G/C unused variable/code

(skrll)

Actually create the "done" files, and test them for existence.

(apb)

Make more compile time options the same as the pkgsrc version

(martin)

zoneinfo: Import tzdata2015b. [apb 20150321]
Also s/tzdata/tzcode in another line.

(apb)

We have tzdata2015b.

(apb)

Update tzdata2netbsd for tzdata2015b.

* Edit version numbers.
* Make the script deal better with being re-run multiple times.  It
  now keeps a status file for each non-trivial step, and doesn't repeat
  the step if the sttaus file exists.
* Instead of spawning a subshell to resolve merge conflicts, print a message
  and exit, with a suggestion to rte-run the script after conflicts
  are resolved.
* Check whether there are any conflicts before trying to do anything
  about conflicts.

(apb)

Whitespace.

(skrll)

COnvert to USBHIST

(skrll)

Convert to USBHIST

(skrll)

No, PQ_ANON is set only if owned by anon, not if loaned to anon.

(riastradh)

In a "native" build, this file is postprocessed by a perl script and some
lines are changed into either #define SOMETHING or #undef SOMETHING,
but in our in-tree build it is installed verbatim - so comment out all
#undef parts, to allow our makefile fragments to freely -DSOMETHING
and not have it silently canceld here.

(martin)

Address O->A loan case in comments, pointed out by chs@.

(riastradh)

Elaborate on locking scheme and vm_page states.

(riastradh)

Add prefixes to attach_arg structure member names. No functional change.

(skrll)

Trailing whitespace

(skrll)

Remove unnecessary attachment arg pointer dance.

(skrll)

Remove unnecessary attachment arg pointer dance.

(skrll)

Whitespace

(skrll)

631 & 598

(snj)

