Well, I suppose I should be happy that mksh is actually used…
- [tg] Correct shf buffer I/O routines to avoid a memory corruption bug discovered by Waldemar Brodkorb and other bad effects
- [tg] Fix NULL pointer dereference during iteration loop when checking for alias recursion; discovered by Michal Hlavinka
That’s OpenADK (Waldemar’s fork of FreeWRT, which is Waldemar’s fork of OpenWrt), and Red Hat Enterprise Linux, respectively. Popcon in Debian and its derivates is also pleasant.
I could use some help bugfixing this though:
(sleep 3; exit 12) & bgprocpid=$! sleep 6 # background process is done by now wait $bgprocpid # POSIX mandates that, since $! was asked # for, wait is to reply its errorlevel
Somehow, JF_KNOWN is never set – and I can’t debug this with gdb(1).
(There’s also a dashism in some *buntu start scripts that does pretty much the same except it uses “wait %1” there. In fact it doesn’t even seem to use $! – no idea whether we can support that at all in a POSIX shell – which dash clearly isn’t… – without keeping track of background processes forever.)
I’ve got some interesting results using r1.1 of an example test programme (r1.2 got cleaned up and more output) on various systems, regarding ASLR. The 1.1 revision tests everything mksh R40+ will use (except there will probably no larger than page sized allocations) for its LCG PRNG. On OpenBSD (MirBSD, ÆrieBSD) malloc(3) uses in fact mmap(2), which is randomised. (Though -pie doesn’t yet work as it’s supposed to.) Some OSes are better than others… but look for yourself. (Read on to continue, not part of the RSS for size reasons. This wlog entry may be updated – with bumped date – unperiodically.)
tg@blau:~ $ mgcc -static x.c x.c:0: note: someone does not honour COPTS correctly, passed 0 times x.c: In function `foo': x.c:27: warning: function returns address of local variable tg@blau:~ $ ./a.out 0xa9332000 0xaba65000 0xa0ae7000 0xcfbed990 0xcfbed994 tg@blau:~ $ ./a.out 0xa91b4000 0xa02b1000 0xa1602000 0xcfbf8680 0xcfbf8684 tg@blau:~ $ ./a.out 0x9f731000 0x9cb2a000 0xa94ca000 0xcfbf5840 0xcfbf5844 tg@blau:~ $ ./a.out 0x9c2af000 0xa6a0b000 0xa4ce1000 0xcfbefac0 0xcfbefac4 tg@blau:~ $ ./a.out 0xa3b61000 0xa96de000 0xa96df000 0xcfbedcc0 0xcfbedcc4
tg@frozenfish:~ $ gcc -static x.c x.c: In function ‘foo’: x.c:27: warning: function returns address of local variable x.c: In function ‘bar’: x.c:33: warning: function returns address of local variable tg@frozenfish:~ $ ./a.out 0x80b2a20 0x80b2a30 0xb7745008 0xbf985ce0 0xbf985cd4 tg@frozenfish:~ $ ./a.out 0x80b2a20 0x80b2a30 0xb7726008 0xbfb911b0 0xbfb911a4 tg@frozenfish:~ $ ./a.out 0x80b2a20 0x80b2a30 0xb7784008 0xbf83d040 0xbf83d034 tg@frozenfish:~ $ ./a.out 0x80b2a20 0x80b2a30 0xb77e8008 0xbfc0f840 0xbfc0f834 tg@frozenfish:~ $ sid I: [sid chroot] Running command: “mksh -l” tg@frozenfish:~ $ gcc -static x.c x.c: In function ‘foo’: x.c:27: warning: function returns address of local variable x.c: In function ‘bar’: x.c:33: warning: function returns address of local variable tg@frozenfish:~ $ ./a.out 0x80c86a8 0x80c86b8 0xb77c3008 0xbfaa1900 0xbfaa18f4 tg@frozenfish:~ $ ./a.out 0x80c86a8 0x80c86b8 0xb77d2008 0xbfcc0260 0xbfcc0254 tg@frozenfish:~ $ ./a.out 0x80c86a8 0x80c86b8 0xb77c1008 0xbfbe2120 0xbfbe2114
uname: Linux frozenfish 2.6.18-6-686 #1 SMP Fri Feb 19 23:40:03 UTC 2010 i686 GNU/Linux
