sync code with last improvements from OpenBSD

distrib/sets/lists/comp/mi

@@ -1934,6 +1934,7 @@
 ./usr/share/man/man3/EVP_OpenInit.3
 ./usr/share/man/man3/EVP_PKCS82PKEY.3
 ./usr/share/man/man3/EVP_PKEY_CTX_ctrl.3
+./usr/share/man/man3/EVP_PKEY_CTX_get_operation.3
 ./usr/share/man/man3/EVP_PKEY_CTX_new.3
 ./usr/share/man/man3/EVP_PKEY_CTX_set_hkdf_md.3
 ./usr/share/man/man3/EVP_PKEY_add1_attr.3

lib/libcrypto/man/BIO_f_base64.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: BIO_f_base64.3,v 1.13 2023/04/11 16:58:43 schwarze Exp $
+.\"	$OpenBSD: BIO_f_base64.3,v 1.14 2023/09/10 11:20:52 schwarze Exp $
 .\"	OpenSSL fc1d88f0 Wed Jul 2 22:42:40 2014 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,11 +49,15 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 11 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt BIO_F_BASE64 3
 .Os
 .Sh NAME
 .Nm BIO_f_base64
+.\" .Nm EVP_ENCODE_LENGTH and
+.\" .Nm EVP_DECODE_LENGTH are intentionally undocumented
+.\" because they are internal implemention details of BIO_f_base64(3)
+.\" and practically unused outside evp/bio_b64.c.
 .Nd base64 BIO filter
 .Sh SYNOPSIS
 .In openssl/bio.h

lib/libcrypto/man/EVP_CIPHER_meth_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.4 2023/09/05 14:37:00 schwarze Exp $
+.\" $OpenBSD: EVP_CIPHER_meth_new.3,v 1.5 2023/09/10 05:22:46 jsg Exp $
 .\" selective merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 5 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt EVP_CIPHER_METH_NEW 3
 .Os
 .Sh NAME
@@ -393,7 +393,7 @@ All
 .Fn EVP_CIPHER_meth_set_*
 functions return 1.
 .Sh SEE ALSO
-.Xr evp 3 .
+.Xr evp 3 ,
 .Xr EVP_EncryptInit 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.1.0 and have been available since

lib/libcrypto/man/EVP_PKEY_CTX_get_operation.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_get_operation.3,v 1.1 2023/09/09 14:39:09 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_get_operation.3,v 1.2 2023/09/10 04:05:26 jsg Exp $
 .\"
 .\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt EVP_PKEY_CTX_GET_OPERATION 3
 .Os
 .Sh NAME
@@ -53,7 +53,7 @@ if any:
 .It Dv EVP_PKEY_OP_VERIFYRECOVER Ta Xr EVP_PKEY_verify_recover_init 3 Ta RSA
 .El
 .Pp
-The rightmost column of the above table shows examples of algoritms
+The rightmost column of the above table shows examples of algorithms
 the return values can occur for.
 For example, if
 .Xr EVP_PKEY_base_id 3

lib/libcrypto/man/EVP_PKEY_keygen.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.12 2023/09/09 14:31:38 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.13 2023/09/10 04:05:26 jsg Exp $
 .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt EVP_PKEY_KEYGEN 3
 .Os
 .Sh NAME
@@ -252,7 +252,7 @@ returns a function pointer to the currently installed callback function or
 if no callback function is installed.
 .Pp
 .Fn EVP_PKEY_CTX_get_keygen_info
-retuns the number of available parameters if
+returns the number of available parameters if
 .Fa idx
 is \-1, one of these parameters if
 .Fa idx

lib/libcrypto/man/OpenSSL_add_all_algorithms.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.13 2023/08/25 05:38:52 tb Exp $
+.\" $OpenBSD: OpenSSL_add_all_algorithms.3,v 1.14 2023/09/10 14:39:58 schwarze Exp $
 .\" full merge up to: OpenSSL b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,14 +48,20 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 25 2023 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt OPENSSL_ADD_ALL_ALGORITHMS 3
 .Os
 .Sh NAME
 .Nm OpenSSL_add_all_algorithms ,
 .Nm OpenSSL_add_all_ciphers ,
 .Nm OpenSSL_add_all_digests ,
-.Nm EVP_cleanup
+.Nm EVP_cleanup ,
+.Nm SSLeay_add_all_algorithms
+.\" .Nm OPENSSL_add_all_algorithms_conf ,
+.\" .Nm OPENSSL_add_all_algorithms_noconf ,
+.\" .Nm SSLeay_add_all_ciphers , and
+.\" .Nm SSLeay_add_all_digests are intentionally undocumented
+.\" because they are unused aliases.
 .Nd add algorithms to internal table
 .Sh SYNOPSIS
 .In openssl/evp.h
@@ -67,6 +73,8 @@
 .Fn OpenSSL_add_all_digests void
 .Ft void
 .Fn EVP_cleanup void
+.Ft void
+.Fn SSLeay_add_all_algorithms void
 .Sh DESCRIPTION
 These functions are deprecated.
 It is never useful for any application program
@@ -105,6 +113,10 @@ thus resetting the global associative array of names
 and all signature algorithm definitions to their default states,
 removing all application-defined types, key-value pairs, and aliases,
 including any that are unrelated to the EVP library.
+.Pp
+.Fn SSLeay_add_all_algorithms
+is a deprecated alias for
+.Fn OpenSSL_add_all_algorithms .
 .Sh SEE ALSO
 .Xr evp 3 ,
 .Xr EVP_add_cipher 3 ,
@@ -114,10 +126,10 @@ including any that are unrelated to the EVP library.
 .Xr OBJ_NAME_add 3 ,
 .Xr OPENSSL_config 3
 .Sh HISTORY
-.Fn EVP_cleanup
-and precursor functions
+.Fn EVP_cleanup ,
 .Fn SSLeay_add_all_algorithms ,
-.Fn SSLeay_add_all_ciphers ,
+and precursor functions
+.Fn SSLeay_add_all_ciphers
 and
 .Fn SSLeay_add_all_digests
 first appeared in SSLeay 0.8.0 and have been available since

