| Age | Commit message (Collapse) | Author |
|---|
|
to 3-term BSD license.
|
|
libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8). For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".
AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE. It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.
RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer. Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.
ok florian@ phessler@
|
|
With some build plumbing help from jsg@
ok kettenis@ sthen@
|
|
years back, so we can remove it. Since nothing in the ecosystem calls it, I
am not cranking the libc major as required, surely another crank will come
along soon.
noticed by Dante Catalfamo
ok millert
|
|
if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.
ok kettenis@ on previous version
with help from and ok guenther@
diff partially inspired from a diff from brad@
|
|
Largely following the commit by mckusick in FreeBSD.
ok naddy@
|
|
upcoming update to those, which will see both codebases heading into the
gnu/llvm dumpster.
Feedback from jsg@
ok deraadt@ kettenis@
|
|
OK deraadt@
|
|
Both functions take a non-const parameter. Implementations may modify
the passed string, even though ours do not.
ok stsp@ deraadt@ millert@
|
|
ok millert@ deraadt@
|
|
We need to test what the compiler supports, not what the C library
provides. This prevents static_assert from being defined when compiling
with the in-tree gcc (4.2.1) which does not support _Static_assert.
|
|
tested in a bulk by naddy@
previously submitted by jsg@ and Martin Wanvik
ok millert@
|
|
be 8 bytes in the 64-bit ABI just like in the 32-bit ABI. But that means
there is no "spare" word in the TCB that we can use to store a pointer
to our struct pthread. So we have to treat powerpc64 special.
Also recognize that the thread pointer points 0x7000 bytes after the TCB.
Since the TCB is 8 bytes this means that TCB_OFFSET should be 0x7008.
Pointed out by guenther@; ok deraadt@
|
|
|
|
mutually exclusive values. It's the same as SIOCTL_LIST except that
exactly one list element may be selected.
|
|
|
|
that have arguments. Document this requirement/recommendation in style(9)
prompted by mpi@
ok deraadt@
|
|
The API exposes controls of modern audio hardware and sndiod software
volume knobs in a uniform way. Hardware knobs are exposed through
sndiod. Multiple programs may use the controls at the same time
without the need to continuously scan the controls.
For now sndiod exposes only its own controls and the master output and
input volumes of the underlying hardware (if any), i.e. those
typically exposed by acpi volume keys.
ok deraadt
|
|
|
|
Diff from eric@ and florian@, commiting on their behalf since they are absent
and we want to ride the minor shlib bump.
|
|
|
|
Will get us rid of pointless patches in the ports tree. ok guenther@
|
|
counterparts but return memory in pages marked MAP_CONCEAL and on
free() freezero() is actually called.
|
|
- put functions and data which are only used before calling the executable's
start function into their own page-aligned segments for unmapping
(only done on amd64, arm64, armv7, powerpc, and sparc64 so far)
- pass .init_array and .preinit_array functions an addition argument which
is a callback to get a structure which includes a function that frees
the boot text and data
- sometimes delay doing RELRO processing: for a shared-object marked
DF_1_INITFIRST do it after the object's .init_array, for the executable
do it after the .preinit_array
- improve test-ld.so to link against libpthread and trigger its initialization
late
libc changes to use this will come later
ok kettenis@
|
|
found the hard way by nayden@ ok deraadt@
|
|
This is required to build the radeonsi Mesa driver.
ok patrick@
|
|
|
|
could be useful in ports.
initial diff by David Carlier some time ago.
ok jca
|
|
This requires a libc major version bump. OK deraadt@
|
|
|
|
Checking Disabled flag. Introduce a RES flag to do so. ok krw@
deraadt@ eric@
|
|
shouldn't include 'hh' or 'h'.
problem noted by Andreas Kusalananda Kähäri (andreas.kahari(at)abc.se)
ok deraadt@ martijn@
|
|
libs have it, it is a function that is considered harmful, so:
Delete malloc_usable_size(). It is a function that blurs the line
between malloc managed memory and application managed memory and
exposes some of the internal workings of malloc. If an application
relies on that, it is likely to break using another implementation
of malloc. If you want usable size x, just allocate x bytes. ok
deraadt@ and other devs
|
|
|
|
|
|
Tweaked diff from brad@
manpage tweaks florian@ and jmc@
ok deraadt@ millert@
|
|
It replaces the existing pwcache.c functions user_from_uid(3) and
group_from_gid(3) with the pax equivalents. Adapted from NetBSD
(mycroft) changes from our own pax's cache.c. OK guenther@
|
|
to unveil. Unfortunately the auth subsystem uses _PATH_AUTHPROG =
"/usr/libexec/auth/login_", which it auth-program is appended to -- a
rather gross idea which now shows lack of wisdom.
|
|
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
|
|
4.2 BSD takes a signal mask as argument while POSIX sigpause(int
sig) expects a single signal. Do not expose our traditional BSD
sigpause(3) to XPG/POSIX sources.
OK guenther@
|
|
From Raf Czlonka, ok sthen@
|
|
extensions and modern compilers (such as clang) will use them to optimize
separate calculations of sine and cosine.
ok tom@, patrick@, deraadt@, jmc@
|
|
needs (looking at you sgi, but others required this before). This is for
the circumstances we need pagesize known at compile time, not getpagesize()
runtime. Use it for malloc storage sizes, for shm, and to set pthread stack
default sizes. The stack sizes were a mess, and pushing them towards
page-aligned is healthy move (which will also be needed by the coming
stack register checker)
ok guenther kettenis, discussion with stefan
|
|
pledge for a new execve image immediately upon start. Also introduces
"error" which makes violations return -1 ENOSYS instead of killing the
program ("error" may not be handed to a setuid/setgid program, which
may be missing/ignoring syscall return values and would continue with
inconsistant state)
Discussion with many
florian has used this to improve the strictness of a daemon
|
|
now misalign things.
ok guenther@
|
|
__cxa_thread_atexit() implementation.
ok guenther@
|
|
While it is not clear (to me) why that ports ends up with corrupted
shared libs, reverting those changes fixes the issue and should allow us
to close p2k17 more smoothly.
Discussed with a bunch, ok ajacoutot@ guenther@
|
|
on the stack instead of mallocing the list and move the APIs from libpthread
to libc so that they can be used inside libc.
Note: the standard was explicitly written to permit/support this
"macro with unmatched brace" style and it's what basically everyone
else already does. We xor the info with random cookies with a
random magic to detect/trip-up overwrites.
Major bump to both libc and libpthread due to the API move.
ok mpi@
|
|
For the moment it only includes <sys/exec_elf.h> but the goal is to
stop pulling it directly and also replace <elf_abi.h> at least for
base applications.
ok deraadt@, jasper@, naddy@
|
|
implementation is now spread between libc and librthread. No changes
to the content
ok mpi@
|
