# HG changeset patch # User Jon Tibble # Date 1335471268 -3600 # Node ID 935cf5917cbce0ce69f6282b48cb805e3763a7e2 # Parent 577f82319ed3c927502869923819d1409e491098# Parent 98ca40df917134ce76c194f9f0a8e2efc5b134a8 Pull in upstream to 13676:98ca40df9171 diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/cmd-crypto/etc/Makefile.ca-links --- a/usr/src/cmd/cmd-crypto/etc/Makefile.ca-links Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/cmd-crypto/etc/Makefile.ca-links Thu Apr 26 21:14:28 2012 +0100 @@ -20,7 +20,7 @@ # # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. -# +# Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. # # These CA certs are extracted from the NSS database libnssckbi.so. @@ -180,3 +180,6 @@ ROOTCALINK=$(ROOTETCCALINKDIR)/`$(OPENSSL) x509 -noout -hash -in $<`.0; \ $(RM) $$ROOTCALINK; \ $(LN) -s $(CATARGDIR)/$(@F) $$ROOTCALINK + -ROOTCALINK=$(ROOTETCCALINKDIR)/`$(OPENSSL) x509 -noout -subject_hash_old -in $< 2>/dev/null`.0; \ + test "$$ROOTCALINK" = "$(ROOTETCCALINKDIR)/.0" || $(RM) $$ROOTCALINK; \ + test "$$ROOTCALINK" = "$(ROOTETCCALINKDIR)/.0" || $(LN) -s $(CATARGDIR)/$(@F) $$ROOTCALINK diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/cache.c --- a/usr/src/cmd/nscd/cache.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/cache.c Thu Apr 26 21:14:28 2012 +0100 @@ -20,6 +20,7 @@ */ /* * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright 2012 Milan Jurik. All rights reserved. */ /* @@ -692,11 +693,11 @@ */ nsc_db_t * make_cache(enum db_type dbtype, int dbop, char *name, - int (*compar) (const void *, const void *), - void (*getlogstr)(char *, char *, size_t, nss_XbyY_args_t *), - uint_t (*gethash)(nss_XbyY_key_t *, int), - enum hash_type httype, int htsize) { - + int (*compar) (const void *, const void *), + void (*getlogstr)(char *, char *, size_t, nss_XbyY_args_t *), + uint_t (*gethash)(nss_XbyY_key_t *, int), + enum hash_type httype, int htsize) +{ nsc_db_t *nscdb; char *me = "make_cache"; @@ -728,7 +729,7 @@ /* The cache is an AVL tree */ avl_create(&nscdb->tree, nscdb->compar, sizeof (nsc_entry_t), - offsetof(nsc_entry_t, avl_link)); + offsetof(nsc_entry_t, avl_link)); /* Assign log routine */ if (getlogstr == NULL) { @@ -957,7 +958,7 @@ */ void nsc_info(nsc_ctx_t *ctx, char *dbname, nscd_cfg_cache_t cfg[], - nscd_cfg_stat_cache_t stats[]) + nscd_cfg_stat_cache_t stats[]) { int i; char *me = "nsc_info"; @@ -1040,7 +1041,8 @@ * not a daemon. */ int -nsc_dump(char *dbname, int dbop) { +nsc_dump(char *dbname, int dbop) +{ nsc_ctx_t *ctx; nsc_db_t *nscdb; nscd_bool_t enabled; @@ -1091,35 +1093,38 @@ /* * These macros are for exclusive use of nsc_lookup */ -#define NSC_LOOKUP_RETURN(retcode, loglevel, fmt) \ - (void) mutex_unlock(&nscdb->db_mutex); \ +#define NSC_LOOKUP_LOG(loglevel, fmt) \ _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_##loglevel) \ - (me, fmt, whoami); \ - return (retcode); + (me, fmt, whoami); + +static int +nsc_lookup_no_cache(nsc_lookup_args_t *largs, const char *str) +{ + char *me = "nsc_lookup_no_cache"; + nss_status_t status; -#define NSC_LOOKUP_NO_CACHE(str) \ - _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) \ - (me, "%s: name service lookup (bypassing cache\n", \ - str); \ - nss_psearch(largs->buffer, largs->bufsize); \ - status = NSCD_GET_STATUS(largs->buffer); \ - _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) \ - (me, "%s: name service lookup status = %d\n", \ - str, status); \ - if (status == NSS_SUCCESS) { \ - return (SUCCESS); \ - } else if (status == NSS_NOTFOUND) \ - return (NOTFOUND); \ - else \ + _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) + (me, "%s: name service lookup (bypassing cache)\n", str); + nss_psearch(largs->buffer, largs->bufsize); + status = NSCD_GET_STATUS(largs->buffer); + _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) + (me, "%s: name service lookup status = %d\n", str, status); + if (status == NSS_SUCCESS) { + return (SUCCESS); + } else if (status == NSS_NOTFOUND) { + return (NOTFOUND); + } else { return (SERVERERROR); + } +} /* * This function starts the revalidation and reaper threads * for a cache */ static void -start_threads(nsc_ctx_t *ctx) { - +start_threads(nsc_ctx_t *ctx) +{ int errnum; char *me = "start_threads"; @@ -1128,11 +1133,11 @@ */ if (ctx->revalidate_on != nscd_true) { if (thr_create(NULL, NULL, (void *(*)(void *))revalidate, - ctx, 0, NULL) != 0) { + ctx, 0, NULL) != 0) { errnum = errno; _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_ERROR) - (me, "thr_create (revalidate thread for %s): %s\n", - ctx->dbname, strerror(errnum)); + (me, "thr_create (revalidate thread for %s): %s\n", + ctx->dbname, strerror(errnum)); exit(1); } ctx->revalidate_on = nscd_true; @@ -1143,11 +1148,11 @@ */ if (ctx->reaper_on != nscd_true) { if (thr_create(NULL, NULL, (void *(*)(void *))reaper, - ctx, 0, NULL) != 0) { + ctx, 0, NULL) != 0) { errnum = errno; _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_ERROR) - (me, "thr_create (reaper thread for %s): %s\n", - ctx->dbname, strerror(errnum)); + (me, "thr_create (reaper thread for %s): %s\n", + ctx->dbname, strerror(errnum)); exit(1); } ctx->reaper_on = nscd_true; @@ -1239,11 +1244,10 @@ static int check_config(nsc_lookup_args_t *largs, nscd_cfg_cache_t *cfgp, - char *whoami, int flag) + char *whoami, int flag) { nsc_db_t *nscdb; nsc_ctx_t *ctx; - nss_status_t status; char *me = "check_config"; ctx = largs->ctx; @@ -1267,18 +1271,16 @@ if (UPDATEBIT & flag) return (NOTFOUND); - else { - NSC_LOOKUP_NO_CACHE(whoami); - } + else + return (nsc_lookup_no_cache(largs, whoami)); } /* * if caller requests lookup using his * own nsswitch config, bypass cache */ - if (nsw_config_in_phdr(largs->buffer)) { - NSC_LOOKUP_NO_CACHE(whoami); - } + if (nsw_config_in_phdr(largs->buffer)) + return (nsc_lookup_no_cache(largs, whoami)); /* no need of cache if we are dealing with 0 ttls */ if (cfgp->pos_ttl <= 0 && cfgp->neg_ttl <= 0) { @@ -1286,7 +1288,7 @@ return (NOTFOUND); else if (cfgp->avoid_ns == nscd_true) return (SERVERERROR); - NSC_LOOKUP_NO_CACHE(whoami); + return (nsc_lookup_no_cache(largs, whoami)); } return (CONTINUE); @@ -1298,7 +1300,7 @@ */ static void check_db_file(nsc_ctx_t *ctx, nscd_cfg_cache_t cfg, - char *whoami, time_t now) + char *whoami, time_t now) { struct stat buf; nscd_bool_t file_modified = nscd_false; @@ -1343,8 +1345,8 @@ } static int -lookup_int(nsc_lookup_args_t *largs, int flag) { - +lookup_int(nsc_lookup_args_t *largs, int flag) +{ nsc_ctx_t *ctx; nsc_db_t *nscdb; nscd_cfg_cache_t cfg; @@ -1364,7 +1366,7 @@ /* extract dbop, dbname, key and cred */ status = nss_packed_getkey(largs->buffer, largs->bufsize, &dbname, - &dbop, &args); + &dbop, &args); if (status != NSS_SUCCESS) { _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_ERROR) (me, "nss_packed_getkey failure (%d)\n", status); @@ -1379,9 +1381,8 @@ if (UPDATEBIT & flag) return (NOTFOUND); - else { - NSC_LOOKUP_NO_CACHE(dbname); - } + else + return (nsc_lookup_no_cache(largs, dbname)); } } ctx = largs->ctx; @@ -1390,13 +1391,12 @@ if ((largs->nscdb = nsc_get_db(ctx, dbop)) == NULL) { _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_WARNING) (me, "%s:%d: no cache found\n", - dbname, dbop); + dbname, dbop); if (UPDATEBIT & flag) return (NOTFOUND); - else { - NSC_LOOKUP_NO_CACHE(dbname); - } + else + return (nsc_lookup_no_cache(largs, dbname)); } } @@ -1404,7 +1404,7 @@ _NSCD_LOG_IF(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_ALL) { (void) nscdb->getlogstr(nscdb->name, whoami, - sizeof (whoami), &args); + sizeof (whoami), &args); } if (UPDATEBIT & flag) { @@ -1436,7 +1436,7 @@ /* Either no entry and avoid name service */ if (rc == NSCD_DB_ENTRY_NOT_FOUND || - rc == NSCD_INVALID_ARGUMENT) + rc == NSCD_INVALID_ARGUMENT) return (NOTFOUND); /* OR memory error */ @@ -1483,10 +1483,10 @@ if (cfg.avoid_ns == nscd_true) next_action = _NSC_USECACHED; else if ((flag & UPDATEBIT) || - (this_stats->timestamp < now)) { + (this_stats->timestamp < now)) { _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) (me, "%s: cached entry needs to be updated\n", - whoami); + whoami); next_action = _NSC_NSLOOKUP; } else next_action = _NSC_USECACHED; @@ -1506,8 +1506,10 @@ _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG_6) (me, "%s: throttling load\n", whoami); - NSC_LOOKUP_RETURN(NOSERVER, WARNING, - "%s: no clearance to wait\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(WARNING, + "%s: no clearance to wait\n"); + return (NOSERVER); } /* yes can wait */ (void) nscd_wait(ctx, nscdb, this_entry); @@ -1535,13 +1537,15 @@ (void) mutex_lock(&ctx->stats_mutex); ctx->stats.drop_count++; (void) mutex_unlock(&ctx->stats_mutex); - NSC_LOOKUP_RETURN(NOSERVER, WARNING, - "%s: no clearance for lookup\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(WARNING, + "%s: no clearance for lookup\n"); + return (NOSERVER); } /* block any threads accessing this entry */ - this_stats->status = (flag & UPDATEBIT)? - ST_UPDATE_PENDING:ST_LOOKUP_PENDING; + this_stats->status = (flag & UPDATEBIT) ? + ST_UPDATE_PENDING : ST_LOOKUP_PENDING; /* release lock and do name service lookup */ (void) mutex_unlock(&nscdb->db_mutex); @@ -1556,7 +1560,7 @@ _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) (me, "%s: name service lookup status = %d\n", - whoami, status); + whoami, status); if (status == NSS_SUCCESS) { int ttl; @@ -1568,20 +1572,24 @@ status = dup_packed_buffer(largs, this_entry); if (status != NSS_SUCCESS) { delete_entry(nscdb, ctx, this_entry); - NSC_LOOKUP_RETURN(SERVERERROR, ERROR, - "%s: failed to update cache\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(ERROR, + "%s: failed to update cache\n"); + return (SERVERERROR); } /* * store unpacked key in cache */ status = nss_packed_getkey(this_entry->buffer, - this_entry->bufsize, - &dbname, &dbop, &args); + this_entry->bufsize, + &dbname, &dbop, &args); if (status != NSS_SUCCESS) { delete_entry(nscdb, ctx, this_entry); - NSC_LOOKUP_RETURN(SERVERERROR, ERROR, - "%s: failed to extract key\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(ERROR, + "%s: failed to extract key\n"); + return (SERVERERROR); } this_entry->key = args.key; /* struct copy */ @@ -1605,8 +1613,10 @@ */ start_threads(ctx); - NSC_LOOKUP_RETURN(SUCCESS, DEBUG, - "%s: cache updated with positive entry\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(DEBUG, + "%s: cache updated with positive entry\n"); + return (SUCCESS); } else if (status == NSS_NOTFOUND) { /* * data not found in name service @@ -1617,25 +1627,32 @@ if (NSCD_GET_ERRNO(largs->buffer) == ERANGE) { delete_entry(nscdb, ctx, this_entry); - NSC_LOOKUP_RETURN(NOTFOUND, DEBUG, - "%s: ERANGE, cache not updated with negative entry\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(DEBUG, + "%s: ERANGE, cache not updated " + "with negative entry\n"); + return (NOTFOUND); } status = dup_packed_buffer(largs, this_entry); if (status != NSS_SUCCESS) { delete_entry(nscdb, ctx, this_entry); - NSC_LOOKUP_RETURN(SERVERERROR, ERROR, - "%s: failed to update cache\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(ERROR, + "%s: failed to update cache\n"); + return (SERVERERROR); } /* store unpacked key in cache */ status = nss_packed_getkey(this_entry->buffer, - this_entry->bufsize, - &dbname, &dbop, &args); + this_entry->bufsize, + &dbname, &dbop, &args); if (status != NSS_SUCCESS) { delete_entry(nscdb, ctx, this_entry); - NSC_LOOKUP_RETURN(SERVERERROR, ERROR, - "%s: failed to extract key\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(ERROR, + "%s: failed to extract key\n"); + return (SERVERERROR); } this_entry->key = args.key; /* struct copy */ @@ -1655,8 +1672,10 @@ */ start_threads(ctx); - NSC_LOOKUP_RETURN(NOTFOUND, DEBUG, - "%s: cache updated with negative entry\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(DEBUG, + "%s: cache updated with negative entry\n"); + return (NOTFOUND); } else { /* * name service lookup failed @@ -1672,8 +1691,9 @@ (void) mutex_unlock(&nscdb->db_mutex); _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_WARNING) - (me, "%s: name service lookup failed (status=%d, errno=%d)\n", - whoami, status, errnum); + (me, "%s: name service lookup failed " + "(status=%d, errno=%d)\n", + whoami, status, errnum); return (SERVERERROR); } @@ -1682,12 +1702,13 @@ * found entry in cache */ if (UPDATEBIT & flag) { - NSC_LOOKUP_RETURN(SUCCESS, DEBUG, - "%s: no need to update\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(DEBUG, "%s: no need to update\n"); + return (SUCCESS); } if (NSCD_GET_STATUS((nss_pheader_t *)this_entry->buffer) == - NSS_SUCCESS) { + NSS_SUCCESS) { /* positive hit */ (void) mutex_lock(&ctx->stats_mutex); ctx->stats.pos_hits++; @@ -1695,13 +1716,17 @@ /* update response buffer */ if (copy_result(largs->buffer, - this_entry->buffer) != NSS_SUCCESS) { - NSC_LOOKUP_RETURN(SERVERERROR, ERROR, - "%s: response buffer insufficient\n"); + this_entry->buffer) != NSS_SUCCESS) { + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(ERROR, + "%s: response buffer insufficient\n"); + return (SERVERERROR); } - NSC_LOOKUP_RETURN(SUCCESS, DEBUG, - "%s: positive entry in cache\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(DEBUG, + "%s: positive entry in cache\n"); + return (SUCCESS); } else { /* negative hit */ (void) mutex_lock(&ctx->stats_mutex); @@ -1709,18 +1734,21 @@ (void) mutex_unlock(&ctx->stats_mutex); NSCD_SET_STATUS((nss_pheader_t *)largs->buffer, - NSCD_GET_STATUS(this_entry->buffer), - NSCD_GET_ERRNO(this_entry->buffer)); + NSCD_GET_STATUS(this_entry->buffer), + NSCD_GET_ERRNO(this_entry->buffer)); NSCD_SET_HERRNO((nss_pheader_t *)largs->buffer, - NSCD_GET_HERRNO(this_entry->buffer)); + NSCD_GET_HERRNO(this_entry->buffer)); - NSC_LOOKUP_RETURN(NOTFOUND, DEBUG, - "%s: negative entry in cache\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(DEBUG, + "%s: negative entry in cache\n"); + return (NOTFOUND); } } - NSC_LOOKUP_RETURN(SERVERERROR, ERROR, - "%s: cache backend failure\n"); + (void) mutex_unlock(&nscdb->db_mutex); + NSC_LOOKUP_LOG(ERROR, "%s: cache backend failure\n"); + return (SERVERERROR); } /* @@ -1741,11 +1769,11 @@ switch (rc) { case SUCCESS: - NSCD_RETURN_STATUS(phdr, NSS_SUCCESS, 0); + NSCD_SET_STATUS(phdr, NSS_SUCCESS, 0); break; case NOTFOUND: - NSCD_RETURN_STATUS(phdr, NSS_NOTFOUND, -1); + NSCD_SET_STATUS(phdr, NSS_NOTFOUND, -1); break; case SERVERERROR: @@ -1759,7 +1787,7 @@ break; case NOSERVER: - NSCD_RETURN_STATUS(phdr, NSS_TRYLOCAL, -1); + NSCD_SET_STATUS(phdr, NSS_TRYLOCAL, -1); break; } } @@ -1946,7 +1974,8 @@ * Invalidate cache */ void -nsc_invalidate(nsc_ctx_t *ctx, char *dbname, nsc_ctx_t **ctxs) { +nsc_invalidate(nsc_ctx_t *ctx, char *dbname, nsc_ctx_t **ctxs) +{ int i; char *me = "nsc_invalidate"; @@ -1957,16 +1986,14 @@ if (dbname) { if ((i = get_cache_idx(dbname)) == -1) { - _NSCD_LOG(NSCD_LOG_CACHE, - NSCD_LOG_LEVEL_WARNING) + _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_WARNING) (me, "%s: invalid cache name\n", dbname); return; } if ((ctx = cache_ctx_p[i]) == NULL) { - _NSCD_LOG(NSCD_LOG_CACHE, - NSCD_LOG_LEVEL_WARNING) + _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_WARNING) (me, "%s: no cache context found\n", - dbname); + dbname); return; } ctx_invalidate(ctx); @@ -1987,7 +2014,8 @@ * Invalidate cache by context */ static void -ctx_invalidate(nsc_ctx_t *ctx) { +ctx_invalidate(nsc_ctx_t *ctx) +{ int i; nsc_entry_t *entry; char *me = "ctx_invalidate"; @@ -2041,8 +2069,8 @@ static nscd_rc_t lookup_cache(nsc_lookup_args_t *largs, nscd_cfg_cache_t *cfgp, - nss_XbyY_args_t *argp, char *whoami, nsc_entry_t **entry) { - + nss_XbyY_args_t *argp, char *whoami, nsc_entry_t **entry) +{ nsc_db_t *nscdb; nsc_ctx_t *ctx; uint_t hash; @@ -2073,8 +2101,8 @@ /* move it to the hash table */ if (nscdb->htable) { if (nscdb->htable[hash] == NULL || - (*entry)->stats.hits >= - nscdb->htable[hash]->stats.hits) { + (*entry)->stats.hits >= + nscdb->htable[hash]->stats.hits) { nscdb->htable[hash] = *entry; } } @@ -2086,18 +2114,16 @@ (me, "%s: cache miss\n", whoami); if (cfgp->avoid_ns == nscd_true) { - _NSCD_LOG(NSCD_LOG_CACHE, - NSCD_LOG_LEVEL_DEBUG) + _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) (me, "%s: avoid name service\n", whoami); return (NSCD_DB_ENTRY_NOT_FOUND); } /* allocate memory for new entry (stub) */ *entry = (nsc_entry_t *)umem_cache_alloc(nsc_entry_cache, - UMEM_DEFAULT); + UMEM_DEFAULT); if (*entry == NULL) { - _NSCD_LOG(NSCD_LOG_CACHE, - NSCD_LOG_LEVEL_ERROR) + _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_ERROR) (me, "%s: memory allocation failure\n", whoami); return (NSCD_NO_MEMORY); } @@ -2132,13 +2158,13 @@ if (cfgp->maxentries > 0 && nentries > cfgp->maxentries) { _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) (me, "%s: maximum entries exceeded -- " - "deleting least recently used entry\n", - whoami); + "deleting least recently used entry\n", + whoami); node = nscdb->qhead; while (node != NULL && node != *entry) { if (node->stats.status == ST_DISCARD || - !(node->stats.status & ST_PENDING)) { + !(node->stats.status & ST_PENDING)) { delete_entry(nscdb, ctx, node); break; } @@ -2156,7 +2182,8 @@ } static void -reaper(nsc_ctx_t *ctx) { +reaper(nsc_ctx_t *ctx) +{ uint_t ttl, extra_sleep, total_sleep, intervals; uint_t nodes_per_interval, seconds_per_interval; ulong_t nsc_entries; @@ -2207,12 +2234,12 @@ _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) (me, "%s: total entries = %d, " - "seconds per interval = %d, " - "nodes per interval = %d\n", - ctx->dbname, nsc_entries, seconds_per_interval, - nodes_per_interval); + "seconds per interval = %d, " + "nodes per interval = %d\n", + ctx->dbname, nsc_entries, seconds_per_interval, + nodes_per_interval); total_sleep = reap_cache(ctx, nodes_per_interval, - seconds_per_interval); + seconds_per_interval); extra_sleep = 1 + ttl - total_sleep; if (extra_sleep > 0) (void) sleep(extra_sleep); @@ -2222,7 +2249,8 @@ static uint_t reap_cache(nsc_ctx_t *ctx, uint_t nodes_per_interval, - uint_t seconds_per_interval) { + uint_t seconds_per_interval) +{ uint_t nodes_togo, total_sleep; time_t now; nsc_entry_t *node, *next_node; @@ -2254,8 +2282,8 @@ if ((node = nscdb->reap_node) == NULL) break; if (node->stats.status == ST_DISCARD || - (!(node->stats.status & ST_PENDING) && - node->stats.timestamp < now)) { + (!(node->stats.status & ST_PENDING) && + node->stats.timestamp < now)) { /* * Delete entry if its discard flag is * set OR if it has expired. Entries @@ -2287,8 +2315,9 @@ */ nentries = avl_numnodes(&nscdb->tree); for (slot = 0, value = _NSC_INIT_HTSIZE_SLOT_VALUE; - slot < _NSC_HTSIZE_NUM_SLOTS && nentries > value; - value = (value << 1) + 1, slot++); + slot < _NSC_HTSIZE_NUM_SLOTS && nentries > value; + value = (value << 1) + 1, slot++) + ; if (nscdb->hash_type == nsc_ht_power2) newhtsize = _NSC_INIT_HTSIZE_POWER2 << slot; else @@ -2302,7 +2331,7 @@ _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_DEBUG) (me, "%s: resizing hash table from %d to %d\n", - nscdb->name, nscdb->htsize, newhtsize); + nscdb->name, nscdb->htsize, newhtsize); /* * Dump old hashes because it would be time @@ -2312,9 +2341,8 @@ nscdb->htable = calloc(newhtsize, sizeof (*(nscdb->htable))); if (nscdb->htable == NULL) { _NSCD_LOG(NSCD_LOG_CACHE, NSCD_LOG_LEVEL_ERROR) - (me, - "%s: memory allocation failure\n", - nscdb->name); + (me, "%s: memory allocation failure\n", + nscdb->name); /* -1 to try later */ nscdb->htsize = -1; } else { @@ -2366,7 +2394,7 @@ node = next_node; next_node = next_node->qprev; if (node->stats.status == ST_DISCARD || - !(node->stats.status & ST_PENDING)) { + !(node->stats.status & ST_PENDING)) { /* Leave nodes with pending updates alone */ delete_entry(nscdb, ctx, node); count++; diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/nscd_admin.c --- a/usr/src/cmd/nscd/nscd_admin.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/nscd_admin.c Thu Apr 26 21:14:28 2012 +0100 @@ -21,10 +21,9 @@ /* * Copyright 2006 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include #include #include @@ -72,11 +71,11 @@ } else { admin_c.cache_cfg[i] = cfg_default; (void) memset(&admin_c.cache_stats[i], 0, - sizeof (admin_c.cache_stats[0])); + sizeof (admin_c.cache_stats[0])); } } (void) memcpy(((char *)outbuf) + phdr->data_off, - &admin_c, sizeof (admin_c)); + &admin_c, sizeof (admin_c)); return (0); } @@ -114,16 +113,16 @@ _nscd_logit(me, "total_size = %d\n", set->total_size); _nscd_logit(me, "debug_level_set = %d, debug_level = %d\n", - set->debug_level_set, set->debug_level); + set->debug_level_set, set->debug_level); _nscd_logit(me, "logfile_set = %d, logfile = %s\n", - set->logfile_set, *set->logfile == '\0' ? - "" : set->logfile); + set->logfile_set, *set->logfile == '\0' ? + "" : set->logfile); _nscd_logit(me, "cache_cfg_num = %d\n", - set->cache_cfg_num); + set->cache_cfg_num); _nscd_logit(me, "cache_flush_num = %d\n", - set->cache_flush_num); + set->cache_flush_num); } /* @@ -132,11 +131,11 @@ if (set->debug_level_set == nscd_true) { if (_nscd_set_debug_level(set->debug_level) - != NSCD_SUCCESS) { + != NSCD_SUCCESS) { _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "unable to set debug level %d\n", - set->debug_level); + set->debug_level); goto err_exit; } @@ -152,7 +151,7 @@ goto err_exit; } (void) strlcpy(admin_c.logfile, set->logfile, - NSCD_LOGFILE_LEN); + NSCD_LOGFILE_LEN); } /* @@ -162,7 +161,7 @@ _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "number of caches (%d) to change out of bound %s\n", - set->cache_cfg_num); + set->cache_cfg_num); goto err_exit; } @@ -177,14 +176,14 @@ if (cache_ctx_p[j] == NULL) { _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "unable to find cache context for %s\n", - dbname); + dbname); } rc = _nscd_cfg_get_handle(group, dbname, &h, NULL); if (rc != NSCD_SUCCESS) { _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "unable to get handle for < %s : %s >\n", - dbname, group); + dbname, group); goto err_exit; } @@ -193,7 +192,7 @@ if (rc != NSCD_SUCCESS) { _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "unable to set admin data for < %s : %s >\n", - dbname, group); + dbname, group); _nscd_cfg_free_handle(h); @@ -209,7 +208,7 @@ _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "number of caches (%d) to flush out of bound %s\n", - set->cache_flush_num); + set->cache_flush_num); goto err_exit; } @@ -222,7 +221,7 @@ if (cache_ctx_p[j] == NULL) { _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "unable to find cache context for %s\n", - dbname); + dbname); } nsc_invalidate(cache_ctx_p[j], NULL, NULL); } @@ -248,9 +247,9 @@ _NSCD_LOG(NSCD_LOG_ADMIN, NSCD_LOG_LEVEL_ERROR) (me, "SETADMIN call failed\n"); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, rc); + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, rc); } else { - NSCD_RETURN_STATUS_SUCCESS(phdr); + NSCD_SET_STATUS_SUCCESS(phdr); } } @@ -393,7 +392,7 @@ callnum = NSCD_GETADMIN; (void) _nscd_doorcall_data(callnum, NULL, sizeof (admin_c), - &admin_c, sizeof (admin_c), &phdr); + &admin_c, sizeof (admin_c), &phdr); if (NSCD_STATUS_IS_NOT_OK(&phdr)) { return (1); @@ -406,5 +405,5 @@ _nscd_client_setadmin() { return (_nscd_doorcall_data(NSCD_SETADMIN, &admin_mod, - sizeof (admin_mod), NULL, 0, NULL)); + sizeof (admin_mod), NULL, 0, NULL)); } diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/nscd_door.c --- a/usr/src/cmd/nscd/nscd_door.