lib/libcrypto/man/RSA_public_encrypt.3

@@ -1,7 +1,24 @@
-.\"	$OpenBSD: RSA_public_encrypt.3,v 1.12 2019/06/10 14:58:48 schwarze Exp $
+.\"	$OpenBSD: RSA_public_encrypt.3,v 1.13 2023/09/10 16:04:15 schwarze Exp $
 .\"	OpenSSL RSA_public_encrypt.pod 1e3f62a3 Jul 17 16:47:13 2017 +0200
 .\"
-.\" This file was written by Ulf Moeller <ulf@openssl.org>.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Ulf Moeller <ulf@openssl.org>.
 .\" Copyright (c) 2000, 2004 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
@@ -48,12 +65,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 10 2019 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt RSA_PUBLIC_ENCRYPT 3
 .Os
 .Sh NAME
 .Nm RSA_public_encrypt ,
-.Nm RSA_private_decrypt
+.Nm RSA_private_decrypt ,
+.Nm EVP_PKEY_encrypt_old ,
+.Nm EVP_PKEY_decrypt_old
 .Nd RSA public key cryptography
 .Sh SYNOPSIS
 .In openssl/rsa.h
@@ -73,6 +92,21 @@
 .Fa "RSA *rsa"
 .Fa "int padding"
 .Fc
+.In openssl/evp.h
+.Ft int
+.Fo EVP_PKEY_encrypt_old
+.Fa "unsigned char *to"
+.Fa "const unsigned char *from"
+.Fa "int flen"
+.Fa "EVP_PKEY *pkey"
+.Fc
+.Ft int
+.Fo EVP_PKEY_decrypt_old
+.Fa "unsigned char *to"
+.Fa "const unsigned char *from"
+.Fa "int flen"
+.Fa "EVP_PKEY *pkey"
+.Fc
 .Sh DESCRIPTION
 .Fn RSA_public_encrypt
 encrypts the
@@ -132,16 +166,50 @@ must point to a memory section large enough to hold the decrypted data
 .Fn RSA_size rsa ) .
 .Fa padding
 is the padding mode that was used to encrypt the data.
+.Pp
+.Fn EVP_PKEY_encrypt_old
+is a deprecated wrapper around
+.Fn RSA_public_encrypt
+that uses the
+.Vt RSA
+public key stored in
+.Fa pkey
+and
+.Dv RSA_PKCS1_PADDING .
+.Pp
+.Fn EVP_PKEY_decrypt_old
+is a deprecated wrapper around
+.Fn RSA_private_decrypt
+that uses the
+.Vt RSA
+private key stored in
+.Fa pkey
+and
+.Dv RSA_PKCS1_PADDING .
 .Sh RETURN VALUES
 .Fn RSA_public_encrypt
-returns the size of the encrypted data (i.e.\&
+and
+.Fn EVP_PKEY_encrypt_old
+return the size of the encrypted data (i.e.\&
 .Fn RSA_size rsa ) .
 .Fn RSA_private_decrypt
+and
+.Fn EVP_PKEY_decrypt_old
 returns the size of the recovered plaintext.
-.Pp
-On error, -1 is returned; the error codes can be obtained by
+On error, \-1 is returned; the error codes can be obtained by
 .Xr ERR_get_error 3 .
+.Pp
+In addition to the return values documented above,
+.Fn EVP_PKEY_encrypt_old
+may return 0 if the
+.Xr EVP_PKEY_id 3
+of
+.Fa pkey
+is not
+.Dv EVP_PKEY_RSA .
 .Sh SEE ALSO
+.Xr EVP_PKEY_decrypt 3 ,
+.Xr EVP_PKEY_encrypt 3 ,
 .Xr RSA_meth_set_priv_dec 3 ,
 .Xr RSA_new 3 ,
 .Xr RSA_size 3
@@ -154,6 +222,18 @@ and
 appeared in SSLeay 0.4 or earlier and have been available since
 .Ox 2.4 .
 .Pp
+.Fn EVP_PKEY_encrypt
+and
+.Fn EVP_PKEY_decrypt
+first appeared in SSLeay 0.9.0 and have been available since
+.Ox 2.4 .
+There were renamed to
+.Fn EVP_PKEY_encrypt_old
+and
+.Fn EVP_PKEY_decrypt_old
+in OpenSSL 1.0.0 and
+.Ox 4.9 .
+.Pp
 .Dv RSA_NO_PADDING
 is available since SSLeay 0.9.0.
 OAEP was added in OpenSSL 0.9.2b.

