try the handle buffer in reverse order looking for plan9.ini
to find plan9 partition (9fat). when that fails, we'll default
to the first handle which should be the esp.
there where two problems with blank (-b flag):
we did not update the backup header when there was already a valid
backup header in place. we always want to initialize a new backup header
in blank mode!
we now also check the backup header matches the primary (or the other
way arround depending on which header could be read), reporting any
mismatches and restoring the backup from the data of the primary.
the protective mbr needs to start at sector 1 not 0 (apparently, this
matters for ovmf).
care has to be taken when splitting the host into SERVER_NAME and SERVER_PORT,
as ipv6 uses : in the host part. also do it consistently, the host can be set
thru the request uri and the host header.
set REMOTE_USER to empty string to prevent accidents.
we do not handle chunked transfer encoding, just assuming the client doesnt
do keep alive is wrong. we have to reject the post when the client tries
chunked post with 411 "Length required" error.
efi systems may use traditional dos partition table
with an esp (efi system partition). otherwise, honor
the protective mbr partition (0xEE) and exit when we
encounter it.
- make sure disk file is an actual file and not a directory, log or empty file
- sanity check: file has to be at least one sector to be a disk
- simplify error handling using freedisk()
- make UU() shorter by using long long constant to encode node field
- store Flag as a mask, not as a shift count
- put the attributes before the name in cmdsum() as it is fixed length
often, documents specify charsets but are really utf-8 encoded.
we now try to decode as utf-8 and only if that fails assume
the charset specified in the document.
make digest_certinfo() return the digest length, otherwise
return -1 as an error and handle it in the callers.
pass expected digest length to verify_signature() and
check digest length from certificate! make sure we wont
run off the buffer.
fix newlines in error prints of X509dump().
this implements SHA2 (224, 256, 384, 512) signature algorithms and
uses sha256WithRSAEncryption for X509req() and X509gen() instead
of oid_md5WithRSAEncryption.
the compiler used to skip zero initialization when initializer
list was given not covering unspecified elements. now we zero
all non explicitely initialized elements. for example:
typedef struct F F;
struct F
{
int a;
int b;
int c;
};
void
main(void)
{
char a[16] = { 1, 2, 3 }; /* a[3..15] initialized to zero */
F f = { .b = 1 }; /* f.a, f.c initialized to zero */
}
the emited code that initializes local variables did not handle
unaligned data causing stack corruption, affecting code like:
void main(void)
{
char a[9] = {0};
}
this change will emit code that does byte stores for the unaligned
bytes and also handles small objects (<= 16 bytes) without branches.
tlsClient() now can optionally send the server_name in the ClientHello
message by setting the TLSconn.serverName. This is required for some
https sites.