Re: svn commit: r277487 - in head/sys: dev/drm2 dev/drm2/i915 dev/drm2/radeon modules/drm2/i915kms

On Wed, 2015-01-21 at 16:10 +, Konstantin Belousov wrote: Author: kib Date: Wed Jan 21 16:10:37 2015 New Revision: 277487 URL: https://svnweb.freebsd.org/changeset/base/277487 Log: An update for the i915 GPU driver, which brings the code up to Linux commit 4d93914ae3db4a897ead4b.

Re: svn commit: r278927 - head/sys/dev/random

On Tuesday, February 17, 2015 08:06:32 PM Shawn Webb wrote: On Tuesday, February 17, 2015 11:14:26 PM John-Mark Gurney wrote: Author: jmg Date: Tue Feb 17 23:14:26 2015 New Revision: 278927 URL: https://svnweb.freebsd.org/changeset/base/278927 Log: Fix a bug where this function

Re: svn commit: r278927 - head/sys/dev/random

On Tuesday, February 17, 2015 11:14:26 PM John-Mark Gurney wrote: Author: jmg Date: Tue Feb 17 23:14:26 2015 New Revision: 278927 URL: https://svnweb.freebsd.org/changeset/base/278927 Log: Fix a bug where this function overflowed it's buffer... This was causing ZFS panics on boot...

Re: svn commit: r275619 - head/sys/kern

On Monday, December 08, 2014 04:42:35 PM Konstantin Belousov wrote: Author: kib Date: Mon Dec 8 16:42:34 2014 New Revision: 275619 URL: https://svnweb.freebsd.org/changeset/base/275619 Log: When getnewbuf_reuse_bp() is called to reclaim some (clean) buffer, the vnode owning the

Re: svn commit: r281959 - head/usr.bin/whois

On Sat, 2015-04-25 at 16:51 +0200, Joerg Sonnenberger wrote: On Sat, Apr 25, 2015 at 12:51:44AM +, Xin LI wrote: Attempt to connect to alternate addresses if the connect doesn't succeed in 180ms, and cut wait time between connection attempts in half for each additional, if no

Re: svn commit: r281178 - head/sys/boot/forth

lattera = Shawn Webb from HardenedBSD = me ;) Thanks, Shawn signature.asc Description: This is a digitally signed message part

Re: svn commit: r283151 - head

On Wed, 2015-05-20 at 20:01 +0300, Andriy Gapon wrote: On 20/05/2015 16:04, Garrett Cooper wrote: Author: ngie Date: Wed May 20 13:04:00 2015 New Revision: 283151 URL: https://svnweb.freebsd.org/changeset/base/283151 Log: cddl/lib/libctf isn't always a requirement for

Re: svn commit: r284436 - head/contrib/sendmail/src

of 2048 bits. If upstream will be using 2048 bits, why not simply use that? -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: This is a digitally signed message part

Re: svn commit: r286027 - in head/sys: netinet sys

Sponsored by: Norse Corp, Inc. Does this commit need to be MFC'd to stable/10? Or is this only for HEAD? Thanks, -- Shawn Webb HardenedBSD GPG Key ID:0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description

Re: svn commit: r286337 - head/sys/contrib/dev/ath/ath_hal/ar9300

one less bug. Reported by:Berislav Purgar bpur...@gmail.com Modified: head/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_misc.c Hey Adrian, Can this be MFC'd? Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486

Re: svn commit: r289310 - vendor-sys/illumos/dist/common/zfs vendor-sys/illumos/dist/uts/common vendor-sys/illumos/dist/uts/common/crypto vendor-sys/illumos/dist/uts/common/crypto/io vendor-sys/illumo

pport with that? HardenedBSD has a feature called Integriforce, which allows us to validate executables against a pre-computed list of hashes loaded into the kernel. It'd be extremely nice to add support for these other hashing algorithms. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE pgpcBuNS7uJTp.pgp Description: PGP signature

Re: svn commit: r285422 - in head: share/man/man4 sys/conf sys/dev/random sys/net sys/netgraph

-tests/1177/console We're seeing this error in HardenedBSD, too. -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: This is a digitally signed message part

