On Wed, 2015-01-21 at 16:10 +, Konstantin Belousov wrote:
Author: kib
Date: Wed Jan 21 16:10:37 2015
New Revision: 277487
URL: https://svnweb.freebsd.org/changeset/base/277487
Log:
An update for the i915 GPU driver, which brings the code up to Linux
commit 4d93914ae3db4a897ead4b.
On Tuesday, February 17, 2015 08:06:32 PM Shawn Webb wrote:
On Tuesday, February 17, 2015 11:14:26 PM John-Mark Gurney wrote:
Author: jmg
Date: Tue Feb 17 23:14:26 2015
New Revision: 278927
URL: https://svnweb.freebsd.org/changeset/base/278927
Log:
Fix a bug where this function
On Tuesday, February 17, 2015 11:14:26 PM John-Mark Gurney wrote:
Author: jmg
Date: Tue Feb 17 23:14:26 2015
New Revision: 278927
URL: https://svnweb.freebsd.org/changeset/base/278927
Log:
Fix a bug where this function overflowed it's buffer... This was
causing ZFS panics on boot...
On Monday, December 08, 2014 04:42:35 PM Konstantin Belousov wrote:
Author: kib
Date: Mon Dec 8 16:42:34 2014
New Revision: 275619
URL: https://svnweb.freebsd.org/changeset/base/275619
Log:
When getnewbuf_reuse_bp() is called to reclaim some (clean) buffer,
the vnode owning the
On Sat, 2015-04-25 at 16:51 +0200, Joerg Sonnenberger wrote:
On Sat, Apr 25, 2015 at 12:51:44AM +, Xin LI wrote:
Attempt to connect to alternate addresses if the connect doesn't
succeed in 180ms, and cut wait time between connection attempts
in half for each additional, if no
lattera = Shawn Webb from HardenedBSD = me
;)
Thanks,
Shawn
signature.asc
Description: This is a digitally signed message part
On Wed, 2015-05-20 at 20:01 +0300, Andriy Gapon wrote:
On 20/05/2015 16:04, Garrett Cooper wrote:
Author: ngie
Date: Wed May 20 13:04:00 2015
New Revision: 283151
URL: https://svnweb.freebsd.org/changeset/base/283151
Log:
cddl/lib/libctf isn't always a requirement for
of 2048 bits.
If upstream will be using 2048 bits, why not simply use that?
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: This is a digitally signed message part
Sponsored by: Norse Corp, Inc.
Does this commit need to be MFC'd to stable/10? Or is this only for HEAD?
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID:0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description
one less bug.
Reported by:Berislav Purgar bpur...@gmail.com
Modified:
head/sys/contrib/dev/ath/ath_hal/ar9300/ar9300_misc.c
Hey Adrian,
Can this be MFC'd?
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486
pport with
that?
HardenedBSD has a feature called Integriforce, which allows us to
validate executables against a pre-computed list of hashes loaded into
the kernel. It'd be extremely nice to add support for these other
hashing algorithms.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
pgpcBuNS7uJTp.pgp
Description: PGP signature
-tests/1177/console
We're seeing this error in HardenedBSD, too.
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: This is a digitally signed message part
rt
> }
>
> +pccard_ether_startchildren()
> +{
> + for child in `get_if_var $ifn wlans_IF`; do
> + /etc/rc.d/netif quietstart $child
> + done
> +}
> +
> +pccard_ether_stopchildren()
> +{
> + for child in `get_if_var $ifn wlans_IF`; do
>
> K>
> K> Log:
> K> Add missed relpbuf() for a smallfs page-in.
> K>
> K> Reported by: Shawn Webb
> K> Tested by: pho
> K> Sponsored by:The FreeBSD Foundation
> K>
> K> Modified:
&g
an sleep */
> - sc = malloc(sizeof *sc, M_GEOM_SCHED, M_NOWAIT | M_ZERO);
> + sc = malloc(sizeof *sc, M_GEOM_SCHED, M_WAITOK | M_ZERO);
> sc->sc_geom = geom;
> bioq_init(>sc_bioq);
> callout_init(>sc_wait, CALLOUT_MPSAFE);
Addition
On Sun, Dec 27, 2015 at 02:42:39PM +, Konstantin Belousov wrote:
> Author: kib
> Date: Sun Dec 27 14:42:39 2015
> New Revision: 292772
> URL: https://svnweb.freebsd.org/changeset/base/292772
>
> Log:
> Add missed relpbuf() for a smallfs page-in.
