Re: swapctl(2) manpage cleanup
Hi Kaspars, Kaspars Bankovskis wrote on Fri, Dec 12, 2014 at 03:55:55PM +0200: .In and .An macro fixes Committed that part, thanks. Ingo
Re: LibreSSL 2.1.2 released
On Saturday 2014-12-13 00:08, Brent Cook wrote: On Dec 12, 2014, at 5:04 PM, Jan Engelhardt jeng...@inai.de wrote: To solve that, simply add libcrypto_la_LDFLAGS = -no-undefined [same for libssl,libtls] Without this, the DLLs won't be produced. Thanks for the hint, will do! For reference, here is the full patch I needed. --- crypto/Makefile.am |2 +- crypto/bio/bss_log.c |4 ++-- ssl/Makefile.am |3 ++- tls/Makefile.am |3 ++- 4 files changed, 7 insertions(+), 5 deletions(-) Index: libressl-2.1.2/crypto/Makefile.am === --- libressl-2.1.2.orig/crypto/Makefile.am +++ libressl-2.1.2/crypto/Makefile.am @@ -8,7 +8,7 @@ lib_LTLIBRARIES = libcrypto.la EXTRA_DIST = VERSION -libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ +libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK Index: libressl-2.1.2/crypto/bio/bss_log.c === --- libressl-2.1.2.orig/crypto/bio/bss_log.c +++ libressl-2.1.2/crypto/bio/bss_log.c @@ -70,7 +70,7 @@ #include openssl/buffer.h #include openssl/err.h -#ifndef NO_SYSLOG +#if !defined(_WIN32) !defined(NO_SYSLOG) static int slg_write(BIO *h, const char *buf, int num); static int slg_puts(BIO *h, const char *str); @@ -210,4 +210,4 @@ xcloselog(BIO* bp) closelog(); } -#endif /* NO_SYSLOG */ +#endif /* !WIN32 !NO_SYSLOG */ Index: libressl-2.1.2/ssl/Makefile.am === --- libressl-2.1.2.orig/ssl/Makefile.am +++ libressl-2.1.2/ssl/Makefile.am @@ -4,8 +4,9 @@ lib_LTLIBRARIES = libssl.la EXTRA_DIST = VERSION -libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ +libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) +libssl_la_LIBADD = ../crypto/libcrypto.la libssl_la_SOURCES = bio_ssl.c libssl_la_SOURCES += d1_both.c Index: libressl-2.1.2/tls/Makefile.am === --- libressl-2.1.2.orig/tls/Makefile.am +++ libressl-2.1.2/tls/Makefile.am @@ -5,8 +5,9 @@ lib_LTLIBRARIES = libtls.la EXTRA_DIST = VERSION -libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ +libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) +libtls_la_LIBADD = ../ssl/libssl.la libtls_la_SOURCES = tls.c libtls_la_SOURCES += tls_client.c
Re: relayd: convert to siphash
On Fri, Dec 12, 2014 at 12:57:08PM -0500, Ted Unangst wrote: On Wed, Dec 10, 2014 at 21:51, Max Fillinger wrote: Here's a version without malloc'ing the key. Looks like it still does? Yes, I managed to just repost the previous diff...at least the thing is in more competent hands now.
patch: fix arbitrary ed command allowance
Hi,
patch accepts arbitrary ed commands after encountering s. The s
ed command does not expect any further input, which makes it a one line
command like d. Yet, patch sends any lines until . unchecked to ed
through its pipe, allowing command execution.
Example:
$ ls
ed.diff
$ cat ed.diff
0a
some text.
.
1s/.//
!/usr/bin/touch file.txt
$ touch a
$ patch a ed.diff
Hmm... Looks like an ed script to me...
0
!
