From 297ba4a59ad302c6c3df7ac368e46cf5e53ec2db Mon Sep 17 00:00:00 2001 From: purplerain Date: Mon, 1 Apr 2024 19:33:31 +0000 Subject: [PATCH] sync with OpenBSD -current --- distrib/sets/lists/base/mi | 3 + lib/libexpat/Changes | 76 +++++++++++++- lib/libexpat/README.md | 2 +- lib/libexpat/doc/reference.html | 7 +- lib/libexpat/lib/expat.h | 5 +- lib/libexpat/lib/internal.h | 17 ++- lib/libexpat/lib/xmlparse.c | 24 +++-- lib/libexpat/tests/basic_tests.c | 159 +++++++++++++++++------------ lib/libexpat/tests/misc_tests.c | 2 +- lib/libexpat/tests/runtests.c | 2 + sys/arch/amd64/amd64/vmm_machdep.c | 78 +++++++++----- sys/arch/amd64/amd64/vmm_support.S | 110 +------------------- sys/arch/amd64/include/vmmvar.h | 15 ++- sys/dev/fdt/rkclock.c | 17 ++- sys/dev/fdt/rkclock_clocks.h | 3 + sys/sys/syscall_mi.h | 7 +- usr.bin/nc/nc.1 | 5 +- usr.bin/ssh/ssh-agent/Makefile | 25 ++++- usr.bin/ssh/sshd/Makefile | 28 ++--- usr.sbin/nsd/Makefile.bsd-wrapper | 4 +- 20 files changed, 338 insertions(+), 251 deletions(-) diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi index 6d6340312..3fb39b1f7 100644 --- a/distrib/sets/lists/base/mi +++ b/distrib/sets/lists/base/mi @@ -2959,6 +2959,9 @@ ./usr/share/relink/kernel ./usr/share/relink/kernel.tgz ./usr/share/relink/usr +./usr/share/relink/usr/bin +./usr/share/relink/usr/bin/ssh-agent +./usr/share/relink/usr/bin/ssh-agent/ssh-agent.tar ./usr/share/relink/usr/lib ./usr/share/relink/usr/lib/libc.so.99.0.a ./usr/share/relink/usr/lib/libcrypto.so.53.0.a diff --git a/lib/libexpat/Changes b/lib/libexpat/Changes index 48df93dc0..52b366d5d 100644 --- a/lib/libexpat/Changes +++ b/lib/libexpat/Changes @@ -1,13 +1,83 @@ -NOTE: We are looking for help with a few things: - https://github.com/libexpat/libexpat/labels/help%20wanted - If you can help, please get in touch. Thanks! + __ __ _ + ___\ \/ /_ __ __ _| |_ + / _ \\ /| '_ \ / _` | __| + | __// \| |_) | (_| | |_ + \___/_/\_\ .__/ \__,_|\__| + |_| XML parser +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +!! Expat is UNDERSTAFFED and WITHOUT FUNDING. !! +!! ~~~~~~~~~~~~ !! +!! The following topics need *additional skilled C developers* to progress !! +!! in a timely manner or at all (loosely ordered by descending priority): !! +!! !! +!! - fixing a complex non-public security issue, !! +!! - teaming up on researching and fixing future security reports and !! +!! ClusterFuzz findings with few-days-max response times in communication !! +!! in order to (1) have a sound fix ready before the end of a 90 days !! +!! grace period and (2) in a sustainable manner, !! +!! - implementing and auto-testing XML 1.0r5 support !! +!! (needs discussion before pull requests), !! +!! - smart ideas on fixing the Autotools CMake files generation issue !! +!! without breaking CI (needs discussion before pull requests), !! +!! - the Windows binaries topic (needs requirements engineering first), !! +!! - pushing migration from `int` to `size_t` further !! +!! including edge-cases test coverage (needs discussion before anything). !! +!! !! +!! For details, please reach out via e-mail to sebastian@pipping.org so we !! +!! can schedule a voice call on the topic, in English or German. !! +!! !! +!! THANK YOU! Sebastian Pipping -- Berlin, 2024-03-09 !! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! + +Release 2.6.2 Wed March 13 2024 Security fixes: #839 #842 CVE-2024-28757 -- Prevent billion laughs attacks with isolated use of external parsers. Please see the commit message of commit 1d50b80cf31de87750103656f6eb693746854aa8 for details. + Bug fixes: + #839 #841 Reject direct parameter entity recursion + and avoid the related undefined behavior + + Other changes: + #847 Autotools: Fix build for DOCBOOK_TO_MAN containing spaces + #837 Add missing #821 and #824 to 2.6.1 change log + #838 #843 Version info bumped from 10:1:9 (libexpat*.so.1.9.1) + to 10:2:9 (libexpat*.so.1.9.2); see https://verbump.de/ + for what these numbers do + + Special thanks to: + Philippe Antoine + Tomas Korbar + and + Clang UndefinedBehaviorSanitizer + OSS-Fuzz / ClusterFuzz + +Release 2.6.1 Thu February 29 2024 + Bug fixes: + #817 Make tests independent of CPU speed, and thus more robust + #828 #836 Expose billion laughs API with XML_DTD defined and + XML_GE undefined, regression from 2.6.0 + + Other changes: + #829 Hide test-only code behind new internal macro + #833 Autotools: Reject expat_config.h.in defining SIZEOF_VOID_P + #821 #824 Autotools: Fix "make clean" for case: + ./configure --without-docbook && make clean all + #819 Address compiler warnings + #832 #834 Version info bumped from 10:0:9 (libexpat*.so.1.9.0) + to 10:1:9 (libexpat*.so.1.9.1); see https://verbump.de/ + for what these numbers do + + Infrastructure: + #818 CI: Adapt to breaking changes in clang-format + + Special thanks to: + David Hall + Snild