- 02 Mar, 2021 2 commits
-
-
Aaron Jones authored
This makes life easier for people who want to package snapshots of a git branch. They must provide their own serno.h in this case, containing also, perhaps, the date the snapshot was downloaded or such.
-
Aaron Jones authored
- Remove a few levels of indentation by swapping the following approach: < Try to enable LTO > if (that succeeded) { < Try to enable some sanitizers > if (one of those succeeded) { AC_DEFINE(...) } else { AC_MSG_FAILURE(...) } } else { AC_MSG_FAILURE(...) } ... for this equivalent approach instead: < Try to enable LTO > if (that failed) { AC_MSG_FAILURE(...) } < Try to enable some sanitizers > If (none of those succeeded) { AC_MSG_FAILURE(...) } AC_DEFINE(...) This is equivalent because AC_MSG_FAILURE terminates the script - Add support for -fsanitize=bounds This enables some checks not enabled by -fsanitize=undefined on Clang - Add support for falling back to individual undefined behaviour sanitizers if the compiler does not support -fsanitize=undefined This may seem pointless, but it may benefit older compilers, and compilers that are not GCC or Clang. - Adjust the compiler sanitizers driver to take the name of a sanitizer rather than its whole -fsanitize= option. Use this to collect a list of enabled sanitizers and report it in the output of ./configure
-
- 01 Mar, 2021 4 commits
-
-
Aaron Jones authored
- Clone the repository first This is likely to be much faster than downloading the dependencies, which will result in the job aborting much earlier and wasting less data if for some reason the clone cannot succeed - Remove a pointless single-valued option from the build matrix This more closely aligns it with the Coverity Scan action.
-
Aaron Jones authored
GitHub is throwing an incredibly vague and non-specific "No such file or directory" error when trying to start this job. I have no idea why. Remove all the fancy bells and whistles. Allow it to be scheduled manually.
-
Aaron Jones authored
-
Nicole Kleinhoff authored
-
- 28 Feb, 2021 2 commits
-
-
Aaron Jones authored
A frequent complaint we receive is that serno.h is missing. This turns out to be users downloading release tarballs from GitHub, which does not include the .git directory, thus making the target for serno.h fail. Detect whether .git/ exists; reference GIT-Access.txt then. Otherwise, this must be a release tarball, so see if it has a pre-supplied serno.h and error if not (this could only be caused by downloading a GitHub source code link instead of an asset/release tarball). Also tidy up mkserno.sh a bit. It still can't use git-describe(1) on this branch (lack of recent tags), but will be made to do so on release branches. Thanks to ilbelkyr for the idea (pointing out that the sourcecode links on GitHub don't include the .git/ directory, making it possible to distinguish between that and git-clone(1)).
-
Aaron Jones authored
This was overlooked when backporting this module from contrib/.
-
- 27 Feb, 2021 14 commits
-
-
Aaron Jones authored
- Don't let autoconf add "-O2 -g" to the CFLAGS variable. Detect optimisations automatically (if sanitizers are not enabled) or explicitly disable them (if they are). Detect debugging flags automatically, preferring DWARF, then GDB, then regular -g as autoconf does. This allows more accurate debugging when supported by the toolchain. Allow debugging symbols to be disabled; enable them by default. - When requested to enable compiler sanitizers, bail out with an error when they cannot be enabled. Update the comment on ATHEME_ENABLE_COMPILER_SANITIZERS to reflect that sanitizers are enabled; rather than just the configure argument given. - Move the logic for testing CFLAGS / CPPFLAGS / LDFLAGS / some combination of them to a dedicated separate file. Tidy up those functions to use the same M4sh coding style as the other files. Explicitly provide a program with both a header and main body when doing compiler and linker tests. Use a unified function and variable name scheme. - Rewrite the compiler sanitizers driver function to use the new combined compiler and linker test logic. - Update the comment in the compiler sanitizers feature file to explain why we are trying to enable LTO (Clang sanitizers require it). - Clean up temporary _SAVED variables at the end of function execution in various feature and library tests. - Remove 2 unsubstituted and unused variables from extra.mk.in. - Support the -Wa,--noexecstack flag to the compiler and linker; enable it by default.
