Use \- for hyphens in tmux.1 to cause newer groff versions to render
them correctly (ASCII hyphen rather than Unicode) which aids copy and
paste. From Keith Thompson in GitHub issue 4948.
In the namei callback for __pledge_open() invert the logic of checking
pledge/namei modes and then checking for the path. Now, first
identify the path with array bsearch then check the pledge/namei modes.
Since this is __pledge_open(), if the path is not known, terminate with
an EACCES abort. If the path is known but the pledge/namei modes don't
suggest an unveil bypass, allow the code to fallthrough to the rpath/wpath
checks, and then back into namei for unveil validation.
ok dgl
dt: Deny enabling probes after recording starts
Enabling more probes after recording starts using the DTIOCRECORD ioctl
only puts these probes onto the ds_pcbs list, but not on the dtp_pcbs.
Stopping the recording afterwards crashes.
Do not allow to add more probes after recording started. For symmetry,
also do not allow to remove probes either.
ok mpi@
Reported-by: syzbot+1ee7b3d649b3fd543300 at syzkaller.appspotmail.com
Stop allowing stat("/etc/hosts") in pledge "dns".
Only libc can read /etc/hosts under pledge "dns" now, so stat() succeeding
based on the pledge is misleading.
ok deraadt
psignal(3): align the type of the signal parameter with POSIX
POSIX uses an int for the signal number instead of an unsigned int. NetBSD
made this change in 2010 and FreeBSD made this change in 2016. Follow suit
with the other BSDs and match what POSIX specifies.
This should not have an impact on the ABI and therefore no bump is needed.
Flagged by Sortix os-test.
ok deraadt@, millert@
Add special handling of TEST_SSH_HOSTBASED_AUTH=setupandrun.
This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable
hostbased authentication to/from itself and run the hostbased tests. It
won't undo these changes, so don't do this on a system where this matters.
Declare font media types as specified in RFC 8081.
application/vnd.oasis.opendocument.formula-template is now associated
with the file extension odft rather than otf.
ok tb@
clarify that Authorized(Keys|Principals)(File|Command) are only
consulted for valid users.
clarify that TOKENS are expanded without sanitisation or escaping
and that it's the user's reponsibility to ensure their usage is
safe.
prompted by bz3936; feedback/ok deraadt@
Protect IGMP and MLD6 fast timer with rwlock.
Multicast interface addresses for IPv4 and IPv6 get their own per
interface lock. Protect the TAILQ if_maddrlist with rwlock
if_maddrlock. Also struct in_multi and in6_multi use this lock for
their state and timer. Sleeps in malloc(9) are possible. Run IGMP
and MLD6 fast timeout with shared instead of exclusive net lock.
To prevent calling ip_output() or ip6_output() while holding the
multicast lock, delay igmp_sendpkt() and mld6_sendpkt(). All
information that is needed to create and send a multicast packet
is stored in igmp_pktinfo or mld6_pktinfo. If necessary, multiple
pktinfo are queued. After the lock has been released, packes are
sent based on pktinfo.
OK mvs@
Found another deeply hidden open /dev/null O_RDWR which was happening
in awk -safe mode. Reproducer is awk -safe '{ close("/dev/stdin"); }
Rerrange the pledges and unveils to make it work.
ok millert dgl