Re: svn commit: r287394 - head/etc

rt > } > > +pccard_ether_startchildren() > +{ > + for child in `get_if_var $ifn wlans_IF`; do > + /etc/rc.d/netif quietstart $child > + done > +} > + > +pccard_ether_stopchildren() > +{ > + for child in `get_if_var $ifn wlans_IF`; do >

Re: svn commit: r292772 - head/sys/vm

> K> > K> Log: > K> Add missed relpbuf() for a smallfs page-in. > K> > K> Reported by: Shawn Webb > K> Tested by: pho > K> Sponsored by:The FreeBSD Foundation > K> > K> Modified: &g

Re: svn commit: r292436 - head/sys/geom/sched

an sleep */ > - sc = malloc(sizeof *sc, M_GEOM_SCHED, M_NOWAIT | M_ZERO); > + sc = malloc(sizeof *sc, M_GEOM_SCHED, M_WAITOK | M_ZERO); > sc->sc_geom = geom; > bioq_init(>sc_bioq); > callout_init(>sc_wait, CALLOUT_MPSAFE); Addition

Re: svn commit: r292772 - head/sys/vm

On Sun, Dec 27, 2015 at 02:42:39PM +, Konstantin Belousov wrote: > Author: kib > Date: Sun Dec 27 14:42:39 2015 > New Revision: 292772 > URL: https://svnweb.freebsd.org/changeset/base/292772 > > Log: > Add missed relpbuf() for a smallfs page-in. > > Rep

Re: svn commit: r293439 - in head: lib/libc/sys sys/dev/ti sys/kern sys/sys usr.bin/netstat

d.org/data/head-i386-default/p405601_s293454/logs/errors/graphviz-2.38.0_10.log > 739 ports are skipped due to this failure. I've run into this, too. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r302152 - head

f".) > > +20160622: > + The the libc stub for the pipe(2) system call has been replaced with > + a wrapper which calls the pipe2(2) system call and the pipe(2) is now > + only implemented by the kernels which include "options > + FREEBSD10_COMPAT" in t

Re: svn commit: r296047 - in head: . contrib/mdocml contrib/tcpdump etc/defaults etc/mtree etc/rc.d gnu/usr.bin/groff/tmac lib lib/libc/posix1e lib/libcapsicum lib/libcasper lib/libcasper/libcasper li

e`. Log of failed build here: http://jenkins.hardenedbsd.org:8180/jenkins/job/HardenedBSD-CURRENT-amd64/lastFailedBuild/console Reverting this commit makes everything happy again. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r294329 - in head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs: . sys

rent ZFS > instance than the host, so it should work just fine. Please let me > know if you have problems. -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r294507 - head/contrib/bsnmp/snmp_mibII

h_ifmib(struct mibif *ifp) > } > >out: > + strncpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name)); Why not strlcpy? You're not forcing null termination here, so there could be issues. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r294329 - in head/sys/cddl/contrib/opensolaris/uts/common/fs/zfs: . sys

by a zvol. The VM is running root-on-zfs. I wrote some experimental code that's now preventing the VM from booting (kernel panic due to userland change). Since I can't import the pool, I have no way of fixing the problem. I'm probably just going to go revert this commit locally on

Re: svn commit: r296881 - in head: contrib/bsnmp/snmp_mibII sys/netinet

/usr/src/sys/sys/sysctl.h:657:2: note: expanded from macro 'SYSCTL_COUNTER_U64_ARRAY' CTASSERTaccess) & CTLTYPE) == 0 || \ ^ /usr/src/sys/sys/systm.h:103:21: note: expanded from macro 'CTASSERT' #define CTAS

Re: svn commit: r297806 - head/sys/amd64/vmm/amd

ng > actual hardware MSR. This allows guest microcode update to go through which > otherwise failing because wrmsr() was returning EINVAL. Pardon my ignorance, but does that mean that prior to this commit, a bhyve guest on AMD could modify hardware? Thanks, -- Shawn W

Re: svn commit: r297806 - head/sys/amd64/vmm/amd

update > microcode. Now it just ignores the attempt. Whew. Thanks for the clarification! -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r296881 - in head: contrib/bsnmp/snmp_mibII sys/netinet

