAOsAsFAJvnGPGanebt8ZsU +4AUAACwmGJvrmeroABUHSMEAAAkAiu3mDiHIQQAA7+YPJ3kBAAAJIIYPAmMJAIYPAmEMbhGl7urm +nSOAsYAAiCkvIDiniCgmCfPgCBeSAJ0AiRAJCUf5IAcBUgCdAMAg0Q+eEuokAAvYBIAAWILMjhL/ +TRAN4B/FAOwSASlQBIAA7RIAKdgEgABYf8XSoNEPAB7xcoro90AGOJIAnQAMaRGlmSuSnvdgBotS +AJ0AKZKdB2sKK7K/C5kBZJC/sKyc6O6UAAzzfgAAYAAsAAAAAADz3/BIUgCdAAlUDPSdABWv+AIA +AAAAAADrEgApUASAAFiBOtKg0Q8A6iQAA1hhAAD8ACIdoA1lAFiC5GP/aY0iwOQO3QL8QEYV7/1+ +AAAAAPhDqBWk2QEAANEEALwaDIgC+EOmFa/4xgCKJ40RwMDqrCAu2ASAAFh5UtKg0Q/aIFh/W2P+ ++QAA//c8DaAJBQDAoFmtqh7xPIro+V/5eJAfxQD//SgNoAkFAMCQwLoLqzT7wQYV7/zuAAAAAGwQ +DpUcKCIQLiIJJyE1KSAHIxYOKjIC/mCIFeANFQD8YGgdp7UBAOMhGiXb+QAAC9s5+iGmFeGZAQDn +/zYJt8KAAP7CUg3jqgEADg5C8cBwDeLTAQBk1GMmIAXB6Pn+AA8wF0UA9sAkHWIAnQCHIose9OX8 +DeAOhQArsAGfEfNgIScSAJ0AmRCZGpoUGPEO7fEOEjANAADmFgssrwKAAOhVCAzfgoAArbvrFgki +cAUAAIkanhiNG/UgBqoSAJ0AK1Kehhn9YAoj4gCdAC9SnSZivwb/AWT0ORnw/YmY9yAJmJIAnQAq +gq5koVIa8Pkjgq0qon8d8PYKOwHrFgUk2/0AAPpgCeYiAJ0Am9j6YB9mIgCdAIcphioMAz4HZgzy +wAmr4gCdACkaAPMiMg3g+vUAKyAWnBP7YAn9IgCdAIsRhsMqIDj34OYVoAYFAPfhJhWgRwUA++EG +FeCqGQAKdjkX8OeWFi0iFxbw5J36LSIbnfuJxAp2OZYX+WARSuIAnQCGHZ4f7BYDIw3ZgABgAQgZ +8M+JmGqRLosbKlKejxl7o0stUp0v8r8P3QGdFYYV6/DHFNP9AADvZAADAemAAJq4Zf8TYANKnh/8 +IGYVoAoFAFmtKxnwvomYGPC6jBPuEg8kjtsAAP//XA2gDwUAwKD6IKYVr/7mAB3wtcC6C5s0+6EG +Fe/+9gAAAAAA//sUDaAPBQCeHy8WEPwgZhWgCgUAWa0XGfCqjBMvEhCJmI4fGPCl+T/1cJIAnQBg +Ar3AoJoVixUW8KLA2g2dNO1mCC32JgAAYAKknh8vFhCcE+okAAnYBIAAWIHqjBMvEhDuEg8ldaGA +AGACWp4fLxYQ+kDwFaAMBQBYgcCMEy8SEO4SDy11ZgAAYAPHjheLE4gUjBH2IMgVr4oFACokOwyZ +DAhmApm0rNgG7gItIhDoJhspUASAAFiAZI4fjBMY8H76s6YVoQkFAHObDSsgFioK//tgBE0iAJ0A +iikrIDgPAgCjquomCSgECoAA82AEP5IAnQAmITUvwgQrIRopIhDm/zYN78KAAH/bCwoKQmSgBQsN +QmTQc/4gJhXgHYUA+f4ADvAKFQD6IaYVoAY1APYhhhWv9cYAiicvFhCLHuqsICpgBIAAWH0OLxIQ +mhMtIhv5QIgV7/zeAAAAAAAAAOogByngBIAAWIFvGPBTjBP+IegVr/2eANogWH5rGPBOjBOOH/pB +KBWv/bYAcZ6ICr8M//0AFe/+CgCLFIoWLSIQGfBUC6oCG/BUCmgChh0a8EsJiALp8EobCz4AACMW +ESUWEiYgB4XAIyEH9kEkFeBmEQDrVQELMoKAAPamAAq6MwEA5iEiKZsCgAADdwIKVQIjISQJZgKV +8IUgl/OW8v3gphXjmAEA6PYGLMoCgAAJOQLjEhEiU/kAAOn2BCquAoAA5eUCBkCBAADl9gEnyMEA +AOUSEiIUNQAAbakFCACGCQJhJiAUpGYGBkcmJBT0wAg10gCdAIgY+LOmFaEHBQDy4fIN4Pn1ACsg +FvlgCM1iAJ0AKiIXsarqJhchgKmAAIwpKyA4o8ycKfNgB5+SAJ0AjR1l0M/AINEPLyBOZPvZDngC ++EBGFaAAhgAAAAAAAPMf3MBSAJ0ADj8M//0AFe/uNgAAAAAAAOsSDilQBIAA7RIMKmAEgABYfkvS +oNEPAOsSDClQBIAAWH/W0qDRDwD6QGgdoBvFAPwAIh2gDRUAWIGAY//BixD6QGgdoAwVAO0SCyXY +YQAAWIF6Y/+pAAAmIDtkYHHqJAAOWASAAPwgKBWviQUA6SQ7LHAEgABYf8P6IQYVoAsFACsmG/pH +Zh3v+84AAAAAAOsSBSlQBIAAWAk/Y/7viifrRAAKaASAAPtEABWgDAUAWHff0qDRDwDaIFh96WP/ +COogByngBIAAWIDlY/7cAAAnIQklFhIjFhEkFhMmIAeEwCMhJPRA5BXgZhEA60QBCzKCgAAGRAIK +RAL2REQVqrUBAOsiBy3TAoAACncCCWYCKrEVmhKU8IUgl/OW8v3gphXjSAEA6PYGKiICgAAEMwLj +9gQl2IEAAPQiaBWvwwUAA7sBIxIR66kICq4CgAAF5QLl9gEmYIEAAOUSEiTJAQAA6ctDfkAEgAAt +TP4M1hGmhuaTO3fgwQAA9J/v8RIAnQBt2QUIAIYMAmFj/e2LEPpAaB2gDBUA+2JAFeANBQBYgSdj +/loAAAD7jwAMP/72AAidDA1JFG2ZBQgghgwCY+/aCAXBAQAA6UwMBUjBAAD1n+1BEgCdACvM/m25 +BQhAhgkCZWP9lAAAbBAGKCAFHO+C997+BeAaRQD7AAqdIgCdACsgTonIsLsrJE73IAjIkgCdAC5y +ru3veRcRcYAAK3KtLdJ/DbsB5rQABZEpgACwnu7GCCWIOYAALyAUs/8PD0cvJBT14BDF0gCdAC4g +c/hDqBXv+vUA+8AEANALFQDguBoHaAUAAPsXAA003QEALSRzCYgBCLg5CpkB6SYdLAcOAACKInyn +BCggTsmPfacIKyBMKSBOe5MUzGwsIBTtIgIuWBwAAGTRycAg0Q8AjifH8w+vAe8mAidQwQAAWG6V +4+9dFQE5gAAooADTD9MPA4gKKIIQ7KAHLVgEgAD6QGgdoA1FAAuAAGWv3Ikn0w9kn6YqmRTKp4qZ +ZK+cKKAAA4gKKIIQ7KAHLVgEgAD6QGgdoA01AAuAAGWv4GP/egAA//9UDaAKBQDAoFmroBzvMonI ++T/26JIAnQDAYCkgFLOZ+EKGHe/8HgAAAAAAAAAA6iQACtgEgABYfwjSoNEPACogBSsgB8HU/UAO +ZWG7AQAFBUf4oA55UgCdAJMQjTadEu3vHB2YBIAA9WAJihIAnQAMuhGnqi6invfADZzSAJ0AKqKd +DbwKLMK/DKoBZKE9+kAIFeAMFQBYILcd7xEpIQkY7xErISIvIAce7xssIST5ZgANsP8RAOgSAi/6 +goAAD8wCDswCLKYAjiCbovlAphWgDyUA6aYDL3YCgAAP7gL/QCYVoAkFAO0AFQVQYQAAsZnqgx4M +j+gAAAw5EfcgAETwCKUAKJad9L/yuRIAnQCKJ+tEAApoBIAA+0QAFaAMBQBYdvtj/jr/92wNoAsF +AMC6C5s068YIK28GAABj/tvqJAALWASAAFgIS/3dxgWv93YAiifAsPtEABWgDBUAWH+KGe7umaD+ +QAgVoBvFAPnd2AWgDBUA+UBGFaANFQD9wAAXMAgVAOjuAg14BIAA7vYBKVAEgABYgGHAINEPicj3 +IASgkgCdAAw6EaeqLqKe98AFVNIAnQAqop0NPgou4r8OqgFkoJiwn5/IZa7BiCLrFgEkBOGAAPi/ +7DlSAJ0AiicrCgD7RAAVoAwVAFh7aosQHu7KnqCMIB3uyp2i/YAAFjANFQANzAKcoYu2+0BmFe/1 +SgAAAADrVAAJUASAAFh+jmP9PI8z/iBGFe/41gD/+WQNoAoFAPogJhXgCgUAWasSHO6liciLER3u +ovk/+riSAJ0A//3IDaAKBQAAwKDAigiYNPmBBhWv/YoAAAAA6iQABdhhAAD8ACIdoA2lAFiAJmP/ +UQAAbBAEKCAU74seahgEgACKJ/pgaB3gDAUA6qwgKegEgABYdpnSoNEPAIsic75LFO6IikhqoUcb +7oQssq7Kxx3uhSyyrS3Sfw3LAX3AG7Cunkh9wCEvIBTvJBQv2tAAANogWAfjY/+nwLDAigioNOhG +CC3/FgAAiSLJlcAg0Q/AoFmq4YpIa6GtY//qAAAAAAAA+kBoHaAbxQD8ACIdoA0VAFh//MAg0Q8A +bBAILCIPLyAHKCE0JzIH/kNEFafVAQD5v8AV4AsVAOm5OQmwBIAA6yIJKlAEgAD4IIYV4AQVAOh3 +Ng9PwoAA9yJSDeH/AQALCULxIHAN4o4BAGSCcsG07HsfDpR0AAAsIE/pIE0mYAUAAAwMRywkT/0g +FKOiAJ0ALCAF+4AS/WIAnQCNIvogBhWv+zUA/WAOWOIAnQAoIhmOMvnAFNUiAJ0AiTgY7kMc7j/k +kmJv34KAAJoQmBGsu+juOhVIDQAAmRPrFgIvpwKAAKhE9eANIhIAnQCLEypCnvtAGxviAJ0AihIp +Qp3TDyqivwqZAe6UAASScYAAjCmLKgwFPtMPDLsM9WAJ2+IAnQAtGgD1ofIN4Pj1ACsgFvlgGXUi +AJ0ALCEiGe41KCEHKiEkKyEJ/EDwFeqIAQDpqgIMQwKAAAi7AhnuLhjuHw0tQOnMAg7qgoAACN0C +neCJIJzimuT7wGYV4ApVAOvuJhzOAoAACpkCmeGIL5jlLCA498EGFeANBQD9wOYV4AolAP3cPAXg +SSUA+MCIFaDMGQAMmjmY6QzbOY1lneod7hj8wMgVoAkFAOzmCyOH4YAACpwQDcwCnOyMEYlol++Z +7ohpKOYQjWot5hHsABUHSSEAAAkAiohn+OALo6IAnQAf7f0KvQIP3QKd5sDF/JOmFaEJBQD1IfIN +4Pj1ACsgFvlgE6UiAJ0ALCIZiikrIE8pIDjlqggGYAUAAOwmGSXb/QAAKyRPminzIA+PkgCdAIsU +ZbHvwCDRD58VnxaeF+okAArYBIAAWH8njhfvEgUldZGAAIwUZc/biifbMOwSACVQwQAAWHpEwCDR +DxrtzYqo90AQiJIAnQCMEytCnv1gEUOiAJ0AixIpQp0rsr8d7cQLmQHkkhRlY/0AAJzY7pQADPJm +AABgAI4oIDnxH/gOEgCdAP/75A2gCRUAAAAAAPOf7EhSAJ0ACecM9v2AFe/1+gAAAADBs3vJFCkg +OpoQ/iDGFeAM9QD9IBD9IgCdAOokAArYBIAAWH2K0qDRDwDwABgNoBrVAMChjDcrIQmNOI4y668R +Dd0CgAAPuwLkuwIJUASAAFh9bsAg0Q8AAAD//1gNoBqFAOokAAfYYQAA/CBoFeAMFQBYfyZj/wUA +AAq4ApjmwNX8k6YV4QwFAHXLDSsgFikK//lgDjViAJ0AihRkoV2LaoxnimmrewfMDJxn92DSDeAO +BQCxqoxlm2qLZppprOqre3e7AbGqjimbZpplLSA4pe6eKfOgCjeSAJ0AiScomRTKgouZyb4Z7Yco +sACfFZ8WCYgKKIIQLLAH+kBoHaANNQALgACPFYsix6P7X/KA4gCdACghNIdnLiEaii+LKeh3Ng9n +woAAd8sKCwlCyJQOC0JksLTB1Pr+AA6wDBUA/CCGFa/yrgDaIFh7emP+Coon6qwwK1gEgABYZwXS +oNEPAAD/8qgNoAkFAAAAnxWfFp4X+kDwFaAMBQBYfoKOF+8SBS1l/gAA6iQAB9hJAAD8ACIdoA0F +AFh+3WP94AAAAAAA6iAHKuAEgABYfmFj/YGfFf4gxhXgCgUAWamwGu1DiqiPFflf7tiSAJ0A//fg +DaAJBQDAkBztPcC6C6s0+4EGFe/3mgAAAAAA81/6OFIAnQAJ5wz2/YAV7/zyAIonnxXvFgYp2ASA +AOwSACVQwQAAWHmk1qD+IKgV7/oWAJ8V7xYGKVAEgABYe0L+IKgV7/q2AAAAwVP6QGgdoAsFAPwA +Ah2gDTUAWHPXKyAFjxaKEPV/2oViAJ0AY/0hnxWfFuogByrgBIAAWH4y/iCoFe/4rgAAAABsEA6T +HJUaiC+KKS4hGichNC8yBPhA8BXntQEA+3/AFeANFQAL2znrFgsp4ASAAPfhAA/xmQEA5yAFLzfC +gAD+wfIN4qoBAPFAcA3ibgEAZGRBwaQI+o364CNNIgCdAI4iixz1xFwN4AqFACuwAZ8S82AgVxIA +nQCZEZkYGOz06+z0EmgNAADtFgksrwKAAOhVCAzXgoAAq6rqFgcicAUAAIYYnhaLGfTABeoSAJ0A +KlKehhf7QAlj4gCdAC9SnSZivwb/AWT0IRns44mY9yAI4JIAnQAqgq5koTka7N8jgq0qon8d7NwK +OwHrFgMk2/0AAPpgCR4iAJ0Am9j6YB6mIgCdAIcphioMAz4HZgzywAjj4gCdACkaAPMiMg3g+vUA +KyAWnBD7YAklIgCdABvs4CkgOPvZvAWgBgUA9+DmFaBHBQD9gIgV4JkZAAl2OQm6OYsSmhSWFf1g +EdLiAJ0AhhtkYdNgAQMZ7LuJmGqRLosZKlKejxd7o0stUp0v8r8P3QGdE4YT6+yzFNP9AADvZAAD +AemAAJq4Zf8rYANKnh38IAYVoAoFAFmpFxnsqomYjBAY7KbuEg0kjtsAAP//XA2gDwUAwKD6IGYV +r/7mAB3socC6C5s0+6EGFe/+9gAAAAAA//t0DaAPBQAAnh2fHvwgBhWgCgUAWakDGeyWjBCPHomY +jh0Y7JH5P/Y4kgCdAGACvsCgmhOLExbsjsDaDZ007WYILfbuAABgAqWeHZ8enBDqJAAJ2ASAAFh9 +1owQjx7uEg0ldnmAAGACXZ4dnx76QPAVoAwFAFh9rYwQjx7uEg0tdk4AAGADxJwQ/iGmFa+JBQDp +JDsmOEEAAAcAhucSAiewgQAABgJhjceX+IrEicatfQeqDJrEd9sJnh3sFgAkyAUAAIwSixCGFY4U +mbadtwbuAu0iDylQBIAAWHxIjh0Y7GKMEPqzphWhBwUAc3sIKyAWKQr/ebl+iikrIDijquomCSgE +CoAA82AEJ5IAnQAmITSPxCshGokv5v82De/CgAB/2woKCkLIpAsNQmTQc/4gRhXgHUUA+f4ADvAK +FQD6IWYVoAY1APYhRhWv9cYAAAAAAACeHYonnx6LHOqsICpgBIAAWHjy7xIOLWAEgAD+IagVr/xS +AOogByngBIAAWH1VjBAY7Dj+IagVr/22ANogWHpRjBAY7DSOHfpBKBWv/cIAcZ6ICr8M//2AFe/+ +CgAX7DYb7DYd7DsGqQKGGxrsOu2ZAgZAQQAA5WFUZ+iBAAAlFhCTHyUgB4PABSVA6jMBCqqCgAAF +MwIHMwInIQcqISImIQn0QegV6ncBAOuqAgu7AoAAB2YCJyEkk/CDIJbzmfaa8vXgphXjqQEA5RIQ +LVICgAAKdwLn9gQpngKAAAPjAuP2ASJT/QAA4xIPIgw1AABtqQUIAIYNAmEmIBSkZgYGRyYkFPTA +CB3SAJ0AiBb4s6YVoQcFAPLh8g3g+fUAKyAW+WAItWIAnQDIP4spKiA4o7ubKfNAB9+SAJ0AjBtl +wNfAINEPLSBOZNvzCugC+EBGFaAAhgAAAAAAAPMf3dBSAJ0ACu8M//2AFe/uvgAAAAAAAOsSDClQ +BIAA7RIKKmAEgABYejfSoNEPAOsSCilQBIAAWHvC0qDRDwD6QGgdoBvFAPwAIh2gDRUAWH1sY//B +ixH6QGgdoAwVAO0SCSXYYQAAWH1mY/+pAAAAAAAmIDtkYHcr+oArJDvsEgIuWASAAAgghg0CY+z2 +CCzwBIAA7SIPKVAEgABYe6v6IMYVoAwFAPxHZh2v+8oA6xIDKVAEgABYBSlj/vKKJ+tEAApoBIAA ++0QAFaAMBQBYc8nSoNEPANogWHnTY/8A6iAHKeAEgABYfM9j/t8AAAAnIQckFhEmIAeEwJMf8kRE +FeBmEQDqRAELMoKAAAZEAhbrsiwhJIonBkQCJiEJ+mYACfp3AQDroRUruwKAAAdmAocvlPCEIJf1 +k/L34GYVozkBAOn2BimaAoAAA8wC4xIPKiYCgAAE5ALs9gQlUIEAAPXgJhWvzAUADKoBqrzkEhEm +YQEAAOyLPXxIBIAAsEgMhhGmlnbDNvSf8IiSAJ0AbYkFCUCGDQJlY/4AixH6QGgdoAwVAPtiQBXg +DQUAWH0VY/5iAAAA+w8ADP//DgAJzAwMSBRtiQUJYIYNAmfvzQgFSQEAAOhMDAbAgQAA9Z/t2JIA +nQCwzm3pBQmAhggCaWP9qAAAAGwQBiggBSMgByQKA/0PQERRMwEAKCAiZIBvAioCWHGQ/UzAgNAN +FQAsICEY62UPAgDsMxEGfVaAAKgzKTKeDwIAbpNFKzKdZLA/+kAIFaD+5QAOzgH9xgAO8A8FAPxE +Jh3gCQUA+CAGFeAMBQD4ICYV4A6VAPggRhXgDQUAWHeu9HOmFaACBQDRD8Ag0Q8AAGwQCiogBfhA +8BXgDBUA+GBoHae1AQDoFgAl2/kAAOvLOQoYBIAA6xYFLCAEgAD9QcAEUZkBAMHD/UAf5SIAnQCN +Iu/rPB6b3gAA6+s5EbARAADmFgQs94KAAK/u7hYDLNcCgACrquoWByzABIAAhxf1AAQiEgCdAIoU +J3KehhOPF/rgB1uiAJ0AJmK/L/KdBv8B7xYGJ5nRgAAlIRuKQocphioFpTb1TwAOcQsFAHyzAdWg +mBoHZgz0wAXj4gCdACoaAPVCMg3g/PUAKyAWmBr9YAX9IgCdAIpC+qAOeqIAnQCMFRvrLodDmBrr +dwEGCPmAAGAAtgAAGusQiqjoFgolDN+AAIsXjBSGEyuyno8XJmK/fLNDL/KdHOsHBv8B5PA5ZVv9 +AACbyO8WBi/7bgAAYAKbAAAAAPghZhXgCgUAWadqGur9iqiJG+gSCiUO3wAA//9MDaAPBQDA8Bzq +98C6C6s0+4EGFe//BgAAAAAA//x4DaAPBQCZG+okAArYBIAAWHw+iRvoEgoleamAAGACLgCZG/pA +8BWgDAUAWHwViRvoEgoteZYAAGADEvDgBIhSAJ0ALSEajCmXGPghRhWi7QEA6RYLLwQWAACXGPgh +RhWi7AEA6RYLJwOBgACYGukWCy7/woAAdfteDtUM+dXYBaC36QDmQgMt3IKAAAt5ApkYCGYB9oBm +FaABAgCKJ5kbKxIA6qwgKeAEgABYd3aJG/ghSBWgCyUA66QCLSAEgADqogIoBAqAAPL/+7hSAJ0A +jCmXGJgamRuOGI8W5a0MClgEgADlzAgJUASAAO1GAiroBIAA7CYJKeAEgABYd5GIGokbjxf786YV +oQ4FAHXrCCsgFiYK/3a5DMCh+iCmFa/3dgAAAADqIAcq4ASAAFh7v4kb+CFIFa//igCPKRjqvYkW +pf+fKYxDi0CNFefEAATIgQAA/A4ABTfrAQDuFgEuiKYAACcgBwcHQQh3Cidyn+6tEA1TwoAA7aoC +AkBBAADqdwEB0/0AAOfHAgGMPQAAbakFCACGCQJhi0DAgJgSGeqoGuqnLyEahhYe6qQkIQcY6qH8 +ICgVodcxAP+gAEa6RAEA7dCAKicCgADszA8mcEEAAPiGAAo0zB0A5GYAJmAFAAAMPAwU6nwNXQyI +IJ9ml2eeY51lDKQ5CYkC6WYELEYCgADkZgIh0AUAAAioAphhJiAU42YIDSAEgADmJBQoBAqAAPNg +BAqSAJ0AiBf1E6YVoQcFAPTh8g3g+fUAKyAW+WAFDWIAnQCIEtKA0Q+KFWSgosAg0Q8AAAAAAADq +JAAE2GEAAPwgiBXgDBUAWHvmY//aiif8ISYVp9tBAOqsICgECoAA9aAEYdIAnQCMFisKAezMICno +BIAAWHJYmhL6gAgV7/vuAACLFuxNEQlQBIAA/WAARfAMFQBYcDr0gGAVr/2qAGW8BPlf4AjSAJ0A +LyAg8f/ft5IAnQBj/3QAAAAAAAAA6iAHKuAEgABYe0+IEtKA0Q+KJ9ww6xIAJVCBAABYduDAsvtA +Rh3gAgUA0Q8AAAAA6zQADjgEgAD8YGgd4AwFAFhyNdtA7DQACugEgADqFgIr8ASAAO8SBilQBIAA +WHb/+oAIFe/7HgDqJAAE2EkAAPwAIh2gDQUAWHuqY/7qAABsEAiSFJMVGeoliED4IEYVr8sFAOsq +AQJwIQAA+iBmFaeIQQDkgcBiUBEAAI8TLSEFqYwswACv3wTMC+/8QC5YBIAA/4ANiuIAnQD6ICYV +oGgBAP4AIh3gDQUABv04C98L690KB9ghAACCFZ4Q+QAARXAMJQDyQQAV4A8FAPJAgBWgAg4AjRQO +VQz/4CAVoAMFAO/kAARABQAA8Q5gDeB+AQCGEyKgAC3RBQQiC+bWCAlYBIAA4hYGIzEBAAD2QAZ6 +ogCdAAgGQPIAIh2gDQUABi04C9IL690KAVghAAD3IBAVoAIVAAcjOIcVB2YLF+n8pzcncKAGMgoG +MwvsfAgBmCEAAI7QCwCJBe42LiYAAwCLItIA6qwBJMgFAAD0X/sj4gCdAAUpDA4qDPugBhWgBxUA +9WAoFeAGBQAJdjgIaAgisgAF5QgltgF+WwIiLAHitgAmfRKAABbp44sSHuni5rYBB5AFAAAGIgKG +Fe67AQxuAoAADbsCkmD6gAYV4SwdANEPixD8ICgV7/1SAAAA/E8ADf/8xgCFFRnpswXFC/gAChXg +AgUAsSLlgx4JD+gAAB3pzIYSGunM7W0BB9gFAAANuwKNFepmAQxOAoAACWYC69YAJhAFAAD2gAYV +oSIdANEPAAAAAOoWAS1oBIAA+8BoHe/51gD9jwAN//k+AGwQDPhASBWgCgUA6yAHKcgEgADygGgd +58UBAP2fwBWgBBUA7Ew5DLgEgAD8ISYVobsBAPMbXA3gDAUAmhacFZkTmxSbGy4gFhXphB3phB/p +p+8WCC3HgoAA7YgIDacCgAClRB3poygWCvnS+gWg//UAf+ETAioCWCvgGOl5Hemc6hYIJSn5gABg +ABcAAGZjy/jAHyiQ+vUAKSAW+yAZTSIAnQCJiPcgBhCSAJ0AK1KuHOltZLDRLMJ/K1KtDLsBZLDH +sJmZiBzpi2SzSyzAgCzMN/4haBWkzB0ArDzrFgImYB0AAPXABYISAJ0ALkKe/cAIK6IAnQCMGitC +nSzCvwy7AesWACWZUYAAKnEMiXeZEf1ADpxiAJ0ALHAQ63IDJglBgAD5n/so0gCdAC5yA2Tg0I8W +ZfGuhhGPGI0U7hIAKVAEgADm/zYL2ASAAO8WASngBIAAWClqGOlCHell568ubTAEgABgAvIAAMCg +WaWpGOk8iYgd6V75P/mIkgCdAP/9CA2gCwUAwLDAqgqZNPkBBhXv/M4AAGqRJCtCnnyzQYwaK0Kd +LMK/DLsB5LA1ZPP9AAD/AQYVr/0qAAAAAAD8IaYVoAoFAFmlkhjpJYmIHelI7BINJI8TAAD//IwN +oAsFAMCwwPoPnzT/AQYV7/xSAAAAAAAAAP/8GA2gCwUAAAAAihjAsZsW+V/5KuIAnQDA4J4W+V/4 +yuIAnQDrdAAJUASAAO0SCSngBIAAWCmm/gAiHeAHFQDnFgktOASAAP9AZhXv+7oAZLBJjxX+ACId +oAwFAA/sOGTAiogRhhjqJAAL2ASAAO0SBCngBIAA6GY2CPAEgADmFgEg+BEAAFgqMujo9x0wBIAA +/dIyBe/3/gAAAACLGA8CAPlhVg3gDAUAeaMCLAoB+AAiHeAOBQAMnjjsFgUnfKGAAOt0AAlQBIAA +7RIJKeAEgABYKtH3QGgd4AsVAPohJhXgChUA+uBmFa/9pgCLEBXo/CohB4lwHOj4/9G+BeqqAQD/ +QAAVOJkBAOyqAgTAPQAA/CEoFaSIHQDqtgAkQAkAAAg4DI4gmbPoXzkBs/0AAO+2Ai92AoAA7m4C +BahBAADutgEuDtYAACgSA+iMICGUVQAA6jz+KsgEgABtqQUIAIYJAmErPP4MuxGrW5sQKCAULCAE +o4j1gAihEgCdAAgJRykkFPUgCjZSAJ0AiHIoJhwpcgHoFgctqASAAPMgCjBSAJ0A8TYYDeAHBQCn +ZiZGnSogFisK/3uhCusSASlQBIAAWC32jBllwOPAINEP6xIBKVAEgABYLfEuIBYY6KL90YoF4P/1 +AP/f5RxiAJ0AY/yHiBllj9IqcBDbcPxgaB2gCRUA+1/gFaANBQDqnTgJUASAAFgoXcAg0Q8AAAD6 +QGgdoBvFAPwAIh2gDRUAWHoeY/+9AAAd6LEt0IDrEgQm6N0AAPpAaB2k3R0A/GAARvAMFQDt3Acl +2GEAAFh6E2P/jy4gFi8K///f+vRiAJ0A6xIBKVAEgABYLcnAINEPixAMbBGsu/ogBhXv+5IAKCQU +jXDxv/i6kgCdAPpAaB2gDAUAWG5o9sBgFa/8EgCKJ+s0AAnoBIAA+0QAFaAMBQBYcHfSoNEPAAAA +AAAAAOsSAilQBIAAWAHL+iAIFe/6vgAAAAAAAOokAAxgBIAAWANOiBcpcgEqFgznpAANXwKAAOtV +CAT1PYAA21DqJAAMYASAAFgDFPdAAEP/+koAiif8oGgdoAslAOqsICnoBIAAWChPK3AQ+X/xUNIA +nQApcBUJCEVkjhwrcQkc6GsqcQwvcBGOJwyqDKv/D4gJ/cKkFa/NBQDu7CAkeIkAAO3uAQRASQAA +Cvg5qH2uzu7sQCbogQAA7tteftAEgAAO6jAb6FstoQH9QAQVofkxAAv/CisiF+/yny5kAoAADN0C +C+4MD+4srt2oXv3AJB3v3YEA/cAEHe/2ggAAixT6QGgdoAwVAPtiQBXgDQUAWHmzY/4QAAAAAAD9 +rwANP/6KAGwQBCMgACQK7XQxBiIhA7wi0Q+EIYYg8kBoFaAIJQD3ZAACsJRxAPkPAAxzNgEA9GAA +QfNmgQDl6DccAQqAAABmGvZgAQG9RAEA5SIBAag5AADlIgwBmGkAAAQkLAQzKKMi0Q9sEAiKIicg +B4kwlRX4QtAVoXcBAPFdTA3omQEA+CAmFeD89QB8gR0FC0f7f8AV4AkVAOubOQlQBIAAWC1a81Mw +DeD89QAa5/OIqBbn8PcADZiSAJ0ALmKuGefwZOHbKZJ/JWKtCVUBZFHRKIz/KKYI6VQAAo2BgAAb +6AwlsIDt5+QSqN0AAPggBhXkVR0A5UUIC88CgADmmQgCqA0AAPTgCJISAJ0AKJKe9QATO+IAnQAl +kp0NeAoogr8IVQFkUYgpIBb9IyYNoOvVACowEPtAElRiAJ0AKzELvLvaIFgtGyggFCwgBKSI9YAM +QReYAQApJBT1IA4uUgCdAIoVHufjjREoIQcc58cZ59//oeAV6ogBAP8AABQ0/x0A6YgCB/gFAAAP +TwyYUIsgD+w5/KBmFeeqAQDsVgIt3gKAAOtLAgLIQQAA61YBIcBBAAD5QAlxUgCdAOhBDWJT/QAA +bakFCACGCQJhwICYFOkgBCJb/QAADLsRq1v1IAkJEgCdAIgyKCYc6TIBJdhBAACbEygWAvMgCbhQ +BQUAZpFQpUyIFAx9Eabd7NadLBAEgADRDwAAAAAA9wAOkJIAnQAMeRGmmS6SnvXADvviAJ0AJZKd +DXsKK7K/C1UBZFHNsI2dqGVe3WAAYwAAAAAAAADqJAAJ2ASAAO0SBSpgBIAAWHXX0qDRDwDAoFmj +8Brngoio+R/yGJD89QD/+VgNoAUFAAAAAAAAAPpAaB2gG8UA/AAiHaANFQBYeQhj/7HAUMDqDog0 ++UEGFa/4rgAd55ct0IAt3Df64wAV5N0dAO1NCAlQBIAA/aBgFeAMFQBYePtj/3sAAAAA+EKGHa/6 +DgAAAACKJ/0gaB2gCxUA6qwgKmgEgABYb276IIYVr/tKAIsw82AIopIAnQDiEgQr5wKAAKbMJMad +0Q8AAAAAAAAA6xIAKVAEgABYALtj/jAAAOokAAxgBIAAWAJAiTGLE4gS7KwRDSgEgADsuwgE9Z2A +AOokAAxgBIAAWAIHiBSlpaVMDH0Rpt3s1p0sEASAANEPAAAAAAAAAP/2lA2gBQUAjTWMNB7nZPpg +6BXgCSUA/HAAB7CtcQD7LwAMu4whAPsgBADTzAEA6MwID/gKgAD/gAEGfd0BAO67AQZwOQAA7rsM +BmBpAAANvSwNzCj9YABFv/W6AAAAAOokAAPYSQAA/AAiHaANBQBYeLRj/mHAoFmjjhrnIYioHecf ++R/xCJD89QD/+PANoAUFAMBQwLoLizT7QQYV7/i2ALBLDLsR61sICVAEgAD7YgAV4AwFAFhtCrNM +4hIEK+8CgACm3SzWndEPAGwQBgIqAlgtAyQwFvnOVAWipgUABqYohTeoaARECghEC+RNESlQBIAA +5EwwIqghAABYLPiIQB3nJyswFvUMHg2gBxUALNJsLdJpqt0J3RGtzBjnIh7nIaho6YJ9LW8CgADu +3QgNgQqAAO/SASvwCoAADpkCHucRDv8BLoJ/D+4CH+b6KYZ9Dv44DpkCmdIogn/Ii4bHJmwQ2mBY +BddooRuIMupCASkBCoAAAHkaCYgClaCaUZRQlUGYMtEP2mBYBesW5wcLqBGoZuYWASUCeYAAFucA +DOowixErsoWLsLCqmhAMuwhZqBuMECpilgDBBAB7GguqAipmllmoUY0y70IBKQEKgAAAfhoO3QKV +8JRQn1GVQZ0y0Q8AAAAA+gDiHaALFQBYcbiIMitifytmg+pCASkBCoAAAHkaCYgClaCUUJpRlUGY +MtEPAAAAbBAI2iBYLLDUoBvm5fnNxgXipgUABkQoFebU6UkICVcCgACrqoqgKZJ/GObbpUX7IAQE +sGMFAPggBhXgBxUA4QAFATO5AAD4gABCMADCAAAAAAM8CuXMCwtoBIAA6MKQKVAEgADszQIqWASA +AO48oCZgwQAAC4AAAQGHAzdg4QEHCfdAAADRD2wQBCYhCfhCkBXv+AUAJyAV6JgBCzYCgADomQwL +uQKAAAdmAvhChh3gBwUAJzQA+GBmHaAEFQAEZgKWMRXmhyRWrdEPAAAAAGwQBBbmtBXmkdMPpiIF +NQIlJoAkIoBnQAttCAUoIoBngAJj//PRDwBsEAQT5qsiNopj//wAAAAAbBAEKCAFJSAH+mCoFa/0 +1QD6QEgV4AMlAP0BIBHRVQEAwCDRDwCIKZorDwIA+wAIPCIAnQAa5psKWgnpofwlUAsAACqhAPsg +BLOiAJ0A82AEcBIAnQACKgJYbHgrIgIPAgADugFkr7iKJwS7AesmAiVQwQAAWGWh4+ZpFQE5gAAo +oADTD9MPA4gKKIIQ7KAHLVgEgAD6QGgdoA1FAAuAAGWv3Ikn0w9kn3YqmRTKp4qZZK9sKKAAA4gK +KIIQ7KAHLVgEgAD6QGgdoA01AAuAAGWv4GP/SgAA//9UDaAKBQDaIFhsZSsgIuq7DAlQBIAAWG2v +2lD6ACId4AwFAFhvXosiA7oB83/65mIAnQAvIAfaIPwAIh2gDQUA9WAEBzG/AQDuJgIl2H0AAFh3 +vsAg0Q8AAAAAAAAA6yAiKVAEgABYbZsqIAXBg3ihDGioKYsi82AEBX/8RgApIDrAv3uZ6vpAaB2g +CwUA/AACHaANJQBYbNJj/9cAAPpAaB2gCwUA/AACHaANJQBYbEtj/78AAGwQCogrHeY5LiAhizf8 +YMgVoP/lAA/uAS4kIQ3MAQy7DOuJCHjIBIAAwCDRDwMAhgkCYZsVKCAFJSAH+CEGFe/01QD8QEgV +4AMlAP0bQEHRVQEAiikc5i+bK/tACBRiAJ0ADFwJ68H8JmALAAAswQD9YASjogCdAPOgBGASAJ0A +2iBYbAqLIgO6AWSvm4onBLsB6yYCJVDBAABYZTQKqwLj5fsVASmAACiwANMPA4gKKIIQLLAH+kBo +HaANRQALgADrpAANfx4AAIknZJ9aKpkUK5IJyqhkv08osAADiAooghAssAf6QGgdoA01AAuAAOuk +AA1/LgAAY/8tAAAAAAD//0gNoAsFANogWGv3KyAi6rsMCVAEgABYbUHaUPoAIh3gDAUAWG7wiyID +ugHzf/rOYgCdAC8gB9og/AAiHaANBQD1YAQHMb8BAO4mAiXYfQAAWHdQwCDRDwAAAAAAAADrICIp +UASAAFhtLSogBcGDeKEMaKgpiyLzYAQFf/w6ACkgOsC/e5nq+kBoHaALBQD8AAIdoA0lAFhsZGP/ +1wAA+kBoHaALBQD8AAIdoA0lAFhr3WP/vwAAbBAEHOXXizQpMBb9YAQFtZkdAPUgCAiSAJ0A7uXS +FIiJgAD7y6IFr/3lAOTlqhSkuQAAaZUiLKF+7LMMdlARAAD7YAibogCdACsgBrC7CwtH6yQGJYLJ +gADAINEPLKF+0w/sswx2eBEAAP9gB9PiAJ0AKCAGsIgICEfoJAYsft4AAIkniyIqmRQNuwGbIouZ +ZKC0KLAABIgKKIIQ2iD9YPAVoA01AAuAAMAg0Q8AiyKKJw8CAA27AesmAiVQwQAAWGS8ya0ooAAE +iAooghDsoActWASAAPpAaB2gDUUAC4AAZa/giSdkn28qmRRkoGCKmWSvZCigAASICiiCEOygBy1Y +BIAA+kBoHaANNQALgABlr+Bj/0IAAOokAAnYBIAA7EQACugEgABYbOXAINEPAOokAAnYBIAA7EQA +CugEgABb/0HAINEPAP/9HA2gCwUA//50DaAKBQCINyLifwmIEfhAAEE/+5YAiDci4n8JiBH4QABB +P/v6AGwQBBrlZyiis2SACwnqMCuitAuZDGeQAdEPWG8G0Q8AbBAEHOV0JiAHG+VzH+V1/kEEFaDW +EQANyzmbMIcg+8p4BaAJJQD6YEYVoBgFAOg2Ayu+AoAA+OYADHFmAQD4YCYVoAwFAOUgeSs0AoAA +98YADrArBQD/pgAO8Ao1AOjlXxKCAYAAnDWcN5szGeVeCnUClTGZNiUhCZ00LyAHnDmUO/imAAkx +/wEA4jYKL/wCgAAP7gII7gLuNggtEASAANEPJyEIKiEJnDWUNwZ3AgiqApo2CHcC5zYELJAEgADR +DwAAAGwQBBjlSB3lQisgBxzlQiohCPoCAAdxuwEA7tw5DdwCgAALqgKcMOPlKhmwBIAACKoCHOUG +IzCA+kAIFeANBQCdZexmAiG43QAA+sCGFaR3HQDpfP8t3gKAAOt7AgzPAoAA62YBJMvhAACZYwIE +iZNnKGYGBiCLGOT2JSEJ9MFmFaQzHQDlZgorkASAAOgABQMowQAAbTkCBQJh0Q8AAABsEAYd5SEL +KxGtsyoyfxnlHxflAoigwED44ABE8AYVAOm5CAQBqYAALDJ4LzJ7+YAFfGIAnQBl8RQsNnwrMnkr +NnvdQA3kFgECAJSgDeQWwMn8QAXcIgCdAC8ye8HA7eUMF4ORgAAiMnwqIQSOIPPh/g2mugEAJDZ8 +9G9mFaAAHgAuNnztrwEFw/0AAAj/Au8lBCWMWQAAIjJ8sMzvMnshAPGAAMnGY/+/2iBYbyFloMIq +IQT/QQAMFpoBAMiX0Q/aIFhvFNEP2iBYbtbRDwAAAAAAAPpAaB2gCwUAWG+k0Q8uLPjq0ogvAQqA +APzAAQXf/PUADLsDC6oBKtaIWaYqJDZ8JDZ7+m/oFa/84gAAABXkoy9QaWTwalmcolhujShys9MP +yIFYbmIpUGlknylYblzIrhXk2CxSeLDM7FZ4JgLJgABYbeNj/w4AAAAAHOTS/m+IFaAKVQD8b0gV +4AtFAO0WACFr5QAAWaRb+m/oFa/7MgAuMnviNnwveh4AACI2e9EPH+TGL/KucfaL9q0mHa/+IgAA +AAAAWZxs+q8GFa/+kgBsEAQU5L4Z5Ljo5JsZXsKAAKS0I0J/qYjouAgBgiGAACoyAHipAipCexzk +sCsxBCpGfwy6Aeo1BCnQBIAAWG7TzqkpMQT/IQAMFtkBAMjX0Q/aMFhux9EP2jBYbonRDwD6QGgd +oAsFAFhvWNEPI0Z/0Q8AAGwQBPBg4A3v+fUAiCIJOQMJiAGYIoonKqwwWGOh4+RoFQEZgAAooAAD +iAooghDsoActWASAAPpAaB2gDUUAC4AAZa/giSfLkiqZFMqlipnJrSigAAOICiiCEOygBy1YBIAA ++kBoHaANNQALgABlr+DRDwAA//9cDaAKBQDRDwAAbBAIHeRgG+SCFOQ898kABaAYxQDjLOgl04EA +APhADcwnMwEADDURpFXoUp4pZsKAAKbEKUB/+QAQU+IAnQAoUp1kgf+bEeoLHg1IBIAAmRAKIIYL +AmULAmMNAIcJAmEJAmHtxwgJAQqAAP/I1AXgDhUA4+QzH3AKgACeE6/P/iCGFe//9QD/1wAPcAZF +AP4gRhWgAMIAAAAAipnJrSigAAOICiiCEOygBy1YBIAA+kBoHaANNQALgABlr+ApQiBkkO8tQHws +QH0e5FQN2wkHuwru3ggF2CsAAIqyLuCAZKE4/cf+DaAIFQAvCgANjzgP/wkH/wov/Qov/Jwv8hss +CgEM3APx4SAN58wBAAzLCQe7CuxEfCXYKwAAwND8j6Yd4AwFAI2w71KeJvP/AAAu4P//4AR7ogCd +AC9Snfbf4BWg+PUA8efADedmAQB4YXTqEgQmQAUAAOhEfSbj4QAAWG5YiRPSoOsSAiSAYYAAiqIL +qgEqJgKKJyqsMFhjKcmtKKAAA4gKKIIQ7KAHLVgEgAD6QGgdoA1FAAuAAGWv4IknZJ8XKpkUZa7u +//u0DaAKBQCMEYsQDICGDGCGCwJpCwJn0Q+PEY0QLkR/D8CGD6CGDQJtDQJr0Q+bEeoHHg1ABIAA +mBAKAIYLAmMLAmEN4IcIAm/o7AAJ0ASAAFmbzGSvr+3j4BmvAoAA5FUICWbCgAD3gABCP/kyAMCx ++7cADfAMBQD8j6Ydp7sBACtEfAu7CfdgAQXwDAUA+2FAJe/7mgAAAAtghgtAhgoCZwoCZdEPAABs +EAQY46kCA0cMMxGoMysyhBnjtiiwAIqxCYgKCiGMAgo+KIIQAwI+/EBoHaANJQALgAAiNoTRD2wQ +BBTjmwIDRwwzEQQzCCQyhCpCASZAAChACPqYaB2gqSUAAgU+AwI+eYEjGOOiCGgKKIIQ6lQAClgE +gAD8QGgdoA0lAAuAACI2hNEPAAAA6yQAClAEgABYbh/zQGgdr/82AAAAAAAAbBAEWZ8cEuOAE+Oh +DAIAKSKCCRqOA6gKiIQLgABj/+sS48ID6DAE7jAFsTCTIJQhlSIS474T44OEIAQzApMgEuO8wDAo +N0AoN0QoN0goN0wjPQFyM+0S47fAMJMgxy8T47YDIwMS47WEIAQ0AZQgEuO0hCAENAGUIBLjsoQg +BDQBlCAS47GEIAQ0AZQgxy/AMQMjAxLjroQgBDQBlCBj//wAAAAS46uDIAMTFA8zEZMgEuOowDAj +JgBX/9kQ46eRAJIBkwKUAxHjpYIQAeowohEB8DHAQATkFgACABHjoYIQIxoAAyICkhAR457AIZIQ +BOQxhAODAoIBgQAA0jABIwAAAAAQ45mRAJIBkwKUAxHjl4IQAeowohEB8THAQATkFgACABHjj4IQ +IyoAAyICkhAR44/AIZIQBOQxhAODAoIBgQAA0zABMwAAAAAQ44qRAJIBkwKUAxHjiIIQAeowohEB +8jHAQATkFgACABHjfYIQI0oAAyICkhAR44DAIZIQBOQxhAODAoIBgQAA1DABQwAAAAAAXJQBXZQC +XpQDX5QAQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AFyQAV2QAl6QA1+QAFMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAACclAAdkAGdlAKelAOflAQIlAUJlAYKlAcLlABDAAAAAAAAAAAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAnJABnZACnpAHHZADn5AEeJAFeZAGepAHe5AAUwAAAAAAAAAAAAAAAAAA +AAAAAAAAAAAAAAAAAAAAAAAAAAAAANyUAB2QAd2UAt6UA9+UBASUBQWUBgaUBweUCAiUCQmUCgqU +CwuUAEMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADckAHdkALekAsdkAPfkAS0kAW1kAa2kAe3kAi4 +kAm5kAq6kAu7kABTAAAAH//89ADSMRD//goAAAAAAB///TwA0zEQ//4KAAAAAAAf//2EANQxEP/+ +CgAAAAAAAPQwCgAAAAAA9DAKAAAAAAD0MAoAAAAAbBAIiCInIAcpIhmZFfEVfA3hdwEAHeJDZJEl +FuJELdCA6+I/G9cCgADmqggG6N0AAP1TyBWk3R0ArU3p4jsW6AkAAP2ACwvgCKUAKqKdC3wKLMK/ +DKoB6hYGJQqpgACKmPdACwiSAJ0ALmKu7eIxFwiJgAAsYq0t0n/tywEFc/0AAP2AB+5iAJ0Anpj9 +gAf2YgCdAC8gFKT/Dw9HLyQU9eAJxlIAnQArMgn4IMgV54UBAPkACWlWux0A6DwQIgxBAAAqTP9t +qQUIAIYJAmHAUIkVGuIYDwIAiZDoEgYia/0AAOqZAgzmAoAADNwC/QAmFaAKBQBtuQfphgYkQQEA +AIgWjDKcFCwmHOsyAS7PAoAAqYiYE/NgCrhSAJ0A6hYALYuCAACLEOtLCAvnAoAA5swIBdv9AADr +xp0qkASAANEPBQxHaMIYiif6gGgd4AwFAOqsICpoBIAAWGmj0qDRD8Ag0Q8AAAAA6iQACdgEgADs +RAAK6ASAAFhv39Kg0Q8AAMCwCKw07JYILfhWAACNImXf1Nog/EBoHaAbxQBYbHNj/8QAAAAAAP/6 +rA2gCgUAjiJl77IrfBjqJAAJYASAAFhsamP/ocCgWZ3mGeHXipj5X/SokAilAGP/stogW/rcY/7D +jyefEYX5+eKCFa/JBQDs8RUn6IEAAAnZAZkS6ckIClcCgADqiAwCqEEAAJX5CIgy6PUUJMkBAAD4 +oAfS4gCdAGirQaWsLMzw/SAEY6IAnQDvEgYiDIUAALBObekFBQCGDwJhjNEPAgAPAgCsrOjZBCZj +wQAA+YAGRGIAnQDs1gEuKASAAGWOZGAAlAAA6iQADFgEgABb/D6LMYgTjBTqFgAtbwKAAO2ICAX0 +xYAA6iQADFgEgABb/AWOEO6uCAqQBIAA7k4IC/8CgADm/wgHc/0AAC72ndEPBZkM/CDIFaT5HQBt ++QUFIIYMAmOMEg9FDC8SBizMQOn/CAKMQQAAKFz/bYkFDECGDwJlhRIs2QQJqAyoVSVcMOXWAS5u +jgAAiRLAUOXVBCTJAQAAmdH5oAYV7/buAAxVDPXhJhXv/A4AhRIlXED1oCYV7/zuAAAAAGwQBB3h +gBrhgRzhfy3SNiqhfizCi6Pd6joMDu5CgAD9gABGcAsFACvEBCvEBVkMbPpAaB2gCwUAW/yv0Q8A +AABsEASFI4MgFOFy+ECEFaFVAQDq4XAarsKAAORUCAGAuYAA+wAEBDaYOQAJiAIoJQQiQn/RDx3h +ZxPhaB/haCZCfishBC5Cf5JgliGj//1gBAX2yzkADLsCr1/vJgAnKAUAACVGfyJGfuslBCqQBIAA +0Q8AAGwQBIIjAgJB0Q8AAGwQBIogZaBQHeFW6iIDKfbCgACu3f2v6BXgDBUA/IBABjGqAQAGqgIN +yCwI3SgnJQXtzAwEWAUAAP1tAAw/+8UA66oBDE5CgAAJWQIDqgKaIwmIAiglBNEPjyMb4UIPD0EL +/hGr6y2yfxnhPCyyfnLZGdnA8yPeDaAMBQDAwCy2fyy2fvpACBWgAEYA2MDzDEYNoAwFAHLRHI0h +mtCOICmyfZ3hnCDsJgEky/0AAPlvphXv/VoAGeEoGOEoqYio6HihIOq2fy+BLgAAza0qsn1qohgt +snv9b+YV4ABKAAAAAAAAAOy2fyf/KYAA+kAIFa/+pgAc4RmIIayZqen5DwAM8AwFAAnIOPlvxhWv +/ioAbBAE9cIqBeAGFQD0QGgdoAI1APaAQAMwAB4AALAiKFJ/6GP3cquBAADRDwBsEAT0QggVpCNB +APJaAAk/U4EABCIKhCaCIQVEKApEEaQi0Q9sEAQpIhIjIAfUUPg+AARwBTUA9QAIcJEzAQAX4Oz3 +wdwFoYnhAPUACFCSAJ0A9GAGIhIAnQAMORGmmSqSngc7Ciuyv/dACGHSAJ0AKpKdC6oB8U7ADedE +AQAoIQcZ4Ov/wdgFqogBAOvg6xxHAoAACYgCmKAY4Oj8QAgV4DwFAJyn+0CmFeAZhQCZo/lARhWg +CAUAmKbu3QIO/gKAAJ2kBf8Cn6EvIhIPj0Hopggv/wKAAJ+p7eDZGfcCgACm7iXmnSwiEioiEA3M +AuwmEilYBIAAWNCAaEIYiif6ACId4AwFAPtEABWgDRUAWGhq0qDRD8Ag0Q8c4LeLyGqxXQw5EaaZ +LZKebtNoKpKdBz0KLdK/DaoB5KBbZfP9AAD/gQYVr/zGAC8aAA+ZAvhCRhXv+7IAACgqAAiYAvhC +RhWv+8IAiSLLnGhCUMAg0Q8AAAAAAAAA//voDaAKBQDAoFmcrBzgnIvIa7GU//uUDaAKBQAAwKDA +2g29NP2BBhXv+1YAAAAA6iQAAdhhAAD8AAIdoA01AFhxwmlCrownL8kUisn/hAAVr8gFAOjuAQf4 +QQAA78UUJVPBAADqxgkncQEAAH6rKinBFR3glqqamsmdoIwg+8EoBeANFQDrpgIuZgKAAA3MAv1A +JhWgAgUA0Q8d4IydoIwg+8EWBeANFQDrpgIuZgKAAA3MAv1AJhWgAgUA0Q8AbBAYkhCOIBXgg4kj +iyGKIioWIisWJPgkZhXgBBUA9CDmFaAIBQD4IKYVoAxFAPwhRhWgDTUALRYJ9CDGFeAPJQAvFgj1 +wOoF4A+lAP4iBhXgDbUA/CImFeAMxQD8IkYVoAiFAPghxhWgBJUA9CHmFaAJdQD4IaYV4AtVAPoh +ZhXgCmUA+iGGFaAL1QD6ImYV4ArlACoWFPXAwgWgCfUA+CKmFeAIRQCYFIYWKxIkiRUnYX4sEiIi +YX8HmSgvUIAJKQj4nIgVo5kBAAOZCu6SAC9QBIAAJmI+LRIjCO4IC2AAjhcsEiQtEiIH7igvUIGu +LvicqBWj7gEAA+4KjuAqFhbqEiMtWASAAKjuC2AAjhgsEhYtEiQH7igvUIKuLvicyBWj7gEAA+4K +juAqFhfqEiItWASAAAjuCAtgAI4ZLBIXLRIWB+4oL1CDri74nOgVo+4BAAPuCo7gKhYY6hIkLVgE +gACo7gtgAI4aLBIYLRIXB+4oL1CEri74nQgVo+4BAAPuCo7gKhYZ6hIWLVgEgACo7gtgAI4bLBIZ +LRIYB+4oL1CFri74nSgVo+4BAAPuCo7gKhYa6hIXLVgEgAAI7ggLYACOHCwSGi0SGQfuKC9Qhq4u ++J1IFaPuAQAD7gqO4CoWG+oSGC1YBIAAqO4LYACOHSwSGy0SGgfuKC9Qh64u+J1oFaPuAQAD7gqO +4CoWHOoSGS1YBIAAqO4LYACOHiwSHC0SGwfuKC9QiA4uCPidiBWj7gEAA+4KLuIAKhYd6hIaLVgE +gAAI7ggLYACOHywSHS0SHAfuKC9Qia4u+J2oFaPuAQAD7gou4gAqFh7qEhstWASAAAjuCAtgAC4S +ECwSHi0SHQfuKC9Qiq4u+J3IFaPuAQAD7gqO4CoWH+oSHC1YBIAACO4IC2AALhIRLBIfLRIeB+4o +L1CLri74negVo+4BAAPuCo7gKhYg6hIdLVgEgACo7gtgAC4SEiwSIC0SHwfuKC9QjK4u+J4IFaPu +AQAD7gqO4CoWIeoSHi1YBIAAqO4LYAAsEiEuEhMtEiAvUI0H7igoQvGuLvogZhWj7gEAA+4KjuDq +Eh8tWASAAJsRqO4LYACMES4SFC0SIS9QjgfuKChC8q4u+iBGFaPuAQAD7gqO4OoSIC1YBIAAKxYj +qO4LYAAuEhUsEiONEwfuKC9Qj64u+J5oFaPuAQAD7gqO4OoSIS04BIAAJxYi6O4IC9gEgAALYACO +ESoWJCkSEi0SFY8VKxITLBIU6BIRJ/hBAADvFgUl2EEAAOsWEyZgQQAA7BYUJEBBAADoFhEm6EEA +AO0WFSTIQQAAKRYSjR+JHIgbjB6LHe8SECRAQQAA6BYLJmBBAADsFg4l2EEAAOsWDSf4QQAA7xYQ +JMhBAADpFgwm6EEAAJ0fiRaNGY8a6xIHIiEBAADsEggm6EEAAO0WCSf4QQAA7xYKIqhBAADvEgQm +YEEAAOwWCCXYQQAA6xYHJMghAADpFgYn+/0AAO8WBC/iFgAAiRCPE4sSjpCIk4ySjZGriKfMqt2v +7p6QnZGckpiT0Q8AbBAEKSIV+KAABPA4dQDpjAwBIEEAAPMgAEU/iwUA66QQJVBFAAD5AAXTYgCd +ACsKAFmYgSwiFSsiFO3NEQlABIAA/EJGFe6APQD9awANsAk1APpCZhXgCiUAbaoMjoQODo7uhgQk +QBEAAA8CANMP0w9tmiHpggQkQEEAAIqBi4KMgwkJjgoKjgsLjgwMjpmAmoGbgpyD60QACVAEgABb +/rWKIIgiiSGPIwgIjgkJjg8PjgoKjpognyMpJgHoJgIpQASAABnfNAIAhgMCYfgAChXgCbUAbZoC +CACK0Q8AAAAAAAAA/YEAFaALBQBZmFL4QGgdoAlFANMPbZoh6YIEJEBBAACKgYuCjIMJCY4KCo4L +C44MDI6ZgJqBm4Kcg+okAApYBIAAW/6T2kD/+/wNoDyFAABsEAYpIhX4QogVoEYFANMP+IAARXWZ +AQAJZgx0qwGxiComFQYqDOgmFCVRQQAA9oAHs6IAnQDrNAALYASAAFmYJfhAaB2gCUUA0w/TD22a +IemCBCRAQQAAioGLgoyDCQmOCgqOCwuODAyOmYCagZuCnIMlLBDqJAAK2ASAAFv+cAZHDPbgBY7S +AJ0A5jQICtAEgAD24GgdoAMFAOQWACpABIAA+MhoHaAJRQAKAmcIQIYKAmUIIIYKAmMIAIbqDAAJ +QASAAG2aIemCBCRAQQAAioGLgoyDCQmOCgqOCwuODAyOmYCagZuCnIPqJAAK2ASAAFv+U+pUAAGY +BQAA5mzAIiEBAADvbZpqQASAAIsQCjwRC8sI7HwMCtAEgABZl+3RDwAAAAAAAOs0AApgBIAAWZfo +0Q8AAAD2YABGMAMFAPwgBhWv/yYAbBAEGN7IGd7GGt7EE97HkyOYIpkh+kAGFaALBQArJhUrJhTR +DwAAAGwQBt4g5OIQKmAEgADnQgcr0ASAAPu9agXgGDUA40IVKZAEgADncg4i++kAAHj7JxjetQj4 +CoiAmhOcEu4WASwAIoAAAJMQKrKV7FQACVgEgABZmZlkpc/ygqYV4AIFANEPAAAAACviEgubUu4W +ASX/QYAAGt6e4xYAKVgEgADqorcq4ASAAFmZjGSlghrel9sg6qK5KuAEgABZmYdkpuAa3pPbIOqi +uyrgBIAAWZmC90jgDeN2xQAa3o3bIOqivSrgBIAAWZl8ZKbhGt6I2yDqor8q4ASAAFmZdyN9A+8C +AAGaAQAA+0BDcBIAnQArMNnBWPVgLAhiAJ0AabchJTTZixD6gqYV4AIFANEPkxAqso3sVAAJWASA +AFmZZ2SnH4sQ+oKmFeACBQDRD5MQKrKb7FQACVgEgABZmV9lrxj6IGgdoAu1AFjMifoAIh3gAwUA +6rM4BQDhgADqEgIrWASAAFmX8sipHN5ojREMrDYs1hdlMyuNEPyCphXgAgUA0Q8AAAAuQG5k7s2T +ECqysexUAAlYBIAAWZlIZa66+iBoHaAbZQBYzHH6ACId4AIFAOqyOAUAqYAA6hICK1gEgABZl9os +fQMqxShlItSNEPyCphXgAgUA0Q8AkxAqsqPsVAAJWASAAFmZNGSiuxreQNsg6qKPKuAEgABZmS9l +rlj6IGgdoAtVAFjMWfoAIh3gAgUA6rI4BSgZgADqEgIrWASAAFmXwixAb/GAJ27SAJ0AZKTlihP6 +AKId4AzVAFjMNdKg0Q+TECqyqexUAAlYBIAAWZkZZa7I+iBoHaAbJQBYzENkojsrQG7TD2S3kuoS +AitYBIAAWZetLEIWCsw2LEYWixD6gqYV4AIFANEPkxAqsqfsVAAJWASAAFmZB2SiNxreEwIrAg8C +AOqioSrgBIAAWZkBZa5o+iBoHaAL5QBYzCtkodvqEgIrWASAAFmXlyt9Aiq1FIsQ+oKmFeACBQDR +D5MQKrKZ7FQACVgEgABZmPJkoioa3f3bIOqipSrgBIAAWZjtZKOHGt352yDTD+qikyrgBIAAWZjo +Za4C+iBoHaALdQBYzBFkoXUrQG5ktwIa3e6LEuqi3ytgBIAAWZjeZaZkK0BvwMgMuwIrRG+LEPqC +phXgAgUA0Q8AAJMQKrKv7FQACVgEgABZmNNkoe8a3d/bINMP6qKRKuAEgABZmM5lrZr6IGgdoAtl +AFjL92ShDStAbmS2iRrd1IsS6qLfK2AEgABZmMRkppgrQG8sCv0MuwErRG+LEPqCphXgAgUA0Q8A +kxAqspfsVAAJWASAAFmYuWShtxrdxdsg0w/qoosq4ASAAFmYtGSi2hrdv9sg6qKrKuAEgABZmK9k +rFca3bvbIOqisyrgBIAAWZiqZaxEGt22ixLqos0rYASAAFmYpWWkaosRK7ISC5lSyJlokgf5IA9h +0gCdAIwRK8YS8oKmFeACBQDRD5MQKrKH7FQACVgEgABZmJhkoXoa3aPbIOqiiSrgBIAAWZiTZayv ++iBoHaALJQBYy7zKohrdm4sS6qLfK2AEgABZmItlrI+KE/oAQh3gDNUAWMue0qDRD8Ag0Q8AAAD6 +IGgdoAv1AFjLrmSv6uoSAitYBIAAWZcb6xIAI+ALAAAqxRX6gqYV4AIFANEPAAD6IGgdoBsVAFjL +omSvui1AbmTVJClAb/E/4W+SAJ0A8T/hL9IAnQDqEgIrWASAAFmXCS5CFwruNi5GF4sQ+oKmFeAC +BQDRDwD6IGgdoAulAFjLkGSvci9AbtMPZPSV6hICK1gEgABZlvsoQTT7AA8CogCdAIoT+gFCHeAM +1QBYy2/SoNEPAAAA+iBoHaAbVQBYy4BkrzLqEgEqWASAAOwSAitoBIAAWMsIixD6gqYV4AIFANEP +AAAA+iBoHaALlQBYy3RkrwIpQG5klDga3VKLEuqi3ytgBIAAWZhBZaJzK0BvjRD8gqYV4AwVAAy7 +AvqN5h3gAgUA0Q8AAAAAAAAA+iBoHaALFQBYy2Jkrroa3UGLEtMP6qLfK2AEgABZmDBlqySKE/oA +Ih3gDNUAWMtD0qDRDwAAAADqEgIrWASAAFmWxPVAFrKSAJ0Axy/RDwD6IGgdoAuFAFjLTvoAIh3g +AgUA6rI4BQFJgAAsQG4PAgBkw6Ea3TDrEgIrYASAAFmYGGWihi1Ab8DoDt0CLURvZS41jxD+gqYV +4AIFANEPAOoSASpYBIAAWMtDZa+cKzDZY/puAAAAAPogaB2gGwUAWMs0ZK4CKEBu0w9kgxTqEgIr +WASAAFmWnylCGIsQK0YVCpk2+IMGFeACBQDRDwAA+iBoHaALNQBYyyZkrcoa3QWLEtMP6qLFK2AE +gABZl/Tj3QodB+YAAIsRK7ISC8lRyJlokgf5P/kR0gCdAI4RjBADvQEt5hL8gqYVoAIFANEPZS2E +jxD+gqYV4AIFANEP6hICK1gEgABZln4qRTSCEPKCphWgAgUA0Q8jfQPyb4AV4AsFAPpgaB2gjAUA +WZYP6hICKdgEgABYy10jfQMjPIArMNnAxAy7Avp/Zh2nuwEA+nsmHe/l0gAjfQMjPIAoMNn6IEgV +oAklAAmIAug02StYBIAAWZZjKzDZ+nsGHa/lKgAAAIoSWYxqKH0DKID8eKkaihJZjGbspAAD2BMA +AOoSAiXb9QAAWZe5ZKG5wKL9uZ4FoDsFAFmcHMcv0Q8AGtzBixLqoscrYASAAFmXsGWuJ4sRK7IS +C8lRaJEKaJIH+T/wsdIAnQAe3MEDvQEO3QKOEYwQLeYS/IKmFaACBQDRD4oT+gEiHeAM1QBYyrfS +oNEPAAAAAPogaB2gC0UAWMrIZKxSGtynixLTD+qixStgBIAAWZeW49yvHQVmAACLESuyEgvpUciZ +aJIH+T/tUdIAnQCOEYwQA70BLeYS/IKmFaACBQDRDxrclosS6qLPK2AEgABZl4ZlrX6LESuyEguZ +UmiRCmiSB/k/62nSAJ0AH9yZghHvvwID6A8AAO8mEibqAQAALNDZwOEOzAIs1NnygqYV4AIFANEP +ihP6AQId4AzVAFjKidKg0Q8jfQMjPIArMNnAwQy7AgsLR/p7Jh3v354AAAAa3HeLEuqixytgBIAA +WZdmZaz/ixErshIL6VFokQpokgf5P+dx0gCdAB3cegO8AQ3MAo0RLNYSixD6gqYV4AIFANEPAAAA +AAD24ABCsAsFAPqgaB2gjAUAWZWKwWDqEgIq2ASAAFjK2Csw2Qa7Avp/Zh2nuwEA+nsmHe/dngAA +ACN9AyM8gCsw2cDIDLsCCwtH+nsmHe/dMgCKE/oA4h3gDNUAWMpY0qDRDwCKE/oCAh3gDMUAWMpT +0qDRD4oT+gFCHeAMxQBYyk/SoNEPihP6ASId4AzFAFjKS9Kg0Q+KE/oBAh3gDMUAWMpG0qDRDwCK +E/oCQh3gDMUAWMpC0qDRD4oT+gIiHeAMxQBYyj7SoNEPAIoT+gDCHeAMxQBYyjnSoNEPihP6AOId +4AzFAFjKNdKg0Q+KE/oAwh3gDNUAWMox0qDRDwAAbBAEJCIQZEBsKTAQKjARLDAa6zASLM4CgAAK +mQLqMBMszgKAAAuZAuswGSzOAoAACpkC6jAYJIURAAAIqhELqgLrMBstVgKAAAyqAgiqEQuqArGq +6iYWJISNAAApIhLr3BwUwCiAAAubASsmEixABS0KlX3BScAg0Q8ALjAULzAV6DAWL3YCgAAP7gLv +MBcvdgKAAAjuAgjuEQ/uAv3XYABQjQUALyISePckwKX9uBIFoDsFAFmbUcAg0Q8AAAAA+oBoHaAL +ZQBY5KDAINEPAIwnKckUi8n5hAAVr8oFAOqIAQTJAQAA6cUUJdsBAADrxgkkQQEAAHi7Bi7BFavr +m8kY2/XZsPgACB2gD0UAbfoCCQJhHNvcnLCKIP1AABUwDEUADKoCmrEpMBQqMBUe2+vvMBYszgKA +AAqZAuowFyzOAoAAD5kC7rYCLM4CgAAKmQLptgQhwCEAAOgGAAX4YQAADwCKKiISiSINqgLqJhIs +9+YAAPpAaB2gDTUAC+AAY/7pAGwQBiQiEC9AbvXgBtiQnFUAHNvSjSCONi8xC/hj8BWgClUA+CAG +FaA7BQBZmxMa28wkIhgsMQuILIlKhUf9AABEMAsFAPhBhhWgDQUA5VIOJJBWgAAtRhcKngL+gUYV +oAAqAAAAACtCF+taCAHYgQAAWZTFL0IXLjELjUCv7i5GFypQBCxQBRjbt+tQBi1WAoAADKoC6VAH +LVYCgAALqgLs27IdLgKAAAlVAghVAfSgYBXv+MUA+KAEArA7BQD+oGgd4ApVAFma7CoiEykxCytC +F6qZ6SYTIsDBAAB4sUHAINEPAAAAAAArQAV8sfAc25/8QAgV4AolAP6ACBWgOwUAWZrd+oBoHaAN +JQD8TIYd4AsVAFjkLMAg0Q8AAAAAAAAf25OOSg/uAe5GCilQBIAAWOFo+kBoHaALBQD8AAIdoA0l +AFgBg8Ag0Q8AbBAGHNuJLSIALjIF9EDoFadVAQD+v8AV4AgVAA+POfSCghWgClUA9CAGFaA7BQBZ +mr+JImWQmCYgBxfbTAYGQeoyBStHAoAAp4grgp4krB/5togF5EQdAHSzfCiCnQlrCiuyvwuIAe2E +AAQDqYAAHNtmDACHbUkCCAJhiDQe20ie0IkgHNtK6tYDJthBAADs1gIszgKAAOlJAgHggQAA6dYB +KVAEgAALgAAMbxGn/+T2nSKUdQAAiif6AUId4AwFAPtEABWgDaUAWGLX0qDRD8Ag0Q8AAAAA//4s +DaAIBQDqJAAKaASAAPrDABXgDAUAWGxQwCDRDwBsEASHJyp5FB/bQvjipBXvzQUA6HIIJVAHAADs +cgslUoEAAOqTd3PYgQAADbsBq5nowXR0yQEAAC6NAep1FCdSgQAA6pNxfDAEgAB5oX2aeO8ABQs4 +BIAABwJhBwJhBwJhBwJhBwJhBwJhBwJhBwJhBwJhBwJhF9sRl2CFIJNllGTztlgFoAelAOJmAiqu +AoAAB1UC5WYBKxAEgADRD8Ag0Q8AAAAAAAD3gGgdoAgFAPjhZhWv/nIACJoMCroMKq0BKqzg+uEG +Fa/+IgAsvED84QYVr/32AABsEATHjwhYAwg4AghIA6ho6CIIC4EKgAACIhiiMtEPAGwQBAQ4AwhY +A6ho6CIIC4EKgAACIhiiMtEPAABsEAQEOAMIWAEISAOoaOgiCAuBCoAAAiIYojLRDwAAAGwQBAVI +Awg4AQhYA6ho6CIIC4EKgAACIhiiMtEPAAAAbBAEIyIQKDAF+EJIFeCUJQB0iUj/KKADEI0FAHif +PXCfGera8BS9WIAACpoB+kJGFaACBQDRDwAAAAAA/bXWBaAKVQD8YAgV4DsFAFmaJCswbtMPabEF +LDAFdMEGwCDRDwAAAPpgaB2gDSUA/EyGHeALFQBY427AINEPAIwnL8kUi8n/hAAVr8gFAOjuAQf5 +AQAA78UUJdsBAADrxgkncQEAAH67BinBFaubm8kc2sPZsPwACB2gCkUAbaoCCQJhHNqqnLCJIB7a +vvv/4h2gDEUA6rYELM4CgAAMmQKZsSgiEo8inrINiALoJhIv+4YAAPpAaB2gDTUAC+AAwCDRD2wQ +BBPaugMiAtEPAGwQBCcgB4giHNqD9kIIFaF3AQDlgmNrzwKAAAyZCCiSnhraefcAEsLSAJ0AJJKd +CngKKIK/CEQB6NqNEhIhgAAlIhIqIgn4QUgV4FVBAAhVCiVSgOqZDAKowQAA9SAOw+IAnQArIBYt +Cv99sRX6QPAVoAwFAFhrNxzaZ/NBkA3g/fUAG9qYLyEHGtqXGNpv/7TiBar/AQDpIRov/wKAAAj/ +Ap9A+EAIFaBPBQCfQ55C+wYADTAOVQDqRgQsRgKAAA6IAphBKCIS+IDGFeA6BQCaRfgIAAUyiFEA +5ogRDVaCgAAIqgILqgKaR4opKSIVG9pwpaqlmfhCphXv6AUA6iYJIkiBAAD4gAuEIgCdAPoACB3v +iAUACQJhCQJhCQJhL0Qg+IQmHaAPBQAvRCQvRCcvRCYvRCUpYhH4h2Yd6JkdAPiHRh3omR0A+Icm +HeiZHQApRDgoIhb4h+YdqIgdAPiHxh2oiB0A+IemHaiIHQAoRDyKNCg8GPVABpgQ+fUACACI6Npa +ElChAAAKAIoa2kwpRDD4hiYdr/n1AClEMypEMoo0L0Qj+obmHaiPHQD4hEYdqJodAPiGxh3omR0A ++IamHeiZHQApRDTrAAUCQQEAAAgCYSkgBwkJQQyZEayZLpadKyAWfbEK+kDwFaA8BQBYasOJNGiQ +J4on+gCCHeAMBQD7RAAVoA1FAFhhsSsiEiz6fwy7AfpCRhXgAgUA0Q8e2jQtIhIO3QL8QkYV7/8u +AAAAAAAAAADqJAAK2ASAAFhq5uzZ9BVw6YAAYAAriW4Y2iSxmZluCJkC+IZmHeiJHQD4hkYdqIgd +APiGJh2oiB0A+IYGHa/8tgDAINEPAADrfBgpUASAAPwAIh2gDVUAWGsSwCDRDwDrfBIpUASAAPwA +Ih2gDQUAWGsMwCDRDwBsEAQqIhQpIhMc2db9s6YF5zUBAOqZDAGUHQAAZJCAKiAHCgpBDKsRrLsu +sp5u4ngrsp0Nrgou4r8f2esY2dr/YAQFsBQFAO7Z1BWC8YAALSEHDQ1K758CDu8CgAAO3QIe2fmd +sI0gn7WYspSzGNnU/6YADzAEJQDutgQu7gKAAATdAp2x6AAVBdhhAAALAIoMrxGs/yT2nS4iFKnu +LiYUaTIQwCDRDwAAiCLKgWgyNcAg0Q+KJ/oAIh3gDAUA+0QAFaANFQBYYVbSoNEPAAAA+0MAFeAM +FQD6QGgdoA0lAFhq0mkyyYwnLckUisn7hAAV784FAO67AQboQQAA7cUUJVPBAADqxgkl2QEAAHur +Ki/BFRnZpqr6msmZoIgg87OUBaAJFQDipgIsRgKAAAmIAvlAJhWgAgUA0Q8Z2ZyZoIgg87OCBaAJ +FQDipgIsRgKAAAmIAvlAJhWgAgUA0Q8AbBAGLyIYL/BYKAqOePF5KCAF6dm3FAOZgAAY2bQkIhII +RAEkJhKNOSsxCy4iEX2YfikiE6uZKSYT8oAFHlIAnQBk4MYq4gx9pz4o4gv7wGgdoAsFAPwAAh2g +DSUAC4AAKyIUKiITGdmjC6oM7NmjFVkDAAB7kxj7grYNoAkFAOkmESyQBIAA0Q/AINEPAAAA+kBo +HaALBQD8AAIdoA0lAFv/f8CQ6SYRLJAEgADRDwD9syYFoAolAP5ACBWgOwUAWZjAKiIQLaAFLgqV +ftG5wPL+TIYd4AsVAFjiDsAg0Q8c2YiN4P/AsBWgClUA9CAGFaA7BQBZmLMoIhIp+r8JiAH4QkYV +r/1uAAAA2iBY30Rj/0wAbBAILSIYK9BYKAqOeLENKSAFGNl37Nl3HIBGAADAINEPJCISKSIRCEQC +5CYSIjT6gACPLIk2JTAgJjEK/hFiHa/4xQD/KMYN5aUBACoiECugBSwKlXyxxMDS/EyGHeALFQBY +4efAINEPAAAA5JKCYdCBAACJl4me+SYAFeALZQDAIG25BQoAhgkCYdEPAAYGTiZs2whmAf9gE4wg +NxUApvj8hgAKMCslAPhBhhWgLFUA9EJGFaAmFQD3QkYNoA8FAHyhCnehB/tAILViAJ0ALzAwKDAx +GdlI7jAyL/4CgAAI/wLoMDMv/gKAAA7/AuvZQx/+AoAACP8C+eAcPmiPuQD9EAAUNe8BAAjuAhjY +/CiCPSuyiK6OCe4Rrrvt0Fgl2gEAACsmEf9gsBWgibUA+aAZDWIAnQApCpr5wBi0YJi1APnAGHQg +mWUA+cAYNGIAnQAtCpn9wBmdYARFAPdABjQiAJ0A/UAF9CIAnQApMEEuMEAvMDwtMD3oMD4vdgKA +AOnuAg/+AoAADf8CKTA/7TBCL/4CgAAI/wLoMEMvdgKAAO3uAg/+AoAA6f8CD3YCgAAI7gIP6Azt +IhAkBJuAACXSEn9RCAX4DGaAAi/WEi/SE9MP0w9+8QgP6QxmkAIu1hONvATdAp28fKFQ90AK5GIA +nQD3QBEEIgCdAMLi/0AVVCIAnQAvEBBk/hCKtyk8IPtByBWgCDUAbYoFCSCGCgJjwCDRDwAtMCPA +4Q3tOS20QS0UEP1f+aUiAJ0ALzAhf/eoLzBBLDBALTA8KDA97jA+LmYCgADvzAIO7gKAAAjdAi8w +P+gwQi7uAoAADt0C7jBDLmYCgADozAIO7gKAAO/dAg5mAoAADswCDcgM6iIQJASLgAAuohJ94QgO +3wxm8AItphItohN80QgNyAxmgAIsphMsMDgtMDmKvO4wOi5mAoAADcwC7TA7LmYCgAAOzALp2Mse +ZgKAAA3MAuSqAgZgBQAALCYWmrz5YWYV7/xiAInXKzELiZ6/uwtLS+W9fmTIwQAAY/0TAAAA+gBi +HeOE4QD5f+w+IgCdACswJCgwJekwJi3eAoAACLsC6DAnLd4CgAAJuwIIuxHouwIDSBEAAPstAAt/ +9WIAACwwIfGADM4SAJ0ALTAkLjAl7zAmLu4CgAAO3QLuMCcu7gKAAA/dAgjdEQ7dAmXRbywwTC0w +Te4wTi5mAoAADcwC7TBPLmYCgAAOzALqIhAuZgKAAA3MAmTMqC2iGP2/5ROiAJ0ALLYSLzBIKTBJ +6jBKL/4CgAAJ/wLpMEsv/gKAAAr/AujYjR/+AoAACf8CL7YUKTA2LjA0LTA1/mbwFeAKBQDqthUv +dgKAAA3uAuq2Ey92AoAACe4C6LYLL3YCgAAP7gL/YaYVr/fKACkwOCowOewwOizOAoAACpkC6jA7 +LM4CgAAMmQIImREKmQLo2HMUyAUAACkmFvlhZhWv9vYAAAAAAAAAAOzYbh74BIAA/WAIFeAKVQD0 +IAYVoDsFAFmXkCoiEsSwC6oC+kJGFaACBQDRDwAAAP/yEA2v7qUA7NhhH2gEgAD/YAgVoAolAPQg +BhXgOwUAWZeCY/uhAAAtMDguMDnvMDou7gKAAA7dAu4wOy7uAoAAD90CCN0RDt0C7NhRFugFAAAt +Jhb9YWYVr/S+AC8mEfugaB3v9JIAKiIQY/tcAABsEAgrIgcmIAcPAgAouRQFDUf1YcgVoWYBAOOy +CSQREYAA+aATEVIAnQAc2D6IIP9gSBWgClUA/b/AFeAJFQDtnTkJeASAAPggBhWgOwUAWZdbHNg1 +/GAQFeAKVQD+ShAVoDsFAFmXVRXX4uvX5BtQBIAA9MAOihIAnQAMaRGrmSySnveAEgpSAJ0AKZKd +BWwKLMK/DJkBZJH7LiEHLCBAJiAH96/MBeruAQDv2CAfdwKAAPWADkiRVgEA9YALyRIAnQD1oAuK +kgCdAMDQ+bAwBaBmEQDsIQgrMoKAAAbuAu/uAgqsAoAABcwCCMwCnpCPIPcgRhXgNgUA9yBmFaAF +BQCVlZWX/SCGFaAORQDolgYv/gKAAP/mAA+wCCUA75YBLv4CgADo/wIE4IEAAAMghgwCYwMAhgwC +YZ+Z5BMeBMkBAAAJAmkEYIYJAmcEQIYJAmXpIhItZwKAAOvMCAE5IQAA/5OmFa+aZQD3IAYUb2tF +APev4AWvmXUAJCISq0QvQigpRIEoQieY8CNCJy5CK58xJUYnJUYoI2KL6kSBJ3ysgAArQjEuMiQL +ikT7WgANMAwFAP9AAQUwDRUA+0AIFa+7gQBYXsUlRjEoQiYrQh8lRiv/BAAV78kFAAn/AeWFFCf5 +AQAAn4mfiC5idPpiKBWgDAUA/28ADbANFQBYXrf+QkgV75l1APxiSBXvmmUA/gAiHa9rRQD37wAP +8AwFAO/sOAbr/QAA7TYSJnpxgADAINEPAAAA/IBQFe/6RgD/93gNoAMFABfXbIx45hYEJg3/gAAM +qRGrmSiSnvcABIJSAJ0AKZKdBa0KLdK/DZkBZJB+sM6eeGWeHmAAFwAA/BBCHe/5JgAvIEAI/xD+ +YAYV7/ZiAIgiZY+VjTDrbBgpUASAAPmvSAXn3cEA/EgGHeAMFQD4YAYV4A1FAFhogcAg0Q8AAAAA +//csDaAJBQDAoFmTWIx4ihTr10gYBAqAAPmf+4CSAJ0A//4sDaAJBQDAkMDqDs40/uEGFa/98gBs +EAaJJyMgByiZFAMDQeeSCSQLsYAABQhH+QANcVIAnQAqIEEV1zP2AIIdoAQFAPFabA3gDAUAG9cx +DDoR9GAKehIAnQCrqi2invegENOiAJ0AKaKdBT0KLdK/DZkB6pQABI2hgAAuIEHsFgAvDp4AABjX +Mh/Xbi4hByUgBxnXbPxBBBXq7gEA9CAAAnBVEQDqVRAPdwKAAOXuAgokAoAABN0CCd0CD+4CnqCP +IJ2k+UBGFaAEBQCUpZSn+UDGFeA1BQCVo/3gABewBUUA5f8CDnYCgADl11cVSIEAAP9AJhXgDyUA +ByCGCQJjBwCGCQJhD+4CnqkMPRGr3SbWnf5BiBXvmXUAKSQF8rFoFe+YZQDoJAUn/KyAACsiEi4y +JAuKRPtaAA0wDAUA/0ABBTANFQD7QAgVr7uBAFheKCQmEogniyCULP8EABXvyQUACf8B5IUUJ/kB +AACfiZ+ILlJ0+mIoFaAMBQD/bwANsA0VAFheGioyErCq+mJGFaACBQDRDwAAAAAAAP/6KA2gBwUA +Htbajej3oAa4kgCdAAw6EauqL6Ke9+AHa6IAnQAqop0FPwov8r8PqgHkoNtmw/0AAJjo+UBoHe/6 +XgAqIEAIqhD64AYVr/kyAIieJIAEK4AFFtbx6oAGKiYCgAALRALogAcqJgKAAApEAghEEQhEAgZE +ASZMZ/aOAAswjJUA9sCAFa/4lgCJcO1kAAlQBIAA+a4OBaeZwQDpJEAh2GEAAPjgBhWgDBUAWGfi +wCDRDwDtRAACYSEAAOtMZylwBIAA/uBoHeS7HQBZlfMb1qj8IAgVr/g+AAAA//fIDaAJBQD8IAYV +oAoFAFmSrh7Wn43oG9afjBD5v/igkgCdAP/8yA2gCgUAAMCgwPoP3zT/wQYV7/yKAAAAAGwQBCki +ByMgByiZFAMDQeeSCSQK6YAAFNaM960cBaeFAQD5AAwRUgCdAPRgClISAJ0ADDkRBpkIKpKe90AN +SlIAnQApkp0EOgoqor8KmQFkkWMqIAcoIQcf1o8b1sr5QAAEMMoRAOrMEAxHAoAADIgCC4gCmJCM +IP8gRhXgPgUA/yBmFaANRQDu1sAeZgKAAA3MApyRKyBB/EEEFaAEBQD/IMYVofoBAOSWBS/8AoAA +78wCBNCBAADuzAINiSYAAMCwlJf9IIYVoAUlAAcghgoCYwcAhgoCYQi/EQX/AhXWq5+ZDD4Rpu4t +5p34QYgVr5x1ACwkBfKxaBXvmmUA6iQFJHysgAArIhIuMiQLikT7WgANMAwFAP9AAQUwDRUA+0AI +Fa+7gQBYXYMkJhKIJ4sglCz/BAAV78kFAAn/AeSFFCf5AQAAn4mfiC5SdPpiKBWgDAUA/28ADbAN +FQBYXXUqMhKwqvpiRhWgAgUA0Q8A//qMDaAHBQAV1jaKWGqhbww5EaaZK5KebrR2KZKdBDsKK7K/ +C5kB5JBpZWP9AACcWGWerWAADgAtIEAI3RD84AYV7/niAI9w6zwYKVAEgAD/rOwFp//BAP5IBh3g +DBUA/uAGFaANRQBYZ1DAINEPAPoRIh3v+3oA//mMDaAJBQDAoFmSJopYa6GF//6MDaAJBQDAkMCK +CKg0+KEGFa/+UgAAAABsEASKKo6vGNZg6CYLIUiBAADp5gAleOEAAO8mCClYBIAA/kEmFaAMBQD5 +QeYV75iFAPhAph2gDSUAWGd5wCDRDwAAAGwQBBvWUSoxDCuyfxzWMvhiEBXgFGUA+0PWDeAFBQB8 +oRbqJAAK2ASAAOw0AApoBIAAWN4QwCDRD2iRSGiSKGiUCsBA//9oDaAFBQAAfKHRe6vO2jBY3j3V +oP//EA2gBAUAAAAAAAAA/UDmDaAUZQB7owJgAAHAQNowWN5T//6EDaAFBQDaMFjeZuWkAAUBEYAA +/axcBaAKVQD8YCgV4DsFAFmVRv/95A2gBAUAAAAA//24DaAExQBsEAQpMBPxJrAN4PWFAGiRBMAg +0Q8AhCeEThzWH+0wESJIDwAA/T+GHeAKVQDuMBIiQBMAAP8bph2gOwUAWZUx6zwYIlATAADsMBEl +U/UAAFjedeU7CAJQFwAA7DASJVN5AABY3nHqJAAKWASAAFjf8sAg0Q+EJw8CAIROHNYILTARLUQC +/mJQFaAKVQD+gGYdoDsFAFmVG+s8GCJQCwAA7DARJVMhAABY3l/lOwgCUA8AAOwwEiVSoQAAWN5b +wCDRDwAAbBAE9EBgJeizHQAjVFf6qsYd4EQ1APSqph2gCHUA+KqGHaAJBQD4qmYd4EoFACpUUtEP +AGwQBI84/avQBaAKVQD8YhAV4DsFAP/gaB2h//EAWZT7KTAQ6tXiFIyRAABokllplBKINiKifwmI +EagiKCAFKQqVeYFewCDRDwAAANowWOB8/18ADeAJdQCLp4u+LLKODJ1W/SNAHejsuQDA037QEPtg +QCXgDAUAWOBGwCDRDwAAWN+vwCDRDwCLNiqifwm7EftAAEVwCwUAWN8uwCDRDwAAAADApf2rhAWg +OwUAWZTX+kBoHaALJQBY3ijAINEPAGwQBIguIyw4c4kFwCDRDwAAiy6Is+xEAAroBIAA67zgKVAE +gAALgACMIu0gBS5+7gAAZN/Vji5z6dZj/80AAABsEBYlFheHNSYxDysgB4g04xYaKkgEgACZHP4j +SBXgChUAmh/7q0gFoMhZAPwjZhWhuwEA+iLGFeP+9QD7T8QVoLZ5APoiZhXgd/kA+eOwFexIHQD6 +jwANMDhRAPggBh3vqgEA6hYUJFRWgAAGDEn8IcYVoAAyAAAAAAAAAJ4eLhIXKPE9KBYSL/If/iIG +FefuAQAuFhX1wDwhEgCdAIoi+0BBoJIAnQDw5WAN4A0FAO0WESOASYAA2kBY6Hf0AAId4AYFAC8S +G9pw/gBiHaAMJQDv7DkJ2ASAAFjoX/dAAEMwCPUAdoBV9CFmFaSWHQDjFgokyAUAAPgjBhXgAT4A +AAAqEhJkp2MrEhqLtX22n/oiSBXgDBUA7BYRKlAEgADsEhAo6ASAAFjojGankfwAYh3gBQUACtU6 +ZFd7w2CUG/IhRhXk5h0ALhYYKBIWHtT8HNT949T+HCAEgAD1AAkyEgCdAOoSGCw3AoAAo2YpYp4O +iAoogr/7IEDrogCdACZinQhmAdtg5rQABb15gACPyJsV9+A94JIAnQApMq7q1UYUu3mAAC4yrS2i +ZO3rAQfT/QAA/cA63mIAnQCayP3AOvZiAJ0AjRwsIBTTD63MDAxHLCQU9YA8flIAnQAuEhspEhTx +wMAN4Ag1APkAPYjiAJ0AZFDOihoPAgDIoWRQY+tkAAlQBIAA/ABiHaAdhQBY6ITuEg4teASAAOYS +CyKvmYAAHNUmLRIT+amsBeAKBQCa8przmvSa9elpAg9EAoAA6fYALuiCgADo3QIK9sKAAP+mAA6w +G8UA/eAmFeAKVQBZlCorEhX5YDgpUgCdAMAg7BIYKm8CgACj3SzWndEPAAAAAAAAj8j34DjgkgCd +AOkSGCo3AoAAo2YoYp75ADk74gCdACtinQ5NCi3Svw27Aea0AAW42YAAsP6eyPrAaB3v+xoALxIR +0w9k8HfrEgUpUASAAPwAYh2gHYUAWOhRGdT4FtT1jhsoEAAmYpsJ7gIZ1PQIHxTmhgsP+wKAAOn/ +AgR8oIAALBIQ7RISI1v/AAAosj8rsX2eoJ+hnaKco5uk+UCmFaAAcgAALBIQLRISK2EFiGOeoJ+h +m6KYo52knKUmrBgtEhOMHgLdEO0WBy5kAoAA7BYIK6b+AAAa1In4IWgVoA8FAP4gxhXgDyUAnx0K +iAIoFgnrZAAJUASAAPwAYh2gHYUAWOgmjRkvEhqJFisSGo/18TXQDeP+9QAc1MqLtP9ARhWgj5kA +/UAGFeBviQD9QCYVoN+hAPDQABMwz5EA7tTCHulCgADupgMsQQKAAP0GAAx5uwEA66YELmDCgAAM +ZgIIZgImpgUsEg3pnAElMGEAAOkWBiZj/QAA7BYNLnumAADrZAAJUASAAPwAYh2gHYUAWOgCFtSt +iRePGPohKBXgDQUAnRGdEp0TnRSdpP1AphXv/vUAnqKeo5ugLhIa6f8CCsbCgADo/wIA4DEAAOb/ +AgDYIQAA7RwQJTBhAADvpgEg0BEAAFjmzvlAaB3gDBUA6sk5DSgEgADpFh4lIAmAACQWH/4AIh2g +DQUACe045RYgJurhgAAT1I2IGIwXGtSMKxIbhBsV1IXxeAAUsA4VAOvrOQongoAA9IYACnYPBQAL +rzn9JgAMsA01APkmAAwwDCUAC9w5LBYdCfkCKRYZ+eYAD7AFBQD+I4YV4AMKAAAPVlD+GAAF8M/J +APwhKBXgj7EA/UAGFeDveQDs7hEMRAKAAOvMEA3agoAA7LsCCzPCgAD4xgALMM+BAP2IABYxj2kA +7O4CDEUCgAAI7gIc1F+coSgQAAbuAvvGAA9wb7kA9MgAEzu/AQD3xgAPMAYlAObuAg3dAoAA7qYE +LEICgAALiAKYpRvUV5uiGNRX+UBmFa/5jgCZoZSgnqKeo56knqWdpp2nnaidqS8SHeVcASUwoQAA +/qARnGIAnQDrZAAJUASAAPwAgh2gLYUAWOeX5FBRas7CgAD0oApgkgCdACsSHMfv+yYADPANBQDj +mQIL/S4AAI0TLBIajhKPEYvMLMIQmaGbqfVABhWgCAUAmKKYpp+jnqSdp5yljBT9QQYVr/4mAC0S +GywSGRvUMAyZAuuZAgaEGYAA8OJADe/+9QCZoZSgnqKeo56k/0CmFaANBQCdpp2nnaj9QSYV7/02 +AC8SGiIWISvyFibxOCLxOizyFejxOSs0AoAABiICJvE7LfIb7vIaLEQCgAAIZgIo8hcv8hmfop6j +naScppunmKiWpZmhlKCSqfIkKBWv+/YAAAAAAAAAAPDiQA3v+/UAmaGUoJuim6ObpPtAphXgCAUA +mKaYp5io+UEmFa/7OgAsEhqNEi/BOybBOSjBOC7BOuvCGCs0AoAA5v8CDEQCgAAI7gImwhSIzCzC +EJukmKeWqJmhnaKUoJyjn6WeqYwU/UDGFa/6GgArEhvsEhklg1GAABvT7sfv/SYADLANBQDrmQID +gPGAAJmhlKCeop6jnqSepZ2mnaedqP1BJhXv+TIALhIaIhYhLeISLOITK+IYiO2G7i/iFILvLuIR +nqKdo5ykm6WYppann6mZoZSgkqjyJCgVr/hWACsSHMff+yYADPAMBQDjmQIDgPGAAJmhlKCdop2j +naSdpZymnKecqP1BJhWv95oAmaGUoI4T/iAoFeAIBQCYopijmKSYppinmKifpf9BJhWv9woAKhIa +GdPAiqUT01glEiDkEh8lTDCAAOPTVBODuYAAHNO6ixsMuwL7P0YV7+eiAIUfwNL3rQAK/+gmAMCl +/adoBaAbxQDuThEKaASAAFmStmP4ZwAA+iKIFaAOBQCeEZ4SnhOeFFjl0iQWH+UWICViYYAA+iKI +FaALBQBY5cUkFh/0JAYV7/DaAC8SEGX4lWP4OhrTdYgbCogC+T9GFa/l1gDAoFlQ+sinG9OaK7CA +ZLBaKhIUWOW+6RIeLV9OAAD6IogVoAsVAFjlsvgjyBXv71oAAAD/4CQNoDYFAOsSEipQBIAA7BIQ +KOgEgABY5oFj+FcAACsSGowc7RIXKVAEgABYYQzSoNEPAAAAAPunBAWhSxUAWX9GLBoADKwC+6b6 +BaFLFQBZf0Zj/4UAAMCwwNoN/TTtxggtxVYAAPpAaB2gG8UA/AACHaANFQBYZDhj/6EAAAAAKxIW ++kBoHaAMBQDtEhgl2GEAAFhkMWP/hMCgWY8LHNL8j8j5/8HQkgCdAGP/t9ogW+wBY/hsiieNHMDA +6qwgLtgEgABYWqLSoOsSGCpnAoAAo8wrxp3RDwAAAAAAAP/fpA2gBgUA/+FIDaAFRQDAoFmO9hzS +5o/IHtLj+f/GuJIAnQD/4/ANoAYFAAAAAP/jlA2gCwUAwNoN/TT9gQYV7+OSAAAAAGwQBBTTRoIg +JEJ/E9NFBCIMAyIC0Q8AAGwQDBjTQxrS1hnTQCiAfSqiRimSgwmqEeqZCAR8RIAAJJ0B9JAAFaAA +MgAAACSdAyRMgBnS/ihBK/kACAxiAJ0AGtLr6gAFCMgEgAAJAmEJAmEJAmEJAmEZ0y8Y0wsf0r+O +IJ8S+CDGFaAKRQDpFgAvdgKAAArqApoRKUAHL0Er/aZMBaGZAQDj7gIMzAKAAAn/Agj/Ap8UKyA5 +/iFmFaANJQCdGQy7AusWCCgECoAA9GAEsZIAnQCJRyqZFOSgf2TggQAAjZmLwP/4Ah2gJYUA7s4B +BoIZgABtCC59sTgv0AAp0Ad18S8vwQXu+AgMzwKAAOndCARBAQAA6NsRftAEgADtpAAFAImAAGP/ +ygAA/68ADX//vgD9bwANcAkFAAqdOObUAA6BpgAA6kQACNgEgAD8AIIdoA0lAFhWVdEP//4MDaAN +BQAAACocOvpHQBXgDGUAWYuzY/9cwnaOaPoAoh2gOwUA7NLtG2gEgAD+RzAV4+4BAFmR54poCo9X +d/FtikcuoRX7RAAVr8sFAAurAavr62pwc2kBAADvogAmgYGAAH3xKCzQANMPDwIAdcEdKdAHDJkR +6d0IBcEBAADo2yR+0ASAAO2kAA1+xgAA/e8ADfAKBQALrTjm1AAG+mGAAGP/dgAA/68ADT//cgAs +IDkKDUN9yYiOIAjuEQ4+Ap5r0Q8AAAD/rwAOv/5CAGwQBiggBSwgB8GUDwIA+QAQdWHMAQApIgJl +kcMtMAEb0kbm0kgeOASAAP+hQAbQD6UALiBOZeJX7tJCHk8CgAD1gArSEgCdAKaZKJKenBALywr3 +ABGU0gCdACuyvyqSnQurAesWASWOSYAAiuj3QA64kgCdAChiru3SNBQL+YAALGKtLdJ/7csBBUP9 +AAD9gAteYgCdAJjo/YALZmIAnQApIBSkmQkJRykkFPUgDXXSAJ0AHtIyG9IsjCD4ICgV4AoFACq2 +Mu7MAg5uAoAA/WcGFaAORQAO3QIttjEb0o3ckOsPHg3QBIAADAJnC0CGDAJlCyCGDAJjCwCG7AwA +BNkBAAAK4IYLAm8KwIYLAm0KoIYLAmsKgIYLAmkuMQEoIQktIAcsMAEb0nsqIST8IAAGMN0RAOrd +EA5kAoAADcwCDKoCHdJ1LCEiC6oCKpYgDcwCiyAd0hMoliMuliQsliL9YAAVsAwlAAy7AiuWIYoz +6pYlJMgHAADtABUEymEAAAkAigx4EaaI/xOmFeflAQD5wAa5UgCdAMAg0Q8AAIro90AH4JIAnQAM +eRGmmS2Sngt7Ciuyv/egCGTSAJ0ALZKdC9sBZLEAsK2d6OsWAS305gAA/CAGFaABZgAAAAAAAOok +AAnYBIAA7EQACugEgABYX8fSoNEPAAAAAMCwD6k06eYILfTmAAD6QGgdoBvFAPwAIh2gDRUAWGL8 +Y//BAADqJAAK2ASAAFhhSNKg0Q8AixD6QGgdoAwVAPtjABXgDaUAWGLyY/+XwKBZjcwe0byK6Plf +8PiQD6UAY/+q2iBb6sL/+TQNoA+lAACKJ+tEAApoBIAA+0QAFaAMBQBYWWDSoNEPAAAAAP/3XA2g +CwUAwLgLmwL6QEYV7/0eAAAAAPwgBhWgCgUAWY20HtGliuiMEBvRoflf93iQD6UA//woDaALBQAA +wLAPrTT9wQYV7/vyAABsEAYS0ZsX0hD1o0QFoBOVAPhQyBWgpiUAKiKCf6cgKyKCf7cYKiKELKAI +JaAHdsE3iETAoAuAAAUzDGU/2tEPLSKEKSKHKiKH+WAABPuqgQB6mS8K6jArQkHDwgy7KKuq+paG +Fa/+6gAuoQsu7PgODkPu7Pwi6/0AAP+iAAq//s4AAAAMAgAvIoJ//8Yl0AduW8DccPoAoh2gCwUA +/qAAFzD/BQBZkOIlXPHKWygKcZgRwKFZhk/6ICgV4An1AAlZNpkQCbsM+iAmFeAKBQBZbQKKEApV +DGVf18ChWYZF+g4iHeAKBQBZbPxj/2YAAABsEAYoIAUmIAfnNAAK2ASAAPgCgh3gBTUA+QAPnWFm +AQALCEdoghSKIhjRUhfRVeRkAAUDyYAAwCDRDwArIh1lseGIJ4OI+wKkFe/MBQDpggskcIEAAAzs +Aey7CAp/AoAA7BYAJdkBAADzIA38YgCdAC2JFKP6r90thRT7YA3rogCdAMl1yUPZMG1JBQcAhgkC +YYrgDwIADwIAr6r7QBCsYgCdAPvABhWv/f4A7GoRAyTxAAAHqggrop4PAgD3YArZ0gCdACqinQhr +CiuyvwuqAWWgT+tsGClQBIAA/AAiHaANNQBYYljAINEPABvRJIm49yAMoJIAnQAMShEHqggsop73 +gA0B0gCdACqinQhMCizCvwyqAeShjmTr/QAALbYIZK+vGdE6maCIIP+jGAXgCxUA66YCLEYCgAAF +iAKYoYgzL/J//6JKBaiIHQCo/5+j7gAVBUhBAAD/ojIF4AgFALGI6YMeDA/oAACfphnRfPlBBhXg +GAUAmKeOIAjuEQXuAp6pDE0Rp90l1p2OIiwgBoknC+4C69FzFmAFAADsJAYkyIEAAIiR/SCCFe/M +BQAMnAHuJgIkQ0EAAOiWASbowQAA7ZUEJmEBAAB8iyIqkQUd0P2oqJiRnYCMIOuGAi5mAoAABcwC +/QAmFaACBQDRDx3Q9Z2AjCAb0VvrhgIuZgKAAAXMAv0AJhWgAgUA0Q/aIFhgXdKg0Q8AAAD/+sQN +oAoFAFv/OmP+FwAA8yBoHeAOBQD/AWYVr/e+AOO6DAOBuYAACksU7LwIK8AEgADsTDYJyASAANMP +bckFCACGCQJhiRCqeOtNDATJAQAAbdkFCCCGCQJjixAK/Aysuyu8QPvABhXv9ooAwKBZjMsb0LuJ +uBjQuPk/8viSAJ0A//n8DaAKBQDAoMDaDZ00/WEGFe/5wgCPEC/8QP/ABhXv9aYAAABsEAyIJ/hA +SBXvygUA64EVKmcCgADsPAgEQIEAAAqIAai46IxALngEgAD5gCQSogCdAC3wBysgBxbQoezc/i+o +BIAA+6BgFeH7AQDkkAlvxwKAAMAg0Q8A5o0IBsgZAAAo0p4e0JXrFgEv0ASAAPkAIjPiAJ0AG9CO +KdKdC/sKK7K/C5kB55QABKG5gAAt4ggqFgz3oCJIkgCdAC9iruvRARee4YAALmKtL7LkD+gB6BYJ +Jsv9AAD/wB4+YgCdABjQfpmI/8AeZmIAnQAtIBQpUAetmfohhhWnmQEAKSQU9SAg7dIAnQAZ0MEf +0O/qIgAtbwKAAIg0HtCB5t0IDVYCgADxAAUCUgCdACggByshJPygJBWgFIUAlHP+4EYVoAQ1AASj +AvuhGAWgiBEA43YBLEKCgAD5BgAMcAMFAPjgBhWgCCUA6gAFA9BBAABtigIKAmEuIQkpIAfy4KYV +4DilAOx2CS91AoAA+cYADzHJAQDudgYuZAKAAAy8Ag/MApx0KyEJ2iD+oCQVoAwFAOTWnS3dAoAA ++WYADbANBQBYX7jAINEPAIYnKGEV6BYDIzCBAAD2IMYVr8kFAAlmAaaI71wgJEEBAAB48wSIEwj/ +DOnyACZABQAACKgCmBf4+AAE8IgVAHiZHB/QsYgX6HYBJkv9AAD+4AYV4ZkdAPjgRhXgAFIAiRcY +0KqYcJlxifEJWRSZco8WiTYb0KaWEPngpBWimR0AC5kBG9CemBSmiCuyHe/yASRBAQAAKBYKCbsI +63YDIkgJAADr0JYczwKAAAn/CCkWCAxJCOYSCCTICQAA6PMKfM8CgAAoEgQI/wzmmQwDwEEAAOSQ +TG43AoAAmBWIGg9pCPkADuriAJ0AKRIFD4oM+iBGFaSqHQBtqQUPAIYJAmGIEikSAArPDAeICOmc +QCRQQQAAbfkFCSCGCgJjKiIACKoRGNB59uAARLAPFQD/IMYV4AxFAAyqApqVmJSIUy+yGxbQdP2g +FgWoiB0AqP+fl/wAChWgCgUA7NBwFNiBAACxquuDHg0P6AAA/yFGFaAoBQCYm480iFOKNQb/ARbQ +ZuyqAQxCQoAACP8CBv8Cn5woUAkrUAsvUAomUAjs0GAd2QKAAOb/EAxDAoAA+wYADDCmMQDr/wIN +UcKAAAr/Agj/Aoo2GM//n53+YUgV5bYdAOyqAQ3YQoAAC6oC+yHGFaRmAQDo/wELMgKAAAb/AohV +mJ+GViaWEIxXL5YSLJYRi1QrlhMqUAEvUQHr0A4YBAqAAPFABDfSAJ0AKiAHCipA7CEkLVKCgAAL +qgIqlhSIIPoDAh3gCjUA65YXLEYCgAAKiAIaz9v/IsYVoAsFAPkiphWgCCUA6gAFBNGBAABtigIK +AmEoIQkuIAf7AAAUMBqlAAqIAiiWGvmgRAWh7gEAAO4RDs4CCO4CiBErlhkvlh3ulhgkQA0AACgW +AY4RLtadLVAHiif1oABGsAwFAOvUAAVQgQAAWFdG0qDRDwAAAADpEgUmcuGAANMPbckFD0CGCQJl +Y/5DwPCfGYgZH8+NwJoJ2TTp9ggsYeYAAPpAaB2gG8UA/AAiHaANFQBYYLfAINEPAAAAAAD7jwAP +/+36AP/vJA2gCQUAjRHr/BgpUASAAP2gYBXgDBUAWGCswCDRDwAAAAAAAAD8IWYVoAoFAFmLgh7P +c43oihyMG/m/3RiSAJ0AY/+UAJwb6xIJKVAEgABb6HWKHPwhaBWv71IAAGwQBikgBSYgB9gw9gBi +HeAaRQD7IA/NIWYBAAUJR/0jAAFfxQUAiyIZz1wTz17kZAAFg7GAAMAg0Q+IJ4uILoEV6YILJHiB +AAAF+gHq7ggKbwKAAOoWACdxAQAA+yAORGIAnQAsiRSdEavarcwshRT7wA4jogCdAMk0yULZsG1J +BQMAhgkCYSwSASryAAyqCP9AESQiAJ0AmvDTsPhgaB2v/hoAAAAAAOxqEQMk/QAAA6oILaKeCWsK +K7K/96ALAdIAnQAqop0PAgALqgFloE/rbBgpUASAAPwAIh2gDTUAWGBiwCDRDwAAAAAdzy2L2JgS +92AMkJIAnQAMShGjqiyinveADRHSAJ0AKqKdCUwKLMK/DKoBZKGQsL6e2GSvrx7PRJ6gjSD9nywF +oAsVAOumAi7uAoAAB90CnaGJgyjCf/+eXgXomR0AqYiYo+8AFQVIQQAA/55GBeAIBQCxiOmDHgwP +6AAAn6YZz4b5QQYV4BgFAJinjiAI7hEH7gKeqekiBypvAoAAo90n1p0sIAbtIgIkyIEAAOWfAQZg +BQAALCQGiJEsmQQL3QLtJgIkQ0EAAOiWASZgwQAA7JUEJ/kBAAD/BTIN4AwFACqRBR3PB6iomJGd +gIsg7IYCLd4CgAAHuwL7ACYV4AIFANEPAAAdzv+dgIsgwMDshgIt3gKAAAe7AvsAJhXgAgUA0Q8A +AOokAArYBIAAWF5k0qDRDwD/+qQNoAoFAPMgaB3gDgUA/wFmFa/5ogDr6gwBgbmAAApNFOzcCCnA +BIAA7Ew2DcgEgADTD23JBQgAhgkCYYkQqjjtTgwEyQEAAG3pBQgghgkCY40RjBAK3QytzCzMQP3g +BhWv+F4AAMCgWYrUHc7Ei9iIEhnOwfl/8viSAJ0A//noDaAKBQAAwKDA6g6+NP+hBhWv+aoAAIgQ +KIxA+eAGFa/3ZgAAAABsEAQVzsQWzr7wiAATsAlFAOTPJRnGAoAACYgCKGYxBTUC52YyKhgEgADl +ZjgpMASAAANghgYCZwNAhgYCZQMghgYCYwMAhuYMAAEZAQAAIi0B5B8eARIBAAADAm8EwIYDAm0E +oIYDAmsEgIYDAmnRDwAAAGwQBiMgBxTOmAMDQerOlBnPAoAApJkokp76YAEGMAU1AOzCvywZHAAA +K5KdDLsBy7kfzxAdzxD6QAgVoA4FAJ4QnhL8ICYV4AwFAPwAoh3gHuUAWFqCDD8RpP/186YV4AIF +ANEPAAAAAAAAAOs8GClQBIAA/AAiHaANNQBYX6zHJNEPAGwQBiggcPWc7gXgBkUA6s5yFHXkgAAj +IAcDA0EMOREFmQgrkp4kIgAKOgrqor8toYQAACiSndMPCooBZKBR20BY+IvAwfwAAh3gDhUA+Z3S +BaAJBQD4ICYV4A8FAOkWAi1YBIAA6BYAKlAEgABYWloMPBGlzCbGnSogcCsK+wuqAfpOBh2gAgUA +0Q/AINEPAOs8GClQBIAA/AAiHaANRQBYX4LHJNEPAGwQBCMgBxTOURXOTPuckgWhMwEA5EJ/Kc8C +gAClmSiSngo6Ciqiv+NECAwRVAAAKJKdDwIACooBZKBE20D8AAIdoA0lAP4AQh2gHwUAWYv7/52A +BaAIFQDupgAqfgKAAAj/Ap+hjSCdogw8EfWAAEZwCyUA+5OmFeACBQDRDwAA6zwYKVAEgAD8ACId +oA0lAFhfXMck0Q8AbBAULzAQ95xOBeAKdQDz5PAN4AYFAPXgRXCSAJ0AaPIDwCDRDysgB/ogphWn +lQEA+CNmFeG7AQDrFhwslGgAACwgBfeAYIxSAJ0ALSBy86BgN5IAnQDaIFhcXftAQoiSAJ0AjiL7 +wEI4kgCdACoiECwhGog1iynoFg0uf8KAAHj7DwsJQsiZDAtC+2BaEBIAnQCOHfwjiBWgH4UA7BYZ +J2hdAAD73gAPtN0dAO0WCCboDQAAnRqdGfWAT4ISAJ0ADMsRp7sosp63SfkAYpPiAJ0AHc3xK7Kd +DcwKLMK/DLsB+2Bf6BIAnQCMKY4qDA8+LxYXDO4Mf+t3KiAiKSAjCpkM+yBh2BIAnQAoIAcazmv9 +WgAV4YgBAA2ICS6B/gnvNg/uDC6F/i0gIq/dDQ1HLSQi+6BhKBIAnQAoon/uIgsmy/0AAPsABADQ +CBUA4JkaDEAKgADp7ggEQ/0AAAjuAi4mCigSFwzpDPkgX8OiAJ0AiRoezlMsIAcoIQcdzcz+QSQV +4MwRAPWQABY6iAEA7cwCDEMCgAAI/wItISScsIogiB0czdHu3QINVgKAAAqZApmxKiEinbSfswyq +AhzOQZqyKSIQihWZtRnOP/xHEBXgDyUAn7mWt/lhBhWgDhUAnrr8AwAG8E51AA3qOQ3JOQqZAooY +5rYLIcBBAADptgYlyMEAAG2pBQgAhgkCYR7NtZ68jTDzoELSkgCdACoSGekSCS1XAoAAp6oppp0o +IBQvEhekiOgkFCeAwYAALRIXjCkrIDitzJwp82BWP5IAnQAuEhv5wFUZUgCdAMAg0Q8ALiAHLyAF +LTARDg5BLhYc+eAxZFDdOQCPItzg/8AAFbAZxQDnuwgIBAqAAPvgTICSAJ0ALRYWKLKeKhYFLBYZ ++QBN4+IAnQAazXwpsp0PAgAK6goqor8KmQEpFg7pFhooBAqAAPsgTQgSAJ0A+kBoHaALRQBZiZL7 +QE1gUAsVABzNcIzI94BNqJIAnQAtcq4ezffTD/egSf1SAJ0AKnKtLeLMGc1n0w8NrwHvFhUmQ/0A +AP1ATa5iAJ0AmJj9QEkOYgCdACkwFCkkOCgwFSgkOSYkO484jjaNOYw6iTyKOyolJSwlJC0lIy4l +Ii8lCSkkTIg9KCRNLzIQLjIRLiYVJiRxJiRyJiRwKyRzJiYdKyYZKyYYKyYXJiYbJiRPJiROKyUp +LyUoLTARKhIFLiEaDQ1DLSQ6/0Av8KIAnQAtIDgq+vz7wAQFMA8lAA/cAe/QHXVTsQAA/wAAB7AJ +FQD/LQAP+Y4dAAj/CA7/EQ+qDP+bgAWgCRUA/S0ADjAIRQAI2AEK7ywImDkK7i4OnjkZzYvv7ggL +eASAAAifORjNTd1gDI05D90CKCAUDq8c7yU0JUvxAAAOnhykjO4lNSzMAoAA6dkCDXQCgAAO3QIu +EhYpJhAsJBTtJg8nLSmAABrNZS8gB40pnSyOPp4f/iHIFaCfEQDoIQgsyoKAAAqZApng+Zs4BeH/ +AQDqIgAv/AKAAA+IAvkGAAxwDzUA6akCDVYCgAAPqgKa4f+aLAXgKgUAmuPv5gIuUgKAAAuqAo8r +luUo5gQp5gYq5gcv5gnt5ggneMEAAP4jRhXgHUUA/CCGFeAKBQD6IgYVoBmFACkWGCYkFCsSGvph +6BWgDBUA+iImFaANBQD6QAgVoAkFAPggBhXgDgUA+CBGFeAIFQD4ICYVoA8VAFhY4ywgOPrAaB3g +HwUA8iPmFeANJQD9gAQB8OwRAO7bOQtIBIAA8+0ADPDsGQD7xgAPcMwBAPLAaB3gKwUADLM5KyA5 +6GQAC3gEgAD4ZgAJ8EkFAP1gBAbwuwEA+yIAD/CMBQDtyDgNWASAAPpACBWgDQUAnREczVacEAj/ +AgP/AvIj6BXgDQUA/8YAD3AMFQD/wAAXMA9FAP/GAA9wDwUA/iBGFaAOBQBYWLnAwe/NSR1YBIAA ++kAIFaQJBQD4IAYV4A0FAPggRhXgCAUA+CAmFaAOFQBYWK4oEhHpEg8tWASAAPpACBWv/vUAnhD8 +RKQV7//1APxEhBWomQEA+zgAFLiIAQDpiAIO7AKAAP2GAA5wHqUA+CBGFaANBQD8ICYVoAwVAFhY +mgqrAvpACBWv/fUA/CAGFeAMBQAsFgEpISIoIQkuChz5IAAUv//1APkGAAxwDBUA+CBGFaANBQBY +WIsqFhIqIShZivntzRYdYASAAPpACBWv/vUAnhAuEhAt0CwbzRXu3QIGY/0AAOLpEA7oQoAA7ZkC +DmZCgAAMmQILmQKZESgiFRnNDP//4h3gHuUA+iJIFeaIHQD5BgAMcA0FAPggRhWgDBUAWFhw+0Bo +HeAMFQD6QAgVoAgFAPggBhWgDQUA+CAmFaAOBQD4IEYVoA8VAFhYZYkw8yAVepIAnQAuEhkbzGgs +IQftEhgvdwKAAKfuLeadKCANK7I4HczojyCOICkgDCrS+g67CO4gFS3eQoAAC6oIKhYTKyAHK6QH +KaQMLKUHKKQNLDIJLKUJLqQVLjIR+GIIFa/MAQAsFhQopSgspSP9oIgV4AkVAPlFJB3gG0UAK6QF +/0PGFebuHQD6IqgV4P/1AP+gAEawDgUA/ULGFeANFQBY9m4rEhMvEhYoEhQpsBX3YoYdoCsFAOuk +AyxGAoAA5qQALMkCgAD5BgAMcAkVAAmIAuimASeUIYAALCA6wN/9gBP8YgCdAC8wV8TgD+4MnhvA +0f4f4h3gDgUA7CEJJVhBAADsFgwpUASAAFj2U4kcixsmJBQoIBUmpAArpAPomREMQQKAAPkGAAxw +CRUACYgC+UAmFaALxQCKJxzMP4quiRQMAIcKAmEKAmEKAmEKAmEKAmEKAmEKAmEKAmEtEhYrdq34 +QKYd4A4VAO4kFyaBWYAALyA6wI948R4ZzB4oMFAJiAooghDsMFch2UEAAPpAaB2gDSUAC4AABQpH *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-releng@FreeBSD.ORG Fri Jun 27 00:11:02 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D9C503A4; Fri, 27 Jun 2014 00:11:02 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C72D527AF; Fri, 27 Jun 2014 00:11:02 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5R0B2fd001926; Fri, 27 Jun 2014 00:11:02 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5R0B2H4001925; Fri, 27 Jun 2014 00:11:02 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406270011.s5R0B2H4001925@svn.freebsd.org> From: Glen Barber Date: Fri, 27 Jun 2014 00:11:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r267943 - releng/9.3/sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2014 00:11:02 -0000 Author: gjb Date: Fri Jun 27 00:11:01 2014 New Revision: 267943 URL: http://svnweb.freebsd.org/changeset/base/267943 Log: Update releng/9.3 to -RC2 status as part of the 9.2-RELEASE process. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/sys/conf/newvers.sh Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Thu Jun 26 23:24:59 2014 (r267942) +++ releng/9.3/sys/conf/newvers.sh Fri Jun 27 00:11:01 2014 (r267943) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RC1" +BRANCH="RC2" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@FreeBSD.ORG Fri Jun 27 00:11:56 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from hub.FreeBSD.org (hub.freebsd.org [IPv6:2001:1900:2254:206c::16:88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 91969582; Fri, 27 Jun 2014 00:11:55 +0000 (UTC) Date: Thu, 26 Jun 2014 20:11:52 -0400 From: Glen Barber To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: Re: svn commit: r267943 - releng/9.3/sys/conf Message-ID: <20140627001152.GB17438@hub.FreeBSD.org> References: <201406270011.s5R0B2H4001925@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="3uo+9/B/ebqu+fSQ" Content-Disposition: inline In-Reply-To: <201406270011.s5R0B2H4001925@svn.freebsd.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2014 00:11:56 -0000 --3uo+9/B/ebqu+fSQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 27, 2014 at 12:11:02AM +0000, Glen Barber wrote: > Author: gjb > Date: Fri Jun 27 00:11:01 2014 > New Revision: 267943 > URL: http://svnweb.freebsd.org/changeset/base/267943 >=20 > Log: > Update releng/9.3 to -RC2 status as part of the 9.2-RELEASE > process. > =20 Sigh. Of course, I mean 9.3-RELEASE. Glen --3uo+9/B/ebqu+fSQ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJTrLbIAAoJELls3eqvi17QSpYQAM1te4WemP/U2q83H10A8O3G WZmf7T4y2fPeTb035RRwYGABcYDKs/LtO2yLiEJhvtZhQPpS+x1AA3k/WlrO+74x 1+ogjOTGBJrKJuyj9hVS/KT0e2oB6CsbcAY+CTWJ85rRq27QtDcrHih7k7bBcL/g GtB8GFcD6Z5HPh6x1IjLM7TwkQy+7ea0YNy+pEeKggs9iS75CEJEiYYG30m2PZ0G Bn2ZSM/vgwkkmjVEASNROG+ezrYMel1di8iqn6Qaur79eP4vQl3f8QmnLolDc9RT LQMfHZLX3WZ4K/W2IdJFyXU5pGV6fSI+wOjoSf9JZU8TiFg3e5h26+aLs5s/dL1u L8W775hJ5Lfwo4qbtSU0+sPWY8Y5SBdDfHA2FrxOjLREZw9gdulnc8WC/fjkeLoa QrOE5aEGBkwhAqQ9Bre0LkSaqVOglsL5QQCjdYPxy0DpWJD9LSEJuB65MB0i7gTt GQlM0X1H7sO5PE3nkAAJNMx4blfk7dXNlFHWD4Y5wAPVv849sPFxQcEIZCmOE/xH sS0aNubkjlK2ToVnRCytk2EWYykhkFxwSZJDg+21SMeMnkchtWW8rIhbC7uC9fPN H1BhelR1Bq7LLV28F8OPapeKOmUb7IXL2NchTM0aKNgplCAaF/oxS8ds9RFN2KN0 Hu3N18hfIDmUEYha8uHd =CUDG -----END PGP SIGNATURE----- --3uo+9/B/ebqu+fSQ-- From owner-svn-src-releng@FreeBSD.ORG Mon Jun 30 12:20:26 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7DC5DE98; Mon, 30 Jun 2014 12:20:26 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5105E2067; Mon, 30 Jun 2014 12:20:26 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5UCKQt0064174; Mon, 30 Jun 2014 12:20:26 GMT (envelope-from marius@svn.freebsd.org) Received: (from marius@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5UCKQEW064173; Mon, 30 Jun 2014 12:20:26 GMT (envelope-from marius@svn.freebsd.org) Message-Id: <201406301220.s5UCKQEW064173@svn.freebsd.org> From: Marius Strobl Date: Mon, 30 Jun 2014 12:20:26 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268039 - releng/9.3/share/man/man4 X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2014 12:20:26 -0000 Author: marius Date: Mon Jun 30 12:20:25 2014 New Revision: 268039 URL: http://svnweb.freebsd.org/changeset/base/268039 Log: MFC: r267967, r267968 - SC_NO_SYSMOUSE isn't currently supported by vt(4), so nuke it from vt.4. - vt_vga(4) is a driver rather than a function so reference it accordingly. - Uncomment HISTORY section given that vt(4) will first appear in 9.3. Reviewed by: emaste (modulo last part) Approved by: re (gjb) Sponsored by: Bally Wulff Games & Entertainment GmbH Modified: releng/9.3/share/man/man4/vt.4 Directory Properties: releng/9.3/share/man/man4/ (props changed) Modified: releng/9.3/share/man/man4/vt.4 ============================================================================== --- releng/9.3/share/man/man4/vt.4 Mon Jun 30 11:15:10 2014 (r268038) +++ releng/9.3/share/man/man4/vt.4 Mon Jun 30 12:20:25 2014 (r268039) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd May 9, 2014 +.Dd June 27, 2014 .Dt "VIRTUAL TERMINALS" 4 .Os .Sh NAME @@ -37,7 +37,6 @@ .Cd "options VT_FB_DEFAULT_WIDTH=X" .Cd "options VT_FB_DEFAULT_HEIGHT=Y" .Cd "options SC_NO_CUTPASTE" -.Cd "options SC_NO_SYSMOUSE" .Cd "device vt" .Pp In @@ -139,7 +138,6 @@ version. .It Dv VT_TWOBUTTON_MOUSE Ta Dv SC_TWOBUTTON_MOUSE .It Dv VT_MAXWINDOWS Ta Dv MAXCONS .It none Ta Dv SC_NO_CUTPASTE -.It none Ta Dv SC_NO_SYSMOUSE .El .Sh START-UP OPERATION WITH X86 BIOS SYSTEMS The computer BIOS starts in text mode, and @@ -153,13 +151,13 @@ is set, the system remains in text mode. Otherwise, .Nm switches to 640x480x16 VGA mode using -.Fn vt_vga . +.Xr vt_vga 4 . If a KMS .Pq Kernel Mode Switching video driver is available, the display is switched to high resolution and the KMS driver takes over. When a KMS driver is not available, -.Fn vt_vga +.Xr vt_vga 4 remains active. .Sh LOADER TUNABLES These settings can be entered at the @@ -201,12 +199,11 @@ terminal initialization information .Xr kbdmux 8 , .Xr kldload 8 , .Xr moused 8 -.\" WB: to be uncommented when an actual release contains vt(4) -.\" .Sh HISTORY -.\" The -.\" Nm -.\" driver first appeared in -.\" .Fx 9.3 . +.Sh HISTORY +The +.Nm +driver first appeared in +.Fx 9.3 . .Sh AUTHORS .An -nosplit The From owner-svn-src-releng@FreeBSD.ORG Mon Jun 30 16:16:37 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 83875C51; Mon, 30 Jun 2014 16:16:37 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 648F42861; Mon, 30 Jun 2014 16:16:37 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5UGGb6j079088; Mon, 30 Jun 2014 16:16:37 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5UGGacc079082; Mon, 30 Jun 2014 16:16:36 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201406301616.s5UGGacc079082@svn.freebsd.org> From: Xin LI Date: Mon, 30 Jun 2014 16:16:36 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268044 - releng/9.3/sys/dev/oce X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2014 16:16:37 -0000 Author: delphij Date: Mon Jun 30 16:16:35 2014 New Revision: 268044 URL: http://svnweb.freebsd.org/changeset/base/268044 Log: MFS r267944 (MFC r258941,267839): Apply vendor improvements to oce(4) driver: - Add support to 20Gbps, 25Gbps, 40Gbps devices; - Add support to control adaptive interrupt coalescing (AIC) via sysctl; - Improve support of BE3 devices; - Big endian support fixes; Many thanks to Emulex for their continued support of FreeBSD. Submitted by: Venkata Duvvuru Approved by: re (gjb) Modified: releng/9.3/sys/dev/oce/oce_hw.c releng/9.3/sys/dev/oce/oce_hw.h releng/9.3/sys/dev/oce/oce_if.c releng/9.3/sys/dev/oce/oce_if.h releng/9.3/sys/dev/oce/oce_mbox.c releng/9.3/sys/dev/oce/oce_sysctl.c Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/dev/oce/oce_hw.c ============================================================================== --- releng/9.3/sys/dev/oce/oce_hw.c Mon Jun 30 14:52:40 2014 (r268043) +++ releng/9.3/sys/dev/oce/oce_hw.c Mon Jun 30 16:16:35 2014 (r268044) @@ -487,11 +487,7 @@ oce_hw_start(POCE_SOFTC sc) if_link_state_change(sc->ifp, LINK_STATE_DOWN); } - if (link.mac_speed > 0 && link.mac_speed < 5) - sc->link_speed = link.mac_speed; - else - sc->link_speed = 0; - + sc->link_speed = link.phys_port_speed; sc->qos_link_speed = (uint32_t )link.qos_link_speed * 10; rc = oce_start_mq(sc->mq); Modified: releng/9.3/sys/dev/oce/oce_hw.h ============================================================================== --- releng/9.3/sys/dev/oce/oce_hw.h Mon Jun 30 14:52:40 2014 (r268043) +++ releng/9.3/sys/dev/oce/oce_hw.h Mon Jun 30 16:16:35 2014 (r268044) @@ -1023,7 +1023,7 @@ struct mbx_hdr { #define OCE_MBX_ADDL_STATUS(_MHDR) ((_MHDR)->u0.rsp.additional_status) #define OCE_MBX_STATUS(_MHDR) ((_MHDR)->u0.rsp.status) -/* [05] OPCODE_COMMON_QUERY_LINK_CONFIG */ +/* [05] OPCODE_COMMON_QUERY_LINK_CONFIG_V1 */ struct mbx_query_common_link_config { struct mbx_hdr hdr; union { @@ -1032,16 +1032,37 @@ struct mbx_query_common_link_config { } req; struct { - /* dw 0 */ - uint8_t physical_port; - uint8_t mac_duplex; - uint8_t mac_speed; - uint8_t mac_fault; - /* dw 1 */ - uint8_t mgmt_mac_duplex; - uint8_t mgmt_mac_speed; + #ifdef _BIG_ENDIAN + uint32_t physical_port_fault:8; + uint32_t physical_port_speed:8; + uint32_t link_duplex:8; + uint32_t pt:2; + uint32_t port_number:6; + uint16_t qos_link_speed; - uint32_t logical_link_status; + uint16_t rsvd0; + + uint32_t rsvd1:21; + uint32_t phys_fcv:1; + uint32_t phys_rxf:1; + uint32_t phys_txf:1; + uint32_t logical_link_status:8; + #else + uint32_t port_number:6; + uint32_t pt:2; + uint32_t link_duplex:8; + uint32_t physical_port_speed:8; + uint32_t physical_port_fault:8; + + uint16_t rsvd0; + uint16_t qos_link_speed; + + uint32_t logical_link_status:8; + uint32_t phys_txf:1; + uint32_t phys_rxf:1; + uint32_t phys_fcv:1; + uint32_t rsvd1:21; + #endif } rsp; } params; }; Modified: releng/9.3/sys/dev/oce/oce_if.c ============================================================================== --- releng/9.3/sys/dev/oce/oce_if.c Mon Jun 30 14:52:40 2014 (r268043) +++ releng/9.3/sys/dev/oce/oce_if.c Mon Jun 30 16:16:35 2014 (r268044) @@ -828,6 +828,21 @@ oce_media_status(struct ifnet *ifp, stru req->ifm_active |= IFM_10G_SR | IFM_FDX; sc->speed = 10000; break; + case 5: /* 20 Gbps */ + req->ifm_active |= IFM_10G_SR | IFM_FDX; + sc->speed = 20000; + break; + case 6: /* 25 Gbps */ + req->ifm_active |= IFM_10G_SR | IFM_FDX; + sc->speed = 25000; + break; + case 7: /* 40 Gbps */ + req->ifm_active |= IFM_40G_SR4 | IFM_FDX; + sc->speed = 40000; + break; + default: + sc->speed = 0; + break; } return; @@ -1940,7 +1955,6 @@ done: /* Is there atleast one eq that needs to be modified? */ if(num) oce_mbox_eqd_modify_periodic(sc, set_eqd, num); - } static void oce_detect_hw_error(POCE_SOFTC sc) @@ -2140,11 +2154,6 @@ process_link_state(POCE_SOFTC sc, struct sc->link_status = ASYNC_EVENT_LINK_DOWN; if_link_state_change(sc->ifp, LINK_STATE_DOWN); } - - /* Update speed */ - sc->link_speed = acqe->u0.s.speed; - sc->qos_link_speed = (uint32_t) acqe->u0.s.qos_link_speed * 10; - } @@ -2218,13 +2227,16 @@ setup_max_queues_want(POCE_SOFTC sc) (sc->function_mode & FNM_UMC_MODE) || (sc->function_mode & FNM_VNIC_MODE) || (!is_rss_enabled(sc)) || - (sc->flags & OCE_FLAGS_BE2)) { + IS_BE2(sc)) { sc->nrqs = 1; sc->nwqs = 1; } else { sc->nrqs = MIN(OCE_NCPUS, sc->nrssqs) + 1; sc->nwqs = MIN(OCE_NCPUS, sc->nrssqs); } + + if (IS_BE2(sc) && is_rss_enabled(sc)) + sc->nrqs = MIN(OCE_NCPUS, sc->nrssqs) + 1; } @@ -2238,6 +2250,9 @@ update_queues_got(POCE_SOFTC sc) sc->nrqs = 1; sc->nwqs = 1; } + + if (IS_BE2(sc)) + sc->nwqs = 1; } static int @@ -2329,18 +2344,17 @@ oce_get_config(POCE_SOFTC sc) max_rss = OCE_MAX_RSS; if (!IS_BE(sc)) { - rc = oce_get_func_config(sc); + rc = oce_get_profile_config(sc, max_rss); if (rc) { sc->nwqs = OCE_MAX_WQ; sc->nrssqs = max_rss; sc->nrqs = sc->nrssqs + 1; } } - else { - rc = oce_get_profile_config(sc); + else { /* For BE3 don't rely on fw for determining the resources */ sc->nrssqs = max_rss; sc->nrqs = sc->nrssqs + 1; - if (rc) - sc->nwqs = OCE_MAX_WQ; + sc->nwqs = OCE_MAX_WQ; + sc->max_vlans = MAX_VLANFILTER_SIZE; } } Modified: releng/9.3/sys/dev/oce/oce_if.h ============================================================================== --- releng/9.3/sys/dev/oce/oce_if.h Mon Jun 30 14:52:40 2014 (r268043) +++ releng/9.3/sys/dev/oce/oce_if.h Mon Jun 30 16:16:35 2014 (r268044) @@ -759,14 +759,9 @@ struct oce_rq { }; struct link_status { - uint8_t physical_port; - uint8_t mac_duplex; - uint8_t mac_speed; - uint8_t mac_fault; - uint8_t mgmt_mac_duplex; - uint8_t mgmt_mac_speed; + uint8_t phys_port_speed; + uint8_t logical_link_status; uint16_t qos_link_speed; - uint32_t logical_link_status; }; @@ -882,8 +877,8 @@ typedef struct oce_softc { uint8_t hw_error; uint16_t qnq_debug_event; uint16_t qnqid; - uint16_t pvid; - uint16_t max_vlans; + uint32_t pvid; + uint32_t max_vlans; } OCE_SOFTC, *POCE_SOFTC; @@ -1055,7 +1050,7 @@ int oce_mbox_cq_create(struct oce_cq *cq int oce_mbox_read_transrecv_data(POCE_SOFTC sc, uint32_t page_num); void oce_mbox_eqd_modify_periodic(POCE_SOFTC sc, struct oce_set_eqd *set_eqd, int num); -int oce_get_profile_config(POCE_SOFTC sc); +int oce_get_profile_config(POCE_SOFTC sc, uint32_t max_rss); int oce_get_func_config(POCE_SOFTC sc); void mbx_common_req_hdr_init(struct mbx_hdr *hdr, uint8_t dom, @@ -1099,6 +1094,9 @@ extern uint32_t oce_max_rsp_handled; /* #define OCE_ONE_PORT_EXT_LOOPBACK 0x2 #define OCE_NO_LOOPBACK 0xff +#undef IFM_40G_SR4 +#define IFM_40G_SR4 28 + #define atomic_inc_32(x) atomic_add_32(x, 1) #define atomic_dec_32(x) atomic_subtract_32(x, 1) Modified: releng/9.3/sys/dev/oce/oce_mbox.c ============================================================================== --- releng/9.3/sys/dev/oce/oce_mbox.c Mon Jun 30 14:52:40 2014 (r268043) +++ releng/9.3/sys/dev/oce/oce_mbox.c Mon Jun 30 16:16:35 2014 (r268044) @@ -935,7 +935,7 @@ oce_get_link_status(POCE_SOFTC sc, struc bzero(&mbx, sizeof(struct oce_mbx)); - IS_XE201(sc) ? (version = OCE_MBX_VER_V1) : (version = OCE_MBX_VER_V0); + IS_BE2(sc) ? (version = OCE_MBX_VER_V0) : (version = OCE_MBX_VER_V1); fwcmd = (struct mbx_query_common_link_config *)&mbx.payload; mbx_common_req_hdr_init(&fwcmd->hdr, 0, 0, @@ -961,9 +961,9 @@ oce_get_link_status(POCE_SOFTC sc, struc goto error; } /* interpret response */ - bcopy(&fwcmd->params.rsp, link, sizeof(struct link_status)); - link->logical_link_status = HOST_32(link->logical_link_status); - link->qos_link_speed = HOST_16(link->qos_link_speed); + link->qos_link_speed = HOST_16(fwcmd->params.rsp.qos_link_speed); + link->phys_port_speed = fwcmd->params.rsp.physical_port_speed; + link->logical_link_status = fwcmd->params.rsp.logical_link_status; error: return rc; } @@ -2025,7 +2025,7 @@ oce_mbox_eqd_modify_periodic(POCE_SOFTC } int -oce_get_profile_config(POCE_SOFTC sc) +oce_get_profile_config(POCE_SOFTC sc, uint32_t max_rss) { struct oce_mbx mbx; struct mbx_common_get_profile_config *fwcmd; @@ -2050,7 +2050,7 @@ oce_get_profile_config(POCE_SOFTC sc) fwcmd = OCE_DMAPTR(&dma, struct mbx_common_get_profile_config); bzero(fwcmd, sizeof(struct mbx_common_get_profile_config)); - if (IS_BE3(sc)) + if (!IS_XE201(sc)) version = OCE_MBX_VER_V1; else version = OCE_MBX_VER_V0; @@ -2102,13 +2102,20 @@ oce_get_profile_config(POCE_SOFTC sc) goto error; } else { - sc->max_vlans = nic_desc->vlan_count; - sc->nwqs = HOST_32(nic_desc->txq_count); + sc->max_vlans = HOST_16(nic_desc->vlan_count); + sc->nwqs = HOST_16(nic_desc->txq_count); if (sc->nwqs) sc->nwqs = MIN(sc->nwqs, OCE_MAX_WQ); else sc->nwqs = OCE_MAX_WQ; + sc->nrssqs = HOST_16(nic_desc->rssq_count); + if (sc->nrssqs) + sc->nrssqs = MIN(sc->nrssqs, max_rss); + else + sc->nrssqs = max_rss; + sc->nrqs = sc->nrssqs + 1; /* 1 for def RX */; + } error: oce_dma_free(sc, &dma); Modified: releng/9.3/sys/dev/oce/oce_sysctl.c ============================================================================== --- releng/9.3/sys/dev/oce/oce_sysctl.c Mon Jun 30 14:52:40 2014 (r268043) +++ releng/9.3/sys/dev/oce/oce_sysctl.c Mon Jun 30 16:16:35 2014 (r268044) @@ -44,6 +44,7 @@ static void copy_stats_to_sc_xe201(POCE_ static void copy_stats_to_sc_be3(POCE_SOFTC sc); static void copy_stats_to_sc_be2(POCE_SOFTC sc); static int oce_sysctl_loopback(SYSCTL_HANDLER_ARGS); +static int oce_sys_aic_enable(SYSCTL_HANDLER_ARGS); static int oce_be3_fwupgrade(POCE_SOFTC sc, const struct firmware *fw); static int oce_skyhawk_fwupgrade(POCE_SOFTC sc, const struct firmware *fw); static int oce_sys_fwupgrade(SYSCTL_HANDLER_ARGS); @@ -131,6 +132,10 @@ oce_add_sysctls(POCE_SOFTC sc) CTLTYPE_STRING | CTLFLAG_RW, (void *)sc, 0, oce_sys_fwupgrade, "A", "Firmware ufi file"); + SYSCTL_ADD_PROC(ctx, child, OID_AUTO, "aic_enable", + CTLTYPE_INT | CTLFLAG_RW, (void *)sc, 1, + oce_sys_aic_enable, "I", "aic flags"); + /* * Dumps Transceiver data * "sysctl dev.oce.0.sfp_vpd_dump=0" @@ -170,6 +175,35 @@ oce_loopback_test(struct oce_softc *sc, } static int +oce_sys_aic_enable(SYSCTL_HANDLER_ARGS) +{ + int value = 0; + uint32_t status, vector; + POCE_SOFTC sc = (struct oce_softc *)arg1; + struct oce_aic_obj *aic; + + status = sysctl_handle_int(oidp, &value, 0, req); + if (status || !req->newptr) + return status; + + for (vector = 0; vector < sc->intr_count; vector++) { + aic = &sc->aic_obj[vector]; + + if (value == 0){ + aic->max_eqd = aic->min_eqd = aic->et_eqd = 0; + aic->enable = 0; + } + else { + aic->max_eqd = OCE_MAX_EQD; + aic->min_eqd = OCE_MIN_EQD; + aic->et_eqd = OCE_MIN_EQD; + aic->enable = TRUE; + } + } + return 0; +} + +static int oce_sysctl_loopback(SYSCTL_HANDLER_ARGS) { int value = 0; From owner-svn-src-releng@FreeBSD.ORG Mon Jun 30 19:33:04 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8DAE6FE2; Mon, 30 Jun 2014 19:33:04 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7ACD12C21; Mon, 30 Jun 2014 19:33:04 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5UJX4mv076771; Mon, 30 Jun 2014 19:33:04 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5UJX41O076770; Mon, 30 Jun 2014 19:33:04 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406301933.s5UJX41O076770@svn.freebsd.org> From: Glen Barber Date: Mon, 30 Jun 2014 19:33:04 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268058 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2014 19:33:04 -0000 Author: gjb Date: Mon Jun 30 19:33:04 2014 New Revision: 268058 URL: http://svnweb.freebsd.org/changeset/base/268058 Log: Prefix SA-14:16.file with 'FreeBSD-' for consistency with other SA listings. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jun 30 19:30:23 2014 (r268057) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jun 30 19:33:04 2014 (r268058) @@ -184,7 +184,7 @@ - SA-14:16.file + FreeBSD-SA-14:16.file 24 June 2014 Multiple vulnerabilities From owner-svn-src-releng@FreeBSD.ORG Mon Jun 30 19:36:08 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id F1136395; Mon, 30 Jun 2014 19:36:08 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DE3572C44; Mon, 30 Jun 2014 19:36:08 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5UJa8kf077331; Mon, 30 Jun 2014 19:36:08 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5UJa8ah077330; Mon, 30 Jun 2014 19:36:08 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201406301936.s5UJa8ah077330@svn.freebsd.org> From: Glen Barber Date: Mon, 30 Jun 2014 19:36:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268060 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2014 19:36:09 -0000 Author: gjb Date: Mon Jun 30 19:36:08 2014 New Revision: 268060 URL: http://svnweb.freebsd.org/changeset/base/268060 Log: Make reference to vt(4) a link now that the manual page is available. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jun 30 19:34:16 2014 (r268059) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jun 30 19:36:08 2014 (r268060) @@ -333,7 +333,7 @@ libzfs. The vt driver + sponsor="&ff;">The &man.vt.4; driver has been merged from head/. Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0C49BBE5; Mon, 30 Jun 2014 23:39:14 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ED76D22AC; Mon, 30 Jun 2014 23:39:13 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s5UNdDMO093583; Mon, 30 Jun 2014 23:39:13 GMT (envelope-from rodrigc@svn.freebsd.org) Received: (from rodrigc@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s5UNdDnr093582; Mon, 30 Jun 2014 23:39:13 GMT (envelope-from rodrigc@svn.freebsd.org) Message-Id: <201406302339.s5UNdDnr093582@svn.freebsd.org> From: Craig Rodrigues Date: Mon, 30 Jun 2014 23:39:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268068 - releng/9.3/sys/x86/acpica X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 30 Jun 2014 23:39:14 -0000 Author: rodrigc Date: Mon Jun 30 23:39:13 2014 New Revision: 268068 URL: http://svnweb.freebsd.org/changeset/base/268068 Log: MFC r267821: Strict value checking will cause problem. Bay trail DN2820FYKH is supported on Linux but does not work on FreeBSD. This behaviour is bug-compatible with Linux-3.13.5. References: http://d.hatena.ne.jp/syuu1228/20140326 http://lxr.linux.no/linux+v3.13.5/arch/x86/kernel/acpi/boot.c#L1094 Submitted by: syuu PR: 187966 Approved by: re (gjb) Modified: releng/9.3/sys/x86/acpica/madt.c Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/x86/acpica/madt.c ============================================================================== --- releng/9.3/sys/x86/acpica/madt.c Mon Jun 30 23:34:36 2014 (r268067) +++ releng/9.3/sys/x86/acpica/madt.c Mon Jun 30 23:39:13 2014 (r268068) @@ -306,10 +306,11 @@ interrupt_polarity(UINT16 IntiFlags, UIN case ACPI_MADT_POLARITY_ACTIVE_HIGH: return (INTR_POLARITY_HIGH); case ACPI_MADT_POLARITY_ACTIVE_LOW: - return (INTR_POLARITY_LOW); + break; default: - panic("Bogus Interrupt Polarity"); + printf("WARNING: Bogus Interrupt Polarity. Assume POLALITY LOW"); } + return (INTR_POLARITY_LOW); } static enum intr_trigger @@ -325,10 +326,13 @@ interrupt_trigger(UINT16 IntiFlags, UINT case ACPI_MADT_TRIGGER_EDGE: return (INTR_TRIGGER_EDGE); case ACPI_MADT_TRIGGER_LEVEL: - return (INTR_TRIGGER_LEVEL); + break; default: - panic("Bogus Interrupt Trigger Mode"); + printf("WARNING: Bogus Interrupt Trigger Mode. Assume Level trigger."); + + break; } + return (INTR_TRIGGER_LEVEL); } /* From owner-svn-src-releng@FreeBSD.ORG Tue Jul 1 14:12:59 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EF95E670; Tue, 1 Jul 2014 14:12:59 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DCA0C2584; Tue, 1 Jul 2014 14:12:59 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s61ECxvT000430; Tue, 1 Jul 2014 14:12:59 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s61ECxG8000429; Tue, 1 Jul 2014 14:12:59 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407011412.s61ECxG8000429@svn.freebsd.org> From: Glen Barber Date: Tue, 1 Jul 2014 14:12:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268092 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2014 14:13:00 -0000 Author: gjb Date: Tue Jul 1 14:12:59 2014 New Revision: 268092 URL: http://svnweb.freebsd.org/changeset/base/268092 Log: Fix typo: s/ata/ichsmb/ Wrap. Submitted by: mav Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 1 13:29:17 2014 (r268091) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 1 14:12:59 2014 (r268092) @@ -231,8 +231,8 @@ A deadlock triggered by powering off a USB device has been fixed. - The &man.ata.4; driver has been updated - to support Intel Lynx Point PCH SMBus devices. + The &man.ichsmb.4; driver has been + updated to support Intel Lynx Point PCH SMBus devices. The &man.ata.4; driver has been updated to support Coleto Creek devices. From owner-svn-src-releng@FreeBSD.ORG Tue Jul 1 15:48:24 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7A018194; Tue, 1 Jul 2014 15:48:24 +0000 (UTC) Received: from mail-wi0-x22e.google.com (mail-wi0-x22e.google.com [IPv6:2a00:1450:400c:c05::22e]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 95E382F78; Tue, 1 Jul 2014 15:48:20 +0000 (UTC) Received: by mail-wi0-f174.google.com with SMTP id bs8so8094314wib.7 for ; Tue, 01 Jul 2014 08:48:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:date:from:to:cc:subject:message-id:references:mime-version :content-type:content-disposition:in-reply-to:user-agent; bh=0HoETbuU/seLsbjh6yGVj8wiHdys0xb4hVGo/RIXRB0=; b=IHpLC36ShCgfbIDt9dTQadLODeHjDNbgxMLfOmzh0h+AxBR9OxUMLJFAvAdpIAMyFL Lixi5QVxwXakvhu1lHhmDFjgPEGwvsWWd6XsuEt2TBEOTSJzIm5LLk49qp7kKbzpkjxz Ncnq+YgUYdIM+kmunU2ivVMDBlwVrOQzfo9nmZGUNcscO0L9uAc560lGlreBrm/hPGTQ ilJ0CtqLUdzVRZ/xdGffqA7MNaj2Vt7UroqQOcEoQpQDG9sCEQcv4UzDEXIVVg8R3OWh Cda7rRdbFdvwTYFBCztNFT8nbMELBW483mwdOTOQZicYCikSsmNSFUr0V3Lz6slOOPLV OY/Q== X-Received: by 10.180.84.7 with SMTP id u7mr36692894wiy.27.1404229698822; Tue, 01 Jul 2014 08:48:18 -0700 (PDT) Received: from ivaldir.etoilebsd.net ([2001:41d0:8:db4c::1]) by mx.google.com with ESMTPSA id bq7sm44592291wib.7.2014.07.01.08.48.17 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Jul 2014 08:48:17 -0700 (PDT) Sender: Baptiste Daroussin Date: Tue, 1 Jul 2014 17:48:14 +0200 From: Baptiste Daroussin To: Craig Rodrigues Subject: Re: svn commit: r268068 - releng/9.3/sys/x86/acpica Message-ID: <20140701154814.GB7307@ivaldir.etoilebsd.net> References: <201406302339.s5UNdDnr093582@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="yNb1oOkm5a9FJOVX" Content-Disposition: inline In-Reply-To: <201406302339.s5UNdDnr093582@svn.freebsd.org> User-Agent: Mutt/1.5.23 (2014-03-12) Cc: svn-src-releng@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2014 15:48:24 -0000 --yNb1oOkm5a9FJOVX Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 30, 2014 at 11:39:13PM +0000, Craig Rodrigues wrote: > Author: rodrigc > Date: Mon Jun 30 23:39:13 2014 > New Revision: 268068 > URL: http://svnweb.freebsd.org/changeset/base/268068 >=20 > Log: > MFC r267821: > =20 > Strict value checking will cause problem. > Bay trail DN2820FYKH is supported on Linux but does not work on FreeBSD. > This behaviour is bug-compatible with Linux-3.13.5. > =20 > References: > http://d.hatena.ne.jp/syuu1228/20140326 > http://lxr.linux.no/linux+v3.13.5/arch/x86/kernel/acpi/boot.c#L1094 > =20 > Submitted by: syuu > PR: 187966 > Approved by: re (gjb) >=20 > Modified: > releng/9.3/sys/x86/acpica/madt.c > Directory Properties: > releng/9.3/sys/ (props changed) >=20 > Modified: releng/9.3/sys/x86/acpica/madt.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D > --- releng/9.3/sys/x86/acpica/madt.c Mon Jun 30 23:34:36 2014 (r268067) > +++ releng/9.3/sys/x86/acpica/madt.c Mon Jun 30 23:39:13 2014 (r268068) > @@ -306,10 +306,11 @@ interrupt_polarity(UINT16 IntiFlags, UIN > case ACPI_MADT_POLARITY_ACTIVE_HIGH: > return (INTR_POLARITY_HIGH); > case ACPI_MADT_POLARITY_ACTIVE_LOW: > - return (INTR_POLARITY_LOW); > + break; > default: > - panic("Bogus Interrupt Polarity"); > + printf("WARNING: Bogus Interrupt Polarity. Assume POLALITY LOW"); ^^^^^^^^=20 Looks like a typo regards, Bapt --yNb1oOkm5a9FJOVX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iEYEARECAAYFAlOy2D4ACgkQ8kTtMUmk6Ewz0ACfRgoDVnH/wyQ6Czn5GpqbCtRz CykAoJbyNt+GfJEPKY7J22X2p6WJdnVk =uN0B -----END PGP SIGNATURE----- --yNb1oOkm5a9FJOVX-- From owner-svn-src-releng@FreeBSD.ORG Tue Jul 1 17:31:48 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 4CA22744; Tue, 1 Jul 2014 17:31:48 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 37F0F2A6A; Tue, 1 Jul 2014 17:31:48 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s61HVm8i096659; Tue, 1 Jul 2014 17:31:48 GMT (envelope-from ume@svn.freebsd.org) Received: (from ume@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s61HVmEE096658; Tue, 1 Jul 2014 17:31:48 GMT (envelope-from ume@svn.freebsd.org) Message-Id: <201407011731.s61HVmEE096658@svn.freebsd.org> From: Hajimu UMEMOTO Date: Tue, 1 Jul 2014 17:31:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268106 - releng/9.3/lib/libc/net X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2014 17:31:48 -0000 Author: ume Date: Tue Jul 1 17:31:47 2014 New Revision: 268106 URL: http://svnweb.freebsd.org/changeset/base/268106 Log: MFS r267876 (MFC r267616): Retooling addrconfig() to exclude addresses on loopback interfaces when looking for configured addresses. This change is based upon the code from the submitter, and made following changes: - Exclude addresses assigned on interfaces which are down, like NetBSD does. - Exclude addresses assigned on interfaces which are ifdisabled. PR: 190824 Submitted by: Justin McOmie Approved by: re (marius) Modified: releng/9.3/lib/libc/net/getaddrinfo.c Directory Properties: releng/9.3/lib/libc/ (props changed) Modified: releng/9.3/lib/libc/net/getaddrinfo.c ============================================================================== --- releng/9.3/lib/libc/net/getaddrinfo.c Tue Jul 1 17:27:48 2014 (r268105) +++ releng/9.3/lib/libc/net/getaddrinfo.c Tue Jul 1 17:31:47 2014 (r268106) @@ -62,12 +62,15 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include +#include #include #ifdef INET6 #include #include #include -#include /* XXX */ +#include +#include #endif #include #include @@ -244,6 +247,9 @@ static int get_portmatch(const struct ad static int get_port(struct addrinfo *, const char *, int); static const struct afd *find_afd(int); static int addrconfig(struct addrinfo *); +#ifdef INET6 +static int is_ifdisabled(char *); +#endif static void set_source(struct ai_order *, struct policyhead *); static int comp_dst(const void *, const void *); #ifdef INET6 @@ -1520,10 +1526,11 @@ find_afd(int af) } /* - * post-2553: AI_ADDRCONFIG check. if we use getipnodeby* as backend, backend - * will take care of it. - * the semantics of AI_ADDRCONFIG is not defined well. we are not sure - * if the code is right or not. + * post-2553: AI_ADDRCONFIG check. Determines which address families are + * configured on the local system and correlates with pai->ai_family value. + * If an address family is not configured on the system, it will not be + * queried for. For this purpose, loopback addresses are not considered + * configured addresses. * * XXX PF_UNSPEC -> PF_INET6 + PF_INET mapping needs to be in sync with * _dns_getaddrinfo. @@ -1531,37 +1538,64 @@ find_afd(int af) static int addrconfig(struct addrinfo *pai) { - int s, af; + struct ifaddrs *ifaddrs, *ifa; + int seen_inet = 0, seen_inet6 = 0; - /* - * TODO: - * Note that implementation dependent test for address - * configuration should be done everytime called - * (or apropriate interval), - * because addresses will be dynamically assigned or deleted. - */ - af = pai->ai_family; - if (af == AF_UNSPEC) { - if ((s = _socket(AF_INET6, SOCK_DGRAM, 0)) < 0) - af = AF_INET; - else { - _close(s); - if ((s = _socket(AF_INET, SOCK_DGRAM, 0)) < 0) - af = AF_INET6; - else - _close(s); + if (getifaddrs(&ifaddrs) != 0) + return 0; + + for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { + if (ifa->ifa_addr == NULL || (ifa->ifa_flags & IFF_UP) == 0) + continue; + if ((ifa->ifa_flags & IFT_LOOP) != 0) + continue; + switch (ifa->ifa_addr->sa_family) { + case AF_INET: + seen_inet = 1; + break; +#ifdef INET6 + case AF_INET6: + if (!seen_inet6 && !is_ifdisabled(ifa->ifa_name)) + seen_inet6 = 1; + break; +#endif } } - if (af != AF_UNSPEC) { - if ((s = _socket(af, SOCK_DGRAM, 0)) < 0) - return 0; - _close(s); + freeifaddrs(ifaddrs); + + switch(pai->ai_family) { + case AF_INET6: + return seen_inet6; + case AF_INET: + return seen_inet; + case AF_UNSPEC: + if (seen_inet == seen_inet6) + return seen_inet; + pai->ai_family = seen_inet ? AF_INET : AF_INET6; + return 1; } - pai->ai_family = af; return 1; } #ifdef INET6 +static int +is_ifdisabled(char *name) +{ + struct in6_ndireq nd; + int fd; + + if ((fd = _socket(AF_INET6, SOCK_DGRAM, 0)) < 0) + return -1; + memset(&nd, 0, sizeof(nd)); + strlcpy(nd.ifname, name, sizeof(nd.ifname)); + if (_ioctl(fd, SIOCGIFINFO_IN6, &nd) < 0) { + _close(fd); + return -1; + } + _close(fd); + return ((nd.ndi.flags & ND6_IFF_IFDISABLED) != 0); +} + /* convert a string to a scope identifier. XXX: IPv6 specific */ static int ip6_str2scopeid(char *scope, struct sockaddr_in6 *sin6, u_int32_t *scopeid) From owner-svn-src-releng@FreeBSD.ORG Tue Jul 1 18:05:39 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 10396936; Tue, 1 Jul 2014 18:05:39 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id F23D22D6A; Tue, 1 Jul 2014 18:05:38 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s61I5c2e012737; Tue, 1 Jul 2014 18:05:38 GMT (envelope-from ume@svn.freebsd.org) Received: (from ume@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s61I5civ012736; Tue, 1 Jul 2014 18:05:38 GMT (envelope-from ume@svn.freebsd.org) Message-Id: <201407011805.s61I5civ012736@svn.freebsd.org> From: Hajimu UMEMOTO Date: Tue, 1 Jul 2014 18:05:38 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268107 - releng/9.3/lib/libc/net X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Jul 2014 18:05:39 -0000 Author: ume Date: Tue Jul 1 18:05:38 2014 New Revision: 268107 URL: http://svnweb.freebsd.org/changeset/base/268107 Log: MFS r268053 (MFC r267800): Exclude IPv4 address from doing longest match. It prevented DNS based load balancing. Approved by: re (delphij) Modified: releng/9.3/lib/libc/net/getaddrinfo.c Directory Properties: releng/9.3/lib/libc/ (props changed) Modified: releng/9.3/lib/libc/net/getaddrinfo.c ============================================================================== --- releng/9.3/lib/libc/net/getaddrinfo.c Tue Jul 1 17:31:47 2014 (r268106) +++ releng/9.3/lib/libc/net/getaddrinfo.c Tue Jul 1 18:05:38 2014 (r268107) @@ -1007,7 +1007,8 @@ comp_dst(const void *arg1, const void *a * We compare the match length in a same AF only. */ if (dst1->aio_ai->ai_addr->sa_family == - dst2->aio_ai->ai_addr->sa_family) { + dst2->aio_ai->ai_addr->sa_family && + dst1->aio_ai->ai_addr->sa_family != AF_INET) { if (dst1->aio_matchlen > dst2->aio_matchlen) { return(-1); } From owner-svn-src-releng@FreeBSD.ORG Wed Jul 2 19:53:52 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8B794634; Wed, 2 Jul 2014 19:53:52 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7863D2B33; Wed, 2 Jul 2014 19:53:52 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s62JrqKe055803; Wed, 2 Jul 2014 19:53:52 GMT (envelope-from dteske@svn.freebsd.org) Received: (from dteske@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s62Jrqwi055802; Wed, 2 Jul 2014 19:53:52 GMT (envelope-from dteske@svn.freebsd.org) Message-Id: <201407021953.s62Jrqwi055802@svn.freebsd.org> From: Devin Teske Date: Wed, 2 Jul 2014 19:53:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268174 - releng/9.3/usr.sbin/bsdconfig/share/packages X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jul 2014 19:53:52 -0000 Author: dteske Date: Wed Jul 2 19:53:51 2014 New Revision: 268174 URL: http://svnweb.freebsd.org/changeset/base/268174 Log: MFS9 r268171 (MFC r267680): Fix a code typo that prevented mkdir from firing (unnoticed usually because another part of the code succeeded in making the same directory). Approved by: re (gjb) Modified: releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr Directory Properties: releng/9.3/usr.sbin/bsdconfig/ (props changed) Modified: releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr ============================================================================== --- releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr Wed Jul 2 19:46:42 2014 (r268173) +++ releng/9.3/usr.sbin/bsdconfig/share/packages/index.subr Wed Jul 2 19:53:51 2014 (r268174) @@ -258,7 +258,7 @@ f_index_initialize() # Finally, move the temporary file into place case "$PACKAGES_INDEX_CACHEFILE" in - */*) f_eval_catch -d $funcname mkdir \ + */*) f_eval_catch -d $__funcname mkdir \ 'mkdir -p "%s"' "${PACKAGES_INDEX_CACHEFILE%/*}" esac f_eval_catch -d $__funcname mv 'mv -f "%s" "%s"' \ From owner-svn-src-releng@FreeBSD.ORG Thu Jul 3 13:21:01 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6089243A; Thu, 3 Jul 2014 13:21:01 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3408526F0; Thu, 3 Jul 2014 13:21:01 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s63DL1su055469; Thu, 3 Jul 2014 13:21:01 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s63DL1Nh055468; Thu, 3 Jul 2014 13:21:01 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407031321.s63DL1Nh055468@svn.freebsd.org> From: Glen Barber Date: Thu, 3 Jul 2014 13:21:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268213 - releng/9.3 X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 13:21:01 -0000 Author: gjb Date: Thu Jul 3 13:21:00 2014 New Revision: 268213 URL: http://svnweb.freebsd.org/changeset/base/268213 Log: Revert mergeinfo to the root of releng/9.3/ introduced in r267841. Approved by: re (glebius) Sponsored by: The FreeBSD Foundation Modified: Directory Properties: releng/9.3/ (props changed) From owner-svn-src-releng@FreeBSD.ORG Thu Jul 3 13:49:44 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AC5CC3FF; Thu, 3 Jul 2014 13:49:44 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7F0AA2A65; Thu, 3 Jul 2014 13:49:44 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s63Dninj067007; Thu, 3 Jul 2014 13:49:44 GMT (envelope-from hselasky@svn.freebsd.org) Received: (from hselasky@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s63Dnhqw067003; Thu, 3 Jul 2014 13:49:43 GMT (envelope-from hselasky@svn.freebsd.org) Message-Id: <201407031349.s63Dnhqw067003@svn.freebsd.org> From: Hans Petter Selasky Date: Thu, 3 Jul 2014 13:49:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268214 - in releng/9.3/sys/dev/usb: net serial X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 13:49:44 -0000 Author: hselasky Date: Thu Jul 3 13:49:43 2014 New Revision: 268214 URL: http://svnweb.freebsd.org/changeset/base/268214 Log: MFC r268078 and r268080: Fix for memory use after free() and mtx_destroy(). Approved by: re, glebius @ Modified: releng/9.3/sys/dev/usb/net/uhso.c releng/9.3/sys/dev/usb/serial/usb_serial.c releng/9.3/sys/dev/usb/serial/usb_serial.h Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/dev/usb/net/uhso.c ============================================================================== --- releng/9.3/sys/dev/usb/net/uhso.c Thu Jul 3 13:21:00 2014 (r268213) +++ releng/9.3/sys/dev/usb/net/uhso.c Thu Jul 3 13:49:43 2014 (r268214) @@ -558,8 +558,6 @@ uhso_attach(device_t self) mtx_init(&sc->sc_mtx, "uhso", NULL, MTX_DEF); ucom_ref(&sc->sc_super_ucom); - sc->sc_ucom = NULL; - sc->sc_ttys = 0; sc->sc_radio = 1; id = usbd_get_interface_descriptor(uaa->iface); @@ -679,9 +677,6 @@ uhso_detach(device_t self) UHSO_CTRL_MAX); } } - - free(sc->sc_tty, M_USBDEV); - free(sc->sc_ucom, M_USBDEV); } if (sc->sc_ifp != NULL) { @@ -709,6 +704,8 @@ static void uhso_free_softc(struct uhso_softc *sc) { if (ucom_unref(&sc->sc_super_ucom)) { + free(sc->sc_tty, M_USBDEV); + free(sc->sc_ucom, M_USBDEV); mtx_destroy(&sc->sc_mtx); device_free_softc(sc); } Modified: releng/9.3/sys/dev/usb/serial/usb_serial.c ============================================================================== --- releng/9.3/sys/dev/usb/serial/usb_serial.c Thu Jul 3 13:21:00 2014 (r268213) +++ releng/9.3/sys/dev/usb/serial/usb_serial.c Thu Jul 3 13:49:43 2014 (r268214) @@ -203,7 +203,7 @@ ucom_uninit(void *arg) mtx_destroy(&ucom_mtx); } -SYSUNINIT(ucom_uninit, SI_SUB_KLD - 2, SI_ORDER_ANY, ucom_uninit, NULL); +SYSUNINIT(ucom_uninit, SI_SUB_KLD - 3, SI_ORDER_ANY, ucom_uninit, NULL); /* * Mark a unit number (the X in cuaUX) as in use. Modified: releng/9.3/sys/dev/usb/serial/usb_serial.h ============================================================================== --- releng/9.3/sys/dev/usb/serial/usb_serial.h Thu Jul 3 13:21:00 2014 (r268213) +++ releng/9.3/sys/dev/usb/serial/usb_serial.h Thu Jul 3 13:49:43 2014 (r268214) @@ -195,7 +195,7 @@ struct ucom_softc { #define UCOM_MTX_LOCK(sc) mtx_lock((sc)->sc_mtx) #define UCOM_MTX_UNLOCK(sc) mtx_unlock((sc)->sc_mtx) #define UCOM_UNLOAD_DRAIN(x) \ -SYSUNINIT(var, SI_SUB_KLD - 3, SI_ORDER_ANY, ucom_drain_all, 0) +SYSUNINIT(var, SI_SUB_KLD - 2, SI_ORDER_ANY, ucom_drain_all, 0) #define ucom_cfg_do_request(udev,com,req,ptr,flags,timo) \ usbd_do_request_proc(udev,&(com)->sc_super->sc_tq,req,ptr,flags,NULL,timo) From owner-svn-src-releng@FreeBSD.ORG Thu Jul 3 16:26:37 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id CFFDDEF; Thu, 3 Jul 2014 16:26:37 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B0F682B62; Thu, 3 Jul 2014 16:26:37 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s63GQbmw044226; Thu, 3 Jul 2014 16:26:37 GMT (envelope-from ume@svn.freebsd.org) Received: (from ume@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s63GQbBR044225; Thu, 3 Jul 2014 16:26:37 GMT (envelope-from ume@svn.freebsd.org) Message-Id: <201407031626.s63GQbBR044225@svn.freebsd.org> From: Hajimu UMEMOTO Date: Thu, 3 Jul 2014 16:26:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268220 - releng/9.3/lib/libc/net X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 16:26:38 -0000 Author: ume Date: Thu Jul 3 16:26:37 2014 New Revision: 268220 URL: http://svnweb.freebsd.org/changeset/base/268220 Log: MFS r268218 (MFC r267912, r267915): - Exclude loopback address rather than loopback interface. - style(9) Spotted by: melifaro Approved by: re (gjb) Modified: releng/9.3/lib/libc/net/getaddrinfo.c Directory Properties: releng/9.3/lib/libc/ (props changed) Modified: releng/9.3/lib/libc/net/getaddrinfo.c ============================================================================== --- releng/9.3/lib/libc/net/getaddrinfo.c Thu Jul 3 16:13:44 2014 (r268219) +++ releng/9.3/lib/libc/net/getaddrinfo.c Thu Jul 3 16:26:37 2014 (r268220) @@ -1527,7 +1527,7 @@ find_afd(int af) } /* - * post-2553: AI_ADDRCONFIG check. Determines which address families are + * RFC 3493: AI_ADDRCONFIG check. Determines which address families are * configured on the local system and correlates with pai->ai_family value. * If an address family is not configured on the system, it will not be * queried for. For this purpose, loopback addresses are not considered @@ -1540,24 +1540,40 @@ static int addrconfig(struct addrinfo *pai) { struct ifaddrs *ifaddrs, *ifa; + struct sockaddr_in *sin; +#ifdef INET6 + struct sockaddr_in6 *sin6; +#endif int seen_inet = 0, seen_inet6 = 0; if (getifaddrs(&ifaddrs) != 0) - return 0; + return (0); for (ifa = ifaddrs; ifa != NULL; ifa = ifa->ifa_next) { if (ifa->ifa_addr == NULL || (ifa->ifa_flags & IFF_UP) == 0) continue; - if ((ifa->ifa_flags & IFT_LOOP) != 0) - continue; switch (ifa->ifa_addr->sa_family) { case AF_INET: + if (seen_inet) + continue; + sin = (struct sockaddr_in *)(ifa->ifa_addr); + if (IN_LOOPBACK(htonl(sin->sin_addr.s_addr))) + continue; seen_inet = 1; break; #ifdef INET6 case AF_INET6: - if (!seen_inet6 && !is_ifdisabled(ifa->ifa_name)) - seen_inet6 = 1; + if (seen_inet6) + continue; + sin6 = (struct sockaddr_in6 *)(ifa->ifa_addr); + if (IN6_IS_ADDR_LOOPBACK(&sin6->sin6_addr)) + continue; + if ((ifa->ifa_flags & IFT_LOOP) != 0 && + IN6_IS_ADDR_LINKLOCAL(&sin6->sin6_addr)) + continue; + if (is_ifdisabled(ifa->ifa_name)) + continue; + seen_inet6 = 1; break; #endif } @@ -1566,16 +1582,16 @@ addrconfig(struct addrinfo *pai) switch(pai->ai_family) { case AF_INET6: - return seen_inet6; + return (seen_inet6); case AF_INET: - return seen_inet; + return (seen_inet); case AF_UNSPEC: if (seen_inet == seen_inet6) - return seen_inet; + return (seen_inet); pai->ai_family = seen_inet ? AF_INET : AF_INET6; - return 1; + return (1); } - return 1; + return (1); } #ifdef INET6 @@ -1586,12 +1602,12 @@ is_ifdisabled(char *name) int fd; if ((fd = _socket(AF_INET6, SOCK_DGRAM, 0)) < 0) - return -1; + return (-1); memset(&nd, 0, sizeof(nd)); strlcpy(nd.ifname, name, sizeof(nd.ifname)); if (_ioctl(fd, SIOCGIFINFO_IN6, &nd) < 0) { _close(fd); - return -1; + return (-1); } _close(fd); return ((nd.ndi.flags & ND6_IFF_IFDISABLED) != 0); From owner-svn-src-releng@FreeBSD.ORG Thu Jul 3 17:42:29 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 40F94AAA; Thu, 3 Jul 2014 17:42:29 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2CD9622A3; Thu, 3 Jul 2014 17:42:29 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s63HgT0i083444; Thu, 3 Jul 2014 17:42:29 GMT (envelope-from hselasky@svn.freebsd.org) Received: (from hselasky@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s63HgR4o083426; Thu, 3 Jul 2014 17:42:27 GMT (envelope-from hselasky@svn.freebsd.org) Message-Id: <201407031742.s63HgR4o083426@svn.freebsd.org> From: Hans Petter Selasky Date: Thu, 3 Jul 2014 17:42:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268226 - in releng/9.3/sys/dev: firewire my nfe siba sis sk tx usb usb/net X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Jul 2014 17:42:29 -0000 Author: hselasky Date: Thu Jul 3 17:42:26 2014 New Revision: 268226 URL: http://svnweb.freebsd.org/changeset/base/268226 Log: MFC r268221 and r268222: - Remove some unused variables. - Add proper rangechecks in "axge_rx_frame()" function and fix receive loop header parsing. - Add new USB IDs. Approved by: re, gjb @ PR: 191432 Modified: releng/9.3/sys/dev/firewire/sbp.c releng/9.3/sys/dev/my/if_my.c releng/9.3/sys/dev/nfe/if_nfe.c releng/9.3/sys/dev/siba/siba_core.c releng/9.3/sys/dev/sis/if_sis.c releng/9.3/sys/dev/sk/if_sk.c releng/9.3/sys/dev/tx/if_tx.c releng/9.3/sys/dev/usb/net/if_axge.c releng/9.3/sys/dev/usb/net/if_axgereg.h releng/9.3/sys/dev/usb/usbdevs Directory Properties: releng/9.3/sys/ (props changed) Modified: releng/9.3/sys/dev/firewire/sbp.c ============================================================================== --- releng/9.3/sys/dev/firewire/sbp.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/firewire/sbp.c Thu Jul 3 17:42:26 2014 (r268226) @@ -2745,7 +2745,6 @@ sbp_dequeue_ocb(struct sbp_dev *sdev, st struct sbp_ocb *ocb; struct sbp_ocb *next; int s = splfw(), order = 0; - int flags; SBP_DEBUG(1) device_printf(sdev->target->sbp->fd.dev, @@ -2759,7 +2758,6 @@ END_DEBUG SBP_LOCK(sdev->target->sbp); for (ocb = STAILQ_FIRST(&sdev->ocbs); ocb != NULL; ocb = next) { next = STAILQ_NEXT(ocb, ocb); - flags = ocb->flags; if (OCB_MATCH(ocb, sbp_status)) { /* found */ STAILQ_REMOVE(&sdev->ocbs, ocb, sbp_ocb, ocb); Modified: releng/9.3/sys/dev/my/if_my.c ============================================================================== --- releng/9.3/sys/dev/my/if_my.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/my/if_my.c Thu Jul 3 17:42:26 2014 (r268226) @@ -657,10 +657,8 @@ static void my_setmode_mii(struct my_softc * sc, int media) { u_int16_t bmcr; - struct ifnet *ifp; MY_LOCK_ASSERT(sc); - ifp = sc->my_ifp; /* * If an autoneg session is in progress, stop it. */ Modified: releng/9.3/sys/dev/nfe/if_nfe.c ============================================================================== --- releng/9.3/sys/dev/nfe/if_nfe.