[patch] Fix inaccurate comment in usr.bin/w/w.c
Hi tech@, The following patch fix some inaccurate comment in w.c. E.g., there is no "-n" option, and "-a" instead. Sorry id I am wrong, thanks! Index: w.c === RCS file: /cvs/src/usr.bin/w/w.c,v retrieving revision 1.65 diff -u -p -r1.65 w.c --- w.c 18 Dec 2017 05:51:53 - 1.65 +++ w.c 14 Jun 2018 05:17:00 - @@ -71,9 +71,9 @@ struct winsizews; kvm_t *kd; time_t now;/* the current time of day */ intttywidth; /* width of tty */ -intargwidth; /* width of tty */ -intheader = 1; /* true if -h flag: don't print heading */ -intnflag = 1; /* true if -n flag: don't convert addrs */ +intargwidth; /* width of name and args of the current process */ +intheader = 1; /* false if -h or -M flag: don't print heading */ +intnflag = 1; /* false if -a flag: don't convert addrs */ intsortidle; /* sort by idle time */ char *sel_user; /* login of particular user selected */ char domain[HOST_NAME_MAX+1]; -- Best Regards Nan Xiao
Cantrill
Bryan Cantill was given my phone number by someone. He continued accusing me at https://lobste.rs/s/zwkuza/intel_cpus_might_leak_information_about He did not phone. I'm waiting for a call, or an apology. It says a lot when someone working for a gigantic company has to posture like that. I wonder if all *HIS* illumos clients are protected from all consequences of what heise mentioned around 2 months ago. Reports said there are apparently 8 problems, this is 1. 7 to go. Or more, because I suspect there are 2-3 generic problems which have a vast number of consequences. Has Illumos deployed all fixes? Maybe that is where the anger comes from. There is a note that Bryan thinks he could have gotten Intel to allow us access why did Intel not listen to him. So since OpenBSD is not in the embargo, we can fix the problems as we figure them out. We are willing to over-fix problems we guess at, and if they are not real, we will back out the solutions. The situation is that our users are vulnerable. We'll do the best we can to get ahead of the game, because otherwise we find out in late August because our users don't matter compared to Illumus or FreeBSD users. Suggest non-response from Intel. So far we suspect there is a collection of TLB effects, a collection of speculative instruction effects including basically being greedy about any instruction-result address being used to feed the caches and load via the TLB. Including eviction problems. Suspect there are workarounds subject to the limitations of the micro-architure, and trying to impliment this. R.N. Ibbett and N.P. Topham of 1989 providing guidance. Though I did receive 2 copies of a paper today Not from Bryan though, he's busy trying to get Intel to give us access, while slandering me on forums. Can he do both things at once?
Re: Inflamation by Bryan Cantrill Content-Transfer-Encoding: 8bit
Devin Ceartas wrote: > Thanks. > > On 13 Jun 2018, at 23:48, Theo de Raadt wrote: > > > In some forums, Bryan Cantrill is crafting a fiction. > > > > He is saying the FPU problem (and other problems) were received > > as a leak. > > > > He is not being truthful, inventing a storyline, and has not asked me > > for the facts. > > > > This was discovered by guessing Intel made a mistake. > > > > We are doing the best for OpenBSD. Our commit is best effort for our > > user community when Intel didn't reply to mails asking for us to be > > included. But we were not included, there was no reply. End of story. > > That leaves us to figure things out ourselves. > > > > Bryan is just upset we guessed right. It is called science. If Bryan has facts, he can phone me and discuss. I have asked someone to provide my cell # to him. I will let tech@ know if he phones me.
Re: Inflamation by Bryan Cantrill Content-Transfer-Encoding: 8bit
Thanks. On 13 Jun 2018, at 23:48, Theo de Raadt wrote: > In some forums, Bryan Cantrill is crafting a fiction. > > He is saying the FPU problem (and other problems) were received > as a leak. > > He is not being truthful, inventing a storyline, and has not asked me > for the facts. > > This was discovered by guessing Intel made a mistake. > > We are doing the best for OpenBSD. Our commit is best effort for our > user community when Intel didn't reply to mails asking for us to be > included. But we were not included, there was no reply. End of story. > That leaves us to figure things out ourselves. > > Bryan is just upset we guessed right. It is called science.
Inflamation by Bryan Cantrill Content-Transfer-Encoding: 8bit
In some forums, Bryan Cantrill is crafting a fiction. He is saying the FPU problem (and other problems) were received as a leak. He is not being truthful, inventing a storyline, and has not asked me for the facts. This was discovered by guessing Intel made a mistake. We are doing the best for OpenBSD. Our commit is best effort for our user community when Intel didn't reply to mails asking for us to be included. But we were not included, there was no reply. End of story. That leaves us to figure things out ourselves. Bryan is just upset we guessed right. It is called science.
fix file(1) memory leak
magic_test returns a xstrdup'd string, which was then being xstrdup'd
again without freeing the original copy (leaking memory).
casts added to avoid clang warning
warning: assigning to 'char *' from 'const char *' discards qualifiers
[-Wincompatible-pointer-types-discards-qualifiers]
inf->result = s;
ok?
-Bryan.
