Commit Graph

234084 Commits

Author SHA1 Message Date
spz
9cef71b670 merge OpenSSL 1.0.1m
do the necessary changes in src/crypto/external/bsd/openssl
update doc
2015-03-23 10:22:45 +00:00
spz
635165fad8 This is an import of OpenSSL 1.0.1m.
The vulnerabilities listed below were previously fixed by patches
supplied by the OpenSSL project.

Thus, this import is not about vulnerabilities, but about the change
in source style OpenSSL applied before 1.0.1m (as well as small fixes
not listed in the changelog that make us have a 'proper' 1.0.1m).

Upstream Changelog:

 Changes between 1.0.1l and 1.0.1m [19 Mar 2015]

  *) Segmentation fault in ASN1_TYPE_cmp fix

     The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
     made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
     certificate signature algorithm consistency this can be used to crash any
     certificate verification operation and exploited in a DoS attack. Any
     application which performs certificate verification is vulnerable including
     OpenSSL clients and servers which enable client authentication.
     (CVE-2015-0286)
     [Stephen Henson]

  *) ASN.1 structure reuse memory corruption fix

     Reusing a structure in ASN.1 parsing may allow an attacker to cause
     memory corruption via an invalid write. Such reuse is and has been
     strongly discouraged and is believed to be rare.

     Applications that parse structures containing CHOICE or ANY DEFINED BY
     components may be affected. Certificate parsing (d2i_X509 and related
     functions) are however not affected. OpenSSL clients and servers are
     not affected.
     (CVE-2015-0287)
     [Stephen Henson]

  *) PKCS7 NULL pointer dereferences fix

     The PKCS#7 parsing code does not handle missing outer ContentInfo
     correctly. An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
     missing content and trigger a NULL pointer dereference on parsing.

     Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
     otherwise parse PKCS#7 structures from untrusted sources are
     affected. OpenSSL clients and servers are not affected.

     This issue was reported to OpenSSL by Michal Zalewski (Google).
     (CVE-2015-0289)
     [Emilia Käsper]

  *) DoS via reachable assert in SSLv2 servers fix

     A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
     servers that both support SSLv2 and enable export cipher suites by sending
     a specially crafted SSLv2 CLIENT-MASTER-KEY message.

     This issue was discovered by Sean Burford (Google) and Emilia Käsper
     (OpenSSL development team).
     (CVE-2015-0293)
     [Emilia Käsper]

  *) Use After Free following d2i_ECPrivatekey error fix

     A malformed EC private key file consumed via the d2i_ECPrivateKey function
     could cause a use after free condition. This, in turn, could cause a double
     free in several private key parsing functions (such as d2i_PrivateKey
     or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
     for applications that receive EC private keys from untrusted
     sources. This scenario is considered rare.

     This issue was discovered by the BoringSSL project and fixed in their
     commit 517073cd4b.
     (CVE-2015-0209)
     [Matt Caswell]

  *) X509_to_X509_REQ NULL pointer deref fix

     The function X509_to_X509_REQ will crash with a NULL pointer dereference if
     the certificate key is invalid. This function is rarely used in practice.

     This issue was discovered by Brian Carpenter.
     (CVE-2015-0288)
     [Stephen Henson]

  *) Removed the export ciphers from the DEFAULT ciphers
     [Kurt Roeckx]

 Changes between 1.0.1k and 1.0.1l [15 Jan 2015]

