OpenBSD release(s):
1.3 (79),
1.2 (78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59),
1.1.1.1 (58 57 56 55 54 53 52 51 50),
Tags:
1.1.1.1 (BINUTILS_2_17_RELEASE),
1.1.1 (FSF),
revision 1.3/
(Download) -
annotate -
Mon, 23 Feb 2026 16:45:16 UTC by deraadt
OpenBSD release(s): 79
Changes since 1.2:
+5 -1
(diff)
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
revision 1.2/
(Download) -
annotate -
Thu, 22 Oct 2015 14:53:00 UTC by pascal
OpenBSD release(s): 78 77 76 75 74 73 72 71 70 69 68 67 66 65 64 63 62 61 60 59
Branch point for:
1.2.38.1
1.2.40.1
Changes since 1.1:
+3 -0
(diff)
Add pledge(2) to some binutils that handle untrusted data. Most can do with
"stdio rpath", while objdump(1) also needs "tmppath" for objdump -i.
ok deraadt@, comments sthen@ kettenis@
revision 1.1/
(Download) -
annotate -
Sun, 24 Apr 2011 20:14:40 UTC by miod
Branch point for:
1.1.1.1
Initial revision
revision 1.1.1.1/
(Download) -
annotate -
Sun, 24 Apr 2011 20:14:40 UTC by miod
OpenBSD release(s): 58 57 56 55 54 53 52 51 50
Tags: BINUTILS_2_17_RELEASE
Changes since 1.1:
None
Here comes the easter bunnytils 2.17 (the last version released against a
licence mere mortals can understand the terms of); will be connected to the
build on an arch-by-arch basis.
Testsuites and generated files have been intentionnaly omitted from this import.
Peer pressure and ok from at least drahn@ pirofti@ deraadt@
revision 1.2.40.1/
(Download) -
annotate -
Fri, 27 Feb 2026 20:32:48 UTC by bluhm
Changes since 1.2:
+5 -1
(diff)
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc",
and "rpath wpath cpath"
from deraadt@; ok semarie
This was using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
uses tmpfile(), which is why it used "tmppath", which is why it now
needs "rpath wpath cpath"
from deraadt@; spotted by brynet
Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a
"r" unveil on "/", and then pledge "rpath wpath cpath".
from deraadt@; ok semarie and others
This is using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
These programs are using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
Use unveil() instead of pledge "tmppath". There is a bit of bulldozering
here to handle the many codeflows regarding output files, and I hope ingo
improves it later.
from deraadt@; Some help with regression validation from job
nc(1) has the more crazy unveil + pledge configuration based upon
argument flags. I think this correctly replaces "tmppath" with an
unveil.
from deraadt@
Since this program is "rpath wpath cpath", it does not need to use
"tmppath"
from deraadt@; ok op
replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath wpath cpath".
from deraadt@; ok ok
this is errata/7.7/021_tmppath.patch.sig
revision 1.2.38.1/
(Download) -
annotate -
Fri, 27 Feb 2026 20:31:13 UTC by bluhm
Changes since 1.2:
+5 -1
(diff)
replace pledge "stdio rpath tmppath" with unveil "/tmp" "rwc" to satisfy
mktemp(3) type operations, unveil "/" "r" for reading all over the tree,
and pledge "stdio rpath wpath cpath" to permit both unveils subject to
their own limitations.
pledge "rpath tmppath" is replace with unveil "/" "r", unveil "/tmp" "rwc",
and "rpath wpath cpath"
from deraadt@; ok semarie
This was using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
uses tmpfile(), which is why it used "tmppath", which is why it now
needs "rpath wpath cpath"
from deraadt@; spotted by brynet
Instead of pledge "tmppath rpath", setup a "rwc" unveil on "/tmp", a
"r" unveil on "/", and then pledge "rpath wpath cpath".
from deraadt@; ok semarie and others
This is using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
These programs are using pledge "tmppath" with "rpath wpath cpath".
The "tmppath" is not needed.
from deraadt@; ok semarie and others
Use unveil() instead of pledge "tmppath". There is a bit of bulldozering
here to handle the many codeflows regarding output files, and I hope ingo
improves it later.
from deraadt@; Some help with regression validation from job
nc(1) has the more crazy unveil + pledge configuration based upon
argument flags. I think this correctly replaces "tmppath" with an
unveil.
from deraadt@
Since this program is "rpath wpath cpath", it does not need to use
"tmppath"
from deraadt@; ok op
replace pledge "tmppath" with unveil "/tmp" "rwc" and "rpath wpath cpath".
from deraadt@; ok ok
this is errata/7.8/015_tmppath.patch.sig