the number of bytes to add - for multibyte characters n will be > 1.
Fix __slk_draw to pass in the actual length of the label instead of
the default label length because wide characters may make the
actual string length longer than the slk display length.
Although tzcode still works with C89, bugs found in recent routine
maintenance indicate that bitrot has set in and that in practice
C89 is no longer used to build tzcode. As it is a maintenance
burden, support for C89 is planned to be removed soon. Instead,
please use compilers compatible with C99, C11, C17, or C23.
timegm, which tzcode implemented in 1989, will finally be
standardized 34 years later as part of C23, so timegm is now
supported even if STD_INSPIRED is not defined.
Fix bug in zdump's tzalloc emulation on hosts that lack tm_zone.
(Problem reported by Đoàn Trần Công Danh.)
Fix bug in zic on hosts where malloc(0) yields NULL on success.
(Problem reported by Tim McBrayer for AIX 6.1.)
Fix zic configuration to avoid linkage failures on some platforms.
(Problems reported by Gilmore Davidson and Igor Ivanov.)
Work around MS-Windows nmake incompatibility with POSIX.
(Problem reported by Manuela Friedrich.)
Port mktime and strftime to debugging platforms where accessing
uninitialized data has undefined behavior (strftime problem
reported by Robert Elz).
Check more carefully for unlikely integer overflows, preferring
C23 <stdckdint.h> to overflow checking by hand, as the latter has
had obscure bugs.
The first paragraph could use some rewording. While BRE may be
obsolete, it's still the default for regcomp(3) and the default for
grep(1), sed(1), etc.
Use .Rv where possible. Some manual pages claimed that the error "is
returned", but RTFS and some quick testing indicate that this is wrong.
The commit message from 2003 says that:
Note our current implementation mis-matches [man pages] slightly
(error codes are stuffed into errno, where they should simply be
returned by these calls). This will be addressed shortly.
That hasn't happened in the 20 years, so we might as well make the man
pages reflect the reality.
While here, don't claim that null pointer is zero.
We should probably just pick the wording from POSIX, but that yak is a
bit too big for me to shave at the moment.
on virtscr and curscr because the indexes past are supposed to be
one *past* the last matching line (they may actually match if the line is
at the bottom of the screen). Iff they don't match reduce the scroll
region size by one so we don't scroll non-matching lines, also check
if the region is then 0 after the decrement and just return if it was.
This fixes observed behviour in the PR. Allow the cursor to be
moved one past the EOL, if postitioned here then set ISPASTEOL.
also protect out of range access if win->cury is past maxy.
Changes to code
zic now supports links to links regardless of input line order.
For example, if Australia/Sydney is a Zone, the lines
Link Australia/Canberra Australia/ACT
Link Australia/Sydney Australia/Canberra
now work correctly, even though the shell commands
ln Australia/Canberra Australia/ACT
ln Australia/Sydney Australia/Canberra
would fail because the first command attempts to use a link
Australia/Canberra that does not exist until after the second
command is executed. Previously, zic had unspecified behavior if
a Link line's target was another link, and zic often misbehaved if
a Link line's target was a later Link line.
Fix line number in zic's diagnostic for a link to a link.
Fix a bug that caused localtime to mishandle timestamps starting
in the year 2438 when reading data generated by 'zic -b fat' when
distant-future DST transitions occur at times given in standard
time or in UT, not the usual case of local time. This occurs when
the corresponding .zi Rule lines specify DST transitions with TO
columns of 'max' and AT columns that end in 's' or 'u'. The
number 2438 comes from the 32-bit limit in the year 2038, plus the
400-year Gregorian cycle. (Problem reported by Bradley White.)
On glibc 2.34 and later, which optionally supports 64-bit time_t
on platforms like x86 where time_t was traditionally 32 bits,
default time_t to 64 instead of 32 bits. This lets functions like
localtime support timestamps after the year 2038, and fixes
year-2038 problems in zic when accessing files dated after 2038.
To continue to limit time_t to 32 bits on these platforms, use
"make CFLAGS='-D_TIME_BITS=32'".
In C code, do not enable large-file support on platforms like AIX
and macOS that no longer need it now that tzcode does not use
off_t or related functions like 'stat'. Large-file support is
still enabled by default on GNU/Linux, as it is needed for 64-bit
time_t support.
