Re: NSD 4.3.3

2020-10-09 Thread Stuart Henderson 
On 2020/10/09 21:35, Stuart Henderson wrote:
> Here's an update to NSD 4.3.3.  Any tests/comments/OKs?

Updated to reinstate the pledge lost in nsd.c (merge error as we had a
local commit post 4.3.2), spotted by tb.

(I didn't reorder the diff for easier reading this time).

Index: Makefile.in
===
RCS file: /cvs/src/usr.sbin/nsd/Makefile.in,v
retrieving revision 1.29
diff -u -p -r1.29 Makefile.in
--- Makefile.in 23 Jul 2020 13:54:07 -  1.29
+++ Makefile.in 9 Oct 2020 21:36:14 -
@@ -126,7 +126,7 @@ install:
 orig-install: all
$(INSTALL) -d $(DESTDIR)$(sbindir)
$(INSTALL) -d $(DESTDIR)$(configdir)
-   $(INSTALL) -d $(DESTDIR)$(piddir)
+   if test -n "$(piddir)"; then $(INSTALL) -d $(DESTDIR)$(piddir); fi
$(INSTALL) -d $(DESTDIR)$(xfrdir)
$(INSTALL) -d $(DESTDIR)$(dbdir)
$(INSTALL) -d $(DESTDIR)$(mandir)
Index: acx_nlnetlabs.m4
===
RCS file: /cvs/src/usr.sbin/nsd/acx_nlnetlabs.m4,v
retrieving revision 1.3
diff -u -p -r1.3 acx_nlnetlabs.m4
--- acx_nlnetlabs.m424 Jun 2016 08:34:03 -  1.3
+++ acx_nlnetlabs.m49 Oct 2020 21:36:14 -
@@ -2,7 +2,8 @@
 # Copyright 2009, Wouter Wijngaards, NLnet Labs.   
 # BSD licensed.
 #
-# Version 34
+# Version 35
+# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0).
 # 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0.
 # 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0).
 # 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20
@@ -673,30 +674,30 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 ACX_RUNTIME_PATH_ADD([$ssldir/lib])
 fi
 
-AC_MSG_CHECKING([for HMAC_Update in -lcrypto])
+AC_MSG_CHECKING([for EVP_sha256 in -lcrypto])
 LIBS="$LIBS -lcrypto"
 LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto"
 AC_TRY_LINK(, [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ], [
 AC_MSG_RESULT(yes)
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-  [If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+  [If you have EVP_sha256])
   ], [
 AC_MSG_RESULT(no)
 # check if -lwsock32 or -lgdi32 are needed.
 BAKLIBS="$LIBS"
 BAKSSLLIBS="$LIBSSL_LIBS"
-LIBS="$LIBS -lgdi32"
-LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32"
+   LIBS="$LIBS -lgdi32 -lws2_32"
+   LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32"
 AC_MSG_CHECKING([if -lcrypto needs -lgdi32])
 AC_TRY_LINK([], [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ],[
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-[If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+[If you have EVP_sha256])
 AC_MSG_RESULT(yes) 
   ],[
 AC_MSG_RESULT(no)
@@ -706,11 +707,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 LIBSSL_LIBS="$LIBSSL_LIBS -ldl"
 AC_MSG_CHECKING([if -lcrypto needs -ldl])
 AC_TRY_LINK([], [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ],[
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-[If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+[If you have EVP_sha256])
 AC_MSG_RESULT(yes) 
   ],[
 AC_MSG_RESULT(no)
@@ -720,11 +721,11 @@ AC_DEFUN([ACX_SSL_CHECKS], [
 LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread"
 AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread])
 AC_TRY_LINK([], [
-int HMAC_Update(void);
-(void)HMAC_Update();
+int EVP_sha256(void);
+(void)EVP_sha256();
   ],[
-AC_DEFINE([HAVE_HMAC_UPDATE], 1, 
-[If you have HMAC_Update])
+AC_DEFINE([HAVE_EVP_SHA256], 1,
+[If you have EVP_sha256])
 AC_MSG_RESULT(yes) 
   ],[

NSD 4.3.3

2020-10-09 Thread Stuart Henderson 
Here's an update to NSD 4.3.3.  Any tests/comments/OKs?

