GitLab

This makes life easier for people who want to package snapshots
of a git branch. They must provide their own serno.h in this
case, containing also, perhaps, the date the snapshot was
downloaded or such.

- Remove a few levels of indentation by swapping the following approach:

  < Try to enable LTO >
  if (that succeeded) {
    < Try to enable some sanitizers >
    if (one of those succeeded) {
      AC_DEFINE(...)
    } else {
      AC_MSG_FAILURE(...)
    }
  } else {
    AC_MSG_FAILURE(...)
  }

  ... for this equivalent approach instead:

  < Try to enable LTO >
  if (that failed) {
    AC_MSG_FAILURE(...)
  }
  < Try to enable some sanitizers >
  If (none of those succeeded) {
    AC_MSG_FAILURE(...)
  }
  AC_DEFINE(...)

  This is equivalent because AC_MSG_FAILURE terminates the script

- Add support for -fsanitize=bounds

  This enables some checks not enabled by -fsanitize=undefined on Clang

- Add support for falling back to individual undefined behaviour
  sanitizers if the compiler does not support -fsanitize=undefined

  This may seem pointless, but it may benefit older compilers, and
  compilers that are not GCC or Clang.

- Adjust the compiler sanitizers driver to take the name of a sanitizer
  rather than its whole -fsanitize= option. Use this to collect a list
  of enabled sanitizers and report it in the output of ./configure

- Clone the repository first

  This is likely to be much faster than downloading the dependencies,
  which will result in the job aborting much earlier and wasting less
  data if for some reason the clone cannot succeed

- Remove a pointless single-valued option from the build matrix

This more closely aligns it with the Coverity Scan action.

GitHub is throwing an incredibly vague and non-specific "No such file or
directory" error when trying to start this job.

I have no idea why.

Remove all the fancy bells and whistles.

Allow it to be scheduled manually.

A frequent complaint we receive is that serno.h is missing. This turns
out to be users downloading release tarballs from GitHub, which does
not include the .git directory, thus making the target for serno.h
fail.

Detect whether .git/ exists; reference GIT-Access.txt then. Otherwise,
this must be a release tarball, so see if it has a pre-supplied serno.h
and error if not (this could only be caused by downloading a GitHub
source code link instead of an asset/release tarball).

Also tidy up mkserno.sh a bit. It still can't use git-describe(1) on
this branch (lack of recent tags), but will be made to do so on release
branches.

Thanks to ilbelkyr for the idea (pointing out that the sourcecode links
on GitHub don't include the .git/ directory, making it possible to
distinguish between that and git-clone(1)).

This was overlooked when backporting this module from contrib/.

- Don't let autoconf add "-O2 -g" to the CFLAGS variable. Detect
  optimisations automatically (if sanitizers are not enabled) or
  explicitly disable them (if they are). Detect debugging flags
  automatically, preferring DWARF, then GDB, then regular -g as
  autoconf does. This allows more accurate debugging when supported
  by the toolchain. Allow debugging symbols to be disabled; enable
  them by default.

- When requested to enable compiler sanitizers, bail out with an
  error when they cannot be enabled. Update the comment on
  ATHEME_ENABLE_COMPILER_SANITIZERS to reflect that sanitizers are
  enabled; rather than just the configure argument given.

- Move the logic for testing CFLAGS / CPPFLAGS / LDFLAGS / some
  combination of them to a dedicated separate file. Tidy up those
  functions to use the same M4sh coding style as the other files.
  Explicitly provide a program with both a header and main body when
  doing compiler and linker tests. Use a unified function and variable
  name scheme.

- Rewrite the compiler sanitizers driver function to use the new
  combined compiler and linker test logic.

- Update the comment in the compiler sanitizers feature file to explain
  why we are trying to enable LTO (Clang sanitizers require it).

- Clean up temporary _SAVED variables at the end of function execution
  in various feature and library tests.

- Remove 2 unsubstituted and unused variables from extra.mk.in.

- Support the -Wa,--noexecstack flag to the compiler and linker; enable
  it by default.

The web UI truncates excessively long version fields; 20 characters
is more than long enough, and is already what we use in e.g. serno.h.

curl(1) reads this file for the value of the 'version' form field.
We should not be submitting a field with a newline character in it.

We were calling fcntl(2) F_SETFD without first obtaining the current
file descriptor flags with F_GETFD. Furthermore, we were not checking
the return value of the F_SETFD operation. Now we obtain the current
flags to bitwise-OR FD_CLOEXEC them with, and we warn if the operation
fails.

However, it would be better if we didn't have to try to call it in the
first place, so try opening the file descriptor with the O_CLOEXEC flag
first, which is safer too.

While we're at it, make sure that the log file doesn't end up being
world-readable if services' umask is not sufficient to prevent this.

Identified by Coverity Scan.

We cannot (safely) assign the address of this block-scope buffer to a
function-scope variable and then use it after the block ends.

Identified by Coverity Scan.

Identified by Coverity Scan.

We should check if getpeername(2) fails, and we must use inet_ntop(3)
properly.

Previously the code assumed that "(struct sockaddr_in *)->sin_addr" and
"(struct sockaddr_in6 *)->sin6_addr" both started at the same offset.

While we're at it, use the proper "struct sockaddr_storage" type for
passing to inet_pton(3), capable of holding any kind of sockaddr
structure, and remove it from `struct connection', as it was not
referenced anywhere. Also remove some unused macros and the now-unused
sockaddr_any union.

