Re: TIOCSTI

[Jeremie Courreges-Anglas]

Theo de Raadt  writes:

> Back around 1989, Ken Stauffer and I found a kernel security hole in
> SunOS (the "open 3" bug) and used it along with TIOCSTI.
>
> That bug was fixed at least twice: we reported it and it was fixed in
> SunOS, then when *BSD code became available I found it was still
> unfixed and fixed it myself, and I believe other systems have found it
> much later and fixed it themselves.
>
> However even after that bug was fixed, there's always been the risk
> that a program manages to retain tty association beyond it's intended
> lifetime, and then it can perform injections with TIOCSTI.
>
> So I've always wanted to get rid of TIOCSTI.  I consider it the most
> dangerous tty ioctl.
>
> In base, the main consumers are csh file completion, and mail ~h
> header editing.  Anton has fixed those, by writing a new tenex-style
> parser and causing those programs run in CBREAK mode instead.
>
> There are indications that a few ports use TIOCSTI.  The list is
> pretty small, and I have not reviewed whether the use of TIOCSTI
> actually occurs during runtime on OpenBSD:
>
> x11vnc tcsh ucblogo brltty epic4 trn libsanitizer
> jvim2.0r+onew2.2.10-wnn4

> emacs

TIOCSTI is only used once in editors/emacs.  The return value of
ioctl(2) isn't checked.  This is in the "suspend-emacs" function, ie
what's called when pressing ^Z, can take an optional string to be sent
to the parent process.

I could spot only one place in emacs-25.2 where this optional string is
used, lisp/obsolete/ledit.el, an obsolete mode for Franz Lisp:

  https://en.wikipedia.org/wiki/Franz_Lisp

I don't think we care.

> qemu

TIOCSTI from /usr/include doesn't seem to be used.  There are matches
for TARGET_TIOCSTI defines in the linux-user/ directory.

> ngspice
>
> I hope those programs get fixed quickly, because the following diff
> will be commited soon to disable TIOCSTI.  This diff is in snapshots.
>
> The proposal is to return EIO at first, and later on see if we can remove
> the #define.
>
> Index: kern_pledge.c
> ===
> RCS file: /cvs/src/sys/kern/kern_pledge.c,v
> retrieving revision 1.215
> diff -u -p -u -r1.215 kern_pledge.c
> --- kern_pledge.c 21 Jun 2017 17:13:20 -  1.215
> +++ kern_pledge.c 21 Jun 2017 17:16:15 -
> @@ -1273,11 +1273,6 @@ pledge_ioctl(struct proc *p, long com, s
>   break;
>   return (0);
>  #endif /* NPTY > 0 */
> - case TIOCSTI:   /* ksh? csh? */
> - if ((p->p_p->ps_pledge & PLEDGE_PROC) &&
> - fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
> - return (0);
> - break;
>   case TIOCSPGRP:
>   if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0)
>   break;
> Index: tty.c
> ===
> RCS file: /cvs/src/sys/kern/tty.c,v
> retrieving revision 1.133
> diff -u -p -u -r1.133 tty.c
> --- tty.c 21 Jan 2017 05:42:03 -  1.133
> +++ tty.c 19 Jun 2017 21:12:57 -
> @@ -733,7 +733,6 @@ ttioctl(struct tty *tp, u_long cmd, cadd
>   case  TIOCSETAW:
>   case  TIOCSPGRP:
>   case  TIOCSTAT:
> - case  TIOCSTI:
>   case  TIOCSWINSZ:
>   while (isbackground(pr, tp) &&
>   (pr->ps_flags & PS_PPWAIT) == 0 &&
> @@ -962,11 +961,7 @@ ttioctl(struct tty *tp, u_long cmd, cadd
>   splx(s);
>   break;
>   case TIOCSTI:   /* simulate terminal input */
> - if (p->p_ucred->cr_uid && (flag & FREAD) == 0)
> - return (EPERM);
> - if (p->p_ucred->cr_uid && !isctty(pr, tp))
> - return (EACCES);
> - (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp);
> + return (EIO);
>   break;
>   case TIOCSTOP:  /* stop output, like ^S */
>   s = spltty();
>

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

tty(4): mention TIOCSTAT

[Anton Lindqvist]

Hi,
A first stab at documenting the TIOCSTAT ioctl. The paragraph is taken
from termios(4) as is and could might be reworked. The parameter is as
stated unused but consistent with the definition of TIOCSTAT in
sys/sys/ttycom.h.

Comments? OK?

Index: tty.4
===
RCS file: /cvs/src/share/man/man4/tty.4,v
retrieving revision 1.47
diff -u -p -r1.47 tty.4
--- tty.4   26 Nov 2016 11:18:43 -  1.47
+++ tty.4   28 Jun 2017 20:44:39 -
@@ -488,6 +488,15 @@ Not all serial ports may support this.
 Return the current state of the serial port as represented
 above in the integer pointed to by
 .Fa state .
+.It Dv TIOCSTAT Fa int *unused
+Causes the kernel to write a status message to the terminal that displays the
+current load average,
+the name of the command in the foreground,
+its process ID,
+the symbolic wait channel,
+the number of user and system seconds used,
+the percentage of CPU the process is getting,
+and the resident set size of the process.
 .El
 .Sh FILES
 .Bl -tag -width /dev/tty -compact

Fix compilation warning/error when using ACPIVIDEO_DEBUG

[Fasse]

When building OpenBSD with the ACPIVIDEO_DEBUG option set the
compilation fails:

cc1: warnings being treated as errors
/usr/src/sys/dev/acpi/acpivideo.c: In function 'acpivideo_set_policy':
/usr/src/sys/dev/acpi/acpivideo.c:136: warning: format '%X' expects type 
'unsigned int', but argument 3 has type 'int64_t'
/usr/src/sys/dev/acpi/acpivideo.c:136: error: expected expression before '/' 
token
*** Error 1 in /usr/src/sys/arch/amd64/compile/CUSTOM (Makefile:960 
'acpivideo.o')


The return type of aml_val2int (AML_EVALNODE(9)) is int64_t.
The 'patch' below switches to the format specifier %lld. According to
C99 long long must be at least 64 bit wide so it should be fine!?
Otherwise,  and PRId64 might be an option. However, quickly
searching the src-tree reveals PRId64 is seldom used.