diff in order;
- changelog
- code changes
- manpage changes
- autoconf foo

 doc/ChangeLog  |   55 
 doc/RELNOTES   |   24 
 dbaccess.c |4 -
 ipc.c  |1 
 mini_event.h   |5 +
 nsd-control.c  |2 
 nsd.c  |  141 ---
 options.c  |   16 +
 options.h  |4 +
 server.c   |2 
 tsig-openssl.c |  145 +
 tsig-openssl.h |2 
 util.c |   13 
 util.h |3 -
 zonec.c|8 ++
 zonec.h|2 
 nsd-checkconf.8.in |2 
 nsd-checkzone.8.in |2 
 nsd-control.8.in   |2 
 nsd.8.in   |4 -
 nsd.conf.5.in  |   12 ++--
 nsd.conf.sample.in |4 -
 Makefile.in|2 
 acx_nlnetlabs.m4   |   47 +
 config.h.in|   12 
 configure  |   56 ++--
 configure.ac   |   22 
 27 files changed, 507 insertions(+), 85 deletions(-)

Index: doc/ChangeLog
===
RCS file: /cvs/src/usr.sbin/nsd/doc/ChangeLog,v
retrieving revision 1.4
diff -u -p -r1.4 ChangeLog
--- doc/ChangeLog   23 Jul 2020 13:54:08 -  1.4
+++ doc/ChangeLog   9 Oct 2020 20:28:16 -
@@ -1,3 +1,58 @@
+1 October 2020: Wouter
+   - tag for 4.3.3rc1 release.
+
+30 September 2020: Wouter
+   - Updated date in nsd -v output.
+   - Fixup bug013_truncate, checkconf and cutest_qroot tests for new
+ default EDNS size.
+
+29 September 2020: Willem
+   - Follow DNS flag day 2020 advice and
+ set default EDNS message size to 1232.
+
+4 September 2020: Wouter
+   - Remove unused space from LIBS on link line.
+
+3 September 2020: Wouter
+   - Merge PR #121: Increase log level of recreated database from
+ WARNING to ERR.
+
+1 September 2020: Wouter
+   - Fix #119: fix compile warnings from new gcc.
+   - Fix #119: warn when trying to parse a directory.
+
+27 August 2020: Wouter
+   - Merged PR #113 with fixes.  Instead of listing an IP-address to
+ listen on, an interface name can be specified in nsd.conf, with
+ ip-address: eth0.  The IP-addresses for that interface are then used.
+
+26 August 2020: Wouter
+   - Add xstrdup for PR #113.
+   - Tidy up code like in PR #113.
+   - Import code from PR #113.
+   - Fix for unknown EVP_MAC_CTX_free function in openssl 3.0.0 tsig code.
+
+24 August 2020: Wouter
+   - Fix that configure checks for EVP_sha256 to detect openssl, because
+ HMAC_CTX_new is deprecated in 3.0.0.
+   - Port TSIG code for openssl 3.0.0-alpha6.
+   - Sync acx_nlnetlabs.m4 with the unbound repo.
+   - Review fixes for tsig, defensive free and zero.
+
+4 August 2020: Wouter
+   - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
+ fd_set - patch.
+
+23 July 2020: Wouter
+   - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
+
+15 July 2020: Wouter
+   - Fix make install with --with-pidfile="".
+
+14 July 2020: Wouter
+   - Tag for 4.3.2 release.  Master branch contains the next version
+ in development, 4.3.3.
+
 7 July 2020: Wouter
- Tag for 4.3.2rc1.
 
Index: doc/RELNOTES
===
RCS file: /cvs/src/usr.sbin/nsd/doc/RELNOTES,v
retrieving revision 1.3
diff -u -p -r1.3 RELNOTES
--- doc/RELNOTES23 Jul 2020 13:54:08 -  1.3
+++ doc/RELNOTES9 Oct 2020 20:28:16 -
@@ -1,5 +1,29 @@
 NSD RELEASE NOTES
 