lib/libcrypto/man/des_read_pw.3

@@ -1,10 +1,26 @@
-.\"	$OpenBSD: des_read_pw.3,v 1.10 2020/06/19 17:17:13 schwarze Exp $
-.\"	OpenSSL doc/crypto/ui_compat.pod May 14 11:28:00 2006 +0000
-.\"	OpenSSL doc/crypto/des.pod 2a9aca32 Oct 25 08:44:10 2001 +0000
+.\" $OpenBSD: des_read_pw.3,v 1.11 2023/09/10 13:58:46 schwarze Exp $
+.\" full merge up to: OpenSSL doc/crypto/des.pod
+.\" 53934822 Jun 9 16:39:19 2016 -0400
 .\"
-.\" This file was written by Ulf Moeller <ulf@openssl.org> and
-.\" Richard Levitte <levitte@openssl.org>.
-.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
+.\" This file is a derived work.
+.\" The changes are covered by the following Copyright and license:
+.\"
+.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" The original file was written by Ulf Moeller <ulf@openssl.org>.
+.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
@@ -50,32 +66,16 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 19 2020 $
+.Dd $Mdocdate: September 10 2023 $
 .Dt DES_READ_PW 3
 .Os
 .Sh NAME
-.Nm des_read_pw ,
-.Nm des_read_pw_string ,
 .Nm EVP_read_pw_string ,
-.Nm EVP_read_pw_string_min
+.Nm EVP_read_pw_string_min ,
+.Nm EVP_set_pw_prompt ,
+.Nm EVP_get_pw_prompt
 .Nd compatibility user interface functions
 .Sh SYNOPSIS
-.In openssl/ui_compat.h
-.Ft int
-.Fo des_read_pw
-.Fa "char *buf"
-.Fa "char *buff"
-.Fa "int length"
-.Fa "const char *prompt"
-.Fa "int verify"
-.Fc
-.Ft int
-.Fo des_read_pw_string
-.Fa "char *buf"
-.Fa "int length"
-.Fa "const char *prompt"
-.Fa "int verify"
-.Fc
 .In openssl/evp.h
 .Ft int
 .Fo EVP_read_pw_string
@@ -92,73 +92,86 @@
 .Fa "const char *prompt"
 .Fa "int verify"
 .Fc
+.Ft void
+.Fo EVP_set_pw_prompt
+.Fa "const char *default_prompt"
+.Fc
+.Ft char *
+.Fn EVP_get_pw_prompt void
 .Sh DESCRIPTION
 These functions are deprecated.
 Use
 .Xr UI_UTIL_read_pw 3
 instead.
 .Pp
-The DES library contained a few routines to prompt for passwords.
-These aren't necessarily dependent on DES, and have therefore become
-part of the UI compatibility library.
-.Pp
-.Fn des_read_pw
-writes the string specified by
+.Fn EVP_read_pw_string
+writes the
 .Fa prompt
-to standard output, turns echo off, and reads an input string from the
-terminal.
+to
+.Pa /dev/tty ,
+or, if that could not be opened, to standard output, turns echo off,
+and reads an input string from
+.Pa /dev/tty ,
+or, if that could not be opened, from standard input.
 The string is returned in
 .Fa buf ,
 which must have space for at least
 .Fa length
 bytes.
+If the
+.Fa length
+argument exceeds
+.Dv BUFSIZ ,
+.Dv BUFSIZ
+is used instead.
 If
 .Fa verify
 is set, the user is asked for the password twice and unless the two
 copies match, an error is returned.
-The second password is stored in
-.Fa buff ,
-which must therefore also be at least
-.Fa length
-bytes.
 .Pp
-.Fn des_read_pw_string
-is a variant of
-.Fn des_read_pw
-that provides a buffer if
-.Fa verify
-is set.
-It is available in the MIT Kerberos library as well.
-If
-.Fa length
-exceeds
-.Dv BUFSIZ ,
-.Fn des_read_pw_string
-uses
-.Dv BUFSIZ .
-.Pp
-.Fn EVP_read_pw_string
-and
-.Fn EVP_read_pw_string_min
-are functionally similar to
-.Fn des_read_pw_string .
 .Fn EVP_read_pw_string_min
 additionally checks that the password is at least
 .Fa min_length
 bytes long.
-.Sh RETURN VALUES
-These functions return 0 on success and a negative value on failure.
 .Pp
-They return -1 if
+.Fn EVP_set_pw_prompt
+sets a default prompt to a copy of
+.Fa default_prompt ,
+or clears the default prompt if the
+.Fa default_prompt
+argument is
+.Dv NULL
+or an empty string.
+If the
+.Fa default_prompt
+argument is longer than 79 bytes,
+the copy is silently truncated to a string length of 79 bytes.
+.Pp
+As long as a default prompt is set,
+.Fn EVP_read_pw_string
+and
+.Fn EVP_read_pw_string_min
+can be called with a
+.Fa prompt
+argument of
+.Dv NULL ,
+in which case the default prompt is used instead.
+.Sh RETURN VALUES
+.Fn EVP_read_pw_string
+and
+.Fn EVP_read_pw_string_min
+return 0 on success or a negative value on failure.
+.Pp
+They return \-1 if
 .Fa length
 is less than or equal to zero or on memory allocation failure.
-They return -1 or -2 if the internal call to
+They return \-1 or \-2 if the internal call to
 .Xr UI_process 3
 fails.
 .Pp
 In addition,
 .Fa EVP_read_pw_string_min
-returns -1 if
+returns \-1 if
 .Fa min_length
 is negative, if
 .Fa length
@@ -166,16 +179,21 @@ is less than or equal to
 .Fa min_length ,
 or if the user entered a password shorter than
 .Fa min_length .
+.Pp
+.Fn EVP_get_pw_prompt
+returns an internal pointer to static memory containing the default prompt, or
+.Dv NULL
+if no default prompt is set.
 .Sh SEE ALSO
 .Xr UI_new 3 ,
 .Xr UI_UTIL_read_pw 3
 .Sh HISTORY
-.Fn des_read_pw_string
-appeared in SSLeay 0.4 or earlier.
 .Fn EVP_read_pw_string
-first appeared in SSLeay 0.5.1.
-.Fn des_read_pw
-first appeared in SSLeay 0.8.0.
+first appeared in SSLeay 0.5.1 and
+.Fn EVP_set_pw_prompt
+and
+.Fn EVP_get_pw_prompt
+in SSLeay 0.6.0.
 These functions have been available since
 .Ox 2.4 .
 .Pp
@@ -183,6 +201,3 @@ These functions have been available since
 first appeared in OpenSSL 1.0.0
 and has been available since
 .Ox 4.9 .
-.Sh AUTHORS
-.An Richard Levitte Aq Mt richard@levitte.org
-for the OpenSSL project.

sys/arch/amd64/amd64/ucode.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ucode.c,v 1.7 2023/08/09 02:59:41 jsg Exp $	*/
+/*	$OpenBSD: ucode.c,v 1.8 2023/09/10 09:32:31 jsg Exp $	*/
 /*
  * Copyright (c) 2018 Stefan Fritsch <fritsch@genua.de>
  * Copyright (c) 2018 Patrick Wildt <patrick@blueri.se>
@@ -141,6 +141,7 @@ cpu_ucode_amd_apply(struct cpu_info *ci)
 	uint16_t eid = 0;
 	uint32_t sig, ebx, ecx, edx;
 	uint64_t start = 0;
+	uint32_t patch_len = 0;
 
 	if (cpu_ucode_data == NULL || cpu_ucode_size == 0) {
 		DPRINTF(("%s: no microcode provided\n", __func__));
@@ -187,8 +188,10 @@ cpu_ucode_amd_apply(struct cpu_info *ci)
 			goto out;
 		}
 		memcpy(&ap, &cpu_ucode_data[i], sizeof(ap));
-		if (ap.type == 1 && ap.eid == eid && ap.level > level)
+		if (ap.type == 1 && ap.eid == eid && ap.level > level) {
 			start = (uint64_t)&cpu_ucode_data[i + 8];
+			patch_len = ap.len;
+		}
 		if (i + ap.len + 8 > cpu_ucode_size) {
 			DPRINTF(("%s: truncated patch\n", __func__));
 			goto out;
@@ -197,9 +200,16 @@ cpu_ucode_amd_apply(struct cpu_info *ci)
 	}
 
 	if (start != 0) {
+		/* alignment required on fam 15h */
+		uint8_t *p = malloc(patch_len, M_TEMP, M_NOWAIT);
+		if (p == NULL)
+			goto out;
+		memcpy(p, (uint8_t *)start, patch_len);
+		start = (uint64_t)p;
 		wrmsr(MSR_PATCH_LOADER, start);
 		level = rdmsr(MSR_PATCH_LEVEL);
 		DPRINTF(("%s: new patch level 0x%llx\n", __func__, level));
+		free(p, M_TEMP, patch_len);
 	}
 out:
 	mtx_leave(&cpu_ucode_mtx);

sys/arch/i386/i386/ucode.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ucode.c,v 1.5 2023/08/09 02:59:41 jsg Exp $	*/
+/*	$OpenBSD: ucode.c,v 1.6 2023/09/10 09:32:31 jsg Exp $	*/
 /*
  * Copyright (c) 2018 Stefan Fritsch <fritsch@genua.de>
  * Copyright (c) 2018 Patrick Wildt <patrick@blueri.se>
@@ -164,6 +164,7 @@ cpu_ucode_amd_apply(struct cpu_info *ci)
 	uint16_t eid = 0;
 	uint32_t sig, ebx, ecx, edx;
 	uint64_t start = 0;
+	uint32_t patch_len = 0;
 
