From noreply at github.com Fri Apr 22 13:45:05 2022 From: noreply at github.com (Lucas Holt) Date: Fri, 22 Apr 2022 10:45:05 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] 45fa3c: Update .whitesource Message-ID: Branch: refs/heads/master Home: https://github.com/MidnightBSD/src Commit: 45fa3cbce5ef4bfb4f903de4c1b613fcc9751e95 https://github.com/MidnightBSD/src/commit/45fa3cbce5ef4bfb4f903de4c1b613fcc9751e95 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M .whitesource Log Message: ----------- Update .whitesource From noreply at github.com Fri Apr 22 13:45:59 2022 From: noreply at github.com (Lucas Holt) Date: Fri, 22 Apr 2022 10:45:59 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] Message-ID: Branch: refs/heads/stable/2.2 Home: https://github.com/MidnightBSD/src From noreply at github.com Fri Apr 22 13:57:50 2022 From: noreply at github.com (Lucas Holt) Date: Fri, 22 Apr 2022 10:57:50 -0700 Subject: [Midnightbsd-cvs] [MidnightBSD/src] ef5849: Happy new year Message-ID: Branch: refs/heads/stable/2.2 Home: https://github.com/MidnightBSD/src Commit: ef5849a70777490ebac0189c7bf76b8ab43af987 https://github.com/MidnightBSD/src/commit/ef5849a70777490ebac0189c7bf76b8ab43af987 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M COPYRIGHT M sys/sys/copyright.h Log Message: ----------- Happy new year Commit: c9f50dacc25baeea74dec6634d4d7b292f4bf16d https://github.com/MidnightBSD/src/commit/c9f50dacc25baeea74dec6634d4d7b292f4bf16d Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/amd64/amd64/fpu.c Log Message: ----------- The hard-coded size for state region 1 (SSE/XMM) was incorrect, effectively filling the xmm8 through xmm15 registers with arbitrary values on signal return when the init optimization occurred. Obtained from: FreeBSD Commit: 9b14fa82b28bc26dbcc6d2c7b2c2add9196ed259 https://github.com/MidnightBSD/src/commit/9b14fa82b28bc26dbcc6d2c7b2c2add9196ed259 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/dev/hyperv/pcib/vmbus_pcib.c Log Message: ----------- A Hyper-V vPCI emulation change can cause SR-IOV (Single-Root I/O Virtualization) and DDA (Discrete Device Assignment) devices to fail to operate correctly under Hyper-V. In recent Hyper-V releases on Windows Server 2022, the vPCI code does not initialize the last 4 bit of device registers. This behavior change could result in failure to initialize guest drivers for SR-IOV or DDA devices. Obtained from: FreeBSD Commit: 611a85b63a06cca0cb5518c4018d0453d8e51485 https://github.com/MidnightBSD/src/commit/611a85b63a06cca0cb5518c4018d0453d8e51485 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M crypto/openssl/crypto/bn/bn_sqrt.c Log Message: ----------- Fix an openssl vulnerability. The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. This function is used when parsing certificates that contain certain forms of elliptic curves. A specially crafted certificate with invalid explicit curve parameters may trigger an infinite loop, leading to a denial of service. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may be affected. Commit: 93bb15330591c176529d163ecc9e567072a0049d https://github.com/MidnightBSD/src/commit/93bb15330591c176529d163ecc9e567072a0049d Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/net80211/ieee80211_adhoc.c M sys/net80211/ieee80211_hostap.c M sys/net80211/ieee80211_input.c M sys/net80211/ieee80211_input.h M sys/net80211/ieee80211_ioctl.c M sys/net80211/ieee80211_mesh.c M sys/net80211/ieee80211_node.c M sys/net80211/ieee80211_sta.c M sys/net80211/ieee80211_wds.c Log Message: ----------- The paper "Fragment and Forge: Breaking Wi-Fi Through Frame Aggregation and Fragmentation" reported a number of security vulnerabilities in 802.11 specificaiton related to frame aggregation and fragmentation. Commit: 63441d8ae0b47dba75448b0936347fa0d8704555 https://github.com/MidnightBSD/src/commit/63441d8ae0b47dba75448b0936347fa0d8704555 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M contrib/tzdata/CONTRIBUTING M contrib/tzdata/Makefile M contrib/tzdata/NEWS A contrib/tzdata/SECURITY M contrib/tzdata/africa M contrib/tzdata/antarctica M contrib/tzdata/asia M contrib/tzdata/australasia M contrib/tzdata/backward M contrib/tzdata/backzone M contrib/tzdata/checktab.awk M contrib/tzdata/europe M contrib/tzdata/leap-seconds.list M contrib/tzdata/leapseconds M contrib/tzdata/northamerica M contrib/tzdata/southamerica M contrib/tzdata/theory.html M contrib/tzdata/version M contrib/tzdata/ziguard.awk M contrib/tzdata/zone.tab M contrib/tzdata/zone1970.tab Log Message: ----------- tzdata 2022a Commit: 45752dcd1b513edb56961a09e29b7e4fabea16dc https://github.com/MidnightBSD/src/commit/45752dcd1b513edb56961a09e29b7e4fabea16dc Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/net80211/ieee80211_adhoc.c M sys/net80211/ieee80211_hostap.c M sys/net80211/ieee80211_sta.c M sys/net80211/ieee80211_wds.c Log Message: ----------- Fix some build issues Commit: f1ae15de540ec088c5f5ddfaec566e124de0aaba https://github.com/MidnightBSD/src/commit/f1ae15de540ec088c5f5ddfaec566e124de0aaba Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M contrib/zlib/ChangeLog M contrib/zlib/README M contrib/zlib/contrib/README.contrib A contrib/zlib/contrib/ada/buffer_demo.adb A contrib/zlib/contrib/ada/mtest.adb A contrib/zlib/contrib/ada/read.adb A contrib/zlib/contrib/ada/readme.txt A contrib/zlib/contrib/ada/test.adb A contrib/zlib/contrib/ada/zlib-streams.adb A contrib/zlib/contrib/ada/zlib-streams.ads A contrib/zlib/contrib/ada/zlib-thin.adb A contrib/zlib/contrib/ada/zlib-thin.ads A contrib/zlib/contrib/ada/zlib.adb A contrib/zlib/contrib/ada/zlib.ads A contrib/zlib/contrib/ada/zlib.gpr R contrib/zlib/contrib/asm686/README.686 R contrib/zlib/contrib/asm686/match.S A contrib/zlib/contrib/blast/Makefile A contrib/zlib/contrib/blast/README A contrib/zlib/contrib/blast/blast.c A contrib/zlib/contrib/blast/blast.h A contrib/zlib/contrib/blast/test.pk A contrib/zlib/contrib/blast/test.txt A contrib/zlib/contrib/delphi/ZLib.pas A contrib/zlib/contrib/delphi/ZLibConst.pas A contrib/zlib/contrib/delphi/readme.txt A contrib/zlib/contrib/delphi/zlibd32.mak A contrib/zlib/contrib/dotzlib/DotZLib.build A contrib/zlib/contrib/dotzlib/DotZLib.chm A contrib/zlib/contrib/dotzlib/DotZLib.sln A contrib/zlib/contrib/dotzlib/DotZLib/AssemblyInfo.cs