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/nfe/if_nfe.c Thu Jul 3 17:42:26 2014 (r268226) @@ -1376,15 +1376,12 @@ nfe_free_rx_ring(struct nfe_softc *sc, s { struct nfe_rx_data *data; void *desc; - int i, descsize; + int i; - if (sc->nfe_flags & NFE_40BIT_ADDR) { + if (sc->nfe_flags & NFE_40BIT_ADDR) desc = ring->desc64; - descsize = sizeof (struct nfe_desc64); - } else { + else desc = ring->desc32; - descsize = sizeof (struct nfe_desc32); - } for (i = 0; i < NFE_RX_RING_COUNT; i++) { data = &ring->data[i]; Modified: releng/9.3/sys/dev/siba/siba_core.c ============================================================================== --- releng/9.3/sys/dev/siba/siba_core.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/siba/siba_core.c Thu Jul 3 17:42:26 2014 (r268226) @@ -1739,12 +1739,10 @@ static void siba_pcicore_init(struct siba_pci *spc) { struct siba_dev_softc *sd = spc->spc_dev; - struct siba_softc *siba; if (sd == NULL) return; - siba = sd->sd_bus; if (!siba_dev_isup_sub(sd)) siba_dev_up_sub(sd, 0); Modified: releng/9.3/sys/dev/sis/if_sis.c ============================================================================== --- releng/9.3/sys/dev/sis/if_sis.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/sis/if_sis.c Thu Jul 3 17:42:26 2014 (r268226) @@ -1617,11 +1617,9 @@ sis_tick(void *xsc) { struct sis_softc *sc; struct mii_data *mii; - struct ifnet *ifp; sc = xsc; SIS_LOCK_ASSERT(sc); - ifp = sc->sis_ifp; mii = device_get_softc(sc->sis_miibus); mii_tick(mii); Modified: releng/9.3/sys/dev/sk/if_sk.c ============================================================================== --- releng/9.3/sys/dev/sk/if_sk.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/sk/if_sk.c Thu Jul 3 17:42:26 2014 (r268226) @@ -2877,13 +2877,11 @@ static void sk_txeof(sc_if) struct sk_if_softc *sc_if; { - struct sk_softc *sc; struct sk_txdesc *txd; struct sk_tx_desc *cur_tx; struct ifnet *ifp; u_int32_t idx, sk_ctl; - sc = sc_if->sk_softc; ifp = sc_if->sk_ifp; txd = STAILQ_FIRST(&sc_if->sk_cdata.sk_txbusyq); Modified: releng/9.3/sys/dev/tx/if_tx.c ============================================================================== --- releng/9.3/sys/dev/tx/if_tx.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/tx/if_tx.c Thu Jul 3 17:42:26 2014 (r268226) @@ -1150,12 +1150,10 @@ epic_ifmedia_sts(struct ifnet *ifp, stru { epic_softc_t *sc; struct mii_data *mii; - struct ifmedia *ifm; sc = ifp->if_softc; mii = device_get_softc(sc->miibus); EPIC_LOCK(sc); - ifm = &mii->mii_media; /* Nothing should be selected if interface is down. */ if ((ifp->if_flags & IFF_UP) == 0) { Modified: releng/9.3/sys/dev/usb/net/if_axge.c ============================================================================== --- releng/9.3/sys/dev/usb/net/if_axge.c Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/usb/net/if_axge.c Thu Jul 3 17:42:26 2014 (r268226) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2013 Kevin Lo + * Copyright (c) 2013-2014 Kevin Lo * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -66,17 +66,22 @@ static const STRUCT_USB_HOST_ID axge_dev #define AXGE_DEV(v,p) { USB_VP(USB_VENDOR_##v, USB_PRODUCT_##v##_##p) } AXGE_DEV(ASIX, AX88178A), AXGE_DEV(ASIX, AX88179), - /* AXGE_DEV(SITECOMEU, LN032), */ + AXGE_DEV(DLINK, DUB1312), + AXGE_DEV(SITECOMEU, LN032), #undef AXGE_DEV }; static const struct { - unsigned char ctrl, timer_l, timer_h, size, ifg; -} AX88179_BULKIN_SIZE[] = { - {7, 0x4f, 0, 0x12, 0xff}, - {7, 0x20, 3, 0x16, 0xff}, - {7, 0xae, 7, 0x18, 0xff}, - {7, 0xcc, 0x4c, 0x18, 8}, + uint8_t ctrl; + uint8_t timer_l; + uint8_t timer_h; + uint8_t size; + uint8_t ifg; +} axge_bulk_size[] = { + { 7, 0x4f, 0x00, 0x12, 0xff }, + { 7, 0x20, 0x03, 0x16, 0xff }, + { 7, 0xae, 0x07, 0x18, 0xff }, + { 7, 0xcc, 0x4c, 0x18, 0x08 } }; /* prototypes */ @@ -104,10 +109,11 @@ static int axge_read_mem(struct axge_sof uint16_t, void *, int); static void axge_write_mem(struct axge_softc *, uint8_t, uint16_t, uint16_t, void *, int); +static uint8_t axge_read_cmd_1(struct axge_softc *, uint8_t, uint16_t); static uint16_t axge_read_cmd_2(struct axge_softc *, uint8_t, uint16_t, uint16_t); static void axge_write_cmd_1(struct axge_softc *, uint8_t, uint16_t, - uint16_t, uint8_t); + uint8_t); static void axge_write_cmd_2(struct axge_softc *, uint8_t, uint16_t, uint16_t, uint16_t); static void axge_chip_init(struct axge_softc *); @@ -117,9 +123,9 @@ static int axge_attach_post_sub(struct u static int axge_ifmedia_upd(struct ifnet *); static void axge_ifmedia_sts(struct ifnet *, struct ifmediareq *); static int axge_ioctl(struct ifnet *, u_long, caddr_t); -static int axge_rx_frame(struct usb_ether *, struct usb_page_cache *, int); -static int axge_rxeof(struct usb_ether *, struct usb_page_cache *, - unsigned int, unsigned int, struct axge_csum_hdr *); +static void axge_rx_frame(struct usb_ether *, struct usb_page_cache *, int); +static void axge_rxeof(struct usb_ether *, struct usb_page_cache *, + unsigned int, unsigned int, uint32_t); static void axge_csum_cfg(struct usb_ether *); #define AXGE_CSUM_FEATURES (CSUM_IP | CSUM_TCP | CSUM_UDP) @@ -138,7 +144,7 @@ static const struct usb_config axge_conf .endpoint = UE_ADDR_ANY, .direction = UE_DIR_OUT, .frames = 16, - .bufsize = 16 * (MCLBYTES + 16), + .bufsize = 16 * MCLBYTES, .flags = {.pipe_bof = 1,.force_short_xfer = 1,}, .callback = axge_bulk_write_callback, .timeout = 10000, /* 10 seconds */ @@ -233,6 +239,15 @@ axge_write_mem(struct axge_softc *sc, ui } } +static uint8_t +axge_read_cmd_1(struct axge_softc *sc, uint8_t cmd, uint16_t reg) +{ + uint8_t val; + + axge_read_mem(sc, cmd, 1, reg, &val, 1); + return (val); +} + static uint16_t axge_read_cmd_2(struct axge_softc *sc, uint8_t cmd, uint16_t index, uint16_t reg) @@ -244,10 +259,9 @@ axge_read_cmd_2(struct axge_softc *sc, u } static void -axge_write_cmd_1(struct axge_softc *sc, uint8_t cmd, uint16_t index, - uint16_t reg, uint8_t val) +axge_write_cmd_1(struct axge_softc *sc, uint8_t cmd, uint16_t reg, uint8_t val) { - axge_write_mem(sc, cmd, index, reg, &val, 1); + axge_write_mem(sc, cmd, 1, reg, &val, 1); } static void @@ -307,6 +321,7 @@ axge_miibus_statchg(device_t dev) struct axge_softc *sc; struct mii_data *mii; struct ifnet *ifp; + uint8_t link_status, tmp[5]; uint16_t val; int locked; @@ -339,26 +354,41 @@ axge_miibus_statchg(device_t dev) if ((sc->sc_flags & AXGE_FLAG_LINK) == 0) goto done; + link_status = axge_read_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_PLSR); + val = 0; if ((IFM_OPTIONS(mii->mii_media_active) & IFM_FDX) != 0) { - val |= AXGE_MEDIUM_FULL_DUPLEX; + val |= MSR_FD; if ((IFM_OPTIONS(mii->mii_media_active) & IFM_ETH_TXPAUSE) != 0) - val |= AXGE_MEDIUM_TXFLOW_CTRLEN; + val |= MSR_TFC; if ((IFM_OPTIONS(mii->mii_media_active) & IFM_ETH_RXPAUSE) != 0) - val |= AXGE_MEDIUM_RXFLOW_CTRLEN; + val |= MSR_RFC; } - val |= AXGE_MEDIUM_RECEIVE_EN | AXGE_MEDIUM_ALWAYS_ONE; + val |= MSR_RE; switch (IFM_SUBTYPE(mii->mii_media_active)) { case IFM_1000_T: - val |= AXGE_MEDIUM_GIGAMODE; + val |= MSR_GM | MSR_EN_125MHZ; + if (link_status & PLSR_USB_SS) + memcpy(tmp, &axge_bulk_size[0], 5); + else if (link_status & PLSR_USB_HS) + memcpy(tmp, &axge_bulk_size[1], 5); + else + memcpy(tmp, &axge_bulk_size[3], 5); + break; case IFM_100_TX: - val |= AXGE_MEDIUM_PS; + val |= MSR_PS; + if (link_status & (PLSR_USB_SS | PLSR_USB_HS)) + memcpy(tmp, &axge_bulk_size[2], 5); + else + memcpy(tmp, &axge_bulk_size[3], 5); + break; case IFM_10_T: - /* Doesn't need to be handled. */ + memcpy(tmp, &axge_bulk_size[3], 5); break; } - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_MEDIUM_STATUS_MODE, val); - + /* Rx bulk configuration. */ + axge_write_mem(sc, AXGE_ACCESS_MAC, 5, AXGE_RX_BULKIN_QCTRL, tmp, 5); + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_MSR, val); done: if (!locked) AXGE_UNLOCK(sc); @@ -368,11 +398,10 @@ static void axge_chip_init(struct axge_softc *sc) { /* Power up ethernet PHY. */ - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_PHYPWR_RSTCTL, 0); - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_PHYPWR_RSTCTL, - AXGE_PHYPWR_RSTCTL_IPRL); + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_EPPRCR, 0); + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_EPPRCR, EPPRCR_IPRL); uether_pause(&sc->sc_ue, hz / 4); - axge_write_cmd_1(sc, AXGE_ACCESS_MAC, 1, AXGE_CLK_SELECT, + axge_write_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_CLK_SELECT, AXGE_CLK_SELECT_ACS | AXGE_CLK_SELECT_BCS); uether_pause(&sc->sc_ue, hz / 10); } @@ -401,17 +430,13 @@ static void axge_attach_post(struct usb_ether *ue) { struct axge_softc *sc; - uint8_t tmp[5]; sc = uether_getsc(ue); sc->sc_phyno = 3; /* Initialize controller and get station address. */ axge_chip_init(sc); - - memcpy(tmp, &AX88179_BULKIN_SIZE[0], 5); - axge_read_mem(sc, AXGE_ACCESS_MAC, 5, AXGE_RX_BULKIN_QCTRL, tmp, 5); - axge_read_mem(sc, AXGE_ACCESS_MAC, ETHER_ADDR_LEN, AXGE_NODE_ID, + axge_read_mem(sc, AXGE_ACCESS_MAC, ETHER_ADDR_LEN, AXGE_NIDR, ue->ue_eaddr, ETHER_ADDR_LEN); } @@ -439,7 +464,7 @@ axge_attach_post_sub(struct usb_ether *u mtx_lock(&Giant); error = mii_attach(ue->ue_dev, &ue->ue_miibus, ifp, uether_ifmedia_upd, ue->ue_methods->ue_mii_sts, - BMSR_DEFCAPMASK, sc->sc_phyno, MII_OFFSET_ANY, 0); + BMSR_DEFCAPMASK, sc->sc_phyno, MII_OFFSET_ANY, MIIF_DOPAUSE); mtx_unlock(&Giant); return (error); @@ -608,9 +633,7 @@ axge_bulk_write_callback(struct usb_xfer struct usb_page_cache *pc; struct mbuf *m; uint32_t txhdr; - uint32_t txhdr2; - int nframes; - int frm_len; + int nframes, pos; sc = usbd_xfer_softc(xfer); ifp = uether_getifp(&sc->sc_ue); @@ -637,26 +660,18 @@ tr_setup: break; usbd_xfer_set_frame_offset(xfer, nframes * MCLBYTES, nframes); - frm_len = 0; + pos = 0; pc = usbd_xfer_get_frame(xfer, nframes); - - txhdr = m->m_pkthdr.len; - txhdr = htole32(txhdr); + txhdr = htole32(m->m_pkthdr.len); usbd_copy_in(pc, 0, &txhdr, sizeof(txhdr)); - frm_len += sizeof(txhdr); - - txhdr2 = 0; - if ((m->m_pkthdr.len + sizeof(txhdr) + sizeof(txhdr2)) % - usbd_xfer_max_framelen(xfer) == 0) { - txhdr2 |= 0x80008000; - } - txhdr2 = htole32(txhdr2); - usbd_copy_in(pc, frm_len, &txhdr2, sizeof(txhdr2)); - frm_len += sizeof(txhdr2); - - /* Next copy in the actual packet. */ - usbd_m_copy_in(pc, frm_len, m, 0, m->m_pkthdr.len); - frm_len += m->m_pkthdr.len; + txhdr = 0; + txhdr = htole32(txhdr); + usbd_copy_in(pc, 4, &txhdr, sizeof(txhdr)); + pos += 8; + usbd_m_copy_in(pc, pos, m, 0, m->m_pkthdr.len); + pos += m->m_pkthdr.len; + if ((pos % usbd_xfer_max_framelen(xfer)) == 0) + txhdr |= 0x80008000; /* * XXX @@ -678,7 +693,7 @@ tr_setup: m_freem(m); /* Set frame length. */ - usbd_xfer_set_frame_len(xfer, nframes, frm_len); + usbd_xfer_set_frame_len(xfer, nframes, pos); } if (nframes != 0) { usbd_xfer_set_frames(xfer, nframes); @@ -733,13 +748,13 @@ axge_setmulti(struct usb_ether *ue) h = 0; AXGE_LOCK_ASSERT(sc, MA_OWNED); - rxmode = axge_read_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RX_CTL); + rxmode = axge_read_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RCR); if (ifp->if_flags & (IFF_ALLMULTI | IFF_PROMISC)) { - rxmode |= AXGE_RX_CTL_AMALL; - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RX_CTL, rxmode); + rxmode |= RCR_AMALL; + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RCR, rxmode); return; } - rxmode &= ~AXGE_RX_CTL_AMALL; + rxmode &= ~RCR_AMALL; if_maddr_rlock(ifp); TAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) { @@ -751,9 +766,8 @@ axge_setmulti(struct usb_ether *ue) } if_maddr_runlock(ifp); - axge_write_mem(sc, AXGE_ACCESS_MAC, 8, AXGE_MULTI_FILTER_ARRY, - (void *)&hashtbl, 8); - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RX_CTL, rxmode); + axge_write_mem(sc, AXGE_ACCESS_MAC, 8, AXGE_MFA, (void *)&hashtbl, 8); + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RCR, rxmode); } static void @@ -765,14 +779,14 @@ axge_setpromisc(struct usb_ether *ue) sc = uether_getsc(ue); ifp = uether_getifp(ue); - rxmode = axge_read_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RX_CTL); + rxmode = axge_read_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RCR); if (ifp->if_flags & IFF_PROMISC) - rxmode |= AXGE_RX_CTL_PRO; + rxmode |= RCR_PRO; else - rxmode &= ~AXGE_RX_CTL_PRO; + rxmode &= ~RCR_PRO; - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RX_CTL, rxmode); + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RCR, rxmode); axge_setmulti(ue); } @@ -811,27 +825,31 @@ axge_init(struct usb_ether *ue) axge_reset(sc); /* Set MAC address. */ - axge_write_mem(sc, AXGE_ACCESS_MAC, ETHER_ADDR_LEN, AXGE_NODE_ID, + axge_write_mem(sc, AXGE_ACCESS_MAC, ETHER_ADDR_LEN, AXGE_NIDR, IF_LLADDR(ifp), ETHER_ADDR_LEN); - axge_write_cmd_1(sc, AXGE_ACCESS_MAC, 1, AXGE_PAUSE_WATERLVL_LOW, 0x34); - axge_write_cmd_1(sc, AXGE_ACCESS_MAC, 1, AXGE_PAUSE_WATERLVL_HIGH, - 0x52); + axge_write_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_PWLLR, 0x34); + axge_write_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_PWLHR, 0x52); /* Configure TX/RX checksum offloading. */ axge_csum_cfg(ue); /* Configure RX settings. */ - rxmode = (AXGE_RX_CTL_IPE | AXGE_RX_CTL_AM | AXGE_RX_CTL_START); + rxmode = (RCR_AM | RCR_SO | RCR_DROP_CRCE); + if ((ifp->if_capenable & IFCAP_RXCSUM) != 0) + rxmode |= RCR_IPE; /* If we want promiscuous mode, set the allframes bit. */ if (ifp->if_flags & IFF_PROMISC) - rxmode |= AXGE_RX_CTL_PRO; + rxmode |= RCR_PRO; if (ifp->if_flags & IFF_BROADCAST) - rxmode |= AXGE_RX_CTL_AB; + rxmode |= RCR_AB; + + axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RCR, rxmode); - axge_write_cmd_2(sc, AXGE_ACCESS_MAC, 2, AXGE_RX_CTL, rxmode); + axge_write_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_MMSR, + MMSR_PME_TYPE | MMSR_PME_POL | MMSR_RWMP); /* Load the multicast filter. */ axge_setmulti(ue); @@ -907,53 +925,60 @@ axge_ioctl(struct ifnet *ifp, u_long cmd return (error); } -static int +static void axge_rx_frame(struct usb_ether *ue, struct usb_page_cache *pc, int actlen) { - struct axge_softc *sc; - struct axge_csum_hdr csum_hdr; - int error, len, pos; - int pkt_cnt; + uint32_t pos; + uint32_t pkt_cnt; uint32_t rxhdr; - uint16_t hdr_off; - uint16_t pktlen; + uint32_t pkt_hdr; + uint32_t hdr_off; + uint32_t pktlen; + + /* verify we have enough data */ + if (actlen < (int)sizeof(rxhdr)) + return; - sc = uether_getsc(ue); pos = 0; - len = 0; - error = 0; usbd_copy_out(pc, actlen - sizeof(rxhdr), &rxhdr, sizeof(rxhdr)); - actlen -= sizeof(rxhdr); rxhdr = le32toh(rxhdr); pkt_cnt = (uint16_t)rxhdr; hdr_off = (uint16_t)(rxhdr >> 16); - usbd_copy_out(pc, pos + hdr_off, &csum_hdr, sizeof(csum_hdr)); - csum_hdr.len = le16toh(csum_hdr.len); - csum_hdr.cstatus = le16toh(csum_hdr.cstatus); - while (pkt_cnt--) { - if (actlen <= sizeof(csum_hdr) + sizeof(struct ether_header)) { - error = EINVAL; + /* verify the header offset */ + if ((int)(hdr_off + sizeof(pkt_hdr)) > actlen) { + DPRINTF("End of packet headers\n"); break; } - pktlen = AXGE_CSUM_RXBYTES(csum_hdr.len); + if ((int)pos >= actlen) { + DPRINTF("Data position reached end\n"); + break; + } + usbd_copy_out(pc, hdr_off, &pkt_hdr, sizeof(pkt_hdr)); - if (pkt_cnt == 0) - /* Skip the 2-byte IP alignment header. */ - axge_rxeof(ue, pc, 2, pktlen - 2, &csum_hdr); + pkt_hdr = le32toh(pkt_hdr); + pktlen = (pkt_hdr >> 16) & 0x1fff; + if (pkt_hdr & (AXGE_RXHDR_CRC_ERR | AXGE_RXHDR_DROP_ERR)) { + DPRINTF("Dropped a packet\n"); + ue->ue_ifp->if_ierrors++; + } + if (pktlen >= 2 && (int)(pos + pktlen) <= actlen) { + axge_rxeof(ue, pc, pos + 2, pktlen - 2, pkt_hdr); + } else { + DPRINTF("Invalid packet pos=%d len=%d\n", + (int)pos, (int)pktlen); + } + pos += (pktlen + 7) & ~7; + hdr_off += sizeof(pkt_hdr); } - - if (error != 0) - ue->ue_ifp->if_ierrors++; - return (error); } -static int +static void axge_rxeof(struct usb_ether *ue, struct usb_page_cache *pc, - unsigned int offset, unsigned int len, struct axge_csum_hdr *csum_hdr) + unsigned int offset, unsigned int len, uint32_t pkt_hdr) { struct ifnet *ifp; struct mbuf *m; @@ -961,42 +986,34 @@ axge_rxeof(struct usb_ether *ue, struct ifp = ue->ue_ifp; if (len < ETHER_HDR_LEN || len > MCLBYTES - ETHER_ALIGN) { ifp->if_ierrors++; - return (EINVAL); + return; } m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); if (m == NULL) { ifp->if_iqdrops++; - return (ENOMEM); + return; } - m->m_len = m->m_pkthdr.len = MCLBYTES; + m->m_pkthdr.rcvif = ifp; + m->m_len = m->m_pkthdr.len = len + ETHER_ALIGN; m_adj(m, ETHER_ALIGN); usbd_copy_out(pc, offset, mtod(m, uint8_t *), len); ifp->if_ipackets++; - m->m_pkthdr.rcvif = ifp; - m->m_pkthdr.len = m->m_len = len; - - if (csum_hdr != NULL && - csum_hdr->cstatus & AXGE_CSUM_HDR_L3_TYPE_IPV4) { - if ((csum_hdr->cstatus & (AXGE_CSUM_HDR_L4_CSUM_ERR | - AXGE_RXHDR_L4CSUM_ERR)) == 0) { - m->m_pkthdr.csum_flags |= CSUM_IP_CHECKED | - CSUM_IP_VALID; - if ((csum_hdr->cstatus & AXGE_CSUM_HDR_L4_TYPE_MASK) == - AXGE_CSUM_HDR_L4_TYPE_TCP || - (csum_hdr->cstatus & AXGE_CSUM_HDR_L4_TYPE_MASK) == - AXGE_CSUM_HDR_L4_TYPE_UDP) { - m->m_pkthdr.csum_flags |= - CSUM_DATA_VALID | CSUM_PSEUDO_HDR; - m->m_pkthdr.csum_data = 0xffff; - } +#if 0 + if ((pkt_hdr & (AXGE_RXHDR_L4CSUM_ERR | AXGE_RXHDR_L3CSUM_ERR)) == 0) { + if ((pkt_hdr & AXGE_RXHDR_L4_TYPE_MASK) == + AXGE_RXHDR_L4_TYPE_TCP || + (pkt_hdr & AXGE_RXHDR_L4_TYPE_MASK) == + AXGE_RXHDR_L4_TYPE_UDP) { + m->m_pkthdr.csum_flags |= CSUM_DATA_VALID | + CSUM_PSEUDO_HDR | CSUM_IP_CHECKED | CSUM_IP_VALID; + m->m_pkthdr.csum_data = 0xffff; } } - +#endif _IF_ENQUEUE(&ue->ue_rxq, m); - return (0); } static void @@ -1012,12 +1029,11 @@ axge_csum_cfg(struct usb_ether *ue) csum = 0; if ((ifp->if_capenable & IFCAP_TXCSUM) != 0) - csum |= AXGE_TXCOE_IP | AXGE_TXCOE_TCP | AXGE_TXCOE_UDP; - axge_write_cmd_1(sc, AXGE_ACCESS_MAC, 1, AXGE_TXCOE_CTL, csum); + csum |= CTCR_IP | CTCR_TCP | CTCR_UDP; + axge_write_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_CTCR, csum); csum = 0; if ((ifp->if_capenable & IFCAP_RXCSUM) != 0) - csum |= AXGE_RXCOE_IP | AXGE_RXCOE_TCP | AXGE_RXCOE_UDP | - AXGE_RXCOE_ICMP | AXGE_RXCOE_IGMP; - axge_write_cmd_1(sc, AXGE_ACCESS_MAC, 1, AXGE_RXCOE_CTL, csum); + csum |= CRCR_IP | CRCR_TCP | CRCR_UDP; + axge_write_cmd_1(sc, AXGE_ACCESS_MAC, AXGE_CRCR, csum); } Modified: releng/9.3/sys/dev/usb/net/if_axgereg.h ============================================================================== --- releng/9.3/sys/dev/usb/net/if_axgereg.h Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/usb/net/if_axgereg.h Thu Jul 3 17:42:26 2014 (r268226) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2013 Kevin Lo + * Copyright (c) 2013-2014 Kevin Lo * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,13 +26,6 @@ * $FreeBSD$ */ -#define AX88179_PHY_ID 0x03 -#define AXGE_MCAST_FILTER_SIZE 8 -#define AXGE_MAXGE_MCAST 64 -#define AXGE_EEPROM_LEN 0x40 -#define AXGE_RX_CHECKSUM 1 -#define AXGE_TX_CHECKSUM 2 - #define AXGE_ACCESS_MAC 0x01 #define AXGE_ACCESS_PHY 0x02 #define AXGE_ACCESS_WAKEUP 0x03 @@ -43,74 +36,73 @@ #define AXGE_WRITE_EFUSE_DIS 0x0A #define AXGE_ACCESS_MFAB 0x10 -#define AXGE_LINK_STATUS 0x02 -#define AXGE_LINK_STATUS_USB_FS 0x01 -#define AXGE_LINK_STATUS_USB_HS 0x02 -#define AXGE_LINK_STATUS_USB_SS 0x04 - -#define AXGE_SROM_ADDR 0x07 -#define AXGE_SROM_DATA_LOW 0x08 -#define AXGE_SROM_DATA_HIGH 0x09 -#define AXGE_SROM_CMD 0x0a -#define AXGE_SROM_CMD_RD 0x04 /* EEprom read command */ -#define AXGE_SROM_CMD_WR 0x08 /* EEprom write command */ -#define AXGE_SROM_CMD_BUSY 0x10 /* EEprom access module busy */ - -#define AXGE_RX_CTL 0x0b -#define AXGE_RX_CTL_DROPCRCERR 0x0100 /* Drop CRC error packet */ -#define AXGE_RX_CTL_IPE 0x0200 /* 4-byte IP header alignment */ -#define AXGE_RX_CTL_TXPADCRC 0x0400 /* Csum value in rx header 3 */ -#define AXGE_RX_CTL_START 0x0080 /* Ethernet MAC start */ -#define AXGE_RX_CTL_AP 0x0020 /* Accept physical address from - multicast array */ -#define AXGE_RX_CTL_AM 0x0010 -#define AXGE_RX_CTL_AB 0x0008 -#define AXGE_RX_CTL_HA8B 0x0004 -#define AXGE_RX_CTL_AMALL 0x0002 /* Accept all multicast frames */ -#define AXGE_RX_CTL_PRO 0x0001 /* Promiscuous Mode */ -#define AXGE_RX_CTL_STOP 0x0000 /* Stop MAC */ - -#define AXGE_NODE_ID 0x10 -#define AXGE_MULTI_FILTER_ARRY 0x16 - -#define AXGE_MEDIUM_STATUS_MODE 0x22 -#define AXGE_MEDIUM_GIGAMODE 0x0001 -#define AXGE_MEDIUM_FULL_DUPLEX 0x0002 -#define AXGE_MEDIUM_ALWAYS_ONE 0x0004 -#define AXGE_MEDIUM_EN_125MHZ 0x0008 -#define AXGE_MEDIUM_RXFLOW_CTRLEN 0x0010 -#define AXGE_MEDIUM_TXFLOW_CTRLEN 0x0020 -#define AXGE_MEDIUM_RECEIVE_EN 0x0100 -#define AXGE_MEDIUM_PS 0x0200 -#define AXGE_MEDIUM_JUMBO_EN 0x8040 - -#define AXGE_MONITOR_MODE 0x24 -#define AXGE_MONITOR_MODE_RWLC 0x02 -#define AXGE_MONITOR_MODE_RWMP 0x04 -#define AXGE_MONITOR_MODE_RWWF 0x08 -#define AXGE_MONITOR_MODE_RW_FLAG 0x10 -#define AXGE_MONITOR_MODE_PMEPOL 0x20 -#define AXGE_MONITOR_MODE_PMETYPE 0x40 - -#define AXGE_GPIO_CTRL 0x25 -#define AXGE_GPIO_CTRL_GPIO3EN 0x80 -#define AXGE_GPIO_CTRL_GPIO2EN 0x40 -#define AXGE_GPIO_CTRL_GPIO1EN 0x20 - -#define AXGE_PHYPWR_RSTCTL 0x26 -#define AXGE_PHYPWR_RSTCTL_BZ 0x0010 -#define AXGE_PHYPWR_RSTCTL_IPRL 0x0020 -#define AXGE_PHYPWR_RSTCTL_AUTODETACH 0x1000 +/* Physical link status register */ +#define AXGE_PLSR 0x02 +#define PLSR_USB_FS 0x01 +#define PLSR_USB_HS 0x02 +#define PLSR_USB_SS 0x04 + +/* EEPROM address register */ +#define AXGE_EAR 0x07 + +/* EEPROM data low register */ +#define AXGE_EDLR 0x08 + +/* EEPROM data high register */ +#define AXGE_EDHR 0x09 + +/* EEPROM command register */ +#define AXGE_ECR 0x0a + +/* Rx control register */ +#define AXGE_RCR 0x0b +#define RCR_STOP 0x0000 +#define RCR_PRO 0x0001 +#define RCR_AMALL 0x0002 +#define RCR_AB 0x0008 +#define RCR_AM 0x0010 +#define RCR_AP 0x0020 +#define RCR_SO 0x0080 +#define RCR_DROP_CRCE 0x0100 +#define RCR_IPE 0x0200 +#define RCR_TX_CRC_PAD 0x0400 + +/* Node id register */ +#define AXGE_NIDR 0x10 + +/* Multicast filter array */ +#define AXGE_MFA 0x16 + +/* Medium status register */ +#define AXGE_MSR 0x22 +#define MSR_GM 0x0001 +#define MSR_FD 0x0002 +#define MSR_EN_125MHZ 0x0008 +#define MSR_RFC 0x0010 +#define MSR_TFC 0x0020 +#define MSR_RE 0x0100 +#define MSR_PS 0x0200 + +/* Monitor mode status register */ +#define AXGE_MMSR 0x24 +#define MMSR_RWLC 0x02 +#define MMSR_RWMP 0x04 +#define MMSR_RWWF 0x08 +#define MMSR_RW_FLAG 0x10 +#define MMSR_PME_POL 0x20 +#define MMSR_PME_TYPE 0x40 +#define MMSR_PME_IND 0x80 + +/* GPIO control/status register */ +#define AXGE_GPIOCR 0x25 + +/* Ethernet PHY power & reset control register */ +#define AXGE_EPPRCR 0x26 +#define EPPRCR_BZ 0x0010 +#define EPPRCR_IPRL 0x0020 +#define EPPRCR_AUTODETACH 0x1000 #define AXGE_RX_BULKIN_QCTRL 0x2e -#define AXGE_RX_BULKIN_QCTRL_TIME 0x01 -#define AXGE_RX_BULKIN_QCTRL_IFG 0x02 -#define AXGE_RX_BULKIN_QCTRL_SIZE 0x04 - -#define AXGE_RX_BULKIN_QTIMR_LOW 0x2f -#define AXGE_RX_BULKIN_QTIMR_HIGH 0x30 -#define AXGE_RX_BULKIN_QSIZE 0x31 -#define AXGE_RX_BULKIN_QIFG 0x32 #define AXGE_CLK_SELECT 0x33 #define AXGE_CLK_SELECT_BCS 0x01 @@ -118,75 +110,44 @@ #define AXGE_CLK_SELECT_ACSREQ 0x10 #define AXGE_CLK_SELECT_ULR 0x08 -#define AXGE_RXCOE_CTL 0x34 -#define AXGE_RXCOE_IP 0x01 -#define AXGE_RXCOE_TCP 0x02 -#define AXGE_RXCOE_UDP 0x04 -#define AXGE_RXCOE_ICMP 0x08 -#define AXGE_RXCOE_IGMP 0x10 -#define AXGE_RXCOE_TCPV6 0x20 -#define AXGE_RXCOE_UDPV6 0x40 -#define AXGE_RXCOE_ICMV6 0x80 - -#define AXGE_TXCOE_CTL 0x35 -#define AXGE_TXCOE_IP 0x01 -#define AXGE_TXCOE_TCP 0x02 -#define AXGE_TXCOE_UDP 0x04 -#define AXGE_TXCOE_ICMP 0x08 -#define AXGE_TXCOE_IGMP 0x10 -#define AXGE_TXCOE_TCPV6 0x20 -#define AXGE_TXCOE_UDPV6 0x40 -#define AXGE_TXCOE_ICMV6 0x80 +/* COE Rx control register */ +#define AXGE_CRCR 0x34 +#define CRCR_IP 0x01 +#define CRCR_TCP 0x02 +#define CRCR_UDP 0x04 +#define CRCR_ICMP 0x08 +#define CRCR_IGMP 0x10 +#define CRCR_TCPV6 0x20 +#define CRCR_UDPV6 0x40 +#define CRCR_ICMPV6 0x80 + +/* COE Tx control register */ +#define AXGE_CTCR 0x35 +#define CTCR_IP 0x01 +#define CTCR_TCP 0x02 +#define CTCR_UDP 0x04 +#define CTCR_ICMP 0x08 +#define CTCR_IGMP 0x10 +#define CTCR_TCPV6 0x20 +#define CTCR_UDPV6 0x40 +#define CTCR_ICMPV6 0x80 -#define AXGE_PAUSE_WATERLVL_HIGH 0x54 -#define AXGE_PAUSE_WATERLVL_LOW 0x55 +/* Pause water level high register */ +#define AXGE_PWLHR 0x54 -#define AXGE_EEP_EFUSE_CORRECT 0x00 -#define AX88179_EEPROM_MAGIC 0x17900b95 +/* Pause water level low register */ +#define AXGE_PWLLR 0x55 #define AXGE_CONFIG_IDX 0 /* config number 1 */ #define AXGE_IFACE_IDX 0 -#define AXGE_RXHDR_CRC_ERR 0x80000000 -#define AXGE_RXHDR_L4_ERR (1 << 8) -#define AXGE_RXHDR_L3_ERR (1 << 9) - -#define AXGE_RXHDR_L4_TYPE_ICMP 2 -#define AXGE_RXHDR_L4_TYPE_IGMP 3 -#define AXGE_RXHDR_L4_TYPE_TCMPV6 5 - -#define AXGE_RXHDR_L3_TYPE_IP 1 -#define AXGE_RXHDR_L3_TYPE_IPV6 2 - #define AXGE_RXHDR_L4_TYPE_MASK 0x1c +#define AXGE_RXHDR_L4CSUM_ERR 1 +#define AXGE_RXHDR_L3CSUM_ERR 2 #define AXGE_RXHDR_L4_TYPE_UDP 4 #define AXGE_RXHDR_L4_TYPE_TCP 16 -#define AXGE_RXHDR_L3CSUM_ERR 2 -#define AXGE_RXHDR_L4CSUM_ERR 1 -#define AXGE_RXHDR_CRC_ERR 0x80000000 -#define AXGE_RXHDR_DROP_ERR 0x40000000 - -struct axge_csum_hdr { - uint16_t cstatus; -#define AXGE_CSUM_HDR_L4_CSUM_ERR 0x0001 -#define AXGE_CSUM_HDR_L3_CSUM_ERR 0x0002 -#define AXGE_CSUM_HDR_L4_TYPE_UDP 0x0004 -#define AXGE_CSUM_HDR_L4_TYPE_ICMP 0x0008 -#define AXGE_CSUM_HDR_L4_TYPE_IGMP 0x000C -#define AXGE_CSUM_HDR_L4_TYPE_TCP 0x0010 -#define AXGE_CSUM_HDR_L4_TYPE_TCPV6 0x0014 -#define AXGE_CSUM_HDR_L4_TYPE_MASK 0x001C -#define AXGE_CSUM_HDR_L3_TYPE_IPV4 0x0020 -#define AXGE_CSUM_HDR_L3_TYPE_IPV6 0x0040 -#define AXGE_CSUM_HDR_VLAN_MASK 0x0700 - uint16_t len; -#define AXGE_CSUM_HDR_LEN_MASK 0x1FFF -#define AXGE_CSUM_HDR_CRC_ERR 0x2000 -#define AXGE_CSUM_HDR_MII_ERR 0x4000 -#define AXGE_CSUM_HDR_DROP 0x8000 -} __packed; - -#define AXGE_CSUM_RXBYTES(x) ((x) & AXGE_CSUM_HDR_LEN_MASK) +#define AXGE_RXHDR_CRC_ERR 0x20000000 +#define AXGE_RXHDR_DROP_ERR 0x80000000 #define GET_MII(sc) uether_getmii(&(sc)->sc_ue) Modified: releng/9.3/sys/dev/usb/usbdevs ============================================================================== --- releng/9.3/sys/dev/usb/usbdevs Thu Jul 3 17:37:51 2014 (r268225) +++ releng/9.3/sys/dev/usb/usbdevs Thu Jul 3 17:42:26 2014 (r268226) @@ -1614,6 +1614,7 @@ product DLINK DSB650TX 0x4002 10/100 Et product DLINK DSB650TX_PNA 0x4003 1/10/100 Ethernet product DLINK DSB650TX3 0x400b 10/100 Ethernet product DLINK DSB650TX2 0x4102 10/100 Ethernet +product DLINK DUB1312 0x4a00 10/100/1000 Ethernet product DLINK DSB650 0xabc1 10/100 Ethernet product DLINK DUBH7 0xf103 DUB-H7 USB 2.0 7-Port Hub product DLINK DWR510_CD 0xa805 DWR-510 CD-ROM Mode @@ -4091,6 +4092,7 @@ product SITECOMEU RT3072_6 0x004d RT3072 product SITECOMEU RTL8188CU_1 0x0052 RTL8188CU product SITECOMEU RTL8188CU_2 0x005c RTL8188CU product SITECOMEU RTL8192CU 0x0061 RTL8192CU +product SITECOMEU LN032 0x0072 LN-032 product SITECOMEU LN028 0x061c LN-028 product SITECOMEU WL113 0x9071 WL-113 product SITECOMEU ZD1211B 0x9075 ZD1211B From owner-svn-src-releng@FreeBSD.ORG Fri Jul 4 21:04:19 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E6EE5C88; Fri, 4 Jul 2014 21:04:19 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D41D921AF; Fri, 4 Jul 2014 21:04:19 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s64L4Ju1078074; Fri, 4 Jul 2014 21:04:19 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s64L4Jb1078073; Fri, 4 Jul 2014 21:04:19 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407042104.s64L4Jb1078073@svn.freebsd.org> From: Glen Barber Date: Fri, 4 Jul 2014 21:04:19 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268267 - releng/9.3/sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jul 2014 21:04:20 -0000 Author: gjb Date: Fri Jul 4 21:04:19 2014 New Revision: 268267 URL: http://svnweb.freebsd.org/changeset/base/268267 Log: Switch releng/9.3 to -RC3 as part of the 9.3-RELEASE cycle. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/sys/conf/newvers.sh Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Fri Jul 4 19:27:06 2014 (r268266) +++ releng/9.3/sys/conf/newvers.sh Fri Jul 4 21:04:19 2014 (r268267) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RC2" +BRANCH="RC3" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 16:21:22 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 523215FF; Tue, 8 Jul 2014 16:21:22 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 3EBB825C8; Tue, 8 Jul 2014 16:21:22 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68GLMLR060263; Tue, 8 Jul 2014 16:21:22 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68GLM1f060262; Tue, 8 Jul 2014 16:21:22 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407081621.s68GLM1f060262@svn.freebsd.org> From: Glen Barber Date: Tue, 8 Jul 2014 16:21:22 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268416 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 16:21:22 -0000 Author: gjb Date: Tue Jul 8 16:21:21 2014 New Revision: 268416 URL: http://svnweb.freebsd.org/changeset/base/268416 Log: Document r267911, send-pr(1) replaced with a stub instructing to use the Bugzilla interface. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 15:30:05 2014 (r268415) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 16:21:21 2014 (r268416) @@ -662,6 +662,13 @@ ends event collection after the specified number of seconds. + The &os; Project has migrated + from the GNATS bug tracking system + to Bugzilla. The &man.send-pr.1; + utility used for submitting problem reports has been replaced + with a stub shell script that instructs to use the Bugzilla + web interface. + &man.periodic.8; Scripts From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 16:32:01 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5CA869CA; Tue, 8 Jul 2014 16:32:01 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4631D26C8; Tue, 8 Jul 2014 16:32:01 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68GW15P065023; Tue, 8 Jul 2014 16:32:01 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68GW0CE065010; Tue, 8 Jul 2014 16:32:00 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407081632.s68GW0CE065010@svn.freebsd.org> From: Glen Barber Date: Tue, 8 Jul 2014 16:32:00 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268417 - in releng/9.3/release/doc: en_US.ISO8859-1/errata en_US.ISO8859-1/installation en_US.ISO8859-1/readme en_US.ISO8859-1/share/xml share/examples share/xml X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 16:32:01 -0000 Author: gjb Date: Tue Jul 8 16:31:59 2014 New Revision: 268417 URL: http://svnweb.freebsd.org/changeset/base/268417 Log: In errata/article.xml, update the document will be maintained until the EoL of the stable/9 branch. In share/xml/release.xsl update the recommended mailing list from -current to -stable. In share/examples/Makefile.relnotesng, update the branch name convention from CVS-style to SVN-style. In installation/article.xml: - Use descriptive text for the synching.html and the makeworld.html pages to fix how the URLs are displayed. - Remove a reference to 7.x. - Change a reference from 8.2-RELEASE to 8.4-RELEASE. In readme/article.xml: - Change the recommended mailing list from -current to -stable. - Replace send-pr(1) references to Bugzilla equivalents. - Note that send-pr(1) is a stub shell script now. - Use descriptive text in a link to fix the URL. In share/xml/release.ent: - Update release.type from 'snapshot' to 'release.' - Set IGNORE on release.type.snapshot, and INCLUDE on release.type.release. - Update release.manpath.freebsd to 9.3-RELEASE. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/errata/article.xml releng/9.3/release/doc/en_US.ISO8859-1/installation/article.xml releng/9.3/release/doc/en_US.ISO8859-1/readme/article.xml releng/9.3/release/doc/en_US.ISO8859-1/share/xml/release.xsl releng/9.3/release/doc/share/examples/Makefile.relnotesng releng/9.3/release/doc/share/xml/release.ent Modified: releng/9.3/release/doc/en_US.ISO8859-1/errata/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/errata/article.xml Tue Jul 8 16:21:21 2014 (r268416) +++ releng/9.3/release/doc/en_US.ISO8859-1/errata/article.xml Tue Jul 8 16:31:59 2014 (r268417) @@ -49,7 +49,7 @@ &os;. This errata document for &os; &release.current; - will be maintained until the release of &os; &release.next;. + will be maintained until the EoL of &os; &release.branch;. Modified: releng/9.3/release/doc/en_US.ISO8859-1/installation/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/installation/article.xml Tue Jul 8 16:21:21 2014 (r268416) +++ releng/9.3/release/doc/en_US.ISO8859-1/installation/article.xml Tue Jul 8 16:31:59 2014 (r268417) @@ -56,8 +56,8 @@ The procedure for doing a source code based update is described in - &url.books.handbook;/synching.html and - &url.books.handbook;/makeworld.html. + Synchronizing Source and + Rebuilding World. For SVN use the releng/9.3 branch which will be where any upcoming Security Advisories or Errata @@ -93,7 +93,7 @@ Due to changes in the way that &os; is packaged on the release media, two complications may arise in this process if - upgrading from FreeBSD 7.x or 8.x: + upgrading from FreeBSD 8.x: @@ -134,7 +134,7 @@ &prompt.root; freebsd-update install At this point, users of systems being upgraded from &os; - 8.2-RELEASE or earlier will be prompted by + 8.4-RELEASE or earlier will be prompted by &man.freebsd-update.8; to rebuild all third-party applications (e.g., ports installed from the ports tree) due to updates in system libraries. Modified: releng/9.3/release/doc/en_US.ISO8859-1/readme/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/readme/article.xml Tue Jul 8 16:21:21 2014 (r268416) +++ releng/9.3/release/doc/en_US.ISO8859-1/readme/article.xml Tue Jul 8 16:31:59 2014 (r268417) @@ -195,7 +195,7 @@ please send mail to the &a.questions;. If you're tracking the &release.branch; development efforts, you - must join the &a.current;, in order to + must join the &a.stable;, in order to keep abreast of recent developments and changes that may affect the way you use and maintain the system. @@ -235,22 +235,20 @@ problems you may find. Bug reports with attached fixes are of course even more welcome. - The preferred method to submit bug reports from a machine - with Internet mail connectivity is to use the &man.send-pr.1; - command. + The method to submit bug reports from a machine + with Internet mail connectivity is to use the Bugzilla web + interface. Problem Reports (PRs) submitted in this way will be filed and their progress tracked; the &os; developers will do their best to respond to all reported bugs as soon as - possible. A list - of all active PRs is available on the &os; Web site; - this list is useful to see what potential problems other users + possible. A search + interface of all active PRs is available; + this list is useful to find what potential problems other users have encountered. - Note that &man.send-pr.1; itself is a shell script that - should be easy to move even onto a non-&os; system. Using - this interface is highly preferred. If, for some reason, you - are unable to use &man.send-pr.1; to submit a bug report, you - can try to send it to the &a.bugs;. + Note that &man.send-pr.1; is a stub shell script, and + instructs to use the Bugzilla interface. For more information, Writing &os; Problem Reports, available on the &os; Web @@ -320,7 +318,7 @@ other copies are kept updated on the Internet and should be consulted as the current errata for this release. These other copies of the errata are located at - &url.base;/releases/ (as + the &os; releases page (as well as any sites which keep up-to-date mirrors of this location). Modified: releng/9.3/release/doc/en_US.ISO8859-1/share/xml/release.xsl ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/share/xml/release.xsl Tue Jul 8 16:21:21 2014 (r268416) +++ releng/9.3/release/doc/en_US.ISO8859-1/share/xml/release.xsl Tue Jul 8 16:31:59 2014 (r268417) @@ -18,7 +18,7 @@ contacting <questions@FreeBSD.org>.

All users of FreeBSD should - subscribe to the <current@FreeBSD.org> + subscribe to the <stable@FreeBSD.org> mailing list.

For questions about this documentation, Modified: releng/9.3/release/doc/share/examples/Makefile.relnotesng ============================================================================== --- releng/9.3/release/doc/share/examples/Makefile.relnotesng Tue Jul 8 16:21:21 2014 (r268416) +++ releng/9.3/release/doc/share/examples/Makefile.relnotesng Tue Jul 8 16:31:59 2014 (r268417) @@ -12,7 +12,7 @@ UNITEXTS= hardware readme relnotes errat IMAGEDIR= .imagedir RHOST= freefall.freebsd.org -RDIR= public_html/relnotes/RELENG_9 +RDIR= public_html/relnotes/releng/9.3 DOCDIR= ./release/doc LANG= en_US.ISO8859-1 Modified: releng/9.3/release/doc/share/xml/release.ent ============================================================================== --- releng/9.3/release/doc/share/xml/release.ent Tue Jul 8 16:21:21 2014 (r268416) +++ releng/9.3/release/doc/share/xml/release.ent Tue Jul 8 16:31:59 2014 (r268417) @@ -27,10 +27,10 @@ - + - - + + @@ -48,7 +48,7 @@ - + From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 19:44:33 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id ED1C94AC; Tue, 8 Jul 2014 19:44:32 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D82B02989; Tue, 8 Jul 2014 19:44:32 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68JiWsL054413; Tue, 8 Jul 2014 19:44:32 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68JiW63054412; Tue, 8 Jul 2014 19:44:32 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407081944.s68JiW63054412@svn.freebsd.org> From: Glen Barber Date: Tue, 8 Jul 2014 19:44:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268423 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 19:44:33 -0000 Author: gjb Date: Tue Jul 8 19:44:32 2014 New Revision: 268423 URL: http://svnweb.freebsd.org/changeset/base/268423 Log: Add a 'Ports and Packages' section to make note of several items of importance regarding Xorg and KMS. Submitted by: wblock (original) Reviewed by: kms, wblock Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 19:15:32 2014 (r268422) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 19:44:32 2014 (r268423) @@ -714,6 +714,82 @@ been updated to version 0.9.8za. + + Ports and Packages + + + Note to &os; desktop users: please read this section + carefully, especially before upgrading ports that + depend on Xorg. + + + In April 2014, the &os; Ports collection switched to a + newer version of Xorg that supports + KMS (Kernel Mode Setting). + + Users upgrading from earlier versions of &os; 9.x or + &os; 8.x should be aware of several things regarding + Xorg: + + + + + When applications are built from the &os; Ports + Collection or installed from the new_xorg + &man.pkg.8; repository, the newer, KMS-aware version of + Xorg is used. + + + + The KMS version of + Xorg does not switch back to + text mode after leaving the X desktop environment, and + the system console will not be visible. The new + &man.vt.4; console driver supports graphic consoles and + keeps the console visible after X has exited. The + &man.vt.4; driver must be compiled into the kernel. + A VT kernel configuration example + file is included in &release.current;, but is not + compiled or enabled by default. See &man.vt.4; and the + vt(4) wiki + page for additional information. + + + + The older Xorg that does + not support KMS can still be + installed from the latest upstream + &man.pkg.8; repository and the packages included on the + &release.current; DVD. + + However, it is important to note that some newer + applications require the newer + Xorg, and will not work with + the old version. The newer + Xorg is recommended, and + should be used unless not compatible with legacy + graphics cards. + + To continue using the old version of + Xorg when building from the + &os; Ports Collection, set + WITHOUT_NEW_XORG=yes in + &man.make.conf.5;. + + Packages for KDE4 are not + available in the default (latest) + &man.pkg.8; repository, however are available in the + new_xorg repository. See the announcement + email for details on how to use the + new_xorg repository. + + + + + Release Engineering and Integration From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 19:52:41 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id BC266BB8; Tue, 8 Jul 2014 19:52:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8FCB22AA7; Tue, 8 Jul 2014 19:52:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68Jqf6D059118; Tue, 8 Jul 2014 19:52:41 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68JqfYj059117; Tue, 8 Jul 2014 19:52:41 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407081952.s68JqfYj059117@svn.freebsd.org> From: Glen Barber Date: Tue, 8 Jul 2014 19:52:41 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268424 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 19:52:41 -0000 Author: gjb Date: Tue Jul 8 19:52:41 2014 New Revision: 268424 URL: http://svnweb.freebsd.org/changeset/base/268424 Log: Reorder the KDE4 entry so it does not follow how to continue using old Xorg. Requested by: wblock Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 19:44:32 2014 (r268423) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 19:52:41 2014 (r268424) @@ -758,6 +758,14 @@ + Packages for KDE4 are not + available in the default (latest) + &man.pkg.8; repository, however are available in the + new_xorg repository. See the announcement + email for details on how to use the + new_xorg repository. + The older Xorg that does not support KMS can still be installed from the latest upstream @@ -777,14 +785,6 @@ &os; Ports Collection, set WITHOUT_NEW_XORG=yes in &man.make.conf.5;. - - Packages for KDE4 are not - available in the default (latest) - &man.pkg.8; repository, however are available in the - new_xorg repository. See the announcement - email for details on how to use the - new_xorg repository. From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 19:55:45 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 41CD3182; Tue, 8 Jul 2014 19:55:45 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 2EAD72AEA; Tue, 8 Jul 2014 19:55:45 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68Jtjm7060074; Tue, 8 Jul 2014 19:55:45 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68JtjqE060073; Tue, 8 Jul 2014 19:55:45 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407081955.s68JtjqE060073@svn.freebsd.org> From: Glen Barber Date: Tue, 8 Jul 2014 19:55:45 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268425 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 19:55:45 -0000 Author: gjb Date: Tue Jul 8 19:55:44 2014 New Revision: 268425 URL: http://svnweb.freebsd.org/changeset/base/268425 Log: Remove incorrect (for this branch) entry regarding r262124. Submitted by: José María Alcaide (via -stable@) Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 19:52:41 2014 (r268424) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 19:55:44 2014 (r268425) @@ -541,12 +541,6 @@ numeric parameters to a flag as being treated as additional flags has been fixed. - The default number of &man.nfsd.8; - threads has been increased from 4 to - (8 * N), where N is - the number of CPUs as reported by - sysctl -n hw.ncpu. - The &man.pciconf.8; utility now has a -V flag, which lists information such as serial numbers for each device. From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 20:00:40 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from hub.FreeBSD.org (hub.freebsd.org [IPv6:2001:1900:2254:206c::16:88]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7F8BA452; Tue, 8 Jul 2014 20:00:39 +0000 (UTC) Date: Tue, 8 Jul 2014 16:00:36 -0400 From: Glen Barber To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: Re: svn commit: r268423 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes Message-ID: <20140708200036.GL1216@hub.FreeBSD.org> References: <201407081944.s68JiW63054412@svn.freebsd.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="qwymS7QpGZeA8tRa" Content-Disposition: inline In-Reply-To: <201407081944.s68JiW63054412@svn.freebsd.org> X-Operating-System: FreeBSD 11.0-CURRENT amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 20:00:40 -0000 --qwymS7QpGZeA8tRa Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 08, 2014 at 07:44:32PM +0000, Glen Barber wrote: > Author: gjb > Date: Tue Jul 8 19:44:32 2014 > New Revision: 268423 > URL: http://svnweb.freebsd.org/changeset/base/268423 >=20 > Log: > Add a 'Ports and Packages' section to make note of > several items of importance regarding Xorg and KMS. > =20 > Submitted by: wblock (original) > Reviewed by: kms, wblock s/kms/kwm/ Sigh. Glen --qwymS7QpGZeA8tRa Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJTvE3kAAoJELls3eqvi17QN5AQAJFyHneihVbDOnJCgznyeCSR JiZLnOxDajp2uBcAgyq0tppnlqBAURKHI1/qsH0d8QQQ+Zy4A2Tmaj8FIAhi7Xds ypHnUpiacUVvdXZ7AallutF6KYUC6q51+ojC+zyJXhB6M4pw7tQqGLKE6BPu8C1O jJnGzKFHaLLZbCz6ZjQ3agZvWTSyjLJ7YZ+9zMpgFe8xBkxi2wblAEbm2ncoXxOA euBFypTCc35GuZURuw8KZYzvD/52i5StR2L7yr+31dBIikxOD/eOQA73/dEX2hWv oRRx1kPOndDJsulmBvGUkAAx4pgukLcLOf2N6O5qO/rT92kBnoeTWhCbgiz/rIs5 n3U5+dDSGd2QpUHzQJRa+yxLMBXEvFFbk4XF8i2Cd0zd2EhlN4KDwW3pgVdcgPdE 0O/yEo/dxKy1w9GEW56bc25esL478GDkhgHOVwOJgavkTKsJyq6FAdJZDUFGHW5H 73O/7ELcwqHsvmFZusVJTQHKW+XkXF4hjHb+zHsMfRMaPffBvTiMSXImtooiCyav dG1S9iZIQTXofUnimiZMSO3Rb0620DsPKKX5u8KKc+kmC/g4EXCwFk0UsCxKrbIQ mqfLZJ3+GFbSQj72K1sZUOCOeL1sg7wlBQBCAAJZqwEuw+9x0Va/l5xKI4LyEN9i k9Zsq6gjd4hFvUAVgjYQ =j/uO -----END PGP SIGNATURE----- --qwymS7QpGZeA8tRa-- From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 21:55:04 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 15CCE794; Tue, 8 Jul 2014 21:55:04 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EC6D825E7; Tue, 8 Jul 2014 21:55:03 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68Lt3vh019251; Tue, 8 Jul 2014 21:55:03 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68Lt3hS019244; Tue, 8 Jul 2014 21:55:03 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201407082155.s68Lt3hS019244@svn.freebsd.org> From: Xin LI Date: Tue, 8 Jul 2014 21:55:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268433 - in releng/9.3/sys: kern netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 21:55:04 -0000 Author: delphij Date: Tue Jul 8 21:55:02 2014 New Revision: 268433 URL: http://svnweb.freebsd.org/changeset/base/268433 Log: Fix kernel memory disclosure in control message and SCTP notifications. Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: re (implicit) Modified: releng/9.3/sys/kern/uipc_sockbuf.c releng/9.3/sys/netinet/sctp_auth.c releng/9.3/sys/netinet/sctp_indata.c releng/9.3/sys/netinet/sctputil.c Modified: releng/9.3/sys/kern/uipc_sockbuf.c ============================================================================== --- releng/9.3/sys/kern/uipc_sockbuf.c Tue Jul 8 21:54:50 2014 (r268432) +++ releng/9.3/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:02 2014 (r268433) @@ -1045,6 +1045,11 @@ sbcreatecontrol(caddr_t p, int size, int m->m_len = 0; KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m), ("sbcreatecontrol: short mbuf")); + /* + * Don't leave the padding between the msg header and the + * cmsg data and the padding after the cmsg data un-initialized. + */ + bzero(cp, CMSG_SPACE((u_int)size)); if (p != NULL) (void)memcpy(CMSG_DATA(cp), p, size); m->m_len = CMSG_SPACE(size); Modified: releng/9.3/sys/netinet/sctp_auth.c ============================================================================== --- releng/9.3/sys/netinet/sctp_auth.c Tue Jul 8 21:54:50 2014 (r268432) +++ releng/9.3/sys/netinet/sctp_auth.c Tue Jul 8 21:55:02 2014 (r268433) @@ -1790,6 +1790,7 @@ sctp_notify_authentication(struct sctp_t SCTP_BUF_LEN(m_notify) = 0; auth = mtod(m_notify, struct sctp_authkey_event *); + memset(auth, 0, sizeof(struct sctp_authkey_event)); auth->auth_type = SCTP_AUTHENTICATION_EVENT; auth->auth_flags = 0; auth->auth_length = sizeof(*auth); Modified: releng/9.3/sys/netinet/sctp_indata.c ============================================================================== --- releng/9.3/sys/netinet/sctp_indata.c Tue Jul 8 21:54:50 2014 (r268432) +++ releng/9.3/sys/netinet/sctp_indata.c Tue Jul 8 21:55:02 2014 (r268433) @@ -250,6 +250,11 @@ sctp_build_ctl_nchunk(struct sctp_inpcb /* We need a CMSG header followed by the struct */ cmh = mtod(ret, struct cmsghdr *); + /* + * Make sure that there is no un-initialized padding between the + * cmsg header and cmsg data and after the cmsg data. + */ + memset(cmh, 0, len); if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) { cmh->cmsg_level = IPPROTO_SCTP; cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo)); Modified: releng/9.3/sys/netinet/sctputil.c ============================================================================== --- releng/9.3/sys/netinet/sctputil.c Tue Jul 8 21:54:50 2014 (r268432) +++ releng/9.3/sys/netinet/sctputil.c Tue Jul 8 21:55:02 2014 (r268433) @@ -2622,6 +2622,7 @@ sctp_notify_assoc_change(uint16_t state, } SCTP_BUF_NEXT(m_notify) = NULL; sac = mtod(m_notify, struct sctp_assoc_change *); + memset(sac, 0, notif_len); sac->sac_type = SCTP_ASSOC_CHANGE; sac->sac_flags = 0; sac->sac_length = sizeof(struct sctp_assoc_change); @@ -2835,21 +2836,21 @@ sctp_notify_send_failed(struct sctp_tcb if (m_notify == NULL) /* no space left */ return; - length += chk->send_size; - length -= sizeof(struct sctp_data_chunk); SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; if (sent) { ssfe->ssfe_flags = SCTP_DATA_SENT; } else { ssfe->ssfe_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = chk->rec.data.stream_number; ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; ssfe->ssfe_info.snd_ppid = chk->rec.data.payloadtype; @@ -2859,12 +2860,15 @@ sctp_notify_send_failed(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; if (sent) { ssf->ssf_flags = SCTP_DATA_SENT; } else { ssf->ssf_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ @@ -2948,16 +2952,16 @@ sctp_notify_send_failed2(struct sctp_tcb /* no space left */ return; } - length += sp->length; SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; ssfe->ssfe_flags = SCTP_DATA_UNSENT; + length += sp->length; ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = sp->stream; if (sp->some_taken) { ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; @@ -2971,12 +2975,13 @@ sctp_notify_send_failed2(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; ssf->ssf_flags = SCTP_DATA_UNSENT; + length += sp->length; ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); ssf->ssf_info.sinfo_stream = sp->stream; ssf->ssf_info.sinfo_ssn = 0; if (sp->some_taken) { @@ -3038,6 +3043,7 @@ sctp_notify_adaptation_layer(struct sctp return; SCTP_BUF_LEN(m_notify) = 0; sai = mtod(m_notify, struct sctp_adaptation_event *); + memset(sai, 0, sizeof(struct sctp_adaptation_event)); sai->sai_type = SCTP_ADAPTATION_INDICATION; sai->sai_flags = 0; sai->sai_length = sizeof(struct sctp_adaptation_event); @@ -3093,6 +3099,7 @@ sctp_notify_partial_delivery_indication( return; SCTP_BUF_LEN(m_notify) = 0; pdapi = mtod(m_notify, struct sctp_pdapi_event *); + memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; pdapi->pdapi_flags = 0; pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); @@ -3202,6 +3209,7 @@ sctp_notify_shutdown_event(struct sctp_t /* no space left */ return; sse = mtod(m_notify, struct sctp_shutdown_event *); + memset(sse, 0, sizeof(struct sctp_shutdown_event)); sse->sse_type = SCTP_SHUTDOWN_EVENT; sse->sse_flags = 0; sse->sse_length = sizeof(struct sctp_shutdown_event); @@ -3252,6 +3260,7 @@ sctp_notify_sender_dry_event(struct sctp } SCTP_BUF_LEN(m_notify) = 0; event = mtod(m_notify, struct sctp_sender_dry_event *); + memset(event, 0, sizeof(struct sctp_sender_dry_event)); event->sender_dry_type = SCTP_SENDER_DRY_EVENT; event->sender_dry_flags = 0; event->sender_dry_length = sizeof(struct sctp_sender_dry_event); @@ -3284,7 +3293,6 @@ sctp_notify_stream_reset_add(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_stream_change_event *stradd; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { @@ -3297,25 +3305,20 @@ sctp_notify_stream_reset_add(struct sctp return; } stcb->asoc.peer_req_out = 0; - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_stream_change_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } stradd = mtod(m_notify, struct sctp_stream_change_event *); + memset(stradd, 0, sizeof(struct sctp_stream_change_event)); stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; stradd->strchange_flags = flag; - stradd->strchange_length = len; + stradd->strchange_length = sizeof(struct sctp_stream_change_event); stradd->strchange_assoc_id = sctp_get_associd(stcb); stradd->strchange_instrms = numberin; stradd->strchange_outstrms = numberout; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3346,32 +3349,26 @@ sctp_notify_stream_reset_tsn(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_assoc_reset_event *strasoc; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { /* event not enabled */ return; } - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_assoc_reset_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); + memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; strasoc->assocreset_flags = flag; - strasoc->assocreset_length = len; + strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); strasoc->assocreset_assoc_id = sctp_get_associd(stcb); strasoc->assocreset_local_tsn = sending_tsn; strasoc->assocreset_remote_tsn = recv_tsn; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3424,6 +3421,7 @@ sctp_notify_stream_reset(struct sctp_tcb return; } strreset = mtod(m_notify, struct sctp_stream_reset_event *); + memset(strreset, 0, len); strreset->strreset_type = SCTP_STREAM_RESET_EVENT; strreset->strreset_flags = flag; strreset->strreset_length = len; @@ -6236,9 +6234,12 @@ sctp_soreceive(struct socket *so, fromlen = 0; } + if (filling_sinfo) { + memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); + } error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); - if ((controlp) && (filling_sinfo)) { + if (controlp != NULL) { /* copy back the sinfo in a CMSG format */ if (filling_sinfo) *controlp = sctp_build_ctl_nchunk(inp, From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 21:55:32 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 0FC058C6; Tue, 8 Jul 2014 21:55:32 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id EDBC125EF; Tue, 8 Jul 2014 21:55:31 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68LtViN019383; Tue, 8 Jul 2014 21:55:31 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68LtS58019358; Tue, 8 Jul 2014 21:55:28 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201407082155.s68LtS58019358@svn.freebsd.org> From: Xin LI Date: Tue, 8 Jul 2014 21:55:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268434 - in releng: 10.0 10.0/sys/conf 10.0/sys/kern 10.0/sys/netinet 9.1 9.1/sys/conf 9.1/sys/kern 9.1/sys/netinet 9.2 9.2/sys/conf 9.2/sys/kern 9.2/sys/netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 21:55:32 -0000 Author: delphij Date: Tue Jul 8 21:55:27 2014 New Revision: 268434 URL: http://svnweb.freebsd.org/changeset/base/268434 Log: Fix kernel memory disclosure in control message and SCTP notifications. Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: so Modified: releng/10.0/UPDATING releng/10.0/sys/conf/newvers.sh releng/10.0/sys/kern/uipc_sockbuf.c releng/10.0/sys/netinet/sctp_auth.c releng/10.0/sys/netinet/sctp_indata.c releng/10.0/sys/netinet/sctputil.c releng/9.1/UPDATING releng/9.1/sys/conf/newvers.sh releng/9.1/sys/kern/uipc_sockbuf.c releng/9.1/sys/netinet/sctp_auth.c releng/9.1/sys/netinet/sctp_indata.c releng/9.1/sys/netinet/sctputil.c releng/9.2/UPDATING releng/9.2/sys/conf/newvers.sh releng/9.2/sys/kern/uipc_sockbuf.c releng/9.2/sys/netinet/sctp_auth.c releng/9.2/sys/netinet/sctp_indata.c releng/9.2/sys/netinet/sctputil.c Modified: releng/10.0/UPDATING ============================================================================== --- releng/10.0/UPDATING Tue Jul 8 21:55:02 2014 (r268433) +++ releng/10.0/UPDATING Tue Jul 8 21:55:27 2014 (r268434) @@ -16,6 +16,10 @@ from older versions of FreeBSD, try WITH stable/10, and then rebuild without this option. The bootstrap process from older version of current is a bit fragile. +20140708: p7 FreeBSD-SA-14:17.kmem + Fix kernel memory disclosure in control messages and SCTP + notifications. [SA-14:17] + 20140624: p6 FreeBSD-SA-14:15.iconv FreeBSD-SA-14:16.file FreeBSD-EN-14:07.pmap Modified: releng/10.0/sys/conf/newvers.sh ============================================================================== --- releng/10.0/sys/conf/newvers.sh Tue Jul 8 21:55:02 2014 (r268433) +++ releng/10.0/sys/conf/newvers.sh Tue Jul 8 21:55:27 2014 (r268434) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="10.0" -BRANCH="RELEASE-p6" +BRANCH="RELEASE-p7" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/10.0/sys/kern/uipc_sockbuf.c ============================================================================== --- releng/10.0/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/10.0/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:27 2014 (r268434) @@ -1044,6 +1044,11 @@ sbcreatecontrol(caddr_t p, int size, int m->m_len = 0; KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m), ("sbcreatecontrol: short mbuf")); + /* + * Don't leave the padding between the msg header and the + * cmsg data and the padding after the cmsg data un-initialized. + */ + bzero(cp, CMSG_SPACE((u_int)size)); if (p != NULL) (void)memcpy(CMSG_DATA(cp), p, size); m->m_len = CMSG_SPACE(size); Modified: releng/10.0/sys/netinet/sctp_auth.c ============================================================================== --- releng/10.0/sys/netinet/sctp_auth.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/10.0/sys/netinet/sctp_auth.c Tue Jul 8 21:55:27 2014 (r268434) @@ -1790,6 +1790,7 @@ sctp_notify_authentication(struct sctp_t SCTP_BUF_LEN(m_notify) = 0; auth = mtod(m_notify, struct sctp_authkey_event *); + memset(auth, 0, sizeof(struct sctp_authkey_event)); auth->auth_type = SCTP_AUTHENTICATION_EVENT; auth->auth_flags = 0; auth->auth_length = sizeof(*auth); Modified: releng/10.0/sys/netinet/sctp_indata.c ============================================================================== --- releng/10.0/sys/netinet/sctp_indata.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/10.0/sys/netinet/sctp_indata.c Tue Jul 8 21:55:27 2014 (r268434) @@ -250,6 +250,11 @@ sctp_build_ctl_nchunk(struct sctp_inpcb /* We need a CMSG header followed by the struct */ cmh = mtod(ret, struct cmsghdr *); + /* + * Make sure that there is no un-initialized padding between the + * cmsg header and cmsg data and after the cmsg data. + */ + memset(cmh, 0, len); if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) { cmh->cmsg_level = IPPROTO_SCTP; cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo)); Modified: releng/10.0/sys/netinet/sctputil.c ============================================================================== --- releng/10.0/sys/netinet/sctputil.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/10.0/sys/netinet/sctputil.c Tue Jul 8 21:55:27 2014 (r268434) @@ -2622,6 +2622,7 @@ sctp_notify_assoc_change(uint16_t state, } SCTP_BUF_NEXT(m_notify) = NULL; sac = mtod(m_notify, struct sctp_assoc_change *); + memset(sac, 0, notif_len); sac->sac_type = SCTP_ASSOC_CHANGE; sac->sac_flags = 0; sac->sac_length = sizeof(struct sctp_assoc_change); @@ -2835,21 +2836,21 @@ sctp_notify_send_failed(struct sctp_tcb if (m_notify == NULL) /* no space left */ return; - length += chk->send_size; - length -= sizeof(struct sctp_data_chunk); SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; if (sent) { ssfe->ssfe_flags = SCTP_DATA_SENT; } else { ssfe->ssfe_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = chk->rec.data.stream_number; ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; ssfe->ssfe_info.snd_ppid = chk->rec.data.payloadtype; @@ -2859,12 +2860,15 @@ sctp_notify_send_failed(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; if (sent) { ssf->ssf_flags = SCTP_DATA_SENT; } else { ssf->ssf_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ @@ -2948,16 +2952,16 @@ sctp_notify_send_failed2(struct sctp_tcb /* no space left */ return; } - length += sp->length; SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; ssfe->ssfe_flags = SCTP_DATA_UNSENT; + length += sp->length; ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = sp->stream; if (sp->some_taken) { ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; @@ -2971,12 +2975,13 @@ sctp_notify_send_failed2(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; ssf->ssf_flags = SCTP_DATA_UNSENT; + length += sp->length; ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); ssf->ssf_info.sinfo_stream = sp->stream; ssf->ssf_info.sinfo_ssn = 0; if (sp->some_taken) { @@ -3038,6 +3043,7 @@ sctp_notify_adaptation_layer(struct sctp return; SCTP_BUF_LEN(m_notify) = 0; sai = mtod(m_notify, struct sctp_adaptation_event *); + memset(sai, 0, sizeof(struct sctp_adaptation_event)); sai->sai_type = SCTP_ADAPTATION_INDICATION; sai->sai_flags = 0; sai->sai_length = sizeof(struct sctp_adaptation_event); @@ -3093,6 +3099,7 @@ sctp_notify_partial_delivery_indication( return; SCTP_BUF_LEN(m_notify) = 0; pdapi = mtod(m_notify, struct sctp_pdapi_event *); + memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; pdapi->pdapi_flags = 0; pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); @@ -3202,6 +3209,7 @@ sctp_notify_shutdown_event(struct sctp_t /* no space left */ return; sse = mtod(m_notify, struct sctp_shutdown_event *); + memset(sse, 0, sizeof(struct sctp_shutdown_event)); sse->sse_type = SCTP_SHUTDOWN_EVENT; sse->sse_flags = 0; sse->sse_length = sizeof(struct sctp_shutdown_event); @@ -3252,6 +3260,7 @@ sctp_notify_sender_dry_event(struct sctp } SCTP_BUF_LEN(m_notify) = 0; event = mtod(m_notify, struct sctp_sender_dry_event *); + memset(event, 0, sizeof(struct sctp_sender_dry_event)); event->sender_dry_type = SCTP_SENDER_DRY_EVENT; event->sender_dry_flags = 0; event->sender_dry_length = sizeof(struct sctp_sender_dry_event); @@ -3284,7 +3293,6 @@ sctp_notify_stream_reset_add(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_stream_change_event *stradd; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { @@ -3297,25 +3305,20 @@ sctp_notify_stream_reset_add(struct sctp return; } stcb->asoc.peer_req_out = 0; - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_NOWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_stream_change_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } stradd = mtod(m_notify, struct sctp_stream_change_event *); + memset(stradd, 0, sizeof(struct sctp_stream_change_event)); stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; stradd->strchange_flags = flag; - stradd->strchange_length = len; + stradd->strchange_length = sizeof(struct sctp_stream_change_event); stradd->strchange_assoc_id = sctp_get_associd(stcb); stradd->strchange_instrms = numberin; stradd->strchange_outstrms = numberout; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3346,32 +3349,26 @@ sctp_notify_stream_reset_tsn(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_assoc_reset_event *strasoc; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { /* event not enabled */ return; } - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_NOWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_NOWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_assoc_reset_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); + memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; strasoc->assocreset_flags = flag; - strasoc->assocreset_length = len; + strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); strasoc->assocreset_assoc_id = sctp_get_associd(stcb); strasoc->assocreset_local_tsn = sending_tsn; strasoc->assocreset_remote_tsn = recv_tsn; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3424,6 +3421,7 @@ sctp_notify_stream_reset(struct sctp_tcb return; } strreset = mtod(m_notify, struct sctp_stream_reset_event *); + memset(strreset, 0, len); strreset->strreset_type = SCTP_STREAM_RESET_EVENT; strreset->strreset_flags = flag; strreset->strreset_length = len; @@ -6214,9 +6212,12 @@ sctp_soreceive(struct socket *so, fromlen = 0; } + if (filling_sinfo) { + memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); + } error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); - if ((controlp) && (filling_sinfo)) { + if (controlp != NULL) { /* copy back the sinfo in a CMSG format */ if (filling_sinfo) *controlp = sctp_build_ctl_nchunk(inp, Modified: releng/9.1/UPDATING ============================================================================== --- releng/9.1/UPDATING Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.1/UPDATING Tue Jul 8 21:55:27 2014 (r268434) @@ -9,6 +9,10 @@ handbook. Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140708: p17 FreeBSD-SA-14:17.kmem + Fix kernel memory disclosure in control messages and SCTP + notifications. [SA-14:17] + 20140624: p16 FreeBSD-SA-14:16.file FreeBSD-EN-14:08.heimdal Modified: releng/9.1/sys/conf/newvers.sh ============================================================================== --- releng/9.1/sys/conf/newvers.sh Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.1/sys/conf/newvers.sh Tue Jul 8 21:55:27 2014 (r268434) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.1" -BRANCH="RELEASE-p16" +BRANCH="RELEASE-p17" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.1/sys/kern/uipc_sockbuf.c ============================================================================== --- releng/9.1/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.1/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:27 2014 (r268434) @@ -1011,6 +1011,11 @@ sbcreatecontrol(caddr_t p, int size, int m->m_len = 0; KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m), ("sbcreatecontrol: short mbuf")); + /* + * Don't leave the padding between the msg header and the + * cmsg data and the padding after the cmsg data un-initialized. + */ + bzero(cp, CMSG_SPACE((u_int)size)); if (p != NULL) (void)memcpy(CMSG_DATA(cp), p, size); m->m_len = CMSG_SPACE(size); Modified: releng/9.1/sys/netinet/sctp_auth.c ============================================================================== --- releng/9.1/sys/netinet/sctp_auth.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.1/sys/netinet/sctp_auth.c Tue Jul 8 21:55:27 2014 (r268434) @@ -1876,6 +1876,7 @@ sctp_notify_authentication(struct sctp_t SCTP_BUF_LEN(m_notify) = 0; auth = mtod(m_notify, struct sctp_authkey_event *); + memset(auth, 0, sizeof(struct sctp_authkey_event)); auth->auth_type = SCTP_AUTHENTICATION_EVENT; auth->auth_flags = 0; auth->auth_length = sizeof(*auth); Modified: releng/9.1/sys/netinet/sctp_indata.c ============================================================================== --- releng/9.1/sys/netinet/sctp_indata.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.1/sys/netinet/sctp_indata.c Tue Jul 8 21:55:27 2014 (r268434) @@ -250,6 +250,11 @@ sctp_build_ctl_nchunk(struct sctp_inpcb /* We need a CMSG header followed by the struct */ cmh = mtod(ret, struct cmsghdr *); + /* + * Make sure that there is no un-initialized padding between the + * cmsg header and cmsg data and after the cmsg data. + */ + memset(cmh, 0, len); if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) { cmh->cmsg_level = IPPROTO_SCTP; cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo)); Modified: releng/9.1/sys/netinet/sctputil.c ============================================================================== --- releng/9.1/sys/netinet/sctputil.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.1/sys/netinet/sctputil.c Tue Jul 8 21:55:27 2014 (r268434) @@ -2628,6 +2628,7 @@ sctp_notify_assoc_change(uint16_t state, } SCTP_BUF_NEXT(m_notify) = NULL; sac = mtod(m_notify, struct sctp_assoc_change *); + memset(sac, 0, notif_len); sac->sac_type = SCTP_ASSOC_CHANGE; sac->sac_flags = 0; sac->sac_length = sizeof(struct sctp_assoc_change); @@ -2834,21 +2835,21 @@ sctp_notify_send_failed(struct sctp_tcb if (m_notify == NULL) /* no space left */ return; - length += chk->send_size; - length -= sizeof(struct sctp_data_chunk); SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; if (sent) { ssfe->ssfe_flags = SCTP_DATA_SENT; } else { ssfe->ssfe_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = chk->rec.data.stream_number; ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; ssfe->ssfe_info.snd_ppid = chk->rec.data.payloadtype; @@ -2858,12 +2859,15 @@ sctp_notify_send_failed(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; if (sent) { ssf->ssf_flags = SCTP_DATA_SENT; } else { ssf->ssf_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ @@ -2947,16 +2951,16 @@ sctp_notify_send_failed2(struct sctp_tcb /* no space left */ return; } - length += sp->length; SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; ssfe->ssfe_flags = SCTP_DATA_UNSENT; + length += sp->length; ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = sp->stream; if (sp->some_taken) { ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; @@ -2970,12 +2974,13 @@ sctp_notify_send_failed2(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; ssf->ssf_flags = SCTP_DATA_UNSENT; + length += sp->length; ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); ssf->ssf_info.sinfo_stream = sp->stream; ssf->ssf_info.sinfo_ssn = sp->strseq; if (sp->some_taken) { @@ -3037,6 +3042,7 @@ sctp_notify_adaptation_layer(struct sctp return; SCTP_BUF_LEN(m_notify) = 0; sai = mtod(m_notify, struct sctp_adaptation_event *); + memset(sai, 0, sizeof(struct sctp_adaptation_event)); sai->sai_type = SCTP_ADAPTATION_INDICATION; sai->sai_flags = 0; sai->sai_length = sizeof(struct sctp_adaptation_event); @@ -3092,6 +3098,7 @@ sctp_notify_partial_delivery_indication( return; SCTP_BUF_LEN(m_notify) = 0; pdapi = mtod(m_notify, struct sctp_pdapi_event *); + memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; pdapi->pdapi_flags = 0; pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); @@ -3201,6 +3208,7 @@ sctp_notify_shutdown_event(struct sctp_t /* no space left */ return; sse = mtod(m_notify, struct sctp_shutdown_event *); + memset(sse, 0, sizeof(struct sctp_shutdown_event)); sse->sse_type = SCTP_SHUTDOWN_EVENT; sse->sse_flags = 0; sse->sse_length = sizeof(struct sctp_shutdown_event); @@ -3251,6 +3259,7 @@ sctp_notify_sender_dry_event(struct sctp } SCTP_BUF_LEN(m_notify) = 0; event = mtod(m_notify, struct sctp_sender_dry_event *); + memset(event, 0, sizeof(struct sctp_sender_dry_event)); event->sender_dry_type = SCTP_SENDER_DRY_EVENT; event->sender_dry_flags = 0; event->sender_dry_length = sizeof(struct sctp_sender_dry_event); @@ -3283,7 +3292,6 @@ sctp_notify_stream_reset_add(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_stream_change_event *stradd; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { @@ -3296,25 +3304,20 @@ sctp_notify_stream_reset_add(struct sctp return; } stcb->asoc.peer_req_out = 0; - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_stream_change_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } stradd = mtod(m_notify, struct sctp_stream_change_event *); + memset(stradd, 0, sizeof(struct sctp_stream_change_event)); stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; stradd->strchange_flags = flag; - stradd->strchange_length = len; + stradd->strchange_length = sizeof(struct sctp_stream_change_event); stradd->strchange_assoc_id = sctp_get_associd(stcb); stradd->strchange_instrms = numberin; stradd->strchange_outstrms = numberout; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3345,32 +3348,26 @@ sctp_notify_stream_reset_tsn(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_assoc_reset_event *strasoc; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { /* event not enabled */ return; } - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_assoc_reset_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); + memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; strasoc->assocreset_flags = flag; - strasoc->assocreset_length = len; + strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); strasoc->assocreset_assoc_id = sctp_get_associd(stcb); strasoc->assocreset_local_tsn = sending_tsn; strasoc->assocreset_remote_tsn = recv_tsn; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3423,6 +3420,7 @@ sctp_notify_stream_reset(struct sctp_tcb return; } strreset = mtod(m_notify, struct sctp_stream_reset_event *); + memset(strreset, 0, len); strreset->strreset_type = SCTP_STREAM_RESET_EVENT; strreset->strreset_flags = flag; strreset->strreset_length = len; @@ -6261,9 +6259,12 @@ sctp_soreceive(struct socket *so, fromlen = 0; } + if (filling_sinfo) { + memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); + } error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); - if ((controlp) && (filling_sinfo)) { + if (controlp != NULL) { /* copy back the sinfo in a CMSG format */ if (filling_sinfo) *controlp = sctp_build_ctl_nchunk(inp, Modified: releng/9.2/UPDATING ============================================================================== --- releng/9.2/UPDATING Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.2/UPDATING Tue Jul 8 21:55:27 2014 (r268434) @@ -11,6 +11,10 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140708: p10 FreeBSD-SA-14:17.kmem + Fix kernel memory disclosure in control messages and SCTP + notifications. [SA-14:17] + 20140624: p9 FreeBSD-SA-14:16.file FreeBSD-EN-14:08.heimdal Modified: releng/9.2/sys/conf/newvers.sh ============================================================================== --- releng/9.2/sys/conf/newvers.sh Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.2/sys/conf/newvers.sh Tue Jul 8 21:55:27 2014 (r268434) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.2" -BRANCH="RELEASE-p9" +BRANCH="RELEASE-p10" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/9.2/sys/kern/uipc_sockbuf.c ============================================================================== --- releng/9.2/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.2/sys/kern/uipc_sockbuf.c Tue Jul 8 21:55:27 2014 (r268434) @@ -1018,6 +1018,11 @@ sbcreatecontrol(caddr_t p, int size, int m->m_len = 0; KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m), ("sbcreatecontrol: short mbuf")); + /* + * Don't leave the padding between the msg header and the + * cmsg data and the padding after the cmsg data un-initialized. + */ + bzero(cp, CMSG_SPACE((u_int)size)); if (p != NULL) (void)memcpy(CMSG_DATA(cp), p, size); m->m_len = CMSG_SPACE(size); Modified: releng/9.2/sys/netinet/sctp_auth.c ============================================================================== --- releng/9.2/sys/netinet/sctp_auth.