10
done
$ ls
a a.orig ed.diff file.txt
$ _
Tobias
Index: pch.c
===
RCS file: /cvs/src/usr.bin/patch/pch.c,v
retrieving revision 1.49
diff -u -p -u -p -r1.49 pch.c
--- pch.c 13 Dec 2014 10:31:07 - 1.49
+++ pch.c 13 Dec 2014 15:25:51 -
@@ -1398,10 +1398,10 @@ do_ed_script(void)
;
/* POSIX defines allowed commands as {a,c,d,i,s} */
if (isdigit((unsigned char)*buf)
- (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t ==
's')) {
+ strchr(acdis, *t) != NULL) {
if (pipefp != NULL)
fputs(buf, pipefp);
- if (*t != 'd') {
+ if (*t != 'd' *t != 's') {
while (pgets(buf, sizeof buf, pfp) != NULL) {
p_input_line++;
if (pipefp != NULL)
Re: patch: fix arbitrary ed command allowance
On Sat, Dec 13, 2014 at 10:57:42AM -0500, Daniel Dickman wrote:
- (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t
== 's')) {
+ strchr(acdis, *t) != NULL) {
doesn't this change the semantics slightly? i haven't looked at the
context beyond what's in your patch but if *t is somehow equal to NUL,
won't strchr return the position of the terminating NUL since The
terminating NUL character is considered to be part of the string.?
Indeed, thanks for pointing it out.
Updated diff below:
Index: pch.c
===
RCS file: /cvs/src/usr.bin/patch/pch.c,v
retrieving revision 1.49
diff -u -p -u -p -r1.49 pch.c
--- pch.c 13 Dec 2014 10:31:07 - 1.49
+++ pch.c 13 Dec 2014 16:17:01 -
@@ -1398,10 +1398,10 @@ do_ed_script(void)
;
/* POSIX defines allowed commands as {a,c,d,i,s} */
if (isdigit((unsigned char)*buf)
- (*t == 'a' || *t == 'c' || *t == 'd' || *t == 'i' || *t ==
's')) {
+ *t != '\0' strchr(acdis, *t) != NULL) {
if (pipefp != NULL)
fputs(buf, pipefp);
- if (*t != 'd') {
+ if (*t != 'd' *t != 's') {
while (pgets(buf, sizeof buf, pfp) != NULL) {
p_input_line++;
if (pipefp != NULL)
Re: Want to help upstream software improve their random?
Theo de Raadt dera...@cvs.openbsd.org wrote:
In all of these code blocks are a well-known piece of information
(same time on your machine as everywhere else) is being used to seed a
deterministic number generator.
At some later point, deterministic numbers are taken out using rand(),
random(), drand48(), lrand48(), mrand48(), or srand48(), or some
derivative function inside the program itself, and used for WHO KNOWS
WHAT PURPOSE.
I did not audit what the numbers are being used for.
Quite likely some numbers are just used to help hashing. Some could
be used to print pretty pictures. But in xulrunner? In the zip password
creator? In postgresql, or say in openldap (a network related thing)?
It is doubtful they are all fine.
For the benefit of other projects who haven't taken the same steps as
OpenBSD, it would be nice if some people helped out these pieces of
software.
I took one as an example.
apr-util-1.5.3srand((unsigned int)(((time_now 32) ^ time_now)
0x));
apr-util-1.5.3srand((unsigned int)apr_time_now());
Here is the only usage of rand in its entirety.
/* true_random -- generate a crypto-quality random number. */
static int true_random(void)
{
apr_uint64_t time_now;
#if APR_HAS_RANDOM
unsigned char buf[2];
if (apr_generate_random_bytes(buf, 2) == APR_SUCCESS) {
return (buf[0] 8) | buf[1];
}
#endif
/* crap. this isn't crypto quality, but it will be Good Enough */
time_now = apr_time_now();
srand((unsigned int)(((time_now 32) ^ time_now) 0x));
return rand() 0x0;
}
Interestingly this is inside a UUID generator, which already uses time
as part of the unique value. Deterministic statistically random numbers
based on time don't help at all.
I looked into apr_generate_random_bytes and found that it is a giant
ifdef, which, if nothing is set, will reduce to a one line function
returning success. I hope their configure script doesn't continue if
nothing is set.
From APR 1.5.1, which Theo's script didn't seem to catch:
#define arc4random() rand()
But if mkstemp is present, they assume random is also (I wonder why?)
and use
#define arc4random() random()
as if that were more secure.