tg@stinky:~ $ gcc -static x.c x.c: In function `foo': x.c:27: warning: function returns address of local variable tg@stinky:~ $ ./a.out 595f0 59bf0 59d00 ffbefbb4 ffbefb5c tg@stinky:~ $ ./a.out 595f0 59bf0 59d00 ffbefbb4 ffbefb5c tg@stinky:~ $ ./a.out 595f0 59bf0 59d00 ffbefbb4 ffbefb5c tg@stinky:~ $ gcc x.c x.c: In function `foo': x.c:27: warning: function returns address of local variable tg@stinky:~ $ ./a.out 20950 20f50 21060 ffbefb3c ffbefae4 tg@stinky:~ $ ./a.out 20950 20f50 21060 ffbefb3c ffbefae4
mirabilos@stargazer:~ $ gcc -static x.c x.c: In function 'foo': x.c:27: warning: function returns address of local variable x.c: In function 'bar': x.c:33: warning: function returns address of local variable mirabilos@stargazer:~ $ ./a.out 0x800603080 0x800605040 0x800700000 0x7fffffffe62c 0x7fffffffe62c mirabilos@stargazer:~ $ ./a.out 0x800603080 0x800605040 0x800700000 0x7fffffffe63c 0x7fffffffe63c mirabilos@stargazer:~ $ ./a.out 0x800603080 0x800605040 0x800700000 0x7fffffffe62c 0x7fffffffe62c
uname: MidnightBSD stargazer.midnightbsd.org 0.3-CURRENT MidnightBSD 0.3-CURRENT #1: Thu May 27 22:13:45 EDT 2010 email@example.com:/usr/obj/usr/src/sys/GENERIC amd64
(QEMU, thanks to Aurélien! Debian unstable from approx. Jan 2010)
root@debian-mipsel:~ # gcc-4.4 -static x.c x.c: In function 'foo': x.c:27: warning: function returns address of local variable x.c: In function 'bar': x.c:33: warning: function returns address of local variable root@debian-mipsel:~ # ./a.out 0x4aa740 0x4aa750 0x2aaa8008 0x7fa417e8 0x7fa417d8 root@debian-mipsel:~ # ./a.out 0x4aa740 0x4aa750 0x2aaa8008 0x7fc67708 0x7fc676f8 root@debian-mipsel:~ # ./a.out 0x4aa740 0x4aa750 0x2aaa8008 0x7fb68238 0x7fb68228 root@debian-mipsel:~ # ./a.out 0x4aa740 0x4aa750 0x2aaa8008 0x7fc586c8 0x7fc586b8
uname: Linux debian-mipsel 2.6.32-trunk-4kc-malta #1 Mon Jan 11 03:45:08 UTC 2010 mips GNU/Linux
Gentoo GNU/Linux on amd64
gcc-4.4.4, glibc-2.11.2-r0, 2.6.35-rc4 x86_64
0x20cc010 0x20cc030 0x7fef0c497010 0x7fff32148fec 0x7fff32148fec 0xa35010 0xa35030 0x7f575d0e4010 0x7fff0dd7220c 0x7fff0dd7220c 0x1f90010 0x1f90030 0x7f8657107010 0x7fff6116813c 0x7fff6116813c 0x9dd010 0x9dd030 0x7f1eab0a6010 0x7fff3dcc638c 0x7fff3dcc638c
Not everyone does ASLR… but there’s enough variety (and with eglibc’s AT_RANDOM even proper entropy) inside for our purposes. On OpenBSD and MirBSD, we’ll still use KERN_ARND as it’s extremely cheap entropy (code paths checked on both) but not for every call of $RANDOM. On things like Debian/m68k mksh(1) ought to have gained a possibly noticeable speed-up.
Bordeaux was very nice (and towards the end much cooler… it’s actually hotter here at more than 50½° north – too warm to think, or do anything) but the LSM/RMLL was very french. They’ll be in Straßburg and Lüttich the next two years so we can probably be expected to attend. I don’t think I can eat duck (which, in south-west france, is a vegetable) or like all that classic french multi-course food so much, but I had enough Couscous Merguez and Thé à la menthe fraîche… and similar good stuff. Many people spoke English and actually asked me whether I do (probably they couldn’t bear me trying to spea^W^W^Wbutchering the language of the Grande Nation) and in general were a friendly bunch. I did see some people with machine guns in the city on the last day, though. No idea what/why… didn’t dare asking ☻
Just another reason to boycott flying: Mario Lang (one of the speakers) was apparently held on the airport and treated as a terrorist due to his Braille line… they thought it was a bomb or somesuch thing.
