normally create a guard area as well, this provides a deterministic area
for all binaries.
Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from
Qualys.
do it. Note that the manual page already documents this behavior and does
not need to change:
-dV -V VAR: prints the raw variable
-V VAR: prints the expanded variable
The COMBREL logic predates thread-safety of the dynamic linker and
breaks the use of shared locks for the common symbol lookup case. It is
unlikely to provide any benefit for lazy binding or PLT lookups, so
provide equivalent functionality in the non-PLT relocation handling loop
by checking if the symbol used by the current relocation is the same as
the one used during the last lookup. No inter-object cachine is done as
it is also unlikely to be benefical.
Testing with Firefox startup on AMD64 shows a small performance gain by
the new method.
Two bugs here, one benign because of the way the script is used.
The other hidden by NetBSD's sort being stable, and the data not really
requiring sorting at all...
So as it happens these fixes change nothing, but they are needed anyway.
(The contents of the generated file are only used in DEBUG shells, so
this is really even less important than it seems.)
inp can be NULL when receiving an IPv4 packet on an IPv4-mapped IPv6
address. In that case KASSERT(sotoinpcb(so) == inp) always fails.
Should fix PR kern/52304 (at least it fixes the same panic as the
report)
When processing a string (as in eval, trap, or sh -c) don't allow
trailing \n's to destroy the exit status of the last command executed.
That is:
sh -c 'false
'
echo $?
should produce 1, not 0.
(It was inheriting the value from end of profile file processing) - I didn't
notice before as I usually test with empty or no profile files to avoid
complications. Trivial change which should have very limited impact.
purpose) in exposing the bug in its implementation, go back to not using
it when not needed for DEBUG TRACE purposes. This change should have no
practical effect on either a DEBUG shell (where the STACKSTRNUL() calls
remain) or a non DEBUG shell where they are not needed.
the current CPU interface number by reading from the read-only
GICD_ITARGETSR0 through GICD_ITARGETSR7 registers.
This gets interrupts working on Exynos 5422, where the boot processor has
GIC CPU interface #4.
Which keywords should not be stemmed is specified in the nostem.txt file.
(Right now I have taken all the man page names, split them if they had
underscores, removed common English words and converted everything to
lowercase.)
The tokenizer itself is based on the Porter stemming tokenizer shipped with
Sqlite. The code in custom_apropos_tokenizer.c is copy of that code with
some modifications to prevent stemming keywords specified in nostem.txt.
Additionally, it now uses underscore `_' also as a token delimiter. Therefore,
now it's possible to do query for `lwp' and all `_lwp_*' man page names
will be matched. Or the query can be `unconst' and `__UNCONST' will be matched.
This was not possible earlier, because underscore was not a delimiter and therefore
the index would have __UNCONST as a key rather than UNCONST.
The tokenizer needs fts3_tokenizer.h file, which is not shipped with the
amalgamation build of Sqlite, therefore it needs to be added here (unless
we decide there is a better place for it).
To enforce using the new tokenizer, a schema version bump is needed
Since the tokenization is done both at the indexing time (via makemandb) and
also while query time (via apropos or whatis), it will be needed to bump
the schema version everytime nostem.txt is modified. Otherwise the
index will consist of old tokens and desired changes will not be seen with
apropos.
This should also fix the issue reported in PR bin/46255. Similar suggestion was
also made on tech-userlevel@ recently:
<http://mail-index.netbsd.org/tech-userlevel/2017/06/08/msg010620.html>
Thanks to christos@ for multiple rounds of reviews of the tokenizer code.
This ensures a binary built with USE_INET6=yes libc can still link at
runtime with a USE_INET6=no libc. Of course IPv6 functionnality is not
available, but dynamic linking is not killed by missing symbols such
as in6addr_any.
We used -DSMALL to exclude code from libc in order to build
libhack. Introduce -DLIBHACK to do this without so that
-DSMALL does not remove code necessary for building a shared libc
timer is disabled when attaching so it doesn't go crazy between the time
interrupts are enabled and clocks are initialized. My RPI3 makes it
multi-user now.
which would trigger a panic when unplugging a USB ATAPI CDROM.
Align detach code for scsibus and atapibus to fix this.
Also avoid races when detaching devices by replacing callout_stop with
callout_halt.
Security fixes:
CVE-2017-9233 -- External entity infinite loop DoS
Details: https://libexpat.github.io/doc/cve-2017-9233/
Commit c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
[MOX-002] CVE-2016-9063 -- Detect integer overflow; commit
d4f735b88d9932bd5039df2335eefdd0723dbe20
(Fixed version of existing downstream patches!)