I find no evidence of real arc4random in their tree. It's as if they're
relying on the magic of the name to protect them.
APR also has it's own random number generator in tree, which neither
the UUID generator nor the mkstemp replacement uses. I don't know enough
math to pass judgement on it other than saying random generation belongs
in some library or the kernel.
Apache HTTPD contains a large snarl of code intended to do OpenSSL's
job for it and seed it, but I don't know enough about OpenSSL to pass
judgement.
There are several more rand calls in HTTPD, including what appears to
be another random number generator, complete with comments indicating
that APR should have its own random number generator.
What I'm ultimately saying is that upstream's views on random number
generation can be mighty strange. Many are of the opinion that an
insecure fallback is better than refusing to compile. Not that it is an
excuse for poor software engineering, but many are old enough to be
rather jumbled in their library use.
I tried to CC their list but it won't let me post without subscribing
and furthermore I couldn't seem to subscribe.
-- Martin
patch: safer temp file handling
Hi, the code for temporary file handling in patch is currently rather poor, leaving possibilities for race conditions while patching files. Granted, there is a bug in patch that makes it rather hard to be successfully exploited as long as /tmp is on its own partition (which is basically always true, I hope). Also permissions of the plan b buffer file are changed from 600 to 644 (i.e. 666 + umask) Beside of that, patch's output isn't always true when it comes to rejected files that couldn't be saved as *.rej, i.e. when they are left in temporary directory. I'll try to explain this by using this example: $ cat my.diff --- a Sat Dec 13 19:28:53 2014 +++ a~ Sat Dec 13 19:28:58 2014 @@ -1,3 +1,3 @@ 1 -a +b 2 --- b Sat Dec 13 19:29:03 2014 +++ b~ Sat Dec 13 19:29:07 2014 @@ -1,3 +1,3 @@ 2 -a +c 3 --- c Sat Dec 13 20:43:30 2014 +++ c~ Sat Dec 13 20:43:35 2014 @@ -0,0 +1 @@ +c $ touch a b c $ sudo mkdir a.rej b.rej $ patch -i my.diff Hmm... Looks like a unified diff to me... The text leading up to this was: -- |--- a Sat Dec 13 19:28:53 2014 |+++ a~ Sat Dec 13 19:28:58 2014 -- Patching file a using Plan A... Hunk #1 failed at 1. 1 out of 1 hunks failed--saving rejects to a.rej Can't backup a.rej, output is in /tmp/patchr4mBV12Ow1u: Permission denied Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- |--- b Sat Dec 13 19:29:03 2014 |+++ b~ Sat Dec 13 19:29:07 2014 -- Patching file b using Plan A... Hunk #1 failed at 1. 1 out of 1 hunks failed--saving rejects to b.rej Can't backup b.rej, output is in /tmp/patchr4mBV12Ow1u: Permission denied Hmm... The next patch looks like a unified diff to me... The text leading up to this was: -- |--- c Sat Dec 13 20:43:30 2014 |+++ c~ Sat Dec 13 20:43:35 2014 -- Patching file c using Plan A... Empty context always matches. Hunk #1 succeeded at 1. done $ cat /tmp/patchr4mBV12Ow1u $ _ As you can see, the temporary file is empty. Even if it would be not empty, it would contain the rejected hunks from files a and b. The file is empty because the last patch operation on file c was successful. Before each file operation, these temporary files are re-opened; without calling mkstemp() or the like. The race condition happens if /tmp is on the same partition as the target files. Could also be triggered if TMPDIR environmental variable is adjusted. After successful operations, the temporary file that contains the output is rename()'ed, effectively giving an attacker a time window to put a new file into the old position -- he would even know the file name to use... My diff unifies temporary file handling into temp.c. Also, it avoids to re-open files by using proper permissions. In pch.c, it means that the temporary patch file is opened r+ to be filled with stdin. In inp.c, the buffer file for plan b is kept open as r+, too... To test various cases, these calls