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.2/sys/netinet/sctp_auth.c Tue Jul 8 21:55:27 2014 (r268434) @@ -1876,6 +1876,7 @@ sctp_notify_authentication(struct sctp_t SCTP_BUF_LEN(m_notify) = 0; auth = mtod(m_notify, struct sctp_authkey_event *); + memset(auth, 0, sizeof(struct sctp_authkey_event)); auth->auth_type = SCTP_AUTHENTICATION_EVENT; auth->auth_flags = 0; auth->auth_length = sizeof(*auth); Modified: releng/9.2/sys/netinet/sctp_indata.c ============================================================================== --- releng/9.2/sys/netinet/sctp_indata.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.2/sys/netinet/sctp_indata.c Tue Jul 8 21:55:27 2014 (r268434) @@ -250,6 +250,11 @@ sctp_build_ctl_nchunk(struct sctp_inpcb /* We need a CMSG header followed by the struct */ cmh = mtod(ret, struct cmsghdr *); + /* + * Make sure that there is no un-initialized padding between the + * cmsg header and cmsg data and after the cmsg data. + */ + memset(cmh, 0, len); if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) { cmh->cmsg_level = IPPROTO_SCTP; cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo)); Modified: releng/9.2/sys/netinet/sctputil.c ============================================================================== --- releng/9.2/sys/netinet/sctputil.c Tue Jul 8 21:55:02 2014 (r268433) +++ releng/9.2/sys/netinet/sctputil.c Tue Jul 8 21:55:27 2014 (r268434) @@ -2622,6 +2622,7 @@ sctp_notify_assoc_change(uint16_t state, } SCTP_BUF_NEXT(m_notify) = NULL; sac = mtod(m_notify, struct sctp_assoc_change *); + memset(sac, 0, notif_len); sac->sac_type = SCTP_ASSOC_CHANGE; sac->sac_flags = 0; sac->sac_length = sizeof(struct sctp_assoc_change); @@ -2835,21 +2836,21 @@ sctp_notify_send_failed(struct sctp_tcb if (m_notify == NULL) /* no space left */ return; - length += chk->send_size; - length -= sizeof(struct sctp_data_chunk); SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; if (sent) { ssfe->ssfe_flags = SCTP_DATA_SENT; } else { ssfe->ssfe_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = chk->rec.data.stream_number; ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; ssfe->ssfe_info.snd_ppid = chk->rec.data.payloadtype; @@ -2859,12 +2860,15 @@ sctp_notify_send_failed(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; if (sent) { ssf->ssf_flags = SCTP_DATA_SENT; } else { ssf->ssf_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ @@ -2948,16 +2952,16 @@ sctp_notify_send_failed2(struct sctp_tcb /* no space left */ return; } - length += sp->length; SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; ssfe->ssfe_flags = SCTP_DATA_UNSENT; + length += sp->length; ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = sp->stream; if (sp->some_taken) { ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; @@ -2971,12 +2975,13 @@ sctp_notify_send_failed2(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; ssf->ssf_flags = SCTP_DATA_UNSENT; + length += sp->length; ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); ssf->ssf_info.sinfo_stream = sp->stream; ssf->ssf_info.sinfo_ssn = 0; if (sp->some_taken) { @@ -3038,6 +3043,7 @@ sctp_notify_adaptation_layer(struct sctp return; SCTP_BUF_LEN(m_notify) = 0; sai = mtod(m_notify, struct sctp_adaptation_event *); + memset(sai, 0, sizeof(struct sctp_adaptation_event)); sai->sai_type = SCTP_ADAPTATION_INDICATION; sai->sai_flags = 0; sai->sai_length = sizeof(struct sctp_adaptation_event); @@ -3093,6 +3099,7 @@ sctp_notify_partial_delivery_indication( return; SCTP_BUF_LEN(m_notify) = 0; pdapi = mtod(m_notify, struct sctp_pdapi_event *); + memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; pdapi->pdapi_flags = 0; pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); @@ -3202,6 +3209,7 @@ sctp_notify_shutdown_event(struct sctp_t /* no space left */ return; sse = mtod(m_notify, struct sctp_shutdown_event *); + memset(sse, 0, sizeof(struct sctp_shutdown_event)); sse->sse_type = SCTP_SHUTDOWN_EVENT; sse->sse_flags = 0; sse->sse_length = sizeof(struct sctp_shutdown_event); @@ -3252,6 +3260,7 @@ sctp_notify_sender_dry_event(struct sctp } SCTP_BUF_LEN(m_notify) = 0; event = mtod(m_notify, struct sctp_sender_dry_event *); + memset(event, 0, sizeof(struct sctp_sender_dry_event)); event->sender_dry_type = SCTP_SENDER_DRY_EVENT; event->sender_dry_flags = 0; event->sender_dry_length = sizeof(struct sctp_sender_dry_event); @@ -3284,7 +3293,6 @@ sctp_notify_stream_reset_add(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_stream_change_event *stradd; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { @@ -3297,25 +3305,20 @@ sctp_notify_stream_reset_add(struct sctp return; } stcb->asoc.peer_req_out = 0; - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_stream_change_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } stradd = mtod(m_notify, struct sctp_stream_change_event *); + memset(stradd, 0, sizeof(struct sctp_stream_change_event)); stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; stradd->strchange_flags = flag; - stradd->strchange_length = len; + stradd->strchange_length = sizeof(struct sctp_stream_change_event); stradd->strchange_assoc_id = sctp_get_associd(stcb); stradd->strchange_instrms = numberin; stradd->strchange_outstrms = numberout; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3346,32 +3349,26 @@ sctp_notify_stream_reset_tsn(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_assoc_reset_event *strasoc; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { /* event not enabled */ return; } - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_assoc_reset_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); + memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; strasoc->assocreset_flags = flag; - strasoc->assocreset_length = len; + strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); strasoc->assocreset_assoc_id = sctp_get_associd(stcb); strasoc->assocreset_local_tsn = sending_tsn; strasoc->assocreset_remote_tsn = recv_tsn; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3424,6 +3421,7 @@ sctp_notify_stream_reset(struct sctp_tcb return; } strreset = mtod(m_notify, struct sctp_stream_reset_event *); + memset(strreset, 0, len); strreset->strreset_type = SCTP_STREAM_RESET_EVENT; strreset->strreset_flags = flag; strreset->strreset_length = len; @@ -6215,9 +6213,12 @@ sctp_soreceive(struct socket *so, fromlen = 0; } + if (filling_sinfo) { + memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); + } error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); - if ((controlp) && (filling_sinfo)) { + if (controlp != NULL) { /* copy back the sinfo in a CMSG format */ if (filling_sinfo) *controlp = sctp_build_ctl_nchunk(inp, From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 21:55:41 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D16819FB; Tue, 8 Jul 2014 21:55:41 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id BC1CC25F2; Tue, 8 Jul 2014 21:55:41 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68Ltfb4019464; Tue, 8 Jul 2014 21:55:41 GMT (envelope-from delphij@svn.freebsd.org) Received: (from delphij@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68LtefT019457; Tue, 8 Jul 2014 21:55:40 GMT (envelope-from delphij@svn.freebsd.org) Message-Id: <201407082155.s68LtefT019457@svn.freebsd.org> From: Xin LI Date: Tue, 8 Jul 2014 21:55:40 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268435 - in releng/8.4: . etc/rc.d sys/conf sys/kern sys/netinet X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 21:55:42 -0000 Author: delphij Date: Tue Jul 8 21:55:39 2014 New Revision: 268435 URL: http://svnweb.freebsd.org/changeset/base/268435 Log: Fix kernel memory disclosure in control message and SCTP notifications. [SA-14:17] Fix jail fails to start if WITHOUT_INET/WITHOUT_INET6 is use. [EN-14:09] Security: FreeBSD-SA-14:17.kmem Security: CVE-2014-3952, CVE-2014-3953 Approved by: so Modified: releng/8.4/UPDATING releng/8.4/etc/rc.d/jail releng/8.4/sys/conf/newvers.sh releng/8.4/sys/kern/uipc_sockbuf.c releng/8.4/sys/netinet/sctp_auth.c releng/8.4/sys/netinet/sctp_indata.c releng/8.4/sys/netinet/sctputil.c Modified: releng/8.4/UPDATING ============================================================================== --- releng/8.4/UPDATING Tue Jul 8 21:55:27 2014 (r268434) +++ releng/8.4/UPDATING Tue Jul 8 21:55:39 2014 (r268435) @@ -15,6 +15,14 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 8. debugging tools present in HEAD were left in place because sun4v support still needs work to become production ready. +20140708: p14 FreeBSD-SA-14:17.kmem + FreeBSD-EN-14:09.jail + Fix kernel memory disclosure in control messages and SCTP + notifications. [SA-14:17] + + Fix jail fails to start if WITHOUT_INET/WITHOUT_INET6 is use. + [EN-14:09] + 20140624: p13 FreeBSD-SA-14:16.file FreeBSD-EN-14:08.heimdal Modified: releng/8.4/etc/rc.d/jail ============================================================================== --- releng/8.4/etc/rc.d/jail Tue Jul 8 21:55:27 2014 (r268434) +++ releng/8.4/etc/rc.d/jail Tue Jul 8 21:55:39 2014 (r268435) @@ -647,7 +647,9 @@ jail_start() done eval ${_setfib} jail -n ${_jail} ${_flags} -i -c path=${_rootdir} host.hostname=${_hostname} \ - ip4.addr=\"${_addrl}\" ip6.addr=\"${_addr6l}\" ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 + ${_addrl:+ip4.addr=\"${_addrl}\"} ${_addr6l:+ip6.addr=\"${_addr6l}\"} \ + ${_parameters} command=${_exec_start} > ${_tmp_jail} 2>&1 \ + m_len = 0; KASSERT(CMSG_SPACE((u_int)size) <= M_TRAILINGSPACE(m), ("sbcreatecontrol: short mbuf")); + /* + * Don't leave the padding between the msg header and the + * cmsg data and the padding after the cmsg data un-initialized. + */ + bzero(cp, CMSG_SPACE((u_int)size)); if (p != NULL) (void)memcpy(CMSG_DATA(cp), p, size); m->m_len = CMSG_SPACE(size); Modified: releng/8.4/sys/netinet/sctp_auth.c ============================================================================== --- releng/8.4/sys/netinet/sctp_auth.c Tue Jul 8 21:55:27 2014 (r268434) +++ releng/8.4/sys/netinet/sctp_auth.c Tue Jul 8 21:55:39 2014 (r268435) @@ -1876,6 +1876,7 @@ sctp_notify_authentication(struct sctp_t SCTP_BUF_LEN(m_notify) = 0; auth = mtod(m_notify, struct sctp_authkey_event *); + memset(auth, 0, sizeof(struct sctp_authkey_event)); auth->auth_type = SCTP_AUTHENTICATION_EVENT; auth->auth_flags = 0; auth->auth_length = sizeof(*auth); Modified: releng/8.4/sys/netinet/sctp_indata.c ============================================================================== --- releng/8.4/sys/netinet/sctp_indata.c Tue Jul 8 21:55:27 2014 (r268434) +++ releng/8.4/sys/netinet/sctp_indata.c Tue Jul 8 21:55:39 2014 (r268435) @@ -250,6 +250,11 @@ sctp_build_ctl_nchunk(struct sctp_inpcb /* We need a CMSG header followed by the struct */ cmh = mtod(ret, struct cmsghdr *); + /* + * Make sure that there is no un-initialized padding between the + * cmsg header and cmsg data and after the cmsg data. + */ + memset(cmh, 0, len); if (sctp_is_feature_on(inp, SCTP_PCB_FLAGS_RECVRCVINFO)) { cmh->cmsg_level = IPPROTO_SCTP; cmh->cmsg_len = CMSG_LEN(sizeof(struct sctp_rcvinfo)); Modified: releng/8.4/sys/netinet/sctputil.c ============================================================================== --- releng/8.4/sys/netinet/sctputil.c Tue Jul 8 21:55:27 2014 (r268434) +++ releng/8.4/sys/netinet/sctputil.c Tue Jul 8 21:55:39 2014 (r268435) @@ -2622,6 +2622,7 @@ sctp_notify_assoc_change(uint16_t state, } SCTP_BUF_NEXT(m_notify) = NULL; sac = mtod(m_notify, struct sctp_assoc_change *); + memset(sac, 0, notif_len); sac->sac_type = SCTP_ASSOC_CHANGE; sac->sac_flags = 0; sac->sac_length = sizeof(struct sctp_assoc_change); @@ -2829,21 +2830,21 @@ sctp_notify_send_failed(struct sctp_tcb if (m_notify == NULL) /* no space left */ return; - length += chk->send_size; - length -= sizeof(struct sctp_data_chunk); SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; if (sent) { ssfe->ssfe_flags = SCTP_DATA_SENT; } else { ssfe->ssfe_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = chk->rec.data.stream_number; ssfe->ssfe_info.snd_flags = chk->rec.data.rcv_flags; ssfe->ssfe_info.snd_ppid = chk->rec.data.payloadtype; @@ -2853,12 +2854,15 @@ sctp_notify_send_failed(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; if (sent) { ssf->ssf_flags = SCTP_DATA_SENT; } else { ssf->ssf_flags = SCTP_DATA_UNSENT; } + length += chk->send_size; + length -= sizeof(struct sctp_data_chunk); ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ @@ -2942,16 +2946,16 @@ sctp_notify_send_failed2(struct sctp_tcb /* no space left */ return; } - length += sp->length; SCTP_BUF_LEN(m_notify) = 0; if (sctp_stcb_is_feature_on(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_RECVNSENDFAILEVNT)) { ssfe = mtod(m_notify, struct sctp_send_failed_event *); + memset(ssfe, 0, length); ssfe->ssfe_type = SCTP_SEND_FAILED_EVENT; ssfe->ssfe_flags = SCTP_DATA_UNSENT; + length += sp->length; ssfe->ssfe_length = length; ssfe->ssfe_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssfe->ssfe_info, sizeof(ssfe->ssfe_info)); ssfe->ssfe_info.snd_sid = sp->stream; if (sp->some_taken) { ssfe->ssfe_info.snd_flags = SCTP_DATA_LAST_FRAG; @@ -2965,12 +2969,13 @@ sctp_notify_send_failed2(struct sctp_tcb SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_send_failed_event); } else { ssf = mtod(m_notify, struct sctp_send_failed *); + memset(ssf, 0, length); ssf->ssf_type = SCTP_SEND_FAILED; ssf->ssf_flags = SCTP_DATA_UNSENT; + length += sp->length; ssf->ssf_length = length; ssf->ssf_error = error; /* not exactly what the user sent in, but should be close :) */ - bzero(&ssf->ssf_info, sizeof(ssf->ssf_info)); ssf->ssf_info.sinfo_stream = sp->stream; ssf->ssf_info.sinfo_ssn = 0; if (sp->some_taken) { @@ -3032,6 +3037,7 @@ sctp_notify_adaptation_layer(struct sctp return; SCTP_BUF_LEN(m_notify) = 0; sai = mtod(m_notify, struct sctp_adaptation_event *); + memset(sai, 0, sizeof(struct sctp_adaptation_event)); sai->sai_type = SCTP_ADAPTATION_INDICATION; sai->sai_flags = 0; sai->sai_length = sizeof(struct sctp_adaptation_event); @@ -3087,6 +3093,7 @@ sctp_notify_partial_delivery_indication( return; SCTP_BUF_LEN(m_notify) = 0; pdapi = mtod(m_notify, struct sctp_pdapi_event *); + memset(pdapi, 0, sizeof(struct sctp_pdapi_event)); pdapi->pdapi_type = SCTP_PARTIAL_DELIVERY_EVENT; pdapi->pdapi_flags = 0; pdapi->pdapi_length = sizeof(struct sctp_pdapi_event); @@ -3196,6 +3203,7 @@ sctp_notify_shutdown_event(struct sctp_t /* no space left */ return; sse = mtod(m_notify, struct sctp_shutdown_event *); + memset(sse, 0, sizeof(struct sctp_shutdown_event)); sse->sse_type = SCTP_SHUTDOWN_EVENT; sse->sse_flags = 0; sse->sse_length = sizeof(struct sctp_shutdown_event); @@ -3246,6 +3254,7 @@ sctp_notify_sender_dry_event(struct sctp } SCTP_BUF_LEN(m_notify) = 0; event = mtod(m_notify, struct sctp_sender_dry_event *); + memset(event, 0, sizeof(struct sctp_sender_dry_event)); event->sender_dry_type = SCTP_SENDER_DRY_EVENT; event->sender_dry_flags = 0; event->sender_dry_length = sizeof(struct sctp_sender_dry_event); @@ -3278,7 +3287,6 @@ sctp_notify_stream_reset_add(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_stream_change_event *stradd; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_STREAM_CHANGEEVNT))) { @@ -3291,25 +3299,20 @@ sctp_notify_stream_reset_add(struct sctp return; } stcb->asoc.peer_req_out = 0; - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_stream_change_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_stream_change_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } stradd = mtod(m_notify, struct sctp_stream_change_event *); + memset(stradd, 0, sizeof(struct sctp_stream_change_event)); stradd->strchange_type = SCTP_STREAM_CHANGE_EVENT; stradd->strchange_flags = flag; - stradd->strchange_length = len; + stradd->strchange_length = sizeof(struct sctp_stream_change_event); stradd->strchange_assoc_id = sctp_get_associd(stcb); stradd->strchange_instrms = numberin; stradd->strchange_outstrms = numberout; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_stream_change_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3340,32 +3343,26 @@ sctp_notify_stream_reset_tsn(struct sctp struct mbuf *m_notify; struct sctp_queued_to_read *control; struct sctp_assoc_reset_event *strasoc; - int len; if ((stcb == NULL) || (sctp_stcb_is_feature_off(stcb->sctp_ep, stcb, SCTP_PCB_FLAGS_ASSOC_RESETEVNT))) { /* event not enabled */ return; } - m_notify = sctp_get_mbuf_for_msg(MCLBYTES, 0, M_DONTWAIT, 1, MT_DATA); + m_notify = sctp_get_mbuf_for_msg(sizeof(struct sctp_assoc_reset_event), 0, M_DONTWAIT, 1, MT_DATA); if (m_notify == NULL) /* no space left */ return; SCTP_BUF_LEN(m_notify) = 0; - len = sizeof(struct sctp_assoc_reset_event); - if (len > M_TRAILINGSPACE(m_notify)) { - /* never enough room */ - sctp_m_freem(m_notify); - return; - } strasoc = mtod(m_notify, struct sctp_assoc_reset_event *); + memset(strasoc, 0, sizeof(struct sctp_assoc_reset_event)); strasoc->assocreset_type = SCTP_ASSOC_RESET_EVENT; strasoc->assocreset_flags = flag; - strasoc->assocreset_length = len; + strasoc->assocreset_length = sizeof(struct sctp_assoc_reset_event); strasoc->assocreset_assoc_id = sctp_get_associd(stcb); strasoc->assocreset_local_tsn = sending_tsn; strasoc->assocreset_remote_tsn = recv_tsn; - SCTP_BUF_LEN(m_notify) = len; + SCTP_BUF_LEN(m_notify) = sizeof(struct sctp_assoc_reset_event); SCTP_BUF_NEXT(m_notify) = NULL; if (sctp_sbspace(&stcb->asoc, &stcb->sctp_socket->so_rcv) < SCTP_BUF_LEN(m_notify)) { /* no space */ @@ -3418,6 +3415,7 @@ sctp_notify_stream_reset(struct sctp_tcb return; } strreset = mtod(m_notify, struct sctp_stream_reset_event *); + memset(strreset, 0, len); strreset->strreset_type = SCTP_STREAM_RESET_EVENT; strreset->strreset_flags = flag; strreset->strreset_length = len; @@ -6209,9 +6207,12 @@ sctp_soreceive(struct socket *so, fromlen = 0; } + if (filling_sinfo) { + memset(&sinfo, 0, sizeof(struct sctp_extrcvinfo)); + } error = sctp_sorecvmsg(so, uio, mp0, from, fromlen, flagsp, (struct sctp_sndrcvinfo *)&sinfo, filling_sinfo); - if ((controlp) && (filling_sinfo)) { + if (controlp != NULL) { /* copy back the sinfo in a CMSG format */ if (filling_sinfo) *controlp = sctp_build_ctl_nchunk(inp, From owner-svn-src-releng@FreeBSD.ORG Tue Jul 8 22:54:12 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id EDCEAC5D; Tue, 8 Jul 2014 22:54:12 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DAD3C2EE3; Tue, 8 Jul 2014 22:54:12 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s68MsCWf091966; Tue, 8 Jul 2014 22:54:12 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s68MsCVK091953; Tue, 8 Jul 2014 22:54:12 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407082254.s68MsCVK091953@svn.freebsd.org> From: Glen Barber Date: Tue, 8 Jul 2014 22:54:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268438 - releng/9.3/release/doc/en_US.ISO8859-1/relnotes X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jul 2014 22:54:13 -0000 Author: gjb Date: Tue Jul 8 22:54:11 2014 New Revision: 268438 URL: http://svnweb.freebsd.org/changeset/base/268438 Log: Document FreeBSD-SA-14:17.kmem Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Modified: releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 22:27:50 2014 (r268437) +++ releng/9.3/release/doc/en_US.ISO8859-1/relnotes/article.xml Tue Jul 8 22:54:11 2014 (r268438) @@ -188,6 +188,13 @@ 24 June 2014 Multiple vulnerabilities + + + FreeBSD-SA-14:17.kmem + 8 July 2014 + Kernel memory disclosure in control + messages and SCTP notifications + From owner-svn-src-releng@FreeBSD.ORG Thu Jul 10 21:51:38 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 031F5D0B; Thu, 10 Jul 2014 21:51:38 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E567A28C5; Thu, 10 Jul 2014 21:51:37 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6ALpbCV036783; Thu, 10 Jul 2014 21:51:37 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6ALpbUc036782; Thu, 10 Jul 2014 21:51:37 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407102151.s6ALpbUc036782@svn.freebsd.org> From: Glen Barber Date: Thu, 10 Jul 2014 21:51:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268510 - releng/9.3 X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 21:51:38 -0000 Author: gjb Date: Thu Jul 10 21:51:37 2014 New Revision: 268510 URL: http://svnweb.freebsd.org/changeset/base/268510 Log: Anticipate when we will announce 9.3-RELEASE. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/UPDATING Modified: releng/9.3/UPDATING ============================================================================== --- releng/9.3/UPDATING Thu Jul 10 21:46:57 2014 (r268509) +++ releng/9.3/UPDATING Thu Jul 10 21:51:37 2014 (r268510) @@ -11,6 +11,9 @@ handbook: Items affecting the ports and packages system can be found in /usr/ports/UPDATING. Please read that file before running portupgrade. +20140716: + 9.3-RELEASE. + 20140608: On i386 and amd64 systems, the onifconsole flag is now set by default in /etc/ttys for ttyu0. This causes ttyu0 to be automatically enabled From owner-svn-src-releng@FreeBSD.ORG Thu Jul 10 21:52:31 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DAB13E67; Thu, 10 Jul 2014 21:52:31 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C870F28E3; Thu, 10 Jul 2014 21:52:31 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6ALqV8n036959; Thu, 10 Jul 2014 21:52:31 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6ALqVM6036958; Thu, 10 Jul 2014 21:52:31 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407102152.s6ALqVM6036958@svn.freebsd.org> From: Glen Barber Date: Thu, 10 Jul 2014 21:52:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268511 - releng/9.3/lib/csu/common X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 21:52:31 -0000 Author: gjb Date: Thu Jul 10 21:52:31 2014 New Revision: 268511 URL: http://svnweb.freebsd.org/changeset/base/268511 Log: Set static abitag to the current value of __FreeBSD_version. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/lib/csu/common/crtbrand.c Modified: releng/9.3/lib/csu/common/crtbrand.c ============================================================================== --- releng/9.3/lib/csu/common/crtbrand.c Thu Jul 10 21:51:37 2014 (r268510) +++ releng/9.3/lib/csu/common/crtbrand.c Thu Jul 10 21:52:31 2014 (r268511) @@ -65,5 +65,5 @@ static const struct { sizeof(int32_t), ABI_NOTETYPE, ABI_VENDOR, - __FreeBSD_version + 903000 }; From owner-svn-src-releng@FreeBSD.ORG Thu Jul 10 21:53:55 2014 Return-Path: Delivered-To: svn-src-releng@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6D11BFD2; Thu, 10 Jul 2014 21:53:55 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5B3FF28FB; Thu, 10 Jul 2014 21:53:55 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s6ALrtgw037155; Thu, 10 Jul 2014 21:53:55 GMT (envelope-from gjb@svn.freebsd.org) Received: (from gjb@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s6ALrt3s037154; Thu, 10 Jul 2014 21:53:55 GMT (envelope-from gjb@svn.freebsd.org) Message-Id: <201407102153.s6ALrt3s037154@svn.freebsd.org> From: Glen Barber Date: Thu, 10 Jul 2014 21:53:55 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r268512 - releng/9.3/sys/conf X-SVN-Group: releng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jul 2014 21:53:55 -0000 Author: gjb Date: Thu Jul 10 21:53:54 2014 New Revision: 268512 URL: http://svnweb.freebsd.org/changeset/base/268512 Log: Update releng/9.3 to -RELEASE in preparation of starting 9.3-RELEASE builds. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/9.3/sys/conf/newvers.sh Modified: releng/9.3/sys/conf/newvers.sh ============================================================================== --- releng/9.3/sys/conf/newvers.sh Thu Jul 10 21:52:31 2014 (r268511) +++ releng/9.3/sys/conf/newvers.sh Thu Jul 10 21:53:54 2014 (r268512) @@ -32,7 +32,7 @@ TYPE="FreeBSD" REVISION="9.3" -BRANCH="RC3" +BRANCH="RELEASE" if [ "X${BRANCH_OVERRIDE}" != "X" ]; then BRANCH=${BRANCH_OVERRIDE} fi