Age | Commit message (Collapse) | Author |
|
the binding to global (NB == "no binding"), as clang 13 is now
warning about changing the binding from global to weak.
This first pass does amd64 and sparc64 and pulls DEFS.h out of the
per-arch directory to a common directory; others to follow
ok kettenis@
|
|
|
|
|
|
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!
Time for a story...
When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate
To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.
The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.
ok deraadt@
|
|
allocating space when buf is NULL is an extension more prominently.
Clarify that getwd() is deprecated and should not be used.
Mention EFAULT errno value for invalid (non-NULL) buf.
OK deraadt@ jmc@
|
|
The 4.3BSD getwd(3) did not malloc space, use __getcwd(2) directly
so the compat function doesn't either. OK deraadt@
|
|
macro-build a replacement for sccsid, and was done without any concern
for namespace damage. Unfortunately this practice started infecting
other code as others were unaware they didn't need the file.
ok millert guenther
|
|
|
|
lsearch(3) is really just lfind(3) with an additional branch to append
the key if lfind(3) fails. If we get rid of the underlying
linear_base() function and move the search portion into lfind(3) and
the key-copying portion into lsearch(3) we get smaller and simpler
code.
Misc. notes:
- We do not need to keep the historical comment about errno. lsearch(3)
is pure computation and does not set errno. That's really all you
need to know. The specification reserves no errors, either.
- We are using lfind(3) internally now, so it switches from
PROTO_DEPRECATED to PROTO_NORMAL in hidden/search.h and needs
DEF_WEAK in stdlib/lsearch.c.
With advice from guenther@ on symbol housekeeping in libc.
Thread: https://marc.info/?l=openbsd-tech&m=163885187632449&w=2
ok millert@
|
|
length for maximum amount of strings, but forgot about the struct passwd
taken from the start, and it isn't clear if the missing non-string elements
cover for that shortage. It would require misconfiguration by root to
exceed the buffer. As well, the strings don't need to be aligned, and
thus sys/param.h isn't needed for ALIGN()
ok millert
|
|
If the key overlaps the end of the array, memcpy(3) mutates the key
and copies a corrupted value into the end of the array.
If we use memmove(3) instead we at least end up with a clean copy of
the key at the end of the array. This is closer to the intended
behavior.
With input from millert@ and deraadt@.
Thread: https://marc.info/?l=openbsd-tech&m=163880307403606&w=2
ok millert@
|
|
Highlights:
- Tighten up the NAME.
- "process" -> "thread".
- Tidy up the DESCRIPTION. In particular, omit discussion of the
historial SIGALRM-based implementation.
- Simplify RETURN VALUES.
- Add an ERRORS section, note that sleep(3) can set EINTR.
- Update STANDARDS to POSIX.1-2008.
- Note that setting errno is an extension to the spec.
Discussed with and revised by jmc@, deraadt@, millert@, and schwarze@.
With a history lesson from jsg@.
Thread: https://marc.info/?l=openbsd-tech&m=162718445809428&w=2
"the changes read fine to me" jmc@, ok millert@ schwarze@
|
|
Highlights:
- Tweak the one-liner description.
- Better variable names.
- Reorder DESCRIPTION to reflect the importance of each interface.
- Advise against using gettimeofday(2) for measuring elapsed time.
- Isolate discussion of the historical timezone parameter to its
own paragraph at the end of the DESCRIPTION.
- Update ERRORS. Mention the securelevel(7) EPERM for settimeofday(2).
- Expand SEE ALSO.
- Note settimeofday(2) in STANDARDS. It is available on many systems.
Discussed with jmc@, millert@, and deraadt@. Possibly discussed with
schwarze@, though I can't find the email.
Thread: https://marc.info/?t=162765632800002&r=1&w=2
"reads fine to me" jmc@, ok millert@
|
|
- Change "tloc" variable to "now" to reinforce meaning.
- Simplify DESCRIPTION.
- No point in describing how gettimeofday(2) can fail here.
- Add a STANDARDS section.
- Rework the HISTORY section.
With input from jmc@, millert@, and schwarze@.