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/nscd_door.c Thu Apr 26 21:14:28 2012 +0100 @@ -22,10 +22,9 @@ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #include #include #include @@ -48,14 +47,16 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door is %s (fd is %d)\n", NAME_SERVICE_DOOR, - *doorfd); + *doorfd); - if (*doorfd == -1) - NSCD_RETURN_STATUS(phdr, NSS_ERROR, errno); + if (*doorfd == -1) { + NSCD_SET_STATUS(phdr, NSS_ERROR, errno); + return; + } if (door_info(*doorfd, &doori) < 0 || - (doori.di_attributes & DOOR_REVOKED) || - doori.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) { + (doori.di_attributes & DOOR_REVOKED) || + doori.di_data != (uintptr_t)NAME_SERVICE_DOOR_COOKIE) { /* * we should close doorfd because we just opened it @@ -65,10 +66,11 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door %d not valid\n", *doorfd); - NSCD_RETURN_STATUS(phdr, NSS_ERROR, ECONNREFUSED); + NSCD_SET_STATUS(phdr, NSS_ERROR, ECONNREFUSED); + return; } - NSCD_RETURN_STATUS_SUCCESS(phdr); + NSCD_SET_STATUS_SUCCESS(phdr); } /* general door call functions used by nscd */ @@ -87,15 +89,14 @@ (void) memmove(outdata, dp, phdr->data_len); } else { - _NSCD_LOG(NSCD_LOG_FRONT_END, - NSCD_LOG_LEVEL_DEBUG) + _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "output buffer not large enough " - " should be > %d but is %d\n", - phdr->data_len, outdlen); + " should be > %d but is %d\n", + phdr->data_len, outdlen); if (outphdr != NULL) { NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, - 0, NSCD_INVALID_ARGUMENT); + 0, NSCD_INVALID_ARGUMENT); NSCD_COPY_STATUS(outphdr, phdr); } ret = NSS_NSCD_PRIV; @@ -130,7 +131,7 @@ phdr = (nss_pheader_t *)dptr; _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door call (%d) failed (status = %d, error = %s)\n", - callnum, ret, strerror(NSCD_GET_ERRNO(phdr))); + callnum, ret, strerror(NSCD_GET_ERRNO(phdr))); } return (ret); @@ -169,7 +170,7 @@ if (ret != NSS_SUCCESS) { _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door call (%d) failed (status = %d, error = %s)\n", - callnum, ret, strerror(NSCD_GET_ERRNO(phdr_d))); + callnum, ret, strerror(NSCD_GET_ERRNO(phdr_d))); } else { if (phdr != NULL) { NSCD_COPY_STATUS(phdr, phdr_d); @@ -230,7 +231,7 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door call (%d to %d) did not get through (%s)\n", - callnum, fd, strerror(errnum)); + callnum, fd, strerror(errnum)); return (NSS_ERROR); } @@ -250,9 +251,9 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door call (%d to %d) failed: p_status = %d, " - "p_errno = %s, nscd status = %d\n", callnum, fd, - ret, strerror(NSCD_GET_ERRNO(phdr_d)), - NSCD_GET_NSCD_STATUS(phdr_d)); + "p_errno = %s, nscd status = %d\n", callnum, fd, + ret, strerror(NSCD_GET_ERRNO(phdr_d)), + NSCD_GET_NSCD_STATUS(phdr_d)); } else ret = copy_output(outdata, outdlen, phdr_d, phdr); @@ -291,21 +292,20 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door call (to fd %d) failed (%s)\n", - doorfd, strerror(errnum)); + doorfd, strerror(errnum)); (void) close(doorfd); - NSCD_RETURN_STATUS(phdr, NSS_ERROR, errnum); + NSCD_SET_STATUS(phdr, NSS_ERROR, errnum); + return; } *adata = param.data_size; *ndata = param.rsize; *dptr = (void *)param.data_ptr; if (*adata == 0 || *dptr == NULL) { - (void) close(doorfd); - _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "no data\n"); - NSCD_RETURN_STATUS(phdr, NSS_ERROR, ENOTCONN); + NSCD_SET_STATUS(phdr, NSS_ERROR, ENOTCONN); } (void) close(doorfd); @@ -348,8 +348,8 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door call (%d) failed (status = %d, error = %s)\n", - callnum, NSCD_GET_STATUS(phdr_d), - strerror(NSCD_GET_ERRNO(phdr_d))); + callnum, NSCD_GET_STATUS(phdr_d), + strerror(NSCD_GET_ERRNO(phdr_d))); } return (NSCD_GET_STATUS(phdr_d)); diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/nscd_door.h --- a/usr/src/cmd/nscd/nscd_door.h Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/nscd_door.h Thu Apr 26 21:14:28 2012 +0100 @@ -22,13 +22,12 @@ /* * Copyright 2007 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #ifndef _NSCD_DOOR_H #define _NSCD_DOOR_H -#pragma ident "%Z%%M% %I% %E% SMI" - /* * Definitions for nscd to nscd door interfaces */ @@ -97,24 +96,10 @@ (ph)->p_herrno = herrno; -#define NSCD_RETURN_STATUS(ph, st, errno) \ - { \ - int e = errno; \ - (ph)->p_status = st; \ - if (e != -1) \ - (ph)->p_errno = e; \ - return; \ - } - #define NSCD_SET_STATUS_SUCCESS(ph) \ (ph)->p_status = NSS_SUCCESS; \ (ph)->p_errno = 0; -#define NSCD_RETURN_STATUS_SUCCESS(ph) \ - (ph)->p_status = NSS_SUCCESS; \ - (ph)->p_errno = 0; \ - return; - #define NSCD_SET_N2N_STATUS(ph, st, errno, n2nst) \ { \ int e = errno; \ @@ -124,16 +109,6 @@ (ph)->nscdpriv = n2nst; \ } -#define NSCD_RETURN_N2N_STATUS(ph, st, errno, n2nst) \ - { \ - int e = errno; \ - (ph)->p_status = st; \ - if (e != -1) \ - (ph)->p_errno = e; \ - (ph)->nscdpriv = n2nst; \ - return; \ - } - #define NSCD_STATUS_IS_OK(ph) \ (((ph)->p_status) == NSS_SUCCESS) diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/nscd_frontend.c --- a/usr/src/cmd/nscd/nscd_frontend.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/nscd_frontend.c Thu Apr 26 21:14:28 2012 +0100 @@ -21,6 +21,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #include @@ -389,7 +390,8 @@ _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) (me, "door_ucred: %s\n", strerror(errno)); - NSCD_RETURN_STATUS(phdr, NSS_ERROR, errnum); + NSCD_SET_STATUS(phdr, NSS_ERROR, errnum); + return; } eset = ucred_getprivset(uc, PRIV_EFFECTIVE); @@ -405,7 +407,8 @@ ucred_getruid(uc), ucred_geteuid(uc), zoneid); ucred_free(uc); - NSCD_RETURN_STATUS(phdr, NSS_ERROR, EACCES); + NSCD_SET_STATUS(phdr, NSS_ERROR, EACCES); + return; } _NSCD_LOG(NSCD_LOG_FRONT_END, NSCD_LOG_LEVEL_DEBUG) @@ -415,7 +418,7 @@ ucred_free(uc); - NSCD_RETURN_STATUS_SUCCESS(phdr); + NSCD_SET_STATUS_SUCCESS(phdr); } void @@ -439,7 +442,8 @@ _NSCD_LOG(log_comp, NSCD_LOG_LEVEL_ERROR) (me, "door_ucred: %s\n", strerror(errno)); - NSCD_RETURN_STATUS(phdr, NSS_ERROR, errnum); + NSCD_SET_STATUS(phdr, NSS_ERROR, errnum); + return; } NSCD_SET_STATUS_SUCCESS(phdr); diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/nscd_selfcred.c --- a/usr/src/cmd/nscd/nscd_selfcred.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/nscd_selfcred.c Thu Apr 26 21:14:28 2012 +0100 @@ -520,8 +520,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "door_ucred failed: %s\n", strerror(errnum)); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, NSCD_DOOR_UCRED_ERROR); + return; } uid = ucred_geteuid(uc); @@ -716,8 +717,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_MAIN_IMPOSTER); + return; } /* forker doesn't return stats, it just pauses */ @@ -725,11 +727,8 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "forker ready to pause ...\n"); - /*CONSTCOND*/ - while (1) + for (;;) (void) pause(); - - NSCD_RETURN_STATUS_SUCCESS(phdr); } /* remember the current activity sequence number */ @@ -784,8 +783,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "MAIN IMPOSTER CAUGHT! i am %d not NSCD_MAIN\n", iam); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_MAIN_IMPOSTER); + return; } /* only forker handles fork requests */ @@ -793,8 +793,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "MAIN IMPOSTER CAUGHT! I AM NOT FORKER!\n"); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_WRONG_NSCD); + return; } /* fork a child for the slot assigned by the main nscd */ @@ -809,8 +810,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "bas slot number\n"); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_INVALID_SLOT_NUMBER); + return; } _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) @@ -854,7 +856,8 @@ NSCD_IMHERE | (NSCD_CHILD & NSCD_WHOAMI), &ih, sizeof (ih), NULL); - NSCD_RETURN_STATUS_SUCCESS(phdr); + NSCD_SET_STATUS_SUCCESS(phdr); + return; } if (cid == (pid_t)-1) { _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "forker unable to fork ...\n"); @@ -953,8 +956,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_ERROR) (me, "no door to talk to the forker\n"); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_NO_FORKER); + return; } /* get door client's credential information */ @@ -963,8 +967,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "door_ucred failed: %s\n", strerror(errnum)); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, NSCD_DOOR_UCRED_ERROR); + return; } /* get door client's effective uid and effective gid */ @@ -983,8 +988,9 @@ (me, "no child slot available (child array = %p, slot = %d)\n", child, ch->child_slot); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_NO_CHILD_SLOT); + return; } /* create the per user nscd if necessary */ @@ -1036,8 +1042,9 @@ if (ch->child_state != CHILD_STATE_PIDKNOWN) { - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_INVALID_SLOT_STATE); + return; } *door = ch->child_door; @@ -1046,7 +1053,7 @@ (me, "returning door %d for slot %d, uid %d, gid = %d\n", *door, ch->child_slot, set2uid, set2gid); - NSCD_RETURN_STATUS(phdr, NSS_ALTRETRY, 0); + NSCD_SET_STATUS(phdr, NSS_ALTRETRY, 0); } static char ** @@ -1260,8 +1267,9 @@ _NSCD_LOG(NSCD_LOG_SELF_CRED, NSCD_LOG_LEVEL_DEBUG) (me, "door_ucred failed: %s\n", strerror(errnum)); - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, errnum, NSCD_DOOR_UCRED_ERROR); + return; } /* get door client's effective uid */ @@ -1275,8 +1283,9 @@ /* is the per-user nscd running ? if not, no one to serve */ ch = get_cslot(uid, 1); if (ch == NULL) { - NSCD_RETURN_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, + NSCD_SET_N2N_STATUS(phdr, NSS_NSCD_PRIV, 0, NSCD_SELF_CRED_NO_CHILD_SLOT); + return; } ret = _nscd_doorcall_fd(ch->child_door, NSCD_GETADMIN, @@ -1457,8 +1466,7 @@ int found; char *me = "check_user_process"; - /*CONSTCOND*/ - while (1) { + for (;;) { (void) sleep(60); found = 0; @@ -1492,7 +1500,6 @@ } (void) closedir(dp); } - /* NOTREACHED */ /*LINTED E_FUNC_HAS_NO_RETURN_STMT*/ } diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/nscd/nscd_switch.c --- a/usr/src/cmd/nscd/nscd_switch.