introduce cpushutdown() function that does the common
operation of initiating shutdown, returning once all
cpu's got the message and are about to shutdown. this
avoids duplicated code which isnt really machine specific.
automatic reboot on panic only when *debug= is not set
and the machine is a cpu server or has no display,
otherwise just hang.
chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter
and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so
setupChachastate() now takes a ivlen argument which sets the mode.
add ccpoly_encrypt()/ccpoly_decrypt() routines.
to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so
adding tsmemcmp() to libsec.
when the "resize" wctl was used on a hidden window, the window
was put back on the screen, however, it was not removed from
the hidden[] array so trying to hide the window again failed
because whide() assumed it was already hidden.
the fix is to not unhide the window, but preserve the hidden
state, so windows can programmatically be reshaped and moved,
but will remain hidden unless explicitely unhidden.
to solve the usb device enumeration race on boot, usbd creates /env/usbbusy
on startup and once all devices have been enumerated and readers have consumed
all the events, we remove the file so nusbrc/bootrc can continue. this makes
sure all the usb devices that where plugged in on boot are made available.
when opening a /env file ORCLOSE, and the process exits, envgrp() would
return nil can crash in envremove() because procexit will have set up->egrp
to nil before calling closefgrp().
the solution is to capture the environment on open, keeping a reference in
Chan.aux, so it doesnt matter on what process the close happens and a
env chan will always refer to its original environment group.
instead of checking addr+len >= addr, check len >= -addr so
that addr == 0 is never valid for len > 0 even if we decide
to have memory at the zero page so theres never any chance
user can pass in "nil" pointers.
put up some signs where we fall thru the switch cases in
fixfault()
sha256 is only defined for TLS1.2, however, technically, theres
no reason not to use it in TLS1.0/TLS1.1. the choice is up to
tlshand and pushtls, not the kernel.
listensrv() used to override Srv.end() with its own handler
to free the malloc'd Srv structure and close the fd. this
makes it impossible to register your own cleanup handler.
instead, we introduce the private Srv.free() handler that
is used by listensrv to register its cleanup code. Srv.free()
is called once all the srv procs have been exited and all
requests on that srv have been responded to while Srv.end()
is called once all the procs exited the srv loop regardless
of the requests still being in flight.
code assumed the accessdir() call would always mark the block dirty, but
this is not the case when noatime flag is enabled. this was reported by
michael in bug:
"open/with_noatime_option_cwfs_doesnt_preserve_changes_in_file_permissionowner"
--
cinap
introduce wificfg() function to convert ether->opt[] strings
to wifictl messages, which needs quoting for the value. so
etherX=type=iwl essid='something with spaces' works.
from charles forsuth:
because the previous version thought OINDEX might have a side effect, it
stopped it building a tower of them.
probably the best thing is to limit that anyway, since each one consumes
2-3 registers, so towering them can
keep even more active, and the x86 hasn't got that many.
the quick hack is to return that case to the earlier state by treating
OINDEX as a side-effect in side().
it's not a bad thing to do in the OSTRUCT case, for similar reasons: it's
better to collapse the indexed pointer
into a direct register, instead of repeating the indexing operation through
the copying of the value.
OINDEX isn't a machine-independent operation, so it doesn't affect the uses
in ../cc
- cover more cases that have no side effects
- ensure function has complex FNX
- pull operators out of OFUNC level
- rewrite OSTRUCT lhs to avoid all side-effects, use regalloc() instead of regret()
maximum file size is 4GB-1 as the file length is stored in
a 32 bit long. make sure it doesnt overflow on write or
or truncate. interpret the file length as unsigned. pass
vlong to readfile()/writefile()/truncfile() so we can
handle overflows and not just ignore the upper bits.
- fix missing runlock(ifc) when ifcid != a->ifcid in rxmitsols() (thanks erik quanstro)
- don't leak packets when transfering blocks from arp entry hold list to droplist
- free rest of droplist when bwrite() errors in arpenter(), remove useless checks (ifc != nil)
- free arp entry hold list from cleanarpent()
- consistent use of nil for pointers
sprint() will replace invalid utf8 sequences with U+FFFD
which caused directory reads and stats to return the wrong
filename. just strcpy the name bytes.
the dynamic input buffer resize code (fillbuf()) is broken as
the calling code assumes that memory wont relocate. instead
of trying to work out all the cases where this happens, i'm
getting rid of fillbuf() and just read the whole file into
memory in setsource().
the bug could be reproduced with something as simple as:
@{for(i in `{seq 1 10000}){echo $i ', \'; }} | cpp
X509req() and X509gen() used to leak memory, and had no way for
the caller to free the allocated certificate/certificate request
buffer returned. this is not critical as these functions are only
used in short lived rsa(2) helper programs. but i prefer to have
library routines not leak memory as one does not know in advance
where the code is going to be used.
we used to negotiate tls1.1 for client cert authentication because the
signature generation was not implemented for tls1.2. this is now fixed
and tls1.2 can be negotiated with client certs.
actually verify the diffie hellman parameter signature, this
comes in two flavours. TLS1.2 uses X509 signature with a
single hash specified by the signature algorithm field in
the signature itself and pre TLS1.2 where md5+sha1 hashes
of the signed blob are pkcs1 padded and encrypted with the
rsa private key.
stop advertizing non-rsa cipher suits (DSS and ECDSA), as
we have not implmenented them.
fix some memory leaks in X509 code while we'r at it.
libdraw was attempting to bind '#i' and '#m' to /dev when it could not find
/dev/mouse or /dev/draw. a library shouldnt be that clever and do namespace
manipulations on behalf of the caller. so instead, we setup the graphics
environment in screenrc on boot time.