+4.3.3
+
+FEATURES:
+   - Follow DNS flag day 2020 advice and
+ set default EDNS message size to 1232.
+   - Merged PR #113 with fixes.  Instead of listing an IP-address to
+ listen on, an interface name can be specified in nsd.conf, with
+ ip-address: eth0.  The IP-addresses for that interface are then used.
+   - Port TSIG code for openssl 3.0.0-alpha6.
+BUG FIXES:
+   - Fix make install with --with-pidfile="".
+   - Merge #115 from millert: Fix strlcpy() usage. From OpenBSD.
+   - Merge #117: mini_event.h (4.3.2 and 4.3.1) on OpenBSD cannot find
+ fd_set - patch.
+   - Fix that configure checks for EVP_sha256 to detect openssl, because
+ HMAC_CTX_new is deprecated in 3.0.0.
+   - Fix #119: fix compile warnings from new gcc.
+   - Fix #119: warn when trying to parse a directory.
+   - Merge PR #121: Increase log level of recreated database from
+ WARNING to ERR.
+   - Remove unused space from LIBS on link line.
+   - Updated date in nsd -v output.
+
+
 4.3.2
 
 FEATURES:
Index: dbaccess.c
===
RCS file:

xhci zero length transfers 'leak' one transfer buffer count

2020-10-09 Thread Jonathon Fletcher 


In xhci_xfer_get_trb, the count of transfer buffers in the pipe (xp->free_trbs) 
is always decremented but the count of transfer buffers used in the transfer 
(xx->ntrb) is not incremented for zero-length transfers. The result of this is 
that, at the end of a zero length transfer, xp->free_trbs has 'lost' one.

Over time, this mismatch of unconditional decrement (xp->free_trbs) vs 
conditional increment (xx->ntrb) results in xhci_device_*_start returning 
USBD_NOMEM.

The patch below works around this by only decrementing xp->free_trbs in the 
cases when xx->ntrb is incremented.

Jonathon


Index: xhci.c
===
RCS file: /cvs/src/sys/dev/usb/xhci.c,v
retrieving revision 1.119
diff -u -p -u -r1.119 xhci.c
--- xhci.c  31 Jul 2020 19:27:57 -  1.119
+++ xhci.c  9 Oct 2020 19:11:45 -
@@ -1836,7 +1836,6 @@ xhci_xfer_get_trb(struct xhci_softc *sc,
struct xhci_xfer *xx = (struct xhci_xfer *)xfer;
 
KASSERT(xp->free_trbs >= 1);
-   xp->free_trbs--;
*togglep = xp->ring.toggle;
 
switch (last) {
@@ -1847,11 +1846,13 @@ xhci_xfer_get_trb(struct xhci_softc *sc,
xp->pending_xfers[xp->ring.index] = xfer;
xx->index = -2;
xx->ntrb += 1;
+   xp->free_trbs--;
break;
case 1: /* This will terminate a chain. */
xp->pending_xfers[xp->ring.index] = xfer;
xx->index = xp->ring.index;
xx->ntrb += 1;
+   xp->free_trbs--;
break;
}

Re: timeout(9): add clock-based timeouts (attempt 2)

2020-10-09 Thread Theo de Raadt 
> I think this is good to go.  ok kettenis@
> 
> Did briefly discuss with Theo during k2k20 and the consensus was it
> should go in after relase.  Which is now!

Agree.

Re: timeout(9): add clock-based timeouts (attempt 2)

