file descriptors does not change upon dropping privilege, and include
a likely case of `setuid(non_superuser); exec(...);'.
Sponsored by: DARPA, NAI Labs
Obtained from: TrustedBSD Project
re-read from the stack mid copy. This may help mitigate the recent
Apache buffer overrun and future overruns of the sort.
Reviewed by: jdp
MFC after: 2 days
Since they were never documented and have never appeared in a FreeBSD
release, no repo-copy of the header is done. This removes namespace
pollution from <time.h>.
condense the redundant bits.
o Provide an example for using snprintf over sprintf. This may be
supplemented with an asprintf() example soon.
Sponsored by: DARPA, NAI Labs
a format string. This will later on be changed to a reference to the
FreeBSD Security Architecture after it has been committed.
PR: docs/39320
Sposnored by: DARPA, NAI Labs
Hopefully, now it is more clear that the memory referenced by the
ptr argument of realloc(ptr,size) is freed and only the return value
of realloc() points to a valid memory area upon successful completion.
Submitted by: Martin Faxer <gmh003532@brfmasthugget.se>
__dlfunc_t to dlfunc_t to match what I have proposed to the Austin
Group. (This also makes it easier for applications to store these
values before they decide what to do with them, e.g., in a wrapper
function.)
Add new dlfunc() interface, which is a version of dlsym() with a
return type that can be cast to a function pointer without turning
your computer into a frog.
Reviewed by: freebsd-standards
The uuidgen command, by means of the uuidgen syscall, generates one
or more Universally Unique Identifiers compatible with OSF/DCE 1.1
version 1 UUIDs.
From the Perforce logs (change 11995):
Round of cleanups:
o Give uuidgen() the correct prototype in syscalls.master
o Define struct uuid according to DCE 1.1 in sys/uuid.h
o Use struct uuid instead of uuid_t. The latter is defined
in sys/uuid.h but should not be used in kernel land.
o Add snprintf_uuid(), printf_uuid() and sbuf_printf_uuid()
to kern_uuid.c for use in the kernel (currently geom_gpt.c).
o Rename the non-standard struct uuid in kern/kern_uuid.c
to struct uuid_private and give it a slightly better definition
for better byte-order handling. See below.
o In sys/gpt.h, fix the broken uuid definitions to match the now
compliant struct uuid definition. See below.
o In usr.bin/uuidgen/uuidgen.c catch up with struct uuid change.
A note about byte-order:
The standard failed to provide a non-conflicting and
unambiguous definition for the binary representation. My initial
implementation always wrote the timestamp as a 64-bit little-endian
(2s-complement) integral. The clock sequence was always written
as a 16-bit big-endian (2s-complement) integral. After a good
nights sleep and couple of Pan Galactic Gargle Blasters (not
necessarily in that order :-) I reread the spec and came to the
conclusion that the time fields are always written in the native
by order, provided the the low, mid and hi chopping still occurs.
The spec mentions that you "might need to swap bytes if you talk
to a machine that has a different byte-order". The clock sequence
is always written in big-endian order (as is the IEEE 802 address)
because its division is resulting in bytes, making the ordering
unambiguous.
- Remove redundant "? :" construct.
style(9):
- Place a space after return statements.
- Compare pointers to NULL.
- Do not use ! to compare a character to nul.
a floating point instruction into a 6-bit register number for
double and quad arguments.
Make use of the new INSFPdq_RN macro where apporpriate; this
is required for correctly handling the "high" fp registers
(>= %f32).
Fix a number of bugs related to the handling of the high registers
which were caused by using __fpu_[gs]etreg() where __fpu_[gs]etreg64()
should be used (the former can only access the low, single-precision,
registers).
Submitted by: tmm
on long double, which are not implemented in hardware on any UltraSPARC
chip that I know of. This just calls into the existing floating point
emulator, which is still needed to emulate other floating point operations
in certain conditions. Without this gcc has to generate the quad floating
point instructions directly, which sometimes causes internal compiler
errors.
Reviewed by: tmm
using these to load long doubles, but they aren't implemented in hardware
on (at least) UltraSPARC I and II machines.
Emulate popc in the user trap handler as well.
Re-arrange slightly to make support functions more accessible.
Reviewed by: tmm
- New length modifiers: hh, j, ll, t, z.
Still to do:
- %C, %S, %lc, %ls (wide character support)
- %a/%A (exact hex representation of floating-point numbers)
Removed old compatability equivalents:
- %D for %ld, %O for %lo, %X for %lx, %E and %F for %le & %lf (these
were buggy anyway, since they should have represented %Le & %Lf).
- %[unknown uppercase char] for %ld, %[unknown lowercase char] for %d
Satoshi NIIMI-san kindly explained that EUC does not limit the byte length to
any arbitrary number.
We now set the limit to the maximum octet length of the codeset and it is
locale-specific.
Submitted by: Yong-Jhen Hong <winard@ms11.url.com.tw>
and add some compatibility defines. Add fields for ins and locals to
struct reg also for the same reason; these aren't filled in yet because
getting at those registers sucks and I'd rather not save them in the
trapframe just for this. Reorder struct reg to be ABI compatible as
well. Add needed include of machine/emul.h.
This gets pmdb (poor man's debugger) from OpenBSD mostly compiling but it
doesn't work yet :(
Also, make an internal _getprogname() that is used only inside
libc. For libc, getprogname(3) is a weak symbol in case a
function of the same name is defined in userland.
# This appears to not break X11, but I'm having problems compiling the
# glide part of the server with or without this patch, so I can't tell
# for sure.
over someone else's fixes; this is at least offensive. If you
have problems doing a proper merge, we are here, your fellow
committers. :-(
Reapply markup fixes from revision 1.2 and fix some more. Also
fix the $OpenBSD$ tag.
support for fcmp and fcmpe instructions with a condition code
specification other than %fcc0.
This (primarily the first part) seems to fix a lot of problems that
people were seeing, e.g. perl and gawk failures.
Reported and analyzed by: wollman
gcc emits the deprecated sparc v8 instructions that use this register
when optimizing for UltraSparc machines because they are apparetly
faster then their v9 counterpars there.
to the console in a final attempt to log something. Make this final
attempt non-blocking so that a blocking console doesn't end up
blocking process which attempt to syslog something.
In particular, this means you should be able to su and fix the
problem if the console becomes blocking.
MFC after: 3 weeks
implementation did not match our manpage description (i.e., it could
return NULL). I mistakenly thought we were still using getpass.c
because, for some reason, CVS never removed it from the tree.
Pointy hat received from: alfred
Kick in the groin to: CVS
be serialized. A mutex is used to protect the critical regions.
sbrk() and brk() are not thread safe. Replace use of sbrk() with
a call to malloc to avoid race when one thread calls atexit
while another thread calls malloc.
Reviewed by: deischen
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being). Accordingly, change users of
xucred to set and check this field as appropriate. In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former. This also has the pleasant sideaffect of removing some
duplicate code.
Reviewed by: rwatson
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
complexities associated with having MD (asm and inline) versions, and
having to prevent exposure of these functions in other headers that
happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.
Tested on: alpha, i386
Reviewed by: bde, jake, tmm
- missing whitespace
- strange version of warn() built out of warnx() + strerror(). Just use
warn().
