Pull up following revision(s) (requested by riastradh in ticket #2026):
sys/dev/mm.c: revision 1.26
mm(4): Only grant kva exposure if user opens /dev/kmem.
Don't apply the same to /dev/null, /dev/zero, or anything else.
PR kern/60374: opening /dev/null exposes kva
Pull up following revision(s) (requested by riastradh in ticket #1296):
sys/dev/mm.c: revision 1.26
mm(4): Only grant kva exposure if user opens /dev/kmem.
Don't apply the same to /dev/null, /dev/zero, or anything else.
PR kern/60374: opening /dev/null exposes kva
Pull up following revision(s) (requested by riastradh in ticket #352):
sys/dev/mm.c: revision 1.26
mm(4): Only grant kva exposure if user opens /dev/kmem.
Don't apply the same to /dev/null, /dev/zero, or anything else.
PR kern/60374: opening /dev/null exposes kva
Pull up following revision(s) (requested by riastradh in ticket #2025):
sys/compat/netbsd32/netbsd32_socket.c: revision 1.57
compat32: Fix accidental use of error branch in recvmsg(2).
Avoids use-after-free / double-free.
PR kern/60373: compat32: kernel use-after-free in recvmsg
Pull up following revision(s) (requested by riastradh in ticket #1295):
sys/compat/netbsd32/netbsd32_socket.c: revision 1.57
compat32: Fix accidental use of error branch in recvmsg(2).
Avoids use-after-free / double-free.
PR kern/60373: compat32: kernel use-after-free in recvmsg
Pull up following revision(s) (requested by riastradh in ticket #351):
sys/compat/netbsd32/netbsd32_socket.c: revision 1.57
compat32: Fix accidental use of error branch in recvmsg(2).
Avoids use-after-free / double-free.
PR kern/60373: compat32: kernel use-after-free in recvmsg
Pull up following revision(s) (requested by riastradh in ticket #2024):
sys/modules/lua/lua.c: revision 1.29
distrib/sets/lists/tests/mi: revision 1.1422
tests/kernel/t_lua.c: revision 1.1
etc/MAKEDEV.tmpl: revision 1.239
distrib/sets/lists/debug/mi: revision 1.514
tests/kernel/Makefile: revision 1.97
sys/sys/lua.h: revision 1.10
MAKEDEV: Set default perms on /dev/lua to 0600.
Otherwise unprivileged users can submit Lua code into the kernel, if
lua.kmod is loaded (which doesn't happen by default, not even
autoloaded on demand).
PR misc/60375: lua.kmod enables local privilege escalation
lua(4): Fix and test some issues.
[16 lines not shown]
Pull up following revision(s) (requested by riastradh in ticket #1294):
sys/modules/lua/lua.c: revision 1.29
distrib/sets/lists/tests/mi: revision 1.1422
tests/kernel/t_lua.c: revision 1.1
etc/MAKEDEV.tmpl: revision 1.239
distrib/sets/lists/debug/mi: revision 1.514
tests/kernel/Makefile: revision 1.97
sys/sys/lua.h: revision 1.10
MAKEDEV: Set default perms on /dev/lua to 0600.
Otherwise unprivileged users can submit Lua code into the kernel, if
lua.kmod is loaded (which doesn't happen by default, not even
autoloaded on demand).
PR misc/60375: lua.kmod enables local privilege escalation
lua(4): Fix and test some issues.
[16 lines not shown]
Pull up following revision(s) (requested by riastradh in ticket #350):
sys/modules/lua/lua.c: revision 1.29
distrib/sets/lists/tests/mi: revision 1.1422
tests/kernel/t_lua.c: revision 1.1
etc/MAKEDEV.tmpl: revision 1.239
distrib/sets/lists/debug/mi: revision 1.514
tests/kernel/Makefile: revision 1.97
sys/sys/lua.h: revision 1.10
MAKEDEV: Set default perms on /dev/lua to 0600.
Otherwise unprivileged users can submit Lua code into the kernel, if
lua.kmod is loaded (which doesn't happen by default, not even
autoloaded on demand).
PR misc/60375: lua.kmod enables local privilege escalation
lua(4): Fix and test some issues.
[16 lines not shown]
Pull up following revision(s) (requested by nia in ticket #349):
crypto/external/bsd/openssh/dist/sshd-auth.c: revision 1.7
sshd(8): Restore rlimit sandbox from portable openssh.
This is used as an alternative to pledge sandboxing.
PR security/60367
pmap(9): Clarify obligations around pmap_update.
Note: pmap_kenter_pa does not specify for now, because there is still
some disagreement over what the rule SHOULD be, and current usage is to
use pmap_update.
Prompted by:
PR kern/60377: x86 cpu_uarea_alloc: pmap_update before freeing
redzone pages
Part of fix for PR lib/58282
Redo the logic for erasing lines when we have the capability, it was
broken and caused blanks to be written when clearing the screen instead
which caused thrashing and large outputs.
Part of fix for PR lib/58282
Force the type of the hash to be an unsigned int, the PJW hash was
written expecting 32bit integers so ensure this is so.
Also, don't hash NULL bytes, they mess up the hashing which, in turn,
messes up quickch().
Be truly pedantic about UTF-8 encodings
If we're not going to be accepting "legacy" UTF-8
(5 and 6 byte encodings for code points >= 0x00200000 which the
standards don't allow, as they won't fit in UTF-16) then we
certainly should never be able to generate them, and even more
should certainly be pedantic about not allowing the various
forms of mis-coded strings for which there is no justification
but have been known to be used to attempt to violate security.
This, I believe, now enforces all the current restrictions, eg,
it will no longer be possible to encode ascii in 2 bytes (0xc0 '.')
and similar, the shortest legal encoding is all that will be
accepted (and all that will be generated, but that was always true).
It is quite possible that this will break things, probably many
tests, as now random garbage won't be accepted as valid, things
must be properly encodedd.
Pull up following revision(s) (requested by riastradh in ticket #348):
usr.sbin/npf/npftest/libnpftest/npf_rid_test.c: revision 1.4
adjust to holding the softnet_lock now that the kernel has changed to not do it.