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/nscd/nscd_switch.c Thu Apr 26 21:14:28 2012 +0100 @@ -22,6 +22,7 @@ /* * Copyright 2009 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright 2012 Milan Jurik. All rights reserved. */ #include /* getenv() */ @@ -1352,13 +1353,15 @@ char *me = "nss_psearch"; if (buffer == NULL || length == 0) { - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } status = nss_packed_arg_init(buffer, length, NULL, &initf, &dbop, &arg); if (status != NSS_SUCCESS) { - NSCD_RETURN_STATUS(pbuf, status, -1); + NSCD_SET_STATUS(pbuf, status, -1); + return; } /* @@ -1376,7 +1379,8 @@ */ rc = set_initf_key(pbuf); if (rc != 0) { - NSCD_RETURN_STATUS(pbuf, NSS_UNAVAIL, EINVAL); + NSCD_SET_STATUS(pbuf, NSS_UNAVAIL, EINVAL); + return; } initf = nscd_initf; @@ -1443,7 +1447,8 @@ nscd_getent_p1_cookie_t *cookie; if (buffer == NULL) { - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } off = pbuf->key_off; @@ -1464,7 +1469,8 @@ if (cookie_num_p != NULL) *cookie_num_p = &cookie->p1_cookie_num; if (setent == 1 && cookie->p1_cookie_num == NSCD_NEW_COOKIE) { - NSCD_RETURN_STATUS_SUCCESS(pbuf); + NSCD_SET_STATUS_SUCCESS(pbuf); + return; } /* @@ -1475,8 +1481,10 @@ if (cookie->p1_seqnum == NSCD_P0_COOKIE_SEQNUM) { nscd_getent_p0_cookie_t *p0c = (nscd_getent_p0_cookie_t *)cookie; - if (p0c->p0_time == _nscd_get_start_time()) - NSCD_RETURN_STATUS_SUCCESS(pbuf); + if (p0c->p0_time == _nscd_get_start_time()) { + NSCD_SET_STATUS_SUCCESS(pbuf); + return; + } } _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) @@ -1490,7 +1498,8 @@ (me, "No matching context found (cookie number: %lld)\n", cookie->p1_cookie_num); - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } /* if not called by nss_psetent, verify sequence number */ @@ -1500,12 +1509,13 @@ (me, "invalid sequence # (%lld)\n", cookie->p1_seqnum); _nscd_free_ctx_if_aborted(ctx); - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } contextp->ctx = (struct nss_getent_context *)ctx; - NSCD_RETURN_STATUS_SUCCESS(pbuf); + NSCD_SET_STATUS_SUCCESS(pbuf); } void @@ -1520,7 +1530,8 @@ char *me = "nss_psetent"; if (buffer == NULL || length == 0) { - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } /* @@ -1542,7 +1553,8 @@ _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "NSS_TRYLOCAL: fallback to caller process\n"); - NSCD_RETURN_STATUS(pbuf, NSS_TRYLOCAL, 0); + NSCD_SET_STATUS(pbuf, NSS_TRYLOCAL, 0); + return; } } } @@ -1590,7 +1602,7 @@ (me, "returning a p0 cookie: pid = %ld, time = %ld, seq #= %llx\n", p0c->p0_pid, p0c->p0_time, p0c->p0_seqnum); - NSCD_RETURN_STATUS(pbuf, NSS_SUCCESS, 0); + NSCD_SET_STATUS(pbuf, NSS_SUCCESS, 0); } static void @@ -1639,14 +1651,15 @@ _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "NSS_TRYLOCAL: cookie # = %lld, sequence # = %lld\n", *cookie_num_p, *seqnum_p); - NSCD_RETURN_STATUS(pbuf, NSS_TRYLOCAL, 0); + NSCD_SET_STATUS(pbuf, NSS_TRYLOCAL, 0); + return; } _NSCD_LOG(NSCD_LOG_SWITCH_ENGINE, NSCD_LOG_LEVEL_DEBUG) (me, "NSS_SUCCESS: cookie # = %lld, sequence # = %lld\n", ctx->cookie_num, ctx->seq_num); - NSCD_RETURN_STATUS(pbuf, NSS_SUCCESS, 0); + NSCD_SET_STATUS(pbuf, NSS_SUCCESS, 0); } void @@ -1666,7 +1679,8 @@ char *me = "nss_pgetent"; if (buffer == NULL || length == 0) { - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } /* verify the cookie passed in */ @@ -1680,7 +1694,8 @@ */ rc = set_initf_key(pbuf); if (rc != 0) { - NSCD_RETURN_STATUS(pbuf, NSS_UNAVAIL, EINVAL); + NSCD_SET_STATUS(pbuf, NSS_UNAVAIL, EINVAL); + return; } initf = nscd_initf; @@ -1703,7 +1718,8 @@ clear_initf_key(); _nscd_free_ctx_if_aborted( (nscd_getent_context_t *)contextp->ctx); - NSCD_RETURN_STATUS(pbuf, status, -1); + NSCD_SET_STATUS(pbuf, status, -1); + return; } /* Perform local search and pack results into return buffer */ @@ -1751,7 +1767,8 @@ char *me = "nss_pendent"; if (buffer == NULL || length == 0) { - NSCD_RETURN_STATUS(pbuf, NSS_ERROR, EFAULT); + NSCD_SET_STATUS(pbuf, NSS_ERROR, EFAULT); + return; } /* map the contextp from the cookie information */ @@ -1769,7 +1786,7 @@ /* Perform local endent and reset context */ nss_endent(NULL, NULL, contextp); - NSCD_RETURN_STATUS(pbuf, NSS_SUCCESS, 0); + NSCD_SET_STATUS(pbuf, NSS_SUCCESS, 0); } /*ARGSUSED*/ @@ -1779,5 +1796,5 @@ nss_pheader_t *pbuf = (nss_pheader_t *)buffer; /* unnecessary, kept for completeness */ - NSCD_RETURN_STATUS_SUCCESS(pbuf); + NSCD_SET_STATUS_SUCCESS(pbuf); } diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/sendmail/src/tls.c --- a/usr/src/cmd/sendmail/src/tls.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/sendmail/src/tls.c Thu Apr 26 21:14:28 2012 +0100 @@ -1,6 +1,7 @@ /* * Copyright (c) 2000-2006, 2008, 2009 Sendmail, Inc. and its suppliers. * All rights reserved. + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. * * By using this file, you agree to the terms and conditions set * forth in the LICENSE file which can be found at the top level of @@ -1168,7 +1169,7 @@ MACROS_T *mac; bool certreq; { - SSL_CIPHER *c; + const SSL_CIPHER *c; int b, r; long verifyok; char *s, *who; diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/sgs/include/rtld.h --- a/usr/src/cmd/sgs/include/rtld.h Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/sgs/include/rtld.h Thu Apr 26 21:14:28 2012 +0100 @@ -1106,6 +1106,10 @@ * capabilities of the system. This structure follows the Objcapset definition * from libld.h, however the system can only have one platform or machine * hardware name, thus this structure is a little simpler. + * + * Note, the amd64 version of elf_rtbndr assumes that the sc_hw_1 value is at + * offset zero. If you are changing this structure in a way that invalidates + * this you need to update that code. */ typedef struct { elfcap_mask_t sc_hw_1; /* CA_SUNW_HW_1 capabilities */ diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/sgs/rtld/amd64/boot_elf.s --- a/usr/src/cmd/sgs/rtld/amd64/boot_elf.s Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/sgs/rtld/amd64/boot_elf.s Thu Apr 26 21:14:28 2012 +0100 @@ -22,10 +22,9 @@ /* * Copyright 2008 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. + * Copyright (c) 2012 Joyent, Inc. All rights reserved. */ -#pragma ident "%Z%%M% %I% %E% SMI" - #if defined(lint) #include @@ -33,6 +32,7 @@ #include <_audit.h> #include <_elf.h> #include +#include /* ARGSUSED0 */ int @@ -45,6 +45,7 @@ #include #include <_audit.h> #include +#include .file "boot_elf.s" .text @@ -106,12 +107,12 @@ * %r11 8 * %rax 8 * ======= - * Subtotal: 144 (16byte aligned) + * Subtotal: 144 (32byte aligned) * * Saved Media Regs (used to pass floating point args): - * %xmm0 - %xmm7 16 * 8: 128 + * %xmm0 - %xmm7 32 * 8: 256 * ======= - * Total: 272 (16byte aligned) + * Total: 400 (32byte aligned) * * So - will subtract the following to create enough space * @@ -131,14 +132,14 @@ * -144(%rbp) entering %r10 * -152(%rbp) entering %r11 * -160(%rbp) entering %rax - * -176(%rbp) entering %xmm0 - * -192(%rbp) entering %xmm1 - * -208(%rbp) entering %xmm2 - * -224(%rbp) entering %xmm3 - * -240(%rbp) entering %xmm4 - * -256(%rbp) entering %xmm5 - * -272(%rbp) entering %xmm6 - * -288(%rbp) entering %xmm7 + * -192(%rbp) entering %xmm0 + * -224(%rbp) entering %xmm1 + * -256(%rbp) entering %xmm2 + * -288(%rbp) entering %xmm3 + * -320(%rbp) entering %xmm4 + * -384(%rbp) entering %xmm5 + * -416(%rbp) entering %xmm6 + * -448(%rbp) entering %xmm7 * */ #define SPDYNOFF -8 @@ -148,39 +149,41 @@ /* * The next set of offsets are relative to %rsp. - * We guarantee %rsp is ABI compliant 16-byte aligned. This guarantees the - * xmm registers are saved to 16-byte aligned addresses. + * We guarantee %rsp is ABI compliant 32-byte aligned. This guarantees the + * ymm registers are saved to 32-byte aligned addresses. * %rbp may only be 8 byte aligned if we came in from non-ABI compliant code. */ -#define SPRDIOFF 192 -#define SPRSIOFF 184 -#define SPRDXOFF 176 -#define SPRCXOFF 168 -#define SPR8OFF 160 -#define SPR9OFF 152 -#define SPR10OFF 144 -#define SPR11OFF 136 -#define SPRAXOFF 128 -#define SPXMM0OFF 112 -#define SPXMM1OFF 96 -#define SPXMM2OFF 80 -#define SPXMM3OFF 64 -#define SPXMM4OFF 48 -#define SPXMM5OFF 32 -#define SPXMM6OFF 16 +#define SPRDIOFF 320 +#define SPRSIOFF 312 +#define SPRDXOFF 304 +#define SPRCXOFF 296 +#define SPR8OFF 288 +#define SPR9OFF 280 +#define SPR10OFF 272 +#define SPR11OFF 264 +#define SPRAXOFF 256 +#define SPXMM0OFF 224 +#define SPXMM1OFF 192 +#define SPXMM2OFF 160 +#define SPXMM3OFF 128 +#define SPXMM4OFF 96 +#define SPXMM5OFF 64 +#define SPXMM6OFF 32 #define SPXMM7OFF 0 + /* See elf_rtbndr for explanation behind org_scapset */ + .extern org_scapset .globl elf_plt_trace .type elf_plt_trace,@function .align 16 elf_plt_trace: /* - * Enforce ABI 16-byte stack alignment here. + * Enforce ABI 32-byte stack alignment here. * The next andq instruction does this pseudo code: * If %rsp is 8 byte aligned then subtract 8 from %rsp. */ - andq $-16, %rsp /* enforce ABI 16-byte stack alignment */ - subq $272,%rsp / create some local storage + andq $-32, %rsp /* enforce ABI 32-byte stack alignment */ + subq $400,%rsp / create some local storage movq %rdi, SPRDIOFF(%rsp) movq %rsi, SPRSIOFF(%rsp) @@ -191,6 +194,14 @@ movq %r10, SPR10OFF(%rsp) movq %r11, SPR11OFF(%rsp) movq %rax, SPRAXOFF(%rsp) + + movq org_scapset@GOTPCREL(%rip),%r9 + movq (%r9),%r9 + movl (%r9),%edx + testl $AV_386_AVX,%edx + jne .trace_save_ymm + +.trace_save_xmm: movdqa %xmm0, SPXMM0OFF(%rsp) movdqa %xmm1, SPXMM1OFF(%rsp) movdqa %xmm2, SPXMM2OFF(%rsp) @@ -199,6 +210,19 @@ movdqa %xmm5, SPXMM5OFF(%rsp) movdqa %xmm6, SPXMM6OFF(%rsp) movdqa %xmm7, SPXMM7OFF(%rsp) + jmp .trace_save_finish + +.trace_save_ymm: + vmovdqa %ymm0, SPXMM0OFF(%rsp) + vmovdqa %ymm1, SPXMM1OFF(%rsp) + vmovdqa %ymm2, SPXMM2OFF(%rsp) + vmovdqa %ymm3, SPXMM3OFF(%rsp) + vmovdqa %ymm4, SPXMM4OFF(%rsp) + vmovdqa %ymm5, SPXMM5OFF(%rsp) + vmovdqa %ymm6, SPXMM6OFF(%rsp) + vmovdqa %ymm7, SPXMM7OFF(%rsp) + +.trace_save_finish: movq SPDYNOFF(%rbp), %rax / %rax = dyndata testb $LA_SYMB_NOPLTENTER, SBFLAGS_OFF(%rax) / @@ -273,6 +297,34 @@ / / Restore registers / + movq org_scapset@GOTPCREL(%rip),%r9 + movq (%r9),%r9 + movl (%r9),%edx + testl $AV_386_AVX,%edx + jne .trace_restore_ymm + +.trace_restore_xmm: + movdqa SPXMM0OFF(%rsp), %xmm0 + movdqa SPXMM1OFF(%rsp), %xmm1 + movdqa SPXMM2OFF(%rsp), %xmm2 + movdqa SPXMM3OFF(%rsp), %xmm3 + movdqa SPXMM4OFF(%rsp), %xmm4 + movdqa SPXMM5OFF(%rsp), %xmm5 + movdqa SPXMM6OFF(%rsp), %xmm6 + movdqa SPXMM7OFF(%rsp), %xmm7 + jmp .trace_restore_finish + +.trace_restore_ymm: + vmovdqa SPXMM0OFF(%rsp), %ymm0 + vmovdqa SPXMM1OFF(%rsp), %ymm1 + vmovdqa SPXMM2OFF(%rsp), %ymm2 + vmovdqa SPXMM3OFF(%rsp), %ymm3 + vmovdqa SPXMM4OFF(%rsp), %ymm4 + vmovdqa SPXMM5OFF(%rsp), %ymm5 + vmovdqa SPXMM6OFF(%rsp), %ymm6 + vmovdqa SPXMM7OFF(%rsp), %ymm7 + +.trace_restore_finish: movq SPRDIOFF(%rsp), %rdi movq SPRSIOFF(%rsp), %rsi movq SPRDXOFF(%rsp), %rdx @@ -282,14 +334,6 @@ movq SPR10OFF(%rsp), %r10 movq SPR11OFF(%rsp), %r11 movq SPRAXOFF(%rsp), %rax - movdqa SPXMM0OFF(%rsp), %xmm0 - movdqa SPXMM1OFF(%rsp), %xmm1 - movdqa SPXMM2OFF(%rsp), %xmm2 - movdqa SPXMM3OFF(%rsp), %xmm3 - movdqa SPXMM4OFF(%rsp), %xmm4 - movdqa SPXMM5OFF(%rsp), %xmm5 - movdqa SPXMM6OFF(%rsp), %xmm6 - movdqa SPXMM7OFF(%rsp), %xmm7 subq $8, %rbp / adjust %rbp for 'ret' movq %rbp, %rsp / @@ -365,6 +409,36 @@ / Restore registers using %r11 which contains our old %rsp value / before growing the stack. / + + / Yes, we have to do this dance again. Sorry. + movq org_scapset@GOTPCREL(%rip),%r9 + movq (%r9),%r9 + movl (%r9),%edx + testl $AV_386_AVX,%edx + jne .trace_r2_ymm + +.trace_r2_xmm: + movdqa SPXMM0OFF(%r11), %xmm0 + movdqa SPXMM1OFF(%r11), %xmm1 + movdqa SPXMM2OFF(%r11), %xmm2 + movdqa SPXMM3OFF(%r11), %xmm3 + movdqa SPXMM4OFF(%r11), %xmm4 + movdqa SPXMM5OFF(%r11), %xmm5 + movdqa SPXMM6OFF(%r11), %xmm6 + movdqa SPXMM7OFF(%r11), %xmm7 + jmp .trace_r2_finish + +.trace_r2_ymm: + vmovdqa SPXMM0OFF(%r11), %ymm0 + vmovdqa SPXMM1OFF(%r11), %ymm1 + vmovdqa SPXMM2OFF(%r11), %ymm2 + vmovdqa SPXMM3OFF(%r11), %ymm3 + vmovdqa SPXMM4OFF(%r11), %ymm4 + vmovdqa SPXMM5OFF(%r11), %ymm5 + vmovdqa SPXMM6OFF(%r11), %ymm6 + vmovdqa SPXMM7OFF(%r11), %ymm7 + +.trace_r2_finish: movq SPRDIOFF(%r11), %rdi movq SPRSIOFF(%r11), %rsi movq SPRDXOFF(%r11), %rdx @@ -373,14 +447,6 @@ movq SPR9OFF(%r11), %r9 movq SPR10OFF(%r11), %r10 movq SPRAXOFF(%r11), %rax - movdqa SPXMM0OFF(%r11), %xmm0 - movdqa SPXMM1OFF(%r11), %xmm1 - movdqa SPXMM2OFF(%r11), %xmm2 - movdqa SPXMM3OFF(%r11), %xmm3 - movdqa SPXMM4OFF(%r11), %xmm4 - movdqa SPXMM5OFF(%r11), %xmm5 - movdqa SPXMM6OFF(%r11), %xmm6 - movdqa SPXMM7OFF(%r11), %xmm7 movq SPR11OFF(%r11), %r11 / retore %r11 last /* @@ -493,7 +559,14 @@ * the AMD64 ABI. We must save on the local stack all possible register * arguments before interposing functions to resolve the called function. * Possible arguments must be restored before invoking the resolved function. - * + * + * Before the AVX instruction set enhancements to AMD64 there were no changes in + * the set of registers and their sizes across different processors. With AVX, + * the xmm registers became the lower 128 bits of the ymm registers. Because of + * this, we need to conditionally save 256 bits instead of 128 bits. Regardless + * of whether we have ymm registers or not, we're always going to push the stack + * space assuming that we do to simplify the code. + * * Local stack space storage for elf_rtbndr is allocated as follows: * * Saved regs: @@ -506,12 +579,12 @@ * %r9 8 * %r10 8 * ======= - * Subtotal: 64 (16byte aligned) + * Subtotal: 64 (32byte aligned) * * Saved Media Regs (used to pass floating point args): - * %xmm0 - %xmm7 16 * 8: 128 + * %ymm0 - %ymm7 32 * 8 256 * ======= - * Total: 192 (16byte aligned) + * Total: 320 (32byte aligned) * * So - will subtract the following to create enough space * @@ -523,21 +596,25 @@ * 40(%rsp) save %r8 * 48(%rsp) save %r9 * 56(%rsp) save %r10 - * 64(%rsp) save %xmm0 - * 80(%rsp) save %xmm1 - * 96(%rsp) save %xmm2 - * 112(%rsp) save %xmm3 - * 128(%rsp) save %xmm4 - * 144(%rsp) save %xmm5 - * 160(%rsp) save %xmm6 - * 176(%rsp) save %xmm7 + * 64(%rsp) save %ymm0 + * 96(%rsp) save %ymm1 + * 128(%rsp) save %ymm2 + * 160(%rsp) save %ymm3 + * 192(%rsp) save %ymm4 + * 224(%rsp) save %ymm5 + * 256(%rsp) save %ymm6 + * 288(%rsp) save %ymm7 * * Note: Some callers may use 8-byte stack alignment instead of the * ABI required 16-byte alignment. We use %rsp offsets to save/restore * registers because %rbp may not be 16-byte aligned. We guarantee %rsp * is 16-byte aligned in the function preamble. */ -#define LS_SIZE $192 /* local stack space to save all possible arguments */ +/* + * As the registers may either be xmm or ymm, we've left the name as xmm, but + * increased the offset between them to always cover the xmm and ymm cases. + */ +#define LS_SIZE $320 /* local stack space to save all possible arguments */ #define LSRAXOFF 0 /* for SSE register count */ #define LSRDIOFF 8 /* arg 0 ... */ #define LSRSIOFF 16 @@ -547,14 +624,23 @@ #define LSR9OFF 48 #define LSR10OFF 56 /* ... arg 5 */ #define LSXMM0OFF 64 /* SSE arg 0 ... */ -#define LSXMM1OFF 80 -#define LSXMM2OFF 96 -#define LSXMM3OFF 112 -#define LSXMM4OFF 128 -#define LSXMM5OFF 144 -#define LSXMM6OFF 160 -#define LSXMM7OFF 176 /* ... SSE arg 7 */ +#define LSXMM1OFF 96 +#define LSXMM2OFF 128 +#define LSXMM3OFF 160 +#define LSXMM4OFF 192 +#define LSXMM5OFF 224 +#define LSXMM6OFF 256 +#define LSXMM7OFF 288 /* ... SSE arg 7 */ + /* + * The org_scapset is a global variable that is a part of rtld. It + * contains the capabilities that the kernel has told us are supported + * (auxv_hwcap). This is necessary for determining whether or not we + * need to save and restore AVX registers or simple SSE registers. Note, + * that the field we care about is currently at offset 0, if that + * changes, this code will have to be updated. + */ + .extern org_scapset .weak _elf_rtbndr _elf_rtbndr = elf_rtbndr @@ -569,7 +655,7 @@ * The next andq instruction does this pseudo code: * If %rsp is 8 byte aligned then subtract 8 from %rsp. */ - andq $-16, %rsp /* enforce ABI 16-byte stack alignment */ + andq $-32, %rsp /* enforce ABI 32-byte stack alignment */ subq LS_SIZE, %rsp /* save all ABI defined argument registers */ @@ -582,6 +668,16 @@ movq %r9, LSR9OFF(%rsp) /* .. arg 5 */ movq %r10, LSR10OFF(%rsp) /* call chain reg */ + /* + * Our xmm registers could secretly by ymm registers in disguise. + */ + movq org_scapset@GOTPCREL(%rip),%r9 + movq (%r9),%r9 + movl (%r9),%edx + testl $AV_386_AVX,%edx + jne .save_ymm + +.save_xmm: movdqa %xmm0, LSXMM0OFF(%rsp) /* SSE arg 0 ... */ movdqa %xmm1, LSXMM1OFF(%rsp) movdqa %xmm2, LSXMM2OFF(%rsp) @@ -590,14 +686,57 @@ movdqa %xmm5, LSXMM5OFF(%rsp) movdqa %xmm6, LSXMM6OFF(%rsp) movdqa %xmm7, LSXMM7OFF(%rsp) /* ... SSE arg 7 */ + jmp .save_finish +.save_ymm: + vmovdqa %ymm0, LSXMM0OFF(%rsp) /* SSE arg 0 ... */ + vmovdqa %ymm1, LSXMM1OFF(%rsp) + vmovdqa %ymm2, LSXMM2OFF(%rsp) + vmovdqa %ymm3, LSXMM3OFF(%rsp) + vmovdqa %ymm4, LSXMM4OFF(%rsp) + vmovdqa %ymm5, LSXMM5OFF(%rsp) + vmovdqa %ymm6, LSXMM6OFF(%rsp) + vmovdqa %ymm7, LSXMM7OFF(%rsp) /* ... SSE arg 7 */ + +.save_finish: movq LBPLMPOFF(%rbp), %rdi /* arg1 - *lmp */ movq LBPRELOCOFF(%rbp), %rsi /* arg2 - reloc index */ movq LBRPCOFF(%rbp), %rdx /* arg3 - pc of caller */ call elf_bndr@PLT /* call elf_rtbndr(lmp, relndx, pc) */ movq %rax, LBPRELOCOFF(%rbp) /* store final destination */ - /* restore possible arguments before invoking resolved function */ + /* + * Restore possible arguments before invoking resolved function. We + * check the xmm vs. ymm regs first so we can use the others. + */ + movq org_scapset@GOTPCREL(%rip),%r9 + movq (%r9),%r9 + movl (%r9),%edx + testl $AV_386_AVX,%edx + jne .restore_ymm + +.restore_xmm: + movdqa LSXMM0OFF(%rsp), %xmm0 + movdqa LSXMM1OFF(%rsp), %xmm1 + movdqa LSXMM2OFF(%rsp), %xmm2 + movdqa LSXMM3OFF(%rsp), %xmm3 + movdqa LSXMM4OFF(%rsp), %xmm4 + movdqa LSXMM5OFF(%rsp), %xmm5 + movdqa LSXMM6OFF(%rsp), %xmm6 + movdqa LSXMM7OFF(%rsp), %xmm7 + jmp .restore_finish + +.restore_ymm: + vmovdqa LSXMM0OFF(%rsp), %ymm0 + vmovdqa LSXMM1OFF(%rsp), %ymm1 + vmovdqa LSXMM2OFF(%rsp), %ymm2 + vmovdqa LSXMM3OFF(%rsp), %ymm3 + vmovdqa LSXMM4OFF(%rsp), %ymm4 + vmovdqa LSXMM5OFF(%rsp), %ymm5 + vmovdqa LSXMM6OFF(%rsp), %ymm6 + vmovdqa LSXMM7OFF(%rsp), %ymm7 + +.restore_finish: movq LSRAXOFF(%rsp), %rax movq LSRDIOFF(%rsp), %rdi movq LSRSIOFF(%rsp), %rsi @@ -607,15 +746,6 @@ movq LSR9OFF(%rsp), %r9 movq LSR10OFF(%rsp), %r10 - movdqa LSXMM0OFF(%rsp), %xmm0 - movdqa LSXMM1OFF(%rsp), %xmm1 - movdqa LSXMM2OFF(%rsp), %xmm2 - movdqa LSXMM3OFF(%rsp), %xmm3 - movdqa LSXMM4OFF(%rsp), %xmm4 - movdqa LSXMM5OFF(%rsp), %xmm5 - movdqa LSXMM6OFF(%rsp), %xmm6 - movdqa LSXMM7OFF(%rsp), %xmm7 - movq %rbp, %rsp popq %rbp diff -r 577f82319ed3 -r 935cf5917cbc usr/src/cmd/sgs/rtld/common/globals.c --- a/usr/src/cmd/sgs/rtld/common/globals.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/cmd/sgs/rtld/common/globals.c Thu Apr 26 21:14:28 2012 +0100 @@ -151,6 +151,9 @@ * override the system capabilities for testing purposes. Furthermore, these * alternative capabilities can be specified such that they only apply to * specified files rather than to all objects. + * + * The org_scapset is relied upon by the amd64 version of elf_rtbndr to + * determine whether or not AVX registers are present in the system. */ static Syscapset scapset = { 0 }; Syscapset *org_scapset = &scapset; /* original system and */ diff -r 577f82319ed3 -r 935cf5917cbc usr/src/common/net/wanboot/auxutil.c --- a/usr/src/common/net/wanboot/auxutil.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/common/net/wanboot/auxutil.c Thu Apr 26 21:14:28 2012 +0100 @@ -61,6 +61,10 @@ * in this library. None of these are exposed. */ +/* + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. + */ + #pragma ident "%Z%%M% %I% %E% SMI" #include @@ -97,7 +101,11 @@ int unilen; /* Convert the character to the bmp format. */ +#if OPENSSL_VERSION_NUMBER < 0x10000000L if (asc2uni(str, len, &uni, &unilen) == 0) { +#else + if (OPENSSL_asc2uni(str, len, &uni, &unilen) == 0) { +#endif SUNWerr(SUNW_F_ASC2BMPSTRING, SUNW_R_MEMORY_FAILURE); return (NULL); } diff -r 577f82319ed3 -r 935cf5917cbc usr/src/common/net/wanboot/boot_http.c --- a/usr/src/common/net/wanboot/boot_http.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/common/net/wanboot/boot_http.c Thu Apr 26 21:14:28 2012 +0100 @@ -21,6 +21,7 @@ /* * Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. */ #include @@ -1767,7 +1768,11 @@ static SSL_CTX * initialize_ctx(http_conn_t *c_id) { +#if OPENSSL_VERSION_NUMBER < 0x10000000L SSL_METHOD *meth; +#else + const SSL_METHOD *meth; +#endif SSL_CTX *ctx; ERR_clear_error(); diff -r 577f82319ed3 -r 935cf5917cbc usr/src/common/net/wanboot/p12misc.c --- a/usr/src/common/net/wanboot/p12misc.