Sync from coreutils.

* doc/getdate.texi (General date syntax): Invalid dates are rejected.
(Time of day items): Mention the possibility of leap seconds.
Problem reported by Dr. David Alan Gilbert.

* lib/chdir-long.c (cdb_free): Don't bother trying to open directory
for write access: POSIX says that must fail.
* lib/fts.c (diropen): Likewise.
* lib/save-cwd.c (save_cwd): Likewise.
* lib/chdir-long.c (cdb_free): Open with O_NOCTTY | O_NONBLOCK as
well, for minor improvements on hosts that lack O_DIRECTORY.

* lib/gettime.c (gettime) [!defined OK_TO_USE_1S_CLOCK]:
Report an error at compile-time if only a 1-second nominal clock
resolution is found.

* lib/lchmod.h: New file.
* lib/mkdir-p.c: Include lchmod.h, lchown.h.
(make_dir_parents): Use lchown rather than chown, and
lchmod rather than chmod.

* lib/mountlist.c (ME_DUMMY): "none" and "proc" file systems are dummies
too.  Problem with "none" reported by Bob Proulx.  Problem with
"proc" reported by n0dalus.

* lib/mountlist.c: Include <limits.h>.
(dev_from_mount_options)
[defined MOUNTED_GETMNTENT1 || defined MOUNTED_GETMNTENT2]:
New function.  It no longer assumes "dev=" has the System V meaning
on Linux (since it doesn't).  It also parses "dev=" more carefully.
(read_file_system_list)
[defined MOUNTED_GETMNTENT1 || defined MOUNTED_GETMNTENT2]: Use it.
MOUNTED_GETMNTENT2 is new here; the code didn't used to look for
dev= in that case.

* lib/posixtm.h (PDS_PRE_2000): New macro.
* lib/posixtm.c (year): Arg is now syntax_bits rather than allow_century.
All usages changed.  Reject dates outside the range 1969-1999 if
PDS_PRE_2000 is used.

* modules/mkdir-p (Files): Add chdir-safer.c, chdir-safer.h, lchmod.h,
chdir-safer.m4, lchmod.m4.
* modules/openat: Add mkdirat.c, openat-priv.h.
* modules/lib-ignore: New file.

* lib/version-etc.c (COPYRIGHT_YEAR): Update to 2006.

Rewrite fts.c not to change the current working directory,
by using openat, fstatat, fdopendir, etc..

* lib/fts.c [! _LIBC]: Include "openat.h", "unistd--.h", and "fcntl--.h".
[_LIBC] (fchdir): Don't undef or define; no longer used.
(FCHDIR): Define in terms of cwd_advance_fd rather than fchdir.
Now, this `function' always succeeds, and consumes its file descriptor
parameter -- so callers must not close such FDs.  Update callers.
(diropen_fd, opendirat, cwd_advance_fd): New functions.
(diropen): Add parameter, SP.  Adjust all callers.
Implement using diropen_fd, rather than open.
(fts_open): Initialize new member, fts_cwd_fd.
Remove fts_rft-setting code.
(fts_close): Close fts_cwd_fd, if necessary.
(__opendir2): Define in terms of opendir or opendirat,
depending on whether the FST_NOCHDIR flag is set.
(fts_build): Since fts_safe_changedir consumes its FD, and since
this code must do `closedir(dirp)', dup the dirfd(dirp) argument,
and close the dup'd file descriptor upon failure.
(fts_stat): Use fstatat(...AT_SYMLINK_NOFOLLOW) in place of lstat.
(fts_safe_changedir): Tweak semantics to reflect that this function
now calls cwd_advance_fd and hence consumes its FD argument.
* lib/fts_.h [struct FTS] (fts_cwd_fd): New member.
(fts_rft): Remove now-unused member.

* lib/openat.c (fchownat): New function.
* lib/openat.h (fchmodat, fchownat): Declare.
(chmodat, lchmodat): Define convenience functions.
(chownat, lchownat): Likewise.

* lib/chdir-safer.h, chdir-safer.c: New files.

* lib/modechange.c (mode_compile): Reject an invalid mode string
that starts with an octal digit.  From Andreas Gruenbacher.

* lib/openat.c: Include "fcntl--.h" and "unistd--.h", to map open
and dup to open_safer and dup_safer, respectively.
(openat_permissive): Fix typo in comment.