>
> Rep
d.org/data/head-i386-default/p405601_s293454/logs/errors/graphviz-2.38.0_10.log
> 739 ports are skipped due to this failure.
I've run into this, too.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
f".)
>
> +20160622:
> + The the libc stub for the pipe(2) system call has been replaced with
> + a wrapper which calls the pipe2(2) system call and the pipe(2) is now
> + only implemented by the kernels which include "options
> + FREEBSD10_COMPAT" in t
e`.
Log of failed build here:
http://jenkins.hardenedbsd.org:8180/jenkins/job/HardenedBSD-CURRENT-amd64/lastFailedBuild/console
Reverting this commit makes everything happy again.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
rent ZFS
> instance than the host, so it should work just fine. Please let me
> know if you have problems.
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
h_ifmib(struct mibif *ifp)
> }
>
>out:
> + strncpy(irr.ifr_name, ifp->name, sizeof(irr.ifr_name));
Why not strlcpy? You're not forcing null termination here, so there
could be issues.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
by a zvol. The VM is running root-on-zfs. I wrote some experimental code
that's now preventing the VM from booting (kernel panic due to userland
change). Since I can't import the pool, I have no way of fixing the
problem.
I'm probably just going to go revert this commit locally on
/usr/src/sys/sys/sysctl.h:657:2: note: expanded from macro
'SYSCTL_COUNTER_U64_ARRAY'
CTASSERTaccess) & CTLTYPE) == 0 || \
^
/usr/src/sys/sys/systm.h:103:21: note: expanded from macro 'CTASSERT'
#define CTAS
ng
> actual hardware MSR. This allows guest microcode update to go through which
> otherwise failing because wrmsr() was returning EINVAL.
Pardon my ignorance, but does that mean that prior to this commit, a
bhyve guest on AMD could modify hardware?
Thanks,
--
Shawn W
update
> microcode. Now it just ignores the attempt.
Whew. Thanks for the clarification!
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
On Wed, Mar 16, 2016 at 04:14:22PM +0100, Hans Petter Selasky wrote:
> On 03/16/16 16:05, Shawn Webb wrote:
> > This breaks the build on amd64:
>
> I believe this is fixed by r296935.
You're right. My src tree was outdated. Thanks!
--
Shawn Webb
Hardened
On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>
> > On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
> >
> > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
> >> Author: kp
> >> Date: Tue A
On Tue, Apr 26, 2016 at 11:22:32PM +0200, Kristof Provost wrote:
>
> > On 26 Apr 2016, at 23:18, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
> > Was secteam@ even involved, then? Seems like a user-facing kernel buffer
> > overflow ought to have involved secte
, should this have
a CVE? Though the commit log shows technical comments, it doesn't show
related security information.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>
> > On 26 Apr 2016, at 23:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
> >
> > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
> >> Author: kp
> >> Date: Tue A
On Thu, Apr 14, 2016 at 04:24:45PM -0600, Warner Losh wrote:
> On Thu, Apr 14, 2016 at 4:15 PM, Shawn Webb <shawn.w...@hardenedbsd.org>
> wrote:
>
> > On Thu, Apr 14, 2016 at 04:04:27PM -0600, Warner Losh wrote:
> > > On Thu, Apr 14, 2016 at 3:54 PM, Dmitry Morozov
performance.
Going on a tangent here, but related:
As someone who is just barely stepping into the world of benchmarks and
performance metrics, can you shed some light as to how you gained those
metrics? I'd be extremely interested to learn.
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
at 04:41:02PM -0700, Conrad Meyer wrote:
> Hey Shawn,
>
> I don't think this is security-related despite being a bug in
> crypto-adjacent code. At best it's a DoS, I think.
>
> Cheers,
> Conrad
>
> On Mon, Aug 1, 2016 at 4:15 PM, Shawn Webb <shawn.w...@hardenedbsd.
corruption typo
>
> PR: 204009
> Approved by:re (kib)
Thank you very much!
