summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-12-12pledge()'s 2nd argument becomes char *execpromises, which becomes theTheo de Raadt
pledge for a new execve image immediately upon start. Also introduces "error" which makes violations return -1 ENOSYS instead of killing the program ("error" may not be handed to a setuid/setgid program, which may be missing/ignoring syscall return values and would continue with inconsistant state) Discussion with many florian has used this to improve the strictness of a daemon
2017-12-11sscanf(3) is now used to parse templates that contain format specifiershelg
(e.g. %u, %o) other than %s. This aligns libfuse with the Linux reference implementation. ok mpi@
2017-12-11Update to fuse_opt_parse(3) so that all option templates are now matched forhelg
the supplied option. This allows the following templates to be supplied to set multiple members of a struct at the same time. e.g. #define FUSE_LIB_OPT(t, p, v) { t, offsetof(struct fuse_config, p), v } static const struct fuse_opt fuse_lib_opts[] = { FUSE_LIB_OPT("gid=", set_gid, 1), FUSE_LIB_OPT("gid=%u", gid, 0), FUSE_OPT_END }; If "-ogid=1000" is passed to fuse_opt_parse(3) it will set both: fuse_config.set_gid=1 fuse_config.gid=1000 ok mpi@
2017-12-11The fuse_opt_match(3) library function does not match options correctly.helg
libfuse supports option templates of the following form that can be used to automatically parse arguments supplied on the command line. "-p " argument that takes an option e.g -p 22 or -p22 "-p %x" argument that takes an option parsed like sscanf(3) "cache=yes" matches -ocache=yes or -o cache=yes "cache=%s" matches -ocache=<string> or -o cache=<string> "cache=" matches same as above but value is passed to option proc "noatime" matches -onoatime or -o atime For example, it does not match options of the form "-p 22" or "cache=yes" to the corresponding templates "-p " and "cache=yes". This patch fixes that and updates the regression tests accordingly. ok mpi@
2017-12-11bump to 2.7.0Brent Cook
2017-12-11http://repzret.org/p/repzret/Theo de Raadt
My read of this: Long time ago (Think Conan, not dinasaurs) during the race to make speedier processors, a cpu vendor built a pipeline with a bad stall, and proposed a tremendously hasky workaround. A wizard adopted this into his perl scroll, and failed to reflect later when no compiler adopted the practice. This relic remains at the tail end of some functions in OpenSSL as ".byte 0xf3,0xc3". Banish it straight to hell. ok mlarkin, others also stared blankly
2017-12-09Make tls_config_parse_protocols() work correctly when passed a NULL pointerJoel Sing
for a protocol string. Issue found by semarie@, who also provided the diff.
2017-12-09In the middle of CRYPTO_gcm128_finish() there is a complicated #ifdefTheo de Raadt
block which defines a variable late, after code. Place this chunk into a { subblock } to satisfy old compilers and old eyes.
2017-12-09Please variable decl before code.Theo de Raadt
2017-12-08Fix the return value of fwscanf(3) when encountering an early matchingKevin Lo
failure. This change brings fwscanf(3) back in line with fscanf(3). From FreeBSD; ok deraadt@, millert@
2017-12-07* clean up macro usage: use .Ar for command arguments, .Cm for fixedIngo Schwarze
strings to be used in commands, and .Li for example strings * clarify what uses the two environment variables, and that only these two are ignored for issetugid(2) programs triggered by a question from Jan Stary <hans at stare dot cz> feedback and OK ratchov@
2017-12-06It's the imsg_compose(3) who accepts 'fd' argument, not imsg_create(3).Vadim Zhukov
2017-12-05Remove DEF_STRONG(__cxa_thread_atexit_impl). This produces an unwantedMark Kettenis
_libc___cxa_thread_atexit_impl reference on gcc architectures that breaks the build.