In C code, prefer C23 keywords to pre-C23 macros for alignof,
bool, false, and true. Also, use the following C23 features if
available: __has_include, unreachable.
zic no longer works around Qt bug 53071, as the relevant Qt
releases have been out of support since 2019. This change affects
only fat TZif files, as thin files never had the workaround.
zdump no longer modifies the environ vector when compiled on
platforms lacking tm_zone or when compiled with -DUSE_LTZ=0.
This avoid undefined behavior on POSIX platforms.
reallocarray() will be part of the next POSIX release, see
https://austingroupbugs.net/view.php?id=1218
adapt an errno value to match POSIX expectations
As discussed on tech-userlevel
(meaningless macro in mdoc) followed by the first line of the
real BUGS section somehow ended up inserted after the first
word of the STANDARDS section. Delete the noise.
- plod now correctly accounts for wide characters when plodding
- use erase line when in color mode if the terminal has the capability
- ensure that the CA_CONTINUATION flag is applied consistently to the
subsequent characters in a wide character.
- fix a bunch of refresh bugs that caused inconsistent placement of
wide characters.
The old definitions in qp.c being all grouped together in one file
causes problems when static linking with libgcc (i.e. cc --static-libgcc)
due to functions like __trunctfdf2 conflicting with libgcc, as seen in
PR 57021
We can also add some missing functions like __fixdfti for converting
a double to an int128_t, the lack of which is currently preventing webkit
from linking on aarch64, as seen in PR 57022
Unclear to me if libc is the right place for these functions, but
we can avoid breaking compatibility right now and maintain the status
quo while avoiding some obvious immediate problems.
nm output for libc shows no functions being removed by this change.
Some flags are now accepted, others are still ignored. (E.g., other
BSDs would return EINVAL if O_RDWR wasn't passed, and we now accept
O_NONBLOCK but not O_CLOEXEC.)
This doesn't affect the calls to the atfork handlers -- it only
protects access to the lists of handlers from interruption by a
signal, in case the signal handler calls fork(2).
The NetBSD implementation differs from other BSDs in that it does not
return EINVAL if invalid oflags are submitted, since it completely
ignores them. This is surprising to upstream projects that may expect
otherwise.
Work around a bug in onetrueawk that broke commands like
'make traditional_tarballs' on FreeBSD, macOS, etc.
(Problem reported by Deborah Goldsmith.)
Add code to tzselect that uses experimental structured comments in
zone1970.tab to clarify whether Zones like Africa/Abidjan and
Europe/Istanbul cross continent or ocean boundaries.
(Inspired by a problem reported by Peter Krefting.)
Fix bug with 'zic -d /a/b/c' when /a is unwritable but the
directory /a/b already exists.
Remove zoneinfo2tdf.pl, as it was unused and triggered false
malware alarms on some email servers.
zic has a new option '-R @N' to output explicit transitions < N.
(Need suggested by Almaz Mingaleev.)
'zic -r @N' no longer outputs bad data when N < first transition.
(Problem introduced in 2021d and reported by Peter Krefting.)
zic now checks its input for NUL bytes and unterminated lines, and
now supports input line lengths up to 2048 (not 512) bytes.
gmtime and related code now use the abbreviation "UTC" not "GMT".
POSIX is being revised to require this.
When tzset and related functions set vestigial static variables
like tzname, they now prefer specified timestamps to unspecified ones.
(Problem reported by Almaz Mingaleev.)
zic no longer complains "can't determine time zone abbreviation to
use just after until time" when a transition to a new standard
time occurs simultanously with the first DST fallback transition.
For now this builds the C version, for completeness, so
that e.g. lang/ocaml can be configured & built. However,
googling reveals that powerpc does have a "fused multiply add"
instruction, ref.
https://www.ibm.com/docs/en/aix/7.1?topic=set-fmadd-fma-floating-multiply-add-instruction
so this could probably be taken advantage of for a more
optimized version.
to __cerror so if the ptrace syscall fails we can call __cerror again with
the correct %r19 value.
Do this even though the call of __cerror doesn't go via the PLT because
__cerror calls __errno which does.
Analysis and fix from Tom Lane in
port-hppa/56864: hppa: ptrace(2) dumps core when returning an error
I changed the location of where %r19 is stored on the stack to follow the
ABI.
