From noreply at github.com  Wed Aug 25 01:19:14 2021
From: noreply at github.com (Lucas Holt)
Date: Tue, 24 Aug 2021 22:19:14 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src] 1f3f08: The passive mode in FTP
 communication allows an ou...
Message-ID: <MidnightBSD/src/push/refs/heads/master/1a9ca4-2290ee@github.com>

  Branch: refs/heads/master
  Home:   https://github.com/MidnightBSD/src
  Commit: 1f3f084d5773953ae225b464cf4c6cf4f52b04f9
      https://github.com/MidnightBSD/src/commit/1f3f084d5773953ae225b464cf4c6cf4f52b04f9
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M lib/libfetch/ftp.c

  Log Message:
  -----------
  The passive mode in FTP communication allows an out of boundary read while
libfetch uses strtol to parse the relevant numbers into address bytes.  It
does not check if the line ends prematurely.  If it does, the for-loop
condition checks for *p == '\0' one byte too late because p++ was already
performed.

Obtained from: FreeBSD


  Commit: c03d4b73af81735368f378cf9e2f89d5aaae9223
      https://github.com/MidnightBSD/src/commit/c03d4b73af81735368f378cf9e2f89d5aaae9223
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M sbin/ggate/ggatec/ggatec.c

  Log Message:
  -----------
  The ggatec(8) daemon does not validate the size of a response before writing
it to a fixed-sized buffer.  This allows to overwrite the stack of ggatec(8).

Obtained from: FreeBSD


  Commit: 2290ee3ef241b6ac310d4f8e3bc1b57b69bd1648
      https://github.com/MidnightBSD/src/commit/2290ee3ef241b6ac310d4f8e3bc1b57b69bd1648
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M usr.sbin/bhyve/pci_virtio_console.c
    M usr.sbin/bhyve/pci_virtio_rnd.c

  Log Message:
  -----------
  Certain VirtIO-based device models failed to handle errors when fetching
I/O descriptors.  Such errors could be triggered by a malicious guest.
As a result, the device model code could be tricked into operating on
uninitialized I/O vectors, leading to memory corruption.

Obtained from: FreeBSD


Compare: https://github.com/MidnightBSD/src/compare/1a9ca4cefaed...2290ee3ef241

From noreply at github.com  Wed Aug 25 01:20:43 2021
From: noreply at github.com (Lucas Holt)
Date: Tue, 24 Aug 2021 22:20:43 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src] 352cd4: The passive mode in FTP
 communication allows an ou...
Message-ID: <MidnightBSD/src/push/refs/heads/stable/2.1/ebdf04-94b3ef@github.com>

  Branch: refs/heads/stable/2.1
  Home:   https://github.com/MidnightBSD/src
  Commit: 352cd423c615c10bf02c9b819845f2b8e9878525
      https://github.com/MidnightBSD/src/commit/352cd423c615c10bf02c9b819845f2b8e9878525
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M lib/libfetch/ftp.c

  Log Message:
  -----------
  The passive mode in FTP communication allows an out of boundary read while
libfetch uses strtol to parse the relevant numbers into address bytes.  It
does not check if the line ends prematurely.  If it does, the for-loop
condition checks for *p == '\0' one byte too late because p++ was already
performed.

Obtained from: FreeBSD


  Commit: 8effe281c73f01f93e440cbefd12298d160525d2
      https://github.com/MidnightBSD/src/commit/8effe281c73f01f93e440cbefd12298d160525d2
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M sbin/ggate/ggatec/ggatec.c

  Log Message:
  -----------
  The ggatec(8) daemon does not validate the size of a response before writing
it to a fixed-sized buffer.  This allows to overwrite the stack of ggatec(8).

Obtained from: FreeBSD


  Commit: 94b3ef77dd2b70a5eb009c4e197841881fec24bb
      https://github.com/MidnightBSD/src/commit/94b3ef77dd2b70a5eb009c4e197841881fec24bb
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M usr.sbin/bhyve/pci_virtio_console.c
    M usr.sbin/bhyve/pci_virtio_rnd.c

  Log Message:
  -----------
  Certain VirtIO-based device models failed to handle errors when fetching
I/O descriptors.  Such errors could be triggered by a malicious guest.
As a result, the device model code could be tricked into operating on
uninitialized I/O vectors, leading to memory corruption.

Obtained from: FreeBSD


Compare: https://github.com/MidnightBSD/src/compare/ebdf0440df41...94b3ef77dd2b

From noreply at github.com  Wed Aug 25 01:30:12 2021
From: noreply at github.com (Lucas Holt)
Date: Tue, 24 Aug 2021 22:30:12 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src] 1de512: The passive mode in FTP
 communication allows an ou...
Message-ID: <MidnightBSD/src/push/refs/heads/stable/2.0/80052f-1de512@github.com>

  Branch: refs/heads/stable/2.0
  Home:   https://github.com/MidnightBSD/src
  Commit: 1de512a30fe8a822c6d7e67b2608c3eb219a5185
      https://github.com/MidnightBSD/src/commit/1de512a30fe8a822c6d7e67b2608c3eb219a5185
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M lib/libfetch/ftp.c

  Log Message:
  -----------
  The passive mode in FTP communication allows an out of boundary read while
libfetch uses strtol to parse the relevant numbers into address bytes.  It
does not check if the line ends prematurely.  If it does, the for-loop
condition checks for *p == '\0' one byte too late because p++ was already
performed.

