* Remove the WCOL family of macros, these were "stealing" the upper bits
of a character attribute to store the column width of a character. No
warning was given about this in curses.h which meant it was easy to
accidentally reuse the bits in use by the WCOL macros (we already did).
Add couple of 16bit ints to the character structure iff HAVE_WCHAR is
true to hold the display width and wide char related flags (just
continuation at the moment)
* Convert all instances of WCOL macros to just reference the column width
in the char structure so it is not obfuscated.
* Fix cursor positioning so placing a cursor in the middle of a wide char
actually does just that.
* Fix plod so it understands that if the cursor is going to be positioned
in the middle of a wide char it cannot just reprint the char to get there.
* Fix plodput so it correctly counts the number of output characters for
wide characters.
* Fix slk routines to properly size the wctomb() buffer.
lib/librefuse/refuse_compat.c(155):
error: void function fuse_unmount cannot return value [213]
lib/librefuse/refuse/v30.c(57):
error: void function fuse_destroy_v30 cannot return value [213]
It is supposed to print a help message without the usage
line. Although it is deprecated and has been removed as of FUSE 3.0,
filesystems in the wild still use it.
* FUSE_MAKE_VERSION(maj, min) now generates a 3-digits number if the
version is higher than 3.9. This is needed to support FUSE 3.10 API.
* FUSE_{MAJOR,MINOR}_VERSION no longer have a fixed value but are
derived from FUSE_USE_VERSION specified by the user code. This is
needed to support more FUSE filesystems in the wild.
puffs_daemon(3) creates a pipe before forking, and the parent process
waits for the child to either complete puffs_mount(3) or fail. If a
user calls puffs_daemon(3) after puffs_mount(3), the function
deadlocks. While this error-reporting functionality is really a nice
thing to have, deadlocking is not great. If the filesystem has already
been mounted, puffs_mount(3) should just daemonize the process and
return.
This became an issue because fuse_daemonize(3) in FUSE API had no such
requirement and some FUSE filesystems in the wild suffered deadlocks.
Remove the DIAGASSERT for str being NULL in the puts/putp functions,
add protection so that the functions just return OK if str is NULL.
This prevents the assert firing when libcurses passes through a NULL
due to an undefined terminfo entry.
and not just the part used by the present pathname, because the entire
struct will be passed to bind() and an EFAULT can result if not all of
it is a valid allocation. Fixes PR kern/56533.
we want to load the timezone data using the same structs they were saved as.
Introduce __time_t which is always 64 bits and make the minimal changes for
this to work. Yes, it is ugly.
The goal is to fully support FUSE API version 3.0 while maintaining
API/ABI compatibility with code written for 2.6 (or even older).
* <fuse.h> now emits a compiler warning if it's included without
defining FUSE_USE_VERSION. It had been silently defaulted to the
latest supported version prior to this change. This is permissive
compared to the original FUSE, as it emits an error instead.
* <fuse.h> now emits a warning if FUSE_USE_VERSION is higher than what
can be provided.
* Added a macro FUSE_MAKE_VERSION(maj, min). It was missing from
librefuse <fuse.h>.
No actual API updates have been made (yet).
Chuck Silvers pointed out that voff_t was also supposed to be
kernel-only. The correct type to use in userland would be off_t, but
since changing vsize_t to either voff_t or off_t is an ABI change on
32-bit platforms, we use size_t knowing that it is technically
incorrect.
<puffs.h> is a user-space header, and should not use any of
kernel-only types. It's not reasonable to require user-land
filesystems to #define _KERNTYPES.
I should have thought twice before commiting it. Of course changing
the layout of a struct breaks ABI compatibility. Change the offset
back to fixed 32 bits.
This change shouldn't make any behavioral differences in reality, but
compilers these days dislike converting -1U to int32_t implicitly,
which is indeed understandable.