Pull up following revision(s) (requested by jmcneill in ticket #598):
sys/arch/arm/amlogic/amlogic_board.c: up to revision 1.9
    sys/arch/arm/amlogic/amlogic_canvasreg.h: revision 1.1
    sys/arch/arm/amlogic/amlogic_com.c: up to revision 1.4
    sys/arch/arm/amlogic/amlogic_comreg.h: up to revision 1.3
sys/arch/arm/amlogic/amlogic_comvar.h: revision 1.1
sys/arch/arm/amlogic/amlogic_cpufreq.c: up to revision 1.2
    sys/arch/arm/amlogic/amlogic_crureg.h: up to revision 1.7
    sys/arch/arm/amlogic/amlogic_dwctwo.c: up to revision 1.2
    sys/arch/arm/amlogic/amlogic_genfb.c: revision 1.1
sys/arch/arm/amlogic/amlogic_gmac.c: up to revision 1.2
sys/arch/arm/amlogic/amlogic_hdmireg.h: revision 1.1
    sys/arch/arm/amlogic/amlogic_intr.h: up to revision 1.5
    sys/arch/arm/amlogic/amlogic_io.c: up to revision 1.7
    sys/arch/arm/amlogic/amlogic_reg.h: up to revision 1.9
sys/arch/arm/amlogic/amlogic_rng.c: revision 1.1
    sys/arch/arm/amlogic/amlogic_sdhc.c: up to revision 1.3
    sys/arch/arm/amlogic/amlogic_sdhcreg.h: revision 1.1
    sys/arch/arm/amlogic/amlogic_space.c: revision 1.1
    sys/arch/arm/amlogic/amlogic_var.h: up to revision 1.8
    sys/arch/arm/amlogic/amlogic_vpureg.h: revision 1.1
sys/arch/arm/arm/bootconfig.c: revisions 1.7-1.8
sys/arch/arm/conf/files.arm: revision 1.129
sys/arch/arm/cortex/pl310.c: revisions 1.16-1.17
sys/arch/arm/cortex/a9_mpsubr.S: revisions 1.25-1.29
sys/arch/arm/cortex/a9tmr.c: revisions 1.8-1.12
sys/arch/arm/cortex/a9tmr_var.h: revision 1.4
sys/arch/arm/cortex/a9wdt.c: revisions 1.3-1.4
sys/arch/arm/cortex/armperiph.c: revisions 1.5-1.7
sys/arch/arm/arm/cpufunc.c: revision 1.151
sys/arch/arm/include/bootconfig.h: revision 1.7
sys/arch/arm/include/locore.h: revision 1.19
sys/arch/evbarm/amlogic/amlogic_machdep.c: up to revision 1.17
    sys/arch/evbarm/amlogic/amlogic_start.S: up to revision 1.2
    sys/arch/evbarm/amlogic/genassym.cf: revision 1.1
    sys/arch/evbarm/amlogic/platform.h: revision 1.1
    sys/arch/evbarm/conf/files.amlogic: up to revision 1.8
sys/arch/evbarm/conf/std.amlogic: up to revision 1.2
sys/arch/evbarm/conf/mk.amlogic: revision 1.1
    sys/arch/evbarm/conf/ODROID-C1: up to revision 1.12
    sys/arch/evarm/conf/ODROID-C1_INSTALL: revision 1.1
Don't use not as a variable since it's reserved in C++.
--
clean the a9 l2 cache before turning it on.
--
Add Cortex-A17 support
--
Fix CORTEXA17 support
--
Let the "cbar" device property override the cbar value, to work around
broken bootloaders
--
add a helper to update a9tmr frequency
--
detach and re-attach timecounter when updating freq, and reinit timer on
each cpu
--
fix typo
--
add BOOTOPT_TYPE_MACADDR for parsing mac address parameters
--
make sure we set ACTLR.SMP=1 for CPU_CORTEXA5 in !MP case, ok matt@
--
According to the Cortex-A5 TRM, the CBAR register is not implemented and
always reads as 0x00000000. Add ARM_CBAR option to set this in kernel
config.
--
skip a TLBIALL on Cortex-A5 that stops my odroid-c1 from booting, ok matt
--
match on Cortex-A5
--
match on Cortex-A5
--
allow arml2cc to be used on Cortex-A5 if the "offset" property is specified
--
print "A5" instead of "A9" at attach time if running on a Cortex-A5
--
Improve inline asm around dsb/dmb/isb:
- always use volatile and mark them as memory barrier
- use the common version from locore.h in all places not included from
  userland
--
Work-in-progress Odroid-C1 support.
--
no need to override ARM_CBAR, remove unused COM_16750 option
--
Add basic serial console support.
--
add dwctwo and usb devices
--
ODROID-C1 SMP support.
--
auto-detect RAM size
--
ODROID-C1 onboard ethernet support.
--
add amlogicrng, add commented-out genfb placeholder
--
enable amlogicsdhc
--
add ODROID-C1 install kernel
--
Add CPUFREQ option to set boot CPU frequency. ODROID-C1 is advertised
as quad-core 1.5GHz but boots up at 1.2GHz; add CPUFREQ=1512 to config
and make sure to set the correct speed before attaching CPUs.
The speed can still be scaled down with machdep.cpu sysctls.
--
disable DEBUG, LOCKDEBUG, VERBOSE_INIT_ARM
--
Basic framebuffer console support. Work in progress.

(snj)

Pull up following revision(s) (requested by jmcneill in ticket #631):
sys/dev/wscons/wsconsio.h: revision 1.112 via patch
sys/dev/wsfb/genfb.c: revision 1.57
add WSDISPLAY_TYPE_MESON
--
support 24bpp framebuffers

(snj)

Un-wrap two lines.

(skrll)

one more white space -> tab.

(isaki)

Rewrite ilog2's test.  PR lib/49745.
- Reorganize ilog2_basic to ilog2_32bit, ilog2_64bit and ilog2_const.
  ilog2_const is compile-time test for __builtin_constant_p() part of
  current ilog2() implementation.
- Remove fully meaningless ilog2_log2.  So this part of PR misc/44767
  is no longer present.

(isaki)

Basic framebuffer console support. Work in progress.

(jmcneill)

npfctl:
- Fix the filter criteria when to/from is omitted but port used.
- Print more user-friendly error if an NPF table has a duplicate entry.

(rmind)

NPF: replace the TAILQ of the dynamic rules with a linked list and fix the
inheriting of the active dynamic rules during the reload; also, fix a bug
in the insert path by putting a memory barrier in the right place.