- conversion of just one of the two perror()'s to warn*()
Actually use _warn() instead of _warn(), to keep up with namespace-
unpollution for warn().
change prototypes to be the same as in the original sun tirpc code.
Remove ()P macro in a file where the mayority had ()P already removed.
Add them if the mayority use ()P macros.
Submitted by: mbr
Requested by: bde
server handle (for reuse or whatever). We just return now a handle
connected to the local rpcbind.
Do not try to call checkcache, if host = NULL;
Submitted by: mbr
In NetBSD, Solaris, xprt->xp_p2 pointed directly to the credentials,
in FreeBSD xprt->xp_verf.oa_base was a pointer to a struct cmessage,
which is defined as follow:
struct cmessage {
struct cmsghdr cmsg;
struct cmsgcred cmcred;
};
The credentials were submitted the right way and xprt->xp_p2 pointed to them.
But cb_verf.oa_flavor was still empty. There was an assignment missing
in svc_recv() in svc_vc.c:
msg->rm_call.cb_verf.oa_flavor = AUTH_UNIX;
Also
+ if (addr.ss_family == AF_LOCAL) {
+ xprt->xp_raddr = *(struct sockaddr_in *)xprt->xp_rtaddr.buf;
+ xprt->xp_addrlen = sizeof (struct sockaddr_in);
+ }
was missing. But the first seems not to be needed:
I guess in rpc.yppasswdd there was a typo:
- transp>xp_verf.oa_flavor != AUTH_UNIX) {
+ rqstp->rq_cred.oa_flavor != AUTH_UNIX) {
This little fix does fix the breakage in rpc.yppasswdd :-)
+ if (msg.msg_controllen == 0 ||
+ (msg.msg_flags & MSG_CTRUNC) != 0)
+ return (-1);
We cannot set the cb_verf.oa_length in svc_recv() of svc_vc.c,
the credentials get overwritten then, and that's bad.
Submitted by: mbr
were removed and replaced them with clnt_tp_create, now the af_local
support is fixed.
I also removed the hack how rpcinfo contacted rpcbind, now we can
relay on clnt_tp_create create the client-handle for us. Only
rpcbind itself needs a hardcoded socket-path.
Submitted by: mbr
Also add $FreeBSD
in conditional code that happens not to be compiled, and because gcc
doesn't complain garbage after #endif by default.
Fixed some style bugs in previous commit, 1.8 and 1.1.
commit.
Fixed related style bugs:
basename.c: misplaced '#if 0'
dirname.c: misplaced '#if 0'
getgrent.c: missing '#if 0', and tab lossage in vendor id (the previous
commit fixed the complete corruption of the vendor id but
lost a tab)
getpwent.c: missing '#if 0'
and sbrk's prototype from char *sbrk(int) to void *sbrk(intptr_t).
This makes us more consistant with NetBSD and standards which include
these functions. Bruce pointed out that ptrdiff_t would probably
have been better than intptr_t, but this doesn't match other
implimentations.
Also remove local declarations of sbrk and unnecessary casting.
PR: 32296
Tested by: Harti Brandt <brandt@fokus.gmd.de>
MFC after: 1 month
time_to_xxx() and xxx_to_time() functions. e.g. _time_to_xxx()
instead of time_to_xxx(), to make it more obvious that these are
stopgap functions & placemarkers and not meant to create a defacto
standard. They will eventually be replaced when a real standard
comes out of committee.
is correct but less than useful. There is some uncertainty about whether
isblank() is in C99, but it is certainly not in C90. It just conforms
to C89 because it is a conforming extension.
functions are defined in SUSv2 and the latest POSIX spec.
Thanks to Bernd Walter <ticso@cicely8.cicely.de> for helping debug my
alpha assembly.
Approved by: -arch
1. ctype.h defines digittoint(), isnumber() and ishexnmber(), yet
they are not documented in any of the manpages.
2. The ctype manpage references a non-existent manpage for
digittoint().
3. The isascii() manpage claims it is standards compliant, when
it isn't.
4. isblank() claims it is _not_ standards compliant, when it
is.
Fix by including the appropriate .Nm entries, and with a new digittoint.3
page.
PR: docs/26451
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>
alpha these bugs didn't cause any problems because it was little endian,
but on sparc64, we ended up with garbage for the IP address when we tried
to contact the server. (Usually 3.253.0.0)
Not objected to by: wpaul
data without confirming the connection by issuing a recvmsg(2) [...]".
There's no such code in the kernel.
PR: 26861
Submitted by: Richard A Steenbergen <ras@e-gerbil.net>,
Tom Rhodes <darklogik@pittgoth.com>
the first revision of strcpy(3)'s section is included, but should be
removed as the Security Architecture document is committed and
completed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
at first and try to set an accept_filter(9) on it only after that.
Also document errno value that will be set if installing the
filter on a non-listening socket.
This will be trimmed as the FreeBSD Security Architecture document
is fleshed out and committed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Add support for handling floating point disabled traps mostly in userland
for the simple single threaded case. Not yet enabled by default.
Implement __sparc_utrap_install as specified by the sparc abi.
- Don't connect datagram socket if RES_INSECURE1.
- Needed to implement IPv6 anycast UDP DNS queries as documented in
<draft-ietf-ipngwg-dns-discovery-03.txt>.
Obtained from: KAME
According to C99:
"The functions atof, atoi, atol, and atoll need not
affect the value of the integer expression errno on an
error. If the value of the result cannot be represented,
the behavior is undefined."
o Document the following capabilities: CAP_NET_ADMIN, CAP_SYS_RAWIO,
CAP_SYS_ADMIN, and CAP_SYS_TTY_CONFIG.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
calls.
This change allows libc_r to create thread contexts with a different
stack and return address.
With much detective work by: Bernd Walter <ticso@cicely.de>
LC_MESSAGES related data was installed to <locale>/LC_MESSAGES file.
Now it go to <locale>/LC_MESSAGES/SYS_LC_MESSAGES file. LC_MESSAGES
directory is supposed to be storage of message catalogs of userland tools.
This should allow us to avoid many potential problems with future
libintl related functionality introduction.
Thanks for useful suggestions about correct way how to replace plain
files with directories at installworld stage to: Ruslan Ermilov <ru>
In original version grouping was hardcoded. It assumed that thousands
separator should be inserted to separate each 3 numbers. I.e. grouping
string "\003" was assumed for all cases. In correct case (per POSIX)
vfprintf should respect locale defined non-monetary (LC_NUMERIC
category) grouping sequence.
Also simplify thousands_sep handling.
more careful about reporting truncation with ERANGE in strerror_r.
Set errno to EINVAL for "unknown" errnum in strerror as required
by P1003.1-200x Draft June 14, 2001.
More carefully document the handling of strerrbuf when errors
(ERANGE, EINVAL) are encountered in strerror_r.
Reviewed by: bde (ongoing discussion)
dump core if invoked with an input file that looks like a password file
but isn't (e.g. /etc/group).
PR: 32378
Submitted by: Maxim Konovalov <maxim@macomnet.ru>
MFC after: 1 week
This API is supported in SVR4.0MP, Solaris, Linux, AIX and Tru64 Unix.