Index: src/sys/dev/acpi/acpivideo.c
===
RCS file: /cvs/src/sys/dev/acpi/acpivideo.c,v
retrieving revision 1.10
diff -u -p -u -r1.10 acpivideo.c
--- src/sys/dev/acpi/acpivideo.c14 Mar 2015 03:38:47 -  1.10
+++ src/sys/dev/acpi/acpivideo.c28 Jun 2017 18:39:48 -
@@ -132,7 +132,7 @@ acpivideo_set_policy(struct acpivideo_so
args.type = AML_OBJTYPE_INTEGER;
 
aml_evalname(sc->sc_acpi, sc->sc_devnode, "_DOS", 1, , );
-   DPRINTF(("%s: set policy to %X\n", DEVNAME(sc), aml_val2int()));
+   DPRINTF(("%s: set policy to %lld\n", DEVNAME(sc), aml_val2int()));
 
aml_freevalue();
 }

Re: [patch] increase command buffer ksh

[Anton Lindqvist]

On Wed, Jun 28, 2017 at 07:36:54PM +0200, Martijn van Duren wrote:
> On 06/28/17 19:00, Theo de Raadt wrote:
> > Sounds good.
> > 
> > It might be nice to determine if these two variables should be one,
> > ie. tied together better.
> 
> I was thinking the same thing. Both are used for input line buffering,
> so I reckon that's sane.
> 
> Identical checksum compared to previous diff.

ok anton@

> >> Hello tech@,
> >>
> >> On monday I was playing with the build environment of PHP and all of a 
> >> sudden I couldn't finish the command because the command buffer was
> >> full, so I was forced to use bash to finish what I set out to do. Of
> >> course I'd rather stay on ksh, so here's a patch (guided by anton@)
> >> which increases the buffer sizes of ksh.
> >>
> >> I've been running this full time @$DAYJOB for two days with the S
> >> malloc option enabled and just did a full system reboot with the
> >> whole malloc.conf shebang without any issues.
> >>
> >> OK?
> >>
> >> martijn@
> >>
> 
> Index: sh.h
> ===
> RCS file: /cvs/src/bin/ksh/sh.h,v
> retrieving revision 1.58
> diff -u -p -r1.58 sh.h
> --- sh.h  8 Sep 2016 15:50:50 -   1.58
> +++ sh.h  28 Jun 2017 17:33:58 -
> @@ -32,7 +32,7 @@
>  #define  MAGIC   (7) /* prefix for *?[!{,} during expand */
>  #define ISMAGIC(c)   ((unsigned char)(c) == MAGIC)
>  
> -#define  LINE2048/* input line size */
> +#define  LINE4096/* input line size */
>  #define  PATH1024/* pathname size (todo: 
> PATH_MAX/pathconf()) */
>  
>  extern   const char *kshname;/* $0 */
> Index: vi.c
> ===
> RCS file: /cvs/src/bin/ksh/vi.c,v
> retrieving revision 1.47
> diff -u -p -r1.47 vi.c
> --- vi.c  31 May 2017 20:18:43 -  1.47
> +++ vi.c  28 Jun 2017 17:33:58 -
> @@ -18,7 +18,6 @@
>  #include "sh.h"
>  #include "edit.h"
>  
> -#define CMDLEN   2048
>  #define CTRL(c)  (c & 0x1f)
>  
>  struct edstate {
> @@ -143,24 +142,24 @@ const unsigned char classify[128] = {
>  #define VSEARCH  9   /* /, ? */
>  #define VVERSION 10  /*  ^V */
>  
> -static char  undocbuf[CMDLEN];
> +static char  undocbuf[LINE];
>  
>  static struct edstate*save_edstate(struct edstate *old);
>  static void  restore_edstate(struct edstate *old, struct edstate 
> *new);
>  static void  free_edstate(struct edstate *old);
>  
>  static struct edstateebuf;
> -static struct edstateundobuf = { undocbuf, CMDLEN, 0, 0, 0 };
> +static struct edstateundobuf = { undocbuf, LINE, 0, 0, 0 };
>  
>  static struct edstate*es;/* current editor state 
> */
>  static struct edstate*undo;
>  
> -static char  ibuf[CMDLEN];   /* input buffer */
> +static char  ibuf[LINE]; /* input buffer */
>  static int   first_insert;   /* set when starting in insert mode */
>  static int   saved_inslen;   /* saved inslen for first insert */
>  static int   inslen; /* length of input buffer */
>  static int   srchlen;/* number of bytes in search pattern */
> -static char  ybuf[CMDLEN];   /* yank buffer */
> +static char  ybuf[LINE]; /* yank buffer */
>  static int   yanklen;/* length of yank buffer */
>  static int   fsavecmd = ' '; /* last find command */
>  static int   fsavech;/* character to find */
> @@ -196,7 +195,7 @@ x_vi(char *buf, size_t len)
>  {
>   int c;
>  
> - vi_reset(buf, len > CMDLEN ? CMDLEN : len);
> + vi_reset(buf, len > LINE ? LINE : len);
>   vi_pprompt(1);
>   x_flush();
>   while (1) {
> @@ -1368,7 +1367,7 @@ static char *wbuf[2];   /* current & 
> prev
>  static int   wbuf_len;   /* length of window buffers (x_cols-3)*/
>  static int   win;/* number of window buffer in use */
>  static char  morec;  /* more character at right of window */
> -static char  holdbuf[CMDLEN];/* place to hold last edit buffer */
> +static char  holdbuf[LINE];  /* place to hold last edit buffer */
>  static int   holdlen;/* length of holdbuf */
>  
>  static void
> 

Re: ssl.8 and subject altnames

[Ted Unangst]

Stuart Henderson wrote:
> On 2017/06/27 18:11, Ted Unangst wrote:
> > so chrome at least has gotten pretty uppity about certs that lack subject
> > altnames.
> 
> Oh that's going to be hilarious. There are at least valid reasons for
> doing this (e.g. nameConstraints don't work with CN).

I have elected to remain partially in the dark, but the official normal way of
doing X509 and the browser CAB forum way doing things are diverging. great
thing about standards...

> certifate -> certificate, and it's not really "deprecated" if they
> disabled support.
> 
> But I think it should be reworked a bit more - show SAN as a required
> step rather than a "maybe you need to do this"..

yeah, i wasn't sure how specific it needed to be, but this section does say
"for web servers". i was hoping to limp along until somebody writes a more
useful tool for cert management. :) the wrinkle is this new fun stuff has to
be added to a file, you can't put it on the command line, so the one liner
examples will be less pretty.

Re: tty(4): mention TIOCSTAT

[Todd C. Miller]

On Wed, 28 Jun 2017 15:35:36 -0600, "Theo de Raadt" wrote:

> Nope.  It requires a parameter.  lukem messed this up two decades ago,
> he should have used _IO but used the wrong one.

Ah right, I missed that it is _IOW.  OK millert@ as-is then.

 - todd

Re: tty(4): mention TIOCSTAT

[Theo de Raadt]

>> Nope.  It requires a parameter.  lukem messed this up two decades ago,
>> he should have used _IO but used the wrong one.
>
>Ah right, I missed that it is _IOW.  OK millert@ as-is then.

Two weeks ago, it took 2 hours for me to notice it.  Annoying.

Re: tty(4): mention TIOCSTAT

[Theo de Raadt]

> On Wed, 28 Jun 2017 22:48:47 +0200, Anton Lindqvist wrote:
> 
> > A first stab at documenting the TIOCSTAT ioctl. The paragraph is taken
> > from termios(4) as is and could might be reworked. The parameter is as
> > stated unused but consistent with the definition of TIOCSTAT in
> > sys/sys/ttycom.h.
> 
> I think you want:
> 
> .It Dv TIOCSTAT Fa void
> 
> which is how the other ioctls that do not require a parameter behave.

Nope.  It requires a parameter.  lukem messed this up two decades ago,
he should have used _IO but used the wrong one.

Re: tty(4): mention TIOCSTAT

[Todd C. Miller]

On Wed, 28 Jun 2017 22:48:47 +0200, Anton Lindqvist wrote:

> A first stab at documenting the TIOCSTAT ioctl. The paragraph is taken
> from termios(4) as is and could might be reworked. The parameter is as
> stated unused but consistent with the definition of TIOCSTAT in
> sys/sys/ttycom.h.

