10 August 2018. Summary of changes for version 20180810:
1) ACPICA kernel-resident subsystem:
Initial ACPI table loading: Attempt to continue loading ACPI tables
regardless of malformed AML. Since migrating table initialization to the
new module-level code support, the AML interpreter rejected tables upon
any ACPI error encountered during table load. This is a problem because
non-serious ACPI errors during table load do not necessarily mean that
the entire definition block (DSDT or SSDT) is invalid. This change
improves the table loading by ignoring some types of errors that can be
generated by incorrect AML. This can range from object type errors, scope
errors, and index errors.
Suspend/Resume support: Update to stop unconditionally clearing ACPI IRQs
during suspend/resume. The status of ACPI events is no longer cleared
when entering the ACPI S5 system state (power off) which caused some
systems to power up immediately after turning off power in certain
situations. This was a functional regression. It was fixed by clearing
the status of all ACPI events again when entering S5 (for system-wide
suspend or hibernation the clearing of the status of all events is not
desirable, as it might cause the kernel to miss wakeup events sometimes).
Rafael Wysocki.
2) iASL Compiler/Disassembler and Tools:
AcpiExec: Enhanced the -fi option (Namespace initialization file). Field
elements listed in the initialization file were previously initialized
after the table load and before executing module-level code blocks.
Recent changes in the module-level code support means that the table load
becomes a large control method execution. If fields are used within
module-level code and we are executing with the -fi option, the
initialization values were used to initialize the namespace object(s)
only after the table was finished loading. This change Provides an early
initialization of objects specified in the initialization file so that
field unit values are populated during the table load (not after the
load).
AcpiExec: Fixed a small memory leak regression that could result in
warnings during exit of the utility. These warnings were similar to
these:
0002D690 Length 0x0006 nsnames-0502 [Not a Descriptor - too small]
0002CD70 Length 0x002C utcache-0453 [Operand] Integer RefCount 0x0001
----------------------------------------
29 June 2018. Summary of changes for version 20180629:
1) iASL Compiler/Disassembler and Tools:
iASL: Fixed a regression related to the use of the ASL External
statement. Error checking for the use of the External() statement has
been relaxed. Previously, a restriction on the use of External meant that
the referenced named object was required to be defined in a different
table (an SSDT). Thus it would be an error to declare an object as an
external and then define the same named object in the same table. For
example:
DefinitionBlock (...)
{
External (DEV1)
Device (DEV1){...} // This was an error
}
However, this behavior has caused regressions in some existing ASL code,
because there is code that depends on named objects and externals (with
the same name) being declared in the same table. This change will allow
the ASL code above to compile without errors or warnings.
iASL: Implemented ASL language extensions for four operators to make some
of their arguments optional instead of required:
1) Field (RegionName, AccessType, LockRule, UpdateRule)
2) BankField (RegionName, BankName, BankValue,
AccessType, LockRule, UpdateRule)
3) IndexField (IndexName, DataName,
AccessType, LockRule, UpdateRule)
For the Field operators above, the AccessType, LockRule, and UpdateRule
are now optional arguments. The default values are:
AccessType: AnyAcc
LockRule: NoLock
UpdateRule: Preserve
4) Mutex (MutexName, SyncLevel)
For this operator, the SyncLevel argument is now optional. This argument
is rarely used in any meaningful way by ASL code, and thus it makes sense
to make it optional. The default value is:
SyncLevel: 0
iASL: Attempted use of the ASL Unload() operator now results in the
following warning:
"Unload is not supported by all operating systems"
This is in fact very true, and the Unload operator may be completely
deprecated in the near future.
AcpiExec: Fixed a regression for the -fi option (Namespace initialization
file. Recent changes in the ACPICA module-level code support altered the
table load/initialization sequence . This means that the table load has
become a large method execution of the table itself. If Operation Region
Fields are used within any module-level code and the -fi option was
specified, the initialization values were populated only after the table
had completely finished loading (and thus the module-level code had
already been executed). This change moves the initialization of objects
listed in the initialization file to before the table is executed as a
method. Field unit values are now initialized before the table execution
is performed.