PR: bin/27489
Submitted by: Arun Sharma <arun@sharma-home.net>
Reviewed by: bde (prior version)
o Hide nonstandard functions and types in <netinet/in.h> when
_POSIX_SOURCE is defined.
o Add some missing types (required by POSIX.1-200x) to <netinet/in.h>.
o Restore vendor ID from Rev 1.1 in <netinet/in.h> and make use of new
__FBSDID() macro.
o Fix some miscellaneous issues in <arpa/inet.h>.
o Correct final argument for the inet_ntop() function (POSIX.1-200x).
o Get rid of the namespace pollution from <sys/types.h> in
<arpa/inet.h>.
Reviewed by: fenner
Partially submitted by: bde
removing it from our source tree in order to have one version
of strtod() for all arches. netbsd_strtod.c still left in source
tree until alpha folks make sure that our native strtod() works
as well as NetBSD's one.
Reviewed by: peter, bde (some time ago)
- New length modifiers: hh, j, t, z.
- New flag: '. Note that %'f is not yet implemented.
- Use "inf"/"nan" for efg formats, "INF"/"NAN" for EFG formats.
- Implemented %q in terms of %ll; if "quad_t" is not "long long"
%q will break.
Still to do:
- %C, %S, %lc, %ls (wide character support)
- %'f (thousands in integer portion of %f)
- %a/%A (exact hex representation of floating-point numbers)
Garrett Wollman wrote the first version of the vfprintf.c update;
Mike Barcroft wrote the first version of the printf.3 changes.
STANDARDS section of the page. Add one remark there about inet_pton(3)
only understanding decimal values (in contrast to inet_aton(3) and
friends who are happy with 0ac.020.25 for 172.16.0.25).
Caught by: ru
MFC after: 2 days
The definition of character class digit requires that only ten characters
-the ones defining digits- can be specified; alternate digits (for
example, Hindi or Kanji) cannot be specified here. However, the encoding
may vary if an implementation supports more than one encoding.
The definition of character class xdigit requires that the characters
included in character class digit are included here also and allows for
different symbols for the hexadecimal digits 10 through 15.
the return code and errno instead. Those warnings did not do any good
for daemonized users of initgroups(3), and confused cvs clients that
communicated with non-root cvs pserver.
The committed fix differs from the one suggested in the PR, and was
submitted by ru.
PR: 15421
Approved by: markm
Discussed on: -stable, -current at various times
offsets don't work. It should really be documented that the returned
pointer can be in the middle of a fully-valid page when the offset
is not page-aligned, but I couldn't come up with suitable wording.
PR: kern/22754
extattr namespace routines to the libc/posix1e directory. While
the extattr calls are not strictly POSIX.1e, POSIX.1e wasn't
strictly ever approved, so I think that's OK.
Obtained from: TrustedBSD Project
- Renumber labels since the previous revision removed one.
- Remove useless and wrong comment.
- Repeating the function name is just redundant.
- The previous revision made the comment about %edx useless.
- The comment about %eax was wrong (but did explain why %eax used to be
fixed up).
Submitted by: bde
`warn'. Now a whole 2 members of the err() family don't cause pollution.
This fixes world breakage in awk for NOSHARED worlds. contrib/awk/msg.c
has had its own version of err() for a long time, but this somehow
didn't cause problems until the update to awk-3.1.0.
access an array beyond it's length. This only happens in the last iteration of
a loop, and the value fetched is not used then, so the bug is a relatively
innocent one. Fix this by not fetching any value on the last iteration of said
loop.
Submitted by: MKI <mki@mozone.net>
MFC after: 1 week
hosts:!!!!!!!!@@@@@$%^&*()()*$(files{}{}|||++!)(dns
exactly the same as:
hosts: files dns
Recover from parse errors by looking for the end of a line; this
allows entries without errors to still be parsed even if there is
an erroneous entry earlier in the file.
I'm assuming that the comment was regarding socket address structures, so
correct the comment about pre-zero'ing socket structures to recommend
pre-zero'ing socket address structures.
- Fix some minor grammar nits.
- This isn't directly submitted by the PR below but is related to it and was
inspired by it.
PR: 31704
the netbsd_strtod.c file we have does not. More still should be done
here, but this works happily on my Alpha. I have not (yet?) changed
the Makefile.inc to use this.
If zero bytes are allocated, return pointer to the middle of page-zero
(which is protected) so that the program will crash if it dereferences
this illgotten pointer.
Inspired & Urged by: Theo de Raadt <deraadt@cvs.openbsd.org>
serve two purposes: (1) so we can maintain backwards compatibility with
protocols (rwhod, dump, etc...) that either assume time_t is 32 bits or
assume sizeof(time_t) == sizeof(int), or make other similar assumptions.
(2) To tag such routines (by the presence of these calls) for future
cleanup/extension work.
The 32->64 routine, time32_to_time() (when time_t is 64 bits, that is),
is defined specifically to implement temporal locality to properly set the
msb bits of a 64 bit time_t quantity, using the 50 year rule. The locality
code has not been implemented yet (and doesn't need to be for a while),
but that is the intent. This will allow us to maintain backwards protocol
compatibility past 2038.
These routines are intended to be platform and time_t agnostic.
MFC after: 1 week
since that is what we use now and this insulates us from any time_t
tweaks here. We can define a record format that uses 64 bit times if/when
we need to.
using rcmd directly. This has been in my tree for a long time, but we
may need to sync with OpenBSD before MFC.
Obtained from: openbsd
PR: 15830
MFC after: 2 months
manual page), fix capitalization, and remove chflags reference from
SEE ALSO since the only time it's referenced is with an .Xr, anyway.
Submitted by: bde
Updated by peter following KSE and Giant pushdown.
I've running with this patch for two week with no ill side effects.
PR: kern/12014: Fix SysV Semaphore handling
Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
number of characters that are searched. This is especially useful
with file operations and non-NUL terminated strings.
Silence from: -audit, -hackers
MFC after: 5 days
1) Allow the sending of more than one control message at a time
over a unix domain socket. This should cover the PR 29499.
2) This requires that unp_{ex,in}ternalize and unp_scan understand
mbufs with more than one control message at a time.
3) Internalize and externalize used to work on the mbuf in-place.
This made life quite complicated and the code for sizeof(int) <
sizeof(file *) could end up doing the wrong thing. The patch always
create a new mbuf/cluster now. This resulted in the change of the
prototype for the domain externalise function.
4) You can now send SCM_TIMESTAMP messages.
5) Always use CMSG_DATA(cm) to determine the start where the data
in unp_{ex,in}ternalize. It was using ((struct cmsghdr *)cm + 1)
in some places, which gives the wrong alignment on the alpha.
(NetBSD made this fix some time ago).
This results in an ABI change for discriptor passing and creds
passing on the alpha. (Probably on the IA64 and Spare ports too).
6) Fix userland programs to use CMSG_* macros too.
7) Be more careful about freeing mbufs containing (file *)s.
This is made possible by the prototype change of externalise.
PR: 29499
MFC after: 6 weeks
is interrupted by saving the pid.
The old code would assign the return value to pid which would trash
it, to fix the problem save a copy of the pid to be used as the
paramter to wait4().