Finally, remove the non-blocking invocation from connection_open_tcp();
this prevents getpeername(2) from functioning alltogether (the socket
is not yet connected). connection_add() itself sets the socket non-
blocking.

Identified by Coverity Scan.

From setsockopt(2):

    Most socket-level options utilize an int argument for optval. For
    setsockopt(2), the argument should be non-zero to enable a boolean
    option, or zero if the option is to be disabled. For a description
    of the available socket options see socket(7) and the appropriate
    protocol man pages.

From socket(7):

    The socket options listed below can be set by using setsockopt(2)
    and read with getsockopt(2) with the socket level set to SOL_SOCKET
    for all sockets. Unless otherwise noted, optval is a pointer to an
    int.

    SO_REUSEADDR
        Indicates that the rules used in validating addresses supplied
        in a bind(2) call should allow reuse of local addresses. For
        AF_INET sockets this means that a socket may bind, except when
        there is an active listening socket bound to the address. When
        the listening socket is bound to INADDR_ANY with a specific port
        then it is not possible to bind to this port for any local
        address. Argument is an integer boolean flag.

Therefore, the argument must be a pointer to int. Further, check the
return value of setsockopt(2) to ensure that it succeeds.

Identified by Coverity Scan.

From setsockopt(2):

    Most socket-level options utilize an int argument for optval. For
    setsockopt(2), the argument should be non-zero to enable a boolean
    option, or zero if the option is to be disabled. For a description
    of the available socket options see socket(7) and the appropriate
    protocol man pages.

From socket(7):

    The socket options listed below can be set by using setsockopt(2)
    and read with getsockopt(2) with the socket level set to SOL_SOCKET
    for all sockets. Unless otherwise noted, optval is a pointer to an
    int.

    SO_REUSEADDR
        Indicates that the rules used in validating addresses supplied
        in a bind(2) call should allow reuse of local addresses. For
        AF_INET sockets this means that a socket may bind, except when
        there is an active listening socket bound to the address. When
        the listening socket is bound to INADDR_ANY with a specific port
        then it is not possible to bind to this port for any local
        address. Argument is an integer boolean flag.

Therefore, the argument must be a pointer to int. Further, check the
return value of setsockopt(2) to ensure that it succeeds.

Identified by Coverity Scan.

Code above this already tests if si->v is NULL; indicating that it can
be NULL (and it can be). Therefore, check if it's NULL again before
attempting to dereference it again.

At present this cannot be the case, but guard against it anyway, making
sure to fill the result buffer with something in any case.

Identified by Coverity Scan.

Code above this already tests if si->v is NULL; indicating that it can
be NULL (and it can be). Therefore, check if it's NULL again before
attempting to dereference it again.

At present this cannot be the case, but guard against it anyway, making
sure to fill the result buffer with something in any case.

Identified by Coverity Scan.

Code above this already tests if si->v is NULL; indicating that it can
be NULL (and it can be). Therefore, check if it's NULL again before
attempting to dereference it again.

At present this cannot be the case, but guard against it anyway, making
sure to fill the result buffer with something in any case.

Identified by Coverity Scan.

Code above this already tests if si->v is NULL; indicating that it can
be NULL (and it can be). Therefore, check if it's NULL again before
attempting to dereference it again.

At present this cannot be the case, but guard against it anyway, making
sure to fill the result buffer with something in any case.

Identified by Coverity Scan.

These modules would not check whether the target channel existed
ircd-side, instead failing on their chanuser_find call and causing an
assertion failure. Add a proper check instead.

This is a follow-up to PR #745 to make the added bit in the example
configuration follow the style as since adjusted on the master branch.

Reloading this module causes services to segfault because the
PERL_SYS_INIT3() macro should only be called once during the entire
lifetime of the process [1]. Allowing it to be unloaded thus carries the
risk that it will be reloaded (or, at a later date, loaded again).

I tried to (ab)use Mowgli's global storage API to only call it once
(regardless of how many times it's loaded), and to not call the
PERL_SYS_TERM() macro at all, but this only lead to a different crash on
reload: trying to allocate a little less than 100 TiB of memory (!).

If a Perl expert comes along and weighs in, this commit can be reverted
and the underlying problem fixed. Nonetheless, libperl did exhibit *dozens*
of uses of unintialized data on reload (confirmed by valgrind), followed by
a segmentation fault even if we skip calling PERL_SYS_INIT3() again
(because, naturally, such a large allocation will usually return NULL, and
it apparently doesn't deal with that).

[1] https://perldoc.perl.org/perlembed

(spotted by @aaronmdjones)

This avoids having to dynamically allocate the node (as suggested during
review of PR #765).

See discussion on PR #765 for details.

- Recommend an explicit directory name for the clone, to avoid cloning
  into ~/atheme/ if the user runs the `git clone` operation in their
  home directory. Atheme defaults to installing to ~/atheme/, and you
  cannot install Atheme to its source directory. [1]

- Recommend the use of the `--recursive` option to `git clone` in
  `README.md`, as it was already recommended in `GIT-Access.txt`. [1]

- Provide alternative command sequences for people who have very old
  versions of git, which may not even support the `--init` option of
  `git submodule update`, let alone the `--recursive` option of
  `git clone`.

- Quote a filesystem path.

- Tidy up the more information section in the bottom of `README.md`.

[1] Suggested by GitHub user @PeGaSuS-Coder in PR #764

Closes #764