summaryrefslogtreecommitdiff
path: root/gnu
AgeCommit message (Collapse)Author
2014-05-08Recognize `t' as a valid format modifier for kprintf-style format strings.Miod Vallat
2014-05-07Match search_string_def() prototype change, forgotten in previous protector.[ch]Miod Vallat
commit.
2014-05-06When the stack protector heuristics doesn't cover a function, leaveMartynas Venckus
a little pointer-sized gap before the return value. This protects from common off-by-one type of bugs and costs nothing: the attacker won't be able to overwrite return pointer. Developed at m2k14, thanks for the hackathon!
2014-05-06Introduce -fstack-shuffle, which randomizes local stack variables.Martynas Venckus
This will make the environment more hostile and help detect bugs that depend on overrunning one variable into another, with almost no performance cost. Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
2014-05-06Remove the ``addressable'' argument to search_string_def(). Turned out to beMiod Vallat
a bad idea, for it causes false positives, which then can cause ICE trying to protect narrower-than-int incoming arguments, if building with -fstack-protector-all. From etoh@'s gcc 3.4 tree, unbreaks -fstack-protector-all on m88k (well, maybe not completely, but it makes it compile more files, such as pf.c which contains functions receiving uint16_t arguments pushed on the stack due to the exhaustion of caller-saved registers).
2014-05-01Revert 1.49 (bad merge with free dejavu)Miod Vallat
2014-05-01x86-64 ABI requires arrays greater than 16 bytes to be aligned toMartynas Venckus
16byte boundary. However, GCC 16-byte aligns arrays of >=16 BITS, not BYTES. This diff improves bug detectability for code which has local arrays of [16 .. 127] bits: in those cases SSP will now detect even 1-byte overflows. OK kettenis@. Tested in snaps for a week.
2014-04-22Remove KERBEROS5 from the Makefiles (except ssh for now, where it isReyk Floeter
already manually disabled). ok deraadt@
2014-04-15Remove workarounds for ld reaching MAXDSIZ on vax, now that MAXDSIZ isMiod Vallat
more comfortable. Reminded by brad@
2014-04-13Clean up last bits of TCP_WRAPPERS and ELF_TOOLCHAIN.Brad Smith
ok miod@
2014-04-12Bring back the fix in r1.16 of the gcc 2.95 version of protector.c - the codeMiod Vallat
was present, but commented. This fixes code generation of usr.sbin/dhcpd/memory.c!new_address_range() on vax.
2014-04-10Revive the fix for Perl RT bug 116441 (null dereference affectingMatthias Kilian
mod_perl). ok sthen@ millert@
2014-04-08Build libgcc without SSP. With the new SSP-strong heuristics,Martynas Venckus
_moddi3.o gets protected and landisk bootblocks got broken. Fundamentally this causes a link dependency on libc that we'll not always be able to satisfy. Spotted by deraadt@. OK matthew@, kettenis@, guenther@.
2014-04-06Add the missing addressing modes for the fucomip instruction. Surprisingly,Miod Vallat
fucompi was correct. Unbreaks www/webkit on i386. ok sthen@
2014-04-03Put back 1.11, lost during the last update; unbreaks NOPIC builds.Miod Vallat
ok deraadt@
2014-03-30Change the heuristics of -fstack-protector to select to protectMartynas Venckus
additional functions --- those that have local array definitions, or have references to local frame addresses. Note that upstream uses -fstack-protector-strong and misleads people: -fstack-protector, -fstack-protector-all, -fstack-protector-strong can you tell which one is safe? Luckily, OpenBSD has its own compiler and is able to do the right thing for security: this is enabled by default, and called -fstack-protector. OK deraadt@, miod@. Tested for 3 months.