Index: file/file.c
===
RCS file: /cvs/src/usr.bin/file/file.c,v
retrieving revision 1.66
diff -u -p -u -r1.66 file.c
--- file/file.c 15 Jan 2018 19:45:51 - 1.66
+++ file/file.c 14 Jun 2018 02:55:32 -
@@ -603,7 +603,7 @@ try_text(struct input_file *inf)
s = magic_test(inf->m, inf->base, inf->size, flags);
if (s != NULL) {
- inf->result = xstrdup(s);
+ inf->result = (char *)s;
return (1);
}
@@ -635,7 +635,7 @@ try_magic(struct input_file *inf)
s = magic_test(inf->m, inf->base, inf->size, flags);
if (s != NULL) {
- inf->result = xstrdup(s);
+ inf->result = (char *)s;
return (1);
}
return (0);
Re: Change CMakeLists.txt in LibreSSL to use target_include_directores
You're correct, include/compat is intended to be private. We will need to make some tweaks here. On Mon, Jun 4, 2018 at 5:36 PM, Cameron Palmer wrote: > Question about the PUBLIC status of the ../include/compat headers in > CMakeLists.txt. > > I wrote the target_include_directories calls to include ../include/compat > in each of the targets and marked them PUBLIC, but I’m wondering if that > will cause conflicts with system headers like time.h and if they should be > marked PRIVATE. > > With them marked PUBLIC and including ssl or crypto one must add a > compiler define like -D HAVE_CLOCK_GETTIME in the linking project to avoid > a conflict. > > > On 29 May 2018, at 12:48, Brent Cook wrote: > > > > On Thu, May 24, 2018 at 10:10:58AM +, Cameron Palmer wrote: > >> It is beneficial for projects that depend on LibreSSL libraries and are > built with CMake to use target_link_libraries and automatically receive the > PUBLIC or INTERFACE headers without needing to specify include_directories. > This patch changes the project to use target_include_directories and header > scoping. > >> > > > > Makes sense. I made some minor fixes and committed to master. > >
Documentation for makeoptions DEBUG="-g" may need improvement
Hello, config(8) says: "To debug kernels and their crash dumps with gdb, add “makeoptions DEBUG="-g"” to the kernel configuration file. Refer to options(4) for further details." 1) kernel Makefile has DEBUG?= -g so you do not need to add anything to have it: you just need not to overwrite it 2) -g otpion is used not only for bsd.gdb: it also adds debug symbols to .obj files, which is used by objdump -dlr as covered here: https://www.openbsd.org/ddb.html options(4) says: "makeoptions DEBUG="" Do not build the debug kernel bsd.gdb." It is true, however it still says -g is used only for bsd.gdb /sys/arch//compile/GENRIC/obj/Makefile says: "# DEBUG is set to -g by config if debugging is requested (config -g)." But config(8) does not have "-g" option (I believe it had it many years ago, but it is now controlled by options(4)). All of that could be confusing. Some may think that "makeoptions DEBUG=""" only disables bsd.gdb, but with it you have .obj files with no debug info, so https://www.openbsd.org/ddb.html recipe does not work. I know that users should not recompile kernels, but I suggest to: * Fix config(8) man page: It should say that "-g" is default unless you set DEBUG="" explicitly * Add paragraph to config(8) and options(4) that says -g is needed to have .obj files with debug symbols * Add line to "ddb.html" that says you need to build kernel with "-g" (do not turn it off) to be able to run objdump -ldr * Change comment in Makefile about "-g" option. I can prepare diff if you agree.
tcp syn cache address family
Hi,
In syn_cache_get() the INP_IPV6 flag was checked in the AF_INET
case, but not for AF_INET6. In fact the check should be done in
syn_cache_lookup() so that the received syn cache entry has the
correct address family.
ok?
bluhm
Index: netinet/tcp_input.c
===
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/tcp_input.c,v
retrieving revision 1.356
diff -u -p -r1.356 tcp_input.c
--- netinet/tcp_input.c 11 Jun 2018 07:40:26 - 1.356
+++ netinet/tcp_input.c 13 Jun 2018 22:33:01 -
@@ -3390,7 +3390,9 @@ syn_cache_lookup(struct sockaddr *src, s
TAILQ_FOREACH(sc, &scp->sch_bucket, sc_bucketq) {
if (sc->sc_hash != hash)
continue;
- if (!bcmp(&sc->sc_src, src, src->sa_len) &&
+ if (sc->sc_src.sa.sa_family == src->sa_family &&
+ sc->sc_dst.sa.sa_family == dst->sa_family &&
+ !bcmp(&sc->sc_src, src, src->sa_len) &&
!bcmp(&sc->sc_dst, dst, dst->sa_len) &&
rtable_l2(rtableid) == rtable_l2(sc->sc_rtableid))
return (sc);
@@ -3540,11 +3542,6 @@ syn_cache_get(struct sockaddr *src, stru
switch (src->sa_family) {
case AF_INET:
- /* drop IPv4 packet to AF_INET6 socket */
- if (inp->inp_flags & INP_IPV6) {
- (void) m_free(am);
- goto resetandabort;
- }
if (in_pcbconnect(inp, am)) {
(void) m_free(am);
goto resetandabort;
Make witness(4) ready for UP systems
It makes sense to have witness(4) on uniprocessor systems, too. Lock-order
violations are not an MP-only thing. Since UP kernels do not have the kernel
lock, wrap the code in appropriate ifdefs.
---
sys/kern/subr_witness.c | 28 ++--
1 file changed, 22 insertions(+), 6 deletions(-)
diff --git a/sys/kern/subr_witness.c b/sys/kern/subr_witness.c
index 2f785d3a3d0..761494cdbea 100644
--- a/sys/kern/subr_witness.c
+++ b/sys/kern/subr_witness.c
@@ -94,7 +94,9 @@ __FBSDID("$FreeBSD: head/sys/kern/subr_witness.c 313261
2017-02-05 02:27:04Z mar
#include
#include
#include
+#ifdef MULTIPROCESSOR
#include
+#endif
#include
#include
#include
@@ -571,6 +573,20 @@ witness_init(struct lock_object *lock, const struct
lock_type *type)
lock->lo_witness = enroll(type, lock->lo_name, class);
}
+#ifdef MULTIPROCESSOR
+static inline int
+is_kernel_lock(const struct lock_object *lock)
+{
+ return (lock == &kernel_lock.mpl_lock_obj);
+}
+#else
+static inline int
+is_kernel_lock(const struct lock_object *lock)
+{
+ return (0);
+}
+#endif
+
#ifdef DDB
static void
witness_ddb_compute_levels(void)
@@ -924,7 +940,7 @@ witness_checkorder(struct lock_object *lock, int flags,
const char *file,
* lock, then skip it.
*/
if ((lock1->li_lock->lo_flags & LO_SLEEPABLE) != 0 &&
- lock == &kernel_lock.mpl_lock_obj)
+ is_kernel_lock(lock))
continue;
/*
@@ -932,7 +948,7 @@ witness_checkorder(struct lock_object *lock, int flags,
const char *file,
* is Giant, then skip it.
*/
if ((lock->lo_flags & LO_SLEEPABLE) != 0 &&
- lock1->li_lock == &kernel_lock.mpl_lock_obj)
+ is_kernel_lock(lock1->li_lock))
continue;
/*
@@ -950,7 +966,7 @@ witness_checkorder(struct lock_object *lock, int flags,
const char *file,
* lock, then treat it as a reversal.
*/
if ((lock1->li_lock->lo_flags & LO_SLEEPABLE) == 0 &&
- lock == &kernel_lock.mpl_lock_obj)
+ is_kernel_lock(lock))
goto reversal;
/*
@@ -994,7 +1010,7 @@ witness_checkorder(struct lock_object *lock, int flags,
const char *file,
printf("lock order reversal: "
"(sleepable after non-sleepable)\n");
else if ((lock1->li_lock->lo_flags & LO_SLEEPABLE) == 0
- && lock == &kernel_lock.mpl_lock_obj)
+ && is_kernel_lock(lock))
printf("lock order reversal: "
"(Giant after non-sleepable)\n");
else
@@ -1087,7 +1103,7 @@ witness_checkorder(struct lock_object *lock, int flags,
const char *file,
* always come before Giant.