2020-10-09 Thread Mark Kettenis 
> From: Scott Cheloha 
> Date: Fri, 9 Oct 2020 13:03:05 -0500
> 
> Hey,
> 
> > On Oct 7, 2020, at 8:49 PM, 内藤 祐一郎  wrote:
> > 
> > Hi.
> > 
> > I'm looking forward to this patch is committed.
> > Because this patch solves my problem about CARP timeout.
> > 
> > IIJ, a company that I am working for, is using carp(4) on VMware ESXi hosts
> > for VPN and web gateway services.
> > 
> > One is master and the other is backup of carp(4).
> > Active host sometimes failover to backup when the ESXi host gets high cpu 
> > usage.
> > And also CPU ready of OpenBSD machine seems high average on ESXi monitor.
> > 
> > High CPU ready machine delays sending carp advertisement for 3 or 4 seconds.
> > It is enough to failover to backup.
> > 
> > In my investigation, OpenBSD machine does not always get CPU under high CPU 
> > ready condition.
> > Although it is needed for interrupt handler.
> > The delay of calling hardclock() causes tick count up delay.
> > One delay is small but will never be resolved.
> > So total delay can reach 3 or 4 seconds while tick counts up to 100.
> > The tickless patch can solve the delay.
> > 
> > I have tried to adapt in_carp.c to the tickless attempt 2.
> > Delay of carp advertisement reduced to about 2 seconds.
> 
> I'm glad to hear it improves things.  Thanks for testing it out.
> 
> >> 2020/09/09 4:00、Mark Kettenis のメール:
> >> The diff looks reasonable to me, but I'd like to discuss the path
> >> forward with some people during the hackathon next week.
> > 
> > Is there any discussion in the hackathon?
> 
> Not that I heard.  I wasn't at the hackathon, though.
> 
> --
> 
> If I get an OK from someone I will commit what I have so far.
> 
> Where do we stand?
> 
> - The nitty gritty details in this commit -- the hashing,
>   the loops, and the basic algorithm -- haven't changed
>   in almost a year.  I'm confident they work.
> 
> - The commit itself doesn't change any behavior because no
>   existing timeouts are converted to use timeout_set_kclock().
>   So we shouldn't see any regressions like last time until
>   someone deliberately changes an existing timeout to use the
>   kclock interfaces.
> 
> The thing that needs to be decided is how to go about dragging
> the rest of the tree into using the kclock timeout interfaces.
> 
> - Should we keep a tick-based timeout interface?  If so,
>   for how long?  Linux kept theirs as a distinct interface.
>   FreeBSD discarded theirs.
> 
> - Should we quietly reimplement timeout_add_sec(9), etc.,
>   in terms of kclock timeouts or should we do a full-tree
>   API change to explicitly use timeout_in_nsec()?
> 
> I don't think we can make such decisions without putting kclock
> timeouts into the tree so people can use them.
> 
> So, are you OK with this as-is?
> 
> Anybody else?

I think this is good to go.  ok kettenis@

Did briefly discuss with Theo during k2k20 and the consensus was it
should go in after relase.  Which is now!

Re: timeout(9): add clock-based timeouts (attempt 2)

2020-10-09 Thread Scott Cheloha 
Hey,

> On Oct 7, 2020, at 8:49 PM, 内藤 祐一郎  wrote:
> 
> Hi.
> 
> I'm looking forward to this patch is committed.
> Because this patch solves my problem about CARP timeout.
> 
> IIJ, a company that I am working for, is using carp(4) on VMware ESXi hosts
> for VPN and web gateway services.
> 
> One is master and the other is backup of carp(4).
> Active host sometimes failover to backup when the ESXi host gets high cpu 
> usage.
> And also CPU ready of OpenBSD machine seems high average on ESXi monitor.
> 
> High CPU ready machine delays sending carp advertisement for 3 or 4 seconds.
> It is enough to failover to backup.
> 
> In my investigation, OpenBSD machine does not always get CPU under high CPU 
> ready condition.
> Although it is needed for interrupt handler.
> The delay of calling hardclock() causes tick count up delay.
> One delay is small but will never be resolved.
> So total delay can reach 3 or 4 seconds while tick counts up to 100.
> The tickless patch can solve the delay.
> 
> I have tried to adapt in_carp.c to the tickless attempt 2.
> Delay of carp advertisement reduced to about 2 seconds.

I'm glad to hear it improves things.  Thanks for testing it out.

>> 2020/09/09 4:00、Mark Kettenis のメール:
>> The diff looks reasonable to me, but I'd like to discuss the path
>> forward with some people during the hackathon next week.
> 
> Is there any discussion in the hackathon?

Not that I heard.  I wasn't at the hackathon, though.

--

If I get an OK from someone I will commit what I have so far.

Where do we stand?

- The nitty gritty details in this commit -- the hashing,
  the loops, and the basic algorithm -- haven't changed
  in almost a year.  I'm confident they work.

- The commit itself doesn't change any behavior because no
  existing timeouts are converted to use timeout_set_kclock().
  So we shouldn't see any regressions like last time until
  someone deliberately changes an existing timeout to use the
  kclock interfaces.