(rmind)

support 24bpp framebuffers

(jmcneill)

add WSDISPLAY_TYPE_MESON

(jmcneill)

Zero-fill the ELF auxiliary vectors. Otherwise, on 64bit systems, the
padding between a_v and a_type contains kernel garbage, therefore
exposed to userland.

Original report by uebayasi@

(maxv)

copyright maintenance, note shm@ in the manual and update the CHANGES
for recent changes.  call this 20150320.

(mrg)

don't quote /.  it doesn't work.  this should fix PR#49765.

(mrg)

Comments explaining UBC_* flags.

(riastradh)

regen.

(msaitoh)

Add MegaRAID SAS3108

(msaitoh)

Tweak wording.

(riastradh)

Elaborate on how our ad-hack symbol versioning works.  Tweak style.

(riastradh)

First draft of documentation for the libc symbol madness.

Currently describes only what we do, not why we do it.

(riastradh)

Add Intel C61x and X99 devices.

(msaitoh)

regen.

(msaitoh)

Add Xeon E5 v3 and C61x devices.

(msaitoh)

Only use -fno-integrated-as for clang

(martin)

Trailing whitespace

(skrll)

don't take the device lock when stopping the uhidev.  that calls
to abort and close pipes, both of which may take an adaptive lock.

fixes a LOCKDEBUG abort see on one particular machine.

(mrg)

Remove extra )

(matt)

fix copyright & license, make it explicit that this driver is based on
OpenBSD's ifb driver

(macallan)

Not only check to see if we own the VFP but that the VFP is enabled.

(matt)

These are expressions, not statements.  No semicolon.

(riastradh)

Call libc's fpgetround.

(joerg)

Build the AES sources with -fno-integrate-assembler for Clang.

(joerg)

Fix paths in previous.

(riz)

Fix paths in previous.

(riz)

Fix paths in previous.

(riz)

Do the same as OpenBSD and get rid of the *_handle typedefs and use
plain structures insteads

(skrll)

Move initialization of XUIO_XUZC_PRIV out of #ifdef PORT_SOLARIS.

This code is not currently used, so no functional change, but it may
be used when we hook zfs into the ubc.

(riastradh)

Ticket 625

(riz)

Pull up following revision(s) (requested by spz in ticket #625):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

Ticket 1281

(riz)

Pull up following revision(s) (requested by spz in ticket #1281):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

Ticket 1281

(riz)

Pull up following revision(s) (requested by spz in ticket #1281):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

Ticket 1281

(riz)

Pull up following revision(s) (requested by spz in ticket #1281):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

Ticket 1594.

(riz)

Pull up following revision(s) (requested by spz in ticket #1954):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

Ticket 1594

(riz)

Pull up following revision(s) (requested by spz in ticket #1954):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

Ticket 1594.

(riz)

Pull up following revision(s) (requested by spz in ticket #1954):
crypto/external/bsd/openssl/dist/ssl/s2_lib.c: revision 1.3
crypto/external/bsd/openssl/dist/crypto/asn1/a_type.c: revision 1.2
crypto/external/bsd/openssl/dist/doc/crypto/d2i_X509.pod: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_doit.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/pkcs7/pk7_lib.c: revision 1.2
crypto/external/bsd/openssl/dist/ssl/s2_srvr.c: revision 1.2
crypto/external/bsd/openssl/dist/crypto/asn1/tasn_dec.c: revision 1.2
patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:
OpenSSL Security Advisory [19 Mar 2015]
=======================================
Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================
Severity: High
This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".
This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.
This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.
Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================
Severity: Moderate
The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33
This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.
ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================
Severity: Moderate
Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.
Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a
This issue was discovered by Emilia K舖per and a fix developed by
Stephen Henson of the OpenSSL development team.
PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================
Severity: Moderate
The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.
Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9
This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K舖per of the OpenSSL
development team.
Base64 decode (CVE-2015-0292)
=============================
Severity: Moderate
A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.
This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.
The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.
DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================
Severity: Moderate
A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086
This issue was discovered by Sean Burford (Google) and Emilia K舖per
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K舖per.
Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================
Severity: Low
A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.
X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================
Severity: Low
The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.
This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.
** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(riz)

patches for todays' OpenSSL security advisory from OpenSSL, as relevant
to NetBSD base:

OpenSSL Security Advisory [19 Mar 2015]
=======================================

Reclassified: RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)
============================================================================

Severity: High

This security issue was previously announced by the OpenSSL project and
classified as "low" severity. This severity rating has now been changed to
"high".

