| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Mention Capsicum.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- In the libiconv module for ISO 2022 restore the original order of the
fields of a private struct such that variables of this type are
initialised correctly. Fixes conversion from ISO 2022.
Also do this in the BIG5 module to prevent similar errors in the future.
- In the libiconv module for EUC-TW replace 2^cs with 1<<cs. Fixes
conversion from EUC-TW.
- Synchronise iconv code with NetBSD. In most cases this only updates
the RCS id because the changes are already there or are NetBSD specific.
+ libc/iconv/citrus_csmapper.c: Add a comment.
+ libc/iconv/citrus_db_factory.c: Remove put16().
+ libc/iconv/citrus_iconv.c: Return EINVAL on error.
+ libc/iconv/citrus_mapper.c: Return EINVAL on error.
+ libc/iconv/citrus_memstream.c: Fix type of a variable.
+ libc/iconv/citrus_prop.h: Sync definition of _CITRUS_PROP_HINT_END.
+ libc/iconv/citrus_stdenc.c: Return EINVAL on error.
+ libiconv_modules/mapper_std/citrus_mapper_std.c: Plug memory leak.
Obtained from: NetBSD
|
|
|
|
|
|
|
|
|
|
| |
Make fts_open(3) treat an empty pathname like any other pathname that cannot
be lstatted because of [ENOENT].
It is rather confusing if rm -rf file1 "" file2 does not remove file1 and
file2.
PR: bin/187264
|
|
|
|
|
|
| |
S_ISTXT is non-standard.
While here, also update fchmodat() standards entry to POSIX.1-2008.
|
|
|
|
| |
Userland should get these definitions by including <signal.h>.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Merge the projects/clang-sparc64 branch back to head. This brings in
several updates from the llvm and clang trunks to make the sparc64
backend fully functional.
Apart from one patch to sys/sparc64/include/pcpu.h which is still under
discussion, this makes it possible to let clang fully build world and
kernel for sparc64.
Any assistance with testing this on actual sparc64 hardware is greatly
appreciated, as there will unavoidably be bugs left.
Many thanks go to Roman Divacky for his upstream work on getting the
sparc64 backend into shape.
MFC r262985:
Repair a few minor mismerges from r262261 in the clang-sparc64 project
branch. This is also to minimize differences with upstream.
|
|
|
|
|
|
|
| |
To avoid missing a chance to cancel thread, call _pthread_testcancel at the
beginning of _sem_timedwait.
Submitted by: Eric van Gyzen < eric at vangyzen dot net >
|
|
|
|
|
| |
libc man pages: Remove reference to non-existent FreeBSD Security
Architecture
|
|
|
|
|
|
|
| |
If rare conditions such as concurrent conflicting manipulation of the
filesystem occur, fts_read() frees the current FTSENT without adjusting
the pointers in the FTS accordingly. A later fts_close() then frees the
same FTSENT again.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Consistently pass around context information using a simple pointer.
This fixes some dereferencing bugs in Chinese character set conversions.
- Fix Simplified Chinese character set conversions by switching around the
fields of an internal struct so it corresponds with the way variables of
this type are initialised.
- Fix an array index out of bounds bug in iconv VIQR (Vietnamese) module.
- Silence gcc warning about unsigned comparison with 0.
Also record r258316 and r258587 as merged so they no longer show up as
eligible.
PR: 185964
Submitted by: Manuel Mausz <manuel-freebsd@mausz.at>
|
|
|
|
|
|
|
| |
Match the correct variable to the variable description.
PR: 121173
Submitted by: Thomas Mueller <tmueller at sysgo.com>
|
|
|
|
| |
Fix a typo.
|
|
|
|
|
|
|
|
|
| |
The posix_fallocate(2) syscall should return error number on error,
without modifying errno.
MFC r261290:
The posix_madvise(3) and posix_fadvise(2) should return error on
failure, same as posix_fallocate(2).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix undefined behavior: (1 << 31) is not defined as 1 is an int and this
shifts into the sign bit. Instead use (1U << 31) which gets the
expected result.
Similar to the (1 << 31) case it is not defined to do (2 << 30).
This fix is not ideal as it assumes a 32 bit int, but does fix the issue
for most cases.
A similar change was made in OpenBSD.
|
| |
|
|
|
|
|
| |
Replace Sun RPC license in TI-RPC library with a 3-clause BSD license
with the explicit permissions.
|
| |
|
|
|
|
| |
Provide the manual page for aio_fsync(2).
|
|
|
|
|
|
|
|
|
|
| |
Fix several bugs in sctp_bindx():
* Set errno to EAFNOSUPPORT if an address is provided which is neither
AF_INET nor AF_INET6.
* Don't modify the arguments.
* Don't smash the stack when provided with a non-zero port.
* Handle the case correctly where the first address provided is
an IPv6 address.
|
|
|
|
|
|
| |
The compile time constant limit on number of swap devices was removed in 5.2.
As such, remove the EINVAL error saying so. Currently the vm.nswapdev sysctl
just represents the number of added swap devices.
|
| |
|
|
|
|
|
|
| |
Do not force to run atexit handlers, which text comes from a dso owning
the handle passed to __cxa_finalize() but which are registered by other
dso, when the process is inside exit(3).
|
|
|
|
|
|
|
| |
Fix typo.
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
| |
Fix description to actually make sense.
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
| |
Mention acl_get_brand_np(3).
Approved by: re (gjb)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r258537 (hrs):
Add ICONV_{GET,SET}_ILSEQ_INVALID iconvctl. GNU iconv returns
EILSEQ when there is an invalid character in the output codeset
while it is valid in the input. However, POSIX requires iconv()
to perform an implementation-defined conversion on the character.