On Wed, Mar 16, 2016 at 04:14:22PM +0100, Hans Petter Selasky wrote: > On 03/16/16 16:05, Shawn Webb wrote: > > This breaks the build on amd64: > > I believe this is fixed by r296935. You're right. My src tree was outdated. Thanks! -- Shawn Webb Hardened

Re: svn commit: r298664 - head/sys/fs/msdosfs

On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: > > > On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote: > >> Author: kp > >> Date: Tue A

Re: svn commit: r298664 - head/sys/fs/msdosfs

On Tue, Apr 26, 2016 at 11:22:32PM +0200, Kristof Provost wrote: > > > On 26 Apr 2016, at 23:18, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > Was secteam@ even involved, then? Seems like a user-facing kernel buffer > > overflow ought to have involved secte

Re: svn commit: r298664 - head/sys/fs/msdosfs

, should this have a CVE? Though the commit log shows technical comments, it doesn't show related security information. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r298664 - head/sys/fs/msdosfs

On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote: > > > On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote: > >> Author: kp > >> Date: Tue A

Re: svn commit: r298002 - in head/sys: cam cam/ata cam/scsi conf dev/ahci

On Thu, Apr 14, 2016 at 04:24:45PM -0600, Warner Losh wrote: > On Thu, Apr 14, 2016 at 4:15 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > On Thu, Apr 14, 2016 at 04:04:27PM -0600, Warner Losh wrote: > > > On Thu, Apr 14, 2016 at 3:54 PM, Dmitry Morozov

Re: svn commit: r298002 - in head/sys: cam cam/ata cam/scsi conf dev/ahci

performance. Going on a tangent here, but related: As someone who is just barely stepping into the world of benchmarks and performance metrics, can you shed some light as to how you gained those metrics? I'd be extremely interested to learn. Thanks, -- Shawn Webb HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r303650 - head/sys/opencrypto

at 04:41:02PM -0700, Conrad Meyer wrote: > Hey Shawn, > > I don't think this is security-related despite being a bug in > crypto-adjacent code. At best it's a DoS, I think. > > Cheers, > Conrad > > On Mon, Aug 1, 2016 at 4:15 PM, Shawn Webb <shawn.w...@hardenedbsd.

Re: svn commit: r303849 - stable/11/sys/opencrypto

corruption typo > > PR: 204009 > Approved by:re (kib) Thank you very much! -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r303650 - head/sys/opencrypto

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On August 1, 2016 6:57:03 PM EDT, "Conrad E. Meyer" wrote: >Author: cem >Date: Mon Aug 1 22:57:03 2016 >New Revision: 303650 >URL: https://svnweb.freebsd.org/changeset/base/303650 > >Log: > opencrypto AES-ICM: Fix heap

Re: svn commit: r304153 - head/sys/dev/syscons

;/dev/ttyvN for any > N != 0. The console spam goes to ttyv0 and the non-console spam goes > to ttyvN, so the lock provided no protection (but it helped for > N == 0). > Hey Bruce, Should this be MFC'd after some point? Thanks, -- Shawn Webb Cofounder and Security Engineer Hardened

Re: svn commit: r314036 - head/usr.sbin/bsdinstall/scripts

nk a number of these options are good, but a bunch are no go. > I do not want something deleting my files from /tmp unexpectedly. TrueOS > has that on by default, and it has eaten useful files a few too many times. > > Breaking gdb should NOT be on by default either. > > For so

Re: svn commit: r314436 - in head: bin/cat bin/chflags bin/chmod bin/cp bin/date bin/dd bin/df bin/domainname bin/echo bin/ed bin/hostname bin/kill bin/ln bin/ls bin/mkdir bin/mv bin/pax bin/ps bin/pw

https://github.com/freebsd/freebsd/pull/96 This breaks building arm64 world at a minimum. -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r304692 - head/sys/dev/bhnd/bhndb

r window > handling. This resulted in the window target being left uninitialized > when an underflow occured. Is this remotely exploitable? What are the ramifications of this bug? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG

Re: svn commit: r304747 - in head/contrib/sqlite3: . tea

ea-3fc6-11e6-a671-60a44ce6887b. > > > > Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b > > Security: CVE-2016-6153 > > This should probably be MFCed in a week unless re@ wants it sooner of > course. Does this also need a FreeBSD errata no