* lib/openat.c: Don't include <stdlib.h>, <unistd.h>, <fcntl.h>,
"gettext.h"; either no longer needed or are guaranteed by openat.h.
(_): Remove; no longer needed.
(openat): Renamed from rpl_openat; no need for rpl_openat
since openat.h renames openat for us.
Replace most of the body with a call to openat_permissive,
to avoid duplicate code.
Port to (probably hypothetical) environments were mode_t is
wider than int.
(openat_permissive): Require mode arg, so that we can check
types better.  Put it just after flags.  Change cwd failure
indicator from pointer-to-bool to pointer-to-errno-value.
All callers changed.
Invoke openat_save_fail and/or openat_restore_fail if
cwd_errno is null, so that openat can call us.
(openat_permissive, fdopendir, fstatat, unlinkat):
Simplify errno handling to avoid some duplicate code,
as it's OK to set errno on success.
* lib/openat.h: Revamp code so that function macros depend on
__OPENAT_PREFIX only, not also on AT_FDCWD.
(openat_ro): Remove.  Caller changed to use openat_permissive.
(openat_permissive): Now a macro, if not a function.
(openat_restore_fail, openat_save_fail): Now always functions,
since mkdirat needs them even if __OPENAT_PREFIX is defined.

* lib/openat-priv.h: New file, defining macros used by mkdirat.c
and openat.c.
* lib/mkdirat.c: Include openat-priv.h.
Remove definitions of macros defined therein.
* lib/openat.c: Likewise.

* lib/mkdirat.c (mkdirat): New file and function.
* lib/openat.h (mkdirat): Declare.

* lib/openat.c (fdopendir): Don't change errno when returning non-NULL.

* lib/openat.h (openat_permissive): Declare.
(openat_ro): Define.

* lib/openat.c (EXPECTED_ERRNO): New macro.
(openat_permissive): New function -- used in remove.c rewrite.
(all functions): Set errno just before returning, only if there
was an actual failure.
Use EXPECTED_ERRNO rather than comparing against only ENOTDIR.

Emulate openat-family functions using Linux's procfs, if possible.
Idea and some code based on Ulrich Drepper's glibc changes.

* lib/openat.c: (BUILD_PROC_NAME): New macro.
Include <stdio.h>, <string.h>, "alloca.h" and "intprops.h".
(rpl_openat): Emulate by trying to open /proc/self/fd/%d/%s,
before falling back on save_cwd and restore_cwd.
(fdopendir, fstatat, unlinkat): Likewise.

* lib/openat.c (fstatat, unlinkat): Perform the syscall directly,
skipping the save_cwd...restore_cwd overhead, if FILE is absolute.

* lib/openat.c (rpl_openat): Use the promoted type (int), not mode_t,
as second argument to va_arg.  Otherwise, some versions of gcc
warn that `if this code is reached, the program will abort'.

Add POSIX ACL support
* lib/acl.h (copy_acl, set_acl): Add declarations.
* lib/acl.c (acl_entries): Add fallback implementation for POSIX ACL
systems other than Linux.
(chmod_or_fchmod): New function: use fchmod when possible,
and chmod otherwise.
(file_has_acl): Add a POSIX ACL implementation, with a
Linux-specific subcase.
(copy_acl): Add: copy an acl and S_ISUID, S_ISGID, and
S_ISVTX from one file to another.  Fall back to fchmod/chmod when
acls are unsupported.
(set_acl): Add: set a file's acl and S_ISUID, S_ISGID, and
S_ISVTX to a defined value.  Fall back to fchmod/chmod when acls
are unsupported.

* m4/lib-ignore.m4: New file.
* m4/lchmod.m4: New file.

* m4/chdir-safer.m4: New file.
* m4/openat.m4 (gl_FUNC_OPENAT): Require and compile mkdirat.c.
Require openat-priv.h.

* m4/acl.m4 (AC_FUNC_ACL): Add POSIX ACL and Linux-specific acl tests.