 	if (cpu_ucode_data == NULL || cpu_ucode_size == 0) {
 		DPRINTF(("%s: no microcode provided\n", __func__));
@@ -210,8 +211,10 @@ cpu_ucode_amd_apply(struct cpu_info *ci)
 			goto out;
 		}
 		memcpy(&ap, &cpu_ucode_data[i], sizeof(ap));
-		if (ap.type == 1 && ap.eid == eid && ap.level > level)
+		if (ap.type == 1 && ap.eid == eid && ap.level > level) {
 			start = (uint64_t)&cpu_ucode_data[i + 8];
+			patch_len = ap.len;
+		}
 		if (i + ap.len + 8 > cpu_ucode_size) {
 			DPRINTF(("%s: truncated patch\n", __func__));
 			goto out;
@@ -220,9 +223,16 @@ cpu_ucode_amd_apply(struct cpu_info *ci)
 	}
 
 	if (start != 0) {
+		/* alignment required on fam 15h */
+		uint8_t *p = malloc(patch_len, M_TEMP, M_NOWAIT);
+		if (p == NULL)
+			goto out;
+		memcpy(p, (uint8_t *)start, patch_len);
+		start = (uint64_t)p;
 		wrmsr(MSR_PATCH_LOADER, start);
 		level = rdmsr(MSR_PATCH_LEVEL);
 		DPRINTF(("%s: new patch level 0x%llx\n", __func__, level));
+		free(p, M_TEMP, patch_len);
 	}
 out:
 	mtx_leave(&cpu_ucode_mtx);

sys/conf/newvers.sh

@@ -36,7 +36,7 @@ umask 007
 
 if [ ! -r version -o ! -s version ]
 then
-	echo 0 > version
+	echo 1337 > version
 fi
 
 touch version

sys/dev/fdt/rkdrm.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: rkdrm.c,v 1.15 2023/01/01 01:34:33 jsg Exp $ */
+/* $OpenBSD: rkdrm.c,v 1.16 2023/09/10 06:25:09 jsg Exp $ */
 /* $NetBSD: rk_drm.c,v 1.3 2019/12/15 01:00:58 mrg Exp $ */
 /*-
  * Copyright (c) 2019 Jared D. McNeill <jmcneill@invisible.ca>
@@ -283,6 +283,9 @@ rkdrm_wsioctl(void *v, u_long cmd, caddr_t data, int flag, struct proc *p)
 	case WSDISPLAYIO_LINEBYTES:
 		*(u_int *)data = ri->ri_stride;
 		return 0;
+	case WSDISPLAYIO_SVIDEO:
+	case WSDISPLAYIO_GVIDEO:
+		return 0;
 	}
 
 	return (-1);

sys/dev/pci/drm/amd/amdgpu/amdgpu_drv.c

@@ -3349,6 +3349,9 @@ amdgpu_wsioctl(void *v, u_long cmd, caddr_t data, int flag, struct proc *p)
 			return 0;
 		}
 		break;
+	case WSDISPLAYIO_SVIDEO:
+	case WSDISPLAYIO_GVIDEO:
+		return 0;
 	}
 
 	return (-1);

sys/dev/pci/drm/i915/i915_driver.c

@@ -2256,6 +2256,9 @@ inteldrm_wsioctl(void *v, u_long cmd, caddr_t data, int flag, struct proc *p)
 			return 0;
 		}
 		break;
+	case WSDISPLAYIO_SVIDEO:
+	case WSDISPLAYIO_GVIDEO:
+		return 0;
 	}
 
 	return (-1);

sys/dev/pci/drm/radeon/radeon_drv.c

@@ -843,6 +843,9 @@ radeondrm_wsioctl(void *v, u_long cmd, caddr_t data, int flag, struct proc *p)
 		if (ws_set_param == NULL)
 			return 0;
 		return ws_set_param(dp);
+	case WSDISPLAYIO_SVIDEO:
+	case WSDISPLAYIO_GVIDEO:
+		return 0;
 	default:
 		return -1;
 	}

sys/kern/kern_clock.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_clock.c,v 1.115 2023/08/23 01:55:45 cheloha Exp $	*/
+/*	$OpenBSD: kern_clock.c,v 1.116 2023/09/09 18:19:03 cheloha Exp $	*/
 /*	$NetBSD: kern_clock.c,v 1.34 1996/06/09 04:51:03 briggs Exp $	*/
 
 /*-
@@ -79,7 +79,6 @@
  */
 
 int	stathz;
-int	schedhz;
 int	profhz;
 int	profprocs;
 int	ticks = INT_MAX - (15 * 60 * HZ);
@@ -295,13 +294,10 @@ statclock(struct clockframe *frame)
 	if (p != NULL) {
 		p->p_cpticks++;
 		/*
-		 * If no schedclock is provided, call it here at ~~12-25 Hz;
-		 * ~~16 Hz is best
+		 * schedclock() runs every fourth statclock().
 		 */
-		if (schedhz == 0) {
-			if ((++spc->spc_schedticks & 3) == 0)
-				schedclock(p);
-		}
+		if ((++spc->spc_schedticks & 3) == 0)
+			schedclock(p);
 	}
 }
 

sys/kern/kern_clockintr.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: kern_clockintr.c,v 1.43 2023/09/09 16:34:39 cheloha Exp $ */
+/* $OpenBSD: kern_clockintr.c,v 1.47 2023/09/10 03:08:05 cheloha Exp $ */
 /*
  * Copyright (c) 2003 Dale Rahn <drahn@openbsd.org>
  * Copyright (c) 2020 Mark Kettenis <kettenis@openbsd.org>
@@ -43,10 +43,10 @@ uint32_t statclock_min;			/* [I] minimum statclock period (ns) */
 uint32_t statclock_mask;		/* [I] set of allowed offsets */
 
 uint64_t clockintr_advance_random(struct clockintr *, uint64_t, uint32_t);
-void clockintr_hardclock(struct clockintr *, void *);
+void clockintr_hardclock(struct clockintr *, void *, void *);
 void clockintr_schedule(struct clockintr *, uint64_t);
 void clockintr_schedule_locked(struct clockintr *, uint64_t);
-void clockintr_statclock(struct clockintr *, void *);
+void clockintr_statclock(struct clockintr *, void *, void *);
 void clockqueue_intrclock_install(struct clockintr_queue *,
     const struct intrclock *);
 uint64_t clockqueue_next(const struct clockintr_queue *);
@@ -114,12 +114,14 @@ clockintr_cpu_init(const struct intrclock *ic)
 