2014-03-27remove gets reference. ok espieTed Unangst
2014-03-26Make perl build in a non-writable src treeafresh1
OK millert@ deraadt@
2014-03-24Merge perl-5.18.2 plus local patches, remove old filesafresh1
OK espie@ sthen@ deraadt@
2014-03-24Import perl-5.18.2afresh1
OK espie@ sthen@ deraadt@
2010-09-24Perl 5.12.2 from CPANTodd C. Miller
2006-03-28perl 5.8.8 importTodd C. Miller
2003-12-03perl 5.8.2 from CPANTodd C. Miller
2002-10-27stock perl 5.8.0 from CPANTodd C. Miller
2001-05-24stock perl 5.6.1Todd C. Miller
2000-04-06virgin perl 5.6.0Todd C. Miller
2000-04-06virgin perl 5.6.0Todd C. Miller
1999-04-29perl5.005_03Todd C. Miller
1999-04-29perl5.005_03Todd C. Miller
1999-04-29perl5.005_03Todd C. Miller
1996-08-19Import of Perl 5.003 into the tree. Makefile.bsd-wrapper andJason Downs
config.sh.OpenBSD are the only local changes.
2014-03-19use smtpd man pages by default. ok deraadt jmcTed Unangst
sendmail.8 note by jmc
2014-03-13Add a few more instruction patterns that are apparently needed by gcc 4.8.Mark Kettenis
Taken from binutils 2.17. ok guenther@
2014-03-12no more rmail in base; ok millertJason McIntyre
2014-02-17Having CpuSMAP and Cpu64 overlap isn't a terribly good idea.Mark Kettenis
Makes it possible to build an i386 kernel with binutils-2.17 again. ok miod@
2014-02-15install man perlinterp so you can learn all about the interpreterTed Unangst
2014-02-09Add support for i386 XSAVE family of instructions: xgetbv, xsetbv, xsave,Philip Guenther
xrstor, and xsaveopt. based on kettenis's original that did xgetbv and xsetbv ok kettenis@
2014-02-07Update to sendmail 8.14.8. This touches a lot of files due to theTodd C. Miller
Sendmail, Inc -> Proofpoint name change. See RELEASE_NOTES for actual changes.
2014-01-24Catch SIGPIPE to clean up temp filesPhilip Guenther
ok deraadt@
2014-01-20Add strong stack protector mode for the original propolice in GCC3.Martynas Venckus
This includes additional functions to be protected --- those that have local array definitions, or have references to local frame addresses. Miod verified that this works on real hardware, and not just on the cross-compiled monster I tested this on.
2014-01-18Fix the NAME section:Ingo Schwarze
One .Nm macro per name, and pass punctuation a as seperate argument. Found with mandocdb(8). OK jmc@.
2014-01-14Add wcstring attribute support for Wbounded. To be used for wchar.hMartynas Venckus
which operates on element counts rather than buffer sizes. I'll start annotating headers in a few weeks, after the hackathon. OK millert@.
2014-01-14Add a new option "-fstack-protector-strong" for GCC4. This includesMartynas Venckus
additional functions to be protected --- those that have local array definitions, or have references to local frame addresses. Note 1: Han explicitly licensed this under GPLv2 for us. Note 2: Do *not* use this anywhere in "src" Makefiles, as the other GCC doesn't have this option yet (but I'm working on it).
2014-01-13Enable Wbounded by default. Passing bound bigger than the bufferMartynas Venckus
size almost always has security implications. I think this quote from Theo summarizes the situation best: Which is why it is important to have at least one unforgiving platform in the ecosystem which properly labels shit shit. That's OpenBSD. If anyone can't handle that, they can go to platforms which hide the reality.
2013-12-30Recognize PT_OPENBSD_RANDOMIZE in linker scripts.Mark Kettenis
ok miod@, matthew@
2013-12-28Prevent GCC from inlining these unsafe builtins: sprintf, vsprintf,Martynas Venckus
stpcpy, strcat, strcpy. Also don't simplify some safe builtins into unsafe ones, otherwise we'll hit the linker with the bogus warning. OK miod@, millert@.
2013-12-17Backport the code from binutils 2.16 that makes weak undefined referencesMark Kettenis
work on alpha. tested by naddy@, deraadt@
2013-12-14When writing a history entry, don't downcast time() return value toJeremie Courreges-Anglas
(long). Use (long long) and print it with %ll08x instead. ok zhuk@
2013-12-11Revert the previous commit; this is not the right approach.Mark Kettenis
2013-12-11Stop the madness! Prevent GCC from inlining these unsafe functions:Martynas Venckus
sprintf, vsprintf, stpcpy, strcat, strcpy. We're hitting the linker again, therefore the warning will show up now.
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 23:41:43 +0000