Patch from chs@. Comment explaining the story by me. This patch may
not be optimal -- maybe it would be better in pthread__init, or
better for rtld to call _lwp_unpark after _lwp_park in the contened
case -- but we've tested this version and it's annoying to reproduce,
so let's take this version and worry about testing improvements
later.
This was introduced two years ago when the getrandom/getentropy API
question was still open, and removed because the discussion was
ongoing. Now getentropy is more widely adopted and soon to be in
POSIX. So reintroduce the symbol into libc since we'll be keeping it
anyway. Discussion of details of the semantics, as interpreted by
NetBSD, is ongoing, but the symbol needs to get in before the
netbsd-10 branch. The draft POSIX text is
(https://www.opengroup.org/austin/docs/austin_1110.pdf):
SYNOPSIS
#include <unistd.h>
int getentropy(void *buffer, size_t length);
DESCRIPTION
The getentropy() function shall write length bytes of data
starting at the location pointed to by buffer. The output
shall be unpredictable high quality random data, generated by
a cryptographically secure pseudo-random number
generator. The maximum permitted value for the length
argument is given by the {GETENTROPY_MAX} symbolic constant
defined in <limits.h>.
RETURN VALUES
Upon successful completion, getentropy() shall return 0;
otherwise, -1 shall be retunred and errno set to indicate the
error.
ERRORS
The getentropy() function shall fail if:
[EINVAL] The value of length is greater than
{GETENTROPY_MAX}.
The getentropy() function may fail if:
[ENOSYS] The system does not provide the necessary
source of entropy.
RATIONALE
The getentropy() function is not a cancellation point.
Minor changes from the previous introduction of getentropy into libc:
- Return EINVAL, not EIO, on buflen > 256.
- Define GETENTROPY_MAX in limits.h.
The declaration of getentropy in unistd.h and definition of
GETENTROPY_MAX in limits.h are currently conditional on
_NETBSD_SOURCE. When the next revision of POSIX is finalized, we can
expose them also under _POSIX_C_SOURCE > 20yymmL as usual -- and this
can be done as a pullup without breaking existing compiled programs.
strictly-aligned versions of memcmp(3), bcopy(3), memcpy(3), and
memmove(3).
This is used for 403 by ld.so.conf with machdep.no_unaligned variable.
With this library, unaligned memory accesses are significantly reduced
for 403 (from several hundreds to few tens per sec under heavy load);
only ld.elf_so (typically few times per fork) and statically-linked
binaries do such access.
with strictly-aligned versions.
Now all 32-bit powerpc ports share the same libc binary.
This change together with the preceding similar change in libkern slightly
improve performance for DHT (ibm4xx/405GP) and RB800 (MPC8533E).
See changes in bytebench scores:
- DHT https://gist.github.com/rokuyama/301063355de9733bea515b84ef574c0a
- RB800 https://gist.github.com/rokuyama/60ad665d367d6d110b79ec44707f39ff
Improvements may be negligible, but this does not cause performance
regressions at least.
This hack was for 403, but unaligned memory access is now emulated by
kernel. This should result in serious performance regression for 403.
We will provide strictly-aligned versions by ld.so.conf.
Seen on netbsd-9 built xscreensaver running on a current system.
Whatever triggered this should also be fixed, but in the meantime
we can improve the behaviour from "Segmentation Fault"
PR toolchain/56771
Fix profiling on CPUs that do not support unaligned memory access;
Allocate objects (referenced from struct gmonparam) with proper
alignments.
For monstartup(), objects are allocated on heap. Break is not
guaranteed to be aligned at all, unlike stack pointer.
For _m_gmon_alloc(), objects are allocated on anonymous memory.
p->tos is not aligned properly in general.
This fixes quasi-random crashes for *_profile tests, at least on
SH-4 and PowerPC 403 [1]. Also, no regression is observed for
others as far as I can see.
This change does not cause any ABI breakage, as long as application
uses proper pointers; use p->tos instead of evil pointer arithmetic
like (struct tostruct *)((char *)p->froms + p->fromssize) [2].
[1] Timeout should be increased for some tests. "pic" variants
still fail as expected. Dynamically-linked binaries also crash in
rtld for SH-4, but this seems different problem...
[2] This example did not work even before, since the order of
froms[] and tos[] is reversed depending on which of monstartup() or
_m_gmon_alloc() is used for allocation.
same as the old one. This prevents excessive redraws in some
applications.
