sync with OpenBSD -current

etc/rpki/lacnic.constraints

@@ -1,4 +1,4 @@
-#	$OpenBSD: lacnic.constraints,v 1.4 2024/01/30 03:40:01 job Exp $
+#	$OpenBSD: lacnic.constraints,v 1.5 2024/03/23 04:18:56 job Exp $
 
 # From https://www.iana.org/assignments/ipv6-unicast-address-assignments
 allow 2001:1200::/23
@@ -9,7 +9,7 @@ allow 27648 - 28671
 allow 52224 - 53247
 allow 61440 - 61951
 allow 64099 - 64197
-allow 262144 - 273820
+allow 262144 - 274844
 
 # AFRINIC Internet Number Resources cannot be transferred
 # From https://www.iana.org/assignments/ipv4-address-space/

lib/libc/gen/opendir.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: opendir.3,v 1.2 2022/09/11 06:38:10 jmc Exp $
+.\"	$OpenBSD: opendir.3,v 1.3 2024/03/23 16:30:01 guenther Exp $
 .\"
 .\" Copyright (c) 1983, 1991, 1993
 .\"	The Regents of the University of California.  All rights reserved.
@@ -27,7 +27,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 11 2022 $
+.Dd $Mdocdate: March 23 2024 $
 .Dt OPENDIR 3
 .Os
 .Sh NAME
@@ -112,9 +112,11 @@ operation.
 .Pp
 The
 .Fn readdir_r
-function (much like
-.Fn readdir )
-initializes the
+function is a deprecated variant of
+.Fn readdir .
+Like
+.Fn readdir ,
+it initializes the
 .Vt dirent
 structure referenced by
 .Fa entry
@@ -304,3 +306,11 @@ The
 .Fn fdopendir
 function appeared in
 .Ox 5.0 .
+.Sh CAVEATS
+The
+.Fn readdir_r
+function was intended to provide a thread-safe version of
+.Fn readdir .
+However, it was later found to be both unnecessary in the typical
+usage and unportable due to insufficient buffer sizing guidance.
+It was therefore officially deprecated in issue 8.

lib/libcrypto/x509/x509_trs.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: x509_trs.c,v 1.42 2024/03/02 10:50:26 tb Exp $ */
+/* $OpenBSD: x509_trs.c,v 1.45 2024/03/24 00:35:45 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 1999.
  */
@@ -69,15 +69,12 @@
 
 typedef struct x509_trust_st {
 	int trust;
-	int flags;
-	int (*check_trust)(struct x509_trust_st *, X509 *, int);
-	char *name;
+	int (*check_trust)(struct x509_trust_st *, X509 *);
 	int arg1;
-	void *arg2;
 } X509_TRUST;
 
 static int
-obj_trust(int id, X509 *x, int flags)
+obj_trust(int id, X509 *x)
 {
 	ASN1_OBJECT *obj;
 	int i, nid;
@@ -106,7 +103,7 @@ obj_trust(int id, X509 *x, int flags)
 }
 
 static int
-trust_compat(X509_TRUST *trust, X509 *x, int flags)
+trust_compat(X509_TRUST *trust, X509 *x)
 {
 	X509_check_purpose(x, -1, 0);
 	if (x->ex_flags & EXFLAG_SS)
@@ -116,21 +113,21 @@ trust_compat(X509_TRUST *trust, X509 *x, int flags)
 }
 
 static int
-trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+trust_1oidany(X509_TRUST *trust, X509 *x)
 {
 	if (x->aux && (x->aux->trust || x->aux->reject))
-		return obj_trust(trust->arg1, x, flags);
+		return obj_trust(trust->arg1, x);
 	/* we don't have any trust settings: for compatibility
 	 * we return trusted if it is self signed
 	 */
-	return trust_compat(trust, x, flags);
+	return trust_compat(trust, x);
 }
 
 static int
-trust_1oid(X509_TRUST *trust, X509 *x, int flags)
+trust_1oid(X509_TRUST *trust, X509 *x)
 {
 	if (x->aux)
-		return obj_trust(trust->arg1, x, flags);
+		return obj_trust(trust->arg1, x);
 	return X509_TRUST_UNTRUSTED;
 }
 
