From 2debf29dc65d93699512131f816cd8f28416ea33 Mon Sep 17 00:00:00 2001 From: purplerain Date: Sun, 24 Mar 2024 01:29:19 +0000 Subject: [PATCH] sync with OpenBSD -current --- etc/rpki/lacnic.constraints | 4 +-- lib/libc/gen/opendir.3 | 20 ++++++++--- lib/libcrypto/x509/x509_trs.c | 37 +++++++------------- lib/libevent/kqueue.c | 18 +++++++++- lib/libskey/skeylogin.c | 10 +++--- regress/sys/kern/unixsockets/unixsock_test.c | 4 +-- sbin/iked/eap.c | 9 +++-- share/man/man4/mbg.4 | 6 ++-- sys/dev/pci/mbg.c | 4 ++- sys/dev/pci/pcidevs | 3 +- sys/dev/pci/pcidevs.h | 3 +- sys/dev/pci/pcidevs_data.h | 6 +++- usr.sbin/rpki-client/x509.c | 14 ++++---- usr.sbin/traceroute/traceroute.8 | 6 ++-- 14 files changed, 87 insertions(+), 57 deletions(-) diff --git a/etc/rpki/lacnic.constraints b/etc/rpki/lacnic.constraints index 2cd227fd7..93592a04f 100644 --- a/etc/rpki/lacnic.constraints +++ b/etc/rpki/lacnic.constraints @@ -1,4 +1,4 @@ -# $OpenBSD: lacnic.constraints,v 1.4 2024/01/30 03:40:01 job Exp $ +# $OpenBSD: lacnic.constraints,v 1.5 2024/03/23 04:18:56 job Exp $ # From https://www.iana.org/assignments/ipv6-unicast-address-assignments allow 2001:1200::/23 @@ -9,7 +9,7 @@ allow 27648 - 28671 allow 52224 - 53247 allow 61440 - 61951 allow 64099 - 64197 -allow 262144 - 273820 +allow 262144 - 274844 # AFRINIC Internet Number Resources cannot be transferred # From https://www.iana.org/assignments/ipv4-address-space/ diff --git a/lib/libc/gen/opendir.3 b/lib/libc/gen/opendir.3 index c5db9473f..397508f31 100644 --- a/lib/libc/gen/opendir.3 +++ b/lib/libc/gen/opendir.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: opendir.3,v 1.2 2022/09/11 06:38:10 jmc Exp $ +.\" $OpenBSD: opendir.3,v 1.3 2024/03/23 16:30:01 guenther Exp $ .\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: September 11 2022 $ +.Dd $Mdocdate: March 23 2024 $ .Dt OPENDIR 3 .Os .Sh NAME @@ -112,9 +112,11 @@ operation. .Pp The .Fn readdir_r -function (much like -.Fn readdir ) -initializes the +function is a deprecated variant of +.Fn readdir . +Like +.Fn readdir , +it initializes the .Vt dirent structure referenced by .Fa entry @@ -304,3 +306,11 @@ The .Fn fdopendir function appeared in .Ox 5.0 . +.Sh CAVEATS +The +.Fn readdir_r +function was intended to provide a thread-safe version of +.Fn readdir . +However, it was later found to be both unnecessary in the typical +usage and unportable due to insufficient buffer sizing guidance. +It was therefore officially deprecated in issue 8. diff --git a/lib/libcrypto/x509/x509_trs.c b/lib/libcrypto/x509/x509_trs.c index 2f4cbba38..3764f0200 100644 --- a/lib/libcrypto/x509/x509_trs.c +++ b/lib/libcrypto/x509/x509_trs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_trs.c,v 1.42 2024/03/02 10:50:26 tb Exp $ */ +/* $OpenBSD: x509_trs.c,v 1.45 2024/03/24 00:35:45 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 1999. */ @@ -69,15 +69,12 @@ typedef struct x509_trust_st { int trust; - int flags; - int (*check_trust)(struct x509_trust_st *, X509 *, int); - char *name; + int (*check_trust)(struct x509_trust_st *, X509 *); int arg1; - void *arg2; } X509_TRUST; static int -obj_trust(int id, X509 *x, int flags) +obj_trust(int id, X509 *x) { ASN1_OBJECT *obj; int i, nid; @@ -106,7 +103,7 @@ obj_trust(int id, X509 *x, int flags) } static int -trust_compat(X509_TRUST *trust, X509 *x, int flags) +trust_compat(X509_TRUST *trust, X509 *x) { X509_check_purpose(x, -1, 0); if (x->ex_flags & EXFLAG_SS) @@ -116,21 +113,21 @@ trust_compat(X509_TRUST *trust, X509 *x, int flags) } static int -trust_1oidany(X509_TRUST *trust, X509 *x, int flags) +trust_1oidany(X509_TRUST *trust, X509 *x) { if (x->aux && (x->aux->trust || x->aux->reject)) - return