bspatch: add integer overflow checks

Introduce a new add_off_t static function that exits with an error
message if there's an overflow, otherwise returns their sum. Use this
when adding values obta

bspatch: add integer overflow checks

Introduce a new add_off_t static function that exits with an error
message if there's an overflow, otherwise returns their sum. Use this
when adding values obtained from the input patch.

Reviewed by: delphij, allanjude (earlier)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7897

show more ...

errno.h is no longer needed as of r340239 so remove it.

No MFC planned as that revision was not merged.

Remove support for FreeBSD 10.x.

MFC after: 1 month

bspatch: simplify capsicumization

Assume that user wants to run with capsicum support if he builds the software
with HAVE_CAPSICUM. Treat running application without capsicum in the kernel as
an err

bspatch: simplify capsicumization

Assume that user wants to run with capsicum support if he builds the software
with HAVE_CAPSICUM. Treat running application without capsicum in the kernel as
an error.

MFC after: 3 weeks

show more ...

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error

various: general adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 2-Clause license, however the tool I
was using misidentified many licenses so this was mostly a manual - error
prone - task.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

No functional change intended.

show more ...

bspatch: Remove backwards-compatibility sys/capability.h support

bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and

bspatch: Remove backwards-compatibility sys/capability.h support

bspatch previously included sys/capability.h or sys/capsicum.h based
on __FreeBSD_version, as FreeBSD is the upstream for bsdiff and we may
see this file incorporated into other third-party software.

The Capsicum header is now installed as sys/capsicum.h in stable/10 and
FreeBSD 10.3, so we can just use sys/capsicum.h and simplify the logic.

Reviewed by: allanjude
Differential Revision: https://reviews.freebsd.org/D7954

show more ...

bspatch: use #define for header size instead of magic number

Reviewed by: allanjude, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7861

bspatch: remove superfluous newlines from errx strings

bspatch: add sanity checks on sizes to avoid integer overflow

Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.

This is based o

bspatch: add sanity checks on sizes to avoid integer overflow

Note that this introduces an explicit 2GB limit, but this was already
implicit in variable and function argument types.

This is based on the "non-cryptanalytic attacks against freebsd
update components" anonymous gist. Further refinement is planned.

Reviewed by: allanjude, cem, kib
Obtained from: anonymous gist
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7619

show more ...

bspatch: remove output file in the case of error

Reviewed by: oshogbo
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7644

Capsicumize bspatch

Move all of the fopen() and open() calls to the top of main()

Restrict each FD to least privilege (read/seek only, write only, etc)

cap_enter(), and make all except the output

Capsicumize bspatch

Move all of the fopen() and open() calls to the top of main()

Restrict each FD to least privilege (read/seek only, write only, etc)

cap_enter(), and make all except the output FD read/seek only.

Reviewed by: emaste, ed, oshogbo, delphij
Approved by: so
MFC after: 3 days
Relnotes: yes
Sponsored by: ScaleEngine Inc.
Differential Revision: https://reviews.freebsd.org/D7358

show more ...

bspatch: apply style(9)

Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.

Reviewed by: oshogbo
No objection: cperciva
Spo

bspatch: apply style(9)

Make style changes (and trivial refactoring of open calls) now in order
to reduce noise in diffs for future capsicum changes.

Reviewed by: oshogbo
No objection: cperciva
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D7610

show more ...

Fix bspatch heap overflow vulnerability.

Obtained from: Chromium
Reported by: Lu Tung-Pin
Security: FreeBSD-SA-16:25.bspatch

Cleanup unnecessary semicolons from utilities we all love.

Make usage printing more consistent with other tools.

- Introduce a separate usage() function.
- Don't use argv[0]. Directly name the application, as we do elsewhere.
- Don't prepend the application

Make usage printing more consistent with other tools.

- Introduce a separate usage() function.
- Don't use argv[0]. Directly name the application, as we do elsewhere.
- Don't prepend the application name.
- Don't print two newlines.

show more ...

Portability fix for non-POSIX operating systems: Open files in binary mode.

PR: bin/106358
Submitted by: techtonik at php dot net

Add bsdiff and bspatch to the base system. These are tools for
constructing and applying binary patches; in particular, they perform
well (in the sense of constructing small patches) for executable

Add bsdiff and bspatch to the base system. These are tools for
constructing and applying binary patches; in particular, they perform
well (in the sense of constructing small patches) for executable code.
Both portsnap (coming to the base system Real Soon Now) and FreeBSD
Update (coming to the base system a bit later) use bspatch.

This is the same code as the bsdiff-4.2 which has been in the ports
tree (misc/bsdiff) for the past year, with the following exceptions:
1. The license is now the traditional 2-clause BSD;
2. Instead of forking and execing bzip2, the code now uses libbz2; and
3. Some minor changes have been made to fit this code into the base
system (adding $FreeBSD$ tags, putting bsdiff and bspatch into separate
directories, etc.)

This code is rather ugly and has lots of style bugs (mostly because I
wrote it before I had ever heard of style(9)). Some day I'll come
back and clean it up.

Discussed on: freebsd-arch
MFC before: 5.5-RELEASE
Tested by: Several million users (earlier version).

show more ...