Age | Commit message (Collapse) | Author |
|
* random/gnupg-random.c (mix_pool): Store the first hash at the end of
the pool.
--
This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.
The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology. A paper describing the problem in
detail will shortly be published.
This is a port of c6dbfe89 from the GnuPG classic branch.
CVE-id: CVE-2016-6313
|
|
* init/init.c (main): Run /libexec/runsystem.hurd instead of
/etc/hurd/runsystem.hurd.
|
|
* daemons/runsystem.hurd: Rename to daemons/runsystem.hurd.sh
* daemons/Makefile (targets): Add runsystem.hurd
(special-targets): Likewise.
(runsystem.hurd): New rule, simply depends on runsystem.hurd.sh
|
|
* libfshelp/translator-list.c (translator_ihash_cleanup): Release reference.
(fshelp_set_active_translator): Acquire reference
|
|
* startup/startup.c (launch_something): Always increment TRY even on
success, so that if runsystem unexpectedly returns, we get to try a shell
instead.
|
|
Thanks Brent W. Baccala for the report.
* starpu/startup.c (launch_something): Always increment TRY while looping
over runsystem possibilities.
|
|
Falling back from the io_map method needs to handle the "anywhere" flag too
by updating MAPSTART.
* exec/exec.c (write_to_task): Turn MAPSTART parameter into a reference to
the address. Fix usage accordingly.
(load_section): Pass address of MAPSTART to write_to_task so it can update
it.
|
|
It is just a warning, not a fatal error.
* libdiskfs/init-startup.c (_diskfs_init_completed): Prefix warning about
requesting shutdown nofication with "warning:".
* random/random.c (main): Likewise.
|
|
or called with a small array.
This notably happens when using a sub-exec, see BZ #48919.
* exec/hashexec.c (check_hashbang): Check std_nports before accessing
std_ports.
|
|
|
|
* trans/remap.c (parse_opt): Error out if some path is not absolute.
|
|
It happens that the link script for ld.so contains a hole, which might thus
leave an empty page between the text and the data. When loading a small pic
program, its text would then fit in there, and loading the data right after
it would fail. We here rather force all pic loads to be mapped
contiguously, starting from the place that was allocated for the first pic
load.
* exec/exec.c (load_section): Return the address of the end of the section.
(load): Take the address to be used for loading pic objects as parameter,
force pic objects there if it is not zero, and compute and return the
address to be used for the next pic object.
(do_exec): Pass addresses for pic loads between calls to load().
|
|
This will now display the 'argv: data_t' argument of file_exec
as e.g. "who\0am\0i\0" rather than just "who". In contrast,
the 'file_name: string_t' argument of dir_lookup will still be
truncated at the first null character.
The previous implementation might crash if an out-of-line
char array exactly fills a page and does not contain any
null characters.
* utils/rpctrace.c (print_data): On MACH_MSG_TYPE_STRING and
MACH_MSG_TYPE_CHAR, check for end of buffer before checking for a null
character. On MACH_MSG_TYPE_CHAR only, continue printing past null
characters.
|
|
* mach-defpager/default_pager.c (destroy_paging_partition): Add missing
unlock when destroying partition fails.
|
|
* mach-defpager/default_pager.c (pager_dealloc_page, pager_read_offset,
pager_write_offset, default_read, default_write, destroy_paging_partition,
seqnos_memory_object_terminate, seqnos_memory_object_data_request,
seqnos_memory_object_data_initialize): Fix debugging prints formats.
|
|
It was used long ago, poses problems to readline, and currently conflicts
with TAB1
Thanks Kalle Olavi Niemitalo for the report and rationale
* term/munge.c (output_character): Do not handle OTILDE.
(output_width): Likewise.
* term/term.h (OTILDE): Drop macro definition.
* term/users.c (open_hook): Do not check OTILDE flag.
|
|
Add an option to specify a template used to construct core file names.
This way core files can be collected at a predictable central
location.
* hurd/crash.defs (crash_dump_task): Return EEXIST if the core file
has been written elsewhere.
* trans/crash.c (corefile_template): New variable.
(template_valid): New function.
(template_make_file_name): Likewise.
(S_crash_dump_task): Use the template to construct a name, open the
file, and write the core dump there instead of the handle provided by
the caller.
(argp_option): New option.
(doc): Document the format.
(parse_opt): Handle new option
(trivfs_append_args): Likewise.
|
|
* pflocal/socket.c (S_socket_send): Also test for MSG_DONTWAIT in `flags'
for the `noblock' parameter of pipe_send call.
(S_socket_recv): Likewise for pipe_recv call.
|
|
* sutils/Makefile (progs): Add 'bless'.
* sutils/bless.c: New file.
|
|
* proc/mgt.c (S_proc_mark_important): Fix checking whether the
receiver is a child of startup.
|
|
* startup/startup.c (frob_kernel_process): Make the kernel a child of
startup, improve error reporting.
|
|
Add a variant to 'pager_create' that allocates memory for the user
hook next to the pager data increasing locality.