Dolkow + Release 2.6.0 Tue February 6 2024 Security fixes: #789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens diff --git a/lib/libexpat/README.md b/lib/libexpat/README.md index 43c4f4f3d..3c20adbee 100644 --- a/lib/libexpat/README.md +++ b/lib/libexpat/README.md @@ -5,7 +5,7 @@ [![Downloads GitHub](https://img.shields.io/github/downloads/libexpat/libexpat/total?label=Downloads%20GitHub)](https://github.com/libexpat/libexpat/releases) -# Expat, Release 2.6.0 +# Expat, Release 2.6.2 This is Expat, a C99 library for parsing [XML 1.0 Fourth Edition](https://www.w3.org/TR/2006/REC-xml-20060816/), started by diff --git a/lib/libexpat/doc/reference.html b/lib/libexpat/doc/reference.html index 898f03a33..5614dc34c 100644 --- a/lib/libexpat/doc/reference.html +++ b/lib/libexpat/doc/reference.html @@ -52,7 +52,7 @@

The Expat XML Parser - Release 2.6.0 + Release 2.6.2

@@ -356,10 +356,7 @@ library and header would get installed in

Configuring Expat Using the Pre-Processor

Expat's feature set can be configured using a small number of -pre-processor definitions. The definition of this symbols does not -affect the set of entry points for Expat, only the behavior of the API -and the definition of character types in the case of -XML_UNICODE_WCHAR_T. The symbols are:

+pre-processor definitions. The symbols are:

XML_GE
diff --git a/lib/libexpat/lib/expat.h b/lib/libexpat/lib/expat.h index 95464b0dd..c2770be38 100644 --- a/lib/libexpat/lib/expat.h +++ b/lib/libexpat/lib/expat.h @@ -18,6 +18,7 @@ Copyright (c) 2022 Thijs Schreijer Copyright (c) 2023 Hanno Böck Copyright (c) 2023 Sony Corporation / Snild Dolkow + Copyright (c) 2024 Taichi Haradaguchi <20001722@ymail.ne.jp> Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -1042,7 +1043,7 @@ typedef struct { XMLPARSEAPI(const XML_Feature *) XML_GetFeatureList(void); -#if XML_GE == 1 +#if defined(XML_DTD) || (defined(XML_GE) && XML_GE == 1) /* Added in Expat 2.4.0 for XML_DTD defined and * added in Expat 2.6.0 for XML_GE == 1. */ XMLPARSEAPI(XML_Bool) @@ -1065,7 +1066,7 @@ XML_SetReparseDeferralEnabled(XML_Parser parser, XML_Bool enabled); */ #define XML_MAJOR_VERSION 2 #define XML_MINOR_VERSION 6 -#define XML_MICRO_VERSION 0 +#define XML_MICRO_VERSION 2 #ifdef __cplusplus } diff --git a/lib/libexpat/lib/internal.h b/lib/libexpat/lib/internal.h index cce71e4c5..167ec3680 100644 --- a/lib/libexpat/lib/internal.h +++ b/lib/libexpat/lib/internal.h @@ -28,10 +28,11 @@ Copyright (c) 2002-2003 Fred L. Drake, Jr. Copyright (c) 2002-2006 Karl Waclawek Copyright (c) 2003 Greg Stein - Copyright (c) 2016-2023 Sebastian Pipping + Copyright (c) 2016-2024 Sebastian Pipping Copyright (c) 2018 Yury Gribov Copyright (c) 2019 David Loffredo - Copyright (c) 2023 Sony Corporation / Snild Dolkow + Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow + Copyright (c) 2024 Taichi Haradaguchi <20001722@ymail.ne.jp> Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -155,14 +156,20 @@ extern "C" { void _INTERNAL_trim_to_complete_utf8_characters(const char *from, const char **fromLimRef); -#if XML_GE == 1 +#if defined(XML_GE) && XML_GE == 1 unsigned long long testingAccountingGetCountBytesDirect(XML_Parser parser); unsigned long long testingAccountingGetCountBytesIndirect(XML_Parser parser); const char *unsignedCharToPrintable(unsigned char c); #endif -extern XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c -extern unsigned int g_parseAttempts; // used for testing only +extern +#if ! defined(XML_TESTING) + const +#endif + XML_Bool g_reparseDeferralEnabledDefault; // written ONLY in runtests.c +#if defined(XML_TESTING) +extern unsigned int g_bytesScanned; // used for testing only +#endif #ifdef __cplusplus } diff --git a/lib/libexpat/lib/xmlparse.c b/lib/libexpat/lib/xmlparse.c index dfaa527af..2951fec70 100644 --- a/lib/libexpat/lib/xmlparse.c +++ b/lib/libexpat/lib/xmlparse.c @@ -1,4 +1,4 @@ -/* 628e24d4966bedbd4800f6ed128d06d29703765b4bce12d3b7f099f90f842fc9 (2.6.0+) +/* 2a14271ad4d35e82bde8ba210b4edb7998794bcbae54deab114046a300f9639a (2.6.2+) __ __ _ ___\ \/ /_ __ __ _| |_ / _ \\ /| '_ \ / _` | __| @@ -38,7 +38,7 @@ Copyright (c) 2022 Jann Horn Copyright (c) 2022 Sean McBride Copyright (c) 2023 Owain Davies - Copyright (c) 2023 Sony Corporation / Snild Dolkow + Copyright (c) 2023-2024 Sony Corporation / Snild Dolkow Licensed under the MIT license: Permission is hereby granted, free of charge, to any person obtaining @@ -210,7 +210,7 @@ typedef char ICHAR; #endif /* Round up n to be a multiple of sz, where sz is a power of 2. */ -#define ROUND_UP(n, sz) (((n) + ((sz)-1)) & ~((sz)-1)) +#define ROUND_UP(n, sz) (((n) + ((sz) - 1)) & ~((sz) - 1)) /* Do safe (NULL-aware) pointer arithmetic */ #define EXPAT_SAFE_PTR_DIFF(p, q) (((p) && (q)) ? ((p) - (q)) : 0) @@ -248,7 +248,7 @@ static void copy_salt_to_sipkey(XML_Parser parser, struct sipkey *key); it odd, since odd numbers are always relative prime to a power of 2. */ #define SECOND_HASH(hash, mask, power) \ - ((((hash) & ~(mask)) >> ((power)-1)) & ((mask) >> 2)) + ((((hash) & ~(mask)) >> ((power) - 1)) & ((mask) >> 2)) #define PROBE_STEP(hash, mask, power) \ ((unsigned char)((SECOND_HASH(hash, mask, power)) | 1)) @@ -629,8 +629,14 @@ static unsigned long getDebugLevel(const char *variableName, ? 0 \ : ((*((pool)->ptr)++ = c), 1)) -XML_Bool g_reparseDeferralEnabledDefault = XML_TRUE; // write ONLY in runtests.c -unsigned int g_parseAttempts = 0; // used for testing only +#if ! defined(XML_TESTING) +const +#endif + XML_Bool g_reparseDeferralEnabledDefault + = XML_TRUE; // write ONLY in runtests.c +#if defined(XML_TESTING) +unsigned int g_bytesScanned = 0; // used for testing only +#endif struct XML_ParserStruct { /* The first member must be m_userData so that the XML_GetUserData @@ -1017,7 +1023,9 @@ callProcessor(XML_Parser parser, const char *start, const char *end, return XML_ERROR_NONE; } } - g_parseAttempts += 1; +#if defined(XML_TESTING) + g_bytesScanned += (unsigned)have_now; +#endif const enum XML_Error ret = parser->m_processor(parser, start, end, endPtr); if (ret == XML_ERROR_NONE) { // if we consumed nothing, remember what we had on this parse attempt. @@ -6232,7 +6240,7 @@ storeEntityValue(XML_Parser parser, const ENCODING *enc, dtd->keepProcessing = dtd->standalone; goto endEntityValue; } - if (entity->open) { + if (entity->open || (entity == parser->m_declEntity)) { if (enc == parser->m_encoding) parser->m_eventPtr = entityTextPtr; result = XML_ERROR_RECURSIVE_ENTITY_REF; diff --git a/lib/libexpat/tests/basic_tests.c b/lib/libexpat/tests/basic_tests.c index 7112a4401..372089a9d 100644 --- a/lib/libexpat/tests/basic_tests.c +++ b/lib/libexpat/tests/basic_tests.c @@ -1202,6 +1202,49 @@ START_TEST(test_wfc_no_recursive_entity_refs) { } END_TEST +START_TEST(test_recursive_external_parameter_entity_2) { + struct TestCase { + const char *doc; + enum XML_Status expectedStatus; + }; + + struct TestCase cases[] = { + {"", XML_STATUS_ERROR}, + {"" + "", + XML_STATUS_ERROR}, + {"" + "", + XML_STATUS_OK}, + {"", XML_STATUS_OK}, + }; + + for (size_t i = 0; i < sizeof(cases) / sizeof(cases[0]); i++) { + const char *const doc = cases[i].doc; + const enum XML_Status expectedStatus = cases[i].expectedStatus; + set_subtest("%s", doc); + + XML_Parser parser = XML_ParserCreate(NULL); + assert_true(parser != NULL); + + XML_Parser ext_parser = XML_ExternalEntityParserCreate(parser, NULL, NULL); + assert_true(ext_parser != NULL); + + const enum XML_Status actualStatus + = _XML_Parse_SINGLE_BYTES(ext_parser, doc, (int)strlen(doc), XML_TRUE); + + assert_true(actualStatus == expectedStatus); + if (actualStatus != XML_STATUS_OK) { + assert_true(XML_GetErrorCode(ext_parser) + == XML_ERROR_RECURSIVE_ENTITY_REF); + } + + XML_ParserFree(ext_parser); + XML_ParserFree(parser); + } +} +END_TEST + /* Test incomplete external entities are faulted */ START_TEST(test_ext_entity_invalid_parse) { const char *text = ". " - "Please keep increasing the value by 1 until it reliably passes the " - "test on your hardware and open a bug sharing that number with us. " - "Thanks in advance!"; +START_TEST(test_big_tokens_scale_linearly) { const struct { const char *pre; const char *post; @@ -5220,65 +5258,57 @@ START_TEST(test_big_tokens_take_linear_time) { {"<", "/>"}, // big elem name, used to be O(N²) }; const int num_cases = sizeof(text) / sizeof(text[0]); - // For the test we need a value that is: - // (1) big enough that the test passes reliably (avoiding flaky tests), and - // (2) small enough that the test actually catches regressions. - const int max_slowdown = 15; char aaaaaa[4096]; const int fillsize = (int)sizeof(aaaaaa); const int fillcount = 100; + const unsigned approx_bytes = fillsize * fillcount; // ignore pre/post. + const unsigned max_factor = 4; + const unsigned max_scanned = max_factor * approx_bytes; memset(aaaaaa, 'a', fillsize); if (! g_reparseDeferralEnabledDefault) { return; // heuristic is disabled; we would get O(n^2) and fail. } -#if ! defined(__linux__) - if (CLOCKS_PER_SEC < 100000) { - // Skip this test if clock() doesn't have reasonably good resolution. - // This workaround is primarily targeting Windows and FreeBSD, since - // XSI requires the value to be 1.000.000 (10x the condition here), and - // we want to be very sure that at least one platform in CI can catch - // regressions (through a failing test). - return; - } -#endif - clock_t baseline = 0; for (int i = 0; i < num_cases; ++i) { XML_Parser parser = XML_ParserCreate(NULL); assert_true(parser != NULL); enum XML_Status status; - set_subtest("max_slowdown=%d text=\"%saaaaaa%s\"", max_slowdown, - text[i].pre, text[i].post); - const clock_t start = clock(); + set_subtest("text=\"%saaaaaa%s\"", text[i].pre, text[i].post); // parse the start text + g_bytesScanned = 0; status = _XML_Parse_SINGLE_BYTES(parser, text[i].pre, (int)strlen(text[i].pre), XML_FALSE); if (status != XML_STATUS_OK) { xml_failure(parser); } + // parse lots of 'a', failing the test early if it takes too long + unsigned past_max_count = 0; for (int f = 0; f < fillcount; ++f) { status = _XML_Parse_SINGLE_BYTES(parser, aaaaaa, fillsize, XML_FALSE); if (status != XML_STATUS_OK) { xml_failure(parser); } - // i == 0 means we're still calculating the baseline value - if (i > 0) { - const clock_t now = clock(); - const clock_t clocks_so_far = now - start; - const int slowdown = clocks_so_far / baseline; - if (slowdown >= max_slowdown) { - fprintf( - stderr, - "fill#%d: clocks_so_far=%d baseline=%d slowdown=%d max_slowdown=%d\n", - f, (int)clocks_so_far, (int)baseline, slowdown, max_slowdown); - fail(too_slow_failure_message); - } + if (g_bytesScanned > max_scanned) { + // We're not done, and have already passed the limit -- the test will + // definitely fail. This block allows us to save time by failing early. + const unsigned pushed + = (unsigned)strlen(text[i].pre) + (f + 1) * fillsize; + fprintf( + stderr, + "after %d/%d loops: pushed=%u scanned=%u (factor ~%.2f) max_scanned: %u (factor ~%u)\n", + f + 1, fillcount, pushed, g_bytesScanned, + g_bytesScanned / (double)pushed, max_scanned, max_factor); + past_max_count++; + // We are failing, but allow a few log prints first. If we don't reach + // a count of five, the test will fail after the loop instead. + assert_true(past_max_count < 5); } } + // parse the end text status = _XML_Parse_SINGLE_BYTES(parser, text[i].post, (int)strlen(text[i].post), XML_TRUE); @@ -5286,24 +5316,21 @@ START_TEST(test_big_tokens_take_linear_time) { xml_failure(parser); } - // how long did it take in total? - const clock_t end = clock(); - const clock_t taken = end - start; - if (i == 0) { - assert_true(taken > 0); // just to make sure we don't div-by-0 later - baseline = taken; - } - const int slowdown = taken / baseline; - if (slowdown >= max_slowdown) { - fprintf(stderr, "taken=%d baseline=%d slowdown=%d max_slowdown=%d\n", - (int)taken, (int)baseline, slowdown, max_slowdown); - fail(too_slow_failure_message); + assert_true(g_bytesScanned > approx_bytes); // or the counter isn't working + if (g_bytesScanned > max_scanned) { + fprintf( + stderr, + "after all input: scanned=%u (factor ~%.2f) max_scanned: %u (factor ~%u)\n", + g_bytesScanned, g_bytesScanned / (double)approx_bytes, max_scanned, + max_factor); + fail("scanned too many bytes"); } XML_ParserFree(parser); } } END_TEST +#endif START_TEST(test_set_reparse_deferral) { const char *const pre = ""; @@ -5702,6 +5729,7 @@ START_TEST(test_bypass_heuristic_when_close_to_bufsize) { } END_TEST +#if defined(XML_TESTING) START_TEST(test_varying_buffer_fills) { const int KiB = 1024; const int MiB = 1024 * KiB; @@ -5774,19 +5802,17 @@ START_TEST(test_varying_buffer_fills) { fillsize[2], fillsize[3]); XML_Parser parser = XML_ParserCreate(NULL); assert_true(parser != NULL); - g_parseAttempts = 0; CharData storage; CharData_Init(&storage); XML_SetUserData(parser, &storage); XML_SetStartElementHandler(parser, start_element_event_handler); + g_bytesScanned = 0; int worstcase_bytes = 0; // sum of (buffered bytes at each XML_Parse call) - int scanned_bytes = 0; // sum of (buffered bytes at each actual parse) int offset = 0; while (*fillsize >= 0) { assert_true(offset + *fillsize <= document_length); // or test is invalid - const unsigned attempts_before = g_parseAttempts; const enum XML_Status status = XML_Parse(parser, &document[offset], *fillsize, XML_FALSE); if (status != XML_STATUS_OK) { @@ -5796,34 +5822,27 @@ START_TEST(test_varying_buffer_fills) { fillsize++; assert_true(offset <= INT_MAX - worstcase_bytes); // avoid overflow worstcase_bytes += offset; // we might've tried to parse all pending bytes - if (g_parseAttempts != attempts_before) { - assert_true(g_parseAttempts == attempts_before + 1); // max 1/XML_Parse - assert_true(offset <= INT_MAX - scanned_bytes); // avoid overflow - scanned_bytes += offset; // we *did* try to parse all pending bytes - } } assert_true(storage.count == 1); // the big token should've been parsed - assert_true(scanned_bytes > 0); // test-the-test: does our counter work? + assert_true(g_bytesScanned > 0); // test-the-test: does our counter work? if (g_reparseDeferralEnabledDefault) { // heuristic is enabled; some XML_Parse calls may have deferred reparsing - const int max_bytes_scanned = -*fillsize; - if (scanned_bytes > max_bytes_scanned) { + const unsigned max_bytes_scanned = -*fillsize; + if (g_bytesScanned > max_bytes_scanned) { fprintf(stderr, - "bytes scanned in parse attempts: actual=%d limit=%d \n", - scanned_bytes, max_bytes_scanned); + "bytes scanned in parse attempts: actual=%u limit=%u \n", + g_bytesScanned, max_bytes_scanned); fail("too many bytes scanned in parse attempts"); } - assert_true(scanned_bytes <= worstcase_bytes); - } else { - // heuristic is disabled; every XML_Parse() will have reparsed - assert_true(scanned_bytes == worstcase_bytes); } + assert_true(g_bytesScanned <= (unsigned)worstcase_bytes); XML_ParserFree(parser); } free(document); } END_TEST +#endif void make_basic_test_case(Suite *s) { @@ -5972,6 +5991,8 @@ make_basic_test_case(Suite *s) { tcase_add_test__ifdef_xml_dtd(tc_basic, test_skipped_parameter_entity); tcase_add_test__ifdef_xml_dtd(tc_basic, test_recursive_external_parameter_entity); + tcase_add_test__ifdef_xml_dtd(tc_basic, + test_recursive_external_parameter_entity_2); tcase_add_test(tc_basic, test_undefined_ext_entity_in_external_dtd); tcase_add_test(tc_basic, test_suspend_xdecl); tcase_add_test(tc_basic, test_abort_epilog); @@ -6065,12 +6086,16 @@ make_basic_test_case(Suite *s) { tcase_add_test__ifdef_xml_dtd(tc_basic, test_pool_integrity_with_unfinished_attr); tcase_add_test__if_xml_ge(tc_basic, test_nested_entity_suspend); - tcase_add_test(tc_basic, test_big_tokens_take_linear_time); +#if defined(XML_TESTING) + tcase_add_test(tc_basic, test_big_tokens_scale_linearly); +#endif tcase_add_test(tc_basic, test_set_reparse_deferral); tcase_add_test(tc_basic, test_reparse_deferral_is_inherited); tcase_add_test(tc_basic, test_set_reparse_deferral_on_null_parser); tcase_add_test(tc_basic, test_set_reparse_deferral_on_the_fly); tcase_add_test(tc_basic, test_set_bad_reparse_option); tcase_add_test(tc_basic, test_bypass_heuristic_when_close_to_bufsize); +#if defined(XML_TESTING) tcase_add_test(tc_basic, test_varying_buffer_fills); +#endif } diff --git a/lib/libexpat/tests/misc_tests.c b/lib/libexpat/tests/misc_tests.c index b5212f58a..ffde05631 100644 --- a/lib/libexpat/tests/misc_tests.c +++ b/lib/libexpat/tests/misc_tests.c @@ -208,7 +208,7 @@ START_TEST(test_misc_version) { if (! versions_equal(&read_version, &parsed_version)) fail("Version mismatch"); - if (xcstrcmp(version_text, XCS("expat_2.6.0"))) /* needs bump on releases */ + if (xcstrcmp(version_text, XCS("expat_2.6.2"))) /* needs bump on releases */ fail("XML_*_VERSION in expat.h out of sync?\n"); } END_TEST diff --git a/lib/libexpat/tests/runtests.c b/lib/libexpat/tests/runtests.c index ecb1c36be..3e0169ef7 100644 --- a/lib/libexpat/tests/runtests.c +++ b/lib/libexpat/tests/runtests.c @@ -101,7 +101,9 @@ main(int argc, char *argv[]) { for (g_chunkSize = 0; g_chunkSize <= 5; g_chunkSize++) { for (int enabled = 0; enabled <= 1; ++enabled) { char context[100]; +#if defined(XML_TESTING) g_reparseDeferralEnabledDefault = enabled; +#endif snprintf(context, sizeof(context), "chunksize=%d deferral=%d", g_chunkSize, enabled); context[sizeof(context) - 1] = '\0'; diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index d94fa95ae..55c775c65 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.21 2024/03/12 02:31:15 guenther Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.22 2024/04/01 05:11:49 guenther Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -2329,7 +2329,7 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs) uint32_t cr0, cr4; uint32_t pinbased, procbased, procbased2, exit, entry; uint32_t want1, want0; - uint64_t ctrlval, cr3; + uint64_t ctrlval, cr3, msr_misc_enable; uint16_t ctrl, vpid; struct vmx_msr_store *msr_store; @@ -2723,24 +2723,26 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs) vrs->vrs_crs[VCPU_REGS_CR0] = cr0; vrs->vrs_crs[VCPU_REGS_CR4] = cr4; + msr_misc_enable = rdmsr(MSR_MISC_ENABLE); + /* * Select host MSRs to be loaded on exit */ msr_store = (struct vmx_msr_store *)vcpu->vc_vmx_msr_exit_load_va; - msr_store[0].vms_index = MSR_EFER; - msr_store[0].vms_data = rdmsr(MSR_EFER); - msr_store[1].vms_index = MSR_STAR; - msr_store[1].vms_data = rdmsr(MSR_STAR); - msr_store[2].vms_index = MSR_LSTAR; - msr_store[2].vms_data = rdmsr(MSR_LSTAR); - msr_store[3].vms_index = MSR_CSTAR; - msr_store[3].vms_data = 0; - msr_store[4].vms_index = MSR_SFMASK; - msr_store[4].vms_data = rdmsr(MSR_SFMASK); - msr_store[5].vms_index = MSR_KERNELGSBASE; - msr_store[5].vms_data = rdmsr(MSR_KERNELGSBASE); - msr_store[6].vms_index = MSR_MISC_ENABLE; - msr_store[6].vms_data = rdmsr(MSR_MISC_ENABLE); + msr_store[VCPU_HOST_REGS_EFER].vms_index = MSR_EFER; + msr_store[VCPU_HOST_REGS_EFER].vms_data = rdmsr(MSR_EFER); + msr_store[VCPU_HOST_REGS_STAR].vms_index = MSR_STAR; + msr_store[VCPU_HOST_REGS_STAR].vms_data = rdmsr(MSR_STAR); + msr_store[VCPU_HOST_REGS_LSTAR].vms_index = MSR_LSTAR; + msr_store[VCPU_HOST_REGS_LSTAR].vms_data = rdmsr(MSR_LSTAR); + msr_store[VCPU_HOST_REGS_CSTAR].vms_index = MSR_CSTAR; + msr_store[VCPU_HOST_REGS_CSTAR].vms_data = 0; + msr_store[VCPU_HOST_REGS_SFMASK].vms_index = MSR_SFMASK; + msr_store[VCPU_HOST_REGS_SFMASK].vms_data = rdmsr(MSR_SFMASK); + msr_store[VCPU_HOST_REGS_KGSBASE].vms_index = MSR_KERNELGSBASE; + msr_store[VCPU_HOST_REGS_KGSBASE].vms_data = 0; + msr_store[VCPU_HOST_REGS_MISC_ENABLE].vms_index = MSR_MISC_ENABLE; + msr_store[VCPU_HOST_REGS_MISC_ENABLE].vms_data = msr_misc_enable; /* * Select guest MSRs to be loaded on entry / saved on exit @@ -2759,7 +2761,7 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs) * Initialize MSR_MISC_ENABLE as it can't be read and populated from vmd * and some of the content is based on the host. */ - msr_store[VCPU_REGS_MISC_ENABLE].vms_data = rdmsr(MSR_MISC_ENABLE); + msr_store[VCPU_REGS_MISC_ENABLE].vms_data = msr_misc_enable; msr_store[VCPU_REGS_MISC_ENABLE].vms_data &= ~(MISC_ENABLE_TCC | MISC_ENABLE_PERF_MON_AVAILABLE | MISC_ENABLE_EIST_ENABLED | MISC_ENABLE_ENABLE_MONITOR_FSM | @@ -2768,24 +2770,26 @@ vcpu_reset_regs_vmx(struct vcpu *vcpu, struct vcpu_reg_state *vrs) MISC_ENABLE_BTS_UNAVAILABLE | MISC_ENABLE_PEBS_UNAVAILABLE; /* - * Currently we have the same count of entry/exit MSRs loads/stores - * but this is not an architectural requirement. + * Currently we use the same memory for guest MSRs (entry-load and + * exit-store) so they have the same count. We exit-load the same + * host MSRs, so same count but different memory. Those are just + * our current choices, not architectural requirements. */ - if (vmwrite(VMCS_EXIT_MSR_STORE_COUNT, VMX_NUM_MSR_STORE)) { + if (vmwrite(VMCS_EXIT_MSR_STORE_COUNT, VCPU_REGS_NMSRS)) { DPRINTF("%s: error setting guest MSR exit store count\n", __func__); ret = EINVAL; goto exit; } - if (vmwrite(VMCS_EXIT_MSR_LOAD_COUNT, VMX_NUM_MSR_STORE)) { + if (vmwrite(VMCS_EXIT_MSR_LOAD_COUNT, VCPU_HOST_REGS_NMSRS)) { DPRINTF("%s: error setting guest MSR exit load count\n", __func__); ret = EINVAL; goto exit; } - if (vmwrite(VMCS_ENTRY_MSR_LOAD_COUNT, VMX_NUM_MSR_STORE)) { + if (vmwrite(VMCS_ENTRY_MSR_LOAD_COUNT, VCPU_REGS_NMSRS)) { DPRINTF("%s: error setting guest MSR entry load count\n", __func__); ret = EINVAL; @@ -2974,6 +2978,7 @@ vcpu_init_vmx(struct vcpu *vcpu) goto exit; } +#if 0 /* XXX currently use msr_exit_save for msr_entry_load too */ /* Allocate MSR entry load area VA */ vcpu->vc_vmx_msr_entry_load_va = (vaddr_t)km_alloc(PAGE_SIZE, &kv_page, &kp_zero, &kd_waitok); @@ -2989,6 +2994,7 @@ vcpu_init_vmx(struct vcpu *vcpu) ret = ENOMEM; goto exit; } +#endif vmcs = (struct vmcs *)vcpu->vc_control_va; vmcs->vmcs_revision = curcpu()->ci_vmm_cap.vcc_vmx.vmx_vmxon_revision; @@ -3308,11 +3314,13 @@ vcpu_deinit_vmx(struct vcpu *vcpu) PAGE_SIZE, &kv_page, &kp_zero); vcpu->vc_vmx_msr_exit_load_va = 0; } +#if 0 if (vcpu->vc_vmx_msr_entry_load_va) { km_free((void *)vcpu->vc_vmx_msr_entry_load_va, PAGE_SIZE, &kv_page, &kp_zero); vcpu->vc_vmx_msr_entry_load_va = 0; } +#endif if (vcpu->vc_vmx_vpid_enabled) vmm_free_vpid(vcpu->vc_vpid); @@ -3954,8 +3962,9 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) int ret = 0, exitinfo; struct region_descriptor gdt; struct cpu_info *ci = NULL; - uint64_t exit_reason, cr3, insn_error; + uint64_t exit_reason, cr3, msr, insn_error; struct schedstate_percpu *spc; + struct vmx_msr_store *msr_store; struct vmx_invvpid_descriptor vid; uint64_t eii, procbased, int_st; uint16_t irq; @@ -4091,6 +4100,7 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) } } + msr_store = (struct vmx_msr_store *)vcpu->vc_vmx_msr_exit_load_va; while (ret == 0) { #ifdef VMM_DEBUG paddr_t pa = 0ULL; @@ -4126,6 +4136,26 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) (uint64_t)ci->ci_tss); return (EINVAL); } + + /* Host GS.base (aka curcpu) */ + if (vmwrite(VMCS_HOST_IA32_GS_BASE, (uint64_t)ci)) { + printf("%s: vmwrite(0x%04X, 0x%llx)\n", + __func__, VMCS_HOST_IA32_GS_BASE, + (uint64_t)ci); + return (EINVAL); + } + + /* Host FS.base */ + msr = rdmsr(MSR_FSBASE); + if (vmwrite(VMCS_HOST_IA32_FS_BASE, msr)) { + printf("%s: vmwrite(0x%04X, 0x%llx)\n", + __func__, VMCS_HOST_IA32_FS_BASE, msr); + return (EINVAL); + } + + /* Host KernelGS.base (userspace GS.base here) */ + msr_store[VCPU_HOST_REGS_KGSBASE].vms_data = + rdmsr(MSR_KERNELGSBASE); } /* Inject event if present */ @@ -8087,7 +8117,7 @@ vmx_vcpu_dump_regs(struct vcpu *vcpu) msr_store = (struct vmx_msr_store *)vcpu->vc_vmx_msr_exit_save_va; - for (i = 0; i < VMX_NUM_MSR_STORE; i++) { + for (i = 0; i < VCPU_REGS_NMSRS; i++) { DPRINTF(" MSR %d @ %p : 0x%08llx (%s), " "value=0x%016llx ", i, &msr_store[i], msr_store[i].vms_index, diff --git a/sys/arch/amd64/amd64/vmm_support.S b/sys/arch/amd64/amd64/vmm_support.S index 8da5ac888..9c0286306 100644 --- a/sys/arch/amd64/amd64/vmm_support.S +++ b/sys/arch/amd64/amd64/vmm_support.S @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_support.S,v 1.26 2024/03/17 05:49:41 guenther Exp $ */ +/* $OpenBSD: vmm_support.S,v 1.27 2024/04/01 05:11:49 guenther Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -177,59 +177,6 @@ ENTRY(vmx_enter_guest) vmwrite %rax, %rdi /* Host RIP */ skip_init: - /* - * XXX use msr list here for restore instead of all this - * stack jiggery-pokery - */ - - pushfq - popq %rax - andq $(~PSL_I), %rax - pushq %rax - - /* - * Save (possibly) lazy-switched selectors - */ - movw %es, %ax - pushw %ax - movw %ds, %ax - pushw %ax - movw %ss, %ax - pushw %ax - - movq $MSR_FSBASE, %rcx - rdmsr - pushq %rax - pushq %rdx - pushw %fs - movq $MSR_GSBASE, %rcx - rdmsr - pushq %rax - pushq %rdx - pushw %gs - movq $MSR_KERNELGSBASE, %rcx - rdmsr - pushq %rax - pushq %rdx - - /* - * Save various MSRs - */ - movq $MSR_STAR, %rcx - rdmsr - pushq %rax - pushq %rdx - - movq $MSR_LSTAR, %rcx - rdmsr - pushq %rax - pushq %rdx - - movq $MSR_SFMASK, %rcx - rdmsr - pushq %rax - pushq %rdx - RETGUARD_PUSH(r11) /* Preserve callee-preserved registers as per AMD64 ABI */ @@ -486,61 +433,6 @@ restore_host: RETGUARD_POP(r11) - /* - * Restore saved MSRs - */ - popq %rdx - popq %rax - movq $MSR_SFMASK, %rcx - wrmsr - - /* make sure guest doesn't bleed into host */ - xorl %edx, %edx - xorl %eax, %eax - movq $MSR_CSTAR, %rcx - wrmsr - - popq %rdx - popq %rax - movq $MSR_LSTAR, %rcx - wrmsr - - popq %rdx - popq %rax - movq $MSR_STAR, %rcx - wrmsr - - /* - * popw %gs will reset gsbase to 0, so preserve it - * first. This is to accommodate possibly lazy-switched - * selectors from above - */ - popq %rdx - popq %rax - movq $MSR_KERNELGSBASE, %rcx - wrmsr - - popw %gs - popq %rdx - popq %rax - movq $MSR_GSBASE, %rcx - wrmsr - - popw %fs - popq %rdx - popq %rax - movq $MSR_FSBASE, %rcx - wrmsr - - popw %ax - movw %ax, %ss - popw %ax - movw %ax, %ds - popw %ax - movw %ax, %es - - popfq - movq %rdi, %rax RETGUARD_CHECK(vmx_enter_guest, r11) ret diff --git a/sys/arch/amd64/include/vmmvar.h b/sys/arch/amd64/include/vmmvar.h index e6a35211b..82aa105d3 100644 --- a/sys/arch/amd64/include/vmmvar.h +++ b/sys/arch/amd64/include/vmmvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmmvar.h,v 1.98 2024/01/20 20:11:24 mlarkin Exp $ */ +/* $OpenBSD: vmmvar.h,v 1.99 2024/04/01 05:11:49 guenther Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -435,6 +435,15 @@ struct vcpu_reg_state { struct vcpu_segment_info vrs_idtr; }; +#define VCPU_HOST_REGS_EFER 0 +#define VCPU_HOST_REGS_STAR 1 +#define VCPU_HOST_REGS_LSTAR 2 +#define VCPU_HOST_REGS_CSTAR 3 +#define VCPU_HOST_REGS_SFMASK 4 +#define VCPU_HOST_REGS_KGSBASE 5 +#define VCPU_HOST_REGS_MISC_ENABLE 6 +#define VCPU_HOST_REGS_NMSRS (VCPU_HOST_REGS_MISC_ENABLE + 1) + /* * struct vm_exit * @@ -617,8 +626,6 @@ struct vm_mprotect_ept_params { #define VMX_FAIL_LAUNCH_INVALID_VMCS 2 #define VMX_FAIL_LAUNCH_VALID_VMCS 3 -#define VMX_NUM_MSR_STORE 7 - /* MSR bitmap manipulation macros */ #define VMX_MSRIDX(m) ((m) / 8) #define VMX_MSRBIT(m) (1 << (m) % 8) @@ -894,8 +901,10 @@ struct vcpu { paddr_t vc_vmx_msr_exit_save_pa; vaddr_t vc_vmx_msr_exit_load_va; paddr_t vc_vmx_msr_exit_load_pa; +#if 0 /* XXX currently use msr_exit_save for msr_entry_load too */ vaddr_t vc_vmx_msr_entry_load_va; paddr_t vc_vmx_msr_entry_load_pa; +#endif uint8_t vc_vmx_vpid_enabled; uint64_t vc_vmx_cr0_fixed1; uint64_t vc_vmx_cr0_fixed0; diff --git a/sys/dev/fdt/rkclock.c b/sys/dev/fdt/rkclock.c index 92543d57c..71e1afea3 100644 --- a/sys/dev/fdt/rkclock.c +++ b/sys/dev/fdt/rkclock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rkclock.c,v 1.87 2024/03/06 14:55:22 kettenis Exp $ */ +/* $OpenBSD: rkclock.c,v 1.88 2024/04/01 11:16:11 patrick Exp $ */ /* * Copyright (c) 2017, 2018 Mark Kettenis * @@ -3917,6 +3917,21 @@ rk3568_pmu_reset(void *cookie, uint32_t *cells, int on) */ const struct rkclock rk3588_clocks[] = { + { + RK3588_CLK_PWM1, RK3588_CRU_CLKSEL_CON(59), + SEL(13, 12), 0, + { RK3588_CLK_100M_SRC, RK3588_CLK_50M_SRC, RK3588_XIN24M }, + }, + { + RK3588_CLK_PWM2, RK3588_CRU_CLKSEL_CON(59), + SEL(15, 14), 0, + { RK3588_CLK_100M_SRC, RK3588_CLK_50M_SRC, RK3588_XIN24M }, + }, + { + RK3588_CLK_PWM3, RK3588_CRU_CLKSEL_CON(60), + SEL(1, 0), 0, + { RK3588_CLK_100M_SRC, RK3588_CLK_50M_SRC, RK3588_XIN24M }, + }, { RK3588_ACLK_BUS_ROOT, RK3588_CRU_CLKSEL_CON(38), SEL(5, 5), DIV(4, 0), diff --git a/sys/dev/fdt/rkclock_clocks.h b/sys/dev/fdt/rkclock_clocks.h index 7a593c447..793c1a021 100644 --- a/sys/dev/fdt/rkclock_clocks.h +++ b/sys/dev/fdt/rkclock_clocks.h @@ -410,6 +410,9 @@ #define RK3588_PLL_NPLL 7 #define RK3588_PLL_PPLL 8 +#define RK3588_CLK_PWM1 76 +#define RK3588_CLK_PWM2 79 +#define RK3588_CLK_PWM3 82 #define RK3588_ACLK_BUS_ROOT 113 #define RK3588_CLK_I2C1 131 #define RK3588_CLK_I2C2 132 diff --git a/sys/sys/syscall_mi.h b/sys/sys/syscall_mi.h index c79acb8e0..480dc05b0 100644 --- a/sys/sys/syscall_mi.h +++ b/sys/sys/syscall_mi.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall_mi.h,v 1.32 2024/03/29 06:47:05 deraadt Exp $ */ +/* $OpenBSD: syscall_mi.h,v 1.33 2024/04/01 12:00:15 deraadt Exp $ */ /* * Copyright (c) 1982, 1986, 1989, 1993 @@ -84,6 +84,7 @@ pin_check(struct proc *p, register_t code) if (code == SYS_sigreturn) return (0); error = EPERM; + goto die; } if (pin) { if (code >= pin->pn_npins || pin->pn_pins[code] == 0) @@ -94,9 +95,11 @@ pin_check(struct proc *p, register_t code) ; /* multiple locations, hopefully a boring operation */ else error = ENOSYS; - } + } else + error = ENOSYS; if (error == 0) return (0); +die: #ifdef KTRACE if (KTRPOINT(p, KTR_PINSYSCALL)) ktrpinsyscall(p, error, code, addr); diff --git a/usr.bin/nc/nc.1 b/usr.bin/nc/nc.1 index 0ef318e0e..76b6dc018 100644 --- a/usr.bin/nc/nc.1 +++ b/usr.bin/nc/nc.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nc.1,v 1.97 2022/09/11 09:58:06 schwarze Exp $ +.\" $OpenBSD: nc.1,v 1.98 2024/04/01 12:40:18 deraadt Exp $ .\" .\" Copyright (c) 1996 David Sacerdote .\" All rights reserved. @@ -25,7 +25,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2022 $ +.Dd $Mdocdate: April 1 2024 $ .Dt NC 1 .Os .Sh NAME @@ -398,6 +398,7 @@ a destination port must be specified, unless the .Fl U option is given. +For some options, the value 0 requests that the system choose a port number. .Sh CLIENT/SERVER MODEL It is quite simple to build a very basic client/server model using .Nm . diff --git a/usr.bin/ssh/ssh-agent/Makefile b/usr.bin/ssh/ssh-agent/Makefile index 9e3a0d470..c60a219f7 100644 --- a/usr.bin/ssh/ssh-agent/Makefile +++ b/usr.bin/ssh/ssh-agent/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.38 2020/04/03 02:26:56 djm Exp $ +# $OpenBSD: Makefile,v 1.39 2024/04/01 15:50:17 deraadt Exp $ .PATH: ${.CURDIR}/.. @@ -10,7 +10,7 @@ SRCS+= ${SRCS_SK_CLIENT} PROG= ssh-agent BINOWN= root BINGRP= _sshagnt -BINMODE=2555 +BINMODE=2511 BINDIR= /usr/bin @@ -18,3 +18,24 @@ BINDIR= /usr/bin LDADD+= -lcrypto -lutil DPADD+= ${LIBCRYPTO} ${LIBUTIL} + +# The random relink kit, used on OpenBSD by /etc/rc + +CLEANFILES+= ssh-agent.tar install.sh + +install.sh: Makefile + echo "set -o errexit" > $@ + echo "${CC} ${LDFLAGS} ${LDSTATIC} -o ${PROG}" \ + "\`echo " ${OBJS} "| tr ' ' '\\\n' | sort -R\`" ${LDADD} >> $@ + echo "./${PROG} /usr/bin/true" >> $@ + echo "install -c -s -o root -g bin -m ${BINMODE} ${PROG} " \ + "${BINDIR}/${PROG}" >> $@ + +${PROG}.tar: ${OBJS} install.sh + tar cf $@ ${OBJS} install.sh + +afterinstall: ${PROG}.tar + install -d -o root -g wheel -m 755 \ + ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG} + install -o ${BINOWN} -g ${BINGRP} -m 640 \ + ${PROG}.tar ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}/${PROG}.tar diff --git a/usr.bin/ssh/sshd/Makefile b/usr.bin/ssh/sshd/Makefile index 5cf81da1c..77a0b8d0c 100644 --- a/usr.bin/ssh/sshd/Makefile +++ b/usr.bin/ssh/sshd/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.109 2024/02/10 11:28:52 naddy Exp $ +# $OpenBSD: Makefile,v 1.110 2024/04/01 15:48:16 deraadt Exp $ .PATH: ${.CURDIR}/.. @@ -50,21 +50,21 @@ DPADD+= ${LIBZ} # The random relink kit, used on OpenBSD by /etc/rc -CLEANFILES+= Makefile.relink sshd.tar +CLEANFILES+= sshd.tar install.sh -Makefile.relink: ${.CURDIR}/../Makefile.inc ${.CURDIR}/Makefile - # XXX assume a concatenation of these is OK - cat ${.CURDIR}/../Makefile.inc ${.CURDIR}/Makefile > Makefile.relink +install.sh: Makefile + echo "set -o errexit" > $@ + echo "${CC} ${LDFLAGS} ${LDSTATIC} -o ${PROG}" \ + "\`echo " ${OBJS} "| tr ' ' '\\\n' | sort -R\`" ${LDADD} >> $@ + echo "./${PROG} -V # test it works" >> $@ + echo "install -c -s -o root -g bin -m ${BINMODE} ${PROG} " \ + "${BINDIR}/${PROG}" >> $@ -sshd.tar: ${OBJS} Makefile.relink - tar cf $@ ${OBJS} Makefile.relink +${PROG}.tar: ${OBJS} install.sh + tar cf $@ ${OBJS} install.sh -afterinstall: sshd.tar +afterinstall: ${PROG}.tar install -d -o root -g wheel -m 755 \ - ${DESTDIR}/usr/share/relink/usr/sbin/sshd + ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG} install -o ${BINOWN} -g ${BINGRP} -m 640 \ - sshd.tar ${DESTDIR}/usr/share/relink/usr/sbin/sshd/sshd.tar - -relink: - cc -o sshd `echo ${OBJS} | tr ' ' '\n' | sort -R` ${LDADD} - ./sshd -V && install -o root -g wheel -m ${BINMODE} sshd /usr/sbin/sshd + ${PROG}.tar ${DESTDIR}/usr/share/relink/${BINDIR}/${PROG}/${PROG}.tar diff --git a/usr.sbin/nsd/Makefile.bsd-wrapper b/usr.sbin/nsd/Makefile.bsd-wrapper index bf3c46a87..692e28ecd 100644 --- a/usr.sbin/nsd/Makefile.bsd-wrapper +++ b/usr.sbin/nsd/Makefile.bsd-wrapper @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.bsd-wrapper,v 1.20 2023/06/29 19:38:49 florian Exp $ +# $OpenBSD: Makefile.bsd-wrapper,v 1.21 2024/04/01 14:24:30 florian Exp $ .include @@ -65,7 +65,7 @@ clean cleandir: rm -f ${CLEANFILES} tags: - # Nothing here so far... + # Nothing here so far.... .include .include