 	/* TODO: Remove these from struct clockintr_queue. */
 	if (cq->cq_hardclock == NULL) {
-		cq->cq_hardclock = clockintr_establish(ci, clockintr_hardclock);
+		cq->cq_hardclock = clockintr_establish(ci, clockintr_hardclock,
+		    NULL);
 		if (cq->cq_hardclock == NULL)
 			panic("%s: failed to establish hardclock", __func__);
 	}
 	if (cq->cq_statclock == NULL) {
-		cq->cq_statclock = clockintr_establish(ci, clockintr_statclock);
+		cq->cq_statclock = clockintr_establish(ci, clockintr_statclock,
+		    NULL);
 		if (cq->cq_statclock == NULL)
 			panic("%s: failed to establish statclock", __func__);
 	}
@@ -219,7 +221,7 @@ clockintr_dispatch(void *frame)
 {
 	uint64_t lateness, run = 0, start;
 	struct cpu_info *ci = curcpu();
-	struct clockintr *cl;
+	struct clockintr *cl, *shadow;
 	struct clockintr_queue *cq = &ci->ci_queue;
 	uint32_t ogen;
 
@@ -257,24 +259,30 @@ clockintr_dispatch(void *frame)
 			if (cq->cq_uptime < cl->cl_expiration)
 				break;
 		}
+
+		/*
+		 * This clockintr has expired.  Initialize a shadow copy
+		 * and execute it.
+		 */
 		clockqueue_pend_delete(cq, cl);
-		cq->cq_shadow.cl_expiration = cl->cl_expiration;
-		cq->cq_shadow.cl_func = cl->cl_func;
+		shadow = &cq->cq_shadow;
+		shadow->cl_expiration = cl->cl_expiration;
+		shadow->cl_arg = cl->cl_arg;
+		shadow->cl_func = cl->cl_func;
 		cq->cq_running = cl;
 		mtx_leave(&cq->cq_mtx);
 
-		cq->cq_shadow.cl_func(&cq->cq_shadow, frame);
+		shadow->cl_func(shadow, frame, shadow->cl_arg);
 
 		mtx_enter(&cq->cq_mtx);
 		cq->cq_running = NULL;
 		if (ISSET(cl->cl_flags, CLST_IGNORE_SHADOW)) {
 			CLR(cl->cl_flags, CLST_IGNORE_SHADOW);
-			CLR(cq->cq_shadow.cl_flags, CLST_SHADOW_PENDING);
+			CLR(shadow->cl_flags, CLST_SHADOW_PENDING);
 		}
-		if (ISSET(cq->cq_shadow.cl_flags, CLST_SHADOW_PENDING)) {
-			CLR(cq->cq_shadow.cl_flags, CLST_SHADOW_PENDING);
-			clockqueue_pend_insert(cq, cl,
-			    cq->cq_shadow.cl_expiration);
+		if (ISSET(shadow->cl_flags, CLST_SHADOW_PENDING)) {
+			CLR(shadow->cl_flags, CLST_SHADOW_PENDING);
+			clockqueue_pend_insert(cq, cl, shadow->cl_expiration);
 		}
 		run++;
 	}
@@ -326,14 +334,13 @@ clockintr_advance(struct clockintr *cl, uint64_t period)
 	if (cl == &cq->cq_shadow) {
 		count = nsec_advance(&cl->cl_expiration, period, cq->cq_uptime);
 		SET(cl->cl_flags, CLST_SHADOW_PENDING);
-		return count;
+	} else {
+		mtx_enter(&cq->cq_mtx);
+		expiration = cl->cl_expiration;
+		count = nsec_advance(&expiration, period, nsecuptime());
+		clockintr_schedule_locked(cl, expiration);
+		mtx_leave(&cq->cq_mtx);
 	}
-
-	mtx_enter(&cq->cq_mtx);
-	expiration = cl->cl_expiration;
-	count = nsec_advance(&expiration, period, nsecuptime());
-	clockintr_schedule_locked(cl, expiration);
-	mtx_leave(&cq->cq_mtx);
 	return count;
 }
 
@@ -385,7 +392,7 @@ clockintr_cancel(struct clockintr *cl)
 
 struct clockintr *
 clockintr_establish(struct cpu_info *ci,
-    void (*func)(struct clockintr *, void *))
+    void (*func)(struct clockintr *, void *, void *), void *arg)
 {
 	struct clockintr *cl;
 	struct clockintr_queue *cq = &ci->ci_queue;
@@ -393,6 +400,7 @@ clockintr_establish(struct cpu_info *ci,
 	cl = malloc(sizeof *cl, M_DEVBUF, M_NOWAIT | M_ZERO);
 	if (cl == NULL)
 		return NULL;
+	cl->cl_arg = arg;
 	cl->cl_func = func;
 	cl->cl_queue = cq;
 
@@ -410,12 +418,11 @@ clockintr_schedule(struct clockintr *cl, uint64_t expiration)
 	if (cl == &cq->cq_shadow) {
 		cl->cl_expiration = expiration;
 		SET(cl->cl_flags, CLST_SHADOW_PENDING);
-		return;
+	} else {
+		mtx_enter(&cq->cq_mtx);
+		clockintr_schedule_locked(cl, expiration);
+		mtx_leave(&cq->cq_mtx);
 	}
-
-	mtx_enter(&cq->cq_mtx);
-	clockintr_schedule_locked(cl, expiration);
-	mtx_leave(&cq->cq_mtx);
 }
 
 void
@@ -454,7 +461,7 @@ clockintr_stagger(struct clockintr *cl, uint64_t period, uint32_t n,
 }
 
 void
-clockintr_hardclock(struct clockintr *cl, void *frame)
+clockintr_hardclock(struct clockintr *cl, void *frame, void *arg)
 {
 	uint64_t count, i;
 
@@ -464,7 +471,7 @@ clockintr_hardclock(struct clockintr *cl, void *frame)
 }
 
 void
-clockintr_statclock(struct clockintr *cl, void *frame)
+clockintr_statclock(struct clockintr *cl, void *frame, void *arg)
 {
 	uint64_t count, i;
 

sys/kern/kern_sched.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_sched.c,v 1.89 2023/09/06 02:09:58 cheloha Exp $	*/
+/*	$OpenBSD: kern_sched.c,v 1.90 2023/09/10 03:08:05 cheloha Exp $	*/
 /*
  * Copyright (c) 2007, 2008 Artur Grabowski <art@openbsd.org>
  *
@@ -88,13 +88,13 @@ sched_init_cpu(struct cpu_info *ci)
 
 	spc->spc_idleproc = NULL;
 
-	spc->spc_itimer = clockintr_establish(ci, itimer_update);
+	spc->spc_itimer = clockintr_establish(ci, itimer_update, NULL);
 	if (spc->spc_itimer == NULL)
 		panic("%s: clockintr_establish itimer_update", __func__);
-	spc->spc_profclock = clockintr_establish(ci, profclock);
+	spc->spc_profclock = clockintr_establish(ci, profclock, NULL);
 	if (spc->spc_profclock == NULL)
 		panic("%s: clockintr_establish profclock", __func__);
-	spc->spc_roundrobin = clockintr_establish(ci, roundrobin);
+	spc->spc_roundrobin = clockintr_establish(ci, roundrobin, NULL);
 	if (spc->spc_roundrobin == NULL)
 		panic("%s: clockintr_establish roundrobin", __func__);
 

sys/kern/kern_time.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kern_time.c,v 1.165 2023/08/29 16:19:34 claudio Exp $	*/
+/*	$OpenBSD: kern_time.c,v 1.166 2023/09/10 03:08:05 cheloha Exp $	*/
 /*	$NetBSD: kern_time.c,v 1.20 1996/02/18 11:57:06 fvdl Exp $	*/
 