This was classified low because it was originally thought that server RSA
export ciphersuite support was rare: a client was only vulnerable to a MITM
attack against a server which supports an RSA export ciphersuite. Recent
studies have shown that RSA export ciphersuites support is far more common.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

** issue already committed see last release **
OpenSSL 1.0.1 users should upgrade to 1.0.1k.
OpenSSL 1.0.0 users should upgrade to 1.0.0p.
OpenSSL 0.9.8 users should upgrade to 0.9.8zd.

This issue was reported to OpenSSL on 22nd October 2014 by Karthikeyan
Bhargavan of the PROSECCO team at INRIA. The fix was developed by Stephen
Henson of the OpenSSL core team. It was previously announced in the OpenSSL
security advisory on 8th January 2015.

Segmentation fault in ASN1_TYPE_cmp (CVE-2015-0286)
===================================================

Severity: Moderate

The function ASN1_TYPE_cmp will crash with an invalid read if an attempt is
made to compare ASN.1 boolean types. Since ASN1_TYPE_cmp is used to check
certificate signature algorithm consistency this can be used to crash any
certificate verification operation and exploited in a DoS attack. Any
application which performs certificate verification is vulnerable including
OpenSSL clients and servers which enable client authentication.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 1b8ac2b07d02207f2b88e0b009b0bff4ef7eda96

OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit ee5a1253285e5c9f406c8b57b0686319b70c07d8

OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1e3ca524cb38ec92deea37629718e98aba43bc5d

OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 7058bd1712828a78d34457b1cfc32bdc1e6d3d33

This issue was discovered and fixed by Stephen Henson of the OpenSSL
development team.

ASN.1 structure reuse memory corruption (CVE-2015-0287)
=======================================================

Severity: Moderate

Reusing a structure in ASN.1 parsing may allow an attacker to cause
memory corruption via an invalid write. Such reuse is and has been
strongly discouraged and is believed to be rare.

Applications that parse structures containing CHOICE or ANY DEFINED BY
components may be affected. Certificate parsing (d2i_X509 and related
functions) are however not affected. OpenSSL clients and servers are
not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit 0ca8edbe6ec402e39c9e095f8ae11dba8fa93fc1

OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a9f34a7aac5fd89f33a34fb71e954b85fbf35875

OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit d96692c933fe02829c3e922bf7f239e0bd003759

OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit 5722767d5dc1a3b5505058fe27877fc993fe9a5a

This issue was discovered by Emilia K辰sper and a fix developed by
Stephen Henson of the OpenSSL development team.

PKCS7 NULL pointer dereferences (CVE-2015-0289)
===============================================

Severity: Moderate

The PKCS#7 parsing code does not handle missing outer ContentInfo correctly.
An attacker can craft malformed ASN.1-encoded PKCS#7 blobs with
missing content and trigger a NULL pointer dereference on parsing.

Applications that verify PKCS#7 signatures, decrypt PKCS#7 data or
otherwise parse PKCS#7 structures from untrusted sources are
affected. OpenSSL clients and servers are not affected.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit e0d6a791c53b64da64277c5565eb89b1cb149fc3

OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit d3d52c73544bba800c2a8f5ef3376358158cf2ca

OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit 1f858109d0556b5864bb6a0aa3e2d177b1cc4552

OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit f20caf7f66cb1eb9ba9562e6097bc7b64d207cb9

This issue was reported to OpenSSL on February 16th 2015 by Michal
Zalewski (Google) and a fix developed by Emilia K辰sper of the OpenSSL
development team.

Base64 decode (CVE-2015-0292)
=============================

Severity: Moderate

A vulnerability existed in previous versions of OpenSSL related to the
processing of base64 encoded data. Any code path that reads base64 data from an
untrusted source could be affected (such as the PEM processing routines).
Maliciously crafted base 64 data could trigger a segmenation fault or memory
corruption. This was addressed in previous versions of OpenSSL but has not been
included in any security advisory until now.

This issue affects OpenSSL versions: 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.1 users should upgrade to 1.0.1h.
OpenSSL 1.0.0 users should upgrade to 1.0.0m.
OpenSSL 0.9.8 users should upgrade to 0.9.8za.