obj_trust(trust->arg1, x, flags); + return obj_trust(trust->arg1, x); /* we don't have any trust settings: for compatibility * we return trusted if it is self signed */ - return trust_compat(trust, x, flags); + return trust_compat(trust, x); } static int -trust_1oid(X509_TRUST *trust, X509 *x, int flags) +trust_1oid(X509_TRUST *trust, X509 *x) { if (x->aux) - return obj_trust(trust->arg1, x, flags); + return obj_trust(trust->arg1, x); return X509_TRUST_UNTRUSTED; } @@ -143,48 +140,40 @@ static const X509_TRUST trstandard[] = { { .trust = X509_TRUST_COMPAT, .check_trust = trust_compat, - .name = "compatible", }, { .trust = X509_TRUST_SSL_CLIENT, .check_trust = trust_1oidany, - .name = "SSL Client", .arg1 = NID_client_auth, }, { .trust = X509_TRUST_SSL_SERVER, .check_trust = trust_1oidany, - .name = "SSL Server", .arg1 = NID_server_auth, }, { .trust = X509_TRUST_EMAIL, .check_trust = trust_1oidany, - .name = "S/MIME email", .arg1 = NID_email_protect, }, { .trust = X509_TRUST_OBJECT_SIGN, .check_trust = trust_1oidany, - .name = "Object Signer", .arg1 = NID_code_sign, }, { .trust = X509_TRUST_OCSP_SIGN, .check_trust = trust_1oid, - .name = "OCSP responder", .arg1 = NID_OCSP_sign, }, { .trust = X509_TRUST_OCSP_REQUEST, .check_trust = trust_1oid, - .name = "OCSP request", .arg1 = NID_ad_OCSP, }, { .trust = X509_TRUST_TSA, .check_trust = trust_1oidany, - .name = "TSA server", .arg1 = NID_time_stamp, }, }; @@ -213,18 +202,18 @@ X509_check_trust(X509 *x, int trust_id, int flags) */ if (trust_id == 0) { int rv; - rv = obj_trust(NID_anyExtendedKeyUsage, x, 0); + rv = obj_trust(NID_anyExtendedKeyUsage, x); if (rv != X509_TRUST_UNTRUSTED) return rv; - return trust_compat(NULL, x, 0); + return trust_compat(NULL, x); } if (trust_id < X509_TRUST_MIN || trust_id > X509_TRUST_MAX) - return obj_trust(trust_id, x, flags); + return obj_trust(trust_id, x); idx = trust_id - X509_TRUST_MIN; trust = &trstandard[idx]; - return trust->check_trust((X509_TRUST *)trust, x, flags); + return trust->check_trust((X509_TRUST *)trust, x); } LCRYPTO_ALIAS(X509_check_trust); diff --git a/lib/libevent/kqueue.c b/lib/libevent/kqueue.c index f61da3843..e076213a7 100644 --- a/lib/libevent/kqueue.c +++ b/lib/libevent/kqueue.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kqueue.c,v 1.42 2022/12/27 23:05:55 jmc Exp $ */ +/* $OpenBSD: kqueue.c,v 1.43 2024/03/23 22:51:49 yasuoka Exp $ */ /* * Copyright 2000-2002 Niels Provos @@ -358,6 +358,7 @@ kq_add(void *arg, struct event *ev) static int kq_del(void *arg, struct event *ev) { + int i, j; struct kqop *kqop = arg; struct kevent kev; @@ -391,6 +392,21 @@ kq_del(void *arg, struct event *ev) return (0); } + for (i = j = 0; i < kqop->nchanges; i++) { + if (kqop->changes[i].udata == ev && + (kqop->changes[i].flags & EV_ADD) != 0) + continue; /* delete this */ + if (i != j) + memcpy(&kqop->changes[j], &kqop->changes[i], + sizeof(struct kevent)); + j++; + } + if (kqop->nchanges != j) { + kqop->nchanges = j; + ev->ev_flags &= ~EVLIST_X_KQINKERNEL; + return (0); + } + if (ev->ev_events & EV_READ) { memset(&kev, 0, sizeof(kev)); kev.ident = ev->ev_fd; diff --git a/lib/libskey/skeylogin.c b/lib/libskey/skeylogin.c index 0b7352983..78f1d8b01 100644 --- a/lib/libskey/skeylogin.c +++ b/lib/libskey/skeylogin.c @@ -10,7 +10,7 @@ * * S/Key verification check, lookups, and authentication. * - * $OpenBSD: skeylogin.c,v 1.64 2023/03/15 17:01:35 millert Exp $ + * $OpenBSD: skeylogin.c,v 1.65 2024/03/23 16:30:01 guenther Exp $ */ #ifdef QUOTA @@ -207,7 +207,7 @@ skeylookup(struct skey *mp, char *name) int skeygetnext(struct skey *mp) { - struct dirent entry, *dp; + struct dirent *dp; int rval; if (mp->keyfile != NULL) { @@ -220,10 +220,10 @@ skeygetnext(struct skey *mp) return (-1); rval = 1; - while ((readdir_r(mp->keydir, &entry, &dp)) == 0 && dp == &entry) { + while ((dp = readdir(mp->keydir)) != NULL) { /* Skip dot files and zero-length files. */ - if (entry.d_name[0] != '.' && - (rval = skeygetent(-1, mp, entry.d_name)) != 1) + if (dp->d_name[0] != '.' && + (rval = skeygetent(-1, mp, dp->d_name)) != 1) break; } diff --git a/regress/sys/kern/unixsockets/unixsock_test.c b/regress/sys/kern/unixsockets/unixsock_test.c index 7c91660c1..75e8eaf68 100644 --- a/regress/sys/kern/unixsockets/unixsock_test.c +++ b/regress/sys/kern/unixsockets/unixsock_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unixsock_test.c,v 1.2 2021/12/15 20:41:28 bluhm Exp $ */ +/* $OpenBSD: unixsock_test.c,v 1.3 2024/03/23 01:35:57 mvs Exp $ */ /* Written by Claudio Jeker in 2011 */ /* Public domain */ #include @@ -77,7 +77,7 @@ struct test { }; int -main() +main(void) { struct sockaddr_storage ss; struct sockaddr_un *sun, sun2; diff --git a/sbin/iked/eap.c b/sbin/iked/eap.c index 137398d91..40cbe627d 100644 --- a/sbin/iked/eap.c +++ b/sbin/iked/eap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eap.c,v 1.25 2023/07/18 15:07:41 claudio Exp $ */ +/* $OpenBSD: eap.c,v 1.26 2024/03/24 00:05:01 yasuoka Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -71,7 +71,12 @@ eap_validate_id_response(struct eap_message *eap) len = betoh16(eap->eap_length) - sizeof(*eap); ptr += sizeof(*eap); - if (len == 0 || (str = get_string(ptr, len)) == NULL) { + if (len == 0) { + if ((str = strdup("")) == NULL) { + log_warn("%s: strdup failed", __func__); + return (NULL); + } + } else if ((str = get_string(ptr, len)) == NULL) { log_info("%s: invalid identity response, length %zu", __func__, len); return (NULL); diff --git a/share/man/man4/mbg.4 b/share/man/man4/mbg.4 index d0d61e277..af73669da 100644 --- a/share/man/man4/mbg.4 +++ b/share/man/man4/mbg.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mbg.4,v 1.15 2023/09/25 15:39:12 deraadt Exp $ +.\" $OpenBSD: mbg.4,v 1.16 2024/03/23 10:38:02 sthen Exp $ .\" .\" Copyright (c) 2006 Marc Balmer .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: September 25 2023 $ +.Dd $Mdocdate: March 23 2024 $ .Dt MBG 4 .Os .Sh NAME @@ -44,6 +44,8 @@ Currently, the following cards are supported by 5V DCF77 time signal station receiver card .It PCI509 5V DCF77 time signal station receiver card +.It PCI510 +3.3V/5V DCF77 time signal station receiver card .It PCI511 3.3V/5V DCF77 time signal station receiver card .It PEX511 diff --git a/sys/dev/pci/mbg.c b/sys/dev/pci/mbg.c index 53268b9cb..e5cc28022 100644 --- a/sys/dev/pci/mbg.c +++ b/sys/dev/pci/mbg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mbg.c,v 1.35 2023/09/25 15:38:46 deraadt Exp $ */ +/* $OpenBSD: mbg.c,v 1.36 2024/03/23 10:38:02 sthen Exp $ */ /* * Copyright (c) 2006, 2007 Marc Balmer @@ -159,6 +159,7 @@ const struct pci_matchid mbg_devices[] = { { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_GPS170PCI }, { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI32 }, { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI509 }, + { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI510 }, { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI511 }, { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PEX511 }, { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PZF180PEX } @@ -241,6 +242,7 @@ mbg_attach(struct device *parent, struct device *self, void *aux) sc->sc_read = mbg_read_amcc_s5920; sensor_task_register(sc, mbg_task, 10); break; + case PCI_PRODUCT_MEINBERG_PCI510: case PCI_PRODUCT_MEINBERG_PCI511: case PCI_PRODUCT_MEINBERG_PEX511: sc->sc_read = mbg_read_asic; diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index