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On August 1, 2016 6:57:03 PM EDT, "Conrad E. Meyer" wrote:
>Author: cem
>Date: Mon Aug 1 22:57:03 2016
>New Revision: 303650
>URL: https://svnweb.freebsd.org/changeset/base/303650
>
>Log:
> opencrypto AES-ICM: Fix heap
;/dev/ttyvN for any
> N != 0. The console spam goes to ttyv0 and the non-console spam goes
> to ttyvN, so the lock provided no protection (but it helped for
> N == 0).
>
Hey Bruce,
Should this be MFC'd after some point?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
Hardened
nk a number of these options are good, but a bunch are no go.
> I do not want something deleting my files from /tmp unexpectedly. TrueOS
> has that on by default, and it has eaten useful files a few too many times.
>
> Breaking gdb should NOT be on by default either.
>
> For so
https://github.com/freebsd/freebsd/pull/96
This breaks building arm64 world at a minimum.
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
r window
> handling. This resulted in the window target being left uninitialized
> when an underflow occured.
Is this remotely exploitable? What are the ramifications of this bug?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG
ea-3fc6-11e6-a671-60a44ce6887b.
> >
> > Security: VuXML 546deeea-3fc6-11e6-a671-60a44ce6887b
> > Security: CVE-2016-6153
>
> This should probably be MFCed in a week unless re@ wants it sooner of
> course.
Does this also need a FreeBSD errata no
tial Revision: https://reviews.freebsd.org/D8052
Hey Ed,
Any plans to release a security announcement?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
>
> Reviewed by:allanjude, cem, kib
> Obtained from: anonymous gist
> MFC after: 3 days
> Sponsored by: The FreeBSD Foundation
> Differential Revision: https://reviews.freebsd.org/D7619
Hey Ed,
Any plans to release a security announcement?
Thanks,
rity: http://gist.github.com/anonymous/e48209b03f1dd9625a992717e7b89c4f
Hey Martin,
Any plans to release a security announcement?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
inter can be obtained using __containerof instead.
>
> Reviewed by:kib
Should __FreeBSD_Version be bumped?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A
> Cheers,
> mm
>
>
> On 25.10.2016 17:16, Shawn Webb wrote:
> > On Mon, Oct 24, 2016 at 02:08:06PM +, Martin Matuska wrote:
> >> Author: mm
> >> Date: Mon Oct 24 14:08:05 2016
> >> New Revision: 307861
> >> URL: https://svnweb.freebsd.org/changeset
On Wed, Oct 19, 2016 at 12:23:24PM -0400, Shawn Webb wrote:
> On Sun, Oct 16, 2016 at 02:13:32PM +, Luigi Rizzo wrote:
> > Author: luigi
> > Date: Sun Oct 16 14:13:32 2016
> > New Revision: 307394
> > URL: https://svnweb.freebsd.org/changeset/base/307394
> >
T is enabled. Attached is a
candidate patch to fix.
If the patch doesn't make it to the list, I've pasted it here:
http://ix.io/1wbE
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84
doing this upgrade! Any plans to MFC?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
d));
^
/usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared
identifier 'rd'
/usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared
identifier 'rd'
/usr/src/sys/dev/netmap/netmap_freebsd.c:1410:25: error: use of undeclared
ed:
> head/usr.sbin/Makefile
The commit log says efivar(1), but the manpage is efivar(8). Maybe 1 is
a typo?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
On Tue, Oct 11, 2016 at 05:13:24PM -0600, Warner Losh wrote:
> On Tue, Oct 11, 2016 at 5:11 PM, Shawn Webb <shawn.w...@hardenedbsd.org>
> wrote:
> > On Tue, Oct 11, 2016 at 10:31:46PM +, Warner Losh wrote:
> >> Author: imp
> >> Date: Tue Oct 11 22:31:45 201
__func__,
> + category,
> + action);
> + return (EINVAL);
> +}
> +
This broke the build for kernel configurations that don't have the
IEEE80211_DEBUG option set. ieee80211_note is only a valid function when
IEEE80211_DEBUG is defined.