I think you want:

.It Dv TIOCSTAT Fa void

which is how the other ioctls that do not require a parameter behave.

 - todd

file: Simplify Makefile

[Klemens Nanni]

No need for multiple echos or xargs (wich runs cat only once anyway)
here. The {post-,}magic files stay unchanged.

In magic target don't specify dependencies twice.

OK?

Index: Makefile
===
RCS file: /cvs/src/usr.bin/file/Makefile,v
retrieving revision 1.17
diff -u -p -r1.17 Makefile
--- Makefile28 Jun 2017 13:37:56 -  1.17
+++ Makefile28 Jun 2017 23:59:33 -
@@ -23,12 +23,10 @@ MAG1=   $(.CURDIR)/magdir/Header \
MAGFILES=   $(.CURDIR)/magdir/[0-9a-z]*

post-magic: $(MAGFILES)
-   for i in ${.ALLSRC:N*.orig}; do \
-   echo $$i; \
-   done|sort|xargs -n 1024 cat >$(.TARGET)
+   cat $$(echo ${.ALLSRC:N*.orig} | tr ' ' '\n' | sort) >$(.TARGET)

magic: $(MAG1) post-magic
-   cat ${MAG1} post-magic >$(.TARGET)
+   cat $(.ALLSRC) >$(.TARGET)

afterinstall:
${INSTALL} ${INSTALL_COPY} -o $(MAGICOWN) -g $(MAGICGRP) \

Re: no-depends for real, the juicy part

[Marc Espie]

Add this for games/hack, found by krw@

Index: Makefile
===
RCS file: /cvs/src/games/hack/Makefile,v
retrieving revision 1.14
diff -u -p -r1.14 Makefile
--- Makefile24 Nov 2015 03:10:10 -  1.14
+++ Makefile29 Jun 2017 00:40:45 -
@@ -19,7 +19,7 @@ DPADD+=   ${LIBCURSES}
 LDADD+=-lcurses
 CLEANFILES+=hack.onames.h makedefs
 
-${PROG}: hack.onames.h
+BUILDFIRST = hack.onames.h
 
 hack.onames.h: makedefs def.objects.h
${.OBJDIR}/makedefs ${.CURDIR}/def.objects.h > hack.onames.h


There might be one or two more lurking...  somewhat random build order
with make -j4 doesn't help.

On Wed, Jun 28, 2017 at 04:59:37PM +0200, Marc Espie wrote:
> This is the actual patch that more or less neuters depends.
> 
> So this gets rid of all internals for depend/beforedepend/afterdepend.
> 
> NOTE that this does not *remove* the 'make depend' stage, just it won't do
> anything except for a few select parts (old gcc3 and mesa in particular
> depend on it).
> 
> (aoyama-san, luna88k should be happy with this, hopefully)
> 
> bsd.prog.mk and bsd.lib.mk both use -MD -MP, they both add to DEPS,
> and bsd.dep.mk   sincludes all the *.d files declared in DEPS.
> 
> The rest is there to cope with some funny aspects of our makefiles and
> compilers.
> 
> - both gcc and clang need some extra-handholding when using -MD -MP for
> asm files.   They do need to be told where to put the result with -MF,
> otherwise, they *will* just do the depends part, and not the actual compile.
> 
> - all "behind  the scene" targets that do some intermediate compiles need
> some adjustment. Specifically, yacc and lex rules use some extra sed to
> get the actual target in the .d file. And lib rules always go thru some
> intermediate stage.
> 
> - like for "old-style" depends, all the .o/.po/.so/.do... targets in lib
> end up generating one single .d, with all the targets jumbled together,
> which is then moved atomically to its resting place using mv.
> 
> - final trick: .S rules in bsd.prog.mk are only defined if bsd.lib.mk
> didn't already define it.
> 
> 
> This code has been run thru build, release, xenocara, and ports for a
> while now...
> 
> It should be at least as accurate at generating depends on-the-fly as
> the old code was generating depend in one-go (and this code DOES generate
> depends in clang without any extra mechanism needed).
> 
> 
> Variable names and details are open to discussion, but this should be
> in good enough shape for okays.
> 
> 
> Once this gets in, the final stages mostly involve cleaning up obsolete
> beforedepend/afterdepend targets,   getting rid of depend for the few
> directories that do something special there (e.g., gcc3 and mesa) and no
> longer running depend at all.
> 
> 
> 
> Index: bsd.dep.mk
> ===
> RCS file: /cvs/src/share/mk/bsd.dep.mk,v
> retrieving revision 1.15
> diff -u -p -r1.15 bsd.dep.mk
> --- bsd.dep.mk16 Jun 2017 10:20:52 -  1.15
> +++ bsd.dep.mk28 Jun 2017 14:50:51 -
> @@ -1,42 +1,22 @@
>  #$OpenBSD: bsd.dep.mk,v 1.15 2017/06/16 10:20:52 espie Exp $
>  #$NetBSD: bsd.dep.mk,v 1.12 1995/09/27 01:15:09 christos Exp $
>  
> -# some of the rules involve .h sources, so remove them from mkdep line
> -.if !target(depend)
> -depend: beforedepend .depend realdepend afterdepend
> -.ORDER: beforedepend .depend realdepend afterdepend
> -realdepend: _SUBDIRUSE
> -
> -.  if defined(SRCS) && !empty(SRCS)
> -.depend: ${SRCS} ${_LEXINTM} ${_YACCINTM}
> - @rm -f .depend
> - @files="${.ALLSRC:M*.s} ${.ALLSRC:M*.S}"; \
> - if [ "$$files" != " " ]; then \
> -   echo mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} 
> ${CPPFLAGS} ${AINC} $$files;\
> -   mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} ${CPPFLAGS} 
> ${AINC} $$files; \
> - fi
> - @files="${.ALLSRC:M*.c}"; \
> - if [ "$$files" != "" ]; then \
> -   echo mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} 
> ${CPPFLAGS} $$files; \
> -   mkdep -a ${MKDEP} ${CFLAGS:M-[ID]*} ${CPPFLAGS} $$files; \
> - fi
> - @files="${.ALLSRC:M*.cc} ${.ALLSRC:M*.C} ${.ALLSRC:M*.cpp}"; \
> - files="$$files ${.ALLSRC:M*.cxx}"; \
> - if [ "$$files" != "   " ]; then \
> -   echo CC=${CXX:Q} mkdep -a ${MKDEP} ${CXXFLAGS:M-std=*} 
> ${CXXFLAGS:M-[ID]*} ${CPPFLAGS} $$files; \
> -   CC=${CXX:Q} mkdep -a ${MKDEP} ${CXXFLAGS:M-std=*} ${CXXFLAGS:M-[ID]*} 
> ${CPPFLAGS} $$files; \
> - fi
> -.  else
> -.depend:
> -.  endif
> -.  if !target(beforedepend)
> -beforedepend:
> -.  endif
> -.  if !target(afterdepend)
> -afterdepend:
> -.  endif
> +depend:
> + @:
> +
> +# relies on DEPS defined by bsd.lib.mk and bsd.prog.mk
> +.if defined(DEPS) && !empty(DEPS)
> +.  for o in ${DEPS}
> + sinclude $o
> +.  endfor
>  .endif
>  
> +CFLAGS += -MD -MP
> +CXXFLAGS += -MD -MP
> +
> +# libraries need some special 

Re: clang integrated asm crash while building mozilla/firefox

[Marc Espie]

On Tue, Jun 27, 2017 at 11:32:44AM +0200, Marc Espie wrote:
> I've attached the files that clang gives to reproduce the crash.
> 
> I also got a similar crash in firefox-esr.
> 
> Funnily enough, it happened after the recent update to both, BUT the crashes
> seem to be unrelated ?
> 
> The sysv crash is consistent, I got it during both builds.