The fix for this issue can be identified by commits d0666f289a (1.0.1),
84fe686173 (1.0.0) and 9febee0272 (0.9.8). This issue was originally reported by
Robert Dugal and subsequently by David Ramos.

DoS via reachable assert in SSLv2 servers (CVE-2015-0293)
=========================================================

Severity: Moderate

A malicious client can trigger an OPENSSL_assert (i.e., an abort) in
servers that both support SSLv2 and enable export cipher suites by sending
a specially crafted SSLv2 CLIENT-MASTER-KEY message.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2a
commit b29d57f20d4821a9d3f4e19673a89615e4c6fcf0

OpenSSL 1.0.1 users should upgrade to 1.0.1m.
commit a40c1bcb8c37fbad24d8f28f0fb0204d76f0fee2

OpenSSL 1.0.0 users should upgrade to 1.0.0r.
commit ee4435e5b587879e7bd66df10d4d9ec274e2b163

OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
commit ab646ee5a6a7b8cace425a617a053ad6d7977086

This issue was discovered by Sean Burford (Google) and Emilia K辰sper
(OpenSSL development team) in March 2015 and the fix was developed by
Emilia K辰sper.

Use After Free following d2i_ECPrivatekey error (CVE-2015-0209)
===============================================================

Severity: Low

A malformed EC private key file consumed via the d2i_ECPrivateKey function could
cause a use after free condition. This, in turn, could cause a double
free in several private key parsing functions (such as d2i_PrivateKey
or EVP_PKCS82PKEY) and could lead to a DoS attack or memory corruption
for applications that receive EC private keys from untrusted
sources. This scenario is considered rare.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0 and 0.9.8.

** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://github.com/openssl/openssl/commit/1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a

This issue was discovered by the BoringSSL project and fixed in their commit
517073cd4b. The OpenSSL fix was developed by Matt Caswell of the OpenSSL
development team.

X509_to_X509_REQ NULL pointer deref (CVE-2015-0288)
===================================================

Severity: Low

The function X509_to_X509_REQ will crash with a NULL pointer dereference if
the certificate key is invalid. This function is rarely used in practice.

This issue affects all current OpenSSL versions: 1.0.2, 1.0.1, 1.0.0
and 0.9.8.

** issue already committed **
OpenSSL 1.0.2 users should upgrade to 1.0.2a
OpenSSL 1.0.1 users should upgrade to 1.0.1m.
OpenSSL 1.0.0 users should upgrade to 1.0.0r.
OpenSSL 0.9.8 users should upgrade to 0.9.8zf.
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9

This issue was discovered by Brian Carpenter and a fix developed by Stephen
Henson of the OpenSSL development team.

References
==========

URL for this Security Advisory:
https://www.openssl.org/news/secadv_20150319.txt

Note: the online version of the advisory may be updated with additional
details over time.

For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html

(spz)

Sync ixg(4) up to FreeBSD r230572.

- Fix in the interrupt handler to make sure the stack TX queue is processed.
  (FreeBSD r222588)
- The maximum read size of incoming packets is done in 1024-byte increments.
  The current code was rounding down the maximum frame size instead of
  routing up, resulting in a read size of 1024 bytes, in the non-jumbo
  frame case, and splitting the packets across multiple mbufs.
  (FreeBSD r225045)
- Consequently the above problem exposed another issue, which is when
  packets were splitted across multiple mbufs, and all of the mbufs in the
  chain have the M_PKTHDR flag set. (FreeBSD r225045)
- Use the correct constant for conversion between interrupt rate
  and EITR values (the previous values were off by a factor of 2)
  (FreeBSD r230572)
- Make dev.ix.N.queueM.interrupt_rate a RW sysctl variable. Changing
  individual values affects the queue immediately, and propagates to all
  interfaces at the next reinit. (FreeBSD r230572)
- Add dev.ix.N.queueM.irqs rdonly sysctl, to export the actual interrupt
  counts. (FreeBSD r230572)
- Some netmap related changes.

(msaitoh)

add SMBus registers

(macallan)

spin up SMBus clocks before attaching drivers
TODO: only enable clocks for drivers that actually attach

(macallan)

Remove #ifdef MAP_INHERIT_ZERO.