  *) Build fixes for the Windows and OpenVMS platforms
     [Matt Caswell and Richard Levitte]
2015-03-23 08:28:04 +00:00
riastradh
d06a75e7df Reorganize UFP_* flags with markup and more detail. 2015-03-23 08:19:12 +00:00
wiz
0e9029ef91 Bump date for previous. Use more markup in AUTHORS section. 2015-03-23 08:11:10 +00:00
riastradh
e3235bfa54 Describe UFP_DIRTYONLY and UFP_BACKWARD flags to uvn_findpages.
PR kern/49335
2015-03-23 08:00:33 +00:00
riastradh
d32bef14a2 Call these identities', not life states'. 2015-03-23 07:59:12 +00:00
ozaki-r
248367a4ce Regen 2015-03-23 07:54:44 +00:00
ozaki-r
5afb55419b Add linux_systrace_args.c for arm 2015-03-23 07:52:36 +00:00
ozaki-r
a15e409a65 Regen 2015-03-23 07:51:45 +00:00
ozaki-r
a58f44dd16 Fix inconsistent argument names 2015-03-23 07:50:03 +00:00
apb
978d974482 Explain why there is no consttime_memcmp().
Inspired by a patch from Kamil Rytarowski.
2015-03-23 07:41:16 +00:00
ozaki-r
9102ea39a1 Regen 2015-03-23 07:40:31 +00:00
ozaki-r
dfda72b105 Fix inconsistent argument names 2015-03-23 07:30:15 +00:00
matt
22e0fb4106 Fix register usage in softint_switch. load / restore l_private across
softint_dispatch
2015-03-22 23:46:08 +00:00
matt
0df464ab8d Make sure to save the user thread point in softint_switch in case it was
set just before we got an interrupt.  Otherwise if the softint blocks, the
old value would be restored and change lost.
2015-03-22 23:17:57 +00:00
mrg
99baa91ed3 if not playing (-q mode), don't call ioctl() or try to use the results.
now -q mode works.
2015-03-22 22:47:43 +00:00
wiz
5753d35ecf Sort options in usage. 2015-03-22 22:39:05 +00:00
wiz
51041dd869 Sort options. Use An -nosplit in AUTHORS section. 2015-03-22 22:38:19 +00:00
wiz
e74dc903d0 Use An in AUTHORS section. 2015-03-22 22:35:08 +00:00
joerg
bcfe277c29 Mark as volatile, just to be sure. 2015-03-22 21:45:12 +00:00
martin
3884499e40 Use ta0 instead of t4 (so at least it compiles for all ABIs) 2015-03-22 20:32:08 +00:00
martin
0f9d79598b Back -O3 optimization out for now - it did not fix the performance
differences to pkgsrc we see, but causes runtime fallout on e.g. sparc64
(just running "openssl" crashes with a SEGFAULT).
2015-03-22 20:29:04 +00:00
palle
6451d12f93 sun4v: Fixed bug in cpu_cache_info_sun4v() causing non-cache nodes to be processed - this should fix crashes on T2-based systems (e.g. T5120) when retrieving L2$ info during bootstrap. Tested by rodent@ 2015-03-22 19:37:54 +00:00
palle
32713ed701 sun4v: added new function mdesc_name_by_idx() for retrieving the name of a node 2015-03-22 19:33:21 +00:00
jmcneill
4f1b45db2e Add Amlogic RTC driver, from Anon Ymous 2015-03-22 17:28:22 +00:00
jmcneill
089a8f9d1d Support interlaced modes. 2015-03-22 16:23:26 +00:00
tsutsui
3960313655 Don't forget to put /ofwboot into the image otherwise boot fails.
Should be pulled up to netbsd-6* and netbsd-7 branches.
2015-03-22 14:02:15 +00:00
jmcneill
6bd142becd Use the hardware scaler to do overscan compensation. You can set the
scaling value as a percentage in two ways -- either as a kernel cmdline
parameter (fb.scale=<pct>) or at runtime with sysctl (hw.genfb0.scale=<pct>).