----------------------------------------
31 May 2018. Summary of changes for version 20180531:
1) ACPICA kernel-resident Subsystem:
Implemented additional support to help ensure that a DSDT or SSDT is
fully loaded even if errors are incurred during the load. The majority of
the problems that are seen is the failure of individual AML operators
that occur during execution of any module-level code (MLC) existing in
the table. This support adds a mechanism to abort the current ASL
statement (AML opcode), emit an error message, and to simply move on to
the next opcode -- instead of aborting the entire table load. This is
different than the execution of a control method where the entire method
is aborted upon any error. The goal is to perform a very "best effort" to
load the ACPI tables. The most common MLC errors that have been seen in
the field are direct references to unresolved ASL/AML symbols (referenced
directly without the use of the CondRefOf operator to validate the
symbol). This new ACPICA behavior is now compatible with other ACPI
implementations.
Interpreter: The Unload AML operator is no longer supported for the
reasons below. An AE_NOT_IMPLEMENTED exception is returned.
1) A correct implementation on at least some hosts may not be possible.
2) Other ACPI implementations do not correctly/fully support it.
3) It requires host device driver support which is not known to exist.
(To properly support namespace unload out from underneath.)
4) This AML operator has never been seen in the field.
Parser: Added a debug option to dump AML parse sub-trees as they are
being executed. Used with ACPI_DEBUG_PRINT, the enabling debug level is
ACPI_DB_PARSE_TREES.
Debugger: Reduced the verbosity for errors incurred during table load and
module-level code execution.
Completed an investigation into adding a namespace node "owner list"
instead of the current "owner ID" associated with namespace nodes. This
list would link together all nodes that are owned by an individual
control method. The purpose would be to enhance control method execution
by speeding up cleanup during method exit (all namespace nodes created by
a method are deleted upon method termination.) Currently, the entire
namespace must be searched for matching owner IDs if (and only if) the
method creates named objects outside of the local scope. However, by far
the most common case is that methods create objects locally, not outside
the method scope. There is already an ACPICA optimization in place that
only searches the entire namespace in the rare case of a method creating
objects elsewhere in the namespace. Therefore, it is felt that the
overhead of adding an additional pointer to each namespace node to
implement the owner list makes this feature unnecessary.
2) iASL Compiler/Disassembler and Tools:
iASL, Disassembler, and Template generator: Implemented support for
Revision D of the IORT table. Adds a new subtable that is used to specify
SMMUv3 PMCGs. rmurphy-arm.
Disassembler: Restored correct table header validation for the "special"
ACPI tables -- RSDP and FACS. These tables do not contain a standard ACPI
table header and must be special-cased. This was a regression that has
been present for apparently a long time.
AcpiExec: Reduced verbosity of the local exception handler implemented
within acpiexec. This handler is invoked by ACPICA upon any exceptions
generated during control method execution. A new option was added: -vh
restores the original verbosity level if desired.
AcpiExec: Changed the default base from decimal to hex for the -x option
(set debug level). This simplifies the use of this option and matches the
behavior of the corresponding iASL -x option.
AcpiExec: Restored a force-exit on multiple control-c (sigint)
interrupts. This allows program termination even if other issues cause
the control-c to fail.
ASL test suite (ASLTS): Added tests for the recently implemented package
element resolution mechanism that allows forward references to named
objects from individual package elements (this mechanism provides
compatibility with other ACPI implementations.)
----------------------------------------
8 May 2018. Summary of changes for version 20180508:
1) ACPICA kernel-resident subsystem:
Completed the new (recently deployed) package resolution mechanism for
the Load and LoadTable ASL/AML operators. This fixes a regression that
was introduced in version 20180209 that could result in an
AE_AML_INTERNAL exception during the loading of a dynamic ACPI/AML table
(SSDT) that contains package objects.
2) iASL Compiler/Disassembler and Tools:
AcpiDump and AcpiXtract: Implemented support for ACPI tables larger than
1 MB. This change allows for table offsets within the acpidump file to be
up to 8 characters. These changes are backwards compatible with existing
acpidump files.
*) Client DoS due to large DH parameter
During key agreement in a TLS handshake using a DH(E) based ciphersuite a
malicious server can send a very large prime value to the client. This will
cause the client to spend an unreasonably long period of time generating a
key for this prime resulting in a hang until the client has finished. This
could be exploited in a Denial Of Service attack.
This issue was reported to OpenSSL on 5th June 2018 by Guido Vranken
(CVE-2018-0732)
[Guido Vranken]
*) Cache timing vulnerability in RSA Key Generation
The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to
a cache timing side channel attack. An attacker with sufficient access to
mount cache timing attacks during the RSA key generation process could
recover the private key.
This issue was reported to OpenSSL on 4th April 2018 by Alejandro Cabrera
Aldaya, Billy Brumley, Cesar Pereida Garcia and Luis Manuel Alvarez Tapia.