That's been fixed. Turns out -mnoexecstack "always-on" was badly implemented
in tedu's patch. Trying to set the section to nullptr  doesn't work too well.

Re: remove errant ifstated whitespace

[Sebastian Benoit]

commited, thx

Rob Pierce(r...@2keys.ca) on 2017.06.27 21:33:06 -0400:
> 
> Index: ifstated.c
> ===
> RCS file: /cvs/src/usr.sbin/ifstated/ifstated.c,v
> retrieving revision 1.43
> diff -u -p -r1.43 ifstated.c
> --- ifstated.c27 Jun 2017 20:46:34 -  1.43
> +++ ifstated.c28 Jun 2017 01:30:02 -
> @@ -151,12 +151,12 @@ main(int argc, char *argv[])
>  
>   rtfilter = ROUTE_FILTER(RTM_IFINFO);
>   if (setsockopt(rt_fd, PF_ROUTE, ROUTE_MSGFILTER,
> - , sizeof(rtfilter)) == -1) /* not fatal */
> + , sizeof(rtfilter)) == -1) /* not fatal */
>   log_warn("%s: setsockopt msgfilter", __func__);
>  
>   rtfilter = RTABLE_ANY;
>   if (setsockopt(rt_fd, PF_ROUTE, ROUTE_TABLEFILTER,
> - , sizeof(rtfilter)) == -1) /* not fatal */
> + , sizeof(rtfilter)) == -1) /* not fatal */
>   log_warn("%s: setsockopt tablefilter", __func__);
>  
>   signal_set(_ev, SIGCHLD, sigchld_handler, NULL);
> @@ -605,7 +605,7 @@ fetch_state(void)
>  
>   for (ifa = ifap; ifa; ifa = ifa->ifa_next) {
>   struct ifreq ifr;
> - struct if_data  ifrdat;
> + struct if_data ifrdat;
>  
>   if (oname && !strcmp(oname, ifa->ifa_name))
>   continue;
> @@ -623,8 +623,6 @@ fetch_state(void)
>   freeifaddrs(ifap);
>   close(sock);
>  }
> -
> -
>  
>  /*
>   * Clear the config.
> Index: ifstated.h
> ===
> RCS file: /cvs/src/usr.sbin/ifstated/ifstated.h,v
> retrieving revision 1.11
> diff -u -p -r1.11 ifstated.h
> --- ifstated.h18 Jun 2017 12:03:47 -  1.11
> +++ ifstated.h28 Jun 2017 01:30:02 -
> @@ -29,7 +29,6 @@
>  #include 
>  #include 
>  
> -
>  struct ifsd_expression;
>  TAILQ_HEAD(ifsd_expression_list, ifsd_expression);
>  
> @@ -80,7 +79,6 @@ struct ifsd_action {
>  #define IFSD_ACTION_CHANGESTATE  2
>  #define IFSD_ACTION_CONDITION3
>  };
> -
>  
>  struct ifsd_expression {
>   TAILQ_ENTRY(ifsd_expression) entries;
> 

no-depends for real, the juicy part

[Marc Espie]

This is the actual patch that more or less neuters depends.

So this gets rid of all internals for depend/beforedepend/afterdepend.

NOTE that this does not *remove* the 'make depend' stage, just it won't do
anything except for a few select parts (old gcc3 and mesa in particular
depend on it).

(aoyama-san, luna88k should be happy with this, hopefully)

bsd.prog.mk and bsd.lib.mk both use -MD -MP, they both add to DEPS,
and bsd.dep.mk   sincludes all the *.d files declared in DEPS.

The rest is there to cope with some funny aspects of our makefiles and
compilers.

- both gcc and clang need some extra-handholding when using -MD -MP for
asm files.   They do need to be told where to put the result with -MF,
otherwise, they *will* just do the depends part, and not the actual compile.

- all "behind  the scene" targets that do some intermediate compiles need
some adjustment. Specifically, yacc and lex rules use some extra sed to
get the actual target in the .d file. And lib rules always go thru some
intermediate stage.

- like for "old-style" depends, all the .o/.po/.so/.do... targets in lib
end up generating one single .d, with all the targets jumbled together,
which is then moved atomically to its resting place using mv.

- final trick: .S rules in bsd.prog.mk are only defined if bsd.lib.mk
didn't already define it.


This code has been run thru build, release, xenocara, and ports for a
while now...

It should be at least as accurate at generating depends on-the-fly as
the old code was generating depend in one-go (and this code DOES generate
depends in clang without any extra mechanism needed).


Variable names and details are open to discussion, but this should be
in good enough shape for okays.


Once this gets in, the final stages mostly involve cleaning up obsolete
beforedepend/afterdepend targets,   getting rid of depend for the few
directories that do something special there (e.g., gcc3 and mesa) and no
longer running depend at all.



Index: bsd.dep.mk
===
RCS file: /cvs/src/share/mk/bsd.dep.mk,v
retrieving revision 1.15
diff -u -p -r1.15 bsd.dep.mk
--- bsd.dep.mk  16 Jun 2017 10:20:52 -  1.15
+++ bsd.dep.mk  28 Jun 2017 14:50:51 -
@@ -1,42 +1,22 @@
 #  $OpenBSD: bsd.dep.mk,v 1.15 2017/06/16 10:20:52 espie Exp $
 #  $NetBSD: bsd.dep.mk,v 1.12 1995/09/27 01:15:09 christos Exp $
 
-# some of the rules involve .h sources, so remove them from mkdep line
-.if !target(depend)
-depend: beforedepend .depend realdepend afterdepend
-.ORDER: beforedepend .depend realdepend afterdepend
-realdepend: _SUBDIRUSE
-
-.  if defined(SRCS) && !empty(SRCS)
-.depend: ${SRCS} ${_LEXINTM} ${_YACCINTM}
-   @rm -f .depend
-   @files="${.ALLSRC:M*.s} ${.ALLSRC:M*.S}"; \
-   if [ "$$files" != " " ]; then \
- echo mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} 
${CPPFLAGS} ${AINC} $$files;\
- mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} ${CPPFLAGS} 
${AINC} $$files; \
-   fi
-   @files="${.ALLSRC:M*.c}"; \
-   if [ "$$files" != "" ]; then \
- echo mkdep -a ${MKDEP} ${CFLAGS:M-std=*} ${CFLAGS:M-[ID]*} 
${CPPFLAGS} $$files; \
- mkdep -a ${MKDEP} ${CFLAGS:M-[ID]*} ${CPPFLAGS} $$files; \
-   fi
-   @files="${.ALLSRC:M*.cc} ${.ALLSRC:M*.C} ${.ALLSRC:M*.cpp}"; \
-   files="$$files ${.ALLSRC:M*.cxx}"; \
-   if [ "$$files" != "   " ]; then \
- echo CC=${CXX:Q} mkdep -a ${MKDEP} ${CXXFLAGS:M-std=*} 
${CXXFLAGS:M-[ID]*} ${CPPFLAGS} $$files; \
- CC=${CXX:Q} mkdep -a ${MKDEP} ${CXXFLAGS:M-std=*} ${CXXFLAGS:M-[ID]*} 
${CPPFLAGS} $$files; \
-   fi
-.  else
-.depend:
-.  endif
-.  if !target(beforedepend)
-beforedepend:
-.  endif
-.  if !target(afterdepend)
-afterdepend:
-.  endif
+depend:
+   @:
+
+# relies on DEPS defined by bsd.lib.mk and bsd.prog.mk
+.if defined(DEPS) && !empty(DEPS)
+.  for o in ${DEPS}
+ sinclude $o
+.  endfor
 .endif
 