Submitted by: Toshihiko ARAI <toshi@jp.FreeBSD.org>
The corresponding bugs in <wchar.h> have no effect because the function
prototypes there don't have args so the __restrict "keyword" is
misinterpreted as an arg.
Note our implementation is not thread nor async-cancel safe.
Explicitely note atof() does not check nor report errors.
Note that strtod() should be used instead.
Also add C99 conformity status plus clarification that C99 leaves the
flushing of unwritten data, closure of open streams, and removal of
temporary files to the implementation.
of repeating unsuccessful lseek call on each write (original stdio bug).
2) Save errno accross _sseek call in _swrite to not touch it in case write
success (original stdio bug).
3) Add _sseek error checking back, but only for __SOPT mode now.
This is a first cut, but enough to help people interested in using it
further than before.
More text coming to illustrate use and provide more details.
Based on standards' text.
with non-seekable streams. Now here is what here was originally, but it is
ugly, producing unneded seek syscall on each non-seekable stream write. I'll
think about proper solution later.
manpage by taking its text from NetBSD and editing it further.
This also improves the page's mdoc(7) markup style.
Reviewed by: ru
Obtained from: NetBSD
my last version of this work due to HDD crash, but this version cleanly
passed all POSIX and SuSv2 tests. I am working on testing scripts which
should test this implementation against all locales and surely more fixes
will come soon.
Reviewed by: ache, silence at -audit & -developers
o Removed whitespace at EOL
o Removed hard sentence breaks
o Added cap_size() to the NAME section
o Normalized .Nd descriptions
o Fixed the abuses of .Nm and .Va
o Fixed some DESCRIPTION texts
o Fixed the RETURN VALUES and ERRORS texts to look more traditional
Reviewed by: tmm
'locale not used' statement from comments and BUGS section of manpage.
strtol(): fix non-portable 'cutoff' calculation using the same method as
in strtoll().
Cleanup 'cutoff' calculation, remove unneded casts. Misc. cleanup to
make all functions looks the same.
Implement EINVAL reaction per POSIX, document it in manpage, corresponding
POSIX example quotes here:
------------------------------------------------
If the subject sequence is empty or does not have the expected form, no
conversion is performed; the value of str is stored in the object pointed
to by endptr, provided that endptr is not a null pointer.
If no conversion could be performed, 0 shall be returned and errno may be
set to [EINVAL].
[EINVAL] The value of base is not supported.
Since 0, {LONG_MIN} or {LLONG_MIN}, and {LONG_MAX} or {LLONG_MAX} are
returned on error and are also valid returns on success, an application
wishing to check for error situations should set errno to 0, then call
strtol( ) or strtoll ( ), then check errno.
-----------------------------------------------------
are not used'. This is incorrect, as addr must be passed (caddr_t)1
to do anything useful. The source for gdb and a short test program
will confirm that this man page was in error.
PR: docs/27758
Submitted by: Jiangyi Liu <jyliu@163.net>
sys/capability.h--this compiled fine on i386 where (int) and (ssize_t)
are the same, but broke on Alpha where they differ.
Submitted by: Mike Barcroft <mike@FreeBSD.org>
Obtained from: TrustedBSD Project
plain regular files, i.e. files with __SOPT flag set. Fix it, so ftell(stdout)
always returns the same as lseek(1, 0, 1) now.
NOTE: this bug was in original stdio code
__swrite() and __sseek() to higher level. According to funopen(3) they all
are just wrappers to something like standard read(2), write(2) and
lseek(2), i.e. must not touch stdio internals because they are replaceable
with any other functions knows nothing about stdio internals. See example
of funopen(3) usage in sendmail sources f.e.
NOTE: this is original stdio bug, not result of my range checkin added.
internal functions there may fail and set (i.e. overwrite) errno in normal
(not error) situation). In original variant errno testing after call
(as POSIX suggest) is wrong when errno overwrite happens.
0, return that we can't specify it, i.e. error with ESPIPE.
(hint from: "Peter S. Housel" <housel@acm.org>)
Back out sinit() addition, not needed after various code simplifications.
support functions:
cap_subset_np() - Is cap1 a subset of cap2
cap_equal_np() - Is cap1 equal to cap2
o Introduce implementations of POSIX.1e capability support functions:
cap_copy_ext() - Externalize capability
cap_copy_int() - Internalize capability
cap_size() - Determine size required for cap_copy_ext()
Submitted by: tmm
Obtained from: TrustedBSD Project
When file offset tends to be negative due to internal and ungetc buffers
additions counted, try to discard some ungetc data first, then return EBADF.
Later one can happens if lseek(fileno(fd),...) called f.e. POSIX says that
ungetc beyond beginning of the file results are undefined, so we can just
discard some of ungetc data in that case.
Don't rely on gcc cast when checking for overflow, use OFF_MAX.
Cosmetique.
o Unify <machine/endian.h>'s across all architectures.
o Make bswapXX() functions use a different spelling of u_int16_t and
friends to reduce namespace pollution. The bswapXX() functions
don't actually exist, but we'll probably import these at some
point. Atleast one driver (if_de) depends on bswapXX() for big
endian cases.
o Deprecate byteorder(3) prototypes from <sys/types.h>, these are
now prototyped indirectly in <arpa/inet.h>.
o Deprecate in_addr_t and in_port_t typedefs in <sys/types.h>, these
are now typedef'd in <arpa/inet.h>.
o Change byteorder(3) prototypes to use standards compliant uint32_t
(spelled __uint32_t to reduce namespace pollution).
o Document new preferred headers and standards compliance.
Discussed with: bde
PR: 29946
Reviewed by: bmilekic
documented by POSIX.1e, and understand the opaque capability structures.
Introduce support in the userland POSIX.1e library for a
_CAPABILITY_NEEDMACROS define to remove these macros from the normal
namespace, but allow the libc functions to use them.
Submitted by: tmm
Obtained from: TrustedBSD Project
referal from mmap to minherit for MAP_INHERIT. Fully document the
minherit.2 manual page (because frankly, my dear, however you think it
currently works is almost certainly wrong!). I may soon re-implement
MAP_COPY because I believe we can support it properly now, but I will have
to call it something else and that is for a later time.
socket option for the Unix domain. It's weaker than the
socket option (this only returns the uid and gid, while the
socket opt. can return the entire group list), and is
implemented mostly for compatibility with OpenBSD.
Resulting fseek() offset must fit in long, required by POSIX (pointed by bde),
so add LONG_MAX and final tests for it.
rewind.c:
1) add missing __sinit() as in fseek() it pretends to be.
2) use clearerr_unlocked() since we already lock stream before _fseeko()
3) don't zero errno at the end, it explicitely required by POSIX as the
only one method to test rewind() error condition.
4) don't clearerr() if error happens in _fseeko()
"[EINVAL] ... The resulting file-position indicator would be set to a
negative value."
Moreover, in real life negative seek in stdio cause EOF indicator cleared
and not set again forever even if EOF returned.
2) Catch few possible off_t overflows.
