| Age | Commit message (Collapse) | Author |
|---|
|
gmid 1.8.3 "Lightbulb Sun" bugfix release
=========================================
Released March 27, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a possible out-of-bound access in the CGI handling. It was
introduced last October during a refactoring, but due to how
many malloc(3) implementations works this hasn't been found
until now. Otto' malloc is more strict fortunately.
|
|
gmid 1.8.2 "Lightbulb Sun" bugfix release
=========================================
Released March 26, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug Fixes
~~~~~~~~~
* fix a CGI timing issue: if a connection handled by a CGI scripts
is interrupted with the right timing it causes the server
process to exit with "fatal in client_by_id: invalid id X".
New Features
~~~~~~~~~~~~
* add a new block `type { ... }' to define mime types mapping.
Improvements
~~~~~~~~~~~~
* use shell built-in `command' instead of which(1), prodded by
cage and Allen Sobot.
* configure script: allow to set MANDIR from cmdline (Allen Sobot)
* add systemd-sysusers sample file in contrib/ (Nakaya)
* [linux/seccomp] allow fstatat64(2), llseek(2) and sigreturn(2),
needed by glibc on armv7. (Tobias Berger)
* [linux/seccomp] tightens rules by allowing openat(2) only with
the O_RDONLY flag.
|
|
should have been done already in 12fcba2; reminded by Allen Sobot,
thanks!
|
|
diff by Allen Sobot (chilledfrogs at disroot dot org), thanks!
|
|
gmid 1.8.1 "Lightbulb Sun" bugfix release
=========================================
Released Feb 10, 2022.
signify(1) pubkeys for this release:
RWTy3UJQzpxBUAymBwb2EGLLm0b3H/1n8hzhaC9HYFYzNuTavGt9QSwC
Bug fixes
---------
* fix landlock usage on linux: don't assume that access
capabilities not listed are implicitly denied, because they are
not. Mickaël Salaün, the landlock author, found the same error
on game of trees:
> In a nutshell, the ruleset's handled_access_fs is required for
> backward and forward compatibility (i.e. the kernel and user space may
> not know each other's supported restrictions), hence the need to be
> explicit about the denied-by-default access rights.
In practice this affects only linux and only partially: thanks
to the design of the daemon and the seccomp filter the effects
of this mistake in handling landlock are fortunately limited.
However, in theory at least, gmid could be for e.g. tricked into
truncating existing files, so it's highly suggested to update.
Improvements
------------
All by Anna “CyberTailor”, thanks!
* don't skip unit tests when SKIP_RUNTIME_TEST is set
* add `gg' to the regress target dependencies
* fix the "implicit declaration of asprintf" warning
* sync vim syntax
|
|
|
|
|
|
printf: Illegal option -i
this is why we can't have nice things, isn't it?
|
|
While here, move the SRCS variable to the configure and add the
-includes in Makefile.local; it de-clutters the Makefile a bit.
|
|
It's like passing PREFIX=... on the command line
|
|
During a cross-compilation we can compile the test binaries but not
run in the host machine. Furthermore, the exit status of the test
isn't really important for the types of check we have, the compilation
status is enough.
Reported by Nikolay Korotkiy (@sikmir) on Github, fixes issue #8
|
|
|
|
|
|
* add configure check
* change the way the headers are required (copied from tmux)
|
|
|
|
|
|
First move towards landlock support (#3). The shim is needed until
libc provides the proper wrappers for the landlock APIs; I hope it
doesn't take too long, but landlock was merged back in May and are
still missing.
|
|
bump version number
|
|
|
|
This version includes two bugfixes:
- use ${MAKE} to recursively call make
- fix the misleading example in the man page: macros name may not be
reserved words
Both bugs found and fixed by Anna “CyberTailor”, thanks!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
patch from Anna "CyberTailor"
It's handy for helpers like ebuild's use_enable.
(the sandbox is still always enabled by default)
|
|
patch from Anna "CyberTailor"
|
|
Initial patch from Anna "CyberTailor", tweaked by me (drop guessing_*
and always append CFLAGS)
|
|
but still try to autodetect with pkg-config if they aren't provided.
Passing CFLAGS/LDFLAGS from the command line will still override the
guessed ones.
|
|
|
|
Calling `configure' with --disable-sandbox will disable the sandbox
support *completely* at compile time. gmid will still complain at
compile time and during the startup.
Users shouldn't disable the sandbox if possible, but instead report
problem upstream so they get fixed (hopefully.)
#4 related
|
|
The actual implementation is based off doas' parse.y. This gave us
various benefits, like cleaner code, \ to break long lines, better
handling of quotes etc...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Include gmid.h as first header in every file, as it then includes
config.h (that defines _GNU_SOURCE for instance).
Fix also a warning about unsigned vs signed const char pointers in
openssl.
|
|
but why'd they called it program_invocation_short_name? They couldn't
find a longer name?
|
|
this unlocks the full regress tests on arch, for instance, or every
OS where we don't have strl*
|
|
|
|
|
|
|
|
|
|
This adds a check for setproctitle and for the (linux) prctl
PR_SET_NAME. If setproctitle is not available, on linux we provide an
implementation that use prctl (taken from tmux compat layer.)
|
|
|
|
|
|
|