+CFLAGS += -MD -MP
+CXXFLAGS += -MD -MP
+
+# libraries need some special love
+DFLAGS = -MT $*.o -MT $*.po -MT $*.so -MT $*.do
+
 .if !target(tags)
 .  if defined(SRCS)
 tags: ${SRCS} _SUBDIRUSE
@@ -47,16 +27,10 @@ tags:
 .  endif
 .endif
 
-.if defined(SRCS)
-cleandir: cleandepend
-cleandepend:
-   rm -f .depend ${.CURDIR}/tags
-.endif
 
+CLEANFILES += ${DEPS}
 BUILDFIRST ?=
 BUILDAFTER ?=
 .if !empty(BUILDFIRST) && !empty(BUILDAFTER)
 ${BUILDAFTER}: ${BUILDFIRST}
 .endif
-
-.PHONY: beforedepend depend afterdepend cleandepend realdepend
Index: bsd.lib.mk
===
RCS file: /cvs/src/share/mk/bsd.lib.mk,v
retrieving revision 1.84
diff -u -p -r1.84 bsd.lib.mk
--- bsd.lib.mk  16 Jun 2017 10:20:52 -  1.84
+++ bsd.lib.mk  28 Jun 2017 14:50:51 -
@@ -38,92 +38,107 @@ DIST_CFLAGS+=  -Os
 
 .c.o:
@echo "${COMPILE.c} ${.IMPSRC} -o ${.TARGET}"
-   @${COMPILE.c} ${.IMPSRC}  -o ${.TARGET}.o
+   @${COMPILE.c} ${DFLAGS} ${.IMPSRC}  

TIOCSTI

[Theo de Raadt]

Back around 1989, Ken Stauffer and I found a kernel security hole in
SunOS (the "open 3" bug) and used it along with TIOCSTI.

That bug was fixed at least twice: we reported it and it was fixed in
SunOS, then when *BSD code became available I found it was still
unfixed and fixed it myself, and I believe other systems have found it
much later and fixed it themselves.

However even after that bug was fixed, there's always been the risk
that a program manages to retain tty association beyond it's intended
lifetime, and then it can perform injections with TIOCSTI.

So I've always wanted to get rid of TIOCSTI.  I consider it the most
dangerous tty ioctl.

In base, the main consumers are csh file completion, and mail ~h
header editing.  Anton has fixed those, by writing a new tenex-style
parser and causing those programs run in CBREAK mode instead.

There are indications that a few ports use TIOCSTI.  The list is
pretty small, and I have not reviewed whether the use of TIOCSTI
actually occurs during runtime on OpenBSD:

x11vnc tcsh ucblogo brltty epic4 trn libsanitizer
jvim2.0r+onew2.2.10-wnn4 emacs qemu ngspice

I hope those programs get fixed quickly, because the following diff
will be commited soon to disable TIOCSTI.  This diff is in snapshots.

The proposal is to return EIO at first, and later on see if we can remove
the #define.

Index: kern_pledge.c
===
RCS file: /cvs/src/sys/kern/kern_pledge.c,v
retrieving revision 1.215
diff -u -p -u -r1.215 kern_pledge.c
--- kern_pledge.c   21 Jun 2017 17:13:20 -  1.215
+++ kern_pledge.c   21 Jun 2017 17:16:15 -
@@ -1273,11 +1273,6 @@ pledge_ioctl(struct proc *p, long com, s
break;
return (0);
 #endif /* NPTY > 0 */
-   case TIOCSTI:   /* ksh? csh? */
-   if ((p->p_p->ps_pledge & PLEDGE_PROC) &&
-   fp->f_type == DTYPE_VNODE && (vp->v_flag & VISTTY))
-   return (0);
-   break;
case TIOCSPGRP:
if ((p->p_p->ps_pledge & PLEDGE_PROC) == 0)
break;
Index: tty.c
===
RCS file: /cvs/src/sys/kern/tty.c,v
retrieving revision 1.133
diff -u -p -u -r1.133 tty.c
--- tty.c   21 Jan 2017 05:42:03 -  1.133
+++ tty.c   19 Jun 2017 21:12:57 -
@@ -733,7 +733,6 @@ ttioctl(struct tty *tp, u_long cmd, cadd
case  TIOCSETAW:
case  TIOCSPGRP:
case  TIOCSTAT:
-   case  TIOCSTI:
case  TIOCSWINSZ:
while (isbackground(pr, tp) &&
(pr->ps_flags & PS_PPWAIT) == 0 &&
@@ -962,11 +961,7 @@ ttioctl(struct tty *tp, u_long cmd, cadd
splx(s);
break;
case TIOCSTI:   /* simulate terminal input */
-   if (p->p_ucred->cr_uid && (flag & FREAD) == 0)
-   return (EPERM);
-   if (p->p_ucred->cr_uid && !isctty(pr, tp))
-   return (EACCES);
-   (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp);
+   return (EIO);
break;
case TIOCSTOP:  /* stop output, like ^S */
s = spltty();

Re: dhcp-options(5) conflict with dhcpd.conf(5)

[Klemens Nanni]

On Mon, Jun 26, 2017 at 08:26:03PM -0500, Edgar Pettijohn wrote:

I found the following conflict between dhcp-options(5) and dhcpd.conf(5).


From dhcpd.conf:

As you can see in Example 2, it's legal to specify host addresses in
parameters as hostnames rather than as numeric IP addresses. If a 
given
hostname resolves to more than one IP address (for example, if 
that host
has two Ethernet interfaces), both addresses are supplied to the 
client.



From dhcp-options:

The ip-address data type can be entered either as an explicit IP address
(e.g., 239.254.197.10) or as a domain name (e.g., haagen.isc.org).  A
domain name must resolve to a single IP address.


Does anyone know which is correct? Must it resolve to a single IP 
address or not?

I'm not an expert but from what I know:

Almost all parameters taking an ip-address argument allow multiple
arguments, thus making multiple IP addresses per hostname usable.

For those that except a single or strictly pairwise arguments such as
dhcp-requested-address ip-address
and
static-routes ip-address ip-address [, ip-address ip-address ...]
one may always use the first IP address a given hostname resolves to.

Generally speaking there's nothing wrong with hosntames resolving to
multiple IP addresses.