Prior to this change we were calling init() before daemonizing the
process. Some filesystems call chdir(2) in init() but fuse_daemonize()
call chdir("/"), which breaks assumptions about the state of the
process.
directives to allow exception unwind / backtrace across a signal
handler.
N.B. This is currently disabled, as these .cfi directives cause
linker warnings about incompatible TEXTREL relocations in .eh_frame.
This provides an extra level of side-channel and cracking resistance
compared to the pre-existing pkcs5_pbkdf2/sha1 method used for
password-based disk encryption.
Several new keygen parameters are supported:
memory (integer, in kilobytes)
parallelism (integer, usually the number of CPU cores)
version (integer, usually 19...)
We do our best to calibrate these automatically when the paramsfile
is initially generated.
lgtm riastradh@
Correct the behaviour for ins_wstr:
* Properly check the string will fit by processing any special
characters present when preforming the check.
* Simplify the routine by removing code that duplicates the code in
_cursesi_addwchar and just call _cursesi_addwchar.
trampoline exclusively, thus relegating "sigcontext"-style handlers (which
have not been documented for many years now) to the dustbin of the compat
library.
COPTS.*+= -Wno-error=.*
lines for building argon2 sources, by fixing the problems at source.
Addresses Rin Okuyama's concerns on tech-userlevel/tech-crypto in
Message-ID: <f1eab199-3607-bb05-15cc-033e38721ba4@gmail.com>
command, so that the command cannot appear to be more options
(which always then fails, as there would be no arg for "-c" to
treat as the command string in that case).
For the full (LONG) explanation, see:
http://mail-index.netbsd.org/current-users/2021/10/29/msg041629.html
I don't know what an alow is, maybe some cousin of the alot.
Awaiting a nature documentary by Allie Brosh about these perhaps more
elusive beasts.
PR misc/56473, from jschauma
- sparc and sparc64 were not using version 0 sigcontext when there were
no arguments in the signal version. This was probably a bug.
- vax is using +1 the version numbers of the other archs.
- Only hppa was defining __LIBC12_SOURCE__ so it was getting a working
sigcontext before. all the other ports that supported sigcontext had
the compat code disabled.
[pointed out by thorpej, thanks!]
If we want to remove sigcontext support from userland at least now there
is less work to do so.
Move cursor to end of the currently active field and sync the cursor
location so the cursor get positioned correctly when the form window
is refreshed.
write buffer associated with the file descriptor is empty. This is
currently implemented only for sockets, and is intended primarily to
provide visibility to applications that all previously written data
has been acknowledged by the TCP layer on the receiver. Compatible
with the same filter in FreeBSD.
Release 2021e - 2021-10-21 18:41:00 -0700
Changes to code
none
Release 2021d - 2021-10-15 13:48:18 -0700
Changes to code
'zic -r' now uses "-00" time zone abbreviations for intervals
with UT offsets that are unspecified due to -r truncation.
This implements a change in draft Internet RFC 8536bis.
Release 2021c - 2021-10-01 14:21:49 -0700
Changes to code
Fix a bug in 'zic -b fat' that caused old timestamps to be
mishandled in 32-bit-only readers (problem reported by Daniel
Fischer).
Changes to documentation
Distribute the SECURITY file (problem reported by Andreas Radke).
Release 2021b - 2021-09-24 16:23:00 -0700
Changes to maintenance procedure
The new file SECURITY covers how to report security-related bugs.
Several backward-compatibility links have been moved to the
'backward' file. These links, which range from Africa/Addis_Ababa
to Pacific/Saipan, are only for compatibility with now-obsolete
guidelines suggesting an entry for every ISO 3166 code.
The intercontinental convenience links Asia/Istanbul and
Europe/Nicosia have also been moved to 'backward'.
Changes to code
zic now creates each output file or link atomically,
possibly by creating a temporary file and then renaming it.
This avoids races where a TZ setting would temporarily stop
working while zic was installing a replacement file or link.
zic -L no longer omits the POSIX TZ string in its output.
