Release 2.1.1 Sat March 12 2016
Security fixes:
#582: CVE-2015-1283 - Multiple integer overflows in XML_GetBuffer
Bug fixes:
#502: Fix potential null pointer dereference
#520: Symbol XML_SetHashSalt was not exported
Output of "xmlwf -h" was incomplete
Other changes
#503: Document behavior of calling XML_SetHashSalt with salt 0
Minor improvements to man page xmlwf(1)
Improvements to the experimental CMake build system
libtool now invoked with --verbose
when they signal a hangup while still using the device. This allows
a concurrent open to succeed without proper locking because it
only checks the state of the tty layer.
This issue triggers an assertion in ucom due to a reused USB xfer,
but it can also cause misbehaviour in other com devices.
For now in ucom:
- make open block while close is in progress
- also serialize close operations
But there is a difference in the way it is done here. If PAE is not enabled,
PDE_SIZE = 4, so there is no NOX bit set. If PAE is enabled, PDE_SIZE = 8,
so the NOX bit is set.
This works exactly as intended, since NOX does not exist in the non-PAE
case.
and reduce the length of the randomization bits since this is unused.
- call the pax aslr stack function sooner so we don't need to re-adjust the
stack size.
- adjust the stack max resource limit to account for the maximum space that
can be lost by aslr
- tidy up debugging printfs
Even though section "2.3.3 Information About the History List"
of the history(3) info(1) manual only says
-- Function: int where_history (void)
Returns the offset of the current history element.
which maybe isn't completely clear, a plausible implementation
is that the offset returned is the same offset that can be used
for history_set_pos(), i.e. that it is 0 for the oldest entry
and increases with time, and that's how the GNU implementation
behaves indeed.
The libedit implementation, on the other hand, returns 1 for the
newest entry and increases going back in time.
So here is a patch to get basic ski console output working. The ski
simulator was decoding the wrong registers in ssccnputc() due to
automagically inlined ssc() which contains a "break" simulated system
call.
The ski loader "skiload" has almost exactly the same inline assembly
call for ssc(), but for whatever reason, (maybe ssc() and
ski_cons_putchar() are in different files?), the ssc() function didn't
get inlined and I/O worked fine.
code reading, rather than any actual real use case failing.
With this script
f()
{
echo hello $1
}
exec 3>&1
echo $(
for i in a b c
do
echo @$i
f >&3
done >/tmp/foo
)
echo foo= $(cat /tmp/foo)
what should be output is
hello
hello
hello
foo= @a @b @c
but since the (my) 48875 fix the other day, we've been getting
hello
@b
hello
@c
hello
foo= @a
This fixes that. I think (hope) this is the last of these fixes...
in the Xen ld scripts, so that it can compile. We put the __rodata_start
definition right before __data_start, for it to appear as dead code, since
the rodata segment is not yet mapped independently on Xen.
because twe is already using 332
- clarify that new MI devices should go to this file
instead of majors.{ws,usb,std,tty,storage}
- fix major number conflict about hdmicec vs tty
OKed by matt@
the expression "previously not MI" is suggested by matt@ too.
copyfd() duplicates file descriptors - it used to be widely used,
but these days has seen its popularity dwindle. Strip it of an
option that ceased to be variable (simplifying code) and cause all
its users to check its result, so it does not need to handle errors
itself (simplifying code further), and make it become a private inernal
routine in redir.c (all callers from other places have switched to a
more modern interface.) Make sure we error() if N>&N fails (if N is closed.)
(where N is a decimal fd number) either when used as
some-command N>&N
(where fd N is passed, open, to some-command - which is obviously what is
wanted)
Or as
exec N>&N
which effects fd N for all future commands.
Note that this means
exec N>foo N>&N
returns to the old behaviour of leaving the file descriptor open
when commands are run (as do most shells, other than ksh) and works for
both new and old NetBSD shells (old ones never set close-on-exec, and treat
N>&N as a rather meaingless no-op request, and just ignore it), new ones
set close-on-exec on the first redirection, then disable it again on the
second.
Everything here about >& for output fds applies to <& for input ones.
OK christos@