1 files changed, 134 insertions, 68 deletions

diff --git a/lib/openat.c b/lib/openat.c
index 929d264924..69d4c23f9a 100644
--- a/lib/openat.c
+++ b/lib/openat.c
@@ -23,17 +23,15 @@
 
 #include "openat.h"
 
-#include <stdlib.h>
-#include <stdarg.h>
-#include <unistd.h>
-#include <errno.h>
-#include <fcntl.h>
-
 #include "dirname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */
+#include "fcntl--.h"
+#include "openat-priv.h"
 #include "save-cwd.h"
+#include "unistd--.h"
 
-#include "gettext.h"
-#define _(msgid) gettext (msgid)
+#include <stdarg.h>
+#include <stddef.h>
+#include <errno.h>
 
 /* Replacement for Solaris' openat function.
    <http://www.google.com/search?q=openat+site:docs.sun.com>
@@ -44,11 +42,8 @@
    Otherwise, upon failure, set errno and return -1, as openat does.
    Upon successful completion, return a file descriptor.  */
 int
-rpl_openat (int fd, char const *file, int flags, ...)
+openat (int fd, char const *file, int flags, ...)
 {
-  struct saved_cwd saved_cwd;
-  int saved_errno;
-  int new_fd;
   mode_t mode = 0;
 
   if (flags & O_CREAT)
@@ -56,37 +51,80 @@ rpl_openat (int fd, char const *file, int flags, ...)
       va_list arg;
       va_start (arg, flags);
 
-      /* Assume that mode_t is passed compatibly with mode_t's type
-	 after argument promotion.  */
-      mode = va_arg (arg, mode_t);
+      /* If mode_t is narrower than int, use the promoted type (int),
+         not mode_t.  Use sizeof to guess whether mode_t is nerrower;
+         we don't know of any practical counterexamples.  */
+      if (sizeof (mode_t) < sizeof (int))
+	mode = va_arg (arg, int);
+      else
+	mode = va_arg (arg, mode_t);
 
       va_end (arg);
     }
 
+  return openat_permissive (fd, file, flags, mode, NULL);
+}
+
+/* Like openat (FD, FILE, FLAGS, MODE), but if CWD_ERRNO is
+   nonnull, set *CWD_ERRNO to an errno value if unable to save
+   or restore the initial working directory.  This is needed only
+   the first time remove.c's remove_dir opens a command-line
+   directory argument.
+
+   If a previous attempt to restore the current working directory
+   failed, then we must not even try to access a `.'-relative name.
+   It is the caller's responsibility not to call this function
+   in that case.  */
+
+int
+openat_permissive (int fd, char const *file, int flags, mode_t mode,
+		   int *cwd_errno)
+{
+  struct saved_cwd saved_cwd;
+  int saved_errno;
+  int err;
+  bool save_ok;
+
   if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
     return open (file, flags, mode);
 
-  if (save_cwd (&saved_cwd) != 0)
-    openat_save_fail (errno);
-
-  if (fchdir (fd) != 0)
+  {
+    char *proc_file;
+    BUILD_PROC_NAME (proc_file, fd, file);
+    err = open (proc_file, flags, mode);
+    /* If the syscall succeeds, or if it fails with an unexpected
+       errno value, then return right away.  Otherwise, fall through
+       and resort to using save_cwd/restore_cwd.  */
+    if (0 <= err || ! EXPECTED_ERRNO (errno))
+      return err;
+  }
+
+  save_ok = (save_cwd (&saved_cwd) == 0);
+  if (! save_ok)
     {
-      saved_errno = errno;
-      free_cwd (&saved_cwd);
-      errno = saved_errno;
-      return -1;
+      if (! cwd_errno)
+	openat_save_fail (errno);
+      *cwd_errno = errno;
     }
 
-  new_fd = open (file, flags, mode);
+  err = fchdir (fd);
   saved_errno = errno;
 
-  if (restore_cwd (&saved_cwd) != 0)
-    openat_restore_fail (errno);
+  if (! err)
+    {
+      err = open (file, flags, mode);
+      saved_errno = errno;
+      if (save_ok && restore_cwd (&saved_cwd) != 0)
+	{
+	  if (! cwd_errno)
+	    openat_restore_fail (errno);
+	  *cwd_errno = errno;
+	}
+    }
 
   free_cwd (&saved_cwd);
-
   errno = saved_errno;
-  return new_fd;
+  return err;
 }
 
 #if !HAVE_FDOPENDIR
@@ -110,27 +148,37 @@ fdopendir (int fd)
   int saved_errno;
   DIR *dir;
 
-  if (save_cwd (&saved_cwd) != 0)
-    openat_save_fail (errno);
+  char *proc_file;
+  BUILD_PROC_NAME (proc_file, fd, ".");
+  dir = opendir (proc_file);
+  saved_errno = errno;
 
