svn commit: r296928 - in user/cperciva/freebsd-update-build/patches: 10.1-RELEASE 10.2-RELEASE 9.3-RELEASE
Gleb Smirnoff
glebius at FreeBSD.org
Wed Mar 16 04:37:28 UTC 2016
Author: glebius
Date: Wed Mar 16 04:37:26 2016
New Revision: 296928
URL: https://svnweb.freebsd.org/changeset/base/296928
Log:
Two ENs on hyperv and an advisory on OpenSSH.
Added:
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv
user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv
user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth
user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-EN-16:04.hyperv Wed Mar 16 04:37:26 2016 (r296928)
@@ -0,0 +1,48 @@
+--- sys/dev/hyperv/utilities/hv_kvp.c.orig
++++ sys/dev/hyperv/utilities/hv_kvp.c
+@@ -44,6 +44,7 @@
+ #include <sys/reboot.h>
+ #include <sys/lock.h>
+ #include <sys/taskqueue.h>
++#include <sys/selinfo.h>
+ #include <sys/sysctl.h>
+ #include <sys/poll.h>
+ #include <sys/proc.h>
+@@ -114,6 +115,8 @@
+ static struct hv_kvp_msg *hv_kvp_dev_buf;
+ struct proc *daemon_task;
+
++static struct selinfo hv_kvp_selinfo;
++
+ /*
+ * Global state to track and synchronize multiple
+ * KVP transaction requests from the host.
+@@ -628,6 +631,9 @@
+
+ /* Send the msg to user via function deamon_read - setting sema */
+ sema_post(&kvp_globals.dev_sema);
++
++ /* We should wake up the daemon, in case it's doing poll() */
++ selwakeup(&hv_kvp_selinfo);
+ }
+
+
+@@ -940,7 +946,7 @@
+ * for daemon to read.
+ */
+ static int
+-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td __unused)
++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td)
+ {
+ int revents = 0;
+
+@@ -953,6 +959,9 @@
+ */
+ if (kvp_globals.daemon_busy == true)
+ revents = POLLIN;
++ else
++ selrecord(td, &hv_kvp_selinfo);
++
+ mtx_unlock(&kvp_globals.pending_mutex);
+
+ return (revents);
Added: user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.1-RELEASE/31-SA-16:14.openssh-xauth Wed Mar 16 04:37:26 2016 (r296928)
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+
+ #include <arpa/inet.h>
+
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@
+ do_cleanup(authctxt);
+ }
+
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++ size_t i;
++
++ for (i = 0; s[i] != '\0'; i++) {
++ if (!isalnum((u_char)s[i]) &&
++ s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++ s[i] != '-' && s[i] != '_')
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * Prepares for an interactive session. This is called after the user has
+ * been successfully authenticated. During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ s->screen = 0;
+ }
+ packet_check_eom();
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ s->screen = packet_get_int();
+ packet_check_eom();
+
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:04.hyperv Wed Mar 16 04:37:26 2016 (r296928)
@@ -0,0 +1,48 @@
+--- sys/dev/hyperv/utilities/hv_kvp.c.orig
++++ sys/dev/hyperv/utilities/hv_kvp.c
+@@ -44,6 +44,7 @@
+ #include <sys/reboot.h>
+ #include <sys/lock.h>
+ #include <sys/taskqueue.h>
++#include <sys/selinfo.h>
+ #include <sys/sysctl.h>
+ #include <sys/poll.h>
+ #include <sys/proc.h>
+@@ -114,6 +115,8 @@
+ static struct hv_kvp_msg *hv_kvp_dev_buf;
+ struct proc *daemon_task;
+
++static struct selinfo hv_kvp_selinfo;
++
+ /*
+ * Global state to track and synchronize multiple
+ * KVP transaction requests from the host.
+@@ -628,6 +631,9 @@
+
+ /* Send the msg to user via function deamon_read - setting sema */
+ sema_post(&kvp_globals.dev_sema);
++
++ /* We should wake up the daemon, in case it's doing poll() */
++ selwakeup(&hv_kvp_selinfo);
+ }
+
+
+@@ -940,7 +946,7 @@
+ * for daemon to read.