Reviewed by: arch discussion
It was foiled because of dynamic copy relocations that caused compile-time
space to be reserved in .bss and at run time a blob of data was copied to
that space and everything used the .bss version.. The problem is that
the space is reserved at compile time, not runtime... So we *still* could
not change the size of FILE. Sigh. :-(
Replace it with something that does actually work and really does let us
make 'FILE' extendable. It also happens to be the same as Linux does in
glibc, but has the slight cost of a pointer. Note that this is the
same cost that 'fp = fopen(), fprintf(fp, ...); fclose(fp);' has.
Fortunately, actual references to stdin/out/err are not all that common
since we have implicit stdin/out/err-using versions of functions
(printf() vs. fprintf()).
is stored in _res_ext.sort_list, and sortlist for IPv4 is stored in
_res.sort_list for backward compatibility. However, both sort_list's
are maintaind by just one index _res.nsort. So, when IPv6 address is
specified to sortlist, empty entry was created in _res.sort_list. It
broke sortlist facility of gethostbyname().
Discussed on users@jp.ipv6.org.
Backout previous revision. We should not expand plain text xrefs if
they appear in the literal text, e.g. in the error or warning message
of the library function. (Submitted by: bde)
Moved "out of memory" from warning to errors section.
o Replace strncpy examples with less confusing ones from
OpenBSD. These examples give more detail and also suggest
using strlcpy(3).
Reviewed by: des, ru, sheldonh
Obtained from: OpenBSD
MFC after: 3 days
Avoid using parenthesis enclosure macros (.Pq and .Po/.Pc) with plain text.
Not only this slows down the mdoc(7) processing significantly, but it also
has an undesired (in this case) effect of disabling hyphenation within the
entire enclosed block.
to strdup() the address string before returning it via *targaddr
because the caller will free the string.
Change the comment at the top of getclnthandle() to clarify that
the caller is responsible for freeing *targaddr.
Noticed by: sobomax
with NetBSD and OpenBSD. glob(3) will now return GLOB_NOSPACE with
errno set to 0 instead of GLOB_LIMIT when we match more than `gl_matchc'
patterns. GLOB_MAXPATH has been left as an alias of GLOB_LIMIT to
maintain backwards compatibility.
Reviewed by: sheldonh, assar
Obtained from: NetBSD/OpenBSD
already found in the sigaction(2) manual.
As discussed with the committer of that delta, cross-reference the list
in sigaction(2) instead of duplicating the list of functions that are
safe for use within signal handlers.
Clarify that if strlcat() does not find a NUL within siz byte it
will not NUL terminate either.
Document boundary condition when size < strlen(dst).
"of", not "on" (from Henric Jungheim)
Obtained from: OpenBSD
MFC After: 1 week
Previously, some useful xrefs were missing.
Now each of the pages refers to all remaining section 2 pages,
to the kld(4) page, and to a related utility's (section 8) page.
change the name of the page (.Nm) from "kldstat" to "modstat".
Second, don't claim that modstat(2) always returns 0. Actually,
it behaves as most syscalls do - returns 0 on success, or -1
on failure.
MFC after: 5 days
whether or not connect(2) is used for UDP client sockets. The default
is not to connect(), so existing clients will see no change in
behaviour.
The use of connect(2) for UDP clients has a number of advantages:
only replies from the intended address are received, and ICMP errors
pertaining to the connection are reported back to the application.
and its associated constants. Implement _SC_IOV_MAX in the usual way.
Be a bit sloppy about the namespace question; this should get cleared up
in time for 5.0.
MFC after: 1 month
of calling sigprocmask(). This matches the behaviour of thr_sigsetmask()
on Solaris; _pthread_sigmask_stub was added purely for compatibility
with Solaris (for TI-RPC), so it might as well do the same thing.
This fixes the problem where client RPC calls ignored all signals
for the complete duration of the RPC. This behaviour is currently
necessary in the threaded case due to locking issues, but was never
intended to occur in non-threaded programs.
Reviewed by: deischen
IPv6 transport-ready resolvers/DNS servers. Need careful configuration
when enable it. (default config is not affected).
See manpage for details.
XXX visible symbol __res_opt() is added, however, it is not supposed to be
called from outside, libc minor is not bumped.
Obtained from: KAME/NetBSD
data pointer. This bug has been here since the ti-rpc import; it
apparently broke the clnt_control CLGET_SVC_ADDR options.
PR: misc/27813
Submitted by: Jean-Luc Richier <Jean-Luc.Richier@imag.fr>
there and compare the inode and device numbers to the values we remember,
to guard against the directory having been moved around in the meantime.
Reported by: Nick Cleaton <nick@cleaton.net>
Tor created a while ago, removes the raw I/O piece (that has cache coherency
problems), and adds a buffer cache / VM freeing piece.
Essentially this patch causes O_DIRECT I/O to not be left in the cache, but
does not prevent it from going through the cache, hence the 80%. For
the last 20% we need a method by which the I/O can be issued directly to
buffer supplied by the user process and bypass the buffer cache entirely,
but still maintain cache coherency.
I also have the code working under -stable but the changes made to sys/file.h
may not be MFCable, so an MFC is not on the table yet.
Submitted by: tegge, dillon
accidentally clobber the server address if a stray packet arrived
at the client port. This would result in any further retransmits
going to the wrong address.
For now, fix this by not saving the source address of the reply; this
matches the pre-tirpc behaviour.
history info as:
: .Sh STANDARDS If the command, library function or file adheres to a
: specific implementation such as IEEE Std 1003.2
: (``POSIX.2'') or ANSI X3.159-1989 (``ANSI C'') this
: should be noted here. If the command does not adhere
: to any standard, its history should be noted in the
: HISTORY section.
terminates the string in all cases, based on code from netstat(1).
The path in a sockaddr_un is terminated either by a '\0', or by
the end of the sockaddr as defined by sun_len.
Previously, the code could write the "safety" '\0' beyond the end
of the sockaddr (sockaddr_un's need only be large enough to store
sun_len bytes), and writing into the the supplied sockaddr is bad
anyway.
longer includes machine/elf.h.
* consumers of elf.h now use the minimalist elf header possible.
This change is motivated by Binutils 2.11.0 and too much clashing over
our base elf headers and the Binutils elf headers.
address" string to a netbuf/sockaddr "transport address". In the
case of an AF_LOCAL address, it was missing the code to actually
point the netbuf at the newly allocated sockaddr_un, so the caller
ended up with a netbuf containing junk.
Submitted by: Martin Blapp <mb@imp.ch>
required by POSIX.1e. This maintains the current 'struct acl'
in the kernel while providing the generic external acl_t
interface required to complete the ACL editing library.
o Add the acl_get_entry() function.
o Convert the existing ACL utilities, getfacl and setfacl, to
fully make use of the ACL editing library.
Obtained from: TrustedBSD Project
arguments where the format string is obtained from user data, or
otherwise difficult to verify statically.
Example usage:
printf(fmtcheck(user_format, standard_format), arg1, arg2);
checks the format string user_format for consistency (same number/order/
type of format operators) with standard_format. If they differ,
standard_format is used instead to avoid potential crashes or security
violations.
Obtained from: NetBSD
Reviewed by: -arch
instead of #pragma weak to create weak definitions. This macro is
improperly named, though, since a weak definition is not the same
thing as a weak reference.