Re: svn commit: r306417 - head/usr.sbin/portsnap/portsnap

tial Revision: https://reviews.freebsd.org/D8052 Hey Ed, Any plans to release a security announcement? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r305486 - head/usr.bin/bsdiff/bspatch

> > Reviewed by:allanjude, cem, kib > Obtained from: anonymous gist > MFC after: 3 days > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D7619 Hey Ed, Any plans to release a security announcement? Thanks,

Re: svn commit: r305819 - in head: contrib/libarchive/libarchive contrib/libarchive/libarchive/test lib/libarchive/tests

rity: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f Hey Martin, Any plans to release a security announcement? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r306509 - in head/sys: fs/nandfs kern sys ufs/ffs

inter can be obtained using __containerof instead. > > Reviewed by:kib Should __FreeBSD_Version be bumped? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A

Re: svn commit: r307861 - in head: contrib/libarchive contrib/libarchive/cat/test contrib/libarchive/cpio/test contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/tar/t

> Cheers, > mm > > > On 25.10.2016 17:16, Shawn Webb wrote: > > On Mon, Oct 24, 2016 at 02:08:06PM +, Martin Matuska wrote: > >> Author: mm > >> Date: Mon Oct 24 14:08:05 2016 > >> New Revision: 307861 > >> URL: https://svnweb.freebsd.org/changeset

Re: svn commit: r307394 - in head: share/man/man4 sys/conf sys/dev/netmap sys/modules/netmap sys/net tools/tools/netmap

On Wed, Oct 19, 2016 at 12:23:24PM -0400, Shawn Webb wrote: > On Sun, Oct 16, 2016 at 02:13:32PM +, Luigi Rizzo wrote: > > Author: luigi > > Date: Sun Oct 16 14:13:32 2016 > > New Revision: 307394 > > URL: https://svnweb.freebsd.org/changeset/base/307394 > >

Re: svn commit: r307082 - in head: . sys/amd64/conf sys/arm/conf sys/arm64/conf sys/conf sys/i386/conf sys/mips/conf sys/modules/cc sys/modules/khelp sys/netinet sys/netinet/tcp_stacks sys/pc98/conf s

T is enabled. Attached is a candidate patch to fix. If the patch doesn't make it to the list, I've pasted it here: http://ix.io/1wbE Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84

Re: svn commit: r307861 - in head: contrib/libarchive contrib/libarchive/cat/test contrib/libarchive/cpio/test contrib/libarchive/libarchive contrib/libarchive/libarchive/test contrib/libarchive/tar/t

doing this upgrade! Any plans to MFC? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r307394 - in head: share/man/man4 sys/conf sys/dev/netmap sys/modules/netmap sys/net tools/tools/netmap

d)); ^ /usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared identifier 'rd' /usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared identifier 'rd' /usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared

Re: svn commit: r307072 - in head/usr.sbin: . efivar

ed: > head/usr.sbin/Makefile The commit log says efivar(1), but the manpage is efivar(8). Maybe 1 is a typo? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r307072 - in head/usr.sbin: . efivar

On Tue, Oct 11, 2016 at 05:13:24PM -0600, Warner Losh wrote: > On Tue, Oct 11, 2016 at 5:11 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > On Tue, Oct 11, 2016 at 10:31:46PM +, Warner Losh wrote: > >> Author: imp > >> Date: Tue Oct 11 22:31:45 201

Re: svn commit: r311860 - head/sys/net80211

__func__, > + category, > + action); > + return (EINVAL); > +} > + This broke the build for kernel configurations that don't have the IEEE80211_DEBUG option set. ieee80211_note is only a valid function when IEEE80211_DEBUG is defined. Thanks, -- Shawn Webb Cof

Re: svn commit: r311459 - head/contrib/tcp_wrappers

iews.freebsd.org/D9052 This and r311461 breaks the build of a ton of ports. A good port to test would be databases/mysql56-client. I've pasted a log here: http://ix.io/1PkX Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG K

