Skip to content
Commits on May 4, 2016
  1. use AC_USE_SYSTEM_EXTENSIONS in libiberty autoconf, which arranges for

    mrg committed May 4, 2016
    _GNU_SOURCE to be defined for systems that need it (like glibc ones.)
    
    be sure to find the right config.h for host programs.
    
    these fixes combined make builds on debian 7 complete for me.
Commits on May 3, 2016
  1. Unbreak build ... again... gcc is insane.

    kre committed May 3, 2016
  2. PR bin/51114 - print the correct values for >&- and >& N (N > 9)

    kre committed May 3, 2016
    in output from the "jobs" command (and other places that use the
    same routines.)
  3. Fix non-DIAGNOSTIC build.

    riastradh committed May 3, 2016
  4. panic takes no \n.

    riastradh committed May 3, 2016
    From coypu.
  5. #ifdef DIAGNOSTIC panic ---> KASSERTMSG

    riastradh committed May 3, 2016
    From coypu.
  6. http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newli…

    christos committed May 3, 2016
    …ne-characters-in-.patch
    
    Many of the global configuration parameters are written as strings
    without filtering and if there is an embedded newline character in the
    value, unexpected configuration file data might be written.
    
    This fixes an issue where wpa_supplicant could have updated the
    configuration file global parameter with arbitrary data from the control
    interface or D-Bus interface. While those interfaces are supposed to be
    accessible only for trusted users/applications, it may be possible that
    an untrusted user has access to a management software component that
    does not validate the value of a parameter before passing it to
    wpa_supplicant.
    
    This could allow such an untrusted user to inject almost arbitrary data
    into the configuration file. Such configuration file could result in
    wpa_supplicant trying to load a library (e.g., opensc_engine_path,
    pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
    controlled location when starting again. This would allow code from that
    library to be executed under the wpa_supplicant process privileges.
  7. http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newli…

    christos committed May 3, 2016
    …ne-characters-in-.patch
    
    Most of the cred block parameters are written as strings without
    filtering and if there is an embedded newline character in the value,
    unexpected configuration file data might be written.
    
    This fixes an issue where wpa_supplicant could have updated the
    configuration file cred parameter with arbitrary data from the control
    interface or D-Bus interface. While those interfaces are supposed to be
    accessible only for trusted users/applications, it may be possible that
    an untrusted user has access to a management software component that
    does not validate the credential value before passing it to
    wpa_supplicant.
    
    This could allow such an untrusted user to inject almost arbitrary data
    into the configuration file. Such configuration file could result in
    wpa_supplicant trying to load a library (e.g., opensc_engine_path,
    pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
    controlled location when starting again. This would allow code from that
    library to be executed under the wpa_supplicant process privileges.
  8. http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant…

    christos committed May 3, 2016
    …-config-network-o.patch
    
    Spurious newlines output while writing the config file can corrupt the
    wpa_supplicant configuration. Avoid writing these for the network block
    parameters. This is a generic filter that cover cases that may not have
    been explicitly addressed with a more specific commit to avoid control
    characters in the psk parameter.
  9. http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-inval…

    christos committed May 3, 2016
    …id-passphrase-cha.patch
    
    WPA/WPA2-Personal passphrase is not allowed to include control
    characters. Reject a passphrase configuration attempt if that passphrase
    includes an invalid passphrase.
    
    This fixes an issue where wpa_supplicant could have updated the
    configuration file psk parameter with arbitrary data from the control
    interface or D-Bus interface. While those interfaces are supposed to be
    accessible only for trusted users/applications, it may be possible that
    an untrusted user has access to a management software component that
    does not validate the passphrase value before passing it to
    wpa_supplicant.
    
    This could allow such an untrusted user to inject up to 63 characters of
    almost arbitrary data into the configuration file. Such configuration
    file could result in wpa_supplicant trying to load a library (e.g.,
    opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
    load_dynamic_eap) from user controlled location when starting again.
    This would allow code from that library to be executed under the
    wpa_supplicant process privileges.
  10. http://w1.fi/security/2016-1/0001-WPS-Reject-a-Credential-with-invali…

    christos committed May 3, 2016
    …d-passphrase.patch
    
    WPA/WPA2-Personal passphrase is not allowed to include control
    characters. Reject a Credential received from a WPS Registrar both as
    STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
    WPA2PSK authentication type and includes an invalid passphrase.
    