+ */
+ static int
+-hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td __unused)
++hv_kvp_dev_daemon_poll(struct cdev *dev __unused, int events, struct thread *td)
+ {
+ int revents = 0;
+
+@@ -953,6 +959,9 @@
+ */
+ if (kvp_globals.daemon_busy == true)
+ revents = POLLIN;
++ else
++ selrecord(td, &hv_kvp_selinfo);
++
+ mtx_unlock(&kvp_globals.pending_mutex);
+
+ return (revents);
Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-EN-16:05.hyperv Wed Mar 16 04:37:26 2016 (r296928)
@@ -0,0 +1,28 @@
+--- sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c.orig
++++ sys/dev/hyperv/netvsc/hv_netvsc_drv_freebsd.c
+@@ -128,6 +128,15 @@
+ #define HV_NV_SC_PTR_OFFSET_IN_BUF 0
+ #define HV_NV_PACKET_OFFSET_IN_BUF 16
+
++/*
++ * A unified flag for all outbound check sum flags is useful,
++ * and it helps avoiding unnecessary check sum calculation in
++ * network forwarding scenario.
++ */
++#define HV_CSUM_FOR_OUTBOUND \
++ (CSUM_IP|CSUM_IP_UDP|CSUM_IP_TCP|CSUM_IP_SCTP|CSUM_IP_TSO| \
++ CSUM_IP_ISCSI|CSUM_IP6_UDP|CSUM_IP6_TCP|CSUM_IP6_SCTP| \
++ CSUM_IP6_TSO|CSUM_IP6_ISCSI)
+
+ /*
+ * Data types
+@@ -570,7 +579,8 @@
+ packet->vlan_tci & 0xfff;
+ }
+
+- if (0 == m_head->m_pkthdr.csum_flags) {
++ /* Only check the flags for outbound and ignore the ones for inbound */
++ if (0 == (m_head->m_pkthdr.csum_flags & HV_CSUM_FOR_OUTBOUND)) {
+ goto pre_send;
+ }
+
Added: user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/10.2-RELEASE/14-SA-16:14.openssh-xauth Wed Mar 16 04:37:26 2016 (r296928)
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+
+ #include <arpa/inet.h>
+
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@
+ do_cleanup(authctxt);
+ }
+
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++ size_t i;
++
++ for (i = 0; s[i] != '\0'; i++) {
++ if (!isalnum((u_char)s[i]) &&
++ s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++ s[i] != '-' && s[i] != '_')
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * Prepares for an interactive session. This is called after the user has
+ * been successfully authenticated. During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ s->screen = 0;
+ }
+ packet_check_eom();
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ s->screen = packet_get_int();
+ packet_check_eom();
+
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
Added: user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ user/cperciva/freebsd-update-build/patches/9.3-RELEASE/39-SA-16:14.openssh-xauth Wed Mar 16 04:37:26 2016 (r296928)
@@ -0,0 +1,62 @@
+--- crypto/openssh/session.c.orig
++++ crypto/openssh/session.c
+@@ -46,6 +46,7 @@
+
+ #include <arpa/inet.h>
+
++#include <ctype.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
+@@ -274,6 +275,21 @@
+ do_cleanup(authctxt);
+ }
+
++/* Check untrusted xauth strings for metacharacters */
++static int
++xauth_valid_string(const char *s)
++{
++ size_t i;
++
++ for (i = 0; s[i] != '\0'; i++) {
++ if (!isalnum((u_char)s[i]) &&
++ s[i] != '.' && s[i] != ':' && s[i] != '/' &&
++ s[i] != '-' && s[i] != '_')
++ return 0;
++ }
++ return 1;
++}
++
+ /*
+ * Prepares for an interactive session. This is called after the user has
+ * been successfully authenticated. During this message exchange, pseudo
+@@ -347,7 +363,13 @@
+ s->screen = 0;
+ }
+ packet_check_eom();
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
+@@ -2178,7 +2200,13 @@
+ s->screen = packet_get_int();
+ packet_check_eom();
+
+- success = session_setup_x11fwd(s);
++ if (xauth_valid_string(s->auth_proto) &&
++ xauth_valid_string(s->auth_data))
++ success = session_setup_x11fwd(s);
++ else {
++ success = 0;
++ error("Invalid X11 forwarding data");
++ }
+ if (!success) {
+ free(s->auth_proto);
+ free(s->auth_data);
More information about the svn-src-user
mailing list