Re: svn commit: r311459 - head/contrib/tcp_wrappers

On Fri, Jan 06, 2017 at 10:42:52PM +0100, Dimitry Andric wrote: > On 06 Jan 2017, at 22:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > > > On Thu, Jan 05, 2017 at 08:44:45PM +, Dimitry Andric wrote: > >> Author: dim > >> Date: Thu Jan 5

Re: svn commit: r311736 - head/sys/dev/sdhci

www.zyxst.net/~bofh/rpi3/hbsd/panic0.jpg http://www.zyxst.net/~bofh/rpi3/hbsd/panic1.jpg Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r310624 - head/sys/net80211

; Note: this is a net80211 ABI change, and will require a kernel+modules > recompile. Happy Holidays, etc. Hey Adrian, Thank you very much for your hard work on the wireless stack. Since this introduces an ABI change, should __FreeBSD_version be bumped? Thanks, -- Shawn Webb Cofounder a

Re: svn commit: r310624 - head/sys/net80211

t; good reference point. > > Thanks, > > > -adrian > > > On 27 December 2016 at 06:08, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > On Tue, Dec 27, 2016 at 06:10:28AM +, Adrian Chadd wrote: > >> Author: adrian > >> Date: Tue Dec 27 06:10

Re: svn commit: r309639 - head/lib/libc/net

} else { > + if (rem < 2) > + break; > + *out++ = hexlist[i]; > + rem++; rem++ is incorrect. It should be rem--. HardenedBSD has a fix here: https://github.com/HardenedBSD/hardenedBSD/commit/fb823297fbced336b6beeeb624e2dc65b67aa0eb > + } > } > *out = 0; > return (obuf); Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r315331 - in head/libexec/rtld-elf: . aarch64 amd64 arm i386 mips powerpc powerpc64 riscv sparc64

t; Same feature exists on Linux and Solaris. > > Sponsored by: The FreeBSD Foundation > MFC after: 2 weeks Hey Kostik, I'm curious what the use case is for this. When would someone use LD_BIND_NOT? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID:

Re: svn commit: r316585 - in head/sys/boot: efi/boot1 efi/loader i386/common i386/loader i386/zfsboot zfs

.org/D10203 This breaks bhyve userboot: # sh /usr/share/examples/bhyve/vmrun.sh -c 8 -m 16g -t tap4 -C /dev/nmdm-laptop-dev-03-A -d /dev/zvol/enctank/bhyve/laptop-dev-03/disk-01 laptop-dev-03 /boot/userboot.so: Undefined symbol "ldi_get_size" Thanks, -- Shawn Webb Cofounder and Secur

Re: svn commit: r314886 - in head: bin/pwait bin/pwait/tests etc/mtree targets/pseudo/tests

ts.dist > head/targets/pseudo/tests/Makefile.depend This commit broke installworld: install: /builds/updater/chroot/usr/tests/bin/pwait/pwait: No such file or directory Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fing

Re: svn commit: r321420 - head/lib/clang/liblldb

> linking the lldb executable in some cases. In particular, when the > -ffunction-sections -fdata-sections options are turned off, or > ineffective. > > Reported by:Shawn Webb, Mark Millard > MFC after: 2 months > X-MFC-With: r308421 > > Modif

Re: svn commit: r320430 - head/sys/vm

On Thu, Jun 29, 2017 at 09:23:33AM -0400, Shawn Webb wrote: > On Wed, Jun 28, 2017 at 06:32:38PM -0400, Shawn Webb wrote: > > On Wed, Jun 28, 2017 at 04:02:37AM +, Konstantin Belousov wrote: > > > Author: kib > > > Date: Wed Jun 28 04:02:36 2017 > > > N

Re: svn commit: r320430 - head/sys/vm

ek > > Modified: > head/sys/vm/vm_map.c > head/sys/vm/vm_map.h > head/sys/vm/vm_mmap.c Hey Kostik, This commit breaks both xorg and shutting down/rebooting. Reverting this commit makes my laptop happy again. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key

Re: svn commit: r320430 - head/sys/vm

On Wed, Jun 28, 2017 at 06:32:38PM -0400, Shawn Webb wrote: > On Wed, Jun 28, 2017 at 04:02:37AM +, Konstantin Belousov wrote: > > Author: kib > > Date: Wed Jun 28 04:02:36 2017 > > New Revision: 320430 > > URL: https://svnweb.freebsd.org/changeset/base/32043