* Fix bug introduced when wbkgrndset was fixed, we cannot blindly
replace any instance of the old background character with the new one
because some of those characters were put there by the application
leading to display corruption. So flag characters as background when
they are erased and only update the flagged characters when setting
the background.
* Fix bkgrndset so that it actually sets the background character in
in line with the SUSv2 specification.
* Add an internal function to copy a complex character
* Make the previously static celleq function into a libcurses private
function so that it can be called in other files.
The names membar_enter/exit were unclear, and the documentation of
membar_enter has disagreed with the implementations on sparc,
powerpc, and even x86(!) for the entire time it has been in NetBSD.
The terms `acquire' and `release' are ubiquitous in the literature
today, and have been adopted in the C and C++ standards to mean
load-before-load/store and load/store-before-store, respectively,
which are exactly the orderings required by acquiring and releasing a
mutex, as well as other useful applications like decrementing a
reference count and then freeing the underlying object if it went to
zero.
Originally I proposed changing one word in the documentation for
membar_enter to make it load-before-load/store instead of
store-before-load/store, i.e., to make it an acquire barrier. I
proposed this on the grounds that
(a) all implementations guarantee load-before-load/store,
(b) some implementations fail to guarantee store-before-load/store,
and
(c) all uses in-tree assume load-before-load/store.
I verified parts (a) and (b) (except, for (a), powerpc didn't even
guarantee load-before-load/store -- isync isn't necessarily enough;
need lwsync in general -- but it _almost_ did, and it certainly didn't
guarantee store-before-load/store).
Part (c) might not be correct, however: under the mistaken assumption
that atomic-r/m/w then membar-w/rw is equivalent to atomic-r/m/w then
membar-r/rw, I only audited the cases of membar_enter that _aren't_
immediately after an atomic-r/m/w. All of those cases assume
load-before-load/store. But my assumption was wrong -- there are
cases of atomic-r/m/w then membar-w/rw that would be broken by
changing to atomic-r/m/w then membar-r/rw:
https://mail-index.netbsd.org/tech-kern/2022/03/29/msg028044.html
Furthermore, the name membar_enter has been adopted in other places
like OpenBSD where it actually does follow the documentation and
guarantee store-before-load/store, even if that order is not useful.
So the name membar_enter currently lives in a bad place where it
means either of two things -- r/rw or w/rw.
With this change, we deprecate membar_enter/exit, introduce
membar_acquire/release as better names for the useful pair (r/rw and
rw/w), and make sure the implementation of membar_enter guarantees
both what was documented _and_ what was implemented, making it an
alias for membar_sync.
While here, rework all of the membar_* definitions and aliases. The
new logic follows a rule to make it easier to audit:
membar_X is defined as an alias for membar_Y iff membar_X is
guaranteed by membar_Y.
The `no stronger than' relation is (the transitive closure of):
- membar_consumer (r/r) is guaranteed by membar_acquire (r/rw)
- membar_producer (w/w) is guaranteed by membar_release (rw/w)
- membar_acquire (r/rw) is guaranteed by membar_sync (rw/rw)
- membar_release (rw/w) is guaranteed by membar_sync (rw/rw)
And, for the deprecated membars:
- membar_enter (whether r/rw, w/rw, or rw/rw) is guaranteed by
membar_sync (rw/rw)
- membar_exit (rw/w) is guaranteed by membar_release (rw/w)
(membar_exit is identical to membar_release, but the name is
deprecated.)
Finally, while here, annotate some of the instructions with their
semantics. For powerpc, leave an essay with citations on the
unfortunate but -- as far as I can tell -- necessary decision to use
lwsync, not isync, for membar_acquire and membar_consumer.
Also add membar(3) and atomic(3) man page links.
If NetBSD were built with -DHAVE_MALLOC_ERRNO=0, the previous code would
have resulted in a compile error due to the extra '}'. Fix this by
copying the upstream code.
No binary change.
Changes to code
Fix bug when mktime gets confused by truncated TZif files with
unspecified local time. (Problem reported by Almaz Mingaleev.)
Fix bug when 32-bit time_t code reads malformed 64-bit TZif data.
(Problem reported by Christos Zoulas.)
