FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F10.3.0 2016-03-25T00:58:15Z 2016-03-25T00:58:15Z Marius Strobl marius@FreeBSD.org 2016-03-25T00:58:15Z urn:sha1:ec940dd917d08077aecc8fb87515cb92b4427b0e Approved by: re (implicit) 2016-03-14T13:05:13Z Dag-Erling Smørgrav des@FreeBSD.org 2016-03-14T13:05:13Z urn:sha1:2ef5a941ca44b7baf127b9877f7bde69488fa40f MFH (r296633): upgrade to 7.2p2 (fixes xauth command injection bug) MFH (r296634): re-add aes-cbc to server-side default cipher list MFH (r296651, r296657): fix gcc build of pam_ssh PR: 207679 Security: CVE-2016-3115 Approved by: re (marius) 2016-03-06T18:22:24Z David Malone dwmalone@FreeBSD.org 2016-03-06T18:22:24Z urn:sha1:025e521088db5d4d6fe24df6237c2cb18b748c73 r295924: Make sure that hash-based db files fsync befor closing/syncing. r295925: We no longer need O_SYNC pwd_mkd r295465: We no longer need O_SYNC on services_mkdb r295800: We no longer need O_SYNC on cap_mkdb Approved by: re (marius) 2016-02-20T22:58:33Z Dag-Erling Smørgrav des@FreeBSD.org 2016-02-20T22:58:33Z urn:sha1:dec1d4d8ec0f25c9b6c15d697d1002bf003caba7 PR: 193871 Approved by: re (gjb) 2016-02-17T11:40:03Z Dag-Erling Smørgrav des@FreeBSD.org 2016-02-17T11:40:03Z urn:sha1:de9066ff28d20c40c2a725b160b514f7e5593092 PR: 206774 Submitted by: Christian Heckendorf <heckendorfc@gmail.com> Approved by: re (glebius) 2016-02-17T11:38:43Z Dag-Erling Smørgrav des@FreeBSD.org 2016-02-17T11:38:43Z urn:sha1:a7a1e9999ddc85e032e43f5c1d53fdd5f8c559d8 Approved by: re (glebius) Relnotes: yes 2016-02-11T17:55:17Z John Baldwin jhb@FreeBSD.org 2016-02-11T17:55:17Z urn:sha1:88ec324afe82d29a8f725266e16e27b73da30a8e - Note that devctl(8) will appear in 10.3 first. - Add missing devctl_set_driver entry to namelist in devlist(3). Approved by: re (gjb) 2016-02-10T00:08:51Z John Baldwin jhb@FreeBSD.org 2016-02-10T00:08:51Z urn:sha1:78e6be6e43440e498ea6fd69e8a477c15f368d1d Fix corruption of coredumps due to procstat notes changing size during coredump generation. The changes in r287442 required some reworking since the 'fo_fill_kinfo' file op does not exist in stable/10. 287442: Detect badly behaved coredump note helpers Coredump notes depend on being able to invoke dump routines twice; once in a dry-run mode to get the size of the note, and another to actually emit the note to the corefile. When a note helper emits a different length section the second time around than the length it requested the first time, the kernel produces a corrupt coredump. NT_PROCSTAT_FILES output length, when packing kinfo structs, is tied to the length of filenames corresponding to vnodes in the process' fd table via vn_fullpath. As vnodes may move around during dump, this is racy. So: - Detect badly behaved notes in putnote() and pad underfilled notes. - Add a fail point, debug.fail_point.fill_kinfo_vnode__random_path to exercise the NT_PROCSTAT_FILES corruption. It simply picks random lengths to expand or truncate paths to in fo_fill_kinfo_vnode(). - Add a sysctl, kern.coredump_pack_fileinfo, to allow users to disable kinfo packing for PROCSTAT_FILES notes. This should avoid both FILES note corruption and truncation, even if filenames change, at the cost of about 1 kiB in padding bloat per open fd. Document the new sysctl in core.5. - Fix note_procstat_files to self-limit in the 2nd pass. Since sometimes this will result in a short write, pad up to our advertised size. This addresses note corruption, at the risk of sometimes truncating the last several fd info entries. - Fix NT_PROCSTAT_FILES consumers libutil and libprocstat to grok the zero padding. 287537: Follow-up to r287442: Move sysctl to compiled-once file Avoid duplicate sysctl nodes. 288944: Fix core corruption caused by race in note_procstat_vmmap This fix is spiritually similar to r287442 and was discovered thanks to the KASSERT added in that revision. NT_PROCSTAT_VMMAP output length, when packing kinfo structs, is tied to the length of filenames corresponding to vnodes in the process' vm map via vn_fullpath. As vnodes may move during coredump, this is racy. We do not remove the race, only prevent it from causing coredump corruption. - Add a sysctl, kern.coredump_pack_vmmapinfo, to allow users to disable kinfo packing for PROCSTAT_VMMAP notes. This avoids VMMAP corruption and truncation, even if names change, at the cost of up to PATH_MAX bytes per mapped object. The new sysctl is documented in core.5. - Fix note_procstat_vmmap to self-limit in the second pass. This addresses corruption, at the cost of sometimes producing a truncated result. - Fix PROCSTAT_VMMAP consumers libutil (and libprocstat, via copy-paste) to grok the new zero padding. Approved by: re (gjb) 2016-02-07T11:38:54Z Dag-Erling Smørgrav des@FreeBSD.org 2016-02-07T11:38:54Z urn:sha1:18f332e3cd2c94e60664a4940f7fd23c1ac7bc12 MFH (r285975, r287143): register mergeinfo for security fixes MFH (r294497, r294498, r295139): internal documentation MFH (r294328): upgrade to openssh 6.7p1, re-add libwrap MFH (r294332): upgrade to openssh 6.8p1 MFH (r294367): update pam_ssh for api changes MFH (r294909): switch usedns back on MFH (r294336): upgrade to openssh 6.9p1 MFH (r294495): re-enable dsa keys MFH (r294464): upgrade to openssh 7.0p1 MFH (r294496): upgrade to openssh 7.1p2 Approved by: re (gjb) Relnotes: yes 2016-02-06T14:03:31Z Warren Block wblock@FreeBSD.org 2016-02-06T14:03:31Z urn:sha1:983df00f24eb430918f2fa0c684a19510ae47148 Add a standards compliance note for strtok_r Approved by: re (marius@)