Re: svn commit: r318313 - head/libexec/rtld-elf

Integriforce in HardenedBSD). Since even the rtld is checked, an attacker can now bypass the application whitelisting scheme by running: /libexec/ld-elf.so.1 /path/to/previously/disallowed/executable Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r319796 - in head/lib/clang: libclang liblldb libllvm

liblldb. > > MFC after: 3 days > This commit breaks buildworld when WITH_LLD_IS_LD, WITH_SYSTEM_COMPILER, WITH_SHARED_TOOLCHAIN are set. Reverting this commit fixes the build. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE

Re: svn commit: r319971 - in head: contrib/jemalloc contrib/jemalloc/doc contrib/jemalloc/include/jemalloc contrib/jemalloc/include/jemalloc/internal contrib/jemalloc/src include lib/libc/stdlib/jemal

nd failed with exit code 1 (use -v to see invocation) --- libc.so.7.full --- *** [libc.so.7.full] Error code 1 make[4]: stopped in /scratch/fbsd/lib/libc Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD E

Re: svn commit: r322763 - head/lib/libc/amd64/sys

dBSD. Reverting just this commit enabled booting in a bhyve VM again. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r317015 - in head/sys: boot/forth conf crypto/chacha20 dev/random libkern sys

r: 2 months Hey Mark, Do you still plan to MFC this? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r326109 - in head/sys: conf dev/bhnd dev/bhnd/cores/chipc mips/conf modules/bhnd

fo' has incomplete type > *** [chipc_gpio.o] Error code 1 > > make[4]: stopped in /home/wma/ppc64-freebsd/sys/modules/bhnd > --- all_subdir_cardbus --- > --- cardbus.o --- > ctfconvert -L VERSION -g cardbus.o > A failure has been detected in another branch of the parallel make We've noticed

Re: svn commit: r326107 - in head/sys: kern sys

ys/sx.h This breaks ZFS: https://gist.github.com/lattera/93faa9c47ccc985ebda039ab31641c2c Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r326110 - head/sys/kern

OCK_READ)) > + return (true); > + return (false); > +} This bit of the patch breaks buildkernel. You left a consumer of RW_CAN_READ on line 554: MPASS(!RW_CAN_READ(td, v)); Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r326857 - in head: . share/mk stand/i386/zfsboot

this revision, will my system now fail to boot? Or, will it only fail to boot if I update the bootloader? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r325693 - in head: . share/mk sys/boot sys/boot/geli sys/boot/i386/gptboot sys/boot/i386/gptzfsboot sys/boot/i386/libi386 sys/boot/i386/loader sys/boot/i386/zfsboot sys/boot/i386/zfslo

e test script to build without GELI on x86. > > Sponsored by: Netflix > > Added: > head/tools/build/options/WITHOUT_LOADER_GEIL (contents, props changed) Should this be tools/build/options/WITHOUT_LOADER_GELI instead? Thanks, -- Shawn Webb Cofounder and Security Engineer Har

Re: svn commit: r318736 - in head: cddl/lib/libzfs contrib/compiler-rt/lib/sanitizer_common contrib/openbsm/libbsm include lib/libarchive lib/libc/gen lib/libc/include lib/libc/sys lib/libkvm lib/libm

erential revision: https://reviews.freebsd.org/D10439 > > Modified: > head/contrib/openbsm/libbsm/bsm_wrappers.c Hey Kostik, Did the OpenBSM changes ever make it upstream to the OpenBSM project? I'm looking through the commits of the OpenBSM project and it looks like they never

Re: svn commit: r334216 - head/usr.sbin/bhyve

@ topology_parse(const char *opt) > > goto out; > > } > > free(str); > > + str = NULL; > > > > /* > > * Range check 1 <= n <= UINT16_MAX all values > > @@ -253,7 +255,8 @@ topology_parse(const char *

Re: svn commit: r334199 - head/usr.sbin/bhyve

> > > > > > IMHO we only use assert for asserting things ought to never be > > false > > > > > > except in buggy code. Using assert for handling is poor practice. > > > > > > > > > > > > > > > > Again, in thi