* console/pager.c (pager_clear_user_data): Fix type of 'idx', do not
free 'upi'.
(user_pager_create): Use the new function.
* doc/hurd.texi: Document new function.
* ext2fs/pager.c (pager_clear_user_data): Don't free 'upi'.
(diskfs_get_filemap): Use the new function.
* fatfs/pager.c (pager_clear_user_data): Don't free 'upi'.
(diskfs_get_filemap): Use the new function.
* isofs/pager.c (pager_clear_user_data): Don't free 'upi'.
(diskfs_get_filemap): Use the new function.
* libpager/pager-create.c (_pager_create): New generic allocation
function.
(pager_create): Use the new generic function.
(pager_create_alloc): New function.
* libpager/pager.h (pager_create_alloc): New prototype.
|
|
* proc/main.c: Fix references to the startup server in code and
comments.
* proc/mgt.c: Likewise.
* proc/msg.c: Likewise.
* proc/proc.h: Likewise.
|
|
* pfinet/socket-ops.c (S_socket_recv): Unmap data on error.
|
|
* trans/crash.c (S_crash_dump_task): Fix error handling.
|
|
The descriptor is valid, it is just the mode which is not available.
* console-client/kbd-repeat.c (repeater_select): Drop SELECT_URG flag from
`type'. Return 0 instead of EINVAL if `type' contains SELECT_WRITE.
* console-client/pc-mouse (repeater_select): Likewise.
* trans/mtab.c (trivfs_S_io_select): Return 0 instead of EBADF when the
openmodes do not match the requested modes in `type'.
* trans/new-fifo.c (io_select_common): Likewise.
* trans/fifo.c (io_select_common): Likewise.
* trans/null.c (trivfs_S_io_select): Likewise.
* trans/streamio.c (io_select_common): Likewise.
|
|
Previously, 'task', 'core_file', and 'ctty_id' were not deallocated if
crash was configured to write core files, and 'ctty_id' was leaked if
the crashing task was suspended. This lead to resources not being
released in the kernel, the filesystem, and the terminal subsystem,
and could very well be responsible for making the Debian/Hurd shutdown
hang.
* trans/crash.c (S_crash_dump_task): Properly deallocate 'task',
'core_file', and 'ctty_id'.
|
|
* nfs/cache.c (netfs_node_norefs): Do not re-acquire a reference to
np. This worked previously, but the new reference counting primitives
consider this a use after free. A reference is really not necessary
here, we are about to deallocate np anyway.
Amends 5eef605e.
|
|
* libpipe/pipe.c (pipe_send): Set value pointed to by amount to 0 if
if nothing is written.
|
|
* mach-defpager/kalloc.c (realloc_hook, memalign_hook): New functions.
(init_hook): Set __realloc_hook to realloc_hook and __memalign_hook to
memalign_hook.
|
|
This reverts commit 8c49801c8f7e3f800cabedf8fca8ccec3cf35a22.
The malloc hook is needed for calloc.
|
|
This reverts part of commit 05c3ffac543052c8d0b171a5f77bb977d5316a61. These
type casts are no longer needed after the commit
e914bfc3d6e5ddf6f8c5e93a4334873a48a24ddf changes.
* exec/elfcore.c: Revert type casts added in commit
05c3ffac543052c8d0b171a5f77bb977d5316a61.
|
|
Commit e914bfc3d6e5ddf6f8c5e93a4334873a48a24ddf made <sys/procfs.h>
Autoconf/configure tests change as follows:
checking sys/procfs.h usability... [-yes-]{+no+}
checking sys/procfs.h presence... yes
{+configure: WARNING: sys/procfs.h: present but cannot be compiled+}
{+configure: WARNING: sys/procfs.h: check for missing prerequisite headers?+}
{+configure: WARNING: sys/procfs.h: see the Autoconf documentation+}
{+configure: WARNING: sys/procfs.h: section "Present But Cannot Be Compiled"+}
{+configure: WARNING: sys/procfs.h: proceeding with the compiler's result+}
checking for sys/procfs.h...[-yes-]{+no+}
[-checking for prstatus_t in sys/procfs.h... no-]
[-checking for prstatus32_t in sys/procfs.h... no-]
[-checking for prstatus_t.pr_who in sys/procfs.h... no-]
[-checking for prstatus32_t.pr_who in sys/procfs.h... no-]
[-checking for pstatus_t in sys/procfs.h... yes-]
[-checking for pxstatus_t in sys/procfs.h... no-]
[-checking for pstatus32_t in sys/procfs.h... no-]
[-checking for prpsinfo_t in sys/procfs.h... no-]
[-checking for prpsinfo_t.pr_pid in sys/procfs.h... no-]
[-checking for prpsinfo32_t in sys/procfs.h... no-]
[-checking for prpsinfo32_t.pr_pid in sys/procfs.h... no-]
[-checking for psinfo_t in sys/procfs.h... yes-]
[-checking for psinfo_t.pr_pid in sys/procfs.h... yes-]
[-checking for psinfo32_t in sys/procfs.h... no-]
[-checking for psinfo32_t.pr_pid in sys/procfs.h... no-]
[-checking for lwpstatus_t in sys/procfs.h... yes-]
[-checking for lwpxstatus_t in sys/procfs.h... no-]
[-checking for lwpstatus_t.pr_context in sys/procfs.h... no-]
[-checking for lwpstatus_t.pr_reg in sys/procfs.h... yes-]
[-checking for lwpstatus_t.pr_fpreg in sys/procfs.h... yes-]
[-checking for win32_pstatus_t in sys/procfs.h... no-]
That is because of:
$ echo '#include <sys/procfs.h>' | gcc -x c - -o /dev/null -S
In file included from <stdin>:1:0:
/usr/include/sys/procfs.h:66:3: error: unknown type name ‘vm_address_t’
vm_address_t pr_argv; /* Original argument vector address. */
^
/usr/include/sys/procfs.h:67:3: error: unknown type name ‘vm_address_t’
vm_address_t pr_envp; /* Original environment vector address. */
^
* include/sys/procfs.h: Include <mach/std_types.h> to make file self-contained
again.
