freebsd-nq/lib
Yaroslav Tykhiy 48aaad5fbc Our fts(3) API, as inherited from 4.4BSD, suffers from integer
fields in FTS and FTSENT structs being too narrow.  In addition,
the narrow types creep from there into fts.c.  As a result, fts(3)
consumers, e.g., find(1) or rm(1), can't handle file trees an ordinary
user can create, which can have security implications.

To fix the historic implementation of fts(3), OpenBSD and NetBSD
have already changed <fts.h> in somewhat incompatible ways, so we
are free to do so, too.  This change is a superset of changes from
the other BSDs with a few more improvements.  It doesn't touch
fts(3) functionality; it just extends integer types used by it to
match modern reality and the C standard.

Here are its points:

o For C object sizes, use size_t unless it's 100% certain that
  the object will be really small.  (Note that fts(3) can construct
  pathnames _much_ longer than PATH_MAX for its consumers.)

o Avoid the short types because on modern platforms using them
  results in larger and slower code.  Change shorts to ints as
  follows:

	- For variables than count simple, limited things like states,
	  use plain vanilla `int' as it's the type of choice in C.

	- For a limited number of bit flags use `unsigned' because signed
	  bit-wise operations are implementation-defined, i.e., unportable,
	  in C.

o For things that should be at least 64 bits wide, use long long
  and not int64_t, as the latter is an optional type.  See
  FTSENT.fts_number aka FTS.fts_bignum.  Extending fts_number `to
  satisfy future needs' is pointless because there is fts_pointer,
  which can be used to link to arbitrary data from an FTSENT.
  However, there already are fts(3) consumers that require fts_number,
  or fts_bignum, have at least 64 bits in it, so we must allow for them.

o For the tree depth, use `long'.  This is a trade-off between making
  this field too wide and allowing for 64-bit inode numbers and/or
  chain-mounted filesystems.  On the one hand, `long' is almost
  enough for 32-bit filesystems on a 32-bit platform (our ino_t is
  uint32_t now).  On the other hand, platforms with a 64-bit (or
  wider) `long' will be ready for 64-bit inode numbers, as well as
  for several 32-bit filesystems mounted one under another.  Note
  that fts_level has to be signed because -1 is a magic value for it,
  FTS_ROOTPARENTLEVEL.

o For the `nlinks' local var in fts_build(), use `long'.  The logic
  in fts_build() requires that `nlinks' be signed, but our nlink_t
  currently is uint16_t.  Therefore let's make the signed var wide
  enough to be able to represent 2^16-1 in pure C99, and even 2^32-1
  on a 64-bit platform.  Perhaps the logic should be changed just
  to use nlink_t, but it can be done later w/o breaking fts(3) ABI
  any more because `nlinks' is just a local var.

This commit also inludes supporting stuff for the fts change:

o Preserve the old versions of fts(3) functions through libc symbol
versioning because the old versions appeared in all our former releases.

o Bump __FreeBSD_version just in case.  There is a small chance that
some ill-written 3-rd party apps may fail to build or work correctly
if compiled after this change.

o Update the fts(3) manpage accordingly.  In particular, remove
references to fts_bignum, which was a FreeBSD-specific hack to work
around the too narrow types of FTSENT members.  Now fts_number is
at least 64 bits wide (long long) and fts_bignum is an undocumented
alias for fts_number kept around for compatibility reasons.  According
to Google Code Search, the only big consumers of fts_bignum are in
our own source tree, so they can be fixed easily to use fts_number.

o Mention the change in src/UPDATING.