Re: svn commit: r334199 - head/usr.sbin/bhyve

and fix more of these cases. Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Desc

Re: svn commit: r334719 - in head: cddl/lib/libdtrace lib/libc/sys sys/kern sys/netinet sys/netinet6 sys/sys

per must specify a random value as a cookie. Applications who want to share the port, then, must also specify the cookie (perhaps via another socket option?). What are your thoughts? I'm CC'ing Johannes to get his thoughts as well. Thanks, -- Shawn Webb Cofounder and Se

Re: svn commit: r335690 - head/sys/kern

t; >> - for (i = 0; path[i]; i++) > >> - if (!(isalpha(path[i]) || isdigit(path[i])) && > >> - path[i] != '/' && path[i] != '.' && > >> - path[i] != '-') > >> -

Re: svn commit: r327614 - head/usr.bin/morse

19 > Reviewed by:kevans > > [snip] > > +void > +fdecode(FILE *stream) Hey Eitan, This broke the arm64 build: https://jenkins.hardenedbsd.org/jenkins/job/HardenedBSD-CURRENT-arm64/159/console Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ifi

Re: svn commit: r327614 - head/usr.bin/morse

On Sat, Jan 06, 2018 at 08:33:07AM -0500, Shawn Webb wrote: > On Sat, Jan 06, 2018 at 07:02:24AM +, Eitan Adler wrote: > > Author: eadler > > Date: Sat Jan 6 07:02:24 2018 > > New Revision: 327614 > > URL: https://svnweb.freebsd.org/changeset/base/327614

Re: svn commit: r327843 - stable/11/tools/build/options

ld src.conf.5 be regenerated as well? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r327843 - stable/11/tools/build/options

On Thu, Jan 11, 2018 at 01:18:28PM -0700, Ian Lepore wrote: > On Thu, 2018-01-11 at 15:05 -0500, Shawn Webb wrote: > > On Thu, Jan 11, 2018 at 07:41:00PM +, Ian Lepore wrote: > > > > > > Author: ian > > > Date: Thu Jan 11 19:41:00 2018 > &g

Re: svn commit: r328625 - in head/sys: amd64/amd64 amd64/ia32 amd64/include dev/cpuctl i386/i386 x86/include x86/x86

d by: The FreeBSD Foundation > MFC after: 1 week > Differential revision: https://reviews.freebsd.org/D14029 Hey Kostik, Thank you very much for your work on this. I'm curious why you disable IBPB for userland. Thanks, -- Shawn Webb Cofounder and Security Engine

Re: svn commit: r329140 - in stable/11: . share/mk sys/arm/include sys/arm64/include sys/boot sys/boot/arm/at91 sys/boot/arm/at91/boot0 sys/boot/arm/at91/boot0iic sys/boot/arm/at91/boot0spi sys/boot/a

gt; - copied unchanged from r325693, > head/tools/build/options/WITHOUT_LOADER_GEIL Shouldn't this be WITHOUT_LOADER_GELI? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint:

Re: svn commit: r329162 - in head/sys/amd64/vmm: amd intel

: call 2f /* create an RSB entry. */ > +1: pause > + call 1b /* capture rogue speculation. */ > +2: sub $1, %ecx > + jnz 0b > + mov %rax, %rsp > + > /* Restore host state */ > pop %r15 > pop %r14 > For amd syste

Re: svn commit: r336919 - head/sys/dev/efidev

TUNABLE_INT_FETCH("efi.rt_disabled", _disabled); Would it be a good idea to document this tunable in loader(8)? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 Tor+XMPP+OTR:latt...@is.a.hacker.sx GPG Key ID: 0x6A84658

Re: svn commit: r336744 - in head: sbin/pfctl/tests/files share/mk

On Thu, Jul 26, 2018 at 11:11:05AM -0600, Brad Davis wrote: > On Thu, Jul 26, 2018, at 11:09 AM, Shawn Webb wrote: > > On Thu, Jul 26, 2018 at 05:05:34PM +, Brad Davis wrote: > > > Author: brd > > > Date: Thu Jul 26 17:05:33 2018 > > > New Revision: 336744 &

