Revert r330897:

This was intended to be a non-functional change. It wasn't. The commit
message was thus wrong. In addition it broke arm, and merged crypto
related code.

Revert with prejudice.

This revert skips files touched in r316370 since that commit was since
MFCed. This revert also skips files that require $FreeBSD$ property
changes.

Thank you to those who helped me get out of this mess including but not
limited to gonzo, kevans, rgrimes.

Requested by: gjb (re)

Partial merge of the SPDX changes

These changes are incomplete but are making it difficult
to determine what other changes can/should be merged.

No objections from: pfg

Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle.
Prune svn:mergeinfo from the new branch, as nothing has been merged
here.

Additional commits post-branch will follow.

Approved by: re (implicit)
Sponsored by: The FreeBSD Foundation

Add mkostemp() and mkostemps().

These are like mkstemp() and mkstemps() but allow passing open(2) flags like
O_CLOEXEC.

Convert libc/stdio from K&R to ANSI C

And add '__restrict' where it appeared in the header prototypes

Renumber clauses to reduce diffs to other versions

NetBSD, OpenBSD, and Android's Bionic all number the clauses 1 through 3,
so follow suit to make comparison easier.

Acked-by: imp@

In _gettemp(), check that the length of the path doesn't exceed
MAXPATHLEN. Otherwise the path name (or part of it) may not fit to
carrybuf causing a buffer overflow.

PR: bin/140228
Suggested by: jilles

Fix a few bugs with the _gettemp() routine which implements mkstemp(),
mkstemps(), and mkdtemp().
- Add proper range checking for the 'slen' parameter passed to mkstemps().
- Try all possible permutations of a template if a collision is encountered.
Previously, once a single template character reached 'z', it would not wrap
around to '0' and keep going until it encountered the original starting
letter. In the edge case that the randomly generated starting name used
all 'z' characters, only that single name would be tried before giving up.

PR: standards/66531
Submitted by: Jim Luther
Obtained from: Apple
MFC after: 1 week

Use arc4random_uniform(3) since modulo size is not power of 2

Per Regents of the University of Calfornia letter, remove advertising
clause.

# If I've done so improperly on a file, please let me know.

Eliminate 61 warnings emitted at WARNS=2 (leaving 53 to go).
Only warnings that could be fixed without changing the generated object
code and without restructuring the source code have been handled.

Reviewed by: /sbin/md5

Correct a check for NUL.

Spotted by: bde

- Move the loop conditional into the "for" header.
- Remove redundant "? :" construct.
style(9):
- Place a space after return statements.
- Compare pointers to NULL.
- Do not use ! to compare a character to nul.

Avoid wandering over the beginning of the actual buffer
if the passed template string contains only 'X' characters.

Submitted by: Mark Andrews <marka@isc.org> (patch modified)
PR: 38402

Fix the style of the SCM ID's.
I believe have made all of libc .c's as consistent as possible.

Remove __P() usage.

Remove 'register' keyword.

Remove _THREAD_SAFE and make libc thread-safe by default by
adding (weak definitions to) stubs for some of the pthread
functions. If the threads library is linked in, the real
pthread functions will pulled in.

Use the following convention for system calls wrapped by the
threads library:
__sys_foo - actual system call
_foo - weak definition to __sys_foo
foo - weak definition to __sys_foo

Change all libc uses of system calls wrapped by the threads
library from foo to _foo. In order to define the prototypes
for _foo(), we introduce namespace.h and un-namespace.h
(suggested by bde). All files that need to reference these
system calls, should include namespace.h before any standard
includes, then include un-namespace.h after the standard
includes and before any local includes. <db.h> is an exception
and shouldn't be included in between namespace.h and
un-namespace.h namespace.h will define foo to _foo, and
un-namespace.h will undefine foo.

Try to eliminate some of the recursive calls to MT-safe
functions in libc/stdio in preparation for adding a mutex
to FILE. We have recursive mutexes, but would like to avoid
using them if possible.

Remove uneeded includes of <errno.h> from a few files.

Add $FreeBSD$ to a few files in order to pass commitprep.

Approved by: -arch

Increase the size of the mktemp() filename space by dropping the PID from
the encoding and using the character set [a-zA-Z0-9]. This gives a total
of 62^6 = 56800235584 possible temporary filenames for the usual default
invocation of 6 X's (compared to as few as 52 possibilities for the
previous algorithm where up to 5 characters were wasted by the PID).

Update some apparently bitrotten comments to reflect reality.