Obtained from: FreeBSD



From noreply at github.com  Wed Aug 25 10:08:55 2021
From: noreply at github.com (Lucas Holt)
Date: Wed, 25 Aug 2021 07:08:55 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src] d1b8b5: The ggatec(8) daemon
 does not validate the size of...
Message-ID: <MidnightBSD/src/push/refs/heads/stable/2.0/1de512-41ebc7@github.com>

  Branch: refs/heads/stable/2.0
  Home:   https://github.com/MidnightBSD/src
  Commit: d1b8b59f5ea44308f1854808fc9d099d78b1d758
      https://github.com/MidnightBSD/src/commit/d1b8b59f5ea44308f1854808fc9d099d78b1d758
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M sbin/ggate/ggatec/ggatec.c

  Log Message:
  -----------
  The ggatec(8) daemon does not validate the size of a response before writing
it to a fixed-sized buffer.  This allows to overwrite the stack of ggatec(8).

Obtained from: FreeBSD


  Commit: 41ebc7e1c87088432800f0026a28cec37b39e34e
      https://github.com/MidnightBSD/src/commit/41ebc7e1c87088432800f0026a28cec37b39e34e
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    M usr.sbin/bhyve/pci_virtio_console.c
    M usr.sbin/bhyve/pci_virtio_rnd.c

  Log Message:
  -----------
  Certain VirtIO-based device models failed to handle errors when fetching
I/O descriptors.  Such errors could be triggered by a malicious guest.
As a result, the device model code could be tricked into operating on
uninitialized I/O vectors, leading to memory corruption.

Obtained from: FreeBSD


Compare: https://github.com/MidnightBSD/src/compare/1de512a30fe8...41ebc7e1c870

From noreply at github.com  Wed Aug 25 10:52:28 2021
From: noreply at github.com (whitesource-bolt-for-github[bot])
Date: Wed, 25 Aug 2021 07:52:28 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src] 37d0b0: Add .whitesource
 configuration file
Message-ID: <MidnightBSD/src/push/refs/heads/whitesource/configure/2290ee-37d0b0@github.com>

  Branch: refs/heads/whitesource/configure
  Home:   https://github.com/MidnightBSD/src
  Commit: 37d0b06a38d255c36a5781ab475a60287ce9c8b0
      https://github.com/MidnightBSD/src/commit/37d0b06a38d255c36a5781ab475a60287ce9c8b0
  Author: whitesource-bolt-for-github[bot] <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    A .whitesource

  Log Message:
  -----------
  Add .whitesource configuration file



From noreply at github.com  Wed Aug 25 10:52:28 2021
From: noreply at github.com (whitesource-bolt-for-github[bot])
Date: Wed, 25 Aug 2021 07:52:28 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src]
Message-ID: <MidnightBSD/src/push/refs/heads/whitesource/configure/000000-2290ee@github.com>

  Branch: refs/heads/whitesource/configure
  Home:   https://github.com/MidnightBSD/src

From noreply at github.com  Sun Aug 29 12:16:16 2021
From: noreply at github.com (Lucas Holt)
Date: Sun, 29 Aug 2021 09:16:16 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src] 37d0b0: Add .whitesource
 configuration file
Message-ID: <MidnightBSD/src/push/refs/heads/master/2290ee-816463@github.com>

  Branch: refs/heads/master
  Home:   https://github.com/MidnightBSD/src
  Commit: 37d0b06a38d255c36a5781ab475a60287ce9c8b0
      https://github.com/MidnightBSD/src/commit/37d0b06a38d255c36a5781ab475a60287ce9c8b0
  Author: whitesource-bolt-for-github[bot] <42819689+whitesource-bolt-for-github[bot]@users.noreply.github.com>
  Date:   2021-08-25 (Wed, 25 Aug 2021)

  Changed paths:
    A .whitesource

  Log Message:
  -----------
  Add .whitesource configuration file


  Commit: 816463d989cc5839c1cca2efb5bf2503408507fb
      https://github.com/MidnightBSD/src/commit/816463d989cc5839c1cca2efb5bf2503408507fb
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2021-08-29 (Sun, 29 Aug 2021)

  Changed paths:
    A .whitesource

  Log Message:
  -----------
  Merge pull request #4 from MidnightBSD/whitesource/configure

Configure WhiteSource Bolt for GitHub


Compare: https://github.com/MidnightBSD/src/compare/2290ee3ef241...816463d989cc

From noreply at github.com  Sun Aug 29 12:16:18 2021
From: noreply at github.com (Lucas Holt)
Date: Sun, 29 Aug 2021 09:16:18 -0700
Subject: [Midnightbsd-cvs] [MidnightBSD/src]
Message-ID: <MidnightBSD/src/push/refs/heads/whitesource/configure/37d0b0-000000@github.com>

  Branch: refs/heads/whitesource/configure
  Home:   https://github.com/MidnightBSD/src