 /*
@@ -755,7 +755,7 @@ itimerdecr(struct itimerspec *itp, const struct timespec *decrement)
 }
 
 void
-itimer_update(struct clockintr *cl, void *cf)
+itimer_update(struct clockintr *cl, void *cf, void *arg)
 {
 	struct timespec elapsed;
 	uint64_t nsecs;

sys/kern/sched_bsd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: sched_bsd.c,v 1.85 2023/08/30 09:02:38 claudio Exp $	*/
+/*	$OpenBSD: sched_bsd.c,v 1.86 2023/09/10 03:08:05 cheloha Exp $	*/
 /*	$NetBSD: kern_synch.c,v 1.37 1996/04/22 01:38:37 christos Exp $	*/
 
 /*-
@@ -83,7 +83,7 @@ struct loadavg averunnable;
  * Force switch among equal priority processes every 100ms.
  */
 void
-roundrobin(struct clockintr *cl, void *cf)
+roundrobin(struct clockintr *cl, void *cf, void *arg)
 {
 	uint64_t count;
 	struct cpu_info *ci = curcpu();

sys/kern/subr_prof.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: subr_prof.c,v 1.37 2023/09/06 02:09:58 cheloha Exp $	*/
+/*	$OpenBSD: subr_prof.c,v 1.38 2023/09/10 03:08:05 cheloha Exp $	*/
 /*	$NetBSD: subr_prof.c,v 1.12 1996/04/22 01:38:50 christos Exp $	*/
 
 /*-
@@ -64,7 +64,7 @@ u_int gmon_cpu_count;		/* [K] number of CPUs with profiling enabled */
 
 extern char etext[];
 
-void gmonclock(struct clockintr *, void *);
+void gmonclock(struct clockintr *, void *, void *);
 
 void
 prof_init(void)
@@ -101,7 +101,7 @@ prof_init(void)
 
 	/* Allocate and initialize one profiling buffer per CPU. */
 	CPU_INFO_FOREACH(cii, ci) {
-		ci->ci_gmonclock = clockintr_establish(ci, gmonclock);
+		ci->ci_gmonclock = clockintr_establish(ci, gmonclock, NULL);
 		if (ci->ci_gmonclock == NULL) {
 			printf("%s: clockintr_establish gmonclock\n", __func__);
 			return;
@@ -236,7 +236,7 @@ sysctl_doprof(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 }
 
 void
-gmonclock(struct clockintr *cl, void *cf)
+gmonclock(struct clockintr *cl, void *cf, void *arg)
 {
 	uint64_t count;
 	struct clockframe *frame = cf;
@@ -307,7 +307,7 @@ sys_profil(struct proc *p, void *v, register_t *retval)
 }
 
 void
-profclock(struct clockintr *cl, void *cf)
+profclock(struct clockintr *cl, void *cf, void *arg)
 {
 	uint64_t count;
 	struct clockframe *frame = cf;

sys/sys/clockintr.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: clockintr.h,v 1.12 2023/09/06 02:33:18 cheloha Exp $ */
+/* $OpenBSD: clockintr.h,v 1.13 2023/09/10 03:08:05 cheloha Exp $ */
 /*
  * Copyright (c) 2020-2022 Scott Cheloha <cheloha@openbsd.org>
  *
@@ -70,7 +70,8 @@ struct clockintr {
 	uint64_t cl_expiration;				/* [m] dispatch time */
 	TAILQ_ENTRY(clockintr) cl_elink;		/* [m] cq_est glue */
 	TAILQ_ENTRY(clockintr) cl_plink;		/* [m] cq_pend glue */
-	void (*cl_func)(struct clockintr *, void *);	/* [I] callback */
+	void *cl_arg;					/* [I] argument */
+	void (*cl_func)(struct clockintr *, void *, void *); /* [I] callback */
 	struct clockintr_queue *cl_queue;		/* [I] parent queue */
 	uint32_t cl_flags;				/* [m] CLST_* flags */
 };
@@ -129,7 +130,7 @@ void clockintr_trigger(void);
 uint64_t clockintr_advance(struct clockintr *, uint64_t);
 void clockintr_cancel(struct clockintr *);
 struct clockintr *clockintr_establish(struct cpu_info *,
-    void (*)(struct clockintr *, void *));
+    void (*)(struct clockintr *, void *, void *), void *);
 void clockintr_stagger(struct clockintr *, uint64_t, uint32_t, uint32_t);
 void clockqueue_init(struct clockintr_queue *);
 int sysctl_clockintr(int *, u_int, void *, size_t *, void *, size_t);

sys/sys/resourcevar.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: resourcevar.h,v 1.28 2023/08/29 16:19:34 claudio Exp $	*/
+/*	$OpenBSD: resourcevar.h,v 1.29 2023/09/10 03:08:05 cheloha Exp $	*/
 /*	$NetBSD: resourcevar.h,v 1.12 1995/11/22 23:01:53 cgd Exp $	*/
 
 /*
@@ -66,7 +66,7 @@ extern uint32_t profclock_period;
 
 void	 addupc_intr(struct proc *, u_long, u_long);
 void	 addupc_task(struct proc *, u_long, u_int);
-void	 profclock(struct clockintr *, void *);
+void	 profclock(struct clockintr *, void *, void *);
 void	 tuagg_locked(struct process *, struct proc *, const struct timespec *);
 void	 tuagg(struct process *, struct proc *);
 struct tusage;

sys/sys/sched.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: sched.h,v 1.61 2023/08/11 22:02:50 cheloha Exp $	*/
+/*	$OpenBSD: sched.h,v 1.63 2023/09/10 03:08:05 cheloha Exp $	*/
 /* $NetBSD: sched.h,v 1.2 1999/02/28 18:14:58 ross Exp $ */
 
 /*-
@@ -146,11 +146,10 @@ struct cpustats {
 #define	ESTCPULIM(e) min((e), NICE_WEIGHT * PRIO_MAX - SCHED_PPQ)
 
 extern uint32_t roundrobin_period;
-extern int schedhz;			/* ideally: 16 */
 
 struct proc;
 void schedclock(struct proc *);
-void roundrobin(struct clockintr *, void *);
+void roundrobin(struct clockintr *, void *, void *);
 void scheduler_start(void);
 void userret(struct proc *p);
 

sys/sys/time.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: time.h,v 1.64 2023/08/05 20:07:56 cheloha Exp $	*/
+/*	$OpenBSD: time.h,v 1.65 2023/09/10 03:08:05 cheloha Exp $	*/
 /*	$NetBSD: time.h,v 1.18 1996/04/23 10:29:33 mycroft Exp $	*/
 
 /*
@@ -331,7 +331,7 @@ struct proc;
 int	clock_gettime(struct proc *, clockid_t, struct timespec *);
 
 struct clockintr;
-void itimer_update(struct clockintr *, void *);
+void itimer_update(struct clockintr *, void *, void *);
 
 void	cancel_all_itimers(void);
 int	settime(const struct timespec *);

usr.bin/awk/FIXES

@@ -25,6 +25,20 @@ THIS SOFTWARE.
 This file lists all bug fixes, changes, etc., made since the AWK book
 was sent to the printers in August 1987.
 