-
Aaron Jones authored
The web UI truncates excessively long version fields; 20 characters is more than long enough, and is already what we use in e.g. serno.h.
-
Aaron Jones authored
curl(1) reads this file for the value of the 'version' form field. We should not be submitting a field with a newline character in it.
-
Aaron Jones authored
-
Aaron Jones authored
We were calling fcntl(2) F_SETFD without first obtaining the current file descriptor flags with F_GETFD. Furthermore, we were not checking the return value of the F_SETFD operation. Now we obtain the current flags to bitwise-OR FD_CLOEXEC them with, and we warn if the operation fails. However, it would be better if we didn't have to try to call it in the first place, so try opening the file descriptor with the O_CLOEXEC flag first, which is safer too. While we're at it, make sure that the log file doesn't end up being world-readable if services' umask is not sufficient to prevent this. Identified by Coverity Scan.
-
Aaron Jones authored
We cannot (safely) assign the address of this block-scope buffer to a function-scope variable and then use it after the block ends. Identified by Coverity Scan.
-
Aaron Jones authored
Identified by Coverity Scan.
-
Aaron Jones authored
We should check if getpeername(2) fails, and we must use inet_ntop(3) properly. Previously the code assumed that "(struct sockaddr_in *)->sin_addr" and "(struct sockaddr_in6 *)->sin6_addr" both started at the same offset. While we're at it, use the proper "struct sockaddr_storage" type for passing to inet_pton(3), capable of holding any kind of sockaddr structure, and remove it from `struct connection', as it was not referenced anywhere. Also remove some unused macros and the now-unused sockaddr_any union. Finally, remove the non-blocking invocation from connection_open_tcp(); this prevents getpeername(2) from functioning alltogether (the socket is not yet connected). connection_add() itself sets the socket non- blocking. Identified by Coverity Scan.
-
Aaron Jones authored
From setsockopt(2): Most socket-level options utilize an int argument for optval. For setsockopt(2), the argument should be non-zero to enable a boolean option, or zero if the option is to be disabled. For a description of the available socket options see socket(7) and the appropriate protocol man pages. From socket(7): The socket options listed below can be set by using setsockopt(2) and read with getsockopt(2) with the socket level set to SOL_SOCKET for all sockets. Unless otherwise noted, optval is a pointer to an int. SO_REUSEADDR Indicates that the rules used in validating addresses supplied in a bind(2) call should allow reuse of local addresses. For AF_INET sockets this means that a socket may bind, except when there is an active listening socket bound to the address. When the listening socket is bound to INADDR_ANY with a specific port then it is not possible to bind to this port for any local address. Argument is an integer boolean flag. Therefore, the argument must be a pointer to int. Further, check the return value of setsockopt(2) to ensure that it succeeds. Identified by Coverity Scan.
-
Aaron Jones authored
From setsockopt(2): Most socket-level options utilize an int argument for optval. For setsockopt(2), the argument should be non-zero to enable a boolean option, or zero if the option is to be disabled. For a description of the available socket options see socket(7) and the appropriate protocol man pages. From socket(7): The socket options listed below can be set by using setsockopt(2) and read with getsockopt(2) with the socket level set to SOL_SOCKET for all sockets. Unless otherwise noted, optval is a pointer to an int. SO_REUSEADDR Indicates that the rules used in validating addresses supplied in a bind(2) call should allow reuse of local addresses. For AF_INET sockets this means that a socket may bind, except when there is an active listening socket bound to the address. When the listening socket is bound to INADDR_ANY with a specific port then it is not possible to bind to this port for any local address. Argument is an integer boolean flag. Therefore, the argument must be a pointer to int. Further, check the return value of setsockopt(2) to ensure that it succeeds. Identified by Coverity Scan.
