Commit Graph

242584 Commits

Author SHA1 Message Date
christos 2805fbf632 adjust to new acpica 2016-05-04 19:28:15 +00:00
christos 49c2f1f466 merge new acpica 2016-05-04 19:27:57 +00:00
roy 88be616fa6 Allow multicast/broadcast packets from a bridge member to other members.
Note this should just call bridge_broadcast when more locking issues are
resolved.
2016-05-04 18:59:55 +00:00
gson 85c4af6b99 Reduce the step size, exposing another bug. 2016-05-04 18:36:46 +00:00
christos cfbb728076 22 April 2016. Summary of changes for version 20160422:
1) ACPICA kernel-resident subsystem:

Fixed a regression in the GAS (generic address structure) arbitrary bit
support in AcpiHwRead/AcpiHwWrite. Problem could cause incorrect behavior
and incorrect return values. Lv Zheng. ACPICA BZ 1270.

ACPI 6.0: Added support for new/renamed resource macros. One new argument
was added to each of these macros, and the original name has been
deprecated. The AML disassembler will always disassemble to the new
names. Support for the new macros was added to iASL, disassembler,
resource manager, and the acpihelp utility. ACPICA BZ 1274.

    I2cSerialBus  -> I2cSerialBusV2
    SpiSerialBus  -> SpiSerialBusV2
    UartSerialBus -> UartSerialBusV2

ACPI 6.0: Added support for a new integer field that was appended to the
package object returned by the _BIX method. This adds iASL compile-time
and AML runtime error checking. ACPICA BZ 1273.

ACPI 6.1: Added support for a new PCCT subtable, "HW-Reduced Comm
Subspace Type2" (Headers, Disassembler, and data table compiler).

Example Code and Data Size: These are the sizes for the OS-independent
acpica.lib produced by the Microsoft Visual C++ 9.0 32-bit compiler. The
debug version of the code includes the debug output trace mechanism and
has a much larger code and data size.

  Current Release:
    Non-Debug Version: 137.4K Code, 52.6K Data, 190.0K Total
    Debug Version:     201.5K Code, 82.2K Data, 283.7K Total
  Previous Release:
    Non-Debug Version: 137.1K Code, 51.5K Data, 188.6K Total
    Debug Version:     201.0K Code, 82.0K Data, 283.0K Total


2) iASL Compiler/Disassembler and Tools:

iASL: Implemented an ASL grammar extension to allow/enable executable
"module-level code" to be created and executed under the various
operators that create new scopes. This type of AML code is already
supported in all known AML interpreters, and the grammar change will
appear in the next version of the ACPI specification. Simplifies the
conditional runtime creation of named objects under these object types:

    Device
    PowerResource
    Processor
    Scope
    ThermalZone

iASL: Implemented a new ASL extension, a "For" loop macro to add greater
ease-of-use to the ASL language. The syntax is similar to the
corresponding C operator, and is implemented with the existing AML While
opcode -- thus requiring no changes to existing AML interpreters.

    For (Initialize, Predicate, Update) {TermList}

Grammar:
    ForTerm :=
        For (
            Initializer    // Nothing | TermArg => ComputationalData
            Predicate      // Nothing | TermArg => ComputationalData
            Update         // Nothing | TermArg => ComputationalData
        ) {TermList}


iASL: The _HID/_ADR detection and validation has been enhanced to search
under conditionals in order to allow these objects to be conditionally
created at runtime.

iASL: Fixed several issues with the constant folding feature. The
improvement allows better detection and resolution of statements that can
be folded at compile time. ACPICA BZ 1266.

iASL/Disassembler: Fixed a couple issues with the Else{If{}...}
conversion to the ASL ElseIf operator where incorrect ASL code could be
generated.

iASL/Disassembler: Fixed a problem with the ASL+ code disassembly where
sometimes an extra (and extraneous) set of parentheses were emitted for
some combinations of operators. Although this did not cause any problems
with recompilation of the disassembled code, it made the code more
difficult to read. David Box. ACPICA BZ 1231.

iASL: Changed to ignore the unreferenced detection for predefined names
of resource descriptor elements, when the resource descriptor is
created/defined within a control method.

iASL: Disassembler: Fix a possible fault with externally declared Buffer
objects.