|
|
Previously, pagers had no reference for being part of a node, only for
having a send right made for them. Hence we sometimes saw
use-after-free errors if the kernel did give up that send right,
typically while deleting files. Keep a weak reference as long as the
pager is referenced by a node.
* ext2fs/pager.c (pager_clear_user_data): Assert that 'pager' has been
NULLed.
(pager_dropweak): Drop the weak reference and NULL 'pager'.
(diskfs_get_filemap): Simplify. Acquire a weak reference.
|
|
* libdiskfs/dir-rmdir.c (diskfs_S_dir_rmdir): Initialize 'np'.
|
|
* libdiskfs/io-restrict-auth.c (diskfs_S_io_restrict_auth): Do not
lock the associated node. No operation here needs synchronization.
* libnetfs/io-restrict-auth.c (netfs_S_io_restrict_auth): Likewise.
|
|
* utils/settrans.c (OPT_STACK): New macro.
(options): New option.
(main): Handle new option.
(open_node): Use different flags for the lookup of the underlying
node.
|
|
* libnetfs/dir-lookup.c (netfs_S_dir_lookup): Treat a shadow_root with
null shadow_root_parent as a "virtual root".
Analog to 6875a586.
|
|
* libdiskfs/dir-lookup.c (short_circuited_callback1): Move function to
libfshelp.
(diskfs_S_dir_lookup): Use the function from libfshelp instead.
* libdiskfs/fsys-getroot.c (diskfs_S_fsys_getroot): Adapt accordingly.
* libdiskfs/trans-callback.c (_diskfs_translator_callback2_fn): Likewise.
* libfshelp/fetch-root.c (fshelp_short_circuited_callback1): New function.
* libfshelp/fshelp.h (struct fshelp_stat_cookie): New definition.
(fshelp_short_circuited_callback1): New prototype.
* libnetfs/dir-lookup.c (short_circuited_callback1): Drop function.
(netfs_S_dir_lookup): Use the function from libfshelp instead.
* libnetfs/fsys-getroot.c (netfs_S_fsys_getroot): Adapt accordingly.
* libnetfs/trans-callback.c (_netfs_translator_callback2_fn): Likewise.
|
|
* libdiskfs/dir-lookup.c (diskfs_S_dir_lookup): Rename identifiers to
be more idiomatic and closer to libnetfs and the interface
specification. Massage the code so that it aligns closer with the
dir_lookup server function in libnetfs. It should not change the
behavior.
|
|
* libnetfs/dir-lookup.c (netfs_S_dir_lookup): Rename 'diruser' to
'dircred'.
|
|
* libnetfs/dir-lookup.c (netfs_S_dir_lookup): Rename 'error' to 'err'.
|
|
* mach-defpager/default_pager.c (default_pager_thread): Fix panic
invocation.
|
|
* configure.ac (AC_INIT): Set version to 0.8.
* NEWS: Finalize for 0.8.
|
|
Changes missing from commit c9c29eb890527fe68900e4a0af7c2df9a9fa5b40.
* console-client/Makefile (%.so.$(hurd-version)): Use $(lpath) instead of
$(rpath)
* libstore/Makefile (libstore_%.so.$(hurd-version)): Likewise.
|
|
Fixes b04364bc. Thanks to Esa Peuha for spotting this.
* startup/startup.c (run): Fix blunder.
|
|
* libihash/ihash.c (hurd_ihash_locp_add): Also replace tombstones.
|
|
* libihash/ihash.c (hurd_ihash_locp_find): Set SLOT to NULL if the
hash table has not been allocated.
|
|
Amends d18ea50e.
* libtrivfs/fsys-getroot.c: When the user is privileged, make a
verbatim copy of the real node instead of making an auth-restricted
copy.
|
|
* trans/crash.c: Include <assert.h>.
|