A contrib/zlib/contrib/dotzlib/DotZLib/ChecksumImpl.cs A contrib/zlib/contrib/dotzlib/DotZLib/CircularBuffer.cs A contrib/zlib/contrib/dotzlib/DotZLib/CodecBase.cs A contrib/zlib/contrib/dotzlib/DotZLib/Deflater.cs A contrib/zlib/contrib/dotzlib/DotZLib/DotZLib.cs A contrib/zlib/contrib/dotzlib/DotZLib/DotZLib.csproj A contrib/zlib/contrib/dotzlib/DotZLib/GZipStream.cs A contrib/zlib/contrib/dotzlib/DotZLib/Inflater.cs A contrib/zlib/contrib/dotzlib/DotZLib/UnitTests.cs A contrib/zlib/contrib/dotzlib/LICENSE_1_0.txt A contrib/zlib/contrib/dotzlib/readme.txt M contrib/zlib/contrib/gcc_gvmat64/gvmat64.S A contrib/zlib/contrib/infback9/README A contrib/zlib/contrib/infback9/infback9.c A contrib/zlib/contrib/infback9/infback9.h A contrib/zlib/contrib/infback9/inffix9.h A contrib/zlib/contrib/infback9/inflate9.h A contrib/zlib/contrib/infback9/inftree9.c A contrib/zlib/contrib/infback9/inftree9.h A contrib/zlib/contrib/iostream/test.cpp A contrib/zlib/contrib/iostream/zfstream.cpp A contrib/zlib/contrib/iostream/zfstream.h A contrib/zlib/contrib/iostream2/zstream.h A contrib/zlib/contrib/iostream2/zstream_test.cpp A contrib/zlib/contrib/iostream3/README A contrib/zlib/contrib/iostream3/TODO A contrib/zlib/contrib/iostream3/test.cc A contrib/zlib/contrib/iostream3/zfstream.cc A contrib/zlib/contrib/iostream3/zfstream.h A contrib/zlib/contrib/minizip/Makefile A contrib/zlib/contrib/minizip/Makefile.am A contrib/zlib/contrib/minizip/MiniZip64_Changes.txt A contrib/zlib/contrib/minizip/MiniZip64_info.txt A contrib/zlib/contrib/minizip/configure.ac A contrib/zlib/contrib/minizip/crypt.h A contrib/zlib/contrib/minizip/ioapi.c A contrib/zlib/contrib/minizip/ioapi.h A contrib/zlib/contrib/minizip/iowin32.c A contrib/zlib/contrib/minizip/iowin32.h A contrib/zlib/contrib/minizip/make_vms.com A contrib/zlib/contrib/minizip/miniunz.c A contrib/zlib/contrib/minizip/miniunzip.1 A contrib/zlib/contrib/minizip/minizip.1 A contrib/zlib/contrib/minizip/minizip.c A contrib/zlib/contrib/minizip/minizip.pc.in A contrib/zlib/contrib/minizip/mztools.c A contrib/zlib/contrib/minizip/mztools.h A contrib/zlib/contrib/minizip/unzip.c A contrib/zlib/contrib/minizip/unzip.h A contrib/zlib/contrib/minizip/zip.c A contrib/zlib/contrib/minizip/zip.h A contrib/zlib/contrib/pascal/example.pas A contrib/zlib/contrib/pascal/readme.txt A contrib/zlib/contrib/pascal/zlibd32.mak A contrib/zlib/contrib/pascal/zlibpas.pas A contrib/zlib/contrib/puff/Makefile A contrib/zlib/contrib/puff/README A contrib/zlib/contrib/puff/puff.c A contrib/zlib/contrib/puff/puff.h A contrib/zlib/contrib/puff/pufftest.c A contrib/zlib/contrib/puff/zeros.raw A contrib/zlib/contrib/testzlib/testzlib.c A contrib/zlib/contrib/testzlib/testzlib.txt A contrib/zlib/contrib/untgz/Makefile A contrib/zlib/contrib/untgz/Makefile.msc A contrib/zlib/contrib/untgz/untgz.c A contrib/zlib/contrib/vstudio/readme.txt A contrib/zlib/contrib/vstudio/vc10/miniunz.vcxproj A contrib/zlib/contrib/vstudio/vc10/miniunz.vcxproj.filters A contrib/zlib/contrib/vstudio/vc10/minizip.vcxproj A contrib/zlib/contrib/vstudio/vc10/minizip.vcxproj.filters A