*/
if (flags & LOP_NEWORDER &&
- !(plock->li_lock == &kernel_lock.mpl_lock_obj &&
+ !(is_kernel_lock(plock->li_lock) &&
(lock->lo_flags & LO_SLEEPABLE) != 0))
itismychild(plock->li_lock->lo_witness, w);
out:
@@ -1407,7 +1423,7 @@ witness_warn(int flags, struct lock_object *lock, const
char *fmt, ...)
if (lock1->li_lock == lock)
continue;
if (flags & WARN_KERNELOK &&
- lock1->li_lock == &kernel_lock.mpl_lock_obj)
+ is_kernel_lock(lock1->li_lock))
continue;
if (flags & WARN_SLEEPOK &&
(lock1->li_lock->lo_flags & LO_SLEEPABLE) != 0)
--
2.17.1
Re: witness report: vmmaplk, inode
On Wed, 13 Jun 2018, richard.n.proc...@gmail.com wrote: > I found this witness log on my computestick but not here. > > OpenBSD 6.3-current (GENERIC.MP) #10: Mon Jun 11 14:02:36 NZST 2018 > procter@dill.internal:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > (CVS checkout on this date, clean but for a pf patch. NZST is 12 > hours ahead of UTC.) For the record, I'm told there's a patch for this reversal: https://marc.info/?l=openbsd-bugs&m=152802593705776&w=2 , which was in posted in response to: https://marc.info/?l=openbsd-tech&m=152796704214156&w=2 (Steele) , and it also helped with: https://marc.info/?l=openbsd-tech&m=152821522023626&w=2 (Popovski) After patching my tree and noodling for a few more hours with emacs, firefox and chrome, the witness report hasn't reappeared. cheers, Richard. > > lock order reversal: > 1st 0xff0009fe22f8 vmmaplk (&map->lock) @ > /usr/src/sys/uvm/uvm_map.c:4433 > 2nd 0xff00691ec0a0 inode (&ip->i_lock) @ > /usr/src/sys/ufs/ufs/ufs_vnops.c:1555 > lock order "&ip->i_lock"(rrwlock) -> "&map->lock"(rwlock) first seen at: > #0 witness_checkorder+0x4b4 > #1 _rw_enter_read+0x49 > #2 uvmfault_lookup+0x8d > #3 uvm_fault+0x72 > #4 trap+0x516 > #5 recall_trap+0x8 > #6 copyout+0x48 > #7 ffs_read+0x1f0 > #8 VOP_READ+0x49 > #9 vn_read+0xca > #10 dofilereadv+0x21c > #11 sys_read+0x82 > #12 syscall+0x32a > #13 Xsyscall_untramp+0xc0 > lock order "&map->lock"(rwlock) -> "&ip->i_lock"(rrwlock) first seen at: > #0 witness_checkorder+0x4b4 > #1 _rw_enter+0x68 > #2 _rrw_enter+0x3e > #3 VOP_LOCK+0x3d > #4 vn_lock+0x34 > #5 uvn_io+0x1b8 > #6 uvm_pager_put+0x109 > #7 uvn_flush+0x424 > #8 uvm_map_clean+0x3e7 > #9 syscall+0x32a > #10 Xsyscall_untramp+0xc0 > > > OpenBSD 6.3-current (GENERIC.MP) #10: Mon Jun 11 14:02:36 NZST 2018 > procter@dill.internal:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 2056851456 (1961MB) > avail mem = 1963495424 (1872MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7b37e000 (51 entries) > bios0: vendor Intel Corp. version "SCCHTAX5.86A.0024.2016.0408.1041" date > 04/08/2016 > bios0: Intel Corporation STK1AW32SC > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S4 S5 > acpi0: tables DSDT FACP APIC FPDT FIDT MCFG UEFI SSDT HPET SSDT SSDT SSDT > LPIT BCFG PRAM BGRT CSRT WDAT > acpi0: wakeup devices > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1440.34 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu0: 1MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 79MHz > cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.95 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu1: 1MB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 4 (application processor) > cpu2: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.96 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu2: 1MB 64b/line 16-way L2 cache > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 6 (application processor) > cpu3: Intel(R) Atom(TM) x5-Z8300 CPU @ 1.44GHz, 1439.96 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu3: 1MB 64b/line 16-way L2 cache > cpu3: smt 0, core 3, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins > acpimcfg0 at acpi0 addr 0xe000, bus 0-255 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (RP01) > acpiprt2 at acpi0: bus -1 (RP02) > acpiprt3 at acpi0: bus -1 (RP03) > acpiprt4 at acpi0: bus -1 (RP04) > acpicpu0 at acpi0: C3(10@1000 mwait.1@0x6
route: replace hardcoded constants with defines
These seem more descriptive to me.
No binary change.
Feedback? OK?