(SF.net) #539 Fix regression from fix to CVE-2016-0718 cutting off
longer tag names; commits
* 896b6c1fd3b842f377d1b62135dccf0a579cf65d
* af507cef2c93cb8d40062a0abe43a4f4e9158fb2
#16 * 0dbbf43fdb20f593ddf4fa1ff67288000dd4a7fd
#25 More integer overflow detection (function poolGrow); commits
* 810b74e4703dcfdd8f404e3cb177d44684775143
* 44178553f3539ce69d34abee77a05e879a7982ac
[MOX-002] Detect overflow from len=INT_MAX call to XML_Parse; commits
* 4be2cb5afcc018d996f34bbbce6374b7befad47f
* 7e5b71b748491b6e459e5c9a1d090820f94544d8
[MOX-005] #30 Use high quality entropy for hash initialization:
* arc4random_buf on BSD, systems with libbsd
(when configured with --with-libbsd), CloudABI
* RtlGenRandom on Windows XP / Server 2003 and later
* getrandom on Linux 3.17+
In a way, that's still part of CVE-2016-5300.
https://github.com/libexpat/libexpat/pull/30/commits
[MOX-005] For the low quality entropy extraction fallback code,
the parser instance address can no longer leak, commit
04ad658bd3079dd15cb60fc67087900f0ff4b083
[MOX-003] Prevent use of uninitialised variable; commit
[MOX-004] a4dc944f37b664a3ca7199c624a98ee37babdb4b
Add missing parameter validation to public API functions
and dedicated error code XML_ERROR_INVALID_ARGUMENT:
[MOX-006] * NULL checks; commits
* d37f74b2b7149a3a95a680c4c4cd2a451a51d60a (merge/many)
* 9ed727064b675b7180c98cb3d4f75efba6966681
* 6a747c837c50114dfa413994e07c0ba477be4534
* Negative length (XML_Parse); commit
[MOX-002] 70db8d2538a10f4c022655d6895e4c3e78692e7f
[MOX-001] #35 Change hash algorithm to William Ahern's version of SipHash
to go further with fixing CVE-2012-0876.
https://github.com/libexpat/libexpat/pull/39/commits
Bug fixes:
#32 Fix sharing of hash salt across parsers;
relevant where XML_ExternalEntityParserCreate is called
prior to XML_Parse, in particular (e.g. FBReader)
#28 xmlwf: Auto-disable use of memory-mapping (and parsing
as a single chunk) for files larger than ~1 GB (2^30 bytes)
rather than failing with error "out of memory"
#3 Fix double free after malloc failure in DTD code; commit
7ae9c3d3af433cd4defe95234eae7dc8ed15637f
#17 Fix memory leak on parser error for unbound XML attribute
prefix with new namespaces defined in the same tag;
found by Google's OSS-Fuzz; commits
* 16f87daae5a16132e479e4f71862128c7a915c73
* b47dbc9745932c160893d433220e462bd605f8cd
xmlwf on Windows: Add missing calls to CloseHandle
New features:
#30 Introduced environment switch EXPAT_ENTROPY_DEBUG=1
for runtime debugging of entropy extraction
Other changes:
Increase code coverage
#33 Reject use of XML_UNICODE_WCHAR_T with sizeof(wchar_t) != 2;
XML_UNICODE_WCHAR_T was never meant to be used outside
of Windows; 4-byte wchar_t is common on Linux
(SF.net) #538 Start using -fno-strict-aliasing
(SF.net) #540 Support compilation against cloudlibc of CloudABI
Allow MinGW cross-compilation
(SF.net) #534 CMake: Introduce option "BUILD_doc" (enabled by default)
to bypass compilation of the xmlwf.1 man page
(SF.net) pr2 CMake: Introduce option "INSTALL" (enabled by default)
to bypass installation of expat files
CMake: Fix ninja support
Autotools: Add parameters --enable-xml-context [COUNT]
and --disable-xml-context; default of context of 1024
bytes enabled unchanged
#14 Drop AmigaOS 4.x code and includes
#14 Drop ancient build systems:
* Borland C++ Builder
* OpenVMS
* Open Watcom
* Visual Studio 6.0
* Pre-X Mac OS (MPW Makefile)
If you happen to rely on some of these, please get in
touch for joining with maintenance.
#10 Move from WIN32 to _WIN32
#13 Fix "make run-xmltest" order instability
Address compile warnings
Bump version info from 7:2:6 to 7:3:6
Add AUTHORS file
Infrastructure:
#1 Migrate from SourceForge to GitHub (except downloads):
https://github.com/libexpat/#1 Re-create http://libexpat.org/ project website
Start utilizing Travis CI
Special thanks to:
Andy Wang
Don Lewis
Ed Schouten
Karl Waclawek
Pascal Cuoq
Rhodri James
Sergei Nikulov
Tobias Taschner
Viktor Szakats
and
Core Infrastructure Initiative
Mozilla Foundation (MOSS Track 3: Secure Open Source)
Radically Open Security