----------------------------------------
18 March 2016. Summary of changes for version 20160318:

1) ACPICA kernel-resident subsystem:

Added support for arbitrary bit lengths and bit offsets for registers
defined by the Generic Address Structure. Previously, only aligned bit
lengths of 8/16/32/64 were supported. This was sufficient for many years,
but recently some machines have been seen that require arbitrary bit-
level support. ACPICA BZ 1240. Lv Zheng.

Fixed an issue where the \_SB._INI method sometimes must be evaluated
before any _REG methods are evaluated. Lv Zheng.

Implemented several changes related to ACPI table support
(Headers/Disassembler/TableCompiler):
NFIT: For ACPI 6.1, updated to add some additional new fields and
constants.
FADT: Updated a warning message and set compliance to ACPI 6.1 (Version
6).
DMAR: Added new constants per the 10/2014 DMAR spec.
IORT: Added new subtable per the 10/2015 IORT spec.
HEST: For ACPI 6.1, added new constants and new subtable.
DBG2: Added new constants per the 12/2015 DBG2 spec.
FPDT: Fixed several incorrect fields, add the FPDT boot record structure.
ACPICA BZ 1249.
ERST/EINJ: Updated disassembler with new "Execute Timings" actions.

Updated header support for the DMAR table to match the current version of
the related spec.

Added extensions to the ASL Concatenate operator to allow any ACPI object
to be passed as an operand. Any object other than Integer/String/Buffer
simply returns a string containing the object type. This extends the
usefulness of the Printf macros. Previously, Concatenate would abort the
control method if a non-data object was encountered.

ACPICA source code: Deployed the C "const" keyword across the source code
where appropriate. ACPICA BZ 732. Joerg Sonnenberger (NetBSD).

Example Code and Data Size: These are the sizes for the OS-independent
acpica.lib produced by the Microsoft Visual C++ 9.0 32-bit compiler. The
debug version of the code includes the debug output trace mechanism and
has a much larger code and data size.

  Current Release:
    Non-Debug Version: 137.1K Code, 51.5K Data, 188.6K Total
    Debug Version:     201.0K Code, 82.0K Data, 283.0K Total
  Previous Release:
    Non-Debug Version: 136.2K Code, 51.5K Data, 187.7K Total
    Debug Version:     200.4K Code, 82.0K Data, 282.4K Total


2) iASL Compiler/Disassembler and Tools:

iASL/Disassembler: Improved the heuristic used to determine the number of
arguments for an externally defined control method (a method in another
table). Although this is an improvement, there is no deterministic way to
"guess" the number of method arguments. Only the ACPI 6.0 External opcode
will completely solve this problem as it is deployed (automatically) in
newer BIOS code.

iASL/Disassembler: Fixed an ordering issue for emitted External() ASL
statements that could cause errors when the disassembled file is
compiled. ACPICA BZ 1243. David Box.

iASL: Fixed a regression caused by the merger of the two versions of the
local strtoul64. Because of a dependency on a global variable, strtoul64
could return an error for integers greater than a 32-bit value. ACPICA BZ
1260.

iASL: Fixed a regression where a fault could occur for an ASL Return
statement if it invokes a control method that is not resolved. ACPICA BZ
1264.

AcpiXtract: Improved input file validation: detection of binary files and
non-acpidump text files.

----------------------------------------
12 February 2016. Summary of changes for version 20160212:

1) ACPICA kernel-resident subsystem:

Implemented full support for the ACPI 6.1 specification (released in
January). This version of the specification is available at:
http://www.uefi.org/specifications

Only a relatively small number of changes were required in ACPICA to
support ACPI 6.1, in these areas:
- New predefined names
- New _HID values
- A new subtable for HEST
- A few other header changes for new values

Ensure \_SB_._INI is executed before any _REG methods are executed. There
appears to be existing BIOS code that relies on this behavior. Lv Zheng.

Reverted a change made in version 20151218 which enabled method
invocations to be targets of various ASL operators (SuperName and Target
grammar elements). While the new behavior is supported by the ACPI
specification, other AML interpreters do not support this behavior and
never will. The ACPI specification will be updated for ACPI 6.2 to remove
this support. Therefore, the change was reverted to the original ACPICA
behavior.

