| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
ref. https://todo.sr.ht/~bptato/chawan/21
|
| |
|
|
|
| |
* line, vector, matrix -> path
* twtuni, charcategory -> twtstr
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fix matching on unstripped whitespace: caught after upgrading to
upstream dash & chaseccomp wouldn't compile
* add defines to ensure that we computed the filter length correctly
* inline cut_label
* EPERM on sigaction, sigprocmask, gettid, and kill on tgkill (so a
crash doesn't trigger sandbox violations)
* move SIGSYS handler to C and add one for the network
The last change removes the stack trace from SIGSYS, but gives us the
syscall number which is probably more useful. (Indeed, we don't even
have a stack trace in release builds.)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm starting to favor dotfiles over XDG basedirs, but there's no reason
why we couldn't have both. So now the search path is:
0. if config was set through -C, use that
1. $CHA_CONFIG_DIR is set -> $CHA_CONFIG_DIR/config.toml
2. $XDG_CONFIG_HOME is set -> $XDG_CONFIG_HOME/chawan/config.toml
3. ~/.config/chawan/config.toml exists -> use that
4. ~/.chawan/config.toml exists -> use that
Notably, this makes it so the default directory is ~/.chawan *if* you
don't have an existing config.toml file. So in that case known_hosts
will be placed in ~/.chawan/known_hosts. However, configurations with a
config in ~/.config/chawan/config.toml continue to work as expected, as
for those the known_hosts file remains inside ~/.config/chawan/.
Finally, I've added a default user CGI directory to reduce friction in
setting CGI up. (Like known_hosts, it's also relative to whatever config
dir you have.)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This drops libseccomp as a dependency.
Also, move the capsicum/pledge definitions from bindings to sandbox.nim
because they are only used there.
Interestingly, after integrating chaseccomp I found that the
stbi process would mysteriously crash by a getrandom(2) syscall.
Closer investigation revealed it is only called on the initialization
of glibc's malloc; presumably it had never surfaced before because
libseccomp would always allocate before entering the sandbox.
So I've added getrandom to our filter as well.
|
| |
|
|
|
|
|
|
|
|
|
| |
nativesockets is a wrapper over posix and winapi, but we don't support
winapi, so we can just fall back to PosixStream instead.
SocketStream remains as a constraint over PosixStream to allow
sendFileHandle/recvFileHandle.
As a nice side effect, we can drop some allowed syscalls from the
seccomp filter.
|
| |
|
|
|
| |
On a second thought, no timeouts for name resolution is fine - and even
if it weren't, it's better implemented in the loader.
|
| |
|
|
|
| |
* remove unused DateTime toml type
* add parseIntP for pointer-size int parsing
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Substitute tabs with one of eight PUA characters based on their width,
and convert them back in the pager:
* TUI mode always prints spaces, but now handles tabs appropriately on
cursor movement
* dump mode tries to preserve hard tabs, but uses soft tabs when that is
not possible (e.g. tabs after a margin, tab with background color,
etc)
* selection mode always outputs hard tabs.
|
| | |
|
| | |
|
| |
|
|
| |
used on 32-bit platforms
|
| |
|
|
|
| |
Now we use QuickJS-NG, which is better maintained than QJS and has
column tracking.
|
| |
|
|
|
|
| |
Also, kill twidth and its friends; we haven't been using it for a
while now. (In the future, a solution with PUA chars might be worth
exploring.)
|
| |
|
|
| |
required for poll
|
| |
|
|
|
|
|
|
|
|
|
|
| |
std/selectors uses OS-specific selector APIs, which sounds good in
theory (faster than poll!), but sucks for portability in practice.
Sure, you can fix portability bugs, but who knows how many there are
on untested platforms... poll is standard, so if it works on one
computer it should work on all other ones. (I hope.)
As a bonus, I rewrote the timeout API for poll, which incidentally
fixes setTimeout across forks. Also, SIGWINCH should now work on all
platforms (as we self-pipe instead of signalfd/kqueue magic).
|
| |
|
|
|
| |
* reduce copies & allocations
* simplify SGR generation
|
| |
|
|
|
|
| |
* simplify uint parser
* use uint parser for signed ints too (to simplify overflow handling)
* use openArray[char] where possible
|
| |
|
|
| |
looks like it's also necessary for musl
|
| |
|
|
| |
fcntl has some cursed commands that we really don't want to allow
|
| |
|
|
| |
Make sure U+FFFD is returned when a bounds check fails.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
std/unicode has the following issues:
* Rune is an int32, which implies overflow checking. Also, it is
distinct, so you have to convert it manually to do arithmetic.