Thanks,
--
Shawn Webb
Cof
iews.freebsd.org/D9052
This and r311461 breaks the build of a ton of ports. A good port to test
would be databases/mysql56-client. I've pasted a log here:
http://ix.io/1PkX
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG K
On Fri, Jan 06, 2017 at 10:42:52PM +0100, Dimitry Andric wrote:
> On 06 Jan 2017, at 22:01, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
> >
> > On Thu, Jan 05, 2017 at 08:44:45PM +, Dimitry Andric wrote:
> >> Author: dim
> >> Date: Thu Jan 5
www.zyxst.net/~bofh/rpi3/hbsd/panic0.jpg
http://www.zyxst.net/~bofh/rpi3/hbsd/panic1.jpg
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
; Note: this is a net80211 ABI change, and will require a kernel+modules
> recompile. Happy Holidays, etc.
Hey Adrian,
Thank you very much for your hard work on the wireless stack. Since this
introduces an ABI change, should __FreeBSD_version be bumped?
Thanks,
--
Shawn Webb
Cofounder a
t; good reference point.
>
> Thanks,
>
>
> -adrian
>
>
> On 27 December 2016 at 06:08, Shawn Webb <shawn.w...@hardenedbsd.org> wrote:
> > On Tue, Dec 27, 2016 at 06:10:28AM +, Adrian Chadd wrote:
> >> Author: adrian
> >> Date: Tue Dec 27 06:10
} else {
> + if (rem < 2)
> + break;
> + *out++ = hexlist[i];
> + rem++;
rem++ is incorrect. It should be rem--. HardenedBSD has a fix here:
https://github.com/HardenedBSD/hardenedBSD/commit/fb823297fbced336b6beeeb624e2dc65b67aa0eb
> + }
> }
> *out = 0;
> return (obuf);
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
t; Same feature exists on Linux and Solaris.
>
> Sponsored by: The FreeBSD Foundation
> MFC after: 2 weeks
Hey Kostik,
I'm curious what the use case is for this. When would someone use
LD_BIND_NOT?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID:
.org/D10203
This breaks bhyve userboot:
# sh /usr/share/examples/bhyve/vmrun.sh -c 8 -m 16g -t tap4 -C
/dev/nmdm-laptop-dev-03-A -d /dev/zvol/enctank/bhyve/laptop-dev-03/disk-01
laptop-dev-03
/boot/userboot.so: Undefined symbol "ldi_get_size"
Thanks,
--
Shawn Webb
Cofounder and Secur
ts.dist
> head/targets/pseudo/tests/Makefile.depend
This commit broke installworld:
install: /builds/updater/chroot/usr/tests/bin/pwait/pwait: No such file or
directory
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fing
> linking the lldb executable in some cases. In particular, when the
> -ffunction-sections -fdata-sections options are turned off, or
> ineffective.
>
> Reported by:Shawn Webb, Mark Millard
> MFC after: 2 months
> X-MFC-With: r308421
>
> Modif
On Thu, Jun 29, 2017 at 09:23:33AM -0400, Shawn Webb wrote:
> On Wed, Jun 28, 2017 at 06:32:38PM -0400, Shawn Webb wrote:
> > On Wed, Jun 28, 2017 at 04:02:37AM +, Konstantin Belousov wrote:
> > > Author: kib
> > > Date: Wed Jun 28 04:02:36 2017
> > > N
ek
>
> Modified:
> head/sys/vm/vm_map.c
> head/sys/vm/vm_map.h
> head/sys/vm/vm_mmap.c
Hey Kostik,
This commit breaks both xorg and shutting down/rebooting. Reverting this
commit makes my laptop happy again.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key
On Wed, Jun 28, 2017 at 06:32:38PM -0400, Shawn Webb wrote:
> On Wed, Jun 28, 2017 at 04:02:37AM +, Konstantin Belousov wrote:
> > Author: kib
> > Date: Wed Jun 28 04:02:36 2017
> > New Revision: 320430
> > URL: https://svnweb.freebsd.org/changeset/base/32043
Integriforce in HardenedBSD).
Since even the rtld is checked, an attacker can now bypass the
application whitelisting scheme by running: /libexec/ld-elf.so.1
/path/to/previously/disallowed/executable
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
liblldb.
>
> MFC after: 3 days
>
This commit breaks buildworld when WITH_LLD_IS_LD,
WITH_SYSTEM_COMPILER, WITH_SHARED_TOOLCHAIN are set.