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/common/net/wanboot/p12misc.c Thu Apr 26 21:14:28 2012 +0100 @@ -58,6 +58,10 @@ * Use is subject to license terms. */ +/* + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. + */ + #pragma ident "%Z%%M% %I% %E% SMI" #include @@ -440,7 +444,11 @@ } str = ty->value.bmpstring; +#if OPENSSL_VERSION_NUMBER < 0x10000000L *fname = uni2asc(str->data, str->length); +#else + *fname = OPENSSL_uni2asc(str->data, str->length); +#endif if (*fname == NULL) { SUNWerr(SUNW_F_GET_PKEY_FNAME, SUNW_R_MEMORY_FAILURE); return (-1); diff -r 577f82319ed3 -r 935cf5917cbc usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c --- a/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c Thu Apr 26 21:14:28 2012 +0100 @@ -30,6 +30,7 @@ /* * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. */ #include @@ -1278,7 +1279,7 @@ revoked = sk_X509_CRL_new_null(); for (i = 0; i < size; i++) sk_X509_CRL_push(revoked, sk_X509_CRL_value(idctx->revoked, i)); - size = sk_X509_num(p7->d.sign->crl); + size = sk_X509_CRL_num(p7->d.sign->crl); for (i = 0; i < size; i++) sk_X509_CRL_push(revoked, sk_X509_CRL_value(p7->d.sign->crl, i)); } @@ -1419,7 +1420,7 @@ pkiDebug("PKCS7 Verification successful\n"); else { pkiDebug("wrong oid in eContentType\n"); - print_buffer(p7->d.sign->contents->type->data, + print_buffer((unsigned char *)p7->d.sign->contents->type->data, (unsigned int)p7->d.sign->contents->type->length); retval = KRB5KDC_ERR_PREAUTH_FAILED; krb5_set_error_message(context, retval, "wrong oid\n"); @@ -4773,7 +4774,11 @@ if (buf == NULL) return ENOMEM; +#if OPENSSL_VERSION_NUMBER < 0x10000000L len = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey); +#else + len = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey); +#endif if (len <= 0) { pkiDebug("unable to decrypt received data (len=%d)\n", data_len); /* Solaris Kerberos */ @@ -5908,7 +5913,7 @@ continue; } if (flag != 0) { - sk_X509_push(ca_crls, X509_CRL_dup(xi->crl)); + sk_X509_CRL_push(ca_crls, X509_CRL_dup(xi->crl)); } } } @@ -5938,7 +5943,7 @@ } break; case CATYPE_CRLS: - if (sk_X509_num(ca_crls) == 0) { + if (sk_X509_CRL_num(ca_crls) == 0) { pkiDebug("no crls in file, %s\n", filename); if (id_cryptoctx->revoked == NULL) sk_X509_CRL_free(ca_crls); diff -r 577f82319ed3 -r 935cf5917cbc usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c --- a/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c Thu Apr 26 21:14:28 2012 +0100 @@ -4,6 +4,9 @@ * Use is subject to license terms. */ /* + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. + */ +/* * Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL * project 2000. */ @@ -2027,7 +2030,11 @@ int j; int ext_index, nid, len; BIO *mem = NULL; +#if OPENSSL_VERSION_NUMBER < 0x10000000L STACK *emlst = NULL; +#else + STACK_OF(OPENSSL_STRING) *emlst = NULL; +#endif X509_EXTENSION *ex; X509_CINF *ci; @@ -2140,8 +2147,14 @@ case KMF_CERT_EMAIL: emlst = X509_get1_email(xcert); +#if OPENSSL_VERSION_NUMBER < 0x10000000L for (j = 0; j < sk_num(emlst); j++) (void) BIO_printf(mem, "%s\n", sk_value(emlst, j)); +#else + for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++) + (void) BIO_printf(mem, "%s\n", + sk_OPENSSL_STRING_value(emlst, j)); +#endif len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN); X509_email_free(emlst); @@ -4265,8 +4278,13 @@ ty = sk_ASN1_TYPE_value(attr->value.set, 0); } if (ty != NULL) { +#if OPENSSL_VERSION_NUMBER < 0x10000000L key->label = uni2asc(ty->value.bmpstring->data, ty->value.bmpstring->length); +#else + key->label = OPENSSL_uni2asc(ty->value.bmpstring->data, + ty->value.bmpstring->length); +#endif } } else { key->label = NULL; diff -r 577f82319ed3 -r 935cf5917cbc usr/src/lib/libpkg/common/p12lib.c --- a/usr/src/lib/libpkg/common/p12lib.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/lib/libpkg/common/p12lib.c Thu Apr 26 21:14:28 2012 +0100 @@ -58,6 +58,10 @@ * Use is subject to license terms. */ +/* + * Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. + */ + #include #include @@ -1137,7 +1141,11 @@ } str = ty->value.bmpstring; +#if OPENSSL_VERSION_NUMBER < 0x10000000L *fname = uni2asc(str->data, str->length); +#else + *fname = OPENSSL_uni2asc(str->data, str->length); +#endif if (*fname == NULL) { SUNWerr(SUNW_F_GET_PKEY_FNAME, SUNW_R_MEMORY_FAILURE); return (-1); @@ -2295,7 +2303,11 @@ int unilen; /* Convert the character to the bmp format. */ +#if OPENSSL_VERSION_NUMBER < 0x10000000L if (asc2uni(str, len, &uni, &unilen) == 0) { +#else + if (OPENSSL_asc2uni(str, len, &uni, &unilen) == 0) { +#endif SUNWerr(SUNW_F_ASC2BMPSTRING, SUNW_R_MEMORY_FAILURE); return (NULL); } diff -r 577f82319ed3 -r 935cf5917cbc usr/src/pkg/Makefile --- a/usr/src/pkg/Makefile Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/pkg/Makefile Thu Apr 26 21:14:28 2012 +0100 @@ -152,6 +152,10 @@ i386_ARCH64= amd64 sparc_ARCH64= sparcv9 +OPENSSL = /usr/bin/openssl +OPENSSL10.cmd = $(OPENSSL) version | $(NAWK) '{if($$2<1){print "\043";}}' +OPENSSL10_ONLY = $(OPENSSL10.cmd:sh) + # # macros and transforms needed by pkgmogrify # @@ -168,6 +172,7 @@ PKGMOG_DEFINES= \ i386_ONLY=$(POUND_SIGN) \ sparc_ONLY=$(POUND_SIGN) \ + OPENSSL10_ONLY=$(OPENSSL10_ONLY) \ $(PKGMACH)_ONLY= \ ARCH=$(PKGMACH) \ ARCH32=$($(PKGMACH)_ARCH32) \ diff -r 577f82319ed3 -r 935cf5917cbc usr/src/pkg/manifests/crypto-ca-certificates.mf --- a/usr/src/pkg/manifests/crypto-ca-certificates.mf Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/pkg/manifests/crypto-ca-certificates.mf Thu Apr 26 21:14:28 2012 +0100 @@ -21,6 +21,7 @@ # # Copyright (c) 2010, Oracle and/or its affiliates. All rights reserved. +# Copyright (c) 2012, OmniTI Computer Consulting, Inc. All rights reserved. # set name=pkg.fmri value=pkg:/crypto/ca-certificates@$(PKGVERS) @@ -214,34 +215,64 @@ license lic_CDDL license=lic_CDDL link path=etc/openssl/certs/00673b5b.0 \ target=../../certs/CA/thawte_Primary_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/024dc131.0 \ + target=../../certs/CA/Microsec_e-Szigno_Root_CA.pem link path=etc/openssl/certs/02b73561.0 \ target=../../certs/CA/Comodo_Secure_Services_root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/039c618a.0 \ + target=../../certs/CA/TURKTRUST_Certificate_Services_Provider_Root_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/03f0efa4.0 \ + target=../../certs/CA/Wells_Fargo_Root_CA.pem link path=etc/openssl/certs/0481cb65.0 \ target=../../certs/CA/AOL_Time_Warner_Root_Certification_Authority_2.pem link path=etc/openssl/certs/052e396b.0 \ target=../../certs/CA/AddTrust_Qualified_Certificates_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/0750887b.0 \ + target=../../certs/CA/IPS_CLASE3_root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/080911ac.0 \ + target=../../certs/CA/QuoVadis_Root_CA.pem link path=etc/openssl/certs/08aef7bb.0 \ target=../../certs/CA/WellsSecure_Public_Root_Certificate_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/09ca81a7.0 \ + target=../../certs/CA/Thawte_Personal_Premium_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/0a8f0c78.0 \ + target=../../certs/CA/IPS_Chained_CAs_root.pem link path=etc/openssl/certs/0c364b2d.0 \ target=../../certs/CA/Entrust.net_Secure_Personal_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/0d1b923b.0 \ + target=../../certs/CA/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem link path=etc/openssl/certs/0dbd0096.0 \ target=../../certs/CA/AOL_Time_Warner_Root_Certification_Authority_1.pem link path=etc/openssl/certs/0e82f83a.0 \ target=../../certs/CA/Thawte_Personal_Basic_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/0f11b315.0 \ + target=../../certs/CA/Verisign_Class_2_Public_Primary_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/106cd822.0 \ + target=../../certs/CA/Verisign_RSA_Secure_Server_CA.pem link path=etc/openssl/certs/111e6273.0 \ target=../../certs/CA/GlobalSign_Root_CA_-_R2.pem link path=etc/openssl/certs/1155c94b.0 \ target=../../certs/CA/Firmaprofesional_Root_CA.pem link path=etc/openssl/certs/11a09b38.0 \ target=../../certs/CA/TDC_OCES_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/11c69ce5.0 \ + target=../../certs/CA/RSA_Security_1024_v3.pem link path=etc/openssl/certs/11f154d6.0 \ target=../../certs/CA/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem link path=etc/openssl/certs/124bbd54.0 \ target=../../certs/CA/Comodo_Trusted_Services_root.pem link path=etc/openssl/certs/128b9c8d.0 \ target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/12ac4d91.0 \ + target=../../certs/CA/AOL_Time_Warner_Root_Certification_Authority_2.pem link path=etc/openssl/certs/12d55845.0 \ target=../../certs/CA/DST_Root_CA_X3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/157753a5.0 \ + target=../../certs/CA/AddTrust_External_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/166851b2.0 \ + target=../../certs/CA/Entrust.net_Secure_Personal_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/16b3fe3c.0 \ + target=../../certs/CA/beTRUSTed_Root_CA_-_RSA_Implementation.pem link path=etc/openssl/certs/17b51fe6.0 \ target=../../certs/CA/Certplus_Class_2_Primary_CA.pem link path=etc/openssl/certs/19899da5.0 \ @@ -249,14 +280,40 @@ link path=etc/openssl/certs/1dac3003.0 \ target=../../certs/CA/DST_ACES_CA_X6.pem link path=etc/openssl/certs/1dcd6f4c.0 target=../../certs/CA/Taiwan_GRCA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/1ec4d31a.0 \ + target=../../certs/CA/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/201cada0.0 \ + target=../../certs/CA/America_Online_Root_Certification_Authority_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/20d096ba.0 \ + target=../../certs/CA/ValiCert_Class_1_VA.pem link path=etc/openssl/certs/219d9499.0 \ target=../../certs/CA/Go_Daddy_Class_2_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2251b13a.0 \ + target=../../certs/CA/ComSign_Secured_CA.pem link path=etc/openssl/certs/23f4c490.0 \ target=../../certs/CA/Starfield_Class_2_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/244b5494.0 \ + target=../../certs/CA/DigiCert_High_Assurance_EV_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/24ad0b63.0 \ + target=../../certs/CA/Verisign_Class_1_Public_Primary_Certification_Authority.pem link path=etc/openssl/certs/256fd83b.0 \ target=../../certs/CA/TC_TrustCenter,_Germany,_Class_2_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2835ab7b.0 \ + target=../../certs/CA/GTE_CyberTrust_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2ab3b959.0 \ + target=../../certs/CA/NetLock_Express_Class_C_Root.pem link path=etc/openssl/certs/2afc57aa.0 \ target=../../certs/CA/TC_TrustCenter_Class_2_CA_II.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2c3e3f84.0 \ + target=../../certs/CA/UTN_USERFirst_Object_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2c543cd1.0 \ + target=../../certs/CA/GeoTrust_Global_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2cfc4974.0 \ + target=../../certs/CA/TDC_OCES_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2e4eed3c.0 \ + target=../../certs/CA/thawte_Primary_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/2e5ac55d.0 \ + target=../../certs/CA/DST_Root_CA_X3.pem link path=etc/openssl/certs/2edf7016.0 \ target=../../certs/CA/Verisign_Class_1_Public_Primary_Certification_Authority.pem link path=etc/openssl/certs/2fa87019.0 \ @@ -269,34 +326,66 @@ target=../../certs/CA/StartCom_Certification_Authority.pem link path=etc/openssl/certs/343eb6cb.0 \ target=../../certs/CA/Cybertrust_Global_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/3513523f.0 \ + target=../../certs/CA/DigiCert_Global_Root_CA.pem link path=etc/openssl/certs/399e7759.0 \ target=../../certs/CA/DigiCert_Global_Root_CA.pem link path=etc/openssl/certs/3a3b02ce.0 \ target=../../certs/CA/OISTE_WISeKey_Global_Root_GA_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/3a7f6b22.0 \ + target=../../certs/CA/Thawte_Personal_Basic_CA.pem link path=etc/openssl/certs/3ad48a91.0 \ target=../../certs/CA/Baltimore_CyberTrust_Root.pem link path=etc/openssl/certs/3c58f906.0 \ target=../../certs/CA/AddTrust_External_Root.pem link path=etc/openssl/certs/3c860d51.0 \ target=../../certs/CA/SwissSign_Gold_CA_-_G2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/3dfd7537.0 \ + target=../../certs/CA/Visa_International_Global_Root_2.pem link path=etc/openssl/certs/3e7271e8.0 \ target=../../certs/CA/Entrust.net_Premium_2048_Secure_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/3ee7e181.0 \ + target=../../certs/CA/IGC_A.