Index: route.c
===
RCS file: /cvs/src/sbin/route/route.c,v
retrieving revision 1.214
diff -u -p -r1.214 route.c
--- route.c 1 May 2018 18:14:10 - 1.214
+++ route.c 13 Jun 2018 18:08:12 -
@@ -754,13 +754,13 @@ inet_makenetandmask(u_int32_t net, struc
else if (bits) {
addr = net;
mask = 0x << (32 - bits);
- } else if (net < 128) {
+ } else if (net < IN_CLASSA_MAX) {
addr = net << IN_CLASSA_NSHIFT;
mask = IN_CLASSA_NET;
- } else if (net < 65536) {
+ } else if (net < IN_CLASSB_MAX) {
addr = net << IN_CLASSB_NSHIFT;
mask = IN_CLASSB_NET;
- } else if (net < 16777216L) {
+ } else if (net < (1 << 24)) {
addr = net << IN_CLASSC_NSHIFT;
mask = IN_CLASSC_NET;
} else {
@@ -1003,7 +1003,7 @@ getmplslabel(char *s, int in)
const char *errstr;
u_int32_t label;
- label = strtonum(s, 0, 0x000f, &errstr);
+ label = strtonum(s, 0, MPLS_LABEL_MAX, &errstr);
if (errstr)
errx(1, "bad label: %s is %s", s, errstr);
if (in) {
@@ -1117,7 +1117,7 @@ rtmsg(int cmd, int flags, int fmask, uin
cmd = RTM_CHANGE;
else if (cmd == 'g') {
cmd = RTM_GET;
- if (so_ifp.sa.sa_family == 0) {
+ if (so_ifp.sa.sa_family == AF_UNSPEC) {
so_ifp.sa.sa_family = AF_LINK;
so_ifp.sa.sa_len = sizeof(struct sockaddr_dl);
rtm_addrs |= RTA_IFP;
@@ -1185,7 +1185,7 @@ mask_addr(union sockunion *addr, union s
switch (addr->sa.sa_family) {
case AF_INET:
case AF_INET6:
- case 0:
+ case AF_UNSPEC:
return;
}
cp1 = mask->sa.sa_len + 1 + (char *)addr;
Re: missed keybinding in cwm.1
HI - Thanks for the patch, but that's intentional; group0 will eventually become a real group and that's why only CM-a is documented (see r1.54). On Wed, Jun 13, 2018 at 2:16 PM, Mikhail wrote: > Missed keybinding in the man page: > > diff --git a/app/cwm/cwm.1 b/app/cwm/cwm.1 > index 3b4e76e83..3f8f5d241 100644 > --- a/app/cwm/cwm.1 > +++ b/app/cwm/cwm.1 > @@ -103,6 +103,8 @@ Reverse cycle through currently visible windows. > Delete current window. > .It Ic CM-[n] > Toggle visibility of group n, where n is 1-9. > +.It Ic CM-0 > +Toggle visibility of all groups. > .It Ic CM-a > Toggle visibility of all groups. > .It Ic CM-g >
missed keybinding in cwm.1
Missed keybinding in the man page: diff --git a/app/cwm/cwm.1 b/app/cwm/cwm.1 index 3b4e76e83..3f8f5d241 100644 --- a/app/cwm/cwm.1 +++ b/app/cwm/cwm.1 @@ -103,6 +103,8 @@ Reverse cycle through currently visible windows. Delete current window. .It Ic CM-[n] Toggle visibility of group n, where n is 1-9. +.It Ic CM-0 +Toggle visibility of all groups. .It Ic CM-a Toggle visibility of all groups. .It Ic CM-g
Re: httpd response mimetype bug
On Sat, Jan 13, 2018 at 05:23:35PM +0100, Sebastian Benoit wrote:
> Hiltjo Posthuma(hil...@codemadness.org) on 2018.01.13 13:08:38 +0100:
> > On Sat, Jan 13, 2018 at 09:39:44AM +0100, Anton Lindqvist wrote:
> > > On Tue, Jan 09, 2018 at 05:38:57PM +0100, Hidv?gi G?bor wrote:
> > > > >Synopsis: httpd reports wrong mimetype when item is in the browser
> > > > >cache
> > > > >Category: httpd
> > > > >Environment:
> > > > System : OpenBSD 6.2
> > > > Details : OpenBSD 6.2 (GENERIC) #91: Wed Oct 4 00:35:21 MDT
> > > > 2017
> > > >
> > > > dera...@armv7.openbsd.org:/usr/src/sys/arch/armv7/compile/GENERIC
> > > >
> > > > Architecture: OpenBSD.armv7
> > > > Machine : armv7
> > > > >Description:
> > > >
> > > > httpd serves static files (eg. images) with Last-Modified http header.
> > > > When
> > > > a browser next time asks whether this file changed (sends
> > > > If-Modified-Since
> > > > http header) httpd responds with wrong mimetype, 'text/html' when the
> > > > resource is in the browser cache (304 Not Modified status code).
> > > >
> > > > >How-To-Repeat:
> > > >
> > > > This bug is common, not arm only. When for example you open this image:
> > > > https://man.openbsd.org/openbsd.gif
> > > >
> > > > in a browser with developer tools (F12) open, on the network tab you can
> > > > take a look at the response headers, mimetype is correct (image/gif).
> > > > After
> > > > opening press refresh (F5) and look at the response headers again, and
> > > > you
> > > > get the incorrect mimetype, 'text/html'.
> > > >
> > > > >Fix:
> > > >
> > > > check httpd source
> > >
> > > Please try out this diff, it makes sure to set the correct MIME-type and
> > > not respond with a body if the resource has not changed. Sending this to
> > > tech@ as well.
> > >
> > > Index: server_file.c
> > > ===
> > > RCS file: /cvs/src/usr.sbin/httpd/server_file.c,v
> > > retrieving revision 1.65
> > > diff -u -p -r1.65 server_file.c
> > > --- server_file.c 2 Feb 2017 22:19:59 - 1.65
> > > +++ server_file.c 12 Jan 2018 19:10:20 -
> > > @@ -230,8 +230,15 @@ server_file_request(struct httpd *env, s
> > > goto abort;
> > > }
> > >
> > > - if ((ret = server_file_modified_since(clt->clt_descreq, st)) != -1)
> > > - return (ret);
> > > + if (server_file_modified_since(clt->clt_descreq, st) == 0) {
> > > + media = media_find_config(env, srv_conf, path);
> > > + ret = server_response_http(clt, 304, media, 0,
> > > + st->st_mtim.tv_sec);
> > > + if (ret != -1)
> > > + goto done;
> > > + else
> > > + goto fail;
> > > + }
> > >
> > > /* Now open the file, should be readable or we have another problem */
> > > if ((fd = open(path, O_RDONLY)) == -1)
> > > @@ -663,10 +670,10 @@ server_file_modified_since(struct http_d
> > > if (strptime(since->kv_value,
> > > "%a, %d %h %Y %T %Z", &tm) != NULL &&
> > > timegm(&tm) >= st->st_mtim.tv_sec)
> > > - return (304);
> > > + return (0);
> > > }
> > >
> > > - return (-1);
> > > + return (1);
> > > }
> > >
> > > int
> > >
> >
> > Hey,
> >
> > I've tested your patch.
> >
> > When requesting a non-modified CSS file:
> >
> > #!/bin/sh
> > host="127.0.0.1"
> > port="6970"
> > printf 'GET /style.css HTTP/1.1\r\nHost: %s:%s\r\nIf-Modified-Since:
> > Sat, 16 Dec 2017 13:07:53 GMT\r\nConnection: close\r\n\r\n' "$host" "$port"
> > | \
> > nc "$host" "$port"
> >
> > Full HTTP response:
> >
> > HTTP/1.1 304 Not Modified
> > Connection: close
> > Content-Length: 0
> > Content-Type: text/css
> > Date: Sat, 13 Jan 2018 11:54:13 GMT
> > Last-Modified: Sun, 05 Mar 2017 12:22:05 GMT
> > Server: OpenBSD httpd
> >
> > I wonder if httpd should just omit the response header Content-Length and
> > Content-Type entirely for this statuscode. Some httpd such as Nginx just
> > omit them aswell.
>
> rfc7230 HTTP/1.1 Message Syntax and Routing page 29f.
>
>A server MAY send a Content-Length header field in a 304 (Not
>Modified) response to a conditional GET request (Section 4.1 of
>[RFC7232]); a server MUST NOT send Content-Length in such a response
> *unless its field-value equals the decimal number of octets that would*
>have been sent in the payload body of a 200 (OK) response to the same
>request.