This is essential for fork-safety, so don't merely #warn about it.
Attaining fork-safety without it requires restructuring things -- in
particular, there's no clear way to make it per-thread and fork-safe
without some global list of states to zero on fork.

(riastradh)

disable DEBUG, LOCKDEBUG, VERBOSE_INIT_ARM

(jmcneill)

Ensure _lwp_setcontext gets consistent language binding.

(joerg)

Switch to the suggested constant-time result conversion.

Not hard to find CPU/compiler combinations with branches for `!res'.

While here, make everything unsigned for good measure.

(riastradh)

Update build glue for LLVM/Clang r232565.

(joerg)

Mark files without clang-232565 / llvm-232565 tag as dead.

(joerg)

1149 and 1952

(snj)

regen for ticket 1149

(snj)

Pull up following revision(s) (requested by joerg in ticket #1149):
sys/compat/linux32/arch/amd64/syscalls.master: revisions 1.52, 1.53 via patch
sys/compat/linux32/common/linux32_misc.c: revision 1.17 via patch
sys/compat/linux32/common/linux32_stat.c: revision 1.14-1.16 via patch
Fix inverted lst_ino/__lst_ino assignment in linux32_from_stat().
--
Cleanup (no functional changes).
Kill some unneeded variables and return stattement.
Rename linux32_from_stat() to better bsd_to_linux32_stat64().
Fix some types.
Add stat/lstat/fstat syscalls.
--
Add fstatfs syscall.

(snj)

Pull up following revision(s) (requested by nakayama in ticket #1952):
sys/dev/cons.c: revision 1.74
Fix strange kernel output sequence "\n\r" observed in serial
consoles.  Output '\r' before '\n' in conversion.

(snj)

Expose usbd_xfer_isread

(skrll)

New sentence, new line. Fix typos. Bump date for previous.

(wiz)

Add iflag and oflag operands to dd(1)

Like GNU dd(1) similar operands, iflag and oflag allow specifying the
O_* flags given to open(2) for the input and the output file. The values
are comma-sepratated, lower-case, O_ prefix-stripped constants documented
in open(2).

Since iflag and oflag override default values, specifying oflag means
O_CREATE is not set by default and must be specified explicitely.

Some values do not make sense (e.g.: iflag=directory) but are still used
and will raise a warning. For oflag, values rdonly, rdwr and wronly are
filtered out with a warning (dd(1) attempts open(2) with O_RDWR and
then O_WRONLY on failure).

Specifying oflag=trunc along with (seek, oseek or conv=notrunc) is
contradictory and will raise an error.

iflag and oflag are disabled if building with -DMALLPROG

(manu)

"rump" -> "rump kernel" police

(pooka)

tickets 597, 599-605, 607, 609-613, 615, 62[23]

(snj)

Pull up following revision(s) (requested by riastradh in ticket #607):
share/man/man9/pserialize.9: revisions 1.4-1.8
Expand pserialize(9) example to include publish, read, and destroy.
--
Bump date.
--
Fix typo: pserialize_read_exit(s), not s = pserialize_read_exit().
--
Elaborate comment before pserialize_perform.
--
Use membar_consumer until we have membar_datadep_consumer.

(snj)

Pull up following revision(s) (requested by joerg in ticket #616):
sys/arch/arm/include/fenv.h: revision 1.3
__BEGIN_DECLS and __END_DECLS only exist if sys/cdefs.h was included.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #613):
share/man/man9/uvm_km.9: revision 1.4
Clarify uvm_km_alloc is contiguous and zero result means fail.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #612):
sys/arch/amd64/include/pmap.h: revision 1.35
Bump amd64 module map size to 32 MB.
For lack of anything better to do, after no progress in discussion on
the matter:
https://mail-index.netbsd.org/port-amd64/2014/08/22/msg002108.html
Needed in order to load the (solaris module needed by) dtrace module.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #611):
doc/BUILDING.mdoc: revision 1.111
Use `It Sy', not just `It', for live-image, to match other targets.
No change to plain-text BUILDING file.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #610):
lib/libc/string/consttime_memequal.3: revision 1.3, 1.4
Commit to returning 1, not any nonzero value.
--
bump year