contrib/zlib/contrib/vstudio/vc10/testzlib.vcxproj A contrib/zlib/contrib/vstudio/vc10/testzlib.vcxproj.filters A contrib/zlib/contrib/vstudio/vc10/testzlibdll.vcxproj A contrib/zlib/contrib/vstudio/vc10/testzlibdll.vcxproj.filters A contrib/zlib/contrib/vstudio/vc10/zlib.rc A contrib/zlib/contrib/vstudio/vc10/zlibstat.vcxproj A contrib/zlib/contrib/vstudio/vc10/zlibstat.vcxproj.filters A contrib/zlib/contrib/vstudio/vc10/zlibvc.def A contrib/zlib/contrib/vstudio/vc10/zlibvc.sln A contrib/zlib/contrib/vstudio/vc10/zlibvc.vcxproj A contrib/zlib/contrib/vstudio/vc10/zlibvc.vcxproj.filters A contrib/zlib/contrib/vstudio/vc11/miniunz.vcxproj A contrib/zlib/contrib/vstudio/vc11/minizip.vcxproj A contrib/zlib/contrib/vstudio/vc11/testzlib.vcxproj A contrib/zlib/contrib/vstudio/vc11/testzlibdll.vcxproj A contrib/zlib/contrib/vstudio/vc11/zlib.rc A contrib/zlib/contrib/vstudio/vc11/zlibstat.vcxproj A contrib/zlib/contrib/vstudio/vc11/zlibvc.def A contrib/zlib/contrib/vstudio/vc11/zlibvc.sln A contrib/zlib/contrib/vstudio/vc11/zlibvc.vcxproj A contrib/zlib/contrib/vstudio/vc12/miniunz.vcxproj A contrib/zlib/contrib/vstudio/vc12/minizip.vcxproj A contrib/zlib/contrib/vstudio/vc12/testzlib.vcxproj A contrib/zlib/contrib/vstudio/vc12/testzlibdll.vcxproj A contrib/zlib/contrib/vstudio/vc12/zlib.rc A contrib/zlib/contrib/vstudio/vc12/zlibstat.vcxproj A contrib/zlib/contrib/vstudio/vc12/zlibvc.def A contrib/zlib/contrib/vstudio/vc12/zlibvc.sln A contrib/zlib/contrib/vstudio/vc12/zlibvc.vcxproj A contrib/zlib/contrib/vstudio/vc14/miniunz.vcxproj A contrib/zlib/contrib/vstudio/vc14/minizip.vcxproj A contrib/zlib/contrib/vstudio/vc14/testzlib.vcxproj A contrib/zlib/contrib/vstudio/vc14/testzlibdll.vcxproj A contrib/zlib/contrib/vstudio/vc14/zlib.rc A contrib/zlib/contrib/vstudio/vc14/zlibstat.vcxproj A contrib/zlib/contrib/vstudio/vc14/zlibvc.def A contrib/zlib/contrib/vstudio/vc14/zlibvc.sln A contrib/zlib/contrib/vstudio/vc14/zlibvc.vcxproj A contrib/zlib/contrib/vstudio/vc9/miniunz.vcproj A contrib/zlib/contrib/vstudio/vc9/minizip.vcproj A contrib/zlib/contrib/vstudio/vc9/testzlib.vcproj A contrib/zlib/contrib/vstudio/vc9/testzlibdll.vcproj A contrib/zlib/contrib/vstudio/vc9/zlib.rc A contrib/zlib/contrib/vstudio/vc9/zlibstat.vcproj A contrib/zlib/contrib/vstudio/vc9/zlibvc.def A contrib/zlib/contrib/vstudio/vc9/zlibvc.sln A contrib/zlib/contrib/vstudio/vc9/zlibvc.vcproj M contrib/zlib/crc32.c M contrib/zlib/crc32.h M contrib/zlib/deflate.c M contrib/zlib/deflate.h A contrib/zlib/doc/crc-doc.1.0.pdf M contrib/zlib/doc/txtvsbin.txt M contrib/zlib/gzguts.h M contrib/zlib/gzlib.c M contrib/zlib/gzread.c M contrib/zlib/gzwrite.c M contrib/zlib/infback.c M contrib/zlib/inffast.c M contrib/zlib/inflate.c M contrib/zlib/inflate.h M contrib/zlib/inftrees.c M contrib/zlib/test/example.c M contrib/zlib/trees.c M contrib/zlib/zconf.h M contrib/zlib/zlib.3 M contrib/zlib/zlib.h M contrib/zlib/zlib.map M contrib/zlib/zutil.c M contrib/zlib/zutil.h M lib/libz/zlib.pc Log Message: ----------- Update zlib to 1.2.12 Commit: df7facc8f7d15a50ffbd15649c3e49a876a2ad74 https://github.com/MidnightBSD/src/commit/df7facc8f7d15a50ffbd15649c3e49a876a2ad74 