ZLB-01-002: infinite loop in crc32_combine{,_op}()
zlib.h and our compress(3) manual have documented that len2 in the two
affected APIs must be non-negative for a long time. If you ignore this,
you hang, as a simple test shows. The trivial fix adds a corresponding
check and makes the documentation even more explicit.
ok djm
commit ba829a458576d1ff0f26fc7230c6de816d1f6a77
Author: Mark Adler <git at madler.net>
Date: Sun Dec 21 18:17:56 2025 -0800
Check for negative lengths in crc32_combine functions.
Though zlib.h says that len2 must be non-negative, this avoids the
possibility of an accidental infinite loop.
If ksh is not interactive, do not initialize curses. Instrumentation
showed that during a typical build process the terminfo file was being
opened (and parsed) a gazilion times.
diagnosed with matthieu, ok millert
Set User-Agent for HTTP healthchecks
Joel Carnat (Thanks) notice that GoToSocial does not like it when we sent
no User-Agent and returns an HTTP/418.
Lloyd pointed to use RELAYD_SERVERNAME instead hardcoded "relayd"
OK sthen, claudio (diff without RELAYD_SERVERNAME)
Unveil fix for traversing up at a mount point in vfs_lookup.
This fixes an issue where we could use the wrong unveil
when we had a path starting with a .. starting from a directory
that was a mount point, and also was unveiled.
The fix ensures we remember traversing the unveil before
descending into the underlying filesystem.
fix by semarie@ with testing by me and deraadt@ and others
from beck@; ok deraadt@
this is errata/7.7/025_unveil_mount.patch.sig
Unveil fix for traversing up at a mount point in vfs_lookup.
This fixes an issue where we could use the wrong unveil
when we had a path starting with a .. starting from a directory
that was a mount point, and also was unveiled.
The fix ensures we remember traversing the unveil before
descending into the underlying filesystem.
fix by semarie@ with testing by me and deraadt@ and others
from beck@; ok deraadt@
this is errata/7.8/019_unveil_mount.patch.sig
In tzpath_ok(), also reject a path ending in "/..". This replaces
strstr() with a loop that matches embedded ".." path elements as
well as leading and trailing ones. OK tb@
sys/iwx: support powersave
This diff enables power save by default for iwx by setting
IEEE80211_F_PMGTON (and IEEE80211_C_PMGT), and makes iwx react to
SIOCS80211POWER by switching between PM (level 3) and CAM at runtime.
OK: stsp@
Unveil fix for traversing up at a mount point in vfs_lookup.
This fixes an issue where we could use the wrong unveil
when we had a path starting with a .. starting from a directory
that was a mount point, and also was unveiled.
The fix ensures we remember traversing the unveil before
descending into the underlying filesystem.
fix by semarie@ with testing by me and deraadt@ and others
ok deraadt@
improve the "No changes need to be saved" check
Instead of checking for the BFCHG flag in buffsave(), bubble it up to
filesave(), which is the interactive function. This avoids prompting
for a filepath for e.g. when attempting to save the *scratch* buffer.
The only other place where buffsave() is called, anycb in buffer.c is
already guarding for a set file name and the BFCHG flag.
Initial diff from Han Boetes (hboetes at gmail), tweaked by me.
pledge "tmppath" goes away because it sucks. The history is kind of
sad: unveil(2) was invented by Bob Beck and myself because a couple
of us struggled and couldn't expand the "tmppath" mechanism to general use.
unveil(2) ended up being kind of "upside down" different, and so we never
deleted "tmppath" because the refactorings seemed complicated.
However over the last two weeks, we're removed all the "tmppath" in base
pretty easily, and the 18 ports using it have also been fixed.
The majority of situations now use unveil "/tmp" "rwc", unveil "/" "r" or
similar, and then pledge "rpath wpath cpath", and this is generally needed
to satisfy the mkstemp(3) family of functions in libc.
Use of "tmppath" will now cause pledge(2) to return EINVAL. There is
no backwards compatible way of mimic the behaviour correctly using
kernel-internal unveil hackery.
Prompted by a report from David Leadbeater; and extensive conversations
with beck and semarie.
from deraadt@
Stop the canonicalization of the path in pledge_namei() callback since
we know is providing strictly normalized paths, and it leads to a subtle
[17 lines not shown]
pledge "tmppath" goes away because it sucks. The history is kind of
sad: unveil(2) was invented by Bob Beck and myself because a couple
of us struggled and couldn't expand the "tmppath" mechanism to general use.
unveil(2) ended up being kind of "upside down" different, and so we never
deleted "tmppath" because the refactorings seemed complicated.
However over the last two weeks, we're removed all the "tmppath" in base
pretty easily, and the 18 ports using it have also been fixed.
The majority of situations now use unveil "/tmp" "rwc", unveil "/" "r" or
similar, and then pledge "rpath wpath cpath", and this is generally needed
to satisfy the mkstemp(3) family of functions in libc.
Use of "tmppath" will now cause pledge(2) to return EINVAL. There is
no backwards compatible way of mimic the behaviour correctly using
kernel-internal unveil hackery.
Prompted by a report from David Leadbeater; and extensive conversations
with beck and semarie.
from deraadt@
Stop the canonicalization of the path in pledge_namei() callback since
we know is providing strictly normalized paths, and it leads to a subtle
[17 lines not shown]
make iwx_read_firmware() error out if IWX_NUM_UCODE_TLV_CAPA is too small
The driver would attempt to load an incomplete firmware image if
this check failed. Make the driver report a proper error instead.
ok tb@ phessler@
Unbreak compiles with IEEE80211_DEBUG defined.
In ieee80211_recv_probe_resp() the code to print probe responses should be
called after ieee80211_find_node() and is_new should be used instead of
checking for ni == NULL.
OK stsp@
Add support for MCC update firmware response v4 to iwx(4).
This will be needed to support BZ devices.
ok kettenis@ phessler@
Tested:
AX210 (MA): kettenis
AX211: phessler
AX211 (BZ): stsp
In tzpath_ok(), also reject a path ending in "/..". This replaces
strstr() with a loop that matches "/../" in the name as well as
"/.." at the end. OK deraadt@