RFC 2131, Section 3.6 (Use of DHCP in clients with multiple interfaces)
for example states that
A client with multiple network interfaces must use DHCP through
each interface independently to obtain configuration information
parameters for those separate interfaces.

Since clients will only accept a single DHCP offer which in turn is
always bound to the client's MAC address, DHCP can work just fine with
multiple interfaces/leases per host.

Thinking of techniques like round-robin DNS, expecting hostnames for
the ip-address type to resolve to a single IP address only could
actually cause problems.

remove noises at reboot in azalia(4)

[Manuel Giraud]

Hi,

This patch removes noises in speaker (or headphone) when rebooting
(tested on only one Conexant CX20724 chip)

Index: azalia.c
===
RCS file: /cvs/src/sys/dev/pci/azalia.c,v
retrieving revision 1.235
diff -u -p -r1.235 azalia.c
--- azalia.c11 Apr 2017 14:43:49 -  1.235
+++ azalia.c28 Jun 2017 13:44:26 -
@@ -697,12 +697,25 @@ azalia_shutdown(void *v)
 {
azalia_t *az = (azalia_t *)v;
uint32_t gctl;
+   codec_t *codec;
+   int i;
 
/* disable unsolicited response */
gctl = AZ_READ_4(az, GCTL);
AZ_WRITE_4(az, GCTL, gctl & ~(HDA_GCTL_UNSOL));
 
timeout_del(>unsol_to);
+
+   /* power off all codecs */
+   for (i = 0; i < az->ncodecs; i++) {
+   codec = >codecs[i];
+   if (codec->audiofunc < 0)
+   continue;
+   azalia_comresp(codec, codec->audiofunc,
+  CORB_SET_POWER_STATE, CORB_PS_D3, NULL);
+   DELAY(100);
+   azalia_codec_delete(codec);
+   }
 
/* halt CORB/RIRB */
azalia_halt_corb(az);

-- 
Manuel Giraud

Re: dhcp-options(5) conflict with dhcpd.conf(5)

[Jason McIntyre]

On Mon, Jun 26, 2017 at 08:26:03PM -0500, Edgar Pettijohn wrote:
> I found the following conflict between dhcp-options(5) and dhcpd.conf(5).
> 
> 
> From dhcpd.conf:
> 
>  As you can see in Example 2, it's legal to specify host addresses in
>  parameters as hostnames rather than as numeric IP addresses. If a given
>  hostname resolves to more than one IP address (for example, if that
> host
>  has two Ethernet interfaces), both addresses are supplied to the
> client.
> 
> 
> From dhcp-options:
> 
> The ip-address data type can be entered either as an explicit IP address
>  (e.g., 239.254.197.10) or as a domain name (e.g., haagen.isc.org).  A
>  domain name must resolve to a single IP address.
> 
> 
> Does anyone know which is correct? Must it resolve to a single IP address or
> not?
> 

we don;t know which one is correct, so we removed the contradictory
sentence from dhcpd.conf.5. if anyone can prove otherwise, feel free to
holler.

jmc

[patch] increase command buffer ksh

[Martijn van Duren]

Hello tech@,

On monday I was playing with the build environment of PHP and all of a 
sudden I couldn't finish the command because the command buffer was
full, so I was forced to use bash to finish what I set out to do. Of
course I'd rather stay on ksh, so here's a patch (guided by anton@)
which increases the buffer sizes of ksh.

I've been running this full time @$DAYJOB for two days with the S
malloc option enabled and just did a full system reboot with the
whole malloc.conf shebang without any issues.

OK?

martijn@

Index: sh.h
===
RCS file: /cvs/src/bin/ksh/sh.h,v
retrieving revision 1.58
diff -u -p -r1.58 sh.h
--- sh.h8 Sep 2016 15:50:50 -   1.58
+++ sh.h28 Jun 2017 16:47:44 -
@@ -32,7 +32,7 @@
 #defineMAGIC   (7) /* prefix for *?[!{,} during expand */
 #define ISMAGIC(c) ((unsigned char)(c) == MAGIC)
 
-#defineLINE2048/* input line size */
+#defineLINE4096/* input line size */
 #definePATH1024/* pathname size (todo: 
PATH_MAX/pathconf()) */
 
 extern const char *kshname;/* $0 */
Index: vi.c
===
RCS file: /cvs/src/bin/ksh/vi.c,v
retrieving revision 1.47
diff -u -p -r1.47 vi.c
--- vi.c31 May 2017 20:18:43 -  1.47
+++ vi.c28 Jun 2017 16:47:44 -
@@ -18,7 +18,7 @@
 #include "sh.h"
 #include "edit.h"
 
-#define CMDLEN 2048
+#define CMDLEN 4096
 #define CTRL(c)(c & 0x1f)
 
 struct edstate {

Re: [patch] increase command buffer ksh

[Theo de Raadt]

Sounds good.

It might be nice to determine if these two variables should be one,
ie. tied together better.

> Hello tech@,
> 
> On monday I was playing with the build environment of PHP and all of a 
> sudden I couldn't finish the command because the command buffer was
> full, so I was forced to use bash to finish what I set out to do. Of
> course I'd rather stay on ksh, so here's a patch (guided by anton@)
> which increases the buffer sizes of ksh.
> 
> I've been running this full time @$DAYJOB for two days with the S
> malloc option enabled and just did a full system reboot with the
> whole malloc.conf shebang without any issues.
> 
> OK?
> 
> martijn@
> 
> Index: sh.h
> ===
> RCS file: /cvs/src/bin/ksh/sh.h,v
> retrieving revision 1.58
> diff -u -p -r1.58 sh.h
> --- sh.h  8 Sep 2016 15:50:50 -   1.58
> +++ sh.h  28 Jun 2017 16:47:44 -
> @@ -32,7 +32,7 @@
>  #define  MAGIC   (7) /* prefix for *?[!{,} during expand */
>  #define ISMAGIC(c)   ((unsigned char)(c) == MAGIC)
>  
> -#define  LINE2048/* input line size */
> +#define  LINE4096/* input line size */
>  #define  PATH1024/* pathname size (todo: 
> PATH_MAX/pathconf()) */
>  
>  extern   const char *kshname;/* $0 */
> Index: vi.c
> ===
> RCS file: /cvs/src/bin/ksh/vi.c,v
> retrieving revision 1.47
> diff -u -p -r1.47 vi.c
> --- vi.c  31 May 2017 20:18:43 -  1.47
> +++ vi.c  28 Jun 2017 16:47:44 -
> @@ -18,7 +18,7 @@
>  #include "sh.h"
>  #include "edit.h"
>  
> -#define CMDLEN   2048
> +#define CMDLEN   4096
>  #define CTRL(c)  (c & 0x1f)
>  
>  struct edstate {
> 

Re: fix stdin input for file(1)

[Nicholas Marriott]

Ouch. ok nicm

You can add this regress test as well:

Index: regress/usr.bin/file//Makefile
===
RCS file: /cvs/src/regress/usr.bin/file/Makefile,v
retrieving revision 1.7
diff -u -p -r1.7 Makefile
--- regress/usr.bin/file//Makefile  1 May 2016 11:28:06 -   1.7
+++ regress/usr.bin/file//Makefile  28 Jun 2017 17:18:35 -
@@ -4,7 +4,7 @@ FILE=file
 