2017-12-05Implement __cxa_thread_atexit to support C++11 thread_local scope. TheMark Kettenis
interface is also made available as __cxa_thread_atexit_impl to satisfy the needs of GNU libstdc++. ok guenther@, millert@
2017-12-01Redo the calculation of the alignment and placement of static TLS data toPhilip Guenther
correctly take into account the segment p_align. Previously, anything with a size belong the natural alignment or with alignment larger than the natural one would either not be intialized correctly, be misaligned, or result in the TIB being misaligned. Problems reported by Charles Collicutt (charles (at) collicutt.co.uk) ok kettenis@
2017-12-01Consistently .Xr the corresponding wide char functions from char- andIngo Schwarze
string-handling <stdio.h> functions, like we already do it for <string.h>. Includes a smaller patch from <kshe59 at zoho dot eu>, OK jmc@.
2017-12-01add missing argument name; from <kshe59 at zoho dot eu>; OK jmc@;Ingo Schwarze
while here, consistently use .Fo to cure execessive line lengths
2017-11-30vn_open(9) does not pass the open(2) flags to VOP_CREATE(9) so we can'thelg
support FBT_CREATE. Fall back to FBT_MKNOD + FBT_OPEN so that a valid sequence of FUSE messages is sent to the file system when creating files. input from mpi@, otto@
2017-11-29clang doesn't propagate attributes like "asm labels" and "visibility(hidden)"Philip Guenther
to builtins like mem{set,cpy,move} and __stack_smash_handler. So, when building with clang, instead mark those as protected visibility to get rid of the PLT relocations. We can't take the address of them then, but that's ok: it's a build-time error not a run-time error. ok kettenis@
2017-11-28Add the missing STANDARDS section (kettenis@ noticed that these areIngo Schwarze
POSIX functions) and turn the weird DIAGNOSTICS section into a normal RETURN VALUES section while here.
2017-11-28Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.Joel Sing
This removes the last remaining use of the old M_ASN1_* macros (asn1_mac.h) from API that needs to continue to exist. ok beck@ inoguchi@
2017-11-28Correct TLS extensions handling when no extensions are present.Joel Sing
If no TLS extensions are present in a client hello or server hello, omit the entire extensions block, rather than including it with a length of zero. ok beck@ inoguchi@
2017-11-28Add CBB_discard_child(), which allows for a child CBB to be discarded.Joel Sing
Based on BoringSSL.
2017-11-28GNU ld has prefixed the contents of .gnu.warning.SYMBOL sectionsTheo Buehler
with "warning: " since 2003, so the messages themselves need not contain the prefix anymore. From Scott Cheloha ok jca, deraadt
2017-11-28Delete fktrace(2). The consequences of it were not thought throughPhilip Guenther
sufficiently and at least one horrific security hole was the result. ok deraadt@ beck@
2017-11-26Add support for -f option to libfuse. This keeps the FUSE file systemhelg
running in the foreground. ok mpi@
2017-11-22Avoid .align 0 here as well. Also fix a .word that should be a .quad.Mark Kettenis
ok patrick@
2017-11-21Avoid .align 0. Clang's integrated assembler actually honors this directiveMark Kettenis
and the resulting byte-alignment triggers unaligned access. ok patrick@, deraadt@
2017-11-21Use a simple forward search to find '%' in the format string instead ofTheo Buehler
using mbrtowc(3). Thus, we now treat the format string as a bytestring, not as a multibyte character string. We think that ANSI C made a small error when adding wide characters: The committees essentially replaced "characters" with "wide characters" in the existing printf documentation, which was written before the concept of processing was established. Doing processing on the format string would break some 8-bit format strings in the wild, and that isn't something these committees gave themselves license to do. Based on the "10x printf speedup" commit from android found by tedu: https://github.com/aosp-mirror/platform_bionic/commit/5305a4d4a723b06494b93f2df81733b83a0c46d3 Thanks to millert and schwarze for digging into the history and testing *printf behavior on other platforms. ok deraadt, millert