Reverting this commit fixes the build.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
nd failed with exit code 1 (use -v to see invocation)
--- libc.so.7.full ---
*** [libc.so.7.full] Error code 1
make[4]: stopped in /scratch/fbsd/lib/libc
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD E
dBSD.
Reverting just this commit enabled booting in a bhyve VM again.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
r: 2 months
Hey Mark,
Do you still plan to MFC this?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
fo' has incomplete type
> *** [chipc_gpio.o] Error code 1
>
> make[4]: stopped in /home/wma/ppc64-freebsd/sys/modules/bhnd
> --- all_subdir_cardbus ---
> --- cardbus.o ---
> ctfconvert -L VERSION -g cardbus.o
> A failure has been detected in another branch of the parallel make
We've noticed
ys/sx.h
This breaks ZFS:
https://gist.github.com/lattera/93faa9c47ccc985ebda039ab31641c2c
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
OCK_READ))
> + return (true);
> + return (false);
> +}
This bit of the patch breaks buildkernel. You left a consumer of
RW_CAN_READ on line 554: MPASS(!RW_CAN_READ(td, v));
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
this revision, will my system now fail to
boot?
Or, will it only fail to boot if I update the bootloader?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
e test script to build without GELI on x86.
>
> Sponsored by: Netflix
>
> Added:
> head/tools/build/options/WITHOUT_LOADER_GEIL (contents, props changed)
Should this be tools/build/options/WITHOUT_LOADER_GELI instead?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
Har
erential revision: https://reviews.freebsd.org/D10439
>
> Modified:
> head/contrib/openbsm/libbsm/bsm_wrappers.c
Hey Kostik,
Did the OpenBSM changes ever make it upstream to the OpenBSM project?
I'm looking through the commits of the OpenBSM project and it looks
like they never
@ topology_parse(const char *opt)
> > goto out;
> > }
> > free(str);
> > + str = NULL;
> >
> > /*
> > * Range check 1 <= n <= UINT16_MAX all values
> > @@ -253,7 +255,8 @@ topology_parse(const char *
> > > > > > IMHO we only use assert for asserting things ought to never be
> > false
> > > > > > except in buggy code. Using assert for handling is poor practice.
> > > > > >
> > > > >
> > > > > Again, in thi
and fix more of these cases.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Desc
per must specify a random value as a cookie. Applications who
want to share the port, then, must also specify the cookie (perhaps
via another socket option?).
What are your thoughts? I'm CC'ing Johannes to get his thoughts as
well.
Thanks,
--
Shawn Webb
Cofounder and Se
t; >> - for (i = 0; path[i]; i++)
> >> - if (!(isalpha(path[i]) || isdigit(path[i])) &&
> >> - path[i] != '/' && path[i] != '.' &&
> >> - path[i] != '-')
> >> -
19
> Reviewed by:kevans
>
> [snip]
>
> +void
> +fdecode(FILE *stream)
Hey Eitan,
This broke the arm64 build:
https://jenkins.hardenedbsd.org/jenkins/job/HardenedBSD-CURRENT-arm64/159/console
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ifi
On Sat, Jan 06, 2018 at 08:33:07AM -0500, Shawn Webb wrote:
> On Sat, Jan 06, 2018 at 07:02:24AM +, Eitan Adler wrote:
> > Author: eadler
> > Date: Sat Jan 6 07:02:24 2018
> > New Revision: 327614
> > URL: https://svnweb.freebsd.org/changeset/base/327614
ld src.conf.5 be regenerated as well?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
On Thu, Jan 11, 2018 at 01:18:28PM -0700, Ian Lepore wrote:
> On Thu, 2018-01-11 at 15:05 -0500, Shawn Webb wrote:
> > On Thu, Jan 11, 2018 at 07:41:00PM +, Ian Lepore wrote:
> > >
> > > Author: ian
> > > Date: Thu Jan 11 19:41:00 2018
> &g
d by: The FreeBSD Foundation
> MFC after: 1 week
> Differential revision: https://reviews.freebsd.org/D14029
Hey Kostik,
Thank you very much for your work on this. I'm curious why you disable
IBPB for userland.