When reading a version 2 or later TZif file, the TZif reader now
validates the version 1 header and data block only enough to skip
over them, as recommended by RFC 8536 section 4. Also, the TZif
reader no longer mistakenly attempts to parse a version 1 TZIf
file header as a TZ string.
zdump -v now outputs "(localtime failed)" and "(gmtime failed)"
when local time and UT cannot be determined for a timestamp.
Changes by me:
- Minor style nits.
- Set errno on posix_spawn failure.
- Handle edge cases of SIGINT/SIGQUIT set to SIG_IGN by caller.
Author: Nikita Ronja Gillmann <nikita@NetBSD.org>
Committer: Taylor R Campbell <riastradh@NetBSD.org>
An escaped character should unconditionally be skipped together with the
character that does the escaping. For example, in "a\)b" only the ")b"
part was skipped but then the loop stopped at the "\" since it's one of
the characters listed in word_break. (Piotr P. Stefaniak)
Stuff like libc's namespace.h, or atomic_op_namespace.h, which does
namespacing tricks like `#define atomic_cas_uint _atomic_cas_uint',
has to go at the top of each .c file. If it goes in the middle, it
might be too late to affect the declarations, and result in compile
errors.
I tripped over this by including <sys/atomic.h> in mips
<machine/lock.h>.
(Maybe we should create a new pthread_namespace.h file for the
purpose, but this'll do for now.)
1. After loading self->pt_rwlocked, membar_enter() must not be
conditional on PTHREAD__ATOMIC_IS_MEMBAR because there is no
atomic r/m/w operation here which could imply the acquire barrier.
(This should maybe just be a load-acquire operation, but we don't
have atomic_load_acquire in userland at the moment -- TBD.)
2. Before storing thread->pt_rwlocked, must issue membar_exit() so
that this is a store-release operation -- except if we had just
done an atomic r/m/w and PTHREAD__ATOMIC_IS_MEMBAR is set, in
which case it can be elided.
The second membar_exit() added here might be safely hoisted out of
the loop but I'm not sure -- needs more analysis to prove that
would be safe.
* Remove the WCOL family of macros, these were "stealing" the upper bits
of a character attribute to store the column width of a character. No
warning was given about this in curses.h which meant it was easy to
accidentally reuse the bits in use by the WCOL macros (we already did).
Add couple of 16bit ints to the character structure iff HAVE_WCHAR is
true to hold the display width and wide char related flags (just
continuation at the moment)
* Convert all instances of WCOL macros to just reference the column width
in the char structure so it is not obfuscated.
* Fix cursor positioning so placing a cursor in the middle of a wide char
actually does just that.
* Fix plod so it understands that if the cursor is going to be positioned
in the middle of a wide char it cannot just reprint the char to get there.
* Fix plodput so it correctly counts the number of output characters for
wide characters.
* Fix slk routines to properly size the wctomb() buffer.
lib/librefuse/refuse_compat.c(155):
error: void function fuse_unmount cannot return value [213]
lib/librefuse/refuse/v30.c(57):
error: void function fuse_destroy_v30 cannot return value [213]
It is supposed to print a help message without the usage
line. Although it is deprecated and has been removed as of FUSE 3.0,
filesystems in the wild still use it.
* FUSE_MAKE_VERSION(maj, min) now generates a 3-digits number if the
version is higher than 3.9. This is needed to support FUSE 3.10 API.
* FUSE_{MAJOR,MINOR}_VERSION no longer have a fixed value but are
derived from FUSE_USE_VERSION specified by the user code. This is
needed to support more FUSE filesystems in the wild.
puffs_daemon(3) creates a pipe before forking, and the parent process
waits for the child to either complete puffs_mount(3) or fail. If a
user calls puffs_daemon(3) after puffs_mount(3), the function
deadlocks. While this error-reporting functionality is really a nice
thing to have, deadlocking is not great. If the filesystem has already
been mounted, puffs_mount(3) should just daemonize the process and
return.
This became an issue because fuse_daemonize(3) in FUSE API had no such
requirement and some FUSE filesystems in the wild suffered deadlocks.
Remove the DIAGASSERT for str being NULL in the puts/putp functions,
add protection so that the functions just return OK if str is NULL.
This prevents the assert firing when libcurses passes through a NULL
due to an undefined terminfo entry.
and not just the part used by the present pathname, because the entire
struct will be passed to bind() and an EFAULT can result if not all of
it is a valid allocation. Fixes PR kern/56533.
we want to load the timezone data using the same structs they were saved as.