-
Aaron Jones authored
Code above this already tests if si->v is NULL; indicating that it can be NULL (and it can be). Therefore, check if it's NULL again before attempting to dereference it again. At present this cannot be the case, but guard against it anyway, making sure to fill the result buffer with something in any case. Identified by Coverity Scan.
-
Aaron Jones authored
Code above this already tests if si->v is NULL; indicating that it can be NULL (and it can be). Therefore, check if it's NULL again before attempting to dereference it again. At present this cannot be the case, but guard against it anyway, making sure to fill the result buffer with something in any case. Identified by Coverity Scan.
-
Aaron Jones authored
Code above this already tests if si->v is NULL; indicating that it can be NULL (and it can be). Therefore, check if it's NULL again before attempting to dereference it again. At present this cannot be the case, but guard against it anyway, making sure to fill the result buffer with something in any case. Identified by Coverity Scan.
-
Aaron Jones authored
Code above this already tests if si->v is NULL; indicating that it can be NULL (and it can be). Therefore, check if it's NULL again before attempting to dereference it again. At present this cannot be the case, but guard against it anyway, making sure to fill the result buffer with something in any case. Identified by Coverity Scan.
-
- 26 Feb, 2021 7 commits
-
-
Nicole Kleinhoff authored
These modules would not check whether the target channel existed ircd-side, instead failing on their chanuser_find call and causing an assertion failure. Add a proper check instead.
-
Aaron Jones authored
-
Aaron Jones authored
-
Aaron Jones authored
-
Aaron Jones authored
-
Aaron Jones authored
-
Aaron Jones authored
-
- 24 Feb, 2021 2 commits
-
-
Nicole Kleinhoff authored
This is a follow-up to PR #745 to make the added bit in the example configuration follow the style as since adjusted on the master branch.
-
Nicole Kleinhoff authored
-
- 23 Feb, 2021 2 commits
-
-
Nicole Kleinhoff authored
-
Nicole Kleinhoff authored
-
- 22 Feb, 2021 6 commits
-
-
Aaron Jones authored
Reloading this module causes services to segfault because the PERL_SYS_INIT3() macro should only be called once during the entire lifetime of the process [1]. Allowing it to be unloaded thus carries the risk that it will be reloaded (or, at a later date, loaded again). I tried to (ab)use Mowgli's global storage API to only call it once (regardless of how many times it's loaded), and to not call the PERL_SYS_TERM() macro at all, but this only lead to a different crash on reload: trying to allocate a little less than 100 TiB of memory (!). If a Perl expert comes along and weighs in, this commit can be reverted and the underlying problem fixed. Nonetheless, libperl did exhibit *dozens* of uses of unintialized data on reload (confirmed by valgrind), followed by a segmentation fault even if we skip calling PERL_SYS_INIT3() again (because, naturally, such a large allocation will usually return NULL, and it apparently doesn't deal with that). [1] https://perldoc.perl.org/perlembed
-
Aaron Jones authored
-
Aaron Jones authored
-
Nicole Kleinhoff authored
(spotted by @aaronmdjones)
-
Nicole Kleinhoff authored
This avoids having to dynamically allocate the node (as suggested during review of PR #765).
-
Nicole Kleinhoff authored
See discussion on PR #765 for details.
-
- 21 Feb, 2021 1 commit
-
-
Aaron Jones authored
- Recommend an explicit directory name for the clone, to avoid cloning into ~/atheme/ if the user runs the `git clone` operation in their home directory. Atheme defaults to installing to ~/atheme/, and you cannot install Atheme to its source directory. [1] - Recommend the use of the `--recursive` option to `git clone` in `README.md`, as it was already recommended in `GIT-Access.txt`. [1] - Provide alternative command sequences for people who have very old versions of git, which may not even support the `--init` option of `git submodule update`, let alone the `--recursive` option of `git clone`. - Quote a filesystem path. - Tidy up the more information section in the bottom of `README.md`. [1] Suggested by GitHub user @PeGaSuS-Coder in PR #764 Closes #764
-