| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
The implementation tries to allocate sufficient memory to match the size of
the microcode file and will blow the boot loader heap when loading a larger
microcode file. This has been causing "heap full" errors at boot on some
machines.
Diagnosed with deraadt@
|
|
|
|
covering the remaining functions that were documented in engine(3),
except for seven functions that are completely pointless and that
were merely listed but not really documented.
|
|
frequency of 125Mhz, and have a unique sleep register. A custom
interrupt handler is setup in puc for these ports so it can check a
register which reports which ports triggered the interrupt, rather
than having to run comintr for every port every time.
ok mlarkin deraadt
|
|
|
|
This implements RFC 3430, with the exception of processing multiple
incoming requests in parallel (Section 2.1). This required too much
code and is optional anyway.
Initial review by reyk@, very thorough reviews by jca@. Thanks!
OK jca@, gerhard@
|
|
covering 60% of the documented functions). The old, abominable
engine(3) manual page shall die soon.
|
|
allow for custom frequencies not a multiple of COM_FREQ
ok deraadt
|
|
|
|
set to HOST_DOWN.
Noticed and fixed by Rivo Nurges <Rivo DOT Nurges AT smit DOT ee>
ok and reminder florian@
|
|
|
|
|
|
* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
Reported by GwanYeong Kim, fixed by Tony Cook.
* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)
Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.
* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)
Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.
Many thanks to deraadt@ tj@ bluhm@ tb@ robert@
|
|
to accept a NULL argument. Document that.
While here, make the related sentences more precise and less verbose.
Tweaks and OK tb@.
|
|
simplifies the caller side.
tested by & ok inoguchi; discussed with schwarze
|
|
OpenSSL commit 7c96dbcdab9 by Rich Salz.
This cleans up the caller side quite a bit and reduces the number of
lines enclosed in #ifndef OPENSSL_NO_ENGINE. codesearch.debian.net
shows that almost nothing checks the return value of ENGINE_finish().
While there, replace a few nearby 'if (!ptr)' with 'if (ptr == NULL)'.
ok jsing, tested by & ok inoguchi
|
|
ok deraadt, kettenis
|
|
"Regress is always open for commits" @deraadt
|
|
on terminals narrower than 79 columns and the default -Oindent on
terminals narrower than 66 columns.
Requested by and feedback from pirofti@;
mpi@ and juanfra@ also like the general direction.
|
|
selected UTF-8, not some other multibyte locale. This obviously
makes no difference on OpenBSD but improves portability.
Issue reported by <Nakayama at NetBSD> via wiz@.
|
|
Keeps $SECONDS advancing uniformly and independent of wall clock jumps.
ok jca@
|
|
Ok ccardenas@
|
|
in full HTML output, but not with -Ofragment, e.g. in man.cgi(8);
suggested by Thomas Klausner <wiz at NetBSD>
|
|
different effective user, i.e. when invoced via su and
backup-to-home-directory is enabled.
Problem pointed out and diff provied by Lucas Gabriel Vuotto
<lvuotto92 () gmail ! com>, thanks!
Subsequently slacked on for nearly a year by yours truly.
Then remembered when Han Boetes <hboetes () gmail ! com> came up with
a similar diff because of a problem report by Mark Willson where it
turned out that getlogin(2) is not very portable.
OK tb
|
|
No objections from henning, OK visa
|
|
ok kettenis@+florian@'s OCD
|
|
diff from fukaumi at soum.co.jp.
ok deraadt mpi
|
|
patch from Thomas Kuthan in bz2719; ok dtucker@
|
|
This establishes a minimum time for each failed authentication
attempt (5ms) and adds a per-user constant derived from a host
secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok
markus@ djm@.
|
|
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
by my mistake.
Pointed out by Christian Ludwig. Thank you!
|
|
was used to compile and object
ok kettenis@
|
|
calling FRELE(9) in finishdup().
Update comments accordingly.
ok bluhm@, visa@
|
|
dupfdopen().
ok bluhm@, visa@
|
|
The sequence of packets and combination of flags depends on timing.
|
|
|
|
syslogd to shutdown. So the test could miss some log messages.
|
|
SSL_OP_TLS_ROLLBACK_BUG to no longer have any effect.
Update the manual page.
|
|
around the SSLv3/TLSv1.0 period... and buggy clients are buggy. This also
helps to clean up the RSA key exchange code.
ok "kill it with fire" beck@ tb@
|
|
with mandoc -Tman; suggested by Thomas Klausner <wiz at NetBSD>
|
|
set for pledged processes. dup(2) uses the flag from the old file
descriptor. Make open /dev/fd consistent to duplicate and inherit
the flag.
OK deraadt@
|
|
1. Stop telling our PID to the world: the ident values could overlap
anyway since PID space is larger than 16 bits for some time already.
2. No need for htons/ntohs dance with ident in IPv6 case.
okay benno@ deraadt@ florian@
|
|
OK benno
|
|
"listen on * port 80".
While here accept up to 16 addresses from DNS or interface groups.
requested by & "lovely" deraadt@
OK kn@
|
|
- provide struct cpu_info_full
- prepare K-U sections
- reorganize interrupt, trap, syscall entry to use K-U trampoline
- prepare pmap for entering special mappings, the mappings are not
setup yet
This code will already trigger performance issues. We do more tlb
flushes, but we do not unmap the kernel yet. The latter
will be needed to prevent Meltdown.
from hshoexer@; input guenther@; OK mlarkin@ deraadt@
|
|
okay tb@ and benno@
|
|
The test covers the system calls dup, dup2, dup3, open /dev/fd, and
file descriptor passing. The fstat(1) output is analysed.
|