2017-11-17Implement safe signal handling and handle unmount failure gracefully.helg
ok mpi@
2017-11-17Fixes the following bugs when getcwd(3) is used on a fuse file systemhelg
Endless loop if directory nested more than one level from root of file system Current directory not found if the parent directory contains more children than will fit in the buffer passed to VOP_READDIR(9) Open and close directory in fusefs_readdir if dir is not already open. Now behaves as if readdir_ino option was passed to fuse so that directories in path have a valid ino. ok mpi@
2017-11-16Add support for:helg
multiple options after -o. arguments that require options e.g. -p 22 %s, %lu, %u option templates ok mpi@
2017-11-16Add error checking to some calls to __find_arguments(). Matches similarTheo Buehler
changes by schwarze to vfprintf.c r1.71. Cherrypicked from android: https://github.com/aosp-mirror/platform_bionic/commit/5305a4d4a723b06494b93f2df81733b83a0c46d3 ok millert
2017-11-07Fix spelling: bet -> net from Scott Bennett, thanksTheo Buehler
2017-11-04Revert recent changes to unbreak ports/net/sambaJeremie Courreges-Anglas
While it is not clear (to me) why that ports ends up with corrupted shared libs, reverting those changes fixes the issue and should allow us to close p2k17 more smoothly. Discussed with a bunch, ok ajacoutot@ guenther@
2017-11-04fuse_loop_mt() isn't implemented so return an error value.Martin Pieuchot
From Helg Bredow.
2017-11-04Use the correct version macro.Martin Pieuchot
From Helg Bredow, ok pirofti@
2017-11-04polish debug printfs, no behaviour change.Alexandre Ratchov
2017-11-02's' should include 'f'; from Jacqueline JolicoeurOtto Moerbeek
2017-11-02Check if the arguments are NULL instead of dereferencing them blindly.Martin Pieuchot
Delete incorrect "unused" keyword and remove redundant variables due to missing NULL checks. From Helg Bredow.
2017-11-02Update libexpat to 2.2.5. Changes for OpenBSD include a few bugAlexander Bluhm
fixes, no library bump needed. OK deraadt@
2017-10-31Argh: put back some linker-supplied symbols to avoid triggering a bugPhilip Guenther
in binutils that results in uninitialized .dynsym entries in shared objects in the samba port. problem reported by naddy@ ok jca@ kettenis@
2017-10-30fix oob read; form llvm via Vlad Tsyrklevich; ok millert@Otto Moerbeek
2017-10-29Prefer <elf.h> to the non portable <sys/exec_elf.h>.Martin Pieuchot
ok jca@, deraadt@
2017-10-29Stop exporting _memcpy, an implementation detail of bcopy/memcpy/memmovePhilip Guenther
ok kettenis@ deraadt@
2017-10-28Remove __builtin_saveregs: gcc hasn't used it for years.Philip Guenther
suggested by miod@ ok kettenis@
2017-10-28Typo: 'end' should have been '_end', which is already exported/imported.Philip Guenther
Also, '_memcpy' and '_stack' were specific to arm and should not have been copied here
2017-10-28Eliminate some more linker generated symbols that aren't needed.Philip Guenther
ok kettenis@
2017-10-28If the init_routine used with pthread_once() is canceled, then we need toPhilip Guenther
unlock the mutex inside the pthread_once_t. Push a cleanup wrapper for that. Diff from Scott Cheloha <scottcheloha@gmail.com> ok mpi@
2017-10-28Change pthread_cleanup_{push,pop} to macros that store the cleanup infoPhilip Guenther
on the stack instead of mallocing the list and move the APIs from libpthread to libc so that they can be used inside libc. Note: the standard was explicitly written to permit/support this "macro with unmatched brace" style and it's what basically everyone else already does. We xor the info with random cookies with a random magic to detect/trip-up overwrites. Major bump to both libc and libpthread due to the API move. ok mpi@