Suggested by: bde
than the default buffer size in the old RPC code (8800 bytes), and
it could not be overriden by the application. This caused problems
with CFS (/usr/port/security/cfs).
Change this default back to UDPMSGSIZE (8800 bytes), but more
importantly, allow applications to use larger message sizes for
all protocols if desired. Choose an arbitrary maximum message size
of 256k instead of using the default as the maximum (which is
silly).
Reported by: ache
Reviewed by: alfred, Martin Blapp <mb@imp.ch>
functions.
- Place the acl_dup() description in alphabetical order.
- Move the POSIX.1e descriptions under the ENVIRONMENT section to the
STANDARDS section.
Reviewed by: rwatson
Obtained from: TrustedBSD Project
Makefile, add Makefile.inc needed for libc build; add
#include "namespace.h"/#include "un-namespace.h" pairs around the
includes of sys/acl.h and sys/capability.h, and an additional underscore
in front of the functions that will be overridden in libc_r.
Approved by: rwatson
Obtained from: TrustedBSD Project
`nc_error' variables. Move the nc_lock mutex from mt_misc.c to a
static variable within this function, since it is only used here.
Add a new getnetconfigent() error code `NC_NOTFOUND' to report the
case where the specified netid was not found. Set nc_error in all
error cases in getnetconfigent() so that the error messages returned
by nc_(s)perror are always meaningful.
Add a terminating \n to the output of nc_perror() to match both
our manpage and other implementations of this function.
Reviewed by: deischen, alfred, Martin Blapp <mb@imp.ch>
RPC clients hanging. The real problem turned out to be missing
cleanup code; this was fixed in clnt_vc.c r1.5 and clnt_dg.c r1.4.
Submitted by: Martin Blapp <mb@imp.ch>
so that the underscored versions of the pthread functions get
declared. This removes around 300 lines of 'implicit declaration
of XXX' warnings from the output of a libc build with -Wall.
Reviewed by: Martin Blapp <mb@imp.ch>, alfred
I've left out a couple of unused args between internal functions.
Use MAXPATHLEN, not MAXPATHLEN + 1 in a couple of places.
Pass a pointer to the end of the target filename space.
exactly the right size. Do it differently - pass a length rather than an
end-of-string+1 pointer as this is more convenient anyway. Get rid of
the bogus +1's.
to make asynchronous RPCs. This is needed to help fix ypbind, which can no
longer override the clnt_dg_call() method (formerly the clntudp_call()
method) due to all the internal descriptor locking code in TI-RPC. Turning
on this flag allows us to send an RPC request, then return immediately,
and handle a reply later, rather than being forced to do the request
and reply in a single function call.
Also fix a byte ordering bug: when clnt_dg_call() increments the XID
prior to transmitting a request, it uses the raw value, which is wrong.
The XID is stored in network byte order, i.e. big-endian. The CLSET_XID
and CLGET_XID commands in clnt_dg_control() use ntohl()/htonl() to get
the byte ordering right, but because clnt_dg_call() does not do this,
using CLSET_XID/CLGET_XID doesn't actually work, unless you're on a
big endian host, which we aren't (yet). Fix clnt_dg_call() to byte swap
properly when doing the increment.
o Revise description in light of commits over last month including:
- ACL editing library is now implemented
- ACLs are now implemented
Obtained from: TrustedBSD Project
because libc/rpc/key_call.c references uname(), and ps/print.c also
defines uname(), and ps is linked statically. This leads to a symbol
clash. The userland uname(3) kinda sucked anyway as the hostname
etc was too short. And since the libc rpc interface now uses
the utsname.nodename which gets truncated, I was tempted into doing
something about it. Create a new userland uname function, called
__xuname() which takes an extra argument that allows you to change
the size of the fields. uname() becomes a static inline function
in sys/utsname.h that passes the extra argument in. struct utsname
has its field members expanded by default now in userland.
We still provide a 'uname' externally linkable function for things
that either think that they ``know'' the utsname format and assume
32 character strings and bypass the include file, or objects that
are linked against old libcs. ie: just about every plausible
case that I can think of is covered. Should we ever change the
default lengths again, a libc major bump should not be required
as the size is now passed to the function.
XXX the uname(2) in the kernel is for FreeBSD 1.1 binary compatability!
All the uname(3) functions that are exported to userland are actually
implemented in libc with sysctl. uname(1) uses sysctl directly and
does not call uname(3).
PR: bin/4688
acl_add_perm, acl_clear_perms, acl_copy_entry, acl_create_entry,
acl_delete_perm, acl_get_permset, acl_get_qualifier, acl_get_tag_type,
acl_set_permset, acl_set_qualifier, acl_set_tag_type
This brings us within 4 functions of a full ACL editing library.
Reviewed by: rwatson
Make struct cmessage visible from socket.h (about 4 places were
defining it for themselves which wasn't good)
Make __rpc_get_local_uid() useable and give it prototype that's
visible.
Fix some issues with printing out usernames from rpcbind and keyserv.
should have been repo-copied from it in the first place.
Apply all of our fixes up to and including revision 1.14 to
the original rpc.3 manpage, including conversion to mdoc(7).
number of paths which glob(3) will return. Remove the hardcoded limit
from the last commit, which restores the previous unbounded behavior.
Document the new flag in the manual page.
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
- lowercase Nd argument
- mark function arguments with Fa
- mark defined values with Dv
- simply copying POSIX text for RETURN VALUES and ERRORS sections is not
always a good idea. POSIX uses the word "shall" indicating the behavior
the correct implementation should follow.
o acl_calc_mask(): calculates the ACL mask entry associated with
the given ACL.
o acl_delete_entry(): remove a specified ACL entry from the given
ACL.
Approved by: rwatson
since they not allows POSIXly legal locale data. Currently, if relaxed form
POSIXly legal locale data will be used right now, some programs will be broken,
but it means that either locale data or programs must be fixed, not the library.
Introduce non-standard md_order (month/day order) locale field to be used later
via nl_langinfo(). Currently %EF and %Ef emulated using this field, but they
planned for remove in future in favour of nl_langinfo() test field.
Implement %F per POSIX
is currently set to 10000. This is intended to prevent glob from running
amok when a highly recursive path is provided (such as "../*/../*/../*/...")
Reviewed by: Diane Bruce <db@db.net>, jhb
utility functions which convert between string namespace names and
numeric constants used by the interface. Right now, two namespaces
are supported, EXTATTR_NAMESPACE_SYSTEM ("system") and
EXTATTR_NAMESPACE_USER ("user"). These functions are used by
various userland EA utilities, rather than hard coding the routines
all over the place.
Obtained from: TrustedBSD Project
o Rename internal library functions so that they are prefixed with
_posix1e or _POSIX1E, removing them from the application namespace (and
potential conflict with other ACL functions elsewhere in the system).
Obtained from: TrustedBSD Project
Reviewed by: David Cross <dec@freebsd.org>, jkh <jkh@freebsd.org>
Approved by: jkh <jkh@freebsd.org>
Obtained from: Ian Dowse <iedowse@maths.tcd.ie>, David Cross <dec@freebsd.org>
We have been running this patch on a production NIS server for 2.5 weeks now.
Normally we would have ypserv die at least once a week, and often many times
a day.