are of interest: $ patch -i my.diff # least file operations $ patch -x 8 -i my.diff # uses TMP_IN for plan b buffer $ patch my.diff # uses TMP_PAT for stdin buffer $ patch -x 8 my.diff # most file operations Thoughts on this? Tobias Index: Makefile === RCS file: /cvs/src/usr.bin/patch/Makefile,v retrieving revision 1.4 diff -u -p -u -p -r1.4 Makefile --- Makefile16 May 2005 15:22:46 - 1.4 +++ Makefile13 Dec 2014 19:38:19 - @@ -1,6 +1,6 @@ # $OpenBSD: Makefile,v 1.4 2005/05/16 15:22:46 espie Exp $ PROG= patch -SRCS= patch.c pch.c inp.c util.c backupfile.c mkpath.c +SRCS= patch.c pch.c inp.c util.c backupfile.c mkpath.c temp.c .include bsd.prog.mk Index: common.h === RCS file: /cvs/src/usr.bin/patch/common.h,v retrieving revision 1.28 diff -u -p -u -p -r1.28 common.h --- common.h25 Nov 2014 10:26:07 - 1.28 +++ common.h13 Dec 2014 19:38:19 - @@ -48,6 +48,11 @@ #define ORIGEXT .orig #define REJEXT .rej +#define TMP_OUT 0 +#define TMP_IN 1 +#define TMP_REJ 2 +#define TMP_PAT 3 + /* handy definitions */ #define strNE(s1,s2) (strcmp(s1, s2)) @@ -76,9 +81,7 @@ extern char *outname; extern char*origprae; extern char*TMPOUTNAME; -extern char*TMPINNAME; extern char*TMPREJNAME; -extern char*TMPPATNAME; extern booltoutkeep; extern booltrejkeep; Index: inp.c === RCS file: /cvs/src/usr.bin/patch/inp.c,v retrieving revision 1.42 diff -u -p -u -p -r1.42 inp.c --- inp.c 9 Dec 2014 20:28:43 - 1.42 +++ inp.c 13 Dec 2014 19:38:19 - @@ -44,6 +44,7 @@ #include util.h #include pch.h #include inp.h +#include temp.h /* Input-file-with-indexable-lines abstract type */ @@ -52,6 +53,7 @@ static off_t
Re: Want to help upstream software improve their random?
12 дек. 2014 г. 8:04 пользователь Theo de Raadt dera...@cvs.openbsd.org
написал:
In all of these code blocks are a well-known piece of information
(same time on your machine as everywhere else) is being used to seed a
deterministic number generator.
At some later point, deterministic numbers are taken out using rand(),
random(), drand48(), lrand48(), mrand48(), or srand48(), or some
derivative function inside the program itself, and used for WHO KNOWS
WHAT PURPOSE.
I did not audit what the numbers are being used for.
Quite likely some numbers are just used to help hashing. Some could
be used to print pretty pictures. But in xulrunner? In the zip password
creator? In postgresql, or say in openldap (a network related thing)?
It is doubtful they are all fine.
For the benefit of other projects who haven't taken the same steps as
OpenBSD, it would be nice if some people helped out these pieces of
software.
EMBOSS-6.0.1srand((unsigned) time(tm));
ORBit2-2.14.19 srand (t.tv_sec ^ t.tv_usec ^ getpid () ^ getuid ());
apr-util-1.5.3srand((unsigned int)(((time_now 32) ^ time_now)
0x));
apr-util-1.5.3srand((unsigned int)apr_time_now());
aqualung-0.9beta11 srand(time(0));
aqualung-0.9beta11 srand(time(NULL));
audacious-3.5.2srand (time (NULL));
audacious-plugins-3.5.2srand(time(NULL));
audacity-1.3.9 srand(time(0));
audacity-1.3.9 srand(time(NULL));
audacity-1.3.9srand( (unsigned int) time(NULL) );
birda-1.1srandom(t.tv_sec^t.tv_usec);
boost-1.53.0std::srand( runtime_config::random_seed() );
boost-1.53.0 srand(time(0));
boost-1.53.0generator() { srand(time(0)); }
boost-1.53.0generator() { srand(time(0)); }
boost-1.53.0std::srand(time(0) + world.rank());
boost-1.53.0std::srand(time(0) + world.rank());
boost-1.53.0 srand(time(0) + world.rank());
boost-1.53.0 srand(time(0) + world.rank());
boost-1.53.0 std::srand(time(0) + world.rank());
boost-1.53.0 std::srand(time(0) + world.rank());
boost-1.53.0srand( time(NULL) );
boost-1.53.0srand( time( NULL ) );
boost-1.53.0srand ( time(NULL) );
boost-1.53.0std::srand(static_castunsigned(std::time(0)));
boost-1.53.0std::srand(static_castunsigned(std::time(0)));
boost-1.53.0 srand(time(0));
boost-1.53.0 srand(time(0));
boost-1.53.0std::srand((unsigned int)std::time(NULL));
boost-1.53.0srand(time(0));
bullet-2.81// srand(time(NULL) / 30);
bullet-2.81 srand((unsigned)time(NULL)); // Seed it...