Re: svn commit: r336744 - in head: sbin/pfctl/tests/files share/mk

${.CURDIR}/pf.include > -FILES+= ${.CURDIR}/pf.ok > +FILES!= echo ${.CURDIR}/pf.in ${.CURDIR}/pf????.include > ${.CURDIR}/pf.ok Should this use ${ECHO} instead of echo? Thanks, -- Shawn Webb Cofounder and Security Engineer Harde

Re: svn commit: r336203 - in head: contrib/wpa contrib/wpa/hostapd contrib/wpa/hs20/client contrib/wpa/patches contrib/wpa/src/ap contrib/wpa/src/common contrib/wpa/src/crypto contrib/wpa/src/drivers

>> > > new PTK would depend on a new nonce only from the supplicant. > >>> > > > >>> > > Fix this by generating a new ANonce when moving to the PTKSTART > >>> > > state > >>> > > for the purpose of starting new 4-

Re: svn commit: r336289 - head/sys/security/mac_veriexec

.mpo_vnode_check_open = mac_veriexec_vnode_check_open, > + .mpo_vnode_check_setmode = mac_veriexec_vnode_check_setmode, > .mpo_vnode_copy_label = mac_veriexec_copy_label, > .mpo_vnode_destroy_label = mac_veriexec_vnode_destroy_label, > .mpo_vnode_init_label = mac_veriexec_vnode_i

Re: svn commit: r338494 - head/sys/cam/ctl

nts. > > Somehow this was working even after PTI in, at least on amd64, and got > broken by something only very recently. Is anyone investigating why the direct access still worked? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-

Re: svn commit: r338494 - head/sys/cam/ctl

On Thu, Sep 06, 2018 at 08:24:32AM -0700, John Baldwin wrote: > On 9/6/18 7:54 AM, Shawn Webb wrote: > > On Thu, Sep 06, 2018 at 02:03:10PM +, Alexander Motin wrote: > >> Author: mav > >> Date: Thu Sep 6 14:03:10 2018 > >> New Revision: 338494 > >&

Re: svn commit: r329984 - in head: cddl/contrib/opensolaris/lib/libzpool/common sys/cddl/compat/opensolaris/sys

On Wed, Mar 14, 2018 at 04:51:27PM -0600, Alan Somers wrote: > On Wed, Mar 14, 2018 at 4:50 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > On Sun, Feb 25, 2018 at 02:29:43PM +, Alan Somers wrote: > > > Author: asomers > > > Date: Sun Feb 25 1

Re: svn commit: r329984 - in head: cddl/contrib/opensolaris/lib/libzpool/common sys/cddl/compat/opensolaris/sys

On Wed, Mar 14, 2018 at 05:06:09PM -0600, Alan Somers wrote: > On Wed, Mar 14, 2018 at 4:56 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > On Wed, Mar 14, 2018 at 04:51:27PM -0600, Alan Somers wrote: > > > On Wed, Mar 14, 2018 at 4:50 PM, Shawn We

Re: svn commit: r329984 - in head: cddl/contrib/opensolaris/lib/libzpool/common sys/cddl/compat/opensolaris/sys

On Wed, Mar 14, 2018 at 05:20:00PM -0600, Alan Somers wrote: > On Wed, Mar 14, 2018 at 5:11 PM, Shawn Webb <shawn.w...@hardenedbsd.org> > wrote: > > > On Wed, Mar 14, 2018 at 05:06:09PM -0600, Alan Somers wrote: > > > On Wed, Mar 14, 2018 at 4:56 PM, Shawn We

Re: svn commit: r329984 - in head: cddl/contrib/opensolaris/lib/libzpool/common sys/cddl/compat/opensolaris/sys

error: /lib/libuutil.so.2: Undefined symbol "__assfail" Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD Tor-ified Signal:+1 443-546-8752 GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE signature.asc Description: PGP signature

Re: svn commit: r331880 - stable/11/etc

daemon > > Usage is ${name}_limits, and the argument is any flags accepted by > limits(1), such as `-n 100' (e.g. only allow 100 open files). A HardenedBSD user has reported an issue with this commit: https://twitter.com/0x666c7578/status/982901931969597440 Thanks, -- Shawn Webb C

  1   2   >