Read on for more…
Travelling with the Thalys and TGV was nice (but I loathe the Métro parisienne… they should build a ring train like the Berlin S-Bahn and just put another stop before Paris Nord and Montparnasse for people who just want to switch trains to take the ring train to the other line). And I want air conditioned trams in Germany too!
I met Uriel (invited him for some food and talked lengthy with him and some 9grid guy), XTaran (who was rather busy organising things), and a number of other people. Did some PGP keysigning as well. There’s now an experimental MirOS presence at Launchpad, not sure what exactly we’re going to do with it but, as Canonical does not care (as Jonathan said in his talk – great slides, by the way, really impressive), there’s no harm in having it. Some Perl guy from America (USA… just to make sure ☺) wanted a photograph of me with a sign “I love CVS” just so people back at home would believe him he’s met such a person *grins* of course I plugged in a little advertising but cvs(GNU) is honestly good. The forge hacking session was a little under-visited (but still a success in terms of getting more communication and maybe collaboration underways, especially thinking of common interfaces, DC, semantic web, OSLC-CM) and since the room was (in contrast to my hotel room and the trams!) not air conditioned we didn’t get much hacking done. The Debian booth was about 40% of one FOSDEM style table wide… and subsequently crowded. There were more people (of course, I was trying to get mksh into Haikuports, Mandriva, and other things; talked about KDE 3.5.11 (Trinity), Qt 3 vs Qt 4, and kwalletcli, and in general to a not-so-usual bunch of suspects – like I said, LSM/RMLL really is pretty french-only).
It is too hot, but I still committed src/etc/rc,v version 1.110 which you want to upgrade your /etc/rc to before upgrading mksh(1) in MirBSD. (All in the name of better performance on platforms such as Debian/m68k and not raiding Linux’ inferior RNG… but it does simplify things.)
I could probably write more but at the moment just want to lie down and die until it gets cooler… even the rain didn’t help. My feet hurt (Montparnasse-Bienvenue didn’t help) too.
The current version of mksh had use of arc4random(3) removed, including “set -o arc4random”, to speed it up (on some architectures, a lot) – this will break some existing scripts (such as /etc/rc *cough* on MirBSD…). Hence I decided to publish the next version of mksh(1) as R40 based upon current development, and defer plans for associative arrays (and multidimensional arrays) for mksh R41. There’s also already the change to Build.sh arguments, so this suits me quite fine.
(Read: if running MirBSD, don’t upgrade mksh at the moment.) There will be a new MirBSD snapshot once this is fixed, maybe a few more changes to the shell for better POSuX compliance, and the recently mentioned patent on LFNs (long filename) in FAT will be taken into account with a patch to msdosfs.
I’ll travel to LSM/RMLL 2010, the Libre Software Meeting (Rencontres Mondiales du Logiciel Libre) tomorrow until the weekend, to hack some on FusionForge (this is worktime for me), visit XTaran, Uriel, and maybe a couple of other “usual people”.
Thundersday, between 10:00 UTC and 12:00 UTC, eurynome will be shut down by gecko2@ due to power supply maintenance on the host system data centre.
We have a new mirror in the Americas, thanks a lot to Mike 'Fuzzy' Partin! Benny will mention it on the webpages once it’s working.
No, it’s not just half the answer. I think we’re much farther down the way than that ☺ while there are still improvements planned, under development, and to come, we’ve gone a long ways from 4.5 based Evolvis platform releases.
There are several new extensions, almost all of them enabled by default. You can see a tech demo of these at https://evolvis.org/plugins/mediawiki/wiki/evolvis/index.php/PluginDemo (which will automatically show you an English- or German language version depending on your web browser’s preferences). The extensions are:
The MediaWiki extensions are “driven” (configured) by the forge semi-automatically, for example RSS_Reader uses a per-project (forge group) cache directory instead of disabling the cache (which needed to be done for the Debian package, since the default installation does not have the luxury of a directory writable for the Apache user). The configuration closely matches the “old-style” (JH) Wiki integration that has been done for Evolvis 4.5 previously.
