Return statically built addresses when hostname == NULL It always
returns IPv4 and IPv6 addresses when hostname == NULL; previously, it
returned only the address of the selected address family defined by
"family" in resolv.conf.
ok florian
x509_vfy: sync get_crl_sk() with BoringSSL and OpenSSL
Among CRLs with the same score prefer the one with the most recent
lastUpdate (RFC 5280 thisUpdate). This pulls in OpenSSL commits
626aa248, e032117d, 8b7c51a0 from 2016, so before the license change.
This uses the annoying ASN1_TIME_diff() API, but there is no better
way, really. Every other ASN1_TIME API will be just as awkward.
This fixes the currently failing x509_crl test cases.
ok kenjiro
Make getaddrinfo(3) check hnok_lenient() earlier.
r1.60 added special handling for localhost names; this was done before the
hnok_lenient() check, ensure this validation applies to localhost names too.
ok florian
vmd(8): prevent OOB reads in 32 and 64-bit ELF loaders.
Malformed ELF files could cause reading past section-headers.
For ELF64 files, malformed section metadata could cause out of bound
reads of heap allocated buffers.
Reported by Frank Denis.
Discussed with and "go for it" from mlarkin@
Add nicer dark and light colour sets (themes) used on terminals with 256
or more colours. Currently based these on emacs but they could change.
Terminals with fewer colours use the ANSI colours. A new "theme" option
overrides the detected theme (set to "terminal" to go back to ANSI
colours).
Do not silently truncate result of dname_expand.
This can only happen if the caller provides a buffer that's too
small. All current callers provide a buffer of size MAXDNAME, which is
large enough in all cases, otherwise dname_check_label would error out.
Found by me and independently by Andrew Griffiths.
OK deraadt, tb
vmd(8): prevent virtio scsi DoS from bad descriptor length.
A guest can construct a looping, zero-length descriptor chain that
spins forever when processing a READ_10 command. Check for zero
length scenario and abort the read with a warning.
Reported by Frank Denis.
Discussed with and "go for it" from mlarkin@
vmd(8): reject invalid PIT periods causing UB.
A guest can write values to Register A that results in a negative
shift exponent when computing the resulting timer rate. Detect and
ignore values to prevent UB from negative shift.
Reported by Frank Denis.
Discussed with and "go for it" from mlarkin@
vmd(8): fix fw_cfg leak of file directory buffer.
FW_CFG_FILE_DIR selector requests leak file directory buffers.
Repeated requests from guests can exhaust vmd process memory.
Reported by Frank Denis.
Discussed with and "go for it" from mlarkin@
ospfd(8) must be more paranoid about what it sends
to its peers using IPC messages (see imsg_add(3)).
The data passed between processes must not leak
information on memory address layout from process.
The process must be sending to its peers either data which
are needed or, if taking a shortcut, zeroize fields
which carry pointer (memory addresses) from process.
The issue has been reported by students
from British Columbia University earlier this year.
The fix includes generous feedback from claudio@
OK claudio@
Major rework of prompts. The basic prompt mechanics (draw, editing, etc)
are now wrapped up in prompt*.c and do not depend on a client. These
functions are used to provide the original client prompt but also to
allow panes to have their own prompts, which works much much better for
floating panes. The mode prompts for both the tree modes and copy mode
are switched over to be per pane.
There are some visible changes (some of these may be changed if they
don't seem to be working well):
- Prompts in modes now appear in the bottom line, covering whatever
content was there.
- command-prompt has a -P flag to open a pane prompt.
- Because they cover the content, the default style for prompts in modes
now does not fill the entire line; the main command prompt stays the
same.
[5 lines not shown]
Initialize uvm_maxkaddr to VM_MIN_KERNEL_ADDRESS. This fixes a problem
where uvm_map() with the UVM_FLAG_FIXED flag would miscalculate the amount
to grow the kernel pmap if uvm_maxkaddr was still zero, which happens on
amd64 (and possibly other architectures that use PMAP_STEAL_MEMORY). This
would result in the kernel pmap growing to its maximum which would consume
all memory on small memory machines now that we've given amd64 512G of KVA.
ok deraadt@
Always untrace traced children even when they're exiting. But do skip
sending them a SIGKILL. This prevents triggering a KASSERT in a convuluted
scenario reported by Yuxiang Yang.
"looks right" deraadt@
ok claudio@
rpki-client: add some signed object boilerplate
This adds new/free/obj functions and introduces struct signed_obj
containing the handlers. Pass signtime and der_len into the new()
function for now and rewrite *_parse() using that.
discussed with claudio
ok job
