Shawn Webb shawn.webb
Loading Heatmap…

shawn.webb pushed to master at HardenedBSD/hardenedbsd-ports

  • 50aadff488 HBSD: Resolve merge conflict Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • 247aff8cd3 Merge remote-tracking branch 'upstream/master' Conflicts: lang/swi-pl/Makefile (unresolved)
  • 28ce8c0fec HBSD: For now, silence hbsdcontrol errors Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • 81dd05cd00 Merge remote-tracking branch 'internal/master'
  • 95082ab9cb deskutils/just: Update 0.5.11 -> 0.6.1 Reported by: portscout
  • Compare 69 commits »

1 day ago

shawn.webb pushed to hardened/current/master at HardenedBSD/HardenedBSD

  • 2f9ac2717a HBSD: Teach libarchive about the system extended attribute namespace In order to teach the packaging infrastructure how to support HardenedBSD's method of exploit mitigation toggling, teach libarchive how to handle the system filesystem extended attribute namespace. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

4 days ago

shawn.webb commented on issue HardenedBSD/pkg#1

Integrate filesystem extended attribute support

libarchive only supports the user namespace, not system. Our current implementation in HardenedBSD base uses the system namespace. The second method (integrating with the `+MANIFEST` file) might be a more practical approach, at least for a PoC implementation.

5 days ago

shawn.webb pushed to hardened/current/master at HardenedBSD/HardenedBSD

  • d453d5fcac HBSD: Revert "Flip kern.tty_info_kstacks on by default" This reverts commit 4040c34651c453ea02f5bf95c63389371088d124. Kernel infoleaks as features are antitetical to security, especially leaking to unprivileged users. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> Discussed-with: brynet on irc freenode

5 days ago

shawn.webb opened issue HardenedBSD/pkg#1

Integrate filesystem extended attribute support

5 days ago

shawn.webb pushed to master at HardenedBSD/pkg

  • c41f3f2de3 Prevent potential hang with scripts Note commit a4c28a6 and 0395446 tried to fix the potential hang. However, it did not help because poll() does not time out. See the original patch set the timeout to 1 second. https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=245462 https://bz-attachments.freebsd.org/attachment.cgi?id=213235
  • 393d117d72 Add NEWS for 1.14.99.2 and bump version
  • bc93443765 Merge pull request #1848 from freqlabs/pkgdb_obtain_lock-debug Add a debug message for when obtaining a lock fails
  • 453cf3021f Remove some debug printfs Signed-off-by: Emmanuel Vadot <manu@FreeBSD.org>
  • 27325c87d8 Add a debug message for when obtaining a lock fails Sponsored by: iXsystems, Inc.
  • Compare 164 commits »

5 days ago

shawn.webb pushed to master at HardenedBSD/hardenedbsd-ports

  • a29081a054 HBSD: Resolve merge conflicts Old LibreSSL cruft. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • ae05555f00 Merge remote-tracking branch 'upstream/master' Conflicts: net/haproxy-devel/files/patch-include-haproxy-atomic.h (unresolved) sysutils/u-boot-tools/files/patch-lib_rsa_rsa-sign.c (unresolved)
  • 8ccc633779 Switch the default bugzilla search instance to FreeBSD.
  • 8ad12f50d0 Update to 0.27.0 Release notes: https://github.com/ihabunek/toot/releases/tag/0.27.0
  • 5082188f00 Stage a friendly takeover of this port, with current maintainer's ok. More changes to follow.
  • Compare 50 commits »

5 days ago

shawn.webb pushed to hardened/12-stable/master at HardenedBSD/HardenedBSD

  • 1d4264d9d7 HBSD: Resolve one more merge conflict Somehow this merge conflict resolution wasn't included before. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

5 days ago

shawn.webb pushed to hardened/current/master at HardenedBSD/HardenedBSD

  • b3b464e4e2 HBSD: Resolve merge conflicts Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • 1b564a7a99 Merge remote-tracking branch 'internal/freebsd/current/master' into hardened/current/master Conflicts: Makefile.inc1 (unresolved) share/man/man5/src.conf.5 (unresolved) share/mk/src.opts.mk (unresolved) targets/pseudo/bootstrap-tools/Makefile (unresolved)
  • 8ae3dd51b8 ifconfig(8): remove duplicate line from man page Reported by: Weitian LI <liweitianux@live.com> Sponsored by: Klara Inc.
  • 6e60b612e7 Add MATCH option for CONFIG_MATCH_IFACE. If the interfaces on which wpa_supplicant is to run are not known or do not exist, wpa_supplicant can match an interface when it arrives. Each matched interface is separated with -M argument and the -i argument now allows for pattern matching. As an example, the following command would start wpa_supplicant for a specific wired interface called lan0, any interface starting with wlan and lastly any other interface. Each match has its own configuration file, and for the wired interface a specific driver has also been given. wpa_supplicant \ -M -c wpa_wired.conf -ilan0 -D wired \ -M -c wpa1.conf -iwlan* \ -M -c wpa2.conf PR: 247177 Reported by: greg@unrelenting.technology MFC after: 1 month Related to: ports r540412
  • 7753d3ab55 sound/hda: fix interrupt handler endless loop after r362294 Not all interrupt sources that affect CIS bit were acknowledged. Specifically, bits in STATESTS (aka WAKESTS) were left set. The fix is to disable WAKEEN and clear STATESTS bits before the HDA interrupt is enabled. This way we should never get any STATESTS bits. I also added placeholders for all event bits that we currently do not enable, do not handle and do not clear. This might get useful when / if we enable any of them. Reported by: kib (Apollo Lake hardware) Tested by: kib (earlier, different change) MFC after: 2 weeks X-MFC with: r362294
  • Compare 54 commits »

