From 742251dd92a9ab801dba6ae3efc570e55c345e12 Mon Sep 17 00:00:00 2001
From: Justine Tunney <jtunney@gmail.com>
Date: Fri, 22 Jul 2022 17:07:25 -0700
Subject: [PATCH] Release redbean 2.0.14

---
 libc/mem/pledge.c  | 22 +++++++++++-----------
 tool/net/help.txt  | 16 ++++++++--------
 tool/net/redbean.c |  2 +-
 3 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/libc/mem/pledge.c b/libc/mem/pledge.c
index 83f04750e..0b8a1a5c1 100644
--- a/libc/mem/pledge.c
+++ b/libc/mem/pledge.c
@@ -1438,17 +1438,17 @@ int ParsePromises(const char *promises, unsigned long *out) {
  *   placeholder group for pledge.com, which reads the `__promises`
  *   global to determine if /tmp and $TMPPATH should be unveiled.
  *
- * `execpromises` only matters if "exec" or "execnative" are specified
- * in `promises`. In that case, this specifies the promises that'll
- * apply once execve() happens. If this is NULL then the default is
- * used, which is unrestricted. OpenBSD allows child processes to escape
- * the sandbox (so a pledged OpenSSH server process can do things like
- * spawn a root shell). Linux however requires monotonically decreasing
- * privileges. This function will will perform some validation on Linux
- * to make sure that `execpromises` is a subset of `promises`. Your libc
- * wrapper for execve() will then apply its SECCOMP BPF filter later.
- * Since Linux has to do this before calling sys_execve(), the executed
- * process will be weakened to have execute permissions too.
+ * `execpromises` only matters if "exec" is specified in `promises`. In
+ * that case, this specifies the promises that'll apply once execve()
+ * happens. If this is NULL then the default is used, which is
+ * unrestricted. OpenBSD allows child processes to escape the sandbox
+ * (so a pledged OpenSSH server process can do things like spawn a root
+ * shell). Linux however requires monotonically decreasing privileges.
+ * This function will will perform some validation on Linux to make sure
+ * that `execpromises` is a subset of `promises`. Your libc wrapper for
+ * execve() will then apply its SECCOMP BPF filter later. Since Linux
+ * has to do this before calling sys_execve(), the executed process will
+ * be weakened to have execute permissions too.
  *
  * @return 0 on success, or -1 w/ errno
  * @raise ENOSYS if host os isn't Linux or OpenBSD
diff --git a/tool/net/help.txt b/tool/net/help.txt
index 14bc5a4ac..ee2a40897 100644
--- a/tool/net/help.txt
+++ b/tool/net/help.txt
@@ -3908,14 +3908,14 @@ UNIX MODULE
       such as non-assimilated APE binaries, or programs that link
       dynamic shared objects, i.e. most Linux distro binaries.
 
-    `execpromises` only matters if "exec" or "execnative" are specified
-    in `promises`. In that case, this specifies the promises that'll
-    apply once execve() happens. If this is NULL then the default is
-    used, which is unrestricted. OpenBSD allows child processes to escape
-    the sandbox (so a pledged OpenSSH server process can do things like
-    spawn a root shell). Linux however requires monotonically decreasing
-    privileges. This function will will perform some validation on Linux
-    to make sure that `execpromises` is a subset of `promises`. Your libc
+    `execpromises` only matters if "exec" is specified in `promises`. In
+    that case, this specifies the promises that'll apply once execve()
+    happens. If this is NULL then the default is used, which is
+    unrestricted. OpenBSD allows child processes to escape the sandbox
+    (so a pledged OpenSSH server process can do things like spawn a root
+    shell). Linux however requires monotonically decreasing privileges.
+    This function will will perform some validation on Linux to make
+    sure that `execpromises` is a subset of `promises`. Your libc
     wrapper for execve() will then apply its SECCOMP BPF filter later.
     Since Linux has to do this before calling sys_execve(), the executed
     process will be weakened to have execute permissions too.
diff --git a/tool/net/redbean.c b/tool/net/redbean.c
index 0d0d839cc..98690e598 100644
--- a/tool/net/redbean.c
+++ b/tool/net/redbean.c
@@ -149,7 +149,7 @@ STATIC_YOINK("ShowCrashReportsEarly");
 #define REDBEAN "redbean"
 #endif
 
-#define VERSION          0x02000d
+#define VERSION          0x02000e
 #define HEARTBEAT        5000 /*ms*/
 #define HASH_LOAD_FACTOR /* 1. / */ 4
 #define MONITOR_MICROS   150000