Have zmodem_recv_nibble() explicitly range-check all values, and
handle negative values.  If this remains an issue, it can be
untainted with range checks on each nibble, but let's not go there
to start with.

This is purely to shut up Coverity since there's no way the value
could be outside the range.

Coverity seems to hate it mostly in the mutex, so change it to
mostly outside of the mutex and see if that's fine.

It doesn't really matter where it's changed as it's an atomic bool.

We don't want ch == -2 derping through the rest of the loop.
Luckily, ch is never currently == -2 as far as I know.

Initially set 1MB as the max macro size.  I can't imagine wanting
one bigger than this, but I can bump it up if needed.

This likely fixes a vulerability where the BBS could at least crash
SyncTERM, and at most take control of the users system.  This
likely isn't the only place that needs bounds checks like this.

If a write() to the sound device fails (for example USB device goes
away), this would loop forever (in it's own thread and whatnot,
so you only notice because sounds stops and a core gets used up).

Not that there's any need to, it appears that it was written for
the web server, then discarded for that purpose and now is only
called from the JS Socket.sendfile() method, which always passes
NULL and 0 for the last two parameters, and has a copy/pasted
implementation for TLS sockets.  The only consumer of that in
the tree appears to be gopher_service.js.

It was apparently to use as a wrapper for the high-performance
FreeBSD sendfile(), but that code behaved differently than all
the other platforms, and was disabled (behind USE_SENDFILE, which
isn't defined anywhere).

This should really just be folded into either js_socket_sendfilesocket()
or js_sendfile() with the extra knobs broken off and all the TODO
comments I'm adding here addressed.

Though, since Socket.sendfile() returns a bool where true indicates
that either the size of the file at the start of the function
was sent, or an EOF was reached, and false indicates that
"something else happened", some of the TODO comments don't really
need to be addressed.

Basically, this is a crap function and it's only used by an even
more crap JS wrapper, it should be tucked into a backward
compatibility function, removed from the JSDocs, and forgotten
about.

If Coverity keeps complaining about this, I'll wait until after
the next release and drag this out back and shoot it.  Otherwise,
I'll just forget it ever existed.

This may be the first time in my life that I've used difftime()...
which is strictly one of only two things you're actually allowed
to do with a time_t per the C standard (the other is convert into
a broken-down time).

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

This reverts commit 9b2c9c08.

Don't need this now that we use the property sheet method

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

This is the (better) way. See, Deuce knows the coolness of property sheets!

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

To get proper high DPI scaling and such

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

This reverts commit cb710acf.

This is not the way.

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

When passed values between (-1 and -59), this function would output something
nonsensical like: "UTC0:01" or "UTC0:59". Now we'll make sure there's a minus
sign in these conditions (e.g. "UTC-0:01" and "UTC-0:59").

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

This isn't doing what I want, but maybe Deuce can help look at the artifact
from the build pipeline and offer suggestions.

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

Also, change the shell order a little

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

If the timezone is set to automatic and it's not a new install, don't display
"UTC0:01" as the time zone (that's weird), display "Automatic (UTC[+/-]HH:MM)"
instead.

When changing the system password via this config wizard, the cryptlib.key
and ssl.cert files, if they exist, will be invalid, so delete them.

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

See issue #854 for details

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

Most of these shells (their menu/display files really) require a terminal at
least 80 columns wide to look/work right.

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

warning C4244: 'return': conversion from 'uint64_t' to 'unsigned int',
possible loss of data

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

... especially when it's already beeen installed

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

This'll keep your ip.can and spamblock.cfg files maintained.

This is that rare case where a Coverity fix makes the code more
obvious and shorter.

This ones does require SSIZE_MAX... so let's see what the pipes say...

These are either correct and trivial to fix, or false positives,
but fixing is easy enough that it's not a problem.

While it's only been around for about 18 years, I'll assume that
anyone updating the exec directory has updated Synchronet as well.

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

(user_t.misc, User.settings), when enabling auto-terminal detection. This is
similar to what we do in logon.cpp already:

	useron.misc |= (AUTOTERM | autoterm);

We used to have this logic in useredit.cpp, but was removed in commit
8a71ab16, probably due to editing offline users (e.g. in ;uedit sysop
comand). So just do the copy of autoterm flags when editing the *current*
(online) user. This likely addresses the original concern in that commit.

And it fixes issue #853, thanks to Deuce for root-causing

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

... since that puts us back into VGA tall-font mode

Rob Swindell authored 2 months ago and Deucе committed 2 months ago

Each app can have its own config file as well (e.g. ctrl/scfg.ini)