>
So I think it is better to omit the Content-Length header. I'm afraid
that a (potentially broken) client will wait for a body even with the
304 response.
The diff below is based on Anton's fix but without changing the code's
style to a boolean 0/1. It also avoids an mtime in the future (same
as the other server_response_http() further below), and omits the
Content-Length by accepting a -1 size.
Reyk
Index: usr.sbin/httpd/server_fil
Re: netintro.4 fix
On Wed, Jun 13, 2018 at 05:19:29PM +0200, Florian Obser wrote: > On Wed, Jun 13, 2018 at 06:03:00PM +0300, Mikhail wrote: > > Nuke non-existing chapter link in netintro.4. > > My system has quite a few DIAGNOSTIC sections in section 4: > > $ fgrep DIAGNOSTICS /usr/share/man/man4/* | wc -l > 72 > it's an easy mistake to make. but i think the text is clear enough, since just before it, it says: The SYNOPSIS section of each network interface entry gives a sample specification of the related drivers for use in providing a system description to the config(8) program. in that context, i don;t think we need to spell out the implied "of each network interface". jmc
Re: httpd 3/3: request rewrite
On Wed, May 30, 2018 at 12:36:05AM +0200, Reyk Floeter wrote:
> as mentioned in the big diff before, this implements rewrites. This
> diff applies on top of the previous ones.
>
> Implement the "request rewrite" option for internal rewrites.
>
> For example:
>
> location match "/page/(%d+)/.*" {
> request rewrite "/static/index.php?id=%1&$QUERY_STRING"
> }
>
> Please note that httpd uses patterns(7) and not regex.
>
Same, diff, re-applied on top of the previous commits.
OK?
Reyk
Index: usr.sbin/httpd/config.c
===
RCS file: /cvs/src/usr.sbin/httpd/config.c,v
retrieving revision 1.54
diff -u -p -u -p -r1.54 config.c
--- usr.sbin/httpd/config.c 19 May 2018 13:56:56 - 1.54
+++ usr.sbin/httpd/config.c 13 Jun 2018 15:18:24 -
@@ -476,6 +476,13 @@ config_getserver_config(struct httpd *en
&parent->default_type, sizeof(struct media_type));
}
+ f = SRVFLAG_PATH_REWRITE|SRVFLAG_NO_PATH_REWRITE;
+ if ((srv_conf->flags & f) == 0) {
+ srv_conf->flags |= parent->flags & f;
+ (void)strlcpy(srv_conf->path, parent->path,
+ sizeof(srv_conf->path));
+ }
+
f = SRVFLAG_SERVER_HSTS;
srv_conf->flags |= parent->flags & f;
srv_conf->hsts_max_age = parent->hsts_max_age;
Index: usr.sbin/httpd/httpd.conf.5
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.conf.5,v
retrieving revision 1.97
diff -u -p -u -p -r1.97 httpd.conf.5
--- usr.sbin/httpd/httpd.conf.5 13 Jun 2018 15:08:24 - 1.97
+++ usr.sbin/httpd/httpd.conf.5 13 Jun 2018 15:18:25 -
@@ -198,6 +198,8 @@ argument can be used with return codes i
.Sq Location:
header for redirection to a specified URI.
.Pp
+It is possible to rewrite the request to redirect it to a different
+external location.
The
.Ar uri
may contain predefined macros that will be expanded at runtime:
@@ -396,10 +398,10 @@ the
using pattern matching instead of shell globbing rules,
see
.Xr patterns 7 .
-The pattern may contain captures that can be used in the
-.Ar uri
-of an enclosed
+The pattern may contain captures that can be used in an enclosed
.Ic block return
+or
+.Ic request rewrite
option.
.It Oo Ic no Oc Ic log Op Ar option
Set the specified logging options.
@@ -462,6 +464,19 @@ in a location.
Configure the options for the request path.
Valid options are:
.Bl -tag -width Ds
+.It Oo Ic no Oc Ic rewrite Ar path
+Enable or disable rewriting of the request.
+Unlike the redirection with
+.Ic block return ,
+this will change the request path internally before
+.Nm httpd
+makes a final decision about the matching location.
+The
+.Ar path
+argument may contain predefined macros that will be expanded at runtime.
+See the
+.Ic block return
+option for the list of supported macros.
.It Ic strip Ar number
Strip
.Ar number
@@ -721,6 +736,17 @@ server "example.com" {
server "www.example.com" {
listen on 10.0.0.1 port 80
+}
+.Ed
+The request can also be rewritten with the
+.Ic request rewrite
+directive:
+.Bd -literal -offset indent
+server "example.com" {
+ listen on * port 80
+ location match "/old/(.*)" {
+ request rewrite "/new/%1"
+ }
}
.Ed
.Sh SEE ALSO
Index: usr.sbin/httpd/httpd.h
===
RCS file: /cvs/src/usr.sbin/httpd/httpd.h,v
retrieving revision 1.137
diff -u -p -u -p -r1.137 httpd.h
--- usr.sbin/httpd/httpd.h 19 May 2018 13:56:56 - 1.137
+++ usr.sbin/httpd/httpd.h 13 Jun 2018 15:18:25 -
@@ -398,13 +398,15 @@ SPLAY_HEAD(client_tree, client);
#define SRVFLAG_SERVER_MATCH 0x0020
#define SRVFLAG_SERVER_HSTS0x0040
#define SRVFLAG_DEFAULT_TYPE 0x0080
+#define SRVFLAG_PATH_REWRITE 0x0100
+#define SRVFLAG_NO_PATH_REWRITE0x0200
#define SRVFLAG_BITS \
"\10\01INDEX\02NO_INDEX\03AUTO_INDEX\04NO_AUTO_INDEX" \
"\05ROOT\06LOCATION\07FCGI\10NO_FCGI\11LOG\12NO_LOG\13SOCKET" \
"\14SYSLOG\15NO_SYSLOG\16TLS\17ACCESS_LOG\20ERROR_LOG" \
"\21AUTH\22NO_AUTH\23BLOCK\24NO_BLOCK\25LOCATION_MATCH" \
- "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE"
+ "\26SERVER_MATCH\27SERVER_HSTS\30DEFAULT_TYPE\31PATH\32NO_PATH"
#define TCPFLAG_NODELAY0x01
#define TCPFLAG_NNODELAY 0x02
@@ -470,8 +472,9 @@ struct server_config {
uint32_t parent_id;
char name[HOST_NAME_MAX+1];
char location[HTTPD_LOCATION_MAX];
- char index[PATH_MAX];
char root[PATH_MAX];
+ cha
Re: netintro.4 fix
On Wed, Jun 13, 2018 at 06:03:00PM +0300, Mikhail wrote: > Nuke non-existing chapter link in netintro.4. My system has quite a few DIAGNOSTIC sections in section 4: $ fgrep DIAGNOSTICS /usr/share/man/man4/* | wc -l 72 > > Index: netintro.4 > === > RCS file: /home/misha/work/cvs/src/share/man/man4/netintro.4,v > retrieving revision 1.52 > diff -u -p -r1.52 netintro.4 > --- netintro.4 28 Apr 2018 16:16:43 - 1.52 > +++ netintro.4 13 Jun 2018 15:00:28 - > @@ -97,14 +97,6 @@ specification of the related drivers for > to the > .Xr config 8 > program. > -The > -.Sx DIAGNOSTICS > -section lists messages which may appear on the console > -and/or in the system error log, > -.Pa /var/log/messages > -(see > -.Xr syslogd 8 ) , > -due to errors in device operation. > .Pp > Network interfaces may be collected together into interface groups. > An interface group is a container that can be used generically when > -- I'm not entirely sure you are real.