So, Citrus iconv converts such a character to a special character
which means it is invalid in the output codeset.
This is not a problem in most cases but some software like libxml2
depends on GNU's behavior to determine if a character is output
as-is or another form such as a character entity (&#NNN;).
r258587 (peter):
Move the iconv wrapper source from libc_nonshared to libc/iconv so
that it is all in the one place again. Rename libc/iconv/iconv.c
to bsd_iconv.c. Compile the wrappers into libc.a so that
WITHOUT_DYNAMICROOT works again.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
| |
compatibility symbols to aid transition for existing 10.x installs.
Approved by: re (kib)
|
|
|
|
|
|
| |
Fix extattr(2) MLINKS.
Approved by: re (kib)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
r257583 (peter):
Remove the WITH_LIBICONV_COMPAT hack that seems to do more harm
than good. This caused libc to spoof the ports libiconv namespace
and provide a colliding libiconv.so.3 to fool rtld. This should
have been removed some time ago.
r258012:
Remove WITH_LIBICONV_COMPAT file to chase after r257583.
r258013:
Regenerate src.conf.5 after removal of WITH_LIBICONV_COMPAT.
Approved by: re (kib)
Sponsored by: The FreeBSD Foundation
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
| |
Fix typo in include guard, found by clang 3.4.
Approved by: re (hrs)
|
|
|
|
|
|
|
|
|
|
| |
- Add manual pages for capability rights (rights(4)), cap_rights_init(3)
family of functions and cap_rights_get(3) function.
- Update remaining Capsicum-related manual pages.
Sponsored by: The FreeBSD Foundation
Reviewed by: bdrewery
Approved by: re (glebius)
|
|
|
|
|
|
|
|
|
|
| |
Make getutxent(3) more robust against bad utx.log files. Whenever we read
zeroes, don't stop processing the file, but read until its end or valid
data.
In collaboration with: ed
Approved by: re (kib)
|
|
|
|
|
|
|
|
|
|
|
| |
Drop cm_lock before calling mapper_close, which in turn could call
_citrus_mapper_close again and result in a deadlock otherwise.
This is similar to NetBSD PR/24023 (fixed in their r1.5 of this file).
PR: bin/182994
Submitted by: Fabian Keil <fk fabiankeil de>
Approved by: re (hrs)
|
|
|
|
|
|
|
|
|
|
|
| |
The accept(2) man page warns that O_NONBLOCK and other properties on the
new socket may vary across implementations. However, this issue only
applies to accept() and not to accept4(). On the other hand, accept4()
is not commonly available yet.
Reported by: pluknet
Reviewed by: bjk
Approved by: re (kib)
|
|
|
|
| |
Approved by: re (blanket)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exhausted.
- Add a new protect(1) command that can be used to set or revoke protection
from arbitrary processes. Similar to ktrace it can apply a change to all
existing descendants of a process as well as future descendants.
- Add a new procctl(2) system call that provides a generic interface for
control operations on processes (as opposed to the debugger-specific
operations provided by ptrace(2)). procctl(2) uses a combination of
idtype_t and an id to identify the set of processes on which to operate
similar to wait6().
- Add a PROC_SPROTECT control operation to manage the protection status
of a set of processes. MADV_PROTECT still works for backwards
compatability.
- Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc)
the first bit of which is used to track if P_PROTECT should be inherited
by new child processes.
Reviewed by: kib, jilles (earlier version)
Approved by: re (delphij)
MFC after: 1 month
|
|
|
|
|
| |
Approved by: re (gjb)
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
used "fd", while these used "d" and "filedes".
MFC after: 1 week
Approved by: gjb
Approved by: re (delphij)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
an address in the first 2GB of the process's address space. This flag should
have the same semantics as the same flag on Linux.
To facilitate this, add a new parameter to vm_map_find() that specifies an
optional maximum virtual address. While here, fix several callers of
vm_map_find() to use a VMFS_* constant for the findspace argument instead of
TRUE and FALSE.
Reviewed by: alc
Approved by: re (kib)
|
|
|
|
|
|
| |
endian the CPU is in, i.e. little-endian on most ARM cores.
This allows ARMv4 and ARMv5 boards to boot with the ARM EABI.
|
| |
|
|
|
|
|
| |
Although the resolver's sockets are exposed to applications via res_state,
I do not expect them to pass the sockets across execve().
|
|
|
|
|
|
|
| |
This change avoids undesirably passing some internal file descriptors to a
process created (fork+exec) by another thread.
Kernel support for SOCK_CLOEXEC was added in r248534, March 19, 2013.
|
|
|
|
|
|
|
|
|
|
| |
Austin Group issue #411 requires 'e' to be accepted before and after 'x',
and encourages accepting the characters in any order, except the initial
'r', 'w' or 'a'.
Given that glibc accepts the characters after r/w/a in any order and that
diagnosing this problem may be hard, change our libc to behave that way as
well.
|
|
|
|
|
| |
This broke any C89 ports that defined bool themselves, including things
like gcc, gtk, and so on.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
|
|
|
|
|
|
| |
the original committer didn't provide one.
MFC after: 3 days
|
|
|
|
|
|
|
|
|
|
|
|
| |
As mentioned in r16117 and the book "Advanced Programming in the Unix
Environment" by W. Richard Stevens, we should ignore SIGINT and SIGQUIT
before forking, since it is not guaranteed that the parent process starts
running soon enough.
To avoid calling sigaction() in the vforked child, instead block SIGINT and
SIGQUIT before vfork() and keep the sigaction() to ignore after vfork(). The
FreeBSD kernel discards ignored signals, even if they are blocked;
therefore, it is not necessary to unblock SIGINT and SIGQUIT earlier.
|