This patch treats and error from select as zeroing out the FD_SET to indicate
that no fds are ready for reading. This is safe because the rpc code
always re-inits the FDSET before calling select.
The below text is quoted from the latest POSIX draft:
: The values of locale categories shall be determined by a precedence
: order; the first condition met below determines the value:
:
: 1. If the LC_ALL environment variable is defined and is not null,
: the value of LC_ALL shall be used.
: 2. If the LC_* environment variable (LC_COLLATE, LC_CTYPE, LC_MESSAGES,
: LC_MONETARY, LC_NUMERIC, LC_TIME) is defined and is not null, the
: value of the environment variable shall be used to initialize the
: category that corresponds to the environment variable.
: 3. If the LANG environment variable is defined and is not null, the
: value of the LANG environment variable shall be used.
: 4. If the LANG environment variable is not set or is set to the empty
: string, the implementation-defined default locale shall be used.
The conditions 1 and 2 were interchanged, i.e., LC_* were looked first,
then LC_ALL, then LANG (note that LC_ALL and LANG were essentially the
same, providing the default, with LC_ALL taking precedence over LANG).
Now, LC_ALL and LANG serve the different purposes. LC_ALL overrides
any LC_*, and LANG provides the default fallback.
Testcase:
/usr/bin/env LC_ALL=C LC_TIME=de_DE.ISO_8859-1 /bin/date
Should return date in the "C" locale format.
Inspired by: date(1) reference page in the Draft
lock definitions to it. flockfile state is now allocated
along with the rest of FILE. This eliminates the need for a
separate allocation of flockfile state as well as eliminating
the mutex/lock used to serialize its allocation.
Even better formula from random() could not be intetgrated because rand_r()
supposed to store its state in the single variable (but table needed for
random() algorithm integration).
- new EV_SET macro,
- NOTE_LOWAT option for low water marks on read/write filters,
- NOTE_REVOKE for filesystem unmounting (and revoke() calls)
- improved API for EVFILT_AIO
This is about to be replaced anyway by initialization explicitly
instead of lazily, and reducing the complexity of it. As it is
now, this will work fine, however.
while with threaded software in -CURRENT acting very "weird". It has
seemed, for example, in Mozilla that threads attempting to do host
lookups have been locking up. That's exactly the case.
There was a race condition in the implementation of the initialization
of the mutex used to protect FILE operations, first of all: multiple
instances of FLOCKFILE() in libc could occur on the same FILE at
the same time and cause strange behavior by overwriting eachothers'
creation of the mutex and the rest of the file lock.
Secondly, it's not appropriate to test the "validity" of the file
descriptor referenced by the FILE; if the code is calling FLOCKFILE()
or FUNLOCKFILE(), it wants the FILE to be locked or unlocked, not
to be locked or unlocked on the condition that _file is >= 0. This
also could quite easily cause leaks by failing to perform the lock or
unlock operation when it actually is needed.
Mozilla now works again on -CURRENT when linked to libc_r.so.5 and
libc.so.5.
ABI change. There is some serious evilness here to work around some
gcc weaknesses. We need to know the sizeof(FILE) manually until __sF
goes away in the next major bump. We have the size for Alpha and i386,
missing is ia64, ppc and sparc* (and i386 with 64 bit longs).
At some point down the track we can change the stdin etc #defines to
stop hard coding the size of FILE into application binaries.
Lots of head scratching and ideas and testing by: green, imp
causing some versions of as to dump core. This survived make
buildworld/installworld and the building gettext port afterwards.
Submitted by: <nnd@mail.nsk.ru> "N.Dudorov"
Reviewed by: "Daniel M. Eischen" <eischen@vigrid.com>
o Back out the __std* stuff. Can't figure out how to do this right now,
so we'll save it for late.
o use _up as a pointer for extra fields that we need to access.
o back out the libc major version bump.
Submitted by: green
reviewed by: peter, imp, green, obrien (to varying degrees).
We'll fix the "how do we stop encoding sizeof(FILE) in binaries" part
later.
Change __dtoa to not free the string it allocated the previous time it was
called. The caller now frees the string after usage if appropiate.
PR: 15070
Reviewed by: deischen
bikeshed in -arch. It isn't quite over, but it has been well established
that this can be adjusted or refined. But we do seem to have consensis
on a major bump of some sort. After this, it should reasonably safe
to build world again.
This change is to get rid of __sF[] and use seperate __stdin/out/err
handles. This means we can pad on extra bits onto the end of FILE
at will without going through this all over again. __sF[] was evil
because it compiled the sizeof(FILE) into every stdio using program.
Asbestos suit on: check!
Peril sensitive sunglasses on: check!
*gulp!*
try a hopefully more robust stdin/stdout/stderr. This costs an indirect
pointer fetch, but saves us from changes in 'FILE'. The __stdin stuff
is there to not pollute application name space if the application does
not use <stdio.h> and also in case something depended on the current
behavior where stdin etc was a #define.
Reviewed by: eischen, dillon
Add a lock to FILE. flockfile and friends are now implemented
(for the most part) in libc. flockfile_debug is implemented in
libc_r; I suppose it's about time to kill it but will do it in
a future commit.
Fix a potential deadlock in _fwalk in a threaded environment.
A file flag (__SIGN) was added to stdio.h that, when set, tells
_fwalk to ignore it in its walk. This seemed to be needed in
refill.c because each file needs to be locked when flushing.
Add a stub for pthread_self in libc. This is needed by flockfile
which is allowed by POSIX to be recursive.
Make fgetpos() error return value (-1) match man page.
Remove recursive calls to locked functions (stdio); I think I've
got them all, but I may have missed a couple.
A few K&R -> ANSI conversions along with removal of a few instances
of "register".
$Id$ -> $FreeBSD$ in libc/stdio/rget.c
Not objected to: -arch, a few months ago
it in.
Some review from -hackers (some time ago), and I think the best way to
get this improved (if it needs improving) or updating, is to bring it in.
PR: docs/12557
Submitted by: Tim Singletary <tsingle@triana.gsfc.nasa.gov>
LC_NUMERIC::grouping) values.
. Always set __XXX_changed flags then loading numeric & monetary locale
categories to allow localeconv() to use C locale also.
LC_NUMERIC fields, but only for *grouping fields - other fields are converted
to a chars in localeconv(), so final change is:
"-1" -> "127"
127 here is because CHAR_MAX supposed, which is _positive_ (SUSv2 requirement),
not negative as 255. It is still a bit of hack. To find real CHAR_MAX will be
better to sprintf() it once somewhere in static buffer. *grouping parsing
still broken and missing and needs to be implemented.
LC_MONETARY, LC_NUMERIC are byte-arrays, not ASCII strings!
Fix "C" locale, change "-1" to {CHAR_MAX, '\0'} according to standards.
This is only partial fix - locale loading procedure remains broken as before
and load too big values for all locales. All numeric strings there should be
converted with something like atoi() and placed into bytes. Maybe I do it
later, if someone will not fix it faster.
Change __dtoa to not free the string it allocated the previous time it was
called. The caller now frees the string after usage if appropiate.