PR:		bin/104458
Approved by:	re (quite a while ago)
Discussed with:	deischen (the symbol versioning part)
Reviewed by:	-arch (mostly silence); das (generally OK, but we didn't
		agree on some types used; assuming that no objections on
		-arch let me to stick to my opinion)
2008-01-26 17:09:40 +00:00
..
bind One more glue update for BIND 9.4.2 2007-12-02 22:21:30 +00:00
csu The __used (== __attribute__((__used)) ) silences the warning produced 2007-12-04 12:18:43 +00:00
libalias - Bump share library version which were missed in last bump 2007-06-18 18:47:54 +00:00
libarchive Track version # from the portable release. 2008-01-23 05:48:07 +00:00
libatm Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libautofs Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libbegemot Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libbluetooth Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libbsm Install getaudit_addr(2) and setaudit_addr(2) links to getaudit(2) and 2007-10-19 10:37:34 +00:00
libbsnmp - Bump share library version which were missed in last bump 2007-06-18 18:47:54 +00:00
libbz2 Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libc Our fts(3) API, as inherited from 4.4BSD, suffers from integer 2008-01-26 17:09:40 +00:00
libc_r Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libcalendar
libcam
libcom_err
libcompat Remove California Regent's clause 3, per letter 2007-01-09 01:02:06 +00:00
libcrypt Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libdevinfo
libdevstat Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libdisk Hmmm, must get reading glasses or else change the font on my terminal. That 2007-11-24 11:58:54 +00:00
libedit Merge NetBSD changes, among them: 2007-06-10 19:06:09 +00:00
libelf - Allow source descriptors with no data to be used as arguments to the 2007-11-26 03:09:33 +00:00
libexpat Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libfetch Fix a regression introduced in rev 1.99: replace fclose(f) with a comment 2008-01-23 20:57:59 +00:00
libftpio Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libgeom Remove parameter names from prototypes to avoid namespace issues. 2007-05-06 10:00:27 +00:00
libgpib Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libgssapi Make sure GSS-API mechanisms are loaded if gss_acquire_cred is called 2007-11-28 08:50:20 +00:00
libipsec Commit IPv6 support for FAST_IPSEC to the tree. 2007-07-01 12:08:08 +00:00
libipx Remove California Regent's clause 3, per letter 2007-01-09 01:02:06 +00:00
libkiconv Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libkse Remove hacks to allow libkse to export its symbols in the LIBTHREAD_1_0 2007-12-16 23:29:57 +00:00
libkvm Plug memory leaks that is observed when argbuf or argspc is used in the 2008-01-12 00:54:47 +00:00
libmagic Update for the 'file' 4.23 import. 2008-01-13 20:37:19 +00:00
libmd Use unsigned comparisons. Prior to this commit, SHA1_Update and 2007-05-14 05:00:37 +00:00
libmemstat Make pointer argument to kread_string() const since the kernel structure 2007-05-21 18:16:04 +00:00
libmilter New files in sendmail 8.14.1 2007-04-09 01:45:30 +00:00
libmp Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libncp Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libnetgraph Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libngatm Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libopie Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libpam Adjust for OpenPAM Hydrangea. 2007-12-21 12:00:16 +00:00
libpcap Update for libpcap 0.9.8 import 2007-10-16 02:10:44 +00:00
libpmc Improve style(9) compliance and trim a long text line. 2007-12-07 13:52:51 +00:00
libradius Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
librpcsvc
librt Enable symbol versioning by default. Use WITHOUT_SYMVER to disable it. 2007-05-13 14:12:40 +00:00
libsbuf
libsdp Fix bug in handling SDP continuation state. 2007-11-16 15:13:12 +00:00
libsm New files in sendmail 8.14.1 2007-04-09 01:45:30 +00:00
libsmb Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libsmdb
libsmutil
libstand Fix logical bug in the bzip2 reading code, which results in bogus EIO 2007-12-18 01:50:49 +00:00
libtacplus Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libtelnet
libthr SYSTEM_SCOPE_ONLY flag is no longer needed, it is the only mode libthr 2008-01-18 04:29:36 +00:00
libthread_db Add arm support in libthread_db. 2007-11-17 21:27:53 +00:00
libufs Add a berase() function which uses ioctl(DIOCGDELETE) to erase a slab 2007-12-16 18:02:37 +00:00
libugidfw Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libusbhid Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libutil Put back the openpty(3) and ptsname(3) fixes but don't disable ptsname(3) 2008-01-15 15:36:23 +00:00
libvgl Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libwrap Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
liby Remove California Regent's clause 3, per letter 2007-01-09 01:02:06 +00:00
libypclnt Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00
libz
msun Fix a harmless type error in 1.9. 2008-01-25 21:09:21 +00:00
ncurses - Update build glue for 5.6-20071222 2007-12-30 11:17:40 +00:00
Makefile - Fix setting of MK_GSSAPI option by bsd.own.mk; its value should 2007-12-12 16:39:32 +00:00
Makefile.inc Bump library versions in preparation for 7.0. 2007-05-21 02:49:08 +00:00