Starting with 2020a, zic -L truncated its output according to the
"Expires" directive or "#expires" comment in the leapseconds file.
The resulting TZif files omitted daylight saving transitions after
the leap second table expired, which led to far less-accurate
predictions of times after the expiry. Although future timestamps
cannot be converted accurately in the presence of leap seconds, it
is more accurate to convert near-future timestamps with a few
seconds error than with an hour error, so zic -L no longer
truncates output in this way.
Instead, when zic -L is given the "Expires" directive, it now
outputs the expiration by appending a no-change entry to the leap
second table. Although this should work well with most TZif
readers, it does not conform to Internet RFC 8536 and some pickier
clients (including tzdb 2017c through 2021a) reject it, so
"Expires" directives are currently disabled by default. To enable
them, set the EXPIRES_LINE Makefile variable. If a TZif file uses
this new feature it is marked with a new TZif version number 4,
a format intended to be documented in a successor to RFC 8536.
zic -L LEAPFILE -r @LO no longer generates an invalid TZif file
that omits leap second information for the range LO..B when LO
falls between two leap seconds A and B. Instead, it generates a
TZif version 4 file that represents the previously-missing
information.
The TZif reader now allows the leap second table to begin with a
correction other than -1 or +1, and to contain adjacent
transitions with equal corrections. This supports TZif version 4.
The TZif reader now lets leap seconds occur less than 28 days
apart. This supports possible future TZif extensions.
Fix bug that caused 'localtime' etc. to crash when TZ was
set to a all-year DST string like "EST5EDT4,0/0,J365/25" that does
not conform to POSIX but does conform to Internet RFC 8536.
Fix another bug that caused 'localtime' etc. to crash when TZ was
set to a POSIX-conforming but unusual TZ string like
"EST5EDT4,0/0,J365/0", where almost all the year is DST.
Fix yet another bug that caused 'localtime' etc. to mishandle slim
TZif files containing leap seconds after the last explicit
transition in the table, or when handling far-future timestamps
in slim TZif files lacking leap seconds.
Fix localtime misbehavior involving positive leap seconds.
This change affects only behavior for "right" system time,
which contains leap seconds, and only if the UT offset is
not a multiple of 60 seconds when a positive leap second occurs.
(No such timezone exists in tzdb, luckily.) Without the fix,
the timestamp was ambiguous during a positive leap second.
With the fix, any seconds occurring after a positive leap second
and within the same localtime minute are counted through 60, not
through 59; their UT offset (tm_gmtoff) is the same as before.
Here is how the fix affects timestamps in a timezone with UT
offset +01:23:45 (5025 seconds) and with a positive leap second at
1972-06-30 23:59:60 UTC (78796800):
time_t without the fix with the fix
78796800 1972-07-01 01:23:45 1972-07-01 01:23:45 (leap second)
78796801 1972-07-01 01:23:45 1972-07-01 01:23:46
...
78796815 1972-07-01 01:23:59 1972-07-01 01:23:60
78796816 1972-07-01 01:24:00 1972-07-01 01:24:00
Fix an unlikely bug that caused 'localtime' etc. to misbehave if
civil time changes a few seconds before time_t wraps around, when
leap seconds are enabled.
Fix bug in zic -r; in some cases, the dummy time type after the
last time transition disagreed with the TZ string, contrary to
Internet RFC 8563 section 3.3.
Fix a bug with 'zic -r @X' when X is a negative leap second that
has a nonnegative correction. Without the fix, the output file
was truncated so that X appeared to be a positive leap second.
Fix a similar, even-less-likely bug when truncating at a positive
leap second that has a nonpositive correction.
zic -r now reports an error if given rolling leap seconds, as this
usage has never generally worked and is evidently unused.
zic now generates a POSIX-conforming TZ string for TZif files
where all-year DST is predicted for the indefinite future.
