| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
some [ implementation will warn about "bad number"
|
|
|
|
it's used only to parse the -p flag. While there add check_port_num
to check the range for the port.
|
|
|
|
it causes a cascade of warnings on some architectures. Also, for what
we're doing here, the signed/unsigned property isn't important.
|
|
|
|
* expand $-macros as string, only the new @-macros get expanded as-is
* rollback changes to characters allowed in bare strings
* optional semicolons in optnl, useful for readable @-macros
|
|
This allows to solve the problem with the \n in the grammar (before
two following macro declaration were treated as invalid. This also
brings in a nice `include' keyword.
|
|
|
|
|
|
and while there sort the list of disallowed rules.
|
|
|
|
Given that env/param are new features of this release, no support for
the "old" syntax is needed.
|
|
In the same spite of the last commit, add the missing separators
between strings to avoid the auto-concat pitfalls. `=>' is used to
separate between `env' and `param' arguments, while for `fastcgi' the
keyword `port' is required between the hostname/ip address and the
port (if provided).
Since `env', `param' and `fastcgi' are all new stuff, there's no need
to keep compatibility.
|
|
|
|
With the newish automatic string concatenation, options like `mime'
that accepts two strings as parameter start to become ambiguous: which
strings gets concatenated? Instead of trying to document in the
manpage which argument(s) is subject to string concatenation, do the
concat always and introduce a separator. In the case of mime,
`to-ext' now acts as a separator to distinguish. While there, also
use a new keyword because it sounds better.
It's dead-easy to upgrade to the new configuration, possibly with some
sed magic, but for the moment the old `mime' form is preserved: (with
a warning!) Will be dropped in the next release.
|
|
not that it's a bottleneck, but it's fancier this way.
|
|
Setting the environment variable SKIP_RUNTIME_TESTS to 1 will prevent
the runtime tests. This is useful when running the tests inside a
sandbox.
based on a similar diff by Anna "CyberTailor"
|
|
|
|
|
|
|
|
OpenBSD accept it, but FreeBSD disallows it. PF_UNSPEC (or 0) should
be used instead. The FastCGI bit in the regress suite still doesn't
work on FreeBSD, but at least now it starts.
|
|
make sure we always close every fd in every possible code path; while
there, also add a log_err if fork(2) failed.
|
|
|
|
|
|
Initialize the logger as soon as possible and log by default to
stderr. With this, some (common?) errors are printed early instead of
ending up in syslog.
# NB: this is in configless mode
% ./gmid -p 80
[2021-07-07 11:05:57] bind: Address already in use
% ./gmid -p 81
[2021-07-07 11:13:53] bind: Permission denied
%
|
|
|
|
patch from Anna "CyberTailor"
It's handy for helpers like ebuild's use_enable.
(the sandbox is still always enabled by default)
|
|
patch from Anna "CyberTailor"
|
|
Initial patch from Anna "CyberTailor", tweaked by me (drop guessing_*
and always append CFLAGS)
|
|
|
|
but still try to autodetect with pkg-config if they aren't provided.
Passing CFLAGS/LDFLAGS from the command line will still override the
guessed ones.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
we need to delete the events associated with the backends, otherwise
the server process won't ever quit.
Here, we add a pending counter to every backend and shut down
immediately if they aren't handling any client; otherwise we try to
close them as soon as possible (i.e. when they close the connection to
the last connected client.)
|
|
our stderr could have been sent to the logger process, so it may be
invalid. Furthermore, in the future we may want to capture also the
stderr of the processes.
|
|
otherwise path, port and/or prog could become an invalid pointer.
|
|
|
|
before we matched ppc64le as ppc64 (which is big ending I presume), so
the seccomp filter would always kill gmid
#4 related
|
|
`printf | openssl` is ugly :/
|
|
Calling `configure' with --disable-sandbox will disable the sandbox
support *completely* at compile time. gmid will still complain at
compile time and during the startup.
Users shouldn't disable the sandbox if possible, but instead report
problem upstream so they get fixed (hopefully.)
#4 related
|
|
* SECCOMP_AUDIT_ARCH extended to support more architectures
* relax fcntl policy: allow the syscall regardless of the flags
* wrap every syscall in a ifdef, and add some (statx, fcntl64, ...)
used in x86
Some bits were taken from dhcpcd[0], thanks!
#4 related
[0]: https://roy.marples.name/git/dhcpcd/blob/HEAD:/src/privsep-linux.c
|
|
While one can define a macro using a reserved word as name using
-Dname=val, inside the configuration file it'll fail.
|
|
|