The thing that needs to be decided is how to go about dragging
the rest of the tree into using the kclock timeout interfaces.

- Should we keep a tick-based timeout interface?  If so,
  for how long?  Linux kept theirs as a distinct interface.
  FreeBSD discarded theirs.

- Should we quietly reimplement timeout_add_sec(9), etc.,
  in terms of kclock timeouts or should we do a full-tree
  API change to explicitly use timeout_in_nsec()?

I don't think we can make such decisions without putting kclock
timeouts into the tree so people can use them.

So, are you OK with this as-is?

Anybody else?

Re: Please test: switch select(2) to kqfilters

2020-10-09 Thread Martin Pieuchot 
On 02/10/20(Fri) 12:19, Martin Pieuchot wrote:
> Diff below modifies the internal implementation of {p,}select(2) to
> query kqfilter handlers instead of poll ones.
> 
> I deliberately left {p,}poll(2) untouched to ease the transition.
> 
> This diff includes some kqueue refactoring from visa@.  It is built on
> top of the changes that went in during the last release cycle notably
> EVFILT_EXCEPT and NOTE_OOB.
> 
> A mid-term goal of this change would be to get rid of the poll handlers
> in order to have a single event system in the kernel to maintain and
> turn mp-safe.
> 
> The logic is as follow:
> 
> - With this change every thread get a "private" kqueue, usable by the
>   kernel only, to register events for select(2) and later poll(2).
> 
> - Events specified via FD_SET(2) are converted to their kqueue equivalent.
> 
> - kqueue_scan() has been modified to be restartable and work with a given
>   kqueue.
> 
> - At the end of every {p,}select(2) syscall the private kqueue is purged.
> 
> This version includes a fix for a previously reported regression triggered
> by regress/usr.bin/ssh's keyscan test.
> 
> 
> I'd like to get this in early in this release cycle, so please test and
> report back :o)

Thanks for all the reports.  Here's an updated version including the
following changes:

- Allocate the per-thread kqueue in the first {p,}select(2) syscall to
  not waste resources as suggested by anton@

- Keep EWOULDBLOCK handling inside kqueue_scan(), pointed by cheloha@

- Add a comment to better explain why successive kqueue_scan() calls are
  always non-blocking

I'm appreciate reviews/oks on the kqueue_scan() refactoring I sent to
start shrinking this diff.

Tests are always welcome, especially on non-amd64 architectures.

diff --git sys/kern/kern_event.c sys/kern/kern_event.c
index 9bc469b1235..87f15831c8f 100644
--- sys/kern/kern_event.c
+++ sys/kern/kern_event.c
@@ -57,6 +57,7 @@
 #include 
 #include 
 
+struct kqueue *kqueue_alloc(struct filedesc *);
 void   kqueue_terminate(struct proc *p, struct kqueue *);
 void   kqueue_free(struct kqueue *);
 void   kqueue_init(void);
@@ -64,9 +65,6 @@ void  KQREF(struct kqueue *);
 void   KQRELE(struct kqueue *);
 
 intkqueue_sleep(struct kqueue *, struct timespec *);
-intkqueue_scan(struct kqueue *kq, int maxevents,
-   struct kevent *ulistp, struct timespec *timeout,
-   struct kevent *kev, struct proc *p, int *retval);
 
 intkqueue_read(struct file *, struct uio *, int);
 intkqueue_write(struct file *, struct uio *, int);
@@ -507,6 +505,27 @@ const struct filterops dead_filtops = {
.f_event= filt_dead,
 };
 
+void
+kqpoll_init(struct proc *p)
+{
+   if (p->p_kq != NULL)
+   return;
+
+   p->p_kq = kqueue_alloc(p->p_fd);
+   p->p_kq_serial = arc4random();
+}
+
+void
+kqpoll_exit(struct proc *p)
+{
+   if (p->p_kq == NULL)
+   return;
+
+   kqueue_terminate(p, p->p_kq);
+   kqueue_free(p->p_kq);
+   p->p_kq = NULL;
+}
+
 struct kqueue *
 kqueue_alloc(struct filedesc *fdp)
 {
@@ -554,6 +573,7 @@ out:
 int
 sys_kevent(struct proc *p, void *v, register_t *retval)
 {
+   struct kqueue_scan_state scan;
struct filedesc* fdp = p->p_fd;
struct sys_kevent_args /* {
syscallarg(int) fd;
@@ -569,6 +589,7 @@ sys_kevent(struct proc *p, void *v, register_t *retval)
struct timespec ts;
struct timespec *tsp = NULL;
int i, n, nerrors, error;
+   int ready, total;
struct kevent kev[KQ_NEVENTS];
 
