| Age | Commit message (Collapse) | Author |
|---|
|
* boot/boot.c (OPT_BOOT_SCRIPT): New macro.
(options): Add flag '--boot-script'.
(args_doc): Do not expect the script as positional argument.
(parse_opt): Handle new flag, do not expect the script as positional
argument.
(read_boot_script): New function.
(default_boot_script): New variable containing a boot script capable
of booting contemporary Hurd systems.
(main): Use the new function to read the boot script, or fall back to
using the builtin one.
|
|
Previously, boot handed privileged kernel ports to Subhurds. This
made boot unusable for unprivileged users, and allowed Subhurds to
wreak havoc on the whole system. Fix this by handing out pseudo ports
instead of the privileged ports.
* NEWS: Update.
* boot/Makefile (MIGSTUBS): Build stubs for the new kernel interfaces.
(MIGSFLAGS): Include mutation file.
(HURDLIBS): Link against libihash.
* boot/boot.c (privileged, want_privileged): New variables.
(pseudo_privileged_host_port): New variable.
(pseudo_pset, pseudo_kernel): Likewise.
(task_notification_port): Likewise.
(dead_task_notification_port): Likewise.
(boot_demuxer): Handle new protocols.
(OPT_PRIVILEGED): New macro.
(options): Add flag '--privileged' to enable the old mode.
(parse_opt): Handle new flag.
(allocate_pseudo_ports): New function.
(main): Handle new flag. If not running privileged, allocate more
pseudo ports to hand out in place of privileged kernel ports, create a
task namespace, and a task that the Subhurd can frob instead of the
real kernel task.
(do_mach_notify_dead_name): Handle dying tasks.
(S_vm_set_default_memory_manager): New function.
(S_host_reboot): Likewise.
(S_host_processor_set_priv): Likewise.
(S_register_new_task_notification): Likewise.
(task_ihash_cleanup): Likewise.
(task_ihash): New variable.
(task_died): New function.
(S_mach_notify_new_task): Likewise.
(S_processor_set_tasks): Likewise.
* boot/mig-decls.h: New file.
* boot/mig-mutate.h: Likewise.
|
|
* boot/boot.c (host_exit): Make it a function and restore the terminal state.
|
|
* boot/boot.c (useropen, load_image, boot_script_exec_cmd): Move...
* boot/userland-boot.c: ... here.
|
|
* boot/boot.c (boot_script_exec_cmd): Quote arguments containing
spaces.
|
|
* boot/userland-boot.c (boot_script_insert_right): Use the smallest
possible name instead of the local name.
|
|
* startup/startup.c (dump_processes): New function.
(frob_kerne_process): Use the new function.
|
|
Thanks Agustina Arzille for the report
* ext2fs/ext2fs.h (global_lock, modified_global_blocks_lock): Declare
extern
* ext2fs/ext2fs.c (global_lock, modified_global_blocks_lock): Define and
initialize to PTHREAD_SPINLOCK_INITIALIZER.
* libtreefs/xinl.c (treefs_node_refcnt_lock): Likewise.
|
|
* boot/Makefile (COMMON-OBJS): Do not build server stubs for the
bootstrap protocol.
Remove all UX-related variables and targets.
* boot/boot.c: Remove all UX-related definitions and includes.
* boot/frank1.ld: Delete file.
* boot/frankemul.ld: Likewise.
* boot/mach-crt0.c: Likewise.
* boot/sigvec.S: Likewise.
* boot/syscall.S: Likewise.
* boot/ux.c: Likewise.
* boot/ux.h: Likewise.
|
|
* proc/mgt.c (S_mach_notify_new_task): Fix receiver handling, fix port
leak.
* proc/mig-mutate.h: Mutate the task notification protocol.
|
|
* libdiskfs/node-lastref.c: New file
* libdiskfs/Makefile (OTHERSRCS): Add node-lastref.c
* libdiskfs/libdiskfs/node-nput.c (diskfs_nput): Replace last hard reference
code with a call to _diskfs_lastref.
* libdiskfs/node-nrele.c (diskfs_nrele): Likewise.
|
|
Follow-up on 5ab5d98fa515cd19a64e8d5868fcbae85eec9dc5 ('libdiskfs: fix
removal of socket nodes'), for diskfs_nrele.
* libdiskfs/node-nrele.c (diskfs_nrele): Deallocate right to socket
address when cleaning light references.
|
|
So that static linking of e.g. console.static can work.
* libdiskfs/io-stubs.c (diskfs_S_io_readsleep, diskfs_S_io_eofnotify,
diskfs_S_io_postnotify, diskfs_S_io_readnotify): Mark weak.