+Sep 06, 2023:
+	Fix edge case where FS is changed on commandline. Thanks to 
+	Gordon Shephard and Miguel Pineiro Jr.
+
+	Fix regular expression clobbering in the lexer, where lexer does
+	not make a copy of regexp literals. also makedfa memory leaks have
+	been plugged. Thanks to Miguel Pineiro Jr.
+	
+Dec 15, 2022:
+	Force hex escapes in strings to be no more than two characters,
+	as they already are in regular expressions. This brings internal
+	consistency, as well as consistency with gawk. Thanks to
+	Arnold Robbins.
+
 Sep 12, 2022:
 	adjbuf minlen error (cannot be 0) in cat, resulting in NULL pbuf.
 	discovered by todd miller. also use-after-free issue with

usr.bin/awk/awkgram.y

@@ -1,4 +1,4 @@
-/*	$OpenBSD: awkgram.y,v 1.15 2022/09/01 15:21:28 millert Exp $	*/
+/*	$OpenBSD: awkgram.y,v 1.16 2023/09/10 14:59:00 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -205,7 +205,7 @@ ppattern:
 		{ $$ = op2(BOR, notnull($1), notnull($3)); }
 	| ppattern and ppattern %prec AND
 		{ $$ = op2(AND, notnull($1), notnull($3)); }
-	| ppattern MATCHOP reg_expr	{ $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); }
+	| ppattern MATCHOP reg_expr	{ $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); free($3); }
 	| ppattern MATCHOP ppattern
 		{ if (constnode($3)) {
 			$$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0));
@@ -233,7 +233,7 @@ pattern:
 	| pattern LE pattern		{ $$ = op2($2, $1, $3); }
 	| pattern LT pattern		{ $$ = op2($2, $1, $3); }
 	| pattern NE pattern		{ $$ = op2($2, $1, $3); }
-	| pattern MATCHOP reg_expr	{ $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); }
+	| pattern MATCHOP reg_expr	{ $$ = op3($2, NIL, $1, (Node*)makedfa($3, 0)); free($3); }
 	| pattern MATCHOP pattern
 		{ if (constnode($3)) {
 			$$ = op3($2, NIL, $1, (Node*)makedfa(strnode($3), 0));
@@ -283,7 +283,7 @@ rbrace:
 
 re:
 	   reg_expr
-		{ $$ = op3(MATCH, NIL, rectonode(), (Node*)makedfa($1, 0)); }
+		{ $$ = op3(MATCH, NIL, rectonode(), (Node*)makedfa($1, 0)); free($1); }
 	| NOT re	{ $$ = op1(NOT, notnull($2)); }
 	;
 
@@ -407,7 +407,7 @@ term:
 		  $$ = op2(INDEX, $3, (Node*)$5); }
 	| '(' pattern ')'		{ $$ = $2; }
 	| MATCHFCN '(' pattern comma reg_expr ')'
-		{ $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa($5, 1)); }
+		{ $$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa($5, 1)); free($5); }
 	| MATCHFCN '(' pattern comma pattern ')'
 		{ if (constnode($5)) {
 			$$ = op3(MATCHFCN, NIL, $3, (Node*)makedfa(strnode($5), 1));
@@ -418,13 +418,13 @@ term:
 	| SPLIT '(' pattern comma varname comma pattern ')'     /* string */
 		{ $$ = op4(SPLIT, $3, makearr($5), $7, (Node*)STRING); }
 	| SPLIT '(' pattern comma varname comma reg_expr ')'    /* const /regexp/ */
-		{ $$ = op4(SPLIT, $3, makearr($5), (Node*)makedfa($7, 1), (Node *)REGEXPR); }
+		{ $$ = op4(SPLIT, $3, makearr($5), (Node*)makedfa($7, 1), (Node *)REGEXPR); free($7); }
 	| SPLIT '(' pattern comma varname ')'
 		{ $$ = op4(SPLIT, $3, makearr($5), NIL, (Node*)STRING); }  /* default */
 	| SPRINTF '(' patlist ')'	{ $$ = op1($1, $3); }
 	| string	 		{ $$ = celltonode($1, CCON); }
 	| subop '(' reg_expr comma pattern ')'
-		{ $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, rectonode()); }
+		{ $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, rectonode()); free($3); }
 	| subop '(' pattern comma pattern ')'
 		{ if (constnode($3)) {
 			$$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, rectonode());
@@ -432,7 +432,7 @@ term:
 		  } else
 			$$ = op4($1, (Node *)1, $3, $5, rectonode()); }
 	| subop '(' reg_expr comma pattern comma var ')'
-		{ $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, $7); }
+		{ $$ = op4($1, NIL, (Node*)makedfa($3, 1), $5, $7); free($3); }
 	| subop '(' pattern comma pattern comma var ')'
 		{ if (constnode($3)) {
 			$$ = op4($1, NIL, (Node*)makedfa(strnode($3), 1), $5, $7);

usr.bin/awk/lex.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: lex.c,v 1.28 2022/09/01 15:21:28 millert Exp $	*/
+/*	$OpenBSD: lex.c,v 1.30 2023/09/10 14:59:00 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -427,19 +427,28 @@ int string(void)
 				break;
 
 			case 'x':	/* hex  \x0-9a-fA-F + */
-			    {	char xbuf[100], *px;
-				for (px = xbuf; (c = input()) != 0 && px-xbuf < 100-2; ) {
-					if (isdigit(c)
-					 || (c >= 'a' && c <= 'f')
-					 || (c >= 'A' && c <= 'F'))
-						*px++ = c;
-					else
+			    {
+				int i;
+
+				n = 0;
+				for (i = 1; i <= 2; i++) {
+					c = input();
+					if (c == 0)
+						break;
+					if (isxdigit(c)) {
+						c = tolower(c);
+						n *= 16;
+						if (isdigit(c))
+							n += (c - '0');
+						else
+							n += 10 + (c - 'a');
+					} else
 						break;
 				}
-				*px = 0;
-				unput(c);
-	  			sscanf(xbuf, "%x", (unsigned int *) &n);
-				*bp++ = n;
+				if (n)
+					*bp++ = n;
+				else
+					unput(c);
 				break;
 			    }
 