ACPICA now supports the GCC 6 compiler.

Current Release: (Note: build changes increased sizes)
    Non-Debug Version: 136.2K Code, 51.5K Data, 187.7K Total
    Debug Version:     200.4K Code, 82.0K Data, 282.4K Total
Previous Release:
    Non-Debug Version: 102.7K Code, 28.4K Data, 131.1K Total
    Debug Version:     200.4K Code, 81.9K Data, 282.3K Total


2) iASL Compiler/Disassembler and Tools:

Completed full support for the ACPI 6.0 External() AML opcode. The
compiler emits an external AML opcode for each ASL External statement.
This opcode is used by the disassembler to assist with the disassembly of
external control methods by specifying the required number of arguments
for the method. AML interpreters do not use this opcode. To ensure that
interpreters do not even see the opcode, a block of one or more external
opcodes is surrounded by an "If(0)" construct. As this feature becomes
commonly deployed in BIOS code, the ability of disassemblers to correctly
disassemble AML code will be greatly improved. David Box.

iASL: Implemented support for an optional cross-reference output file.
The -lx option will create a the cross-reference file with the suffix
"xrf". Three different types of cross-reference are created in this file:
- List of object references made from within each control method
- Invocation (caller) list for each user-defined control method
- List of references to each non-method object in the namespace

iASL: Method invocations as ASL Target operands are now disallowed and
flagged as errors in preparation for ACPI 6.2 (see the description of the
problem above).
2016-05-04 18:15:53 +00:00
christos 01a3dc11b3 limit to gcc, requested by joerg. 2016-05-04 17:17:00 +00:00
christos 902487a7f3 fix compilation for ppc. 2016-05-04 15:42:32 +00:00
christos d6db3d67c9 prevent gcc from combining memset+malloc -> calloc inside calloc so that
we end up calling ourselves recursively.
2016-05-04 14:39:49 +00:00
dholland a0feec40ce Cite a relevant PR for msdos_renamerace instead of one that was fixed
several years ago.
2016-05-04 08:30:22 +00:00
mrg 729e5a7e04 use AC_USE_SYSTEM_EXTENSIONS in libiberty autoconf, which arranges for
_GNU_SOURCE to be defined for systems that need it (like glibc ones.)

be sure to find the right config.h for host programs.

these fixes combined make builds on debian 7 complete for me.
2016-05-04 00:28:23 +00:00
kre 0fe4e12852 Unbreak build ... again... gcc is insane. 2016-05-03 23:55:12 +00:00
kre 3c6d76cd74 PR bin/51114 - print the correct values for >&- and >& N (N > 9)
in output from the "jobs" command (and other places that use the
same routines.)
2016-05-03 20:46:35 +00:00
riastradh 7347c31c51 Fix non-DIAGNOSTIC build. 2016-05-03 19:43:45 +00:00
riastradh 36bc16361e panic takes no \n.
From coypu.
2016-05-03 19:17:16 +00:00
riastradh 22f2d8e6d4 #ifdef DIAGNOSTIC panic ---> KASSERTMSG
From coypu.
2016-05-03 19:15:29 +00:00
christos 02ec25e568 http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
2016-05-03 18:22:28 +00:00
christos 32a650932f http://w1.fi/security/2016-1/0004-Reject-SET_CRED-commands-with-newline-characters-in-.patch
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.
2016-05-03 18:21:54 +00:00
christos 9f37edd889 http://w1.fi/security/2016-1/0003-Remove-newlines-from-wpa_supplicant-config-network-o.patch
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.
2016-05-03 18:21:14 +00:00
christos bc93796efb http://w1.fi/security/2016-1/0002-Reject-psk-parameter-set-with-invalid-passphrase-cha.patch
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.

This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.
2016-05-03 18:20:30 +00:00
christos 7d146f42f6 http://w1.fi/security/2016-1/0001-WPS-Reject-a-Credential-with-invalid-passphrase.patch
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.