For example, for all-year Eastern Daylight Time, zic now generates
"XXX3EDT4,0/0,J365/23" where it previously generated
"EST5EDT,0/0,J365/25" or "". (Thanks to Michael Deckers for
noting the possibility of POSIX conformance.)
zic.c no longer requires sys/wait.h (thanks to spazmodius for
noting it wasn't needed).
When reading slim TZif files, zdump no longer mishandles leap
seconds on the rare platforms where time_t counts leap seconds,
fixing a bug introduced in 2014g.
zdump -v now outputs timestamps at boundaries of what localtime
and gmtime can represent, instead of the less-useful timestamps
one day after the minimum and one day before the maximum.
(Thanks to Arthur David Olson for prototype code, and to Manuela
Friedrich for debugging help.)
zdump's -c and -t options are now consistently inclusive for the
lower time bound and exclusive for the upper. Formerly they were
inconsistent. (Confusion noted by Martin Burnicki.)
Changes to build procedure
You can now compile with -DHAVE_MALLOC_ERRNO=0 to port to
non-POSIX hosts where malloc doesn't set errno.
(Problem reported by Jan Engelhardt.)
Changes to documentation
tzfile.5 better matches a draft successor to RFC 8536
<https://datatracker.ietf.org/doc/draft-murchison-rfc8536bis/01/>.
If the parameters are unspecified:
- Set the default memory consumption based on the amount of memory
available to userspace.
The algorithm actually slows down incredibly quickly as the "memory"
parameter is increased. We want to avoid running out of memory on low
memory systems, but increase the difficulty of bruteforcing passwords
from systems with a lot of memory. At the same time, we want to avoid
problems when concurrent logins are happening.
- Run a hashing loop for one second with steadily increasing "time"
until we settle on a value for "time". We want to use as much CPU time
as reasonable for computing the password hash without making logins
inconvenient.
- Centralize vnode kevent handling in the VOP_*() wrappers, rather than
forcing each individual file system to deal with it (except VOP_RENAME(),
because VOP_RENAME() is a mess and we currently have 2 different ways
of handling it; at least it's reasonably well-centralized in the "new"
way).
- Add support for NOTE_OPEN, NOTE_CLOSE, NOTE_CLOSE_WRITE, and NOTE_READ,
compatible with the same events in FreeBSD.
- Track which kevent notifications clients are interested in receiving
to avoid doing work for events no one cares about (avoiding, e.g.
taking locks and traversing the klist to send a NOTE_WRITE when
someone is merely watching for a file to be deleted, for example).
In support of the above:
- Add support in vnode_if.sh for specifying PRE- and POST-op handlers,
to be invoked before and after vop_pre() and vop_post(), respectively.
Basic idea from FreeBSD, but implemented differently.
- Add support in vnode_if.sh for specifying CONTEXT fields in the
vop_*_args structures. These context fields are used to convey information
between the file system VOP function and the VOP wrapper, but do not
occupy an argument slot in the VOP_*() call itself. These context fields
are initialized and subsequently interpreted by PRE- and POST-op handlers.
- Version VOP_REMOVE(), uses the a context field for the file system to report
back the resulting link count of the target vnode. Return this in tmpfs,
udf, nfs, chfs, ext2fs, lfs, and ufs.
NetBSD 9.99.92.
Fix a misinterpretation of the role of field fore and back. Now field
pad is rendered in the back attribute always instead of only being used
for the non-current field.
Don't move the cursor when getch is called if input is not going to
be echoed. Lynx uses the cursor to mark the current selection in a
pop-up, previously the cursor was being relocated when getch was called
which broke the Lynx item marking.
This changes argon2 from a separately built library into a private
dependency of libcrypt and removes the argon2(1) utility (we already
have pwhash(1)). Giving libcrypt more library dependencies
complicates things (e.g. libcrypt is a dependency of openssl).
pthreads support gets disabled in argon2 for similar reasons.
For testing argon2, we rely on the libcrypt test suite.
rillig