@@ -579,7 +588,7 @@ int regexpr(void)
 	*bp = 0;
 	if (c == 0)
 		SYNTAX("non-terminated regular expression %.10s...", buf);
-	yylval.s = buf;
+	yylval.s = tostring(buf);
 	unput('/');
 	RET(REGEXPR);
 }

usr.bin/awk/lib.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: lib.c,v 1.49 2022/09/01 15:21:28 millert Exp $	*/
+/*	$OpenBSD: lib.c,v 1.50 2023/09/10 14:59:00 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -148,11 +148,6 @@ int getrec(char **pbuf, int *pbufsize, bool isrecord)	/* get next input record *
 	}
 	DPRINTF("RS=<%s>, FS=<%s>, ARGC=%g, FILENAME=%s\n",
 		*RS, *FS, *ARGC, *FILENAME);
-	if (isrecord) {
-		donefld = false;
-		donerec = true;
-		savefs();
-	}
 	saveb0 = buf[0];
 	buf[0] = 0;
 	while (argno < *ARGC || infile == stdin) {
@@ -192,6 +187,9 @@ int getrec(char **pbuf, int *pbufsize, bool isrecord)	/* get next input record *
 					fldtab[0]->fval = result;
 					fldtab[0]->tval |= NUM;
 				}
+				donefld = false;
+				donerec = true;
+				savefs();
 			}
 			setfval(nrloc, nrloc->fval+1);
 			setfval(fnrloc, fnrloc->fval+1);

usr.bin/awk/main.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.56 2022/09/21 01:42:58 millert Exp $	*/
+/*	$OpenBSD: main.c,v 1.58 2023/09/10 14:59:00 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -23,7 +23,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
 THIS SOFTWARE.
 ****************************************************************/
 
-const char	*version = "version 20220912";
+const char	*version = "version 20230909";
 
 #define DEBUG
 #include <stdio.h>

usr.bin/awk/parse.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.c,v 1.13 2020/12/09 20:00:11 millert Exp $	*/
+/*	$OpenBSD: parse.c,v 1.14 2023/09/10 14:59:00 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -30,7 +30,7 @@ THIS SOFTWARE.
 #include "awk.h"
 #include "awkgram.tab.h"
 
-Node *nodealloc(int n)
+Node *nodealloc(size_t n)
 {
 	Node *x;
 

usr.bin/awk/proto.h

@@ -1,4 +1,4 @@
-/*	$OpenBSD: proto.h,v 1.20 2020/12/09 20:00:11 millert Exp $	*/
+/*	$OpenBSD: proto.h,v 1.21 2023/09/10 14:59:00 millert Exp $	*/
 /****************************************************************
 Copyright (C) Lucent Technologies 1997
 All Rights Reserved
@@ -69,7 +69,7 @@ extern	void	freefa(fa *);
 extern	int	pgetc(void);
 extern	char	*cursource(void);
 
-extern	Node	*nodealloc(int);
+extern	Node	*nodealloc(size_t);
 extern	Node	*exptostat(Node *);
 extern	Node	*node1(int, Node *);
 extern	Node	*node2(int, Node *, Node *);

usr.bin/ssh/clientloop.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.396 2023/09/04 00:08:14 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.398 2023/09/10 03:51:55 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -109,6 +109,9 @@
 /* Permitted RSA signature algorithms for UpdateHostkeys proofs */
 #define HOSTKEY_PROOF_RSA_ALGS	"rsa-sha2-512,rsa-sha2-256"
 
+/* Uncertainty (in percent) of keystroke timing intervals */
+#define SSH_KEYSTROKE_TIMING_FUZZ 10
+
 /* import options */
 extern Options options;
 
@@ -519,6 +522,43 @@ send_chaff(struct ssh *ssh)
 	return 1;
 }
 
+/* Sets the next interval to send a keystroke or chaff packet */
+static void
+set_next_interval(const struct timespec *now, struct timespec *next_interval,
+    u_int interval_ms, int starting)
+{
+	struct timespec tmp;
+	long long interval_ns, fuzz_ns;
+	static long long rate_fuzz;
+
+	interval_ns = interval_ms * (1000LL * 1000);
+	fuzz_ns = (interval_ns * SSH_KEYSTROKE_TIMING_FUZZ) / 100;
+	/* Center fuzz around requested interval */
+	if (fuzz_ns > INT_MAX)
+		fuzz_ns = INT_MAX;
+	if (fuzz_ns > interval_ns) {
+		/* Shouldn't happen */
+		fatal_f("internal error: fuzz %u%% %lldns > interval %lldns",
+		    SSH_KEYSTROKE_TIMING_FUZZ, fuzz_ns, interval_ns);
+	}
+	/*
+	 * Randomise the keystroke/chaff intervals in two ways:
+	 * 1. Each interval has some random jitter applied to make the
+	 *    interval-to-interval time unpredictable.
+	 * 2. The overall interval rate is also randomly perturbed for each
+	 *    chaffing session to make the average rate unpredictable.
+	 */
+	if (starting)
+		rate_fuzz = arc4random_uniform(fuzz_ns);
+	interval_ns -= fuzz_ns;
+	interval_ns += arc4random_uniform(fuzz_ns) + rate_fuzz;
+
+	tmp.tv_sec = interval_ns / (1000 * 1000 * 1000);
+	tmp.tv_nsec = interval_ns % (1000 * 1000 * 1000);
+
+	timespecadd(now, &tmp, next_interval);
+}
+
 /*
  * Performs keystroke timing obfuscation. Returns non-zero if the
  * output fd should be polled.
@@ -582,12 +622,12 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
 	 */
 	if (!active && ssh_packet_interactive_data_to_write(ssh) &&
 	    channel_did_enqueue && ssh_packet_have_data_to_write(ssh)) {
-		debug3_f("starting: interval %d",
+		debug3_f("starting: interval ~%dms",
 		    options.obscure_keystroke_timing_interval);
 		just_started = had_keystroke = active = 1;
 		nchaff = 0;
-		ms_to_timespec(&tmp, options.obscure_keystroke_timing_interval);
-		timespecadd(&now, &tmp, &next_interval);
+		set_next_interval(&now, &next_interval,
+		    options.obscure_keystroke_timing_interval, 1);
 	}
 
 	/* Don't hold off if obfuscation inactive */
@@ -620,8 +660,8 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
 	n = (n < 0) ? 1 : n + 1;
 
 	/* Advance to the next interval */
-	ms_to_timespec(&tmp, options.obscure_keystroke_timing_interval * n);
-	timespecadd(&now, &tmp, &next_interval);
+	set_next_interval(&now, &next_interval,
+	    options.obscure_keystroke_timing_interval * n, 0);
 	return 1;
 }