* libnetfs/fsstubs.c (netfs_S_file_notice_changes, netfs_S_file_getfh,
netfs_S_ifsock_getsockaddr): Likewise.
* libnetfs/fsysstubs.c (netfs_S_fsys_getfile: netfs_S_fsys_getpriv,
netfs_S_fsys_init, netfs_S_fsys_forward, netfs_S_fsys_startup):
Likewise.
* libpager/stubs.c (_pager_S_memory_object_copy,
_pager_S_memory_object_data_write,
_pager_S_memory_object_supply_completed): Likewise.
* libtrivfs/fsys-stubs.c (trivfs_S_fsys_startup, trivfs_S_fsys_getpriv,
trivfs_S_fsys_init, trivfs_S_fsys_getfile): Likewise.
* libtrivfs/io-stubs.c (trivfs_S_io_map_cntl, trivfs_S_io_get_conch,
trivfs_S_io_release_conch, trivfs_S_io_eofnotify, trivfs_S_io_prenotify,
trivfs_S_io_postnotify, trivfs_S_io_readsleep, trivfs_S_io_sigio,
trivfs_S_io_readnotify): Likewise.
|
|
to work around improper handling of getting paged out.
* console/display.c (user_create): Call vm_wire() on the created user data.
|
|
* utils/rpctrace.c: Fix typo.
|
|
Thanks Kalle Olavi Niemitalo for the notice.
* libdiskfs/file-utimes.c (diskfs_S_file_utimes): Call diskfs_set_node_times
before setting node timestamps.
|
|
* libdiskfs/node-nrele.c (diskfs_nrele): Call diskfs_set_node_times when
there are no hard refs any more, like diskfs_nput does.
|
|
* boot/boot.c (main): Ignore EINTR in the loop processing stdin.
|
|
* libports/manage-multithread.c (adjust_priorities): Avoid displaying
error messages if we do not have the privileged processor set port by
treating this error condition like EPERM.
* proc/main.c (increase_priority, main): Likewise.
|
|
* procfs/rootdir.c (rootdir_gc_meminfo): Just omit the swap
information if the default pager is unreachable.
|
|
by fixing the subsystem name into containing _request.
* hurd/auth_request.defs: Set subsystem name to auth_request.
* hurd/io_request.defs: Set subsystem name to io_request.
* hurd/process_request.defs: Set subsystem name to process_request.
|
|
* libfshelp/fetch-control.c (fshelp_fetch_control): Check if the
control port is still alive, or deallocate the dead name, record the
fact in the transbox, and return MACH_PORT_NULL.
|
|
* console-client/trans.c (console_setup_node): Remove 'bootstrap'.
|
|
* ext2fs/ext2fs.h (disk_cache_block_deref): Replace with a macro that
NULLs the given pointer.
(dino_deref): Likewise.
* ext2fs/pager.c (disk_cache_block_deref): Rename.
* ext2fs/pokel.c (pokel_add): Adapt.
(pokel_exec): Likewise.
|
|
* ext2fs/ext2fs.h (sync_global_pointer): Rename 'bptr' so that it
doesn't collide with the macro 'bptr'.
|
|
* trans/crash.c (corefile_template_lock): New variable.
(S_crash_dump_task): Serialize access to 'corefile_template'.
(parse_opt): Likewise. Also strdup the template.
(trivfs_append_args): Serialize access to 'corefile_template'.
|
|
* trans/crash.c (parse_opt): Use empty core file templates to disable
the feature.
|
|
* trans/crash.c (parse_opt): Avoid 'error' in favor of the appropriate
argp error reporting mechanism.
* trans/remap.c (parse_opt): Likewise.
* utils/msgids.c (parse_opt): Likewise.
|
|
* ext2fs/ext2fs.c (options): Disable '--sblock', this has never been
implemented.
(parse_opt): Likewise.
|
|
* libdiskfs/file-set-trans.c (diskfs_S_file_set_translator): When
setting a short-circuited translator, clear the translator record
first. Improve error handling.
This notably fixes a crash in ext2fs when setting a symlink on a node
with an existing translator record.
|
|
* utils/fakeroot.sh (FAKED_MODE): Set to unknown-is-root.
|
|
* random/gnupg-random.c (mix_pool): Store the first hash at the end of
the pool.
--
This fixes a long standing bug (since 1998) in Libgcrypt and GnuPG.
An attacker who obtains 580 bytes of the random number from the
standard RNG can trivially predict the next 20 bytes of output.