 REGRESS_TARGETS=t0  t1  t2  t3  t4  t5  t6  t7  \
t8  t9  t10 t11 t15 t17 t18 t19 \
-   t20 t21 t22 t30 t31 t32 t33
+   t20 t21 t22 t30 t31 t32 t33 stdin
 
 # .in:  input file
 # .out: desired result
@@ -17,6 +17,12 @@ all: ${REGRESS_TARGET}
@echo ${*}
@${FILE} ${.CURDIR}/${*}.in | \
sed -e "s@${.CURDIR}/@@" | \
+   diff - ${.CURDIR}/${*}.out || \
+   (echo "XXX ${*} failed" && false)
+
+stdin:
+   @echo ${*}
+   @${FILE} -  My latest commit broke support for stdin input, whoops.
> 
> ok?
> 
> Index: file.c
> ===
> RCS file: /cvs/src/usr.bin/file/file.c,v
> retrieving revision 1.62
> diff -u -p -u -r1.62 file.c
> --- file.c28 Jun 2017 15:42:49 -  1.62
> +++ file.c28 Jun 2017 16:42:40 -
> @@ -217,12 +217,16 @@ prepare_input(struct input_file *inf, co
>  {
>   int fd, mode, error;
>  
> + inf->path = path;
> +
>   if (strcmp(path, "-") == 0) {
>   if (fstat(STDIN_FILENO, >sb) == -1) {
>   inf->error = errno;
>   inf->fd = -1;
> + return;
>   }
>   inf->fd = STDIN_FILENO;
> + return;
>   }
>  
>   if (Lflag)
> @@ -232,6 +236,7 @@ prepare_input(struct input_file *inf, co
>   if (error == -1) {
>   inf->error = errno;
>   inf->fd = -1;
> + return;
>   }
>  
>   /* We don't need them, so don't open directories or symlinks. */
> @@ -245,7 +250,6 @@ prepare_input(struct input_file *inf, co
>   if (S_ISLNK(mode))
>   read_link(inf, path);
>   inf->fd = fd;
> - inf->path = path;
>  }
>  
>  static void
> 

fix stdin input for file(1)

[Bryan Steele]

My latest commit broke support for stdin input, whoops.

ok?

Index: file.c
===
RCS file: /cvs/src/usr.bin/file/file.c,v
retrieving revision 1.62
diff -u -p -u -r1.62 file.c
--- file.c  28 Jun 2017 15:42:49 -  1.62
+++ file.c  28 Jun 2017 16:42:40 -
@@ -217,12 +217,16 @@ prepare_input(struct input_file *inf, co
 {
int fd, mode, error;
 
+   inf->path = path;
+
if (strcmp(path, "-") == 0) {
if (fstat(STDIN_FILENO, >sb) == -1) {
inf->error = errno;
inf->fd = -1;
+   return;
}
inf->fd = STDIN_FILENO;
+   return;
}
 
if (Lflag)
@@ -232,6 +236,7 @@ prepare_input(struct input_file *inf, co
if (error == -1) {
inf->error = errno;
inf->fd = -1;
+   return;
}
 
/* We don't need them, so don't open directories or symlinks. */
@@ -245,7 +250,6 @@ prepare_input(struct input_file *inf, co
if (S_ISLNK(mode))
read_link(inf, path);
inf->fd = fd;
-   inf->path = path;
 }
 
 static void

ssl.8 and subject altnames

[Ted Unangst]

so chrome at least has gotten pretty uppity about certs that lack subject
altnames. following the instructions in ssl.8 is no longer sufficient.
here's a short hint about how to fix this.


Index: ssl.8
===
RCS file: /cvs/src/share/man/man8/ssl.8,v
retrieving revision 1.64
diff -u -p -r1.64 ssl.8
--- ssl.8   6 Jun 2016 15:26:04 -   1.64
+++ ssl.8   27 Jun 2017 22:10:10 -
@@ -94,6 +94,16 @@ You can also sign the key yourself, usin
   -out /etc/ssl/server.crt
 .Ed
 .Pp
+Note that some new browsers have deprecated using the common name of a
+certifate and require that subject alt names be provided.
+This may require the use of
+.Ar -extfile Pa server.ext
+when self-signing.
+.Bd -literal -offset indent
+# this is an example server.ext file
+subjectAltName=DNS:example.com,DNS:www.example.com
+.Ed
+.Pp
 With
 .Pa /etc/ssl/server.crt
 and

Re: tweak {event,evtimer,signal}_pending manpage

[Ingo Schwarze]

Hi David,

David Gwynne wrote on Tue, Jun 27, 2017 at 11:55:43AM +1000:

> the timeval argument is not const. esp since thats how the remaining
> time is provided to the caller.

Right, event_pending(..., tv) calls timeradd(..., tv), see timeradd(2),
so OK schwarze@ FWIW.

Yours,
  Ingo


> Index: event.3
> ===
> RCS file: /cvs/src/lib/libevent/event.3,v
> retrieving revision 1.52
> diff -u -p -r1.52 event.3
> --- event.3   17 Jul 2016 11:21:07 -  1.52
> +++ event.3   27 Jun 2017 01:54:42 -
> @@ -83,7 +83,7 @@
>  .Ft int
>  .Fn "event_del" "struct event *ev"
>  .Ft int
> -.Fn "event_pending" "struct event *ev" "short event" "const struct timeval 
> *tv"
> +.Fn "event_pending" "struct event *ev" "short event" "struct timeval *tv"
>  .Ft int
>  .Fn "event_initialized" "struct event *ev"
>  .Ft void
> @@ -93,7 +93,7 @@
>  .Ft void
>  .Fn "evtimer_del" "struct event *ev"
>  .Ft int
> -.Fn "evtimer_pending" "struct event *ev" "const struct timeval *tv"
> +.Fn "evtimer_pending" "struct event *ev" "struct timeval *tv"
>  .Ft int
>  .Fn "evtimer_initialized" "struct event *ev"
>  .Ft void
> @@ -103,7 +103,7 @@
>  .Ft void
>  .Fn "signal_del" "struct event *ev"
>  .Ft int
> -.Fn "signal_pending" "struct event *ev" "const struct timeval *tv"
> +.Fn "signal_pending" "struct event *ev" "struct timeval *tv"
>  .Ft int
>  .Fn "signal_initialized" "struct event *ev"
>  .Ft int
> 

Re: [patch] increase command buffer ksh

[Martijn van Duren]

On 06/28/17 19:00, Theo de Raadt wrote:
> Sounds good.
> 
> It might be nice to determine if these two variables should be one,
> ie. tied together better.

I was thinking the same thing. Both are used for input line buffering,
so I reckon that's sane.

Identical checksum compared to previous diff.