This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.
2016-05-03 18:19:44 +00:00
kre e4edd6e6c4 PR bin/50574 - make the tests conform to what parsedate() actually
does, so they should no longer fail.   This needs parsedate.y 1.28
in order to work properly.

OK christos@
2016-05-03 18:18:15 +00:00
mlelstv e01ac00248 Validate FAT entries to avoid some panics caused by a corrupted FAT.
Also print FAT write errors when mount is synchronous (-o sync). This
reveals problems caused by a write protected disklabel on sector 1.
2016-05-03 18:17:28 +00:00
kre 3060c9b9b9 Make relative date changes ("+ 2 months") etc, work a little more sanely.
OK christos@
2016-05-03 18:14:54 +00:00
kre 97c9ae31d2 Whitespace. No changes. OK christos@ 2016-05-03 18:10:38 +00:00
christos 45eb37228a new openssl 2016-05-03 17:23:17 +00:00
christos 411ef98e1a merge conflicts 2016-05-03 17:21:32 +00:00
christos ddfe742084 add missing forward declaration for the STATIC= case. 2016-05-03 17:21:02 +00:00
christos 43fd2ac1eb Security fixes:
*) Prevent padding oracle in AES-NI CBC MAC check

     A MITM attacker can use a padding oracle attack to decrypt traffic
     when the connection uses an AES CBC cipher and the server support
     AES-NI.

     This issue was introduced as part of the fix for Lucky 13 padding
     attack (CVE-2013-0169). The padding check was rewritten to be in
     constant time by making sure that always the same bytes are read and
     compared against either the MAC or padding bytes. But it no longer
     checked that there was enough data to have both the MAC and padding
     bytes.

     This issue was reported by Juraj Somorovsky using TLS-Attacker.
     (CVE-2016-2107)
     [Kurt Roeckx]

  *) Fix EVP_EncodeUpdate overflow

     An overflow can occur in the EVP_EncodeUpdate() function which is used for
     Base64 encoding of binary data. If an attacker is able to supply very large
     amounts of input data then a length check can overflow resulting in a heap
     corruption.

     Internally to OpenSSL the EVP_EncodeUpdate() function is primarly used by
     the PEM_write_bio* family of functions. These are mainly used within the
     OpenSSL command line applications, so any application which processes data
     from an untrusted source and outputs it as a PEM file should be considered
     vulnerable to this issue. User applications that call these APIs directly
     with large amounts of untrusted data may also be vulnerable.

     This issue was reported by Guido Vranken.
     (CVE-2016-2105)
     [Matt Caswell]

  *) Fix EVP_EncryptUpdate overflow

     An overflow can occur in the EVP_EncryptUpdate() function. If an attacker
     is able to supply very large amounts of input data after a previous call to
     EVP_EncryptUpdate() with a partial block then a length check can overflow
     resulting in a heap corruption. Following an analysis of all OpenSSL
     internal usage of the EVP_EncryptUpdate() function all usage is one of two
     forms. The first form is where the EVP_EncryptUpdate() call is known to be
     the first called function after an EVP_EncryptInit(), and therefore that
     specific call must be safe. The second form is where the length passed to
     EVP_EncryptUpdate() can be seen from the code to be some small value and
     therefore there is no possibility of an overflow. Since all instances are
     one of these two forms, it is believed that there can be no overflows in
     internal code due to this problem. It should be noted that
     EVP_DecryptUpdate() can call EVP_EncryptUpdate() in certain code paths.
     Also EVP_CipherUpdate() is a synonym for EVP_EncryptUpdate(). All instances
     of these calls have also been analysed too and it is believed there are no
     instances in internal usage where an overflow could occur.

     This issue was reported by Guido Vranken.
     (CVE-2016-2106)
     [Matt Caswell]

  *) Prevent ASN.1 BIO excessive memory allocation

     When ASN.1 data is read from a BIO using functions such as d2i_CMS_bio()
     a short invalid encoding can casuse allocation of large amounts of memory
     potentially consuming excessive resources or exhausting memory.

     Any application parsing untrusted data through d2i BIO functions is
     affected. The memory based functions such as d2i_X509() are *not* affected.
     Since the memory based functions are used by the TLS library, TLS
     applications are not affected.

