diff --git a/distrib/miniroot/install.sub b/distrib/miniroot/install.sub index 2ce11ae7f..905e26b73 100644 --- a/distrib/miniroot/install.sub +++ b/distrib/miniroot/install.sub @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: install.sub,v 1.1253 2023/08/10 17:09:34 kn Exp $ +# $OpenBSD: install.sub,v 1.1255 2023/08/21 14:33:55 kn Exp $ # # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 2015, Robert Peichaer @@ -3078,7 +3078,7 @@ do_autoinstall() { } encrypt_root() { - local _chunk _tries=0 + local _chunk=$ROOTDISK [[ $MDBOOTSR == y ]] || return @@ -3093,17 +3093,11 @@ encrypt_root() { ask_yn 'Encrypt the root disk with a passphrase?' || return - _chunk=$ROOTDISK echo "\nConfiguring the crypto chunk $_chunk...\n" - - make_dev $_chunk md_prep_fdisk $_chunk echo 'RAID *' | disklabel -w -A -T- $_chunk - until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do - # Most likely botched passphrases, silently retry twice. - ((++_tries < 3)) || exit - done + bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null # No volumes existed before asking, but we just created one. ROOTDISK=$(get_softraid_volumes) diff --git a/lib/libcrypto/ec/ec_ameth.c b/lib/libcrypto/ec/ec_ameth.c index 6adf7ce67..f2ad5f60c 100644 --- a/lib/libcrypto/ec/ec_ameth.c +++ b/lib/libcrypto/ec/ec_ameth.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ec_ameth.c,v 1.42 2023/08/12 08:07:35 tb Exp $ */ +/* $OpenBSD: ec_ameth.c,v 1.43 2023/08/21 09:52:30 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2006. */ @@ -75,6 +75,17 @@ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); #endif +static void +eckey_param_free(int ptype, void *pval) +{ + if (pval == NULL) + return; + if (ptype == V_ASN1_OBJECT) + ASN1_OBJECT_free(pval); /* XXX - really necessary? */ + else + ASN1_STRING_free(pval); +} + static int eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) { @@ -110,36 +121,37 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) static int eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) { - EC_KEY *ec_key = pkey->pkey.ec; + EC_KEY *eckey = pkey->pkey.ec; + int ptype = V_ASN1_UNDEF; void *pval = NULL; - int ptype; - unsigned char *penc = NULL, *p; - int penclen; + ASN1_OBJECT *aobj; + unsigned char *key = NULL; + int key_len = 0; + int ret = 0; - if (!eckey_param2type(&ptype, &pval, ec_key)) { + if (!eckey_param2type(&ptype, &pval, eckey)) { ECerror(ERR_R_EC_LIB); - return 0; + goto err; } - penclen = i2o_ECPublicKey(ec_key, NULL); - if (penclen <= 0) + if ((key_len = i2o_ECPublicKey(eckey, &key)) <= 0) { + key_len = 0; goto err; - penc = malloc(penclen); - if (!penc) + } + if ((aobj = OBJ_nid2obj(EVP_PKEY_EC)) == NULL) goto err; - p = penc; - penclen = i2o_ECPublicKey(ec_key, &p); - if (penclen <= 0) + if (!X509_PUBKEY_set0_param(pk, aobj, ptype, pval, key, key_len)) goto err; - if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), - ptype, pval, penc, penclen)) - return 1; + pval = NULL; + key = NULL; + key_len = 0; + + ret = 1; + err: - if (ptype == V_ASN1_OBJECT) - ASN1_OBJECT_free(pval); - else - ASN1_STRING_free(pval); - free(penc); - return 0; + eckey_param_free(ptype, pval); + freezero(key, key_len); + + return ret; } static EC_KEY * @@ -308,54 +320,47 @@ eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) static int eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { - EC_KEY *ec_key; - unsigned char *ep, *p; - int eplen, ptype; - void *pval; - unsigned int tmp_flags, old_flags; + EC_KEY *eckey = pkey->pkey.ec; + void *pval = NULL; + int ptype = V_ASN1_UNDEF; + ASN1_OBJECT *aobj; + unsigned char *key = NULL; + int key_len = 0; + unsigned int flags; + int ret = 0; - ec_key = pkey->pkey.ec; + flags = EC_KEY_get_enc_flags(eckey); - if (!eckey_param2type(&ptype, &pval, ec_key)) { + if (!eckey_param2type(&ptype, &pval, eckey)) { ECerror(EC_R_DECODE_ERROR); - return 0; + goto err; } - /* set the private key */ - /* - * do not include the parameters in the SEC1 private key see PKCS#11 - * 12.11 - */ - old_flags = EC_KEY_get_enc_flags(ec_key); - tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS; - EC_KEY_set_enc_flags(ec_key, tmp_flags); - eplen = i2d_ECPrivateKey(ec_key, NULL); - if (!eplen) { - EC_KEY_set_enc_flags(ec_key, old_flags); + /* PKCS#11 12.11: don't include parameters in the SEC1 private key. */ + EC_KEY_set_enc_flags(eckey, flags | EC_PKEY_NO_PARAMETERS); + + if ((key_len = i2d_ECPrivateKey(eckey, &key)) <= 0) { ECerror(ERR_R_EC_LIB); - return 0; + key_len = 0; + goto err; } - ep = malloc(eplen); - if (!ep) { - EC_KEY_set_enc_flags(ec_key, old_flags); - ECerror(ERR_R_MALLOC_FAILURE); - return 0; - } - p = ep; - if (!i2d_ECPrivateKey(ec_key, &p)) { - EC_KEY_set_enc_flags(ec_key, old_flags); - free(ep); - ECerror(ERR_R_EC_LIB); - return 0; - } - /* restore old encoding flags */ - EC_KEY_set_enc_flags(ec_key, old_flags); + if ((aobj