    This fixes an issue where hostapd or wpa_supplicant could have updated
    the configuration file PSK/passphrase parameter with arbitrary data from
    an external device (Registrar) that may not be fully trusted. Should
    such data include a newline character, the resulting configuration file
    could become invalid and fail to be parsed.
  11. PR bin/50574 - make the tests conform to what parsedate() actually

    kre committed May 3, 2016
    does, so they should no longer fail.   This needs parsedate.y 1.28
    in order to work properly.
    
    OK christos@
  12. Validate FAT entries to avoid some panics caused by a corrupted FAT.

    mlelstv committed May 3, 2016
    Also print FAT write errors when mount is synchronous (-o sync). This
    reveals problems caused by a write protected disklabel on sector 1.
  13. Make relative date changes ("+ 2 months") etc, work a little more san…

    kre committed May 3, 2016
    …ely.
    
    OK christos@
  14. Whitespace. No changes. OK christos@

    kre committed May 3, 2016
  15. new openssl

    christos committed May 3, 2016
  16. merge conflicts

    christos committed May 3, 2016
  17. Security fixes:

    christos committed May 3, 2016
      *) Prevent padding oracle in AES-NI CBC MAC check
    
         A MITM attacker can use a padding oracle attack to decrypt traffic
         when the connection uses an AES CBC cipher and the server support
         AES-NI.
    
         This issue was introduced as part of the fix for Lucky 13 padding
         attack (CVE-2013-0169). The padding check was rewritten to be in
         constant time by making sure that always the same bytes are read and
         compared against either the MAC or padding bytes. But it no longer
         checked that there was enough data to have both the MAC and padding
         bytes.
    
         This issue was reported by Juraj Somorovsky using TLS-Attacker.
         (CVE-2016-2107)
         [Kurt Roeckx]
    
      *) Fix EVP_EncodeUpdate overflow
    
         An overflow can occur in the EVP_EncodeUpdate() function which is used for
         Base64 encoding of binary data. If an attacker is able to supply very large
         amounts of input data then a length check can overflow resulting in a heap
         corruption.
    
         Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
         the PEM_write_bio* family of functions. These are mainly used within the
         OpenSSL command line applications, so any application which processes data
         from an untrusted source and outputs it as a PEM file should be considered
         vulnerable to this issue. User applications that call these APIs directly
         with large amounts of untrusted data may also be vulnerable.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2105)
         [Matt Caswell]
    
      *) Fix EVP_EncryptUpdate overflow
    
         An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
         is able to supply very large amounts of input data after a previous call to
         EVP_EncryptUpdate() with a partial block then a length check can overflow
         resulting in a heap corruption. Following an analysis of all OpenSSL
         internal usage of the EVP_EncryptUpdate() function all usage is one of two
         forms. The first form is where the EVP_EncryptUpdate() call is known to be
         the first called function after an EVP_EncryptInit(), and therefore that
         specific call must be safe. The second form is where the length passed to
         EVP_EncryptUpdate() can be seen from the code to be some small value and
         therefore there is no possibility of an overflow. Since all instances are
         one of these two forms, it is believed that there can be no overflows in
         internal code due to this problem. It should be noted that
         EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
         Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
         of these calls have also been analysed too and it is believed there are no
         instances in internal usage where an overflow could occur.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2106)
         [Matt Caswell]
    
      *) Prevent ASN.1 BIO excessive memory allocation
    
         When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
         a short invalid encoding can casuse allocation of large amounts of memory
         potentially consuming excessive resources or exhausting memory.
    
         Any application parsing untrusted data through d2i BIO functions is
         affected. The memory based functions such as d2i_X509() are *not* affected.
         Since the memory based functions are used by the TLS library, TLS
         applications are not affected.
    
         This issue was reported by Brian Carpenter.
         (CVE-2016-2109)
         [Stephen Henson]
    
      *) EBCDIC overread
    
         ASN1 Strings that are over 1024 bytes can cause an overread in applications
         using the X509_NAME_oneline() function on EBCDIC systems. This could result
         in arbitrary stack data being returned in the buffer.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2176)
         [Matt Caswell]
    
      *) Modify behavior of ALPN to invoke callback after SNI/servername
         callback, such that updates to the SSL_CTX affect ALPN.
         [Todd Short]
    
      *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
         default.
         [Kurt Roeckx]
    
      *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
         methods are enabled and ssl2 is disabled the methods return NULL.
         [Kurt Roeckx]
  18. Security fixes:

    christos committed May 3, 2016
      *) Prevent padding oracle in AES-NI CBC MAC check
    
         A MITM attacker can use a padding oracle attack to decrypt traffic
         when the connection uses an AES CBC cipher and the server support
         AES-NI.
    