(CVE-2018-0737)
[Billy Brumley]
*) Make EVP_PKEY_asn1_new() a bit stricter about its input. A NULL pem_str
parameter is no longer accepted, as it leads to a corrupt table. NULL
pem_str is reserved for alias entries only.
[Richard Levitte]
*) Revert blinding in ECDSA sign and instead make problematic addition
length-invariant. Switch even to fixed-length Montgomery multiplication.
[Andy Polyakov]
*) Change generating and checking of primes so that the error rate of not
being prime depends on the intended use based on the size of the input.
For larger primes this will result in more rounds of Miller-Rabin.
The maximal error rate for primes with more than 1080 bits is lowered
to 2^-128.
[Kurt Roeckx, Annie Yousar]
*) Increase the number of Miller-Rabin rounds for DSA key generating to 64.
[Kurt Roeckx]
*) Add blinding to ECDSA and DSA signatures to protect against side channel
attacks discovered by Keegan Ryan (NCC Group).
[Matt Caswell]
*) When unlocking a pass phrase protected PEM file or PKCS#8 container, we
now allow empty (zero character) pass phrases.
[Richard Levitte]
*) Certificate time validation (X509_cmp_time) enforces stricter
compliance with RFC 5280. Fractional seconds and timezone offsets
are no longer allowed.
[Emilia Käsper]
*) Fixed a text canonicalisation bug in CMS
Where a CMS detached signature is used with text content the text goes
through a canonicalisation process first prior to signing or verifying a
signature. This process strips trailing space at the end of lines, converts
line terminators to CRLF and removes additional trailing line terminators
at the end of a file. A bug in the canonicalisation process meant that
some characters, such as form-feed, were incorrectly treated as whitespace
and removed. This is contrary to the specification (RFC5485). This fix
could mean that detached text data signed with an earlier version of
OpenSSL 1.1.0 may fail to verify using the fixed version, or text data
signed with a fixed OpenSSL may fail to verify with an earlier version of
OpenSSL 1.1.0. A workaround is to only verify the canonicalised text data
and use the "-binary" flag (for the "cms" command line application) or set
the SMIME_BINARY/PKCS7_BINARY/CMS_BINARY flags (if using CMS_verify()).
[Matt Caswell]
has been replaced with EFI_SIMPLE_NETWORK_PROTOCOL_GUID and the old
one (EFI_SIMPLE_NETWORK_PROTOCOL) is now something completely different.
Adapt... (should help the ia64 build)
previous rev) the two values (node name, and node number) were
arbitrarily printed in different formats and orders (depending
upon my mood at the time I guess...) The new macros will standardise
that usage (in the debug output) once some use of them actually begins.
When the macros were added, I arbitrarily copied the format of one
use I was looking at at that instant (the one which inspired the change),
but after gazing at DEBUG mode output over the intervening time, I
have concluded that I did not pick the easiest to read/follow format.
So, even before they are used, change the style... Also, conform
to standard PRIxxxx macro style by omitting the leading '%'.
NFC (since they aren't used at all, anywhere, yet, not even the
possibility of anything changing!)
This generates nodenames.h which is a file that used to begin
#ifdef DEBUG
(line 1) and end with
#endif
(last line) with no intervening (matching) #else ... ie: for DEBUG use only.
That led to situations where non-debug code would like to make use
of the info provided, if DEBUG was enabled, needed to add #ifdef DEBUG
at the point of use.
Avoid that by providing new macros that are always defined (DEBUG or not,
so now we have a #else) which allow code to be written to make use of
the extra DEBUG info, if it is available, or not, if not.
While here, add double-include protection on the generated .h file
(just being cautious - nothing is ever going to cause it to get
included anywhere twice - or it shouldn't) and add the traditional
comments on the #else and #endif stuff (which is also really useless
as no-one is really expected to ever read the generated file). Never mind.
Nothing yet (elsewhere in the sh source) uses the new macros, so there's
even less chance of this changing anything than there would otherwise be.
When using WPA2, EAPOL-Key frames with the Encrypted flag and without the MIC
flag set, the data field was decrypted first without verifying the MIC. When
the dta field was encrypted using RC4, for example, when negotiating TKIP as
a pairwise cipher, the unauthenticated but decrypted data was subsequently
processed. This opened wpa_supplicant(8) to abuse by decryption and recovery
of sensitive information contained in EAPOL-Key messages.
See https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
for a detailed description of the bug.
XXX: pullup-8
kamil