| Age | Commit message (Collapse) | Author |
|---|
|
Ever since the prehistoric zlib was removed last fall, the configure script
would complain because of a missing file:
sed: 0: /usr/src/gnu/usr.bin/cvs/zlib/Makefile.in: No such file or directory
noticed by deraadt
ok bluhm
|
|
.openbsd.syscalls section with the PT_OPENBSD_SYSCALLS phdr, even though is
does not have the ALLOC flag; otherwise the phdr gets rewritten with a size
of zero, which prevents the binary from working.
ok kettenis@
|
|
|
|
(libobjc) had been removed from the build years ago, there is no need to
keep the compiler.
ok beck@ joshua@
|
|
|
|
|
|
first six entries are in the same order as syscall arguments, such
that syscall() can just use the trapframe as the argument vector
for mi_syscall() and not need to reorder into another buffer on the
stack. This doesn't affect coredump layout or ptrace(2), but does
affect kernel crash dumps.
Possibility noted during miod@'s cleanup of the MD syscall()
implementations
ok mlarkin@ kurt@
|
|
endbr{64,32}
"sure" dv@ deraadt@
|
|
Repairs ld.bfd operations on i386: since the switch to llvm-16 clang
emits such relocations (eg one is present in /usr/lib/crtbegin.o).
This unbreaks the build of ports/lang/fpc.
Help and tests from tb@, ok tb@ kettenis@
|
|
No changes to perl, as those were already committed for the earlier errata.
This just brings documentation and such in line with upstream.
ok bluhm@
|
|
of which there is only one -- instbin, on the install media. But
that is incompatible with the 32-bit offsets in openbsd.syscalls.
Move the start of openbsd nopie binaries much lower.
ok kettenis
|
|
This will be used soon to pin system calls to designated call sites.
ok deraadt@
|
|
From upstream commit:
From 7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
From: Karl Williamson <khw@cpan.org>
Date: Sat, 9 Sep 2023 11:59:09 -0600
Subject: [PATCH] Fix read/write past buffer end: perl-security#140
A package name may be specified in a \p{...} regular expression
construct. If unspecified, "utf8::" is assumed, which is the package
all official Unicode properties are in. By specifying a different
package, one can create a user-defined property with the same
unqualified name as a Unicode one. Such a property is defined by a sub
whose name begins with "Is" or "In", and if the sub wishes to refer to
an official Unicode property, it must explicitly specify the "utf8::".
S_parse_uniprop_string() is used to parse the interior of both \p{} and
the user-defined sub lines.
In S_parse_uniprop_string(), it parses the input "name" parameter,
creating a modified copy, "lookup_name", malloc'ed with the same size as
"name". The modifications are essentially to create a canonicalized
version of the input, with such things as extraneous white-space
stripped off. I found it convenient to strip off the package specifier
"utf8::". To to so, the code simply pretends "lookup_name" begins just
after the "utf8::", and adjusts various other values to compensate.
However, it missed the adjustment of one required one.
This is only a problem when the property name begins with "perl" and
isn't "perlspace" nor "perlword". All such ones are undocumented
internal properties.
What happens in this case is that the input is reparsed with slightly
different rules in effect as to what is legal versus illegal. The
problem is that "lookup_name" no longer is pointing to its initial
value, but "name" is. Thus the space allocated for filling "lookup_name"
is now shorter than "name", and as this shortened "lookup_name" is
filled by copying suitable portions of "name", the write can be to
unallocated space.
The solution is to skip the "utf8::" when reparsing "name". Then both
"lookup_name" and "name" are effectively shortened by the same amount,
and there is no going off the end.
This commit also does white-space adjustment so that things align
vertically for readability.
|
|
Tested by deraadt@
|
|
ok deraadt@
|
|
Reported and suggested by jsing@
|
|
|
|
so instead of shipping the file internally, let's generate it and
install it with the rest of the headers; unbreaks xenocara build
|
|
|
|
|
|
|
|
|
|
(see user_caps(5))
also obviously protects the term name just in case someone wants to have
fun with it..
|
|
|
|
as noticed by afresh1@
(this should be all for now)
|
|
"in case of emergency run info_cmp block" (more efficient: we only
parse the entry we need). Keep the small part that creates a dumb terminal
on VMS, even though we're not running that.
Add an extra state check in the automaton to avoid skipping a tmp_term
|
|
|
|
This allows terminals with only terminfo capabilities to show up in
Term::Cap (like kitty) !
|
|
the variable doesn't exist
|
|
in a hash instead.
Side effect: we no longer parse the same tc again and again, leading
to a smaller result with the same capabilities but no duplicates.
(instead of parsing 36 entries for xterm, we end up with 10 entries, as
the "tc=" stuff is actually a tree instead of a list: xterm references
several intermediate tc that all lead to the same basic list !)
|
|
|
|
use \Q\E to quote stuff around tmp_term, instead of rolling our own
in termpat (get rid of termpat)
|
|
|
|
|
|
as discussed with afresh1@
|
|
In one branch of the image handling, the wrong malloc() call was
copied-pasted making the allocation possibly smaller than needed.
Spotted while building the gcc11 port, libgccjit.info exercise that
branch and the write out of bounds was discovered by malloc().
Convert the malloc + strlcpy/cat dance to an asprintf, and while here
also fix the leak of the two paths.
ok tb@
|
|
While these versions of gcc don't have full C99 support, it is
better than defaulting to C89 when building modern software.
OK deraadt@
|
|
There has been some unexpected fallout. Requested by deraadt@.
|
|
|
|
While these versions of gcc don't have full C99 support, it is
better than defaulting to C89 when building modern software.
OK deraadt@
|
|
Provide shorter diffs without unnecessary debugging output.
Note that this affects cvs installed on the server side.
OK deraadt@
|
|
With the update to ncurses 6.4-20230826 /etc/termcap now needs at
least a 36 deep search. Instead, we'll just bump to 64. It seems
32 has been enough since perl 5.001 in 1995, so hopefully this buys
us at least another 28 years.
"please commit that" deraadt@
|
|
Avoid false positive in security scan. Removal of embedded zlib
ensures that cvs is linked dynamically with /usr/lib/libz.so. We
do not want any zlib 1.1.3 from 2001 in our source tree.
no binary diff; OK millert@ deraadt@
|
|
|
|
|
|
|
|
clang-16
"looks fine to me" robert@, ok kettenis@
|
|
This is ancient GNU software that tends to break whenever clang adds
more warnings about deprecated features in new languages versions or
turns them into errors. Using -std=gnu89 (the defaults for base-gcc)
for those packages means we'll probably avoid most new warnings, errors,
and possible miscompilations when updating clang.
ok robert@
|
|
This is ancient GNU software that tends to break whenever clang adds
more warnings about deprecated features in new languages versions or
turns them into errors. Using -std=gnu89 (the defaults for base-gcc)
for those packages means we'll probably avoid most new warnings, errors,
and possible miscompilations when updating clang.
This fixes the build of libiberty and texinfo with clang-16.
ok robert@
|
|
|