         This issue was introduced as part of the fix for Lucky 13 padding
         attack (CVE-2013-0169). The padding check was rewritten to be in
         constant time by making sure that always the same bytes are read and
         compared against either the MAC or padding bytes. But it no longer
         checked that there was enough data to have both the MAC and padding
         bytes.
    
         This issue was reported by Juraj Somorovsky using TLS-Attacker.
         (CVE-2016-2107)
         [Kurt Roeckx]
    
      *) Fix EVP_EncodeUpdate overflow
    
         An overflow can occur in the EVP_EncodeUpdate() function which is used for
         Base64 encoding of binary data. If an attacker is able to supply very large
         amounts of input data then a length check can overflow resulting in a heap
         corruption.
    
         Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
         the PEM_write_bio* family of functions. These are mainly used within the
         OpenSSL command line applications, so any application which processes data
         from an untrusted source and outputs it as a PEM file should be considered
         vulnerable to this issue. User applications that call these APIs directly
         with large amounts of untrusted data may also be vulnerable.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2105)
         [Matt Caswell]
    
      *) Fix EVP_EncryptUpdate overflow
    
         An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
         is able to supply very large amounts of input data after a previous call to
         EVP_EncryptUpdate() with a partial block then a length check can overflow
         resulting in a heap corruption. Following an analysis of all OpenSSL
         internal usage of the EVP_EncryptUpdate() function all usage is one of two
         forms. The first form is where the EVP_EncryptUpdate() call is known to be
         the first called function after an EVP_EncryptInit(), and therefore that
         specific call must be safe. The second form is where the length passed to
         EVP_EncryptUpdate() can be seen from the code to be some small value and
         therefore there is no possibility of an overflow. Since all instances are
         one of these two forms, it is believed that there can be no overflows in
         internal code due to this problem. It should be noted that
         EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
         Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
         of these calls have also been analysed too and it is believed there are no
         instances in internal usage where an overflow could occur.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2106)
         [Matt Caswell]
    
      *) Prevent ASN.1 BIO excessive memory allocation
    
         When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
         a short invalid encoding can casuse allocation of large amounts of memory
         potentially consuming excessive resources or exhausting memory.
    
         Any application parsing untrusted data through d2i BIO functions is
         affected. The memory based functions such as d2i_X509() are *not* affected.
         Since the memory based functions are used by the TLS library, TLS
         applications are not affected.
    
         This issue was reported by Brian Carpenter.
         (CVE-2016-2109)
         [Stephen Henson]
    
      *) EBCDIC overread
    
         ASN1 Strings that are over 1024 bytes can cause an overread in applications
         using the X509_NAME_oneline() function on EBCDIC systems. This could result
         in arbitrary stack data being returned in the buffer.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2176)
         [Matt Caswell]
    
      *) Modify behavior of ALPN to invoke callback after SNI/servername
         callback, such that updates to the SSL_CTX affect ALPN.
         [Todd Short]
    
      *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
         default.
         [Kurt Roeckx]
    
      *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
         methods are enabled and ssl2 is disabled the methods return NULL.
         [Kurt Roeckx]
  19. Security fixes:

    christos committed May 3, 2016
      *) Prevent padding oracle in AES-NI CBC MAC check
    
         A MITM attacker can use a padding oracle attack to decrypt traffic
         when the connection uses an AES CBC cipher and the server support
         AES-NI.
    
         This issue was introduced as part of the fix for Lucky 13 padding
         attack (CVE-2013-0169). The padding check was rewritten to be in
         constant time by making sure that always the same bytes are read and
         compared against either the MAC or padding bytes. But it no longer
         checked that there was enough data to have both the MAC and padding
         bytes.
    
         This issue was reported by Juraj Somorovsky using TLS-Attacker.
         (CVE-2016-2107)
         [Kurt Roeckx]
    
      *) Fix EVP_EncodeUpdate overflow
    
         An overflow can occur in the EVP_EncodeUpdate() function which is used for
         Base64 encoding of binary data. If an attacker is able to supply very large
         amounts of input data then a length check can overflow resulting in a heap
         corruption.
    
         Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
         the PEM_write_bio* family of functions. These are mainly used within the
         OpenSSL command line applications, so any application which processes data
         from an untrusted source and outputs it as a PEM file should be considered
         vulnerable to this issue. User applications that call these APIs directly
         with large amounts of untrusted data may also be vulnerable.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2105)
         [Matt Caswell]
    
      *) Fix EVP_EncryptUpdate overflow
    
         An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
         is able to supply very large amounts of input data after a previous call to
         EVP_EncryptUpdate() with a partial block then a length check can overflow
         resulting in a heap corruption. Following an analysis of all OpenSSL
         internal usage of the EVP_EncryptUpdate() function all usage is one of two
         forms. The first form is where the EVP_EncryptUpdate() call is known to be
         the first called function after an EVP_EncryptInit(), and therefore that
         specific call must be safe. The second form is where the length passed to
         EVP_EncryptUpdate() can be seen from the code to be some small value and
         therefore there is no possibility of an overflow. Since all instances are
         one of these two forms, it is believed that there can be no overflows in
         internal code due to this problem. It should be noted that
         EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
         Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
         of these calls have also been analysed too and it is believed there are no
         instances in internal usage where an overflow could occur.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2106)
         [Matt Caswell]
    
      *) Prevent ASN.1 BIO excessive memory allocation
    
         When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
         a short invalid encoding can casuse allocation of large amounts of memory
         potentially consuming excessive resources or exhausting memory.
    
         Any application parsing untrusted data through d2i BIO functions is
         affected. The memory based functions such as d2i_X509() are *not* affected.
         Since the memory based functions are used by the TLS library, TLS
         applications are not affected.
    
         This issue was reported by Brian Carpenter.
         (CVE-2016-2109)
         [Stephen Henson]
    
      *) EBCDIC overread
    
         ASN1 Strings that are over 1024 bytes can cause an overread in applications
         using the X509_NAME_oneline() function on EBCDIC systems. This could result
         in arbitrary stack data being returned in the buffer.
    
         This issue was reported by Guido Vranken.
         (CVE-2016-2176)
         [Matt Caswell]
    
      *) Modify behavior of ALPN to invoke callback after SNI/servername
         callback, such that updates to the SSL_CTX affect ALPN.
         [Todd Short]
    
      *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
         default.
         [Kurt Roeckx]
    
      *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
         methods are enabled and ssl2 is disabled the methods return NULL.
         [Kurt Roeckx]
  20. Fix things so that STATIC can me made static (-DSTATIC=static)

    kre committed May 3, 2016
    and have the shell still compile, link, and run...
    
    ok christos@
  21. Allow function names to be any shell word not containing '/'.

    kre committed May 3, 2016
    This allows anything that could be a filesystem command to be
    implemented as a function instead.  The restriction on '/'
    is because of the way that functions are (required to be) searched
    for relative to PATH searching - a function with a name containing '/'
    could never be executed, so simply prohibit defining such a thing.
    
    ok christos@
  22. PR bin/43639 - check that a file being read by the '.' command

    kre committed May 3, 2016
    is a regular file, even when it is given as a full pathname.
  23. Remove unnecessary extern var declaration that was a

    kre committed May 3, 2016
    remnant of an earlier version of the previous (fd>10) fixes.
    
    ok christos@
  24. minor nits

    christos committed May 3, 2016
Commits on May 2, 2016
  1. move scsipi_strvis -> libkern:strnvisx()

    christos committed May 2, 2016
    change the prototype to match userland
    fix sizes of strings passed to it
  2. Make it look more like rt2560.c

    christos committed May 2, 2016
  3. The on-disk FAT array does not include anything before CLUST_FIRST,

    jakllsch committed May 2, 2016
    compensate in size check.
    
    This was tickled by my SanDisk Sansa Clip 4GB, which exactly filled the FAT array.
  4. Call rump_init() before using rump functionality.

    jakllsch committed May 2, 2016
    This change should make these test cases consistently fail on all ports.
    
    Related to PR kern/51096.
  5. fix typos from Pedro Giffuni @FreeBSD

    christos committed May 2, 2016
Something went wrong with that request. Please try again.