5 days ago

shawn.webb pushed to hardened/12-stable/master at HardenedBSD/HardenedBSD

  • 253b686933 HBSD: Don't allow the RTLD to create an executable stack Exploit authors love executable stacks. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org> (cherry picked from commit eadfc6c84f0e157135081c364616873409d8cf03) Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

1 week ago

shawn.webb pushed to hardened/12-stable/master at HardenedBSD/HardenedBSD

  • bbf54312a5 Merge remote-tracking branch 'internal/freebsd/12-stable/master' into hardened/12-stable/master
  • 3870b9a8f5 MFC r362031, r362065, r362075: amd64 pmap: reorder IPI send and local TLB flush in TLB invalidations.
  • 7d38032fff MFC r362271: Allow multicast packets to be received in promiscious mode, in mlx4en(4). Make sure we disable the multicast filter in promiscious mode aswell as when the all multicast flag is set. Found by: Tycho Nightingale <tychon@freebsd.org> Sponsored by: Mellanox Technologies
  • 07b3370f35 MFC r361982 iflib: netmap: honor netmap_irx_irq return values In the receive interrupt routine, always call netmap_rx_irq(). The latter function will return != NM_IRQ_PASS if netmap is not active on that specific receive queue, so that the driver can go on with iflib_rxeof(). Note that netmap supports partial opening, where only a subset of the RX or TX rings can be open in netmap mode. Checking the IFCAP_NETMAP flag is not enough to make sure that the queue is indeed in netmap mode. Moreover, in case netmap_rx_irq() returns NM_IRQ_RESCHED, it means that netmap expects the driver to call netmap_rx_irq() again as soon as possible. Currently, this may happen when the device is attached to a VALE switch. Reviewed by: gallatin Differential Revision: https://reviews.freebsd.org/D25167
  • 168d276cdc MFC r362185 iflib: netmap: enter/exit netmap mode after device stops Avoid possible race conditions by calling nm_set_native_flags() and nm_clear_native_flags() only after the device has been stopped.
  • Compare 44 commits »

1 week ago

shawn.webb pushed to master at HardenedBSD/hardenedbsd-ports

  • 14afba5ae7 HBSD: Build graphics/qr-code-generator with elftc-ar As reported by a user on irc, the qr-code-generator port does not work with llvm's ar. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

1 week ago

shawn.webb pushed to hardened/current/master at HardenedBSD/HardenedBSD

  • fe220f3218 HBSD: Security checks and tmpfs extattr insertion lock We need to ensure that only those who can perform the extended attribute routines have proper permission to do so. Additionally, lock the node on extended attribute insertion. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

1 week ago

shawn.webb commented on issue HardenedBSD/HardenedBSD#9

Support filesystem extended attributes in tmpfs

This is now finished in `hardened/current/master` and pending MFC after some smoke tests with Poudriere.

1 week ago

shawn.webb pushed to hardened/current/master at HardenedBSD/HardenedBSD

  • e080c97f85 Merge remote-tracking branch 'origin/hardened/current/tmpfs_extattr' into hardened/current/master
  • c6a487ce82 HBSD: Fix calculated length Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • Compare 2 commits »

1 week ago

shawn.webb pushed to hardened/current/tmpfs_extattr at HardenedBSD/HardenedBSD

  • c6a487ce82 HBSD: Fix calculated length Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

1 week ago

shawn.webb pushed to hardened/current/master at HardenedBSD/HardenedBSD

  • 114c00dbd0 Merge remote-tracking branch 'origin/hardened/current/tmpfs_extattr' into hardened/current/master
  • 10886b1672 HBSD: Support listing extended attributes The length of the name as a uint8_t comes before the name itself. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • d20f951e66 HBSD: Remove redundant memset Call to memset isn't needed when using M_ZERO. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • 65e86961fd HBSD: First stab at listing extended attributes Some magic is going on behind-the-scenes and I'm unsure why. More research is needed. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • a76ff6e00c HBSD: Free any created extended attributes Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>
  • Compare 12 commits »

1 week ago

shawn.webb pushed to hardened/current/tmpfs_extattr at HardenedBSD/HardenedBSD

  • 10886b1672 HBSD: Support listing extended attributes The length of the name as a uint8_t comes before the name itself. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

1 week ago

shawn.webb pushed to hardened/current/tmpfs_extattr at HardenedBSD/HardenedBSD

  • d20f951e66 HBSD: Remove redundant memset Call to memset isn't needed when using M_ZERO. Signed-off-by: Shawn Webb <shawn.webb@hardenedbsd.org>

1 week ago