-  if (fchdir (fd) != 0)
+  /* If the syscall fails with an expected errno value, resort to
+     save_cwd/restore_cwd.  */
+  if (! dir && EXPECTED_ERRNO (saved_errno))
     {
-      saved_errno = errno;
+      if (save_cwd (&saved_cwd) != 0)
+	openat_save_fail (errno);
+
+      if (fchdir (fd) != 0)
+	{
+	  dir = NULL;
+	  saved_errno = errno;
+	}
+      else
+	{
+	  dir = opendir (".");
+	  saved_errno = errno;
+
+	  if (restore_cwd (&saved_cwd) != 0)
+	    openat_restore_fail (errno);
+	}
+
       free_cwd (&saved_cwd);
-      errno = saved_errno;
-      return NULL;
     }
 
-  dir = opendir (".");
-  saved_errno = errno;
-
-  if (restore_cwd (&saved_cwd) != 0)
-    openat_restore_fail (errno);
-
-  free_cwd (&saved_cwd);
   if (dir)
     close (fd);
-
   errno = saved_errno;
   return dir;
 }
@@ -151,32 +199,42 @@ fstatat (int fd, char const *file, struct stat *st, int flag)
   int saved_errno;
   int err;
 
-  if (fd == AT_FDCWD)
+  if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
     return (flag == AT_SYMLINK_NOFOLLOW
 	    ? lstat (file, st)
 	    : stat (file, st));
 
+  {
+    char *proc_file;
+    BUILD_PROC_NAME (proc_file, fd, file);
+    err = (flag == AT_SYMLINK_NOFOLLOW
+	   ? lstat (proc_file, st)
+	   : stat (proc_file, st));
+    /* If the syscall succeeds, or if it fails with an unexpected
+       errno value, then return right away.  Otherwise, fall through
+       and resort to using save_cwd/restore_cwd.  */
+    if (0 <= err || ! EXPECTED_ERRNO (errno))
+      return err;
+  }
+
   if (save_cwd (&saved_cwd) != 0)
     openat_save_fail (errno);
 
-  if (fchdir (fd) != 0)
+  err = fchdir (fd);
+  saved_errno = errno;
+
+  if (! err)
     {
+      err = (flag == AT_SYMLINK_NOFOLLOW
+	     ? lstat (file, st)
+	     : stat (file, st));
       saved_errno = errno;
-      free_cwd (&saved_cwd);
-      errno = saved_errno;
-      return -1;
-    }
 
-  err = (flag == AT_SYMLINK_NOFOLLOW
-	 ? lstat (file, st)
-	 : stat (file, st));
-  saved_errno = errno;
-
-  if (restore_cwd (&saved_cwd) != 0)
-    openat_restore_fail (errno);
+      if (restore_cwd (&saved_cwd) != 0)
+	openat_restore_fail (errno);
+    }
 
   free_cwd (&saved_cwd);
-
   errno = saved_errno;
   return err;
 }
@@ -195,28 +253,36 @@ unlinkat (int fd, char const *file, int flag)
   int saved_errno;
   int err;
 
-  if (fd == AT_FDCWD)
+  if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
     return (flag == AT_REMOVEDIR ? rmdir (file) : unlink (file));
 
+  {
+    char *proc_file;
+    BUILD_PROC_NAME (proc_file, fd, file);
+    err = (flag == AT_REMOVEDIR ? rmdir (proc_file) : unlink (proc_file));
+    /* If the syscall succeeds, or if it fails with an unexpected
+       errno value, then return right away.  Otherwise, fall through
+       and resort to using save_cwd/restore_cwd.  */
+    if (0 <= err || ! EXPECTED_ERRNO (errno))
+      return err;
+  }
+
   if (save_cwd (&saved_cwd) != 0)
     openat_save_fail (errno);
 
-  if (fchdir (fd) != 0)
+  err = fchdir (fd);
+  saved_errno = errno;
+
+  if (! err)
     {
+      err = (flag == AT_REMOVEDIR ? rmdir (file) : unlink (file));
       saved_errno = errno;
-      free_cwd (&saved_cwd);
-      errno = saved_errno;
-      return -1;
-    }
 
-  err = (flag == AT_REMOVEDIR ? rmdir (file) : unlink (file));
-  saved_errno = errno;
-
-  if (restore_cwd (&saved_cwd) != 0)
-    openat_restore_fail (errno);
+      if (restore_cwd (&saved_cwd) != 0)
+	openat_restore_fail (errno);
+    }
 
   free_cwd (&saved_cwd);
-
   errno = saved_errno;
   return err;
 }