(snj)

Pull up following revision(s) (requested by riastradh in ticket #609):
usr.bin/vndcompress/Makefile: revision 1.14
usr.bin/vndcompress/vndcompress.c: revision 1.25
Fix vndcompress restart failure fallback when input is a pipe.
Defer seeking the *input* image, or winding it forward, until we are
certain we all ready in the cloop2 output, because when the input
image is a pipe, we don't get a chance to seek back to the beginning
and start from the top instead of restarting.
If restart does fail, don't try to seek the input image back to the
beginning unless we had already tried to seek or wind it forward.
Add some automatic tests for this and related cases.
XXX pullup to netbsd-7, netbsd-6

(snj)

Pull up following revision(s) (requested by mrg in ticket #623):
xsrc/external/mit/xorg-server/dist/hw/xfree86/os-support/bsd/bsd_init.c: revision 1.7
remove \n\n that confuses the Xorg log file.

(snj)

Pull up following revision(s) (requested by mrg in ticket #622):
games/tetris/tetris.6: revision 1.15
games/tetris/tetris.c: revision 1.28
add a 'down' key to tetris, defaulting to 'n'.  it move the block down
a line, if it fits.  like most other tetris games have.
minor clean up of magic number usage while here.

(snj)

Pull up following revision(s) (requested by mrg in ticket #615):
share/mk/bsd.README: revision 1.339
fix the description of MKX11RADEONKMS, as pointed out in PR#49753.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #605):
share/man/man9/cprng.9: revision 1.10
Clarify advice about when to use what parts of cprng(9).
Add security model to specify the difference between cprng_strong and
cprng_fast.
Fix code references.  cprng_fast now uses ChaCha8, not RC4.
XXX Would have been nice if they had been called cprng and cprng_weak
to reduce confusion about which one to use, or even random and
weakrandom.  Too late for that now, though.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #604):
usr.bin/ktrace/ktrace.1: revision 1.43
Omit no longer existing l, m from default trace points.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #603):
share/man/man4/rnd.4: revision 1.21
Rewrite /dev/random man page.
- Describe application usage up front.
- State the security model.
- Explain entropy.
- Describe current implementation strategy near the bottom.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #602):
lib/libc/stdio/fopen.3: revision 1.30
Use Pq to avoid space before O_EXCL.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #601):
share/man/man2/siginfo.2: revision 1.7
Fix some typos and make style more consistent.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #597):
lib/libc/gen/arc4random.c: revisions 1.26-1.28
lib/libc/gen/arc4random.3:: revisions 1.10-1.19
Rewrite arc4random(3) with ChaCha20-based PRNG and per-thread state.
Explain the security model in the man page.
No more RC4!
--
Grammar.
--
Note relation of arc4random(3) to rand(3)/random(3).
--
Ruminate on security model choices and API design in arc4random(3).
--
Amplify comment about how quickly RC4 was known to be bad.
--
Markup for BUGS note about arc4random_uniform.
--
Cross-reference rnd(4).
--
Remove unnecessary Ns before punctuation. Fix a line.
--
Fix Google Groups link.
--
Tweak wording, define `output', remove misplaced scaremongering.
--
Fix non _REENTRANT build.
--
Use ChaCha20 here as advertised, not ChaCha8.
Oops.
Fortunately, there is no public cryptanalysis even of ChaCha8: the
best published attack is on ChaCha7 with time complexity 2^248.

(snj)

Pull up following revision(s) (requested by riastradh in ticket #600):
common/lib/libc/arch/alpha/atomic/membar_ops.S: revision 1.7
lib/libc/atomic/membar_ops.3: revision 1.4
sys/arch/alpha/include/types.h: revision 1.50
sys/sys/atomic.h: revision 1.13
Introduce membar_datadep_consumer.
Discussed briefly on tech-kern without objection:
https://mail-index.netbsd.org/tech-kern/2014/11/20/msg018054.html
https://mail-index.netbsd.org/tech-kern/2015/01/07/msg018326.html

(snj)

Pull up following revision(s) (requested by riastradh in ticket #599):
share/man/man9/pci_intr.9: revision 1.18
Fix type of pc argument in pci_intr(9) man page.

(snj)

KNF

(skrll)