netintro.4 fix
Nuke non-existing chapter link in netintro.4. Index: netintro.4 === RCS file: /home/misha/work/cvs/src/share/man/man4/netintro.4,v retrieving revision 1.52 diff -u -p -r1.52 netintro.4 --- netintro.4 28 Apr 2018 16:16:43 - 1.52 +++ netintro.4 13 Jun 2018 15:00:28 - @@ -97,14 +97,6 @@ specification of the related drivers for to the .Xr config 8 program. -The -.Sx DIAGNOSTICS -section lists messages which may appear on the console -and/or in the system error log, -.Pa /var/log/messages -(see -.Xr syslogd 8 ) , -due to errors in device operation. .Pp Network interfaces may be collected together into interface groups. An interface group is a container that can be used generically when
Re: make octeon kernels compile with DEBUG.
On Wed, Jun 13, 2018 at 08:34:46AM +0200, Janne Johansson wrote: > The unconditional #define DEBUG in octeon/machdep.c is somewhat weird. > > Should we just keep the whole block and remove the #ifdefs, move it to > #if 1 for later easy removal? Dunno, but it won't compile with DEBUG > unless something is done or it will complain about DEBUG getting redefined. I think it is best to make the block unconditional. The output contains interesting information after all. I committed the patch with minor tweaks and added two changes to cover the RAMDISK kernel. Thank you!
nsd 4.1.22
OK? diff --git config.h.in config.h.in index 795944fb1af..d3470836f26 100644 --- config.h.in +++ config.h.in @@ -25,6 +25,9 @@ /* Define to the default facility for syslog. */ #undef FACILITY +/* Define to 1 if you have the `accept4' function. */ +#undef HAVE_ACCEPT4 + /* Define to 1 if you have the `alarm' function. */ #undef HAVE_ALARM diff --git configure configure index 53d6619bf50..e034b5441ec 100644 --- configure +++ configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for NSD 4.1.21. +# Generated by GNU Autoconf 2.69 for NSD 4.1.22. # # Report bugs to . # @@ -580,8 +580,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='NSD' PACKAGE_TARNAME='nsd' -PACKAGE_VERSION='4.1.21' -PACKAGE_STRING='NSD 4.1.21' +PACKAGE_VERSION='4.1.22' +PACKAGE_STRING='NSD 4.1.22' PACKAGE_BUGREPORT='nsd-b...@nlnetlabs.nl' PACKAGE_URL='' @@ -1286,7 +1286,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures NSD 4.1.21 to adapt to many kinds of systems. +\`configure' configures NSD 4.1.22 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1347,7 +1347,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of NSD 4.1.21:";; + short | recursive ) echo "Configuration of NSD 4.1.22:";; esac cat <<\_ACEOF @@ -1496,7 +1496,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -NSD configure 4.1.21 +NSD configure 4.1.22 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2205,7 +2205,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by NSD $as_me 4.1.21, which was +It was created by NSD $as_me 4.1.22, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -7949,7 +7949,7 @@ _ACEOF fi done -for ac_func in tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime +for ac_func in tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime accept4 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -8048,7 +8048,7 @@ fi esac # check if setreuid en setregid fail, on MacOSX10.4(darwin8). -if echo $build_os | grep darwin8 > /dev/null; then +if echo $target_os | grep darwin8 > /dev/null; then $as_echo "#define DARWIN_BROKEN_SETREUID 1" >>confdefs.h @@ -9784,7 +9784,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by NSD $as_me 4.1.21, which was +This file was extended by NSD $as_me 4.1.22, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES= $CONFIG_FILES @@ -9846,7 +9846,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/&/g'`" ac_cs_version="\\ -NSD config.status 4.1.21 +NSD config.status 4.1.22 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff --git configure.ac configure.ac index be37d81776a..4c6772a47bd 100644 --- configure.ac +++ configure.ac @@ -4,7 +4,7 @@ dnl sinclude(acx_nlnetlabs.m4) -AC_INIT(NSD,4.1.21,nsd-b...@nlnetlabs.nl) +AC_INIT(NSD,4.1.22,nsd-b...@nlnetlabs.nl) AC_CONFIG_HEADER([config.h]) CFLAGS="$CFLAGS" @@ -597,7 +597,7 @@ AC_SYS_LARGEFILE AC_CHECK_SIZEOF(void*) AC_CHECK_SIZEOF(off_t) AC_CHECK_FUNCS([arc4random arc4random_uniform]) -AC_CHECK_FUNCS([tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrinfo getnameinfo freeaddrinfo gai_strerror sigaction sigprocmask strptime strftime localtime_r setusercontext glob initgroups setresuid setreuid setresgid setregid getpwnam mmap ppoll clock_gettime]) +AC_CHECK_FUNCS([tzset alarm chroot dup2 endpwent gethostname memset memcpy pwrite socket strcasecmp strchr strdup strerror strncasecmp strtol writev getaddrin
Re: [patch] crontab(5) add -n option to suppress mail when the run was successful
On Tue, Jun 12, 2018 at 09:13:05PM +0200, Job Snijders wrote:
> On Tue, Jun 12, 2018 at 09:54:47AM -0600, Theo de Raadt wrote:
> > I would prefer if the -q and -n descriptions were in a table. I dislike
> > the ancient style of describing such things inline (harder to spot).
> > And it really falls down when there are multiple ones. How do you
> > feel about that jmc?
>
> Agreed, I changed it a bit to improve readability.