Thread: https://marc.info/?l=openbsd-tech&m=162766815024823&w=2
"reads fine" jmc@, ok schwarze@
|
|
The "lim" variable needs to be a size_t to match nmemb, otherwise we
get undefined behavior when nmemb exceeds INT_MAX.
Prompted by a blog post by Joshua Bloch:
https://ai.googleblog.com/2006/06/extra-extra-read-all-about-it-nearly.html
Fixed by Chris Torek a long time ago:
https://svnweb.freebsd.org/csrg/lib/libc/stdlib/bsearch.c?revision=51742&view=markup
ok millert@
|
|
|
|
to 3-term BSD license.
|
|
OK jsg@
|
|
ok florian@
|
|
libc can't do DNSSEC validation but it can ask a "security-aware"
resolver to do so. Let's send queries with the AD flag set when
appropriate, and let applications look at the AD flag in responses in
a safe way, ie clear the AD flag if the resolvers aren't trusted.
By default we only trust resolvers if resolv.conf(5) only lists name
servers on localhost - the obvious candidates being unwind(8) and
unbound(8). For non-localhost resolvers, an admin who trusts *all the
name servers* listed in resolv.conf(5) *and the network path leading to
them* can annotate this with "options trust-ad".
AD flag processing gives ssh -o VerifyHostkeyDNS=Yes a chance to fetch
SSHFP records in a secure manner, and tightens the situation for other
applications, eg those using RES_USE_DNSSEC for DANE. It should be
noted that postfix currently assumes trusted name servers by default and
forces RES_TRUSTAD if available.
RES_TRUSTAD and "options trust-ad" were first introduced in glibc by
Florian Weimer. Florian Obser (florian@) contributed various
improvements, fixed a bug and added automatic trust for name servers on
localhost.
ok florian@ phessler@
|
|
General uses tabs for general indentation and 4 spaces
on tight spots. Also uses extra space to align pointers
and non-pointers as we do this on certain places in our
source.
with improvements from schwarze@
OK schwarze@
|
|
The new kqueue-based poll/select implementation does not suffer from
select collisions.
OK cheloha@, millert@
|
|
OK martijn
|
|
ok deraadt@
|
|
triggerd by but simpler than a similar patch sent in
by Simon Branch <simonmbranch at gmail dot com>;
OK millert@ jmc@
|
|
from Emil Engler
|
|
Dunno why this ended up here, cvs is always full of surprises.
|
|
Apparently spotted by mortimer@ while working on clang 13 and amd64.
No actual change on sparc64 as this architecture still uses ld.bfd.
ok kettenis@
|
|
ok jca@
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
|
|
ok mpi@ deraadt@
|
|
ok schwarze
|
|
algorithm is gone. Reomve all LZS references from the tree. The
v42bis in isakmpd also looks unsupported.
OK mvs@ patrick@ sthen@
|
|
removed and the former is still needed, as pointed out by kettenis
|
|
|
|
portability annoyance since not all systems have u_char. Remove
the now unused includes sys/types.h and stdio.h.
u_char diff from Jonas Termansen
ok deraadt
|
|
A tiny realpath(3) wrapper to make a porter's life easier.
Feedback kettenis deraadt cheloha sthen
OK cheloha martijn deraadt
|
|
|
|
diff from chohag jtan com
ok claudio
|
|
execve can be detected better
reported by Alejandro Colomar, ok millert
|
|
This matches the documented behavior more obviously and ensures that
these aren't optimized away, although this is unlikely.
Discussed with deraadt and otto
|
|
|
|
This hack isn't very useful now that libc aborts on printf("%n") calls,
it's expected that the resulting error would lead to a build
failure, and that the coredump along with the syslog message should be
enough to find the culprit.
Hinted by naddy@ and prodded by deraadt@
|
|
|
|
* mention that the *optionp input string will be modified
* clarify that the array of tokens is expected to be NULL-terminated
OK millert@ tb@, and the first half of STANDARDS also OK jmc@
|
|
|
|
|
|
to the list. While here remove some of the headers from inet_net_ntop(3)
for balance.
|
|
|