bc616de56..e21cfc395 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2068 2024/03/06 07:01:24 jsg Exp $ +$OpenBSD: pcidevs,v 1.2069 2024/03/23 10:35:50 sthen Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -7538,6 +7538,7 @@ product MEDIATEK MT7921 0x7961 MT7921 /* Meinberg Funkuhren */ product MEINBERG PCI32 0x0101 PCI32 product MEINBERG PCI509 0x0102 PCI509 +product MEINBERG PCI510 0x0103 PCI510 product MEINBERG PCI511 0x0104 PCI511 product MEINBERG PEX511 0x0105 PEX511 product MEINBERG PZF180PEX 0x0106 PZF180PEX diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index f845f4120..716dd9f42 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2068 2024/03/06 07:01:24 jsg Exp + * OpenBSD: pcidevs,v 1.2069 2024/03/23 10:35:50 sthen Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -7543,6 +7543,7 @@ /* Meinberg Funkuhren */ #define PCI_PRODUCT_MEINBERG_PCI32 0x0101 /* PCI32 */ #define PCI_PRODUCT_MEINBERG_PCI509 0x0102 /* PCI509 */ +#define PCI_PRODUCT_MEINBERG_PCI510 0x0103 /* PCI510 */ #define PCI_PRODUCT_MEINBERG_PCI511 0x0104 /* PCI511 */ #define PCI_PRODUCT_MEINBERG_PEX511 0x0105 /* PEX511 */ #define PCI_PRODUCT_MEINBERG_PZF180PEX 0x0106 /* PZF180PEX */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index 1b903b515..23315a68c 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2068 2024/03/06 07:01:24 jsg Exp + * OpenBSD: pcidevs,v 1.2069 2024/03/23 10:35:50 sthen Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -27287,6 +27287,10 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI509, "PCI509", }, + { + PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI510, + "PCI510", + }, { PCI_VENDOR_MEINBERG, PCI_PRODUCT_MEINBERG_PCI511, "PCI511", diff --git a/usr.sbin/rpki-client/x509.c b/usr.sbin/rpki-client/x509.c index a2257ccf9..45aa1001f 100644 --- a/usr.sbin/rpki-client/x509.c +++ b/usr.sbin/rpki-client/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.84 2024/03/22 03:38:12 job Exp $ */ +/* $OpenBSD: x509.c,v 1.85 2024/03/24 00:38:58 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler * Copyright (c) 2021 Claudio Jeker @@ -1024,6 +1024,12 @@ x509_convert_seqnum(const char *fn, const ASN1_INTEGER *i) if (i == NULL) goto out; + if (ASN1_STRING_length(i) > 20) { + warnx("%s: %s: want 20 octets or fewer, have more.", + __func__, fn); + goto out; + } + seqnum = ASN1_INTEGER_to_BN(i, NULL); if (seqnum == NULL) { warnx("%s: ASN1_INTEGER_to_BN error", fn); @@ -1036,12 +1042,6 @@ x509_convert_seqnum(const char *fn, const ASN1_INTEGER *i) goto out; } - if (BN_num_bytes(seqnum) > 20) { - warnx("%s: %s: want 20 octets or fewer, have more.", - __func__, fn); - goto out; - } - s = BN_bn2hex(seqnum); if (s == NULL) warnx("%s: BN_bn2hex error", fn); diff --git a/usr.sbin/traceroute/traceroute.8 b/usr.sbin/traceroute/traceroute.8 index e922a9811..1e0117143 100644 --- a/usr.sbin/traceroute/traceroute.8 +++ b/usr.sbin/traceroute/traceroute.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: traceroute.8,v 1.75 2022/12/23 07:16:55 jmc Exp $ +.\" $OpenBSD: traceroute.8,v 1.76 2024/03/24 00:33:41 sthen Exp $ .\" $NetBSD: traceroute.8,v 1.6 1995/10/12 03:05:50 mycroft Exp $ .\" .\" Copyright (c) 1990, 1991, 1993 @@ -33,7 +33,7 @@ .\" .\" @(#)traceroute.8 8.1 (Berkeley) 6/6/93 .\" -.Dd $Mdocdate: December 23 2022 $ +.Dd $Mdocdate: March 24 2024 $ .Dt TRACEROUTE 8 .Os .Sh NAME @@ -90,7 +90,7 @@ The options are as follows: .It Fl A Look up the AS number for each hop address. Uses the DNS service described at -.Lk https://www.team-cymru.com/IP-ASN-mapping.html#dns +.Lk https://www.team-cymru.com/ip-asn-mapping .It Fl D Dump the packet data to standard error before transmitting it. .It Fl d