From owner-svn-src-user@freebsd.org  Wed Mar 16 04:37:28 2016
Return-Path: <owner-svn-src-user@freebsd.org>
Delivered-To: svn-src-user@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3F150AD2C27
 for <svn-src-user@mailman.ysv.freebsd.org>;
 Wed, 16 Mar 2016 04:37:28 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 00E83FDB;
 Wed, 16 Mar 2016 04:37:27 +0000 (UTC)
 (envelope-from glebius@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u2G4bRoC015640;
 Wed, 16 Mar 2016 04:37:27 GMT (envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id u2G4bQJ4015634;
 Wed, 16 Mar 2016 04:37:26 GMT (envelope-from glebius@FreeBSD.org)
Message-Id: <201603160437.u2G4bQJ4015634@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: glebius set sender to
 glebius@FreeBSD.org using -f
From: Gleb Smirnoff <glebius@FreeBSD.org>
Date: Wed, 16 Mar 2016 04:37:26 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-user@freebsd.org
Subject: svn commit: r296928 - in user/cperciva/freebsd-update-build/patches:
 10.1-RELEASE 10.2-RELEASE 9.3-RELEASE
X-SVN-Group: user
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-user@freebsd.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "SVN commit messages for the experimental &quot; user&quot;
 src tree" <svn-src-user.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-user/>
List-Post: <mailto:svn-src-user@freebsd.org>
List-Help: <mailto:svn-src-user-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-user>,
 <mailto:svn-src-user-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Mar 2016 04:37:28 -0000

Author: glebius
Date: Wed Mar 16 04:37:26 2016
New Revision: 296928
URL: https://svnweb.freebsd.org/changeset/base/296928

Log:
  Two ENs on hyperv and an advisory on OpenSSH.

Added:
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv
  user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth
  user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv
  user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv
  user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth
  user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv	Wed Mar 16 04:37:26 2016	(r296928)
@@ -0,0 +1,48 @@
+--- sys/dev/hyperv/utilities/hv_kvp.c.orig
++++ sys/dev/hyperv/utilities/hv_kvp.c
+@@ -44,6 +44,7 @@
+ #include <sys/reboot.h>
+ #include <sys/lock.h>
+ #include <sys/taskqueue.h>
++#include <sys/selinfo.h>
+ #include <sys/sysctl.h>
+ #include <sys/poll.h>
+ #include <sys/proc.h>
+@@ -114,6 +115,8 @@
+ static struct hv_kvp_msg *hv_kvp_dev_buf;
+ struct proc *daemon_task;
+ 
++static struct selinfo hv_kvp_selinfo;
++
+ /*
+  * Global state to track and synchronize multiple
+  * KVP transaction requests from the host.
+@@ -628,6 +631,9 @@
+ 
+ 	/* Send the msg to user via function deamon_read - setting sema */
+ 	sema_post(&kvp_globals.dev_sema);
++
++	/* We should wake up the daemon, in case it's doing poll() */
++	selwakeup(&hv_kvp_selinfo);
+ }
+ 
+ 
+@@ -940,7 +946,7 @@
+  * for daemon to read.
+  */
+ static int
+-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td  __unused)
++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td)
+ {
+ 	int revents = 0;
+ 
+@@ -953,6 +959,9 @@
+ 	 */
+ 	if (kvp_globals.daemon_busy == true)
+ 		revents = POLLIN;
++	else
++		selrecord(td, &hv_kvp_selinfo);
++
+ 	mtx_unlock(&kvp_globals.pending_mutex);
+ 
+ 	return (revents);

Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth	Wed Mar 16 04:37:26 2016	(r296928)
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+ 
+ #include <arpa/inet.h>
+ 
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@
+ 	do_cleanup(authctxt);
+ }
+ 
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++	size_t i;
++
++	for (i = 0; s[i] != '\0'; i++) {
++		if (!isalnum((u_char)s[i]) &&
++		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++		    s[i] != '-' && s[i] != '_')
++		return 0;
++	}
++	return 1;
++}
++
+ /*
+  * Prepares for an interactive session.  This is called after the user has
+  * been successfully authenticated.  During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ 				s->screen = 0;
+ 			}
+ 			packet_check_eom();
+-			success = session_setup_x11fwd(s);
++			if (xauth_valid_string(s->auth_proto) &&
++			    xauth_valid_string(s->auth_data))
++				success = session_setup_x11fwd(s);
++			else {
++				success = 0;
++				error("Invalid X11 forwarding data");
++			}
+ 			if (!success) {
+ 				free(s->auth_proto);
+ 				free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ 	s->screen = packet_get_int();
+ 	packet_check_eom();
+ 
+-	success = session_setup_x11fwd(s);
++	if (xauth_valid_string(s->auth_proto) &&
++	    xauth_valid_string(s->auth_data))
++		success = session_setup_x11fwd(s);
++	else {
++		success = 0;
++		error("Invalid X11 forwarding data");
++	}
+ 	if (!success) {
+ 		free(s->auth_proto);
+ 		free(s->auth_data);

Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv	Wed Mar 16 04:37:26 2016	(r296928)
@@ -0,0 +1,48 @@
+--- sys/dev/hyperv/utilities/hv_kvp.c.orig
++++ sys/dev/hyperv/utilities/hv_kvp.c
+@@ -44,6 +44,7 @@
+ #include <sys/reboot.h>
+ #include <sys/lock.h>
+ #include <sys/taskqueue.h>
++#include <sys/selinfo.h>
+ #include <sys/sysctl.h>
+ #include <sys/poll.h>
+ #include <sys/proc.h>
+@@ -114,6 +115,8 @@
+ static struct hv_kvp_msg *hv_kvp_dev_buf;
+ struct proc *daemon_task;
+ 
++static struct selinfo hv_kvp_selinfo;
++
+ /*
+  * Global state to track and synchronize multiple
+  * KVP transaction requests from the host.
+@@ -628,6 +631,9 @@
+ 
+ 	/* Send the msg to user via function deamon_read - setting sema */
+ 	sema_post(&kvp_globals.dev_sema);
++
++	/* We should wake up the daemon, in case it's doing poll() */
++	selwakeup(&hv_kvp_selinfo);
+ }
+ 
+ 
+@@ -940,7 +946,7 @@
+  * for daemon to read.
+  */
+ static int
+-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td  __unused)
++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td)
+ {
+ 	int revents = 0;
+ 
+@@ -953,6 +959,9 @@
+ 	 */
+ 	if (kvp_globals.daemon_busy == true)
+ 		revents = POLLIN;
++	else
++		selrecord(td, &hv_kvp_selinfo);
++
+ 	mtx_unlock(&kvp_globals.pending_mutex);
+ 
+ 	return (revents);

Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv	Wed Mar 16 04:37:26 2016	(r296928)
@@ -0,0 +1,28 @@
+--- sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c.orig
++++ sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c
+@@ -128,6 +128,15 @@
+ #define HV_NV_SC_PTR_OFFSET_IN_BUF         0
+ #define HV_NV_PACKET_OFFSET_IN_BUF         16
+ 
++/*
++ * A unified flag for all outbound check sum flags is useful,
++ * and it helps avoiding unnecessary check sum calculation in
++ * network forwarding scenario.
++ */
++#define HV_CSUM_FOR_OUTBOUND						\
++    (CSUM_IP|CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP|CSUM_IP_TSO|		\
++    CSUM_IP_ISCSI|CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP|		\
++    CSUM_IP6_TSO|CSUM_IP6_ISCSI)
+ 
+ /*
+  * Data types
+@@ -570,7 +579,8 @@
+ 			    packet->vlan_tci & 0xfff;
+ 		}
+ 
+-		if (0 == m_head->m_pkthdr.csum_flags) {
++		/* Only check the flags for outbound and ignore the ones for inbound */
++		if (0 == (m_head->m_pkthdr.csum_flags & HV_CSUM_FOR_OUTBOUND)) {
+ 			goto pre_send;
+ 		}
+ 

Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth	Wed Mar 16 04:37:26 2016	(r296928)
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+ 
+ #include <arpa/inet.h>
+ 
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@
+ 	do_cleanup(authctxt);
+ }
+ 
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++	size_t i;
++
++	for (i = 0; s[i] != '\0'; i++) {
++		if (!isalnum((u_char)s[i]) &&
++		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++		    s[i] != '-' && s[i] != '_')
++		return 0;
++	}
++	return 1;
++}
++
+ /*
+  * Prepares for an interactive session.  This is called after the user has
+  * been successfully authenticated.  During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ 				s->screen = 0;
+ 			}
+ 			packet_check_eom();
+-			success = session_setup_x11fwd(s);
++			if (xauth_valid_string(s->auth_proto) &&
++			    xauth_valid_string(s->auth_data))
++				success = session_setup_x11fwd(s);
++			else {
++				success = 0;
++				error("Invalid X11 forwarding data");
++			}
+ 			if (!success) {
+ 				free(s->auth_proto);
+ 				free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ 	s->screen = packet_get_int();
+ 	packet_check_eom();
+ 
+-	success = session_setup_x11fwd(s);
++	if (xauth_valid_string(s->auth_proto) &&
++	    xauth_valid_string(s->auth_data))
++		success = session_setup_x11fwd(s);
++	else {
++		success = 0;
++		error("Invalid X11 forwarding data");
++	}
+ 	if (!success) {
+ 		free(s->auth_proto);
+ 		free(s->auth_data);

Added: user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth	Wed Mar 16 04:37:26 2016	(r296928)
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+ 
+ #include <arpa/inet.h>
+ 
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@
+ 	do_cleanup(authctxt);
+ }
+ 
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++	size_t i;
++
++	for (i = 0; s[i] != '\0'; i++) {
++		if (!isalnum((u_char)s[i]) &&
++		    s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++		    s[i] != '-' && s[i] != '_')
++		return 0;
++	}
++	return 1;
++}
++
+ /*
+  * Prepares for an interactive session.  This is called after the user has
+  * been successfully authenticated.  During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ 				s->screen = 0;
+ 			}
+ 			packet_check_eom();
+-			success = session_setup_x11fwd(s);
++			if (xauth_valid_string(s->auth_proto) &&
++			    xauth_valid_string(s->auth_data))
++				success = session_setup_x11fwd(s);
++			else {
++				success = 0;
++				error("Invalid X11 forwarding data");
++			}
+ 			if (!success) {
+ 				free(s->auth_proto);
+ 				free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ 	s->screen = packet_get_int();
+ 	packet_check_eom();
+ 
+-	success = session_setup_x11fwd(s);
++	if (xauth_valid_string(s->auth_proto) &&
++	    xauth_valid_string(s->auth_data))
++		success = session_setup_x11fwd(s);
++	else {
++		success = 0;
++		error("Invalid X11 forwarding data");
++	}
+ 	if (!success) {
+ 		free(s->auth_proto);
+ 		free(s->auth_data);