| Age | Commit message (Collapse) | Author |
|---|
|
Addresses CVE-2018-12015
From Silamael <silamael () coronamundi ! de>
Original bug reports:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
https://rt.cpan.org/Public/Bug/Display.html?id=125523
Original commit with the fix:
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
OK bluhm@, they should already be committed! deraadt@
|
|
'.openbsd.randomdata.retguard', to make them easier to work with in the
kernel hibernate code.
ok mortimer@ deraadt@
|
|
section when linking, as we do when using ld from binutils.
ok mortimer@ deraadt@
|
|
profiler(gprof) work properly.
ok mpi
|
|
Spotted by Nan Xiao.
|
|
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
On function entry the return address is combined with a per-function random
cookie and stored in the stack frame. The integrity of this value is verified
before function return, and if this check fails, the program aborts. In this way
RETGUARD is an improved stack protector, since the cookies are per-function. The
verification routine is constructed such that the binary space immediately
before each ret instruction is padded with int03 instructions, which makes these
return instructions difficult to use in ROP gadgets. In the kernel, this has the
effect of removing approximately 50% of total ROP gadgets, and 15% of unique
ROP gadgets compared to the 6.3 release kernel. Function epilogues are
essentially gadget free, leaving only the polymorphic gadgets that result from
jumping into the instruction stream partway through other instructions. Work to
remove these gadgets will continue through other mechanisms.
Remaining work includes adding this mechanism to assembly routines, which must
be done by hand. Many thanks to all those who helped test and provide feedback,
especially deaadt, tb, espie and naddy.
ok deraadt@
|
|
|
|
ok hackroom@
|
|
|
|
linker script makes ld.lld(1) crash. This has been fixed in a different
(proper?) way upstream but backporting their fix is a bit too invasive.
ok patrick@
|
|
From Sebastien Marie
|
|
the "soft" floating-point ABI but this does allow the compiler to generate
FPU instructions.
ok deraadt@
|
|
|
|
layout. Simplify how we identify which frames have trapframes while here.
ok kettenis@
|
|
friendly instructions with safe alternatives. This initial commit fixes
3 instruction forms that will lower to include a c3 (return) byte.
Additional problematic instructions can be fixed incrementally using
this framework.
ok deraadt@
|
|
don't barf on binaries created by ld.lld(1). From FreeBSD.
ok millert@, deraadt@, guenther@
|
|
|
|
|
|
|
|
|
|
ok hackroom@
|
|
* RT #131844: [CVE-2018-6913] heap-buffer-overflow in S_pack_rec
Reported by GwanYeong Kim, fixed by Tony Cook.
* RT #132063: [CVE-2018-6798] Heap-buffer-overflow in
Perl__byte_dump_string (utf8.c)
Reported by Nguyen Duc Manh, fixed by Karl Williamson, Yves Orton, and
Tony Cook.
* RT #132227: [CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in
S_regatom (regcomp.c)
Reported by Brian Carpenter, fixed by Yves Orton, Karl Williamson, and
Tony Cook.
Many thanks to deraadt@ tj@ bluhm@ tb@ robert@
|
|
was used to compile and object
ok kettenis@
|
|
and probably firefox on amd64/i386.
ok patrick@
|
|
|
|
|
|
Noticed by sthen@
|
|
Noticed by sthen@
|
|
|
|
when compiling with LLVM 6.0.0. This is a good enough temporary fix.
"where's the kaboom?" deraadt@
|
|
|
|
|
|
"where is the kaboom?" deraadt@
|
|
development effort on OpenBSD/arm64.
|
|
|
|
ok hackroom@
|
|
pointers. Since binutils 2.17 is compiled with -Werror, this breaks the
build. Change the function to return -1 as suggested by the comment in
said function.
ok kettenis@
|
|
present in lld 5.0.1 removed (--build-id=fast, -z muldefs,
-z retpolineplt). This includes a bunch of mdoc changes suggested
by schwarze@ that were recently committed upstream.
ok jmc@ schwarze@ kettenis@ deraadt@
|
|
actual error if "install" was done parallelly.
ok espie todd andrew1, input andrew1
|
|
state.
ok patrick@
|
|
|
|
suggested by jmc@ ok patrick@
|
|
ok hackroom@
|
|
This allows linking code compiled by clang with the gcc compiler driver
and makes sure we always use the softfloat implementation in libc. The
libc softfloat implementation is preferred over the one in libgcc as it
implements rounding modes and floating point exceptions.
ok patrick@
|
|
the generation of gap.o.
ok patrick@
|
|
|
|
more closer to GNU linkers. This should help with autoconf/libtool
compatibility in ports.
Requested by Brad
"no objection" kettenis@
|
|
instructions to have side effects so the optimizer does not reorder
them across fnstcw/fldcw sequences. Fixes a bug seen in sqlite3 on
i386.
ok kettenis@
|
|
ok hackroom@
|
|
|