PR: 15070
to be the same as -ragged in the current implementation) to
-ragged. With mdocNG, -filled displays produce the correct
output, formatted and justified to both margins.
and treating (almost) all system calls the same way:
__sys_foo - actual syscall
foo, _foo - weak definitions to __sys_foo
Change PSEUDO syscalls (currently only _exit and _getlogin) to
be __sys_foo (T) and _foo (W).
Add $FreeBSD$ to a few files to satisfy commitprep.
Suggested by: bde
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.
Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo
Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.
Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.
Remove uneeded includes of <errno.h> from a few files.
Add $FreeBSD$ to a few files in order to pass commitprep.
Approved by: -arch
attempt to read memory when siz is 0
- Clarify comments referring to strlcat() usage
PR: 24278, 24295
Submitted by: Tony Finch <dot@dotat.at>
Richard Kettlewell <rjk@greenend.org.uk>
Reviewed by: -audit
single manual page, appropriately linked, since this removes the
decision of which page the (previously non-existent) sigmask.2
MLINK should point at.
Submitted by: will
- errno is already set to ENOMEM (as appropriate) when asprintf(),
strdup(), or acl_init() fails
o acl_to_text.c:
- the return value of the initial strdup() is not checked
- errno is already set to ENOMEM (as appropriate) when asprintf
and acl_init() fails
- let the the default: case use 'goto error_label' for consistency
Submitted by: jedgar
- The stack was getting smashed by __grow_type_table()
- reallocf() was being called with the wrong pointer
- The maximum argument number was being incorrectly computed
PR: misc/23521
interface was based on a draft version of POSIX whereas the final
(1996) version of POSIX specified that the error is returned.
While I'm here, fix getlogin_r so that it works for more than just
the first time it's called.
Reviewed by: wes, wollman (man page)
quitting every time. The way to free a CIRCLEQ was to loop until
the current == current->head, but the way to free a TAILQ is to loop
until current->head == NULL.
In any case, the CORRECT way to do it is a loop of TAILQ_EMPTY() checks
and TAILQ_REMOVE()al of TAILQ_FIRST(). This bug wouldn't have happened
if the loop wasn't hard-coded...
There may be more bugs of this type from the conversion.
identification and descriptions of most capabilities, current inheritence
rules, etc. More to follow.
Reviewed by: sheldonh
Obtained from: TrustedBSD Project
telldir positions. This will allow (future) locking on a
per-DIR basis (for MT-safety). For now, this change does
the following:
o Remove the hash table from telldir.c. Recode to use queue
macros.
o Remove 'const' from 'telldir(const DIR *)'.
o Remove 'register' variables as suggested in a recent
thread.
No response from: -current
- iruserok_sa() and __ivaliduser_af() were re-organized to use
__ivaliduser_sa()
- __icheckhost() was re-written to use getaddrinfo() instead of
getipnodebyname()
- better handling of multiple destination addresses in rcmd()
These changes were basically taken from KAME and changed to fit our
rcmd.c.
Obtained from: KAME
a NULL argument. Some programs change the contents of the argv
array, typically to remove some special arguments. They shorten
argv by storing a NULL where an argument pointer used to be. Such
programs core dumped if they called setproctitle(), because it
would try to apply strlen() to a NULL pointer.
instead of immediately after the fclose. The previous logic did work
on freebsd, but is somewhat risky practice (and causes trouble when
porting to other OS's).
PR: bin/22965
Reviewed by: Garrett Wollman
stderr in case of warnings and errors.
Rename malloc_options to have a leading underscore, I belive I have been
told that is more correct namespace wise.
the encoding and using the character set [a-zA-Z0-9]. This gives a total
of 62^6 = 56800235584 possible temporary filenames for the usual default
invocation of 6 X's (compared to as few as 52 possibilities for the
previous algorithm where up to 5 characters were wasted by the PID).
Update some apparently bitrotten comments to reflect reality.
Audited by: eivind, freebsd-audit
Reviewed by: freebsd-current (a while ago)
Originally submitted by: Peter Jeremy <Peter.Jeremy@alcatel.com.au>
in <sys/signal.h>.
This might be a shortterm fix until the manpage is updated towards
POSIX terminology. And maybe not...
PR: 21542
Submitted by: Ronald F. Guilmette <rfg@monkeys.com>
Add references to the newly added hardware debug register
support functions i386_clr_watch(3) and i386_set_watch(3).
Reviewed by: Sean Eric Fagan <sef@kithrup.com>
and no other response to the review request.
u_int64_t flag field, bounding the number of capabilities at 64,
but substantially cleaning up capability logic (there are currently
43 defined capabilities).
o Heads up to anyone actually using capabilities: the constant
assignments for various capabilities have been redone, so any
persistent binary capability stores (i.e., '$posix1e.cap' EA
backing files) must be recreated. If you have one of these,
you'll know about it, so if you have no idea what this means,
don't worry.
o Update libposix1e to reflect this new definition, fixing the
exposed functions that directly manipulate the flags fields.
Obtained from: TrustedBSD Project
The recent problems with sshd were due to sshd reassigning
`environ' when setenv() thinks it owns it. setenv() subsequently
realloc()s the new version of environ and *boom*
- Include <stdlib.h> and <string.h> as needed for prototypes
- Remove unneeded "error" variables
o Make cap_init() use cap_clear() instead of bzero()
Obtained from: TrustedBSD Project
o Implementations will remain in the seperately distributed capability
patch until the cap_t type changes are synchronized.
Obtained from: TrustedBSD Project
response to return. This will stop processes waiting on DNS requests
from being woken up when a select collision occurs. This was tested
on mx1.FreeBSD.org (outgoing mail for the FreeBSD.org mailing
lists.)
Reviewed by: jlemon, peter
were not present when dev_mkdb(8) was run.
First the dev_mkdb(8) database is searched, this caters for non-DEVFS
cases where people have renamed a device.
If that fails we ask the kernel using sysctl kern.devname if the device
driver has put a name in the dev_t. This covers DEVFS cloned devices.
If that also fails we format a string which isn't entirely useless.
be used to point to a bad locale file. This is only believed to be a
minor security risk - the only risk is if some program uses the result
of a localized string as a format specifier in a vulnerable function
like sprintf(). No such code is believed to exist in the FreeBSD base
system, although it is possible that badly written third party code
would do that.
Submitted by: imp
Approved by: ache
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
It was kinda silly since the sigaction() syscall that it used to setup
the handler is more recent than __getcwd(), therefore it was useless
as the wrapper would have died before even getting as far as __getcwd(2).
Reminded by: bde
* rewrite catopen() to remove duplicate code chunks and optimize
* if empty string is passed to catopen() as name argument then
catopen() will set errno to ENOENT (File not found), not EINVAL
* move search code to LOOKUP() macro to shrink amount of duplicated code
* move common resource freeing actions to __nls_free_resources() function
* exclude from build code related to MCLoadAll defintion since it is not
using at all
* style(9) related whitespace changes
Reviewed by: ache
in my tree for a long time. bde reviewed this once upon a time and
said it was OK, iirc. This also obviates the need to put ? in the
optstring argument to preclude the extra warning message which some
people think confuses users. When I made my getopt cleanups of a long
time ago, this was the compromise reached. I just neglected to commit
it until now.