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M usr.sbin/bhyve/pci_e82545.c Log Message: ----------- The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an on-stack buffer to generate the modified packet header when simulating these modifications on transmitted packets. When checksum offload is requested for a transmitted packet, the e1000 device model used a guest-provided value to specify the checksum offset in the on- stack buffer. The offset was not validated for certain packet types. Obtained from: FreeBSD Commit: a46d8f642863c5e86714361824325919aa8b5444 https://github.com/MidnightBSD/src/commit/a46d8f642863c5e86714361824325919aa8b5444 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/dev/mpr/mpr_user.c M sys/dev/mps/mps_user.c M sys/dev/mpt/mpt_user.c Log Message: ----------- Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and mpt drivers allocated a buffer of a caller-specified size, but copied to it a fixed size header. Other heap content would be overwritten if the specified size was too small. Obtained from: FreeBSD Commit: c95824fc2e2fc449d087eecee92ff823284dce24 https://github.com/MidnightBSD/src/commit/c95824fc2e2fc449d087eecee92ff823284dce24 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/net80211/ieee80211_input.c Log Message: ----------- The 802.11 beacon handling routine failed to validate the length of an IEEE 802.11s Mesh ID before copying it to a heap-allocated buffer. Obtained from: FreeBSD Commit: f0b8e5b03f92ed25935333f1a0b3c9024f275bb9 https://github.com/MidnightBSD/src/commit/f0b8e5b03f92ed25935333f1a0b3c9024f275bb9 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/dev/netmap/netmap.c Log Message: ----------- The netmap_ioctl() function has a reference counting bug in case of NETMAP_REQ_PORT_INFO_GET command. When `hdr->nr_name[0] == '\0'`, the function does not decrease the refcount of "nmd", which is increased by netmap_mem_find(), causing a refcount leak. Obtained from: FreeBSD, commit hash 4019787f50a2826e9a4bba6e70868467b3d6081a Commit: 01d11a57295e728f0f262b8c5b5a8b65c285e11e https://github.com/MidnightBSD/src/commit/01d11a57295e728f0f262b8c5b5a8b65c285e11e Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/dev/netmap/netmap.c Log Message: ----------- An unsanitized field in an option could be abused, causing an integer overflow followed by kernel memory corruption. This might be used to escape jails/containers. Security: CVE-2022-23085 Obtained from: FreeBSD, 606f528decc334d9a56ef760b0815c6d56060dbe Commit: 5bb1a3916683039c5e24f193a00eba4668be1407 https://github.com/MidnightBSD/src/commit/5bb1a3916683039c5e24f193a00eba4668be1407 Author: Lucas Holt Date: 2022-04-22 (Fri, 22 Apr 2022) Changed paths: M sys/dev/netmap/netmap.c Log Message: ----------- netmap: Fix TOCTOU vulnerability in nmreq_copyin The total size of the user-provided nmreq was first computed and then trusted during the copyin. This might lead to kernel memory corruption and escape from jails/containers. Security: CVE-2022-23084 Obtained from: FreeBSD, 725c70d8153f4bddf95bdd07e2c7b4b9399643f6 Compare: https://github.com/MidnightBSD/src/compare/a134395a298a...5bb1a3916683