Introduce reference counters for SysV semaphores to fix the context
switch use-after-free after tsleep in sys_semget().
sys___semctl() has no such problems, because we do complete reload and
re-check of semaphore stuff, however I like to replace all of them
with the only "semaptr != sema[ix]" check. The semaphore was changed, go
to the beginning of sys___semctl() and acquire it again.
Note, seminfo.semmni only grows, so even if `sema' array was
re-allocated, the sema[ix] is still valid.
"go for it" from deraadt
devel/*/gdb: unbreak build with llvm22 and revert prior workaround
LLVM 22 has changed -Wenum-constexpr-conversion into a hard error.
Revert the workaround introduced for LLVM 16 and replace idiom that
results in undefined behavior.
ok tb@
MFC: Update to Crypt::OpenSSL::RSA 0.41, tested by henning
Attacks on the Marvin attack were too aggressive and 0.35 disabled the
widely used PKCS#1 v1.5 padding outright, when only decryption is
problematic due to the padding oracle. Signing is fine and required for
many things, among other things TLS and DNSSEC.
Version 0.35 disabled PKCS#1 v1.5 padding entirely to mitigate the
Marvin attack. However, the Marvin attack only affects PKCS#1 v1.5
decryption (padding oracle), not signatures. Version 0.38 re-enables
use_pkcs1_padding() for use with sign() and verify(), while keeping it
disabled for encrypt() and decrypt(). PKCS1_OAEP should be used for
encryption and either PKCS1_PSS or PKCS1 can be used for signing.
https://metacpan.org/pod/Crypt::OpenSSL::RSA#SECURITY
bin/ksh: preserve tildes in completion
Keep leading tilde expressions in the command line after file
completion. Expanding ~user to pw_dir during editing bakes the result of
an early passwd lookup into the command line; if the account changes
before the command is executed, the command uses a stale pathname
instead of the current ~user expansion.
Completion still performs the lookup needed to enumerate pathname
matches, but rewrites matches back to the spelling the user typed and
does not leave a completion only lookup in the homedir cache.
Also complete bare ~user prefixes from the passwd database, so ~us[TAB]
can become ~user before pathname completion continues.
Preserving tilde is the default behaviour.
OK: deraadt@
mboxgrep: fix build with llvm22
gzFile is a pointer type, so it should be used, not gzFile *. It is also
not equivalent to FILE *, so undo some incorrect fixes from prior compiler
updates.
Tighten up read-only checks on attach-session, detach-client and
switch-client so that a user should be able to only detach their own
client. Reported by John Walker.