Setting scale=100 disables the scaler, any other value enables it. For
the cheap TV on my desk, scale=95 gives me a fully visible framebuffer.
2015-03-22 13:53:33 +00:00
ast
6ffaa22c57 Mention import of service(8) command from FreeBSD. 2015-03-22 12:48:18 +00:00
ast
f00f13ee2a Make the usage appear more standard. 2015-03-22 10:24:48 +00:00
ast
04efec8469 Import a substantially modified service(8) command from FreeBSD to
manage rc.d scripts.  This command is well known on most other Unixes
and should help soften the learning curve for Unix admins coming
to NetBSD.
2015-03-22 09:57:42 +00:00
ast
64fd4bb542 Appease various mandoc -Tlint warnings and update copyright while we're here 2015-03-22 09:45:50 +00:00
jmcneill
7ba4328bfa Process /etc/modules.conf (if present) at startup, before securelevel is
raised, to allow module loading on ports without a module aware bootloader.
2015-03-21 19:10:43 +00:00
apb
b3f66a3d8a Actually create the "done" files, and test them for existence. 2015-03-21 16:42:17 +00:00
martin
36c17f1650 Make more compile time options the same as the pkgsrc version 2015-03-21 15:56:54 +00:00
apb
2b56eacd4f zoneinfo: Import tzdata2015b. [apb 20150321]
Also s/tzdata/tzcode in another line.
2015-03-21 15:54:11 +00:00
apb
5aa928701a We have tzdata2015b. 2015-03-21 15:52:19 +00:00
apb
0ba7d01cae Update tzdata2netbsd for tzdata2015b.
* Edit version numbers.
* Make the script deal better with being re-run multiple times.  It
  now keeps a status file for each non-trivial step, and doesn't repeat
  the step if the sttaus file exists.
* Instead of spawning a subshell to resolve merge conflicts, print a message
  and exit, with a suggestion to rte-run the script after conflicts
  are resolved.
* Check whether there are any conflicts before trying to do anything
  about conflicts.
2015-03-21 15:51:20 +00:00
apb
555a785a32 Import tzdata2015b from ftp://ftp.iana.org/tz/releases/tzdata2015b.tar.gz
Summary of changes in tzdata2015b (2015-03-19 23:28:11 -0700):
  * Mongolia will start observing DST again in 2015, from the last
    Saturday in March at 02:00 to the last Saturday in September at 00:00.
  * Palestine will start DST on March 28, not March 27, in 2015.
  * The 1982 zone shift in Pacific/Easter has been corrected, fixing a 2015a
    regression.
  * Some more zones have been turned into links, when they differed
    from existing zones only for older time stamps.
  * Correct the 1992-2010 DST abbreviation in Volgograd from "MSK" to "MSD".
  * Changes affecting commentary.
2015-03-21 15:45:33 +00:00
riastradh
c1cdb89ea5 No, PQ_ANON is set only if owned by anon, not if loaned to anon. 2015-03-21 13:58:31 +00:00
martin
c734c5160b In a "native" build, this file is postprocessed by a perl script and some
lines are changed into either #define SOMETHING or #undef SOMETHING,
but in our in-tree build it is installed verbatim - so comment out all
#undef parts, to allow our makefile fragments to freely -DSOMETHING
and not have it silently canceld here.
2015-03-21 13:35:48 +00:00
riastradh
04aeec6145 Address O->A loan case in comments, pointed out by chs@. 2015-03-21 13:28:32 +00:00
riastradh
258f7cb150 Elaborate on locking scheme and vm_page states. 2015-03-21 13:11:14 +00:00
isaki
ec31227c02 one more white space -> tab. 2015-03-21 05:50:19 +00:00
isaki
47f8b9c01c Rewrite ilog2's test. PR lib/49745.
- Reorganize ilog2_basic to ilog2_32bit, ilog2_64bit and ilog2_const.
  ilog2_const is compile-time test for __builtin_constant_p() part of
  current ilog2() implementation.
- Remove fully meaningless ilog2_log2.  So this part of PR misc/44767
  is no longer present.
2015-03-21 05:32:07 +00:00
jmcneill
08f124e4e2 Basic framebuffer console support. Work in progress. 2015-03-21 01:17:00 +00:00
rmind
3250dbf286 npfctl:
- Fix the filter criteria when to/from is omitted but port used.
- Print more user-friendly error if an NPF table has a duplicate entry.
2015-03-21 00:49:07 +00:00
rmind
94da9a216b NPF: replace the TAILQ of the dynamic rules with a linked list and fix the
inheriting of the active dynamic rules during the reload; also, fix a bug
in the insert path by putting a memory barrier in the right place.
2015-03-20 23:36:28 +00:00
jmcneill
89caa1f480 support 24bpp framebuffers 2015-03-20 21:55:46 +00:00
jmcneill
b9f35a65b7 add WSDISPLAY_TYPE_MESON 2015-03-20 21:42:31 +00:00