Before: error: expected undefined [99]
After: error: 'expected' undefined [99]
Seen in external/mpl/bind, which for Clang defines in stdatomic.h:
> #define atomic_exchange_explicit(obj, desired, order) \
> __c11_atomic_exchange_explicit(obj, expected, order)
Note the mismatch between 'desired' and 'expected'.
That statement may have been true in 1993, but definitely is not true
anymore, as of 2021.
The part about "needs to be completely redone" is still true though
since indent cannot even format its own source code in an acceptable
way.
outgrown the previous size specification when the system was built
with all of MKDEBUG, MKKDEBUG, and MKDEBUGLIB set to "yes" (and
also when in-tree X11 is included).
So, bump the size a bit.
The new format follows the common conventions for file locations and
allows quick navigation in IDEs.
To trigger an internal error, it suffices to have 2 tokens in lint1's
input, after preprocessing: 'void __pure'.
C99 does not define names for the head parts of the 'for' statements, it
just calls them clause-1, expression-2 and expression-3. Therefore the
rather abstract name 'expr3'.
No functional change.
The previous names were highly ambiguous. The 'decl' could have meant
'declaration', which would be the usual abbreviation. It could also be
split into 'dec' and 'l', meaning 'declaration level', which would make
more sense in this particular context.
To avoid having to guess anything about these names, rename the
functions. Instead of 'push' and 'pop', I renamed them to 'begin' and
'end' since these are the high-level operation that are of interest.
That the hierarchy of declaration levels is implemented as a stack is
nice to know but not as important to understand the whole situation.
No functional change.
This makes the code several lines longer but way more readable. In the
previous dense expression it was hard to see what was going on at all
and that there are two completely separate situations in which this
warning applies.
No functional change.
signals. This introduces a new kernel and userland NVMM version indicating
this support.
Patch by Kamil Rytarowski <kamil@netbsd.org> and committed on his request.
From the previous commit, there was an off-by-one error left, which was
due to the interaction between designation_add_subscript and
extend_if_array_of_unknown_size.
The other crucial point was to call initstack_pop_nobrace before
accessing the "current initialization stack element". Without this
call, in msg_168.c the "current element" would point to the initializer
level for 'const char *' instead of the one for 'array of const char *'.
One more step towards supporting C99.
Initialization is still buggy but better than before. The remaining bug
is that only the first designator determines the array size, and after
that, the array is no longer considered of unknown size. This
contradicts C99. More improvements to come.
One of the latest "refactorings" introduced a small and practically
unimportant memory leak. If the last initializer in an initialization
had a designator, that designator was not freed.
When the "current initialization" was still a global variable with
unlimited lifetime, it was freed at the beginning of the next
initialization. After the refactorings, this "next initialization"
could no longer see anything from the previous initialization since all
references have been cleaned up at that point. Freeing the memory so
late and in an almost totally unrelated place was a bad idea anyway.
There are far too many places that modify the top element of the
initializer stack. Each of these places should get its own logging, as
long as the code is still complicated. These places are now clearly
marked with initstk_lvalue.
No functional change.
This makes it possible to accurately model C99 initializers, including
their optional designators. Previously, array subscripts had not been
modeled at all.
In the previous commit, debug_designation crashed immediately since I
had not run the code in debug mode even once. The condition 'name !=
head' was a left-over from the old times where the designator was still
a circular list.
No functional change outside debug mode.
Following discussions on current-users@, it seems many rely on ZFS to
store data, and there are not particularly large issues with ZFS. ATF
tests with /tmp as tmpfs, ffs2, and zfs are similar, with only a
slight increase in failures under zfs.
(This commit should probably NOT be pulled up to 9.)
Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag. This flag enables additional security
checks of the certificates present in a certificate chain. It is
not set by default.
Starting from OpenSSL version 1.1.1h a check to disallow certificates
in the chain that have explicitly encoded elliptic curve parameters
was added as an additional strict check.
An error in the implementation of this check meant that the result
of a previous check to confirm that certificates in the chain are
valid CA certificates was overwritten. This effectively bypasses
the check that non-CA certificates must not be able to issue other
certificates.
If a "purpose" has been configured then there is a subsequent
opportunity for checks that the certificate is a valid CA. All of
the named "purpose" values implemented in libcrypto perform this
check. Therefore, where a purpose is set the certificate chain will
still be rejected even when the strict flag has been used. A purpose
is set by default in libssl client and server certificate verification
routines, but it can be overridden or removed by an application.
In order to be affected, an application must explicitly set the
X509_V_FLAG_X509_STRICT verification flag and either not set a
purpose for the certificate verification or, in the case of TLS
client or server applications, override the default purpose.
([CVE-2021-3450])
Tomasz Mraz
Fixed an issue where an OpenSSL TLS server may crash if sent a
maliciously crafted renegotiation ClientHello message from a client.
If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms
extension (where it was present in the initial ClientHello), but
includes a signature_algorithms_cert extension then a NULL pointer
dereference will result, leading to a crash and a denial of service
attack.
A server is only vulnerable if it has TLSv1.2 and renegotiation
enabled (which is the default configuration). OpenSSL TLS clients
are not impacted by this issue. ([CVE-2021-3449])
Peter Kaestle and Samuel Sapalski