>
morning.
i agree a small list for the options is probably clearer. but not in
the way your diff does it. the format of the page is very odd anyway.
barring a rewrite, i'd just keep it as it is, but add a standard text
along the lines of:
Commands may be modified as follows:
.Bl -tag width Ds
.It Li %
...
.It Fl n Ar command
...
something like that?
i don;t want to see it split up into these small mini sections, but i
understand the need. the page might benefit from some sort of reworking,
but i'd save that for another diff.
jmc
> > Also, do -qn and -nq work? How about -nnn. Not saying those make a
> > lot of sense, but once getopt syntax is borrowed it should probably be
> > honoured.
>
> I redid this piece a little bit, and opted to go a bit stricter to leave
> as much freedom as possible for future extensions.
>
> OK:
> -n command
> -n -q command
> -q -n command
> -q command
> command
>
> Not OK:
> -nn command
> -qn command
> -q -q command
> -n -n -q command
>
> My thinking is by being strict now, we make it possible to add arguments
> to options in the future. If we allow "-nn" or "-nq" now, we won't be
> able to allow "-n...@instituut.net" in the future. Or maybe we'll want
> "-v" to mean something different than "-vv". I don't know, so prefer to
> be less forgiving.
>
> Kind regards,
>
> Job
>
>
> diff --git usr.sbin/cron/crontab.5 usr.sbin/cron/crontab.5
> index 9c2e651980a..d9330698fd3 100644
> --- usr.sbin/cron/crontab.5
> +++ usr.sbin/cron/crontab.5
> @@ -193,15 +193,29 @@ will be changed into newline characters, and all data
> after the first
> .Ql %
> will be sent to the command as standard input.
> -If the
> +.Ss Options
> +The
> .Ar command
> -field begins with
> -.Ql -q ,
> -execution will not be logged.
> +field can begin with one or more options.
> +.Bl -tag -width Ds
> +.It Fl n
> +No mail is send after a successful run.
> +The execution output will only be mailed if the command exits with a non-zero
> +exit code.
> +The
> +.Ql -n
> +option is an attempt to cure potentially copious volumes of mail coming from
> +.Xr cron 8 .
> +.It Fl q
> +Execution will not be logged.
> +.El
> +.Pp
> Use whitespace to separate
> -.Ql -q
> -from the command.
> +.Ql -n ,
> +.Ql -q ,
> +and the command.
> .Pp
> +.Ss Execution
> Commands are executed by
> .Xr cron 8
> when the
> @@ -329,6 +343,9 @@ Ranges may include
> .It
> Months or days of the week can be specified by name.
> .It
> +Mailing after a successful run can be suppressed with
> +.Ql -n .
> +.It
> Logging can be suppressed with
> .Ql -q .
> .It
> diff --git usr.sbin/cron/do_command.c usr.sbin/cron/do_command.c
> index 6a4022fcc9a..4fbca61d170 100644
> --- usr.sbin/cron/do_command.c
> +++ usr.sbin/cron/do_command.c
> @@ -3,6 +3,7 @@
> /* Copyright 1988,1990,1993,1994 by Paul Vixie
> * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
> * Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
> + * Copyright (c) 2018 Job Snijders
> *
> * Permission to use, copy, modify, and distribute this software for any
> * purpose with or without fee is hereby granted, provided that the above
> @@ -80,7 +81,6 @@ child_process(entry *e, user *u)
> char **p, *input_data, *usernm;
> auth_session_t *as;
> login_cap_t *lc;
> - int children = 0;
> extern char **environ;
>
> /* mark ourselves as different to PS command watchers */
> @@ -146,7 +146,9 @@ child_process(entry *e, user *u)
>
> /* fork again, this time so we can exec the user's command.
>*/
> - switch (fork()) {
> +
> + pid_t jobpid;
> + switch (jobpid = fork()) {
> case -1:
> syslog(LOG_ERR, "(CRON) CAN'T FORK (%m)");
> _exit(EXIT_FAILURE);
> @@ -260,8 +262,6 @@ child_process(entry *e, user *u)
> break;
> }
>
> - children++;
> -
> /* middle process, child of original cron, parent of process running
>* the user's command.
>*/
> @@ -283,7 +283,8 @@ child_process(entry *e, user *u)
>* we would block here. thus we must fork again.
>*/
>
> - if (*input_data && fork() == 0) {
> + pid_t stdinjob;
> + if (*input_data && (stdinjob = fork()) == 0) {
> FILE *out = fdopen(stdin_pipe[WRITE_PIPE], "w");
> int need_newline = FALSE;
> int escaped = FALSE;
> @@ -331,8 +332,6 @@ child_process(entry *e, user *u)
>*/
> close
Re: reduce usage of mbuf cluster
On Wed, Jun 13, 2018 at 01:20:29PM +0900, YASUOKA Masahiko wrote:
> > The MCLGET() cannot be called anymore. Can we remove it and add a
> > compile time assert instead?
> >
> > CTASSERT(sizeof(struct ip) + sizeof(struct tcphdr) <= MHLEN);
> > CTASSERT(sizeof(struct ip6_hdr) + sizeof(struct tcphdr) <= MHLEN);
>
> Yes, it's possible and it seems better.
>
> ok?
OK bluhm@
> Index: sys/netinet/tcp_subr.c
> ===
> RCS file: /cvs/src/sys/netinet/tcp_subr.c,v
> retrieving revision 1.171
> diff -u -p -r1.171 tcp_subr.c
> --- sys/netinet/tcp_subr.c8 May 2018 15:10:33 - 1.171
> +++ sys/netinet/tcp_subr.c13 Jun 2018 04:18:25 -
> @@ -191,6 +191,9 @@ tcp_template(struct tcpcb *tp)
> struct mbuf *m;
> struct tcphdr *th;
>
> + CTASSERT(sizeof(struct ip) + sizeof(struct tcphdr) <= MHLEN);
> + CTASSERT(sizeof(struct ip6_hdr) + sizeof(struct tcphdr) <= MHLEN);
> +
> if ((m = tp->t_template) == 0) {
> m = m_get(M_DONTWAIT, MT_HEADER);
> if (m == NULL)
> @@ -208,19 +211,6 @@ tcp_template(struct tcpcb *tp)
> #endif /* INET6 */
> }
> m->m_len += sizeof (struct tcphdr);
> -
> - /*
> - * The link header, network header, TCP header, and TCP options
> - * all must fit in this mbuf. For now, assume the worst case of
> - * TCP options size. Eventually, compute this from tp flags.
> - */
> - if (m->m_len + MAX_TCPOPTLEN + max_linkhdr >= MHLEN) {
> - MCLGET(m, M_DONTWAIT);
> - if ((m->m_flags & M_EXT) == 0) {
> - m_free(m);
> - return (0);
> - }
> - }
> }
>
> switch(tp->pf) {
make octeon kernels compile with DEBUG.