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/40547a79.0 \ + target=../../certs/CA/COMODO_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/40e67a49.0 \ + target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_4.pem link path=etc/openssl/certs/412bea73.0 \ target=../../certs/CA/Thawte_Personal_Premium_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/415660c1.0 \ + target=../../certs/CA/Verisign_Class_3_Public_Primary_Certification_Authority.pem link path=etc/openssl/certs/4166ec0c.0 \ target=../../certs/CA/RSA_Security_1024_v3.pem link path=etc/openssl/certs/4184de39.0 \ target=../../certs/CA/IPS_Timestamping_root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/4304c5e5.0 \ + target=../../certs/CA/Network_Solutions_Certificate_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/442adcac.0 \ + target=../../certs/CA/Certum_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/4597689c.0 \ + target=../../certs/CA/Equifax_Secure_eBusiness_CA_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/4615970e.0 \ + target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_2.pem link path=etc/openssl/certs/4643210f.0 \ target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_4.pem link path=etc/openssl/certs/46b2fd3b.0 \ target=../../certs/CA/SwissSign_Platinum_CA_-_G2.pem link path=etc/openssl/certs/47996b5c.0 \ target=../../certs/CA/beTRUSTed_Root_CA_-_Entrust_Implementation.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/480720ec.0 \ + target=../../certs/CA/GeoTrust_Primary_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/48ef30f1.0 \ + target=../../certs/CA/TC_TrustCenter,_Germany,_Class_2_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/4a6481c9.0 \ + target=../../certs/CA/GlobalSign_Root_CA_-_R2.pem link path=etc/openssl/certs/4d654d1d.0 \ target=../../certs/CA/GTE_CyberTrust_Global_Root.pem link path=etc/openssl/certs/4e18c148.0 \ target=../../certs/CA/Deutsche_Telekom_Root_CA_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/4efc7a23.0 \ + target=../../certs/CA/Entrust.net_Global_Secure_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/4f316efb.0 \ + target=../../certs/CA/SwissSign_Gold_CA_-_G2.pem link path=etc/openssl/certs/4fbd6bfa.0 \ target=../../certs/CA/UTN_DATACorp_SGC_Root_CA.pem link path=etc/openssl/certs/5021a0a2.0 \ @@ -305,10 +394,22 @@ target=../../certs/CA/SwissSign_Silver_CA_-_G2.pem link path=etc/openssl/certs/54edfa5d.0 \ target=../../certs/CA/TC_TrustCenter,_Germany,_Class_3_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/55a10908.0 \ + target=../../certs/CA/ValiCert_Class_2_VA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/5620c4aa.0 \ + target=../../certs/CA/TC_TrustCenter_Class_3_CA_II.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/56657bde.0 \ + target=../../certs/CA/Comodo_Trusted_Services_root.pem link path=etc/openssl/certs/56b8a0b6.0 \ target=../../certs/CA/TURKTRUST_Certificate_Services_Provider_Root_2.pem link path=etc/openssl/certs/57692373.0 \ target=../../certs/CA/GeoTrust_Global_CA_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/578d5c04.0 \ + target=../../certs/CA/Equifax_Secure_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/57b0f75e.0 \ + target=../../certs/CA/UTN-USER_First-Network_Applications.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/57bcb2da.0 \ + target=../../certs/CA/SwissSign_Silver_CA_-_G2.pem link path=etc/openssl/certs/58a44af1.0 target=../../certs/CA/IGC_A.pem link path=etc/openssl/certs/594f1775.0 \ target=../../certs/CA/Equifax_Secure_CA.pem @@ -316,18 +417,48 @@ target=../../certs/CA/COMODO_Certification_Authority.pem link path=etc/openssl/certs/5a5372fc.0 \ target=../../certs/CA/NetLock_Business_Class_B_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/5a950642.0 \ + target=../../certs/CA/IPS_CLASEA1_root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/5ad8a5d6.0 \ + target=../../certs/CA/GlobalSign_Root_CA.pem link path=etc/openssl/certs/5cf9d536.0 \ target=../../certs/CA/QuoVadis_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/5f267794.0 \ + target=../../certs/CA/Entrust.net_Secure_Server_CA.pem link path=etc/openssl/certs/635ccfd5.0 \ target=../../certs/CA/NetLock_Express_Class_C_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/6410666e.0 \ + target=../../certs/CA/Taiwan_GRCA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/64d1f6f4.0 \ + target=../../certs/CA/Thawte_Personal_Freemail_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/653b494a.0 \ + target=../../certs/CA/Baltimore_CyberTrust_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/667c66d4.0 \ + target=../../certs/CA/Swisscom_Root_CA_1.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/67d559d1.0 \ + target=../../certs/CA/Sonera_Class_1_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/686ef281.0 \ + target=../../certs/CA/beTRUSTed_Root_CA_-_Entrust_Implementation.pem link path=etc/openssl/certs/69105f4f.0 \ target=../../certs/CA/DigiCert_Assured_ID_Root_CA.pem link path=etc/openssl/certs/6adf0799.0 \ target=../../certs/CA/Wells_Fargo_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/6b99d060.0 \ + target=../../certs/CA/Entrust_Root_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/6cb3815b.0 \ + target=../../certs/CA/Verisign_Time_Stamping_Authority_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/6cc3c4c3.0 \ + target=../../certs/CA/Thawte_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/6db5a580.0 \ + target=../../certs/CA/IPS_CLASEA3_root.pem link path=etc/openssl/certs/6e8bf996.0 \ target=../../certs/CA/Certum_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/6faac4e3.0 \ + target=../../certs/CA/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem link path=etc/openssl/certs/6fcc125d.0 \ target=../../certs/CA/Visa_eCommerce_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/706f604c.0 \ + target=../../certs/CA/XRamp_Global_CA_Root.pem link path=etc/openssl/certs/709afd2b.0 \ target=../../certs/CA/Thawte_Personal_Freemail_CA.pem link path=etc/openssl/certs/72bf6a04.0 \ @@ -344,10 +475,20 @@ target=../../certs/CA/Verisign_Class_3_Public_Primary_Certification_Authority.pem link path=etc/openssl/certs/76579174.0 \ target=../../certs/CA/XRamp_Global_CA_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/76cb8f92.0 \ + target=../../certs/CA/Cybertrust_Global_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/76faf6c0.0 \ + target=../../certs/CA/QuoVadis_Root_CA_3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/778e3cb0.0 \ + target=../../certs/CA/UTN_DATACorp_SGC_Root_CA.pem link path=etc/openssl/certs/788c9bfc.0 \ target=../../certs/CA/Visa_International_Global_Root_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/790a7190.0 \ + target=../../certs/CA/DST_ACES_CA_X6.pem link path=etc/openssl/certs/7999be0d.0 \ target=../../certs/CA/GeoTrust_Global_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/79ad8b43.0 \ + target=../../certs/CA/Equifax_Secure_eBusiness_CA_1.pem link path=etc/openssl/certs/7a481e66.0 \ target=../../certs/CA/TC_TrustCenter_Class_3_CA_II.pem link path=etc/openssl/certs/7a819ef2.0 \ @@ -356,6 +497,10 @@ target=../../certs/CA/RSA_Root_Certificate_1.pem link path=etc/openssl/certs/7d453d8f.0 \ target=../../certs/CA/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/7d5a75e4.0 \ + target=../../certs/CA/WellsSecure_Public_Root_Certificate_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/812e17de.0 \ + target=../../certs/CA/Deutsche_Telekom_Root_CA_2.pem link path=etc/openssl/certs/81b9768f.0 \ target=../../certs/CA/DigiCert_High_Assurance_EV_Root_CA.pem link path=etc/openssl/certs/8317b10c.0 \ @@ -364,12 +509,24 @@ target=../../certs/CA/RSA_Security_2048_v3.pem link path=etc/openssl/certs/84cba82f.0 \ target=../../certs/CA/TURKTRUST_Certificate_Services_Provider_Root_1.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/861a399d.0 \ + target=../../certs/CA/AddTrust_Low-Value_Services_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/861e0100.0 \ + target=../../certs/CA/NetLock_Qualified_Class_QA_Root.pem link path=etc/openssl/certs/86f32474.0 \ target=../../certs/CA/IPS_CLASE3_root.pem link path=etc/openssl/certs/87753b0d.0 \ target=../../certs/CA/GeoTrust_Universal_CA_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/8867006a.0 \ + target=../../certs/CA/GeoTrust_Universal_CA_2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/88f89ea7.0 \ + target=../../certs/CA/TURKTRUST_Certificate_Services_Provider_Root_1.pem link path=etc/openssl/certs/89c02a45.0 \ target=../../certs/CA/COMODO_ECC_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/8b59b1ad.0 \ + target=../../certs/CA/AddTrust_Public_Services_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/8f111d69.0 \ + target=../../certs/CA/MD5_Collisions_Forged_Rogue_CA_25c3.pem link path=etc/openssl/certs/8f7b96c4.0 \ target=../../certs/CA/Equifax_Secure_eBusiness_CA_2.pem link path=etc/openssl/certs/8fe643df.0 \ @@ -378,36 +535,92 @@ target=../../certs/CA/QuoVadis_Root_CA_3.pem link path=etc/openssl/certs/95750816.0 \ target=../../certs/CA/Verisign_Time_Stamping_Authority_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/972672fc.0 \ + target=../../certs/CA/TC_TrustCenter,_Germany,_Class_3_CA.pem link path=etc/openssl/certs/9772ca32.0 \ target=../../certs/CA/GeoTrust_Primary_Certification_Authority.pem link path=etc/openssl/certs/97b4211c.0 \ target=../../certs/CA/GTE_CyberTrust_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/98ec67f0.0 \ + target=../../certs/CA/Thawte_Premium_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/9af9f759.0 \ + target=../../certs/CA/RSA_Root_Certificate_1.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/9b353c9a.0 \ + target=../../certs/CA/TDC_Internet_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/9c2e7d30.0 \ + target=../../certs/CA/Sonera_Class_2_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/9d520b32.0 \ + target=../../certs/CA/Security_Communication_EV_RootCA1.pem link path=etc/openssl/certs/9d6523ce.0 \ target=../../certs/CA/ePKI_Root_Certification_Authority.pem link path=etc/openssl/certs/9dbefe7b.0 \ target=../../certs/CA/Security_Communication_EV_RootCA1.