| Age | Commit message (Collapse) | Author |
|---|
|
gmid 1.8.2 "Lightbulb Sun" bugfix release
=========================================
Released March 26, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a CGI timing issue: if a connection handled by a CGI scripts
is interrupted with the right timing it causes the server
process to exit with "fatal in client_by_id: invalid id X".
New Features
~~~~~~~~~~~~
* add a new block `type { ... }' to define mime types mapping.
Improvements
~~~~~~~~~~~~
* use shell built-in `command' instead of which(1), prodded by
cage and Allen Sobot.
* configure script: allow to set MANDIR from cmdline (Allen Sobot)
* add systemd-sysusers sample file in contrib/ (Nakaya)
* [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2),
needed by glibc on armv7. (Tobias Berger)
* [linux/seccomp] tightens rules by allowing openat(2) only with
the O_RDONLY flag.
|
|
|
|
|
|
i.e. allow client_by_id to fail and return NULL.
Initially I thought it was a good idea to shut down a server process
if we receive an invalid client id as reply from one of our requests
to the executor process. This turned out not to be correct since a
client can (read: will) disconnect in the delay beteewn we acknowledge
their request and the cgi script execution.
The fastcgi and proxy handler already handled this situation, so
they're unaffected.
This allows an attacker to make gmid unresponsible by just making
enough requests until they hit the right timing.
|
|
|
|
it's not a problem when we have only one check_reply at then end,
since $? is kept across function boundaries, but when we have multiple
checks we need to quit on the first error.
|
|
original commit from eric@:
change the barrier so that fd's are always passed and received with
the first byte of the imsg they belong to.
idea, tweaks and ok claudio@
|
|
original commit from claudio@:
Type-cast getpagesize() from int to size_t for the comparison with d.
getpagesize() will only return positive numbers (there is no negative
page size system) and it can not fail.
Should fix some compiler warnings seen in -portable projects.
OK otto@
|
|
matches found with
% grep -R '=[ ]*{' . | fgrep -v const
|
|
should have been done already in 12fcba2; reminded by Allen Sobot,
thanks!
|
|
diff by Allen Sobot (chilledfrogs at disroot dot org), thanks!
|
|
related to github issue #14
|
|
|
|
|
|
|
|
it's specified by POSIX AFAIK and requires less redirections.
|
|
|
|
|
|
|
|
|
|
The `map' rule is powerful but quite annoying to use if you have/need
lots of entries (and clutters the configuration file too.)
The `type' block is blatantly stolen from httpd(8) and allows for a way
more nice usage:
type {
include "/usr/share/misc/mime.types"
}
or even
type {
text/markdown md markdown
text/x-perl pl pm
# ...
}
|
|
|
|
The libevent error value is much more interesting!
see github issue #13
|
|
libtls is now widely available, it's at least on gentoo, arch, void,
alpine, fedora and debian sid; there's no need to show how to compile to
a locally installed one.
|
|
|
|
be more strict and allow an openat only with the O_RDONLY flag. This
is kind of redundant with landlock, but still good to have. Landlock
is not yet widely available and won't kill the process upon policy
violation; furthermore, landlock can be disabled at boot time.
tested on GNU and musl libc on arch and alpine amd64.
|
|
|
|
|
|
|
|
|
|
|
|
gmid 1.8.1 "Lightbulb Sun" bugfix release
=========================================
Released Feb 10, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug fixes
---------
* fix landlock usage on linux: don't assume that access
capabilities not listed are implicitly denied, because they are
not. Mickaël Salaün, the landlock author, found the same error
on game of trees:
> In a nutshell, the ruleset's handled_access_fs is required for
> backward and forward compatibility (i.e. the kernel and user space may
> not know each other's supported restrictions), hence the need to be
> explicit about the denied-by-default access rights.
In practice this affects only linux and only partially: thanks
to the design of the daemon and the seccomp filter the effects
of this mistake in handling landlock are fortunately limited.
However, in theory at least, gmid could be for e.g. tricked into
truncating existing files, so it's highly suggested to update.
Improvements
------------
All by Anna “CyberTailor”, thanks!
* don't skip unit tests when SKIP_RUNTIME_TEST is set
* add `gg' to the regress target dependencies
* fix the "implicit declaration of asprintf" warning
* sync vim syntax
|
|
Mickaël Salaün, the landlock author, pointed out the same error on the
got implementation. The assumption that not listed access
capabilities are implicitly denied is completely wrong:
> In a nutshell, the ruleset's handled_access_fs is required for
> backward and forward compatibility (i.e. the kernel and user space may
> not know each other's supported restrictions), hence the need to be
> explicit about the denied-by-default access rights.
|
|
|
|
> implicit declaration of function 'asprintf'; did you mean 'vsprintf'?
|
|
|
|
|
|
IRI and Punycode tests don't run gmid binary and can be safely executed.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
add a `sni' option for the `proxy' block: the given name is used instead
of the one extracted by the `relay-to' rule.
|
|
for the time being keep the https:// url, gmnigit renames file without
extension to .txt (i.e. Dockerfile -> Dockerfile.txt) so linking via
gemini is broken :/
|
|
Passing a NULL pointer to memcpy is UB no matter if len is 0 (commit by
claudio@, backporting for gmid.)
|
