JOSTALY TECHNOLOGIES John SETH Thielemann OCTOBER 21, 2024 "We are all different - but we share the same human spirit." - Stephen Hawking d5d184d421aee15603939973a6b0f372f908edfb24c5bc740697497021ad9458 bison-3.8.tar.gz 9decf7cabe15f4530550cc17a019f108bca5c82d726804a4558192153c474191 bison-3.8.tar.gz.sig SHA256(bison-3.8.modified.tgz)= 9a63d92e31f1e07eef630c5083068205242856c9e377eeae3705744166631f58 SHA256(bison.attachment.tgz)= 52cc2df02c78f912d566742b0c6e6185cbdd882faa538a3b6dbc6763893eeed8 SHA256(bison.attachment.tgz.asc)= cb40c64807e16b7b41d433587e9e63bee9fec4c66f2da33520c06ff625648561 0) NEWS OF INTEREST 0.A --- 19 Sep : CVE-2024-20017 Exploit in MediaTek Wifi Chipsets zero-click 07 Oct : Comcast Hack 07 Oct : Casio Cyberattack 25 Oct : United Healthcare Hack 0.B --- Company News: - Userspace kernel platform & utilities are now completely free-standing with the in-house implementation of libc that supports linux v2.6+ posix syscall interface. - Unit-testing framework for system calls (verifying arguments, etc.) complete, more work to be done with front-end libc / syscall interface functions. - Unit-testing shutdown register framework for bare-metal / ARM. - Large additions of functions for libc and corresponding unit testing for legacy applications. 1) ARTICLE The past few articles focused on a number of compression libraries being augmented / replaced with our in house version of libc. This article switches off of the compression focus into development utilities with GNU bison. With the standard configure/build/install/test, statistics for tests came out to 708 tests being run, 1 failing unexpectedly, and 64 tests being skipped. The entire test suite takes roughly a quarter of an hour to complete, changes and verification is not rapid in this case. The primary goal for the moment is to peel away enough abstraction to get closer to the system level calls; at some point no modification will be a goal (however it's useful to pinpoint interesting code paths). First, the build was modified to run via a shell script (build.sh) to isolate source files and toggle between build systems (normal <-> augmentation/replacement). Unused source files were removed from the build completely, then proceeded with some combinatoric testing to find dependencies and group the compilation units together a little better. A few basic layers were removed at the sacrifice of breaking a few tests: pipe and spawn (+1) replaced with standard libc calls, atexit(stdout_close) calls (stdout is closed on exit/termination). Functions (fprintf_if/fputs_if) removed, these add large complexity overhead and va_args dependencies for functions being used once or a few times. Added tracing around program execution (You may need to add /home/jostaly/). Fuzzy symbol lookups with fstrcmp_bounded (+1) through some analysis on chosen entities were removed: jostaly@jostaly:~$ tail -F /home/jostaly/workspace/fstrcmp_bounded | grep CHOSEN fstrcmp_bounded: (CHOSEN) (G22) (D22) (0.666667) fstrcmp_bounded: (CHOSEN) (H25) ("H25") (0.750000) Text processing is also a focal point, your locale may vary. A number of interesting builds would be for foreign language codesets. With the standard configuration that was run on the development machine, the calls to locale_charset all decayed to returning "ASCII"; replaced where necessary. Circling back to uses, a number of code paths disappear. The use of UTF-8 is almost essentially the same as using classic C-style strings. Replaced the use of is_basic (and friends) with the ctype.h isprint variant(s). The quoteargs/complain/derivation/counterexample compilation units are interesting, the src/glyphs.c (+1) was targeted for unicode conversion and io, under most circumstances the 4 special characters do not get converted into unicode / multi-byte sequences: glyphs.h 26 /* In gnulib/lib/unicodeio.h unicode_to_mb uses a buffer of 25 bytes. 27 In down_arrow, we append one space. */ 28 typedef char glyph_buffer_t[26]; jostaly@jostaly:~/workspace$ cat quotearg input argument: (input.cc) output quoted argument: ("input.cc") (fn: quotearg_n_options) arrow: (2) (->) mbswidth: 2 dot: (1) (.) mbswidth: 1 down_arrow_width: (4) (`-> ) mbswidth: 4 empty: (6) (%empty) mbswidth: 6 tail: /home/jostaly/workspace/glyphs_bs: file truncated arrow: (1) (→) mbswidth: 1 dot: (1) (•) mbswidth: 1 down_arrow_width: (2) (↳ ) mbswidth: 2 empty: (1) (ε) mbswidth: 1 * jostaly@jostaly:~/workspace/bison/bison-3.8$ grep -rnI 'gettext_quote' . ./lib/quotearg.c:201:gettext_quote (char const *msgid, enum quoting_style s) ./lib/quotearg.c:356: left_quote = gettext_quote (N_("`"), quoting_style); ./lib/quotearg.c:357: right_quote = gettext_quote (N_("'"), quoting_style); Add some tracing, both get turned into the same character: jostaly@jostaly:~/workspace/bison/bison-3.8/tests$ od -tx1 /home/jostaly/workspace/left_and_right_quote 0000000 28 22 29 0a 28 22 29 0a 28 22 29 0a 28 22 29 0a 0000020 28 22 29 0a 28 22 29 0a 0000030 Dependency removal for gettext_quote, with simple replacement of '"' character. mbs(n)width, flags is never used, removed predicates around this. Use of standard libintl replace for GNU gettext functions. mbslen: okay to replace with string length. Removed a large number of headers, the relocate2 on configured paths can just return the configured path, memory allocation redirected out of lib to standard calls. A few datastructures and unicode/mbchar remain in lib, the latter mostly being unused and ripe for removal. The next article will pick-up where this one leaves off. Additionally, a compression utility is being developed in-house that will likely be added to the next article.