Introduce __time_t which is always 64 bits and make the minimal changes for
this to work. Yes, it is ugly.
The goal is to fully support FUSE API version 3.0 while maintaining
API/ABI compatibility with code written for 2.6 (or even older).
* <fuse.h> now emits a compiler warning if it's included without
defining FUSE_USE_VERSION. It had been silently defaulted to the
latest supported version prior to this change. This is permissive
compared to the original FUSE, as it emits an error instead.
* <fuse.h> now emits a warning if FUSE_USE_VERSION is higher than what
can be provided.
* Added a macro FUSE_MAKE_VERSION(maj, min). It was missing from
librefuse <fuse.h>.
No actual API updates have been made (yet).
Chuck Silvers pointed out that voff_t was also supposed to be
kernel-only. The correct type to use in userland would be off_t, but
since changing vsize_t to either voff_t or off_t is an ABI change on
32-bit platforms, we use size_t knowing that it is technically
incorrect.
<puffs.h> is a user-space header, and should not use any of
kernel-only types. It's not reasonable to require user-land
filesystems to #define _KERNTYPES.
I should have thought twice before commiting it. Of course changing
the layout of a struct breaks ABI compatibility. Change the offset
back to fixed 32 bits.
This change shouldn't make any behavioral differences in reality, but
compilers these days dislike converting -1U to int32_t implicitly,
which is indeed understandable.
Prior to this change we were calling init() before daemonizing the
process. Some filesystems call chdir(2) in init() but fuse_daemonize()
call chdir("/"), which breaks assumptions about the state of the
process.
directives to allow exception unwind / backtrace across a signal
handler.
N.B. This is currently disabled, as these .cfi directives cause
linker warnings about incompatible TEXTREL relocations in .eh_frame.
This provides an extra level of side-channel and cracking resistance
compared to the pre-existing pkcs5_pbkdf2/sha1 method used for
password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes)
parallelism (integer, usually the number of CPU cores)
version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile
is initially generated.
lgtm riastradh@
Correct the behaviour for ins_wstr:
* Properly check the string will fit by processing any special
characters present when preforming the check.
* Simplify the routine by removing code that duplicates the code in
_cursesi_addwchar and just call _cursesi_addwchar.
trampoline exclusively, thus relegating "sigcontext"-style handlers (which
have not been documented for many years now) to the dustbin of the compat
library.
COPTS.*+= -Wno-error=.*
lines for building argon2 sources, by fixing the problems at source.
Addresses Rin Okuyama's concerns on tech-userlevel/tech-crypto in
Message-ID: <f1eab199-3607-bb05-15cc-033e38721ba4@gmail.com>
command, so that the command cannot appear to be more options
(which always then fails, as there would be no arg for "-c" to
treat as the command string in that case).
For the full (LONG) explanation, see:
http://mail-index.netbsd.org/current-users/2021/10/29/msg041629.html
I don't know what an alow is, maybe some cousin of the alot.
Awaiting a nature documentary by Allie Brosh about these perhaps more
elusive beasts.
PR misc/56473, from jschauma
- sparc and sparc64 were not using version 0 sigcontext when there were
no arguments in the signal version. This was probably a bug.
- vax is using +1 the version numbers of the other archs.
- Only hppa was defining __LIBC12_SOURCE__ so it was getting a working
sigcontext before. all the other ports that supported sigcontext had
the compat code disabled.
[pointed out by thorpej, thanks!]
If we want to remove sigcontext support from userland at least now there
is less work to do so.
Move cursor to end of the currently active field and sync the cursor
location so the cursor get positioned correctly when the form window
is refreshed.
write buffer associated with the file descriptor is empty. This is
currently implemented only for sockets, and is intended primarily to
provide visibility to applications that all previously written data
has been acknowledged by the TCP layer on the receiver. Compatible
with the same filter in FreeBSD.
Release 2021e - 2021-10-21 18:41:00 -0700
Changes to code
none
Release 2021d - 2021-10-15 13:48:18 -0700
Changes to code
'zic -r' now uses "-00" time zone abbreviations for intervals
with UT offsets that are unspecified due to -r truncation.
This implements a change in draft Internet RFC 8536bis.
Release 2021c - 2021-10-01 14:21:49 -0700
Changes to code
Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers (problem reported by Daniel
Fischer).