     This issue was reported by Brian Carpenter.
     (CVE-2016-2109)
     [Stephen Henson]

  *) EBCDIC overread

     ASN1 Strings that are over 1024 bytes can cause an overread in applications
     using the X509_NAME_oneline() function on EBCDIC systems. This could result
     in arbitrary stack data being returned in the buffer.

     This issue was reported by Guido Vranken.
     (CVE-2016-2176)
     [Matt Caswell]

  *) Modify behavior of ALPN to invoke callback after SNI/servername
     callback, such that updates to the SSL_CTX affect ALPN.
     [Todd Short]

  *) Remove LOW from the DEFAULT cipher list.  This removes singles DES from the
     default.
     [Kurt Roeckx]

  *) Only remove the SSLv2 methods with the no-ssl2-method option. When the
     methods are enabled and ssl2 is disabled the methods return NULL.
     [Kurt Roeckx]
2016-05-03 17:10:26 +00:00
kre 404b1d0271 Fix things so that STATIC can me made static (-DSTATIC=static)
and have the shell still compile, link, and run...

ok christos@
2016-05-03 13:47:58 +00:00
kre e856092a7a Correct spelling of NetBSD in my entry (pointed out by leot@ - thanks) 2016-05-03 13:43:11 +00:00
skrll 39842a4010 Kill XHCI_QUIRK_FORCE_INTR and surrounding code 2016-05-03 13:14:44 +00:00
kre a18b822d05 Allow function names to be any shell word not containing '/'.
This allows anything that could be a filesystem command to be
implemented as a function instead.  The restriction on '/'
is because of the way that functions are (required to be) searched
for relative to PATH searching - a function with a name containing '/'
could never be executed, so simply prohibit defining such a thing.

ok christos@
2016-05-03 03:16:55 +00:00
kre 1d68040618 PR bin/43639 - check that a file being read by the '.' command
is a regular file, even when it is given as a full pathname.
2016-05-03 03:12:40 +00:00
kre 54c1af73d6 Remove unnecessary extern var declaration that was a
remnant of an earlier version of the previous (fd>10) fixes.

ok christos@
2016-05-03 03:08:21 +00:00
christos 14ff90e1cc minor nits 2016-05-03 00:19:32 +00:00
christos 9da9a79f42 search for the proper variable in the sysroot case. 2016-05-02 23:22:39 +00:00
christos ee17f398d4 move scsipi_strvis -> libkern:strnvisx()
change the prototype to match userland
fix sizes of strings passed to it
2016-05-02 19:18:29 +00:00
christos de74c09c16 Make it look more like rt2560.c 2016-05-02 17:37:23 +00:00
jakllsch 1dac11f22d The on-disk FAT array does not include anything before CLUST_FIRST,
compensate in size check.

This was tickled by my SanDisk Sansa Clip 4GB, which exactly filled the FAT array.
2016-05-02 17:33:03 +00:00
jakllsch ffe5c1f16e Call rump_init() before using rump functionality.
This change should make these test cases consistently fail on all ports.

Related to PR kern/51096.
2016-05-02 17:24:06 +00:00
christos 300e2ca473 eliminate static buffer with custom resizing code. 2016-05-02 16:48:34 +00:00
christos 9ff2bfe491 fix typos from Pedro Giffuni @FreeBSD 2016-05-02 16:35:17 +00:00
kre cd2d9990e2 Add myself. 2016-05-02 16:02:24 +00:00
wiz 7c1df76045 Add missing backslash that broke build. 2016-05-02 14:12:09 +00:00
christos 2f3aa6bd06 Add more MLINKS, sort 2016-05-02 13:01:34 +00:00
christos db4ff162cd Add wide versions of histedit functions
Remove dups
2016-05-02 12:59:30 +00:00
wiz 986567e424 Fix Dd argument. 2016-05-02 12:51:25 +00:00
christos ac44c4d1a4 Add more explicit xrefs 2016-05-02 12:43:35 +00:00
skrll 362f0af293 Remove the "usb_disconnect_port: no device" DIAGNOSTIC message 2016-05-02 11:55:21 +00:00
wiz 077a69b33f Use Mt. 2016-05-02 09:43:33 +00:00