---------- Forwarded message ----------
From: Charles Forsyth <charles.forsyth@gmail.com>
Date: 13 September 2015 at 12:38
Subject: fis bug
To: erik quanstrom <quanstro@quanstro.net>
geoff spotted something similar in sdiahci.c, but it's in libfis as well:
c[Flba24] = lba >> 24;
c[Flba32] = lba >> 32;
c[Flba40] = lba >> 48;
>> 48?? should be >> 40, especially with drive sizes getting up there.
TLS1.2 requires the client to send the list of supported
signature and hash algorithm pairs. some servers will simply
reject the client hello otherwise. note that we do not implement
any dh/ecdh param signature verification.
order the cipher list to strogest first. aes128 is actually more
secure than aes256.
tar used to infer compression type from the filenames extension, but when
no file name is given (stdin/stdout), the -z flag was ignored and no
compression filter applied. this changes tar to assume the default
gzip compression method when z is given and no file name is specified.
these functions where undocumented and unused. especially
tprivfree() was buggy missing a unlock() call. theres not
much point in supporting these functions as theres
threaddata() and procdata().
this generates a disk image (to be written to usb or
sdmmc card) containing 9fat partition with kernel and
a hjfs filesystem partition with the 9front distribution.
this could be easily extended to generate raspberry pi
images as well, but i have no hardware to test.
for incoming connection, we used s->laddr to lookup the interface
for the incoming call, but this does not work when the announce
address is tcp!*!123, then s->laddr is all zeros "::". instead,
use the incoming destination address for interface mtu lookup.
thanks mycroftix for troubleshooting!
this is in preparation for replacing DES ticket encryption with
something better. but first need to make the code stop making
assumptions.
the wire encoding of the Ticket might be variable length
with TICKETLEN just giving an upper bound. the details will be
handled by libauthsrv _asgetticket() and _asgetresp() funciotns.
the Authenticator and Passwordreq structures are encrypted
with the random ticket key. The encryption schmeme will depend
on the Ticket format used, so we pass the Ticket* structure
instead of the DES key.
introduce Authkey structure that will hold all the required
cryptographic keys instead of passing DES key.
mthing->angle is a signed short, and if ANG45 * mthing->angle/45 < 0, the
result of the right shift is sign extended.
afaik, an being 16bit in the dos version of doom, you'd endup with a
negative array offset, which would just access values from adjacent arrays
(finetangent[] for finecosine[], and finecosine[] for finesine[]), and it
would result in a misplaced teleport fog in some circumstances (fog is not
in front of the player on respawn, hence "silent teleport"). so, this fix is
bug incompatible, but this only affects live multiplay.
to test:
% hget http://doomedsda.us/dm/ahfx7_2.zip | unzip -sv
extracting AHFX7_2.TXT
extracting AHFX7_2.LMP
% mv AHFX7_2.LMP ahfx7_2.lmp
% games/doom -playdemo ahfx7_2
[...]
doom 10553: suicide: sys: trap: fault read addr=0x400429e10 pc=0x205b45
KEY_F11 and KEY_F12 are not KEY_F1+11 and KEY_F1+12 as it is assumed in
runetokey(), which prevents these keystrokes from being used. rather than
change runetokey(), it seems better to just change the key definitions in
doomdef.h (the new values don't correspond to any other keys anyway).
F11 is the gamma correction key. to make gamma correction actually work,
i_video.c:I_SetPalette must also take into account usegamma (this was just
never ported). cf i_video.c:UploadNewPalette in source code release.
F12 is the spycam key. the spycam switches the renderview to a different player
during a coop game, or when watching a multiplayer demo. this feature only
changes the renderview; sounds, palette effects, status bar, etc. are still
from the first player's perspective.
a typo in st_stuff.c:ST_Responder prevents idclev (change level) cheat to work
in doom2 and final doom (gamemode == commercial): episode is set to 0, when
that's invalid, and ST_Responder just returns.
to test, while ingame type idclev, followed by:
. doom1: episode (1-3 or 1-4) then map number (1-9)
. doom2/final doom: map number (1-32)
incidentally, if the last digit typed is 1, the player's weapon will switch to
the fist, because of a different bug (basically kbdproc registering two events
when pressing a key, for 'c' and 'k' case).
this bug was introduced in the plan9 port, and since i_sound.c compiles with
no warning, it was never noticed. in effect, the statement between the
unterminated comment and the next is ignored. channelids[] is used in addsfx()
to avoid re-adding certain sounds if they are already playing. one of those is
sfx_sawful, and because of this bug, it is added again each tic during which
the player fires the chainsaw, rather than reset every tic.
compare firing the chainsaw continuously with and without the patch (without
hitting an enemy).
theres code that assumes one can dereference a char[] buffer on the stack
as a long (ghostscript gxblend.c), so make sure all automatics on the stack
are word aligned. this is not strictrly neccesary, but avoids some
trouble with unportable code.