Changes to documentation
Distribute the SECURITY file (problem reported by Andreas Radke).
Release 2021b - 2021-09-24 16:23:00 -0700
Changes to maintenance procedure
The new file SECURITY covers how to report security-related bugs.
Several backward-compatibility links have been moved to the
'backward' file. These links, which range from Africa/Addis_Ababa
to Pacific/Saipan, are only for compatibility with now-obsolete
guidelines suggesting an entry for every ISO 3166 code.
The intercontinental convenience links Asia/Istanbul and
Europe/Nicosia have also been moved to 'backward'.
Changes to code
zic now creates each output file or link atomically,
possibly by creating a temporary file and then renaming it.
This avoids races where a TZ setting would temporarily stop
working while zic was installing a replacement file or link.
zic -L no longer omits the POSIX TZ string in its output.
Starting with 2020a, zic -L truncated its output according to the
"Expires" directive or "#expires" comment in the leapseconds file.
The resulting TZif files omitted daylight saving transitions after
the leap second table expired, which led to far less-accurate
predictions of times after the expiry. Although future timestamps
cannot be converted accurately in the presence of leap seconds, it
is more accurate to convert near-future timestamps with a few
seconds error than with an hour error, so zic -L no longer
truncates output in this way.
Instead, when zic -L is given the "Expires" directive, it now
outputs the expiration by appending a no-change entry to the leap
second table. Although this should work well with most TZif
readers, it does not conform to Internet RFC 8536 and some pickier
clients (including tzdb 2017c through 2021a) reject it, so
"Expires" directives are currently disabled by default. To enable
them, set the EXPIRES_LINE Makefile variable. If a TZif file uses
this new feature it is marked with a new TZif version number 4,
a format intended to be documented in a successor to RFC 8536.
zic -L LEAPFILE -r @LO no longer generates an invalid TZif file
that omits leap second information for the range LO..B when LO
falls between two leap seconds A and B. Instead, it generates a
TZif version 4 file that represents the previously-missing
information.
The TZif reader now allows the leap second table to begin with a
correction other than -1 or +1, and to contain adjacent
transitions with equal corrections. This supports TZif version 4.
The TZif reader now lets leap seconds occur less than 28 days
apart. This supports possible future TZif extensions.
Fix bug that caused 'localtime' etc. to crash when TZ was
set to a all-year DST string like "EST5EDT4,0/0,J365/25" that does
not conform to POSIX but does conform to Internet RFC 8536.
Fix another bug that caused 'localtime' etc. to crash when TZ was
set to a POSIX-conforming but unusual TZ string like
"EST5EDT4,0/0,J365/0", where almost all the year is DST.
Fix yet another bug that caused 'localtime' etc. to mishandle slim
TZif files containing leap seconds after the last explicit
transition in the table, or when handling far-future timestamps
in slim TZif files lacking leap seconds.
Fix localtime misbehavior involving positive leap seconds.
This change affects only behavior for "right" system time,
which contains leap seconds, and only if the UT offset is
not a multiple of 60 seconds when a positive leap second occurs.
(No such timezone exists in tzdb, luckily.) Without the fix,
the timestamp was ambiguous during a positive leap second.
With the fix, any seconds occurring after a positive leap second
and within the same localtime minute are counted through 60, not
through 59; their UT offset (tm_gmtoff) is the same as before.
Here is how the fix affects timestamps in a timezone with UT
offset +01:23:45 (5025 seconds) and with a positive leap second at
1972-06-30 23:59:60 UTC (78796800):
time_t without the fix with the fix
78796800 1972-07-01 01:23:45 1972-07-01 01:23:45 (leap second)
78796801 1972-07-01 01:23:45 1972-07-01 01:23:46
...
78796815 1972-07-01 01:23:59 1972-07-01 01:23:60
78796816 1972-07-01 01:24:00 1972-07-01 01:24:00
Fix an unlikely bug that caused 'localtime' etc. to misbehave if
civil time changes a few seconds before time_t wraps around, when
leap seconds are enabled.
Fix bug in zic -r; in some cases, the dummy time type after the
last time transition disagreed with the TZ string, contrary to
Internet RFC 8563 section 3.3.
Fix a bug with 'zic -r @X' when X is a negative leap second that
has a nonnegative correction. Without the fix, the output file
was truncated so that X appeared to be a positive leap second.