The bug was found and reported by Felix Dörre and Vladimir Klebanov,
Karlsruhe Institute of Technology. A paper describing the problem in
detail will shortly be published.
This is a port of c6dbfe89 from the GnuPG classic branch.
CVE-id: CVE-2016-6313
|
|
* init/init.c (main): Run /libexec/runsystem.hurd instead of
/etc/hurd/runsystem.hurd.
|
|
* daemons/runsystem.hurd: Rename to daemons/runsystem.hurd.sh
* daemons/Makefile (targets): Add runsystem.hurd
(special-targets): Likewise.
(runsystem.hurd): New rule, simply depends on runsystem.hurd.sh
|
|
* libfshelp/translator-list.c (translator_ihash_cleanup): Release reference.
(fshelp_set_active_translator): Acquire reference
|
|
* startup/startup.c (launch_something): Always increment TRY even on
success, so that if runsystem unexpectedly returns, we get to try a shell
instead.
|
|
Thanks Brent W. Baccala for the report.
* starpu/startup.c (launch_something): Always increment TRY while looping
over runsystem possibilities.
|
|
Falling back from the io_map method needs to handle the "anywhere" flag too
by updating MAPSTART.
* exec/exec.c (write_to_task): Turn MAPSTART parameter into a reference to
the address. Fix usage accordingly.
(load_section): Pass address of MAPSTART to write_to_task so it can update
it.
|
|
It is just a warning, not a fatal error.
* libdiskfs/init-startup.c (_diskfs_init_completed): Prefix warning about
requesting shutdown nofication with "warning:".
* random/random.c (main): Likewise.
|
|
or called with a small array.
This notably happens when using a sub-exec, see BZ #48919.
* exec/hashexec.c (check_hashbang): Check std_nports before accessing
std_ports.
|
|
|
|
* trans/remap.c (parse_opt): Error out if some path is not absolute.
|
|
It happens that the link script for ld.so contains a hole, which might thus
leave an empty page between the text and the data. When loading a small pic
program, its text would then fit in there, and loading the data right after
it would fail. We here rather force all pic loads to be mapped
contiguously, starting from the place that was allocated for the first pic
load.
* exec/exec.c (load_section): Return the address of the end of the section.
(load): Take the address to be used for loading pic objects as parameter,
force pic objects there if it is not zero, and compute and return the
address to be used for the next pic object.
(do_exec): Pass addresses for pic loads between calls to load().
|
|
This will now display the 'argv: data_t' argument of file_exec
as e.g. "who\0am\0i\0" rather than just "who". In contrast,
the 'file_name: string_t' argument of dir_lookup will still be
truncated at the first null character.
The previous implementation might crash if an out-of-line
char array exactly fills a page and does not contain any
null characters.
* utils/rpctrace.c (print_data): On MACH_MSG_TYPE_STRING and
MACH_MSG_TYPE_CHAR, check for end of buffer before checking for a null
character. On MACH_MSG_TYPE_CHAR only, continue printing past null
characters.
|
|
* mach-defpager/default_pager.c (destroy_paging_partition): Add missing
unlock when destroying partition fails.
|
|
* mach-defpager/default_pager.c (pager_dealloc_page, pager_read_offset,
pager_write_offset, default_read, default_write, destroy_paging_partition,
seqnos_memory_object_terminate, seqnos_memory_object_data_request,
seqnos_memory_object_data_initialize): Fix debugging prints formats.
|
|
It was used long ago, poses problems to readline, and currently conflicts
with TAB1
Thanks Kalle Olavi Niemitalo for the report and rationale
* term/munge.c (output_character): Do not handle OTILDE.
(output_width): Likewise.
* term/term.h (OTILDE): Drop macro definition.
* term/users.c (open_hook): Do not check OTILDE flag.
|
|
Add an option to specify a template used to construct core file names.
This way core files can be collected at a predictable central
location.
* hurd/crash.defs (crash_dump_task): Return EEXIST if the core file
has been written elsewhere.
* trans/crash.c (corefile_template): New variable.
(template_valid): New function.
(template_make_file_name): Likewise.
(S_crash_dump_task): Use the template to construct a name, open the
file, and write the core dump there instead of the handle provided by
the caller.
(argp_option): New option.
(doc): Document the format.
(parse_opt): Handle new option
(trivfs_append_args): Likewise.
|
|
* pflocal/socket.c (S_socket_send): Also test for MSG_DONTWAIT in `flags'
for the `noblock' parameter of pipe_send call.
(S_socket_recv): Likewise for pipe_recv call.
|
|
* sutils/Makefile (progs): Add 'bless'.
* sutils/bless.c: New file.
|