Audited by: eivind, freebsd-audit
Reviewed by: freebsd-current (a while ago)
Originally submitted by: Peter Jeremy <Peter.Jeremy@alcatel.com.au>

Simplify sytem call renaming. Instead of _foo() <-- _libc_foo <-- foo(),
just use _foo() <-- foo(). In the case of a libpthread that doesn't do
call conversion (such as linuxthreads and our upcoming libpthread), this
is adequate. In the case of libc_r, we still need three names, which are
now _thread_sys_foo() <-- _foo() <-- foo().

Convert all internal libc usage of: aio_suspend(), close(), fsync(), msync(),
nanosleep(), open(), fcntl(), read(), and write() to _foo() instead of foo().

Remove all internal libc usage of: creat(), pause(), sleep(), system(),
tcdrain(), wait(), and waitpid().

Make thread cancellation fully POSIX-compliant.

Suggested by: deischen

Add three-tier symbol naming in support of POSIX thread cancellation
points. For library functions, the pattern is __sleep() <--
_libc_sleep() <-- sleep(). The arrows represent weak aliases. For
system calls, the pattern is _read() <-- _libc_read() <-- read().

While comparing this with OpenBSD (ie: trying to figure out what mkstemps()
is good for... :-)), I discovered that part of the change when mkstemps()
was brought in was missed - it was missing the termination case to make
sure it doesn't walk into the suffix. This isn't the same code OpenBSD
has, I think this is a little better as we terminate the loop in a better
spot.

Add unsigned char cast to isdigit

Remove UNSAFE_WARN ifdef for mktemp warning (never defined)
Use _mktemp internally

$Id$ -> $FreeBSD$

Add mkstemps from OpenBSD. This has been in my tree for months and
hasn't caused any problems until the egcs import. This fix breaks the
world build, but my very next commit will remove mkstemps from the
egcs build.

Revert last change. mkstemp() wasn't to blame, it's nvi. However,
mkstemp() is not behaving as documented.

Stop mk*temp() from being pathologically stupid in the face of a umask(0);
There are other ways to fix this than wrapping _gettemp(), but this was
the most convenient.

Discovered by: bde

Fix a nasty flaw as a result of using the arc4random() pre-seeding of
leading XXX's. It could wrap an uppercase character through chars
like: [ \ ] ^ _ ` in between Z and a. The backslash and back tick
might be particularly nasty in a shell script context. Also, since
we've been using upper-case generated values for a while now, go with
the flow and use them in the pathname search rotation.

Fixed uninitialized pointer in previous commit. mktemp() was broken.
I noticed cvs core dumps and uncleaned cvs temporary files in /tmp.

Fixed ANSIisms.

Many security improvements from OpenBSD:
implement mkdtemp
improve man page for mk*temp
use arc4random to seed extra XXX's randomly
Optionally warn of unsafe mktemp uses
From various commits by theo de raadt and Todd Miller.
Obtained from: OpenBSD

This should go into 2.2 after a testing period.

Fix race
Obtained from: Keith Bostic

Revert $FreeBSD$ to $Id$

Make the long-awaited change from $Id$ to $FreeBSD$

This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.

Suggested by: Bruce Evans, Jeffrey Hsu, Gary Palmer

Added $Id$'s to files that were lacking them (gpalmer), made some
cosmetic changes to conform to style guidelines (bde) and checked
against NetBSD and Lite2 to remove unnecessary divergences (hsu, bde)

One last code cleanup:-

Removed spurious casts in fseek.c and stdio.c.
Added missing function argument in fwalk.c.
Added missing header include in flags.c and rget.c.
Put in casts where int's were being passed as size_t's.
Put in missing prototypes for static functions.
Changed second args of __sflags() inflags.c and writehook() in vasprintf.c
from char * to const char * to conform to prototypes.

This directory now compiles with no warnings with -Wall under
gcc-2.6.3 and with considerably less warnings than before with the
ultra-pedantic script I used for testing. (Most of the remaining ones
are due to const poisoning).

Code cleanup:-

The usual stuff, adding missing function prototypes, argument types,
return values, etc. In mktemp.c, convert pid from u_int to pid_t, and
get rid of "extern int errno".

Minor cleanup, #include's and unused vars.
Added compile-time warning to an old funky function.

This commit was generated by cvs2svn to compensate for changes in r1573,
which included commits to RCS files with non-trunk default branches.

BSD 4.4 Lite Lib Sources