Fix a similar, even-less-likely bug when truncating at a positive
leap second that has a nonpositive correction.
zic -r now reports an error if given rolling leap seconds, as this
usage has never generally worked and is evidently unused.
zic now generates a POSIX-conforming TZ string for TZif files
where all-year DST is predicted for the indefinite future.
For example, for all-year Eastern Daylight Time, zic now generates
"XXX3EDT4,0/0,J365/23" where it previously generated
"EST5EDT,0/0,J365/25" or "". (Thanks to Michael Deckers for
noting the possibility of POSIX conformance.)
zic.c no longer requires sys/wait.h (thanks to spazmodius for
noting it wasn't needed).
When reading slim TZif files, zdump no longer mishandles leap
seconds on the rare platforms where time_t counts leap seconds,
fixing a bug introduced in 2014g.
zdump -v now outputs timestamps at boundaries of what localtime
and gmtime can represent, instead of the less-useful timestamps
one day after the minimum and one day before the maximum.
(Thanks to Arthur David Olson for prototype code, and to Manuela
Friedrich for debugging help.)
zdump's -c and -t options are now consistently inclusive for the
lower time bound and exclusive for the upper. Formerly they were
inconsistent. (Confusion noted by Martin Burnicki.)
Changes to build procedure
You can now compile with -DHAVE_MALLOC_ERRNO=0 to port to
non-POSIX hosts where malloc doesn't set errno.
(Problem reported by Jan Engelhardt.)
Changes to documentation
tzfile.5 better matches a draft successor to RFC 8536
<https://datatracker.ietf.org/doc/draft-murchison-rfc8536bis/01/>.
If the parameters are unspecified:
- Set the default memory consumption based on the amount of memory
available to userspace.
The algorithm actually slows down incredibly quickly as the "memory"
parameter is increased. We want to avoid running out of memory on low
memory systems, but increase the difficulty of bruteforcing passwords
from systems with a lot of memory. At the same time, we want to avoid
problems when concurrent logins are happening.
- Run a hashing loop for one second with steadily increasing "time"
until we settle on a value for "time". We want to use as much CPU time
as reasonable for computing the password hash without making logins
inconvenient.
- Centralize vnode kevent handling in the VOP_*() wrappers, rather than
forcing each individual file system to deal with it (except VOP_RENAME(),
because VOP_RENAME() is a mess and we currently have 2 different ways
of handling it; at least it's reasonably well-centralized in the "new"
way).
- Add support for NOTE_OPEN, NOTE_CLOSE, NOTE_CLOSE_WRITE, and NOTE_READ,
compatible with the same events in FreeBSD.
- Track which kevent notifications clients are interested in receiving
to avoid doing work for events no one cares about (avoiding, e.g.
taking locks and traversing the klist to send a NOTE_WRITE when
someone is merely watching for a file to be deleted, for example).
In support of the above:
- Add support in vnode_if.sh for specifying PRE- and POST-op handlers,
to be invoked before and after vop_pre() and vop_post(), respectively.
Basic idea from FreeBSD, but implemented differently.
- Add support in vnode_if.sh for specifying CONTEXT fields in the
vop_*_args structures. These context fields are used to convey information
between the file system VOP function and the VOP wrapper, but do not
occupy an argument slot in the VOP_*() call itself. These context fields
are initialized and subsequently interpreted by PRE- and POST-op handlers.
- Version VOP_REMOVE(), uses the a context field for the file system to report
back the resulting link count of the target vnode. Return this in tmpfs,
udf, nfs, chfs, ext2fs, lfs, and ufs.
NetBSD 9.99.92.
Fix a misinterpretation of the role of field fore and back. Now field
pad is rendered in the back attribute always instead of only being used
for the non-current field.
Don't move the cursor when getch is called if input is not going to
be echoed. Lynx uses the cursor to mark the current selection in a
pop-up, previously the cursor was being relocated when getch was called
which broke the Lynx item marking.
This changes argon2 from a separately built library into a private
dependency of libcrypt and removes the argon2(1) utility (we already
have pwhash(1)). Giving libcrypt more library dependencies
complicates things (e.g. libcrypt is a dependency of openssl).
pthreads support gets disabled in argon2 for similar reasons.
For testing argon2, we rely on the libcrypt test suite.