Thanks,
--
Shawn Webb
Cofounder and Security Engine
gt; - copied unchanged from r325693,
> head/tools/build/options/WITHOUT_LOADER_GEIL
Shouldn't this be WITHOUT_LOADER_GELI?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint:
: call 2f /* create an RSB entry. */
> +1: pause
> + call 1b /* capture rogue speculation. */
> +2: sub $1, %ecx
> + jnz 0b
> + mov %rax, %rsp
> +
> /* Restore host state */
> pop %r15
> pop %r14
>
For amd syste
TUNABLE_INT_FETCH("efi.rt_disabled", _disabled);
Would it be a good idea to document this tunable in loader(8)?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID: 0x6A84658
On Thu, Jul 26, 2018 at 11:11:05AM -0600, Brad Davis wrote:
> On Thu, Jul 26, 2018, at 11:09 AM, Shawn Webb wrote:
> > On Thu, Jul 26, 2018 at 05:05:34PM +, Brad Davis wrote:
> > > Author: brd
> > > Date: Thu Jul 26 17:05:33 2018
> > > New Revision: 336744
&
${.CURDIR}/pf.include
> -FILES+= ${.CURDIR}/pf.ok
> +FILES!= echo ${.CURDIR}/pf.in ${.CURDIR}/pf????.include
> ${.CURDIR}/pf.ok
Should this use ${ECHO} instead of echo?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
Harde
>> > > new PTK would depend on a new nonce only from the supplicant.
> >>> > >
> >>> > > Fix this by generating a new ANonce when moving to the PTKSTART
> >>> > > state
> >>> > > for the purpose of starting new 4-
.mpo_vnode_check_open = mac_veriexec_vnode_check_open,
> + .mpo_vnode_check_setmode = mac_veriexec_vnode_check_setmode,
> .mpo_vnode_copy_label = mac_veriexec_copy_label,
> .mpo_vnode_destroy_label = mac_veriexec_vnode_destroy_label,
> .mpo_vnode_init_label = mac_veriexec_vnode_i
nts.
>
> Somehow this was working even after PTI in, at least on amd64, and got
> broken by something only very recently.
Is anyone investigating why the direct access still worked?
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-
On Thu, Sep 06, 2018 at 08:24:32AM -0700, John Baldwin wrote:
> On 9/6/18 7:54 AM, Shawn Webb wrote:
> > On Thu, Sep 06, 2018 at 02:03:10PM +, Alexander Motin wrote:
> >> Author: mav
> >> Date: Thu Sep 6 14:03:10 2018
> >> New Revision: 338494
> >&
On Wed, Mar 14, 2018 at 04:51:27PM -0600, Alan Somers wrote:
> On Wed, Mar 14, 2018 at 4:50 PM, Shawn Webb <shawn.w...@hardenedbsd.org>
> wrote:
>
> > On Sun, Feb 25, 2018 at 02:29:43PM +, Alan Somers wrote:
> > > Author: asomers
> > > Date: Sun Feb 25 1
On Wed, Mar 14, 2018 at 05:06:09PM -0600, Alan Somers wrote:
> On Wed, Mar 14, 2018 at 4:56 PM, Shawn Webb <shawn.w...@hardenedbsd.org>
> wrote:
>
> > On Wed, Mar 14, 2018 at 04:51:27PM -0600, Alan Somers wrote:
> > > On Wed, Mar 14, 2018 at 4:50 PM, Shawn We
On Wed, Mar 14, 2018 at 05:20:00PM -0600, Alan Somers wrote:
> On Wed, Mar 14, 2018 at 5:11 PM, Shawn Webb <shawn.w...@hardenedbsd.org>
> wrote:
>
> > On Wed, Mar 14, 2018 at 05:06:09PM -0600, Alan Somers wrote:
> > > On Wed, Mar 14, 2018 at 4:56 PM, Shawn We
error:
/lib/libuutil.so.2: Undefined symbol "__assfail"
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
Tor-ified Signal:+1 443-546-8752
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
daemon
>
> Usage is ${name}_limits, and the argument is any flags accepted by
> limits(1), such as `-n 100' (e.g. only allow 100 open files).
A HardenedBSD user has reported an issue with this commit:
https://twitter.com/0x666c7578/status/982901931969597440
Thanks,
--
Shawn Webb
C
1 - 100 of 187 matches
Mail list logo