if ((fp = fd_getfile(fdp, SCARG(uap, fd))) == NULL)
@@ -597,9 +618,9 @@ sys_kevent(struct proc *p, void *v, register_t *retval)
kq = fp->f_data;
nerrors = 0;
 
-   while (SCARG(uap, nchanges) > 0) {
-   n = SCARG(uap, nchanges) > KQ_NEVENTS ?
-   KQ_NEVENTS : SCARG(uap, nchanges);
+   while ((n = SCARG(uap, nchanges)) > 0) {
+   if (n > nitems(kev))
+   n = nitems(kev);
error = copyin(SCARG(uap, changelist), kev,
n * sizeof(struct kevent));
if (error)
@@ -635,12 +656,41 @@ sys_kevent(struct proc *p, void *v, register_t *retval)
goto done;
}
 
+
KQREF(kq);
FRELE(fp, p);
-   error = kqueue_scan(kq, SCARG(uap, nevents), SCARG(uap, eventlist),
-   tsp, kev, p, );
+   /*
+* Collect as many events as we can.  The timeout on successive
+* loops is disabled (kqueue_scan() becomes non-blocking).
+*/
+   total = 0;
+   error = 0;
+   kqueue_scan_setup(, kq);
+   while ((n = SCARG(uap, nevents) - total) > 0) {
+   if (n > nitems(kev))
+   n = nitems(kev);
+   ready = kqueue_scan(, n, kev, tsp, p, );
+   if (ready == 0)
+   break;
+   error = copyout(kev, SCARG(uap, eventlist) + total,
+

fonttosfnt: merge changes to fix fonts for new pango

2020-10-09 Thread Christopher Zimmermann 



Hi Matthieu,

you already gave an ok some time ago to merge changes to fonttosfnt. Now 
that my changes have been tested and merged upstream I'd like to 
integrate them into xenocara. May I ask for another ok?


Christopher


Index: fonttosfnt.c
===
RCS file: /cvs/xenocara/app/fonttosfnt/fonttosfnt.c,v
retrieving revision 1.3
diff -u -p -r1.3 fonttosfnt.c
--- fonttosfnt.c14 Jan 2020 20:52:17 -  1.3
+++ fonttosfnt.c9 Oct 2020 07:27:19 -
@@ -106,6 +106,12 @@ main(int argc, char **argv)
 
 font = makeFont();
 
+if(argc - i > 1)

+   fprintf(stderr,
+   "You are requesting to put more than one font into a single OpenType 
font.\n"
+   "This is not recommended. The global font metrics will not match every 
font face.\n"
+   "The creation of an OpenType font collection is recommended.\n");
+
 if(i == argc) {
 rc = readFile(NULL, font);
 if(rc != 0)
Index: fonttosfnt.h
===
RCS file: /cvs/xenocara/app/fonttosfnt/fonttosfnt.h,v
retrieving revision 1.3
diff -u -p -r1.3 fonttosfnt.h
--- fonttosfnt.h15 Aug 2019 16:57:57 -  1.3
+++ fonttosfnt.h9 Oct 2020 07:27:19 -
@@ -29,6 +29,7 @@ THE SOFTWARE.
 #endif
 
 #include 

+#include 
 #include 
 #include FT_FREETYPE_H
 
@@ -69,17 +70,15 @@ extern int reencode_flag;
 
 #define UNITS_PER_EM 2048
 
-#define EPSILON 0.1

-#define FLOOR(x) ((x) < 0.0 ? -(int)(-(x)) : (x))
-#define CEIL(x) FLOOR((x) + 1.0 - EPSILON)
+#define UNDEF 0x8000
 