* QJS libunicode and Chagashi work with uint32, interfacing with these
required pointless type conversions.
* fastRuneAt is a template, meaning it's pasted into every call
site. Also, it decodes to UCS-4, so it generates two branches that
aren't even used. Overall this lead to quite some code bloat.
* fastRuneAt and lastRune have frustratingly different
interfaces. Writing code to handle both cases is error prone.
* On older Nim versions which we still support, std/unicode takes
strings, not openArray[char]'s.
Replace it with "twtuni", which includes some improved versions of
the few procedures from std/unicode that we actually use.
|
| |
|
|
|
| |
Wait, why does std fastRuneAt try to decode UCS-32?
Hmm...
|
| | |
|
| |
|
|
|
| |
WSL needs it. It was already allowed on Android, so this just makes the
sandboxes converge a little.
|
| |
|
|
|
|
|
|
| |
Do it like parseEnumNoCase0, so we no longer instantiate a gazillion
different binary searches for the same type.
While we're at it, make matchNameProduction's searchInMap use uint32
too.
|
| |
|
|
|
|
|
| |
Until recently, glibc used to implement it as fstatat. So don't trap
for fstatat (and for consistency, fstat), but return EPERM.
Just to be sure, rewrite sixel & stbi to never call fread.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
* fix header case sensitivity issues
-> probably still wrong as it discards the original
casing. better than nothing, anyway
* fix fulfill on generic promises
* support standard open() async parameter weirdness
* refactor loader response body reading (so bodyRead is no longer
mandatory)
* actually read response body
still missing: response body getters
|
| |
|
|
| |
Dispatch manually with fromJS instead.
|
| |
|
|
| |
+ slightly optimize getContentType
|
| |
|
|
| |
Nim 1.6 does not like it.
|
| |
|
|
| |
called on armhf
|
| | |
|
| |
|
|
| |
was only used by the PNG decoder which got replaced by stbi
|
| |
|
|
|
|
|
| |
* cssvalues, twtstr: unify enum parsing code paths, parse enums by
bisearch instead of hash tables
* mediaquery: refactor (long overdue), fix range comparison syntax
parsing, make ident comparisons case-insensitive (as they should be)
|
| | |
|
| |
|
|
|
|
|
|
|
| |
* buffer, pager, config: add meta-refresh value, which makes it possible
to follow http-equiv=refresh META tags.
* config: clean up redundant format mode parser
* timeout: accept varargs for params to pass on to functions
* pager: add "options" dict to JS gotoURL
* twtstr: remove redundant startsWithNoCase
|
| |
|
|
|
|
| |
* fix various parsing bugs
* rewrite state machine
* other small optimizations
|
| |
|
|
|
| |
Still not perfect, because it crashes on missing /tmp dir so you have to
manually set it...
|
| | |
|
| | |
|
| |
|
|
| |
and enable it by default.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Saves bandwidth; it's especially useful over SSH. Still not sure if this
is the right solution, since it now needs two select cycles instead
of one, and it does yet another copy of the image. (Unnecessarily,
because stbi cannot stream its output, and stbiw cannot stream its
input.)
Also, to save memory, we now discard decoded images of buffers that are
not being viewed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* resize images with stb_image_resize
* use tee for output handle redirection (redirectToFile blocks)
* cache original image files
* accept lseek in sandbox
* misc stbi fixes
For now, I just pulled in stb_image_resize v1. v2 is an extra 150K in
size, not sure if it's worth the cost. (Either way, we can always switch
later if needed, since the API is almost the same.)
Next step: move sixel/kitty encoders to CGI, and cache their output in
memory instead of the intermediate RGBA representation.
|
| |
|
|
|
|
|
| |
Now we have decoders for gif, jpeg, bmp. Also, the in-house PNG decoder
has been replaced in favor of the stbi implementation; this means we
no longer depend on zlib, since stbi comes with a built in inflate
implementation.
|