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/9e6afd31.0 \ + target=../../certs/CA/Thawte_Time_Stamping_CA.pem link path=etc/openssl/certs/9ec3a561.0 \ target=../../certs/CA/UTN_USERFirst_Email_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/9f541fb4.0 \ + target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/a01d1cc2.0 \ + target=../../certs/CA/IPS_Servidores_root.pem link path=etc/openssl/certs/a0bc6fbb.0 \ target=../../certs/CA/Camerfirma_Global_Chambersign_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/a137bd1c.0 \ + target=../../certs/CA/beTRUSTed_Root_CA-Baltimore_Implementation.pem link path=etc/openssl/certs/a15b3b6b.0 \ target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_3.pem link path=etc/openssl/certs/a2df7ad7.0 \ target=../../certs/CA/AddTrust_Public_Services_Root.pem link path=etc/openssl/certs/a3896b44.0 \ target=../../certs/CA/Security_Communication_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/a5fd78f0.0 \ + target=../../certs/CA/TC_TrustCenter_Class_2_CA_II.pem link path=etc/openssl/certs/a6776c69.0 \ target=../../certs/CA/IPS_Chained_CAs_root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/a6a593ba.0 \ + target=../../certs/CA/Digital_Signature_Trust_Co._Global_CA_1.pem link path=etc/openssl/certs/a7605362.0 \ target=../../certs/CA/Sonera_Class_2_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/a760e1bd.0 \ + target=../../certs/CA/Visa_eCommerce_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/a8dee976.0 \ + target=../../certs/CA/SwissSign_Platinum_CA_-_G2.pem link path=etc/openssl/certs/aaa45464.0 \ target=../../certs/CA/Thawte_Time_Stamping_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ad088e1d.0 \ + target=../../certs/CA/GeoTrust_Universal_CA.pem link path=etc/openssl/certs/add67345.0 \ target=../../certs/CA/NetLock_Notary_Class_A_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ae8153b9.0 \ + target=../../certs/CA/StartCom_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/aee5f10d.0 \ + target=../../certs/CA/Entrust.net_Premium_2048_Secure_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/af4f0c93.0 \ + target=../../certs/CA/Entrust.net_Global_Secure_Personal_CA.pem link path=etc/openssl/certs/b0f3e76e.0 \ target=../../certs/CA/GlobalSign_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b1159c4c.0 \ + target=../../certs/CA/DigiCert_Assured_ID_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b13cc6df.0 \ + target=../../certs/CA/UTN_USERFirst_Hardware_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b1b8a7f3.0 \ + target=../../certs/CA/OISTE_WISeKey_Global_Root_GA_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b204d74a.0 \ + target=../../certs/CA/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b42ff584.0 \ + target=../../certs/CA/Staat_der_Nederlanden_Root_CA.pem link path=etc/openssl/certs/b5f329fa.0 \ target=../../certs/CA/Verisign_Class_2_Public_Primary_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b66938e9.0 \ + target=../../certs/CA/Secure_Global_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b7e7231a.0 \ + target=../../certs/CA/NetLock_Business_Class_B_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/b8e83700.0 \ + target=../../certs/CA/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/bad35b78.0 \ + target=../../certs/CA/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/bb2d49a0.0 \ + target=../../certs/CA/ComSign_CA.pem link path=etc/openssl/certs/bcdd5959.0 \ target=../../certs/CA/ValiCert_Class_2_VA.pem link path=etc/openssl/certs/bda4cc84.0 \ @@ -418,6 +631,8 @@ target=../../certs/CA/Entrust_Root_Certification_Authority.pem link path=etc/openssl/certs/bf87590f.0 \ target=../../certs/CA/beTRUSTed_Root_CA_-_RSA_Implementation.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/c0ff1f52.0 \ + target=../../certs/CA/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem link path=etc/openssl/certs/c19d42c7.0 \ target=../../certs/CA/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem link path=etc/openssl/certs/c215bc69.0 \ @@ -426,27 +641,63 @@ target=../../certs/CA/Thawte_Premium_Server_CA.pem link path=etc/openssl/certs/c527e4ab.0 \ target=../../certs/CA/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/c5e082db.0 \ + target=../../certs/CA/UTN_USERFirst_Email_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/c692a373.0 \ + target=../../certs/CA/GTE_CyberTrust_Global_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/c8841d13.0 \ + target=../../certs/CA/TC_TrustCenter_Universal_CA_I.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/c99398f3.0 \ + target=../../certs/CA/RSA_Security_2048_v3.pem link path=etc/openssl/certs/c9bc75ba.0 \ target=../../certs/CA/ABAecom_sub.,_Am._Bankers_Assn._Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/c9f83a1c.0 \ + target=../../certs/CA/Comodo_Secure_Services_root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ca6e4ad9.0 \ + target=../../certs/CA/ePKI_Root_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/cb357862.0 \ + target=../../certs/CA/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/cb59f961.0 \ + target=../../certs/CA/Camerfirma_Global_Chambersign_Root.pem link path=etc/openssl/certs/cb796bc1.0 target=../../certs/CA/StartCom_Ltd..pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/cbeee9e2.0 \ + target=../../certs/CA/GeoTrust_Global_CA_2.pem link path=etc/openssl/certs/ccb919f9.0 \ target=../../certs/CA/UTN_USERFirst_Object_Root_CA.pem link path=etc/openssl/certs/cdaebb72.0 \ target=../../certs/CA/Staat_der_Nederlanden_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ce026bf8.0 \ + target=../../certs/CA/Firmaprofesional_Root_CA.pem link path=etc/openssl/certs/cf701eeb.0 \ target=../../certs/CA/SecureTrust_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/d0cba2e5.0 \ + target=../../certs/CA/StartCom_Ltd..pem link path=etc/openssl/certs/d2adc77d.0 \ target=../../certs/CA/Entrust.net_Global_Secure_Personal_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/d495d385.0 \ + target=../../certs/CA/IPS_Timestamping_root.pem link path=etc/openssl/certs/d537fba6.0 \ target=../../certs/CA/TDC_Internet_Root_CA.pem link path=etc/openssl/certs/d78a75c7.0 \ target=../../certs/CA/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/d7e8dc79.0 \ + target=../../certs/CA/QuoVadis_Root_CA_2.pem link path=etc/openssl/certs/d8274e24.0 \ target=../../certs/CA/UTN-USER_First-Network_Applications.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/d9d12c58.0 \ + target=../../certs/CA/NetLock_Notary_Class_A_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/dc45b0bd.0 \ + target=../../certs/CA/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/dc4ebcb9.0 \ + target=../../certs/CA/IPS_CLASE1_root.pem link path=etc/openssl/certs/ddc328ff.0 \ target=../../certs/CA/Thawte_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/e113c810.0 \ + target=../../certs/CA/Certigna.pem link path=etc/openssl/certs/e268a4c5.0 \ target=../../certs/CA/AddTrust_Low-Value_Services_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/e536d871.0 \ + target=../../certs/CA/AddTrust_Qualified_Certificates_Root.pem link path=etc/openssl/certs/e60bf0c0.0 \ target=../../certs/CA/Swisscom_Root_CA_1.pem link path=etc/openssl/certs/e7461595.0 \ @@ -455,14 +706,38 @@ target=../../certs/CA/GeoTrust_Universal_CA.pem link path=etc/openssl/certs/e7b8d656.0 \ target=../../certs/CA/Equifax_Secure_eBusiness_CA_1.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/eacdeb40.0 \ + target=../../certs/CA/America_Online_Root_Certification_Authority_1.pem link path=etc/openssl/certs/ed049835.0 \ target=../../certs/CA/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.pem link path=etc/openssl/certs/ed524cf5.0 \ target=../../certs/CA/Entrust.net_Secure_Server_CA.pem link path=etc/openssl/certs/ed62f4e3.0 \ target=../../certs/CA/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ed9bb25c.0 \ + target=../../certs/CA/AOL_Time_Warner_Root_Certification_Authority_1.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ee1365c0.0 \ + target=../../certs/CA/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ee64a828.0 \ + target=../../certs/CA/Comodo_AAA_Services_root.pem link path=etc/openssl/certs/ee7cd6fb.0 \ target=../../certs/CA/Camerfirma_Chambers_of_Commerce_Root.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/eed8c118.0 \ + target=../../certs/CA/COMODO_ECC_Certification_Authority.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/ef2f636c.0 \ + target=../../certs/CA/Equifax_Secure_Global_eBusiness_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f060240e.0 \ + target=../../certs/CA/Certplus_Class_2_Primary_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f081611a.0 \ + target=../../certs/CA/Go_Daddy_Class_2_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f2cce23a.0 \ + target=../../certs/CA/beTRUSTed_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f3377b1b.0 \ + target=../../certs/CA/Security_Communication_Root_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f387163d.0 \ + target=../../certs/CA/Starfield_Class_2_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f39fc864.0 \ + target=../../certs/CA/SecureTrust_CA.pem link path=etc/openssl/certs/f3cf1e8e.0 \ target=../../certs/CA/beTRUSTed_Root_CA-Baltimore_Implementation.pem link path=etc/openssl/certs/f4996e82.0 \ @@ -477,11 +752,15 @@ target=../../certs/CA/IPS_Servidores_root.pem link path=etc/openssl/certs/f73e89fd.0 \ target=../../certs/CA/Verisign_RSA_Secure_Server_CA.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/f90208f7.0 \ + target=../../certs/CA/Camerfirma_Chambers_of_Commerce_Root.pem link path=etc/openssl/certs/f950ccc2.0 \ target=../../certs/CA/IPS_CLASE1_root.pem link path=etc/openssl/certs/facacbc6.0 \ target=../../certs/CA/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem link path=etc/openssl/certs/fde84897.0 target=../../certs/CA/Certigna.pem +$(OPENSSL10_ONLY)link path=etc/openssl/certs/fe30b214.0 \ + target=../../certs/CA/ABAecom_sub.,_Am._Bankers_Assn._Root_CA.pem link path=etc/openssl/certs/ff588423.0 target=../../certs/CA/ComSign_CA.pem link path=etc/openssl/certs/ff783690.0 \ target=../../certs/CA/UTN_USERFirst_Hardware_Root_CA.pem diff -r 577f82319ed3 -r 935cf5917cbc usr/src/uts/common/os/logsubr.c --- a/usr/src/uts/common/os/logsubr.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/uts/common/os/logsubr.c Thu Apr 26 21:14:28 2012 +0100 @@ -246,7 +246,7 @@ /* * Now that logging is enabled, emit the SunOS banner. */ - printf("\rOpenIndiana Build %s %u-bit (illumos 13672:bc588248a482)\n", + printf("\rOpenIndiana Build %s %u-bit (illumos 13676:98ca40df9171)\n", utsname.version, NBBY * (uint_t)sizeof (void *)); printf("SunOS Release %s - Copyright 1983-2010 Oracle and/or its " "affiliates.\n", utsname.release); diff -r 577f82319ed3 -r 935cf5917cbc usr/src/uts/common/vm/vm_pagelist.c --- a/usr/src/uts/common/vm/vm_pagelist.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/uts/common/vm/vm_pagelist.c Thu Apr 26 21:14:28 2012 +0100 @@ -22,6 +22,10 @@ * Copyright (c) 2004, 2010, Oracle and/or its affiliates. All rights reserved. */ +/* + * Copyright 2012 Joyent, Inc. All rights reserved. + */ + /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ /* All Rights Reserved */ @@ -3181,7 +3185,14 @@ page_unlock_nocapture(pp); return (0); } - if (PP_ISNORELOC(pp)) { + + /* + * If a page has been marked non-relocatable or has been + * explicitly locked in memory, we don't want to relocate it; + * unlock the pages and fail the operation. + */ + if (PP_ISNORELOC(pp) || + pp->p_lckcnt != 0 || pp->p_cowcnt != 0) { VM_STAT_ADD(vmm_vmstats.ptcpfailcage[szc]); while (i != (pgcnt_t)-1) { pp = &spp[i]; diff -r 577f82319ed3 -r 935cf5917cbc usr/src/uts/i86pc/os/cpuid.c --- a/usr/src/uts/i86pc/os/cpuid.c Sun Apr 22 15:19:49 2012 +0100 +++ b/usr/src/uts/i86pc/os/cpuid.c Thu Apr 26 21:14:28 2012 +0100 @@ -30,7 +30,7 @@ * Portions Copyright 2009 Advanced Micro Devices, Inc. */ /* - * Copyright (c) 2011, Joyent, Inc. All rights reserved. + * Copyright (c) 2012, Joyent, Inc. All rights reserved. */ /* * Various routines to handle identification @@ -2576,8 +2576,12 @@ if (*ecx & CPUID_INTC_ECX_PCLMULQDQ) hwcap_flags |= AV_386_PCLMULQDQ; if ((*ecx & CPUID_INTC_ECX_XSAVE) && - (*ecx & CPUID_INTC_ECX_OSXSAVE)) + (*ecx & CPUID_INTC_ECX_OSXSAVE)) { hwcap_flags |= AV_386_XSAVE; + + if (*ecx & CPUID_INTC_ECX_AVX) + hwcap_flags |= AV_386_AVX; + } if (*ecx & CPUID_INTC_ECX_VMX) hwcap_flags |= AV_386_VMX; if (*ecx & CPUID_INTC_ECX_POPCNT)