 /* Convert a fixed-point value into FUnits */

 #define FONT_UNITS(x) \
-  FLOOR(((double)(x)) / TWO_SIXTEENTH * UNITS_PER_EM + 0.5)
+  round(((double)(x)) / TWO_SIXTEENTH * UNITS_PER_EM)
 #define FONT_UNITS_FLOOR(x) \
-  FLOOR(((double)(x)) / TWO_SIXTEENTH * UNITS_PER_EM)
+  floor(((double)(x)) / TWO_SIXTEENTH * UNITS_PER_EM)
 #define FONT_UNITS_CEIL(x) \
-  CEIL(((double)(x)) / TWO_SIXTEENTH * UNITS_PER_EM)
+  ceil(((double)(x)) / TWO_SIXTEENTH * UNITS_PER_EM)
 
 typedef struct _FontNameEntry {

 int nid;/* name id */
@@ -87,6 +86,23 @@ typedef struct _FontNameEntry {
 char *value;
 } FontNameEntryRec, *FontNameEntryPtr;
 
+typedef struct _Metrics {

+int height;
+int size;
+int maxX;
+int minX;
+int maxY;
+int minY;
+int xHeight;
+int capHeight;
+int maxAwidth;
+int awidth;
+int ascent;
+int descent;
+int underlinePosition;
+int underlineThickness;
+} MetricsRec, *MetricsPtr;
+
 typedef struct _Font {
 int numNames;
 struct _FontNameEntry *names;
@@ -94,8 +110,8 @@ typedef struct _Font {
 int weight; /* as in the OS/2 table */
 int width;  /* as in the OS/2 table */
 int italicAngle;/* degrees c-clockwise from the vertical */
-int underlinePosition;
-int underlineThickness;
+MetricsRec pxMetrics;
+MetricsRec metrics;
 unsigned foundry;
 struct _Strike *strikes;
 } FontRec, *FontPtr;
@@ -152,9 +168,9 @@ CmapPtr makeCmap(FontPtr);
 int findIndex(CmapPtr, int);
 int findCode(CmapPtr, int);
 BitmapPtr strikeBitmapIndex(StrikePtr, CmapPtr, int);
-void strikeMetrics(StrikePtr, int*, int*, int*, int*, int*);
+int strikeMaxWidth(StrikePtr);
 int glyphMetrics(FontPtr, int, int*, int*, int*, int*, int*);
-void fontMetrics(FontPtr, int*, int*, int*, int*, int*);
+void fontMetrics(FontPtr);
 int maxIndex(CmapPtr);
 
 int readFile(char *filename, FontPtr);

@@ -174,6 +190,7 @@ int macTime(int *, unsigned *);
 unsigned faceFoundry(FT_Face);
 char *faceEncoding(FT_Face);
 int faceFlags(FT_Face);
+int faceIntProp(FT_Face, const char *);
 int faceWeight(FT_Face);
 int faceWidth(FT_Face);
 int faceItalicAngle(FT_Face);
Index: read.c
===
RCS file: /cvs/xenocara/app/fonttosfnt/read.c,v
retrieving revision 1.4
diff -u -p -r1.4 read.c
--- read.c  14 Jan 2020 20:52:17 -  1.4
+++ read.c  9 Oct 2020 07:27:20 -
@@ -29,6 +29,7 @@ THE SOFTWARE.
 #include FT_FREETYPE_H
 #include FT_MODULE_H
 #include FT_BDF_H
+#include FT_FONT_FORMATS_H
 #include "X11/Xos.h"
 #include "fonttosfnt.h"
 #include "X11/fonts/fontenc.h"
@@ -102,7 +103,7 @@ readFile(char *filename, FontPtr font)
 BitmapPtr bitmap;
 int symbol = 0;
 int force_unicode = 1;
-char *encoding_name = NULL;
+const char *encoding_name, *file_format;
 FontMapPtr mapping = NULL;
 FontMapReversePtr reverse = NULL;
 
@@ -133,6 +134,15 @@ readFile(char *filename, FontPtr font)

 return -1;
 }
 
+file_format = FT_Get_Font_Format(face);

+if(strcmp(file_format, "BDF") != 0)
+   fprintf(stderr,
+   "font file %s is of format %s.\n"
+   "It's recommended to convert directly from a BDF font.\n"
+   "Some font properties may get lost