Have nothing else than octeons to test with, but I guess it
affects/fixes other mips64s too.
For mips64_machdep.c, the vaddr_t va wasn't printable with %p, and since
vaddr_t seems to be a unsigned long on mips64, I just %lx'd it. Casting
it to (void *) also worked.
The unconditional #define DEBUG in octeon/machdep.c is somewhat weird.
Should we just keep the whole block and remove the #ifdefs, move it to
#if 1 for later easy removal? Dunno, but it won't compile with DEBUG
unless something is done or it will complain about DEBUG getting redefined.
Index: arch/mips64/mips64/db_machdep.c
===
RCS file: /cvs/src/sys/arch/mips64/mips64/db_machdep.c,v
retrieving revision 1.49
diff -u -p -u -r1.49 db_machdep.c
--- arch/mips64/mips64/db_machdep.c 20 Mar 2018 15:45:32 - 1.49
+++ arch/mips64/mips64/db_machdep.c 12 Jun 2018 19:07:21 -
@@ -185,7 +185,7 @@ db_enter_ddb(void)
mtx_enter(&ddb_mp_mutex);
#ifdef DEBUG
- printf("db_enter_ddb %d: state %x pause %x\n", ci->ci_cpuid,
+ printf("db_enter_ddb %ld: state %x pause %x\n", ci->ci_cpuid,
ddb_state, ci->ci_ddb);
#endif
/* If we are first in, grab ddb and stop all other CPUs */
Index: arch/mips64/mips64/ipifuncs.c
===
RCS file: /cvs/src/sys/arch/mips64/mips64/ipifuncs.c,v
retrieving revision 1.18
diff -u -p -u -r1.18 ipifuncs.c
--- arch/mips64/mips64/ipifuncs.c 18 Feb 2018 14:42:32 - 1.18
+++ arch/mips64/mips64/ipifuncs.c 12 Jun 2018 19:07:21 -
@@ -131,7 +131,7 @@ mips64_send_ipi(unsigned int cpuid, unsi
if (cpuid >= CPU_MAXID || get_cpu_info(cpuid) == NULL)
panic("mips_send_ipi: bogus cpu_id");
if (!cpuset_isset(&cpus_running, get_cpu_info(cpuid)))
- panic("mips_send_ipi: CPU %ld not running", cpuid);
+ panic("mips_send_ipi: CPU %d not running", cpuid);
#endif
atomic_setbits_int(&ipi_mailbox[cpuid], ipimask);
@@ -162,7 +162,7 @@ void
mips64_ipi_nop(void)
{
#ifdef DEBUG
- printf("mips64_ipi_nop on cpu%d\n", cpu_number());
+ printf("mips64_ipi_nop on cpu%ld\n", cpu_number());
#endif
}
Index: arch/mips64/mips64/mips64_machdep.c
===
RCS file: /cvs/src/sys/arch/mips64/mips64/mips64_machdep.c,v
retrieving revision 1.25
diff -u -p -u -r1.25 mips64_machdep.c
--- arch/mips64/mips64/mips64_machdep.c 2 Sep 2017 15:56:29 - 1.25
+++ arch/mips64/mips64/mips64_machdep.c 12 Jun 2018 19:07:21 -
@@ -186,7 +186,7 @@ exec_md_map(struct proc *p, struct exec_
if (rc != 0)
return rc;
#ifdef DEBUG
- printf("%s: p %p fppgva %p\n", __func__, p, va);
+ printf("%s: p %p fppgva %lx\n", __func__, p, va);
#endif
p->p_md.md_fppgva = va;
#endif
Index: arch/octeon/octeon/machdep.c
===
RCS file: /cvs/src/sys/arch/octeon/octeon/machdep.c,v
retrieving revision 1.105
diff -u -p -u -r1.105 machdep.c
--- arch/octeon/octeon/machdep.c9 Apr 2018 13:46:15 -
1.105
+++ arch/octeon/octeon/machdep.c12 Jun 2018 19:07:21 -
@@ -419,7 +419,9 @@ mips_init(register_t a0, register_t a1,
consinit();
printf("Initial setup done, switching console.\n");
+#ifndef DEBUG
#define DEBUG
+#endif
#ifdef DEBUG
#define DUMP_BOOT_DESC(field, format) \
printf("boot_desc->" #field ":" #format "\n", boot_desc->field)
--
-"Any girl with sense love those dead presidents"
Quireboys - Debbie
signature.asc
Description: OpenPGP digital signature
CVE-2018-12015: Directory Traversal in Archive::Tar
Hi,
The version of Archive::Tar part of the base system's Perl contains
CVE-2018-12015:
Original bug report: https://rt.cpan.org/Public/Bug/Display.html?id=125523
Original commit with the fix:
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
The vulnerability was fixed in version 2.28 of Archive::Tar.
The attached patch is for OpenBSD 6.3.
Greetings,
Matthias
CVE-2018-12015: Directory Traversal in Archive::Tar
From ae65651eab053fc6dc4590dbb863a268215c1fc5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Petr=20P=C3=ADsa=C5=99?=
Date: Fri, 8 Jun 2018 11:45:40 +0100
Subject: [PATCH] [PATCH] Remove existing files before overwriting them
Archive should extract only the latest same-named entry.
Extracted regular file should not be writtent into existing block
device (or any other one).
https://rt.cpan.org/Ticket/Display.html?id=125523
Signed-off-by: Chris 'BinGOs' Williams
---
lib/Archive/Tar.pm | 14 ++
1 file changed, 14 insertions(+)
diff --git a/lib/Archive/Tar.pm b/lib/Archive/Tar.pm
index 6244369..a83975f 100644
--- gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive/Tar.pm.orig Tue Jun 12
13:29:41 2018
+++ gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive/Tar.pm Tue Jun 12
13:34:19 2018
@@ -845,6 +845,20 @@ sub _extract_file {
return;
}
+ ### If a file system already contains a block device with the same
name as
+ ### the being extracted regular file, we would write the file's content
+ ### to the block device. So remove the existing file (block device)
now.
+ ### If an archive contains multiple same-named entries, the last one
+ ### should replace the previous ones. So remove the old file now.
+ ### If the old entry is a symlink to a file outside of the CWD, the new
+ ### entry would create a file there. This is CVE-2018-12015
+ ### .
+ if (-l $full || -e _) {
+ if (!unlink $full) {
+ $self->_error( qq[Could not remove old file '$full': $!] );
+ return;
+ }
+ }
if( length $entry->type && $entry->is_file ) {
my $fh = IO::File->new;
$fh->open( '>' . $full ) or (