bullet-2.81 srand ( time ( 0x0 ) );
c3270-3.3.11.6 srand(time(NULL));
c3270-3.3.11.6 srandom(time(NULL));
c3270-3.3.11.6 srand(time(NULL));
c3270-3.3.11.6 srandom(time(NULL));
c3270-3.3.11.6 srand(time(NULL));
c3270-3.3.11.6 srandom(time(NULL));
c3270-3.3.11.6 srand(time(NULL));
c3270-3.3.11.6 srandom(time(NULL));
c3270-3.3.11.6 srand(time(NULL));
c3270-3.3.11.6 srandom(time(NULL));
c3270-3.3.11.6 srand(time(NULL));
c3270-3.3.11.6 srandom(time(NULL));
caps-plugins-0.4.4 srandom (tv.tv_sec ^ tv.tv_usec);
celestia-1.6.1 std::srand(std::time(NULL));
celestia-1.6.1 std::srand(time(NULL));
celestia-1.6.1srandom(time(NULL));
celt-0.11.1 srand(time(NULL));
celt07-0.7.1 srand(time(NULL));
cgdb-0.6.8srand(time(NULL));
clementine-1.2.3 srandom((int)[[NSDate date] timeIntervalSince1970]);
clementine-1.2.3srandom(time(NULL));
clementine-1.2.3srand ( time ( NULL ) );
clementine-1.2.3 qsrand((time.tv_sec * 1000) + (time.tv_usec / 1000));
cmake-3.0.2srand((unsigned)time(0));
cmake-3.0.2 srand((unsigned int)time(NULL)+randomizer++); /* seed */
codeblocks-13.12srand( time(NULL) );
codeblocks-13.12inline void ini_random() { srand(time(0)); };
codeblocks-13.12srand((unsigned)time(0));
codeblocks-13.12srand(time(nullptr));
codeworker-4.5.4if (iSeed = 0) srand((unsigned) iSeed);
codeworker-4.5.4else srand((unsigned) time(NULL));
db-3.1.17 srand((u_int)time(NULL));
db-3.1.17 srand(getpid() | time(NULL));
db-3.1.17 srand((unsigned int)time(NULL));
db-4.6.21 srand((u_int)time(NULL));
db-4.6.21 srand(getpid() | time(NULL));
db-4.6.21 srand((unsigned int)time(NULL));
db-4.6.21 srand((u_int)time(NULL) % (u_int)getpid());
db-4.6.21 srand((u_int)(time(NULL) | getpid()));
db-4.6.21 srand((u_int)(time(NULL) | getpid()));
deadbeef-0.6.2srand (time (NULL));
deadbeef-0.6.2//srand ((uint) ::time(NULL));
deadbeef-0.6.2 srand(time(NULL));
deadbeef-0.6.2 fixed random playback bug caused by libsidplay2 calling
srand(time(NULL))
festival-1.95beta#define seed_random() srand((unsigned)time(NULL))
festival-1.95beta#define seed_random() srandom(time(NULL));
festival-1.95betasrand(time(NULL));
flac-1.3.0 srand((unsigned)time(0));
flac-1.3.0 srand((unsigned)time(0));
flac-1.3.0