> 
>> Hello tech@,
>>
>> On monday I was playing with the build environment of PHP and all of a 
>> sudden I couldn't finish the command because the command buffer was
>> full, so I was forced to use bash to finish what I set out to do. Of
>> course I'd rather stay on ksh, so here's a patch (guided by anton@)
>> which increases the buffer sizes of ksh.
>>
>> I've been running this full time @$DAYJOB for two days with the S
>> malloc option enabled and just did a full system reboot with the
>> whole malloc.conf shebang without any issues.
>>
>> OK?
>>
>> martijn@
>>

Index: sh.h
===
RCS file: /cvs/src/bin/ksh/sh.h,v
retrieving revision 1.58
diff -u -p -r1.58 sh.h
--- sh.h8 Sep 2016 15:50:50 -   1.58
+++ sh.h28 Jun 2017 17:33:58 -
@@ -32,7 +32,7 @@
 #defineMAGIC   (7) /* prefix for *?[!{,} during expand */
 #define ISMAGIC(c) ((unsigned char)(c) == MAGIC)
 
-#defineLINE2048/* input line size */
+#defineLINE4096/* input line size */
 #definePATH1024/* pathname size (todo: 
PATH_MAX/pathconf()) */
 
 extern const char *kshname;/* $0 */
Index: vi.c
===
RCS file: /cvs/src/bin/ksh/vi.c,v
retrieving revision 1.47
diff -u -p -r1.47 vi.c
--- vi.c31 May 2017 20:18:43 -  1.47
+++ vi.c28 Jun 2017 17:33:58 -
@@ -18,7 +18,6 @@
 #include "sh.h"
 #include "edit.h"
 
-#define CMDLEN 2048
 #define CTRL(c)(c & 0x1f)
 
 struct edstate {
@@ -143,24 +142,24 @@ const unsigned char   classify[128] = {
 #define VSEARCH9   /* /, ? */
 #define VVERSION   10  /*  ^V */
 
-static charundocbuf[CMDLEN];
+static charundocbuf[LINE];
 
 static struct edstate  *save_edstate(struct edstate *old);
 static voidrestore_edstate(struct edstate *old, struct edstate 
*new);
 static voidfree_edstate(struct edstate *old);
 
 static struct edstate  ebuf;
-static struct edstate  undobuf = { undocbuf, CMDLEN, 0, 0, 0 };
+static struct edstate  undobuf = { undocbuf, LINE, 0, 0, 0 };
 
 static struct edstate  *es;/* current editor state */
 static struct edstate  *undo;
 
-static charibuf[CMDLEN];   /* input buffer */
+static charibuf[LINE]; /* input buffer */
 static int first_insert;   /* set when starting in insert mode */
 static int saved_inslen;   /* saved inslen for first insert */
 static int inslen; /* length of input buffer */
 static int srchlen;/* number of bytes in search pattern */
-static charybuf[CMDLEN];   /* yank buffer */
+static charybuf[LINE]; /* yank buffer */
 static int yanklen;/* length of yank buffer */
 static int fsavecmd = ' '; /* last find command */
 static int fsavech;/* character to find */
@@ -196,7 +195,7 @@ x_vi(char *buf, size_t len)
 {
int c;
 
-   vi_reset(buf, len > CMDLEN ? CMDLEN : len);
+   vi_reset(buf, len > LINE ? LINE : len);
vi_pprompt(1);
x_flush();
while (1) {
@@ -1368,7 +1367,7 @@ static char   *wbuf[2];   /* current & 
prev
 static int wbuf_len;   /* length of window buffers (x_cols-3)*/
 static int win;/* number of window buffer in use */
 static charmorec;  /* more character at right of window */
-static charholdbuf[CMDLEN];/* place to hold last edit buffer */
+static charholdbuf[LINE];  /* place to hold last edit buffer */
 static int holdlen;/* length of holdbuf */
 
 static void

Re: ssl.8 and subject altnames

[Stuart Henderson]

On 2017/06/27 18:11, Ted Unangst wrote:
> so chrome at least has gotten pretty uppity about certs that lack subject
> altnames.

Oh that's going to be hilarious. There are at least valid reasons for
doing this (e.g. nameConstraints don't work with CN).

> 
> Index: ssl.8
> ===
> RCS file: /cvs/src/share/man/man8/ssl.8,v
> retrieving revision 1.64
> diff -u -p -r1.64 ssl.8
> --- ssl.8 6 Jun 2016 15:26:04 -   1.64
> +++ ssl.8 27 Jun 2017 22:10:10 -
> @@ -94,6 +94,16 @@ You can also sign the key yourself, usin
>-out /etc/ssl/server.crt
>  .Ed
>  .Pp
> +Note that some new browsers have deprecated using the common name of a
> +certifate and require that subject alt names be provided.

certifate -> certificate, and it's not really "deprecated" if they
disabled support.

But I think it should be reworked a bit more - show SAN as a required
step rather than a "maybe you need to do this"..

> +This may require the use of
> +.Ar -extfile Pa server.ext
> +when self-signing.
> +.Bd -literal -offset indent
> +# this is an example server.ext file
> +subjectAltName=DNS:example.com,DNS:www.example.com
> +.Ed
> +.Pp
>  With
>  .Pa /etc/ssl/server.crt
>  and
> 

Re: kernel relinking at install/upgrade time

[Sebastien Marie]

On Wed, Jun 28, 2017 at 08:58:13AM +0200, Sebastien Marie wrote:
> 
>   - should /$MODE.site to ran after "generating sha256 from /bsd" and
> before "relinking to create an unique kernel" ? it should let "make
> newbsd" detect /bsd modification, and not relinking the kernel.

small correction for this option: the installer doesn't have
"sha256 -q -C $_sha256 /bsd" to check for modifications before trying to
replace the current kernel with a new one relinked.

-- 
Sebastien Marie

Re: kernel relinking at install/upgrade time

[Sebastien Marie]

On Mon, Jun 26, 2017 at 02:35:55PM -0600, Theo de Raadt wrote:
> There is a diff in snapshots which does kernel relinking during
> install or upgrade.
> 
> Really amazing...
> 

I have an issue regarding kernel relinking during upgrade.

Not a big chunk, but I prefer to report it to see the better way to
change my workflow or to change operations order in installer.

I use /upgrade.site file in order to patch in advance (from the
installer, and before rebooting) the kernel in order to disable ulpt to
let cups using my usb printer using libusb.

# cat /upgrade.site
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin

# disable ulpt if cupsd installed
[[ -x /etc/rc.d/cupsd ]] && echo 'disable ulpt*\nquit' | config -f -e /bsd.mp

exit 0


The current order of operation in the installer is (after manual
inspection):
  - do install/upgrade stuff
  - run /$MODE.site in chroot (here upgrade.site)
  - MAKEDEV and installboot
  - bsd.mp renaming to bsd if MULTIPROCESS
  - KARL stuff
- generating sha256 from /bsd
- relinking to create an unique kernel
  - adding sysmerge and fw_update in rc.* files
  - few other stuff and rebooting


The interaction between /upgrade.site (patching /bsd) and KARL makes the
reconfiguration stuff to be discarded... and my printers to not be
functional using libusb at reboot (due to ulpt).

Some questions/options:
  - should /$MODE.site to ran a bit later ? (after KARL)

  - should /$MODE.site to ran after "generating sha256 from /bsd" and
before "relinking to create an unique kernel" ? it should let "make
newbsd" detect /bsd modification, and not relinking the kernel.

  - what is the expected way to disable KARL in the installer ?
(I assume removing /usr/share/compile.tgz and /usr/share/compile
should be enough)

  - does patch for something like config(8) script would be acceptable, in
order to have an official way to apply config(8) modification *and*
to have KARL at same time ?

For me, patching the kernel in rc.firsttime wouldn't be a great option: it will
require a reboot to apply settings.

Thanks.
-- 
Sebastien Marie