@@ -143,48 +140,40 @@ static const X509_TRUST trstandard[] = {
 	{
 		.trust = X509_TRUST_COMPAT,
 		.check_trust = trust_compat,
-		.name = "compatible",
 	},
 	{
 		.trust = X509_TRUST_SSL_CLIENT,
 		.check_trust = trust_1oidany,
-		.name = "SSL Client",
 		.arg1 = NID_client_auth,
 	},
 	{
 		.trust = X509_TRUST_SSL_SERVER,
 		.check_trust = trust_1oidany,
-		.name = "SSL Server",
 		.arg1 = NID_server_auth,
 	},
 	{
 		.trust = X509_TRUST_EMAIL,
 		.check_trust = trust_1oidany,
-		.name = "S/MIME email",
 		.arg1 = NID_email_protect,
 	},
 	{
 		.trust = X509_TRUST_OBJECT_SIGN,
 		.check_trust = trust_1oidany,
-		.name = "Object Signer",
 		.arg1 = NID_code_sign,
 	},
 	{
 		.trust = X509_TRUST_OCSP_SIGN,
 		.check_trust = trust_1oid,
-		.name = "OCSP responder",
 		.arg1 = NID_OCSP_sign,
 	},
 	{
 		.trust = X509_TRUST_OCSP_REQUEST,
 		.check_trust = trust_1oid,
-		.name = "OCSP request",
 		.arg1 = NID_ad_OCSP,
 	},
 	{
 		.trust = X509_TRUST_TSA,
 		.check_trust = trust_1oidany,
-		.name = "TSA server",
 		.arg1 = NID_time_stamp,
 	},
 };
@@ -213,18 +202,18 @@ X509_check_trust(X509 *x, int trust_id, int flags)
 	 */
 	if (trust_id == 0) {
 		int rv;
-		rv = obj_trust(NID_anyExtendedKeyUsage, x, 0);
+		rv = obj_trust(NID_anyExtendedKeyUsage, x);
 		if (rv != X509_TRUST_UNTRUSTED)
 			return rv;
-		return trust_compat(NULL, x, 0);
+		return trust_compat(NULL, x);
 	}
 
 	if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX)
-		return obj_trust(trust_id, x, flags);
+		return obj_trust(trust_id, x);
 
 	idx = trust_id - X509_TRUST_MIN;
 	trust = &trstandard[idx];
 
-	return trust->check_trust((X509_TRUST *)trust, x, flags);
+	return trust->check_trust((X509_TRUST *)trust, x);
 }
 LCRYPTO_ALIAS(X509_check_trust);

lib/libevent/kqueue.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: kqueue.c,v 1.42 2022/12/27 23:05:55 jmc Exp $	*/
+/*	$OpenBSD: kqueue.c,v 1.43 2024/03/23 22:51:49 yasuoka Exp $	*/
 
 /*
  * Copyright 2000-2002 Niels Provos <provos@citi.umich.edu>
@@ -358,6 +358,7 @@ kq_add(void *arg, struct event *ev)
 static int
 kq_del(void *arg, struct event *ev)
 {
+	int i, j;
 	struct kqop *kqop = arg;
 	struct kevent kev;
 
@@ -391,6 +392,21 @@ kq_del(void *arg, struct event *ev)
 		return (0);
 	}
 
+	for (i = j = 0; i < kqop->nchanges; i++) {
+		if (kqop->changes[i].udata == ev &&
+		    (kqop->changes[i].flags & EV_ADD) != 0)
+			continue;	/* delete this */
+		if (i != j)
+			memcpy(&kqop->changes[j], &kqop->changes[i],
+			    sizeof(struct kevent));
+		j++;
+	}
+	if (kqop->nchanges != j) {
+		kqop->nchanges = j;
+		ev->ev_flags &= ~EVLIST_X_KQINKERNEL;
+		return (0);
+	}
+
 	if (ev->ev_events & EV_READ) {
 		memset(&kev, 0, sizeof(kev));
 		kev.ident = ev->ev_fd;

lib/libskey/skeylogin.c

@@ -10,7 +10,7 @@
  *
  * S/Key verification check, lookups, and authentication.
  *
- * $OpenBSD: skeylogin.c,v 1.64 2023/03/15 17:01:35 millert Exp $
+ * $OpenBSD: skeylogin.c,v 1.65 2024/03/23 16:30:01 guenther Exp $
  */
 