Further changes include a fair number of bugfixes to the code, theme, wiki, extensions (fed upstream), and XHTML compliance. We know there are still enough bugs to keep us busy for a while, but you might notice some improvements; others are hidden but shorten the Apache error_log noticeably ☺
To further summarise from the developer/package management system changelog the (non-bugfix) changes from the last version include:
- reduced space requirements by using the xz compressor instead of gzip for nightly Subversion backups
- give forge (group/project and site) admins more permissions in the Wiki by default
- Konqueror users have clickable sftp:// links in the places where SFTP/manual file upload can be used
- displaying filenames of uploaded files, including rules for them, has been improved
- there are now two automatic mailing lists (for newly created groups/projects): unixname-commits (where every member with commit rights will be added automatically) and unixname-discuss (where every member will be added automatically); of course there’s still the option to unsubscribe or, for non-members, to subscribe (a new Mailman integration is being worked on)
- Mailman list administrator passwords can now be (re-)set from the forge (by group/project or site admins); be careful to tell your co-admins the new password though…
- new values for PM (Tasks) status fields
- the ability to copy a task to another subproject
- customisable display for the Tasks area
- the SCM URLs now always use the correct hostname
- help window pop-ups are working again
- Evolvis can now almost fully be used with PHP 5.3 on Debian unstable (although we are still formally targetting Debian Lenny (with select backports and custom packages) specifically)
- font sizes (in the forge and the wiki) are finally consistent
- slight performance improvements
The time tracking area in Tasks has been disabled, since there is a company-internal tool doing the same, with an Evolvis integration being developed.
We hope you enjoy the latest installment of the Evolvis platform!
-- Thorsten Glaser, for the tarent Evolvis task forge, FusionForge and Mediawiki
My laptop odem has a somewhat split personality… half of it ended up in the waste bin, the other half will probably end up being sold under price to someone who may then sell the parts separately from each other (I’m not in the mood to do packaging and shipping). Salvaged parts: some PC133 SO-SDRAM (probably 512 and 256 MiB), an Athlon XP 1400+ CPU, an Acer Aspire 1300XC(?) BIOS, floppy drive, DVD-ROM/CD-RW drive, complete display (panel, inverter and chassis), CMOS battery, a lot of screws, the fan, some cables, the upper half of the chassis, the keyboard, and probably other things.
Mojito tastes good… we had a soldering social evening at $orkplace followed by an ad-hōc visit to the cocktail bar due to missing the tram (caught the next one). Summer’s gone again though… rain really is imminent now ☹
This wlog entry is presented you by gecko2@’s nagging… we’re really working though, so don’t expect many… I’m even doing the Debian stuff only at ork at the moment.
The most common tasks can now be easily solved:
- /etc/gforge/templates/httpd.ssl0.inc: uncomment two lines, and all forge vhosts redirect to https unconditionally
- /etc/gforge/templates/httpd.auth.forge.inc: uncomment a bunch of lines, and you get HTTP Basic Auth with PAM backend accessing nss_pgsql2, which means you must login with your forge username and password to display the site
- /etc/gforge/templates/httpd.auth.projects.inc: copy the same lines here, and the project homepages (*.forge vhosts) are protected in the same manner
- /etc/gforge/httpd.d/*: change 02namevhost, 06maindirhttp, 20list, 40virtualhost if you want not *:80 and *:443 vhosts but per-IPv4-address vhosts
- /etc/gforge/gforge.conf: insert lines like 「sys_sslcrt=/etc/ssl/my.cer」, 「sys_sslkey=/etc/ssl/private/my.key」, 「sys_ssl_apache_extra_cmd=SSLCertificateChainFile /etc/ssl/chain.pem」 to configure HTTPS properly and easily
Of course, there’s more to that: If you have more vhosts, just 「Include /etc/gforge/httpd.security.inc」 to disable a potential security hole / information leak, 「Include /etc/gforge/httpd.log.inc」 to log into the same files, 「Include /etc/gforge/httpd.ssl0.inc」 (SSL off) and 「Include /etc/gforge/httpd.ssl1.inc」 (SSL on) to use the same SSL configuration as the forge. The latter is especially important if you have more than one 〈VirtualHost *:443〉 container, as Apache 2 uses the configuration from the ASCIIbetically first one.
I was able to completely switch from the old, hand-edited configuration to a generated one with little, if any, changes on all our installations now. Some legacy or useful vhosts have been split out, for example a redirect for the old-style Wiki URIs, the Maven 2 repository vhosts, and Alfresco/Domisol (which was already separate but now got split port-80/443 configuration and the above-mentioned Include directives).
Furthermore, eMails from forge users to the FOO-commits@ mailing lists are always allowed by default for newly created lists, and users added to a group with SVN commit rights will be automatically subscribed to that list. We now issue the Forge Identification Header and display the version on the webpage. There was, of course, your usual round of bugfixes and infrastructure improvements, including preparations for more things to come (so stay tuned).
Roland will, as usual, take the best out of EvolvisForge and put it into FusionForge (et vice versa).
There’s also news on the not-so-forge front of Evolvis: our Hudson installations talk Jabber now, and the integration is becoming more tight. We can drive both old-style wikis and gforge-plugin-mediawiki at the same time. We’ve begun adding a bunch of mediawiki plugins (more to follow as needed); if there are people packaging those for Debian already, cooperation is desired.
Until 12th of June, the “Fairtrade Software” booth at LinuxTag 2010 in Berlin, Germany, will present Evolvis and FusionForge to the public. Visit us in Hall 7.2a, Booth 123, and check out the other exciting tarent projects!
Wenn Du denkst, MirBSD wäre langsam und sein Installer in irgendeiner Art und Weise doof, dann installiere mal Debian (etch, neuere Versionen können nur noch sun4u und sun4v, kein sun4m mehr) auf einer SPARCstation 20.
Lahm wie Sau, das Teil. Und der Installer ist schwarz auf weiß – was nicht so schlimm wäre, wenn der Cursor (und die dialog-Markierungen) nicht ebenfalls schwarz auf weiß wären…
Ich bin ja mal gespannt, ob das durchläuft.
tg@blau:~ $ #ls tg@blau:~ $ ls
The command sticks in the history, and is not immediately shown in the next interactive input line, which I consider a plus in most use cases. Anyway, try mksh (just a-g i it), there are a lot of goodies. I found out about Ctrl-O only a year or so ago myself…
I wonder why schizo didn’t write about how to do it in posh tho ☺
Just a random status update: I’ve been too busy with the dayjob, now ill for about two weeks already. There have been some minor mksh fixes but I’d still like to catch up on the Austin ML postings before releasing R39d; Android discussion is live. The base system has some issues found, but I will take a while (no hacking mood, even when not ill).
Scan this! and Google’s playable logo is just weird (at least no sound in Opera) but at least it’s not Fläsh. I played it but there’s no second level. Tonnerre likes «Forth op de Fiets» (as a pun on Ruby on Rails), which lets me remember the Forth Glockenspiel.
Sorry for the lack of updates, but MirBSD is still pretty much a fun project, and Benny is working on his Doctor thesis too.
The bsiegert-cfgfile branch of the MirPorts package tools is coming along nicely. Today I committed a patch to info/perform.c that puts its logic from the head on its feet, making the function more readable and, incidentally, getting rid of two gotos. The header of the information has become a little more informative. Watch:
% pkg_info foo pkg_info(foo): cannot find package 'foo' installed or in a file! % pkg_info tiff | head -4 Information for tiff-3.7.4-1 (installed): Comment: library routines for working with TIFF images
Something new that I got working is support for giving the name of an uninstalled package in a repository mentioned in the new /etc/pkgtools/pkgtools.conf file. This works for both local and remote repos:
% pkg_info tiff-cxx | head -4 Information for /usr/ports/Packages/tiff-cxx-3.7.4-1.cgz: Comment: C++ API for working with TIFF images % pkg_info mc | head -4 >>> ftp -o - http://www.mirbsd.org/MirOS/Pkgs/current/i386//mc-4.6.1-16.cgz Information for /var/folders/Xk/XkVpSyd8F0WZnoK9NwgsWU+++TI/-Tmp-//instmp.4OV2INPVOK: Comment: free Norton Commander clone with many useful features
Actually, in the last case, the output could be improved some more :). You can also give it a package specification such as "tiff->=3.0". If more than one package matches the specification given, then a menu is displayed from which you choose one. This happens, for instance, if you have an older version built locally and a newer version of the same package in a remote repo, or if several flavours of the package are available.
The changes are not in the HEAD branch yet, I will merge them when I consider it "done".
tl;dr: EvolvisForge 4.8 deployed on *all* tarent systems now. Let’s party! Stay tuned for even more cool features.
I just installed EvolvisForge 4.8.3+evolvis12 (after quite some bugfixing) on evolvis.org and the last remaining internal instance.
This means that tarent is no longer running GForge 4.5 so let’s celebrate!
You’re hereby cordially invited to check out the public Evolvis and what makes it so good (FusionForge based) and then even better (our hard work ☺). This is the latest and greatest, but still work in progress, we have a lot of further improvements planned, so stay tuned!