 #ifdef	QUOTA
@@ -207,7 +207,7 @@ skeylookup(struct skey *mp, char *name)
 int
 skeygetnext(struct skey *mp)
 {
-	struct dirent entry, *dp;
+	struct dirent *dp;
 	int rval;
 
 	if (mp->keyfile != NULL) {
@@ -220,10 +220,10 @@ skeygetnext(struct skey *mp)
 		return (-1);
 
 	rval = 1;
-	while ((readdir_r(mp->keydir, &entry, &dp)) == 0 && dp == &entry) {
+	while ((dp = readdir(mp->keydir)) != NULL) {
 		/* Skip dot files and zero-length files. */
-		if (entry.d_name[0] != '.' &&
-		    (rval = skeygetent(-1, mp, entry.d_name)) != 1)
+		if (dp->d_name[0] != '.' &&
+		    (rval = skeygetent(-1, mp, dp->d_name)) != 1)
 			break;
 	}
 

regress/sys/kern/unixsockets/unixsock_test.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: unixsock_test.c,v 1.2 2021/12/15 20:41:28 bluhm Exp $ */
+/* $OpenBSD: unixsock_test.c,v 1.3 2024/03/23 01:35:57 mvs Exp $ */
 /* Written by Claudio Jeker in 2011 */
 /* Public domain */
 #include <sys/types.h>
@@ -77,7 +77,7 @@ struct test {
 };
 
 int
-main()
+main(void)
 {
 	struct sockaddr_storage ss;
 	struct sockaddr_un *sun, sun2;

sbin/iked/eap.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: eap.c,v 1.25 2023/07/18 15:07:41 claudio Exp $	*/
+/*	$OpenBSD: eap.c,v 1.26 2024/03/24 00:05:01 yasuoka Exp $	*/
 
 /*
  * Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
@@ -71,7 +71,12 @@ eap_validate_id_response(struct eap_message *eap)
 	len = betoh16(eap->eap_length) - sizeof(*eap);
 	ptr += sizeof(*eap);
 
-	if (len == 0 || (str = get_string(ptr, len)) == NULL) {
+	if (len == 0) {
+		if ((str = strdup("")) == NULL) {
+			log_warn("%s: strdup failed", __func__);
+			return (NULL);
+		}
+	} else if ((str = get_string(ptr, len)) == NULL) {
 		log_info("%s: invalid identity response, length %zu",
 		    __func__, len);
 		return (NULL);

share/man/man4/mbg.4

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: mbg.4,v 1.15 2023/09/25 15:39:12 deraadt Exp $
+.\"	$OpenBSD: mbg.4,v 1.16 2024/03/23 10:38:02 sthen Exp $
 .\"
 .\" Copyright (c) 2006 Marc Balmer <mbalmer@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 25 2023 $
+.Dd $Mdocdate: March 23 2024 $
 .Dt MBG 4
 .Os
 .Sh NAME
@@ -44,6 +44,8 @@ Currently, the following cards are supported by
 5V DCF77 time signal station receiver card
 .It PCI509
 5V DCF77 time signal station receiver card
+.It PCI510
+3.3V/5V DCF77 time signal station receiver card
 .It PCI511
 3.3V/5V DCF77 time signal station receiver card
 .It PEX511

sys/dev/pci/mbg.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: mbg.c,v 1.35 2023/09/25 15:38:46 deraadt Exp $ */
+/*	$OpenBSD: mbg.c,v 1.36 2024/03/23 10:38:02 sthen Exp $ */
 
 /*
  * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org>
@@ -159,6 +159,7 @@ const struct pci_matchid mbg_devices[] = {
 	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_GPS170PCI },
 	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI32 },
 	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI509 },
+	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI510 },
 	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI511 },
 	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PEX511 },
 	{ PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PZF180PEX }
@@ -241,6 +242,7 @@ mbg_attach(struct device *parent, struct device *self, void *aux)
 		sc->sc_read = mbg_read_amcc_s5920;
 		sensor_task_register(sc, mbg_task, 10);
 		break;
+	case PCI_PRODUCT_MEINBERG_PCI510:
 	case PCI_PRODUCT_MEINBERG_PCI511:
 	case PCI_PRODUCT_MEINBERG_PEX511:
 		sc->sc_read = mbg_read_asic;

sys/dev/pci/pcidevs

@@ -1,4 +1,4 @@
-$OpenBSD: pcidevs,v 1.2068 2024/03/06 07:01:24 jsg Exp $
+$OpenBSD: pcidevs,v 1.2069 2024/03/23 10:35:50 sthen Exp $
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
 
 /*
@@ -7538,6 +7538,7 @@ product MEDIATEK MT7921		0x7961	MT7921
 /* Meinberg Funkuhren */
 product MEINBERG PCI32		0x0101	PCI32
 product MEINBERG PCI509		0x0102	PCI509
+product MEINBERG PCI510		0x0103	PCI510
 product MEINBERG PCI511		0x0104	PCI511
 product MEINBERG PEX511		0x0105	PEX511
 product MEINBERG PZF180PEX	0x0106	PZF180PEX

sys/dev/pci/pcidevs.h

@@ -2,7 +2,7 @@
  * THIS FILE AUTOMATICALLY GENERATED.  DO NOT EDIT.
  *
  * generated from:
- *	OpenBSD: pcidevs,v 1.2068 2024/03/06 07:01:24 jsg Exp 
+ *	OpenBSD: pcidevs,v 1.2069 2024/03/23 10:35:50 sthen Exp 
  */
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
 
@@ -7543,6 +7543,7 @@
 /* Meinberg Funkuhren */
 #define	PCI_PRODUCT_MEINBERG_PCI32	0x0101		/* PCI32 */
 #define	PCI_PRODUCT_MEINBERG_PCI509	0x0102		/* PCI509 */
+#define	PCI_PRODUCT_MEINBERG_PCI510	0x0103		/* PCI510 */
 #define	PCI_PRODUCT_MEINBERG_PCI511	0x0104		/* PCI511 */
 #define	PCI_PRODUCT_MEINBERG_PEX511	0x0105		/* PEX511 */
 #define	PCI_PRODUCT_MEINBERG_PZF180PEX	0x0106		/* PZF180PEX */

sys/dev/pci/pcidevs_data.h

@@ -2,7 +2,7 @@
  * THIS FILE AUTOMATICALLY GENERATED.  DO NOT EDIT.
  *
  * generated from:
- *	OpenBSD: pcidevs,v 1.2068 2024/03/06 07:01:24 jsg Exp 
+ *	OpenBSD: pcidevs,v 1.2069 2024/03/23 10:35:50 sthen Exp 
  */
 
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
@@ -27287,6 +27287,10 @@ static const struct pci_known_product pci_known_products[] = {
 	    PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI509,
 	    "PCI509",
 	},
+	{
+	    PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI510,
+	    "PCI510",
+	},
 	{
 	    PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI511,
 	    "PCI511",

usr.sbin/rpki-client/x509.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509.c,v 1.84 2024/03/22 03:38:12 job Exp $ */
+/*	$OpenBSD: x509.c,v 1.85 2024/03/24 00:38:58 tb Exp $ */
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
@@ -1024,6 +1024,12 @@ x509_convert_seqnum(const char *fn, const ASN1_INTEGER *i)
 	if (i == NULL)
 		goto out;
 
+	if (ASN1_STRING_length(i) > 20) {
+		warnx("%s: %s: want 20 octets or fewer, have more.",
+		    __func__, fn);
+		goto out;
+	}
+
 	seqnum = ASN1_INTEGER_to_BN(i, NULL);
 	if (seqnum == NULL) {
 		warnx("%s: ASN1_INTEGER_to_BN error", fn);
@@ -1036,12 +1042,6 @@ x509_convert_seqnum(const char *fn, const ASN1_INTEGER *i)
 		goto out;
 	}
 
-	if (BN_num_bytes(seqnum) > 20) {
-		warnx("%s: %s: want 20 octets or fewer, have more.",
-		    __func__, fn);
-		goto out;
-	}
-
 	s = BN_bn2hex(seqnum);
 	if (s == NULL)
 		warnx("%s: BN_bn2hex error", fn);

usr.sbin/traceroute/traceroute.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: traceroute.8,v 1.75 2022/12/23 07:16:55 jmc Exp $
+.\"	$OpenBSD: traceroute.8,v 1.76 2024/03/24 00:33:41 sthen Exp $
 .\"	$NetBSD: traceroute.8,v 1.6 1995/10/12 03:05:50 mycroft Exp $
 .\"
 .\" Copyright (c) 1990, 1991, 1993
@@ -33,7 +33,7 @@
 .\"
 .\"	@(#)traceroute.8	8.1 (Berkeley) 6/6/93
 .\"
-.Dd $Mdocdate: December 23 2022 $
+.Dd $Mdocdate: March 24 2024 $
 .Dt TRACEROUTE 8
 .Os
 .Sh NAME
@@ -90,7 +90,7 @@ The options are as follows:
 .It Fl A
 Look up the AS number for each hop address.
 Uses the DNS service described at
-.Lk https://www.team-cymru.com/IP-ASN-mapping.html#dns
+.Lk https://www.team-cymru.com/ip-asn-mapping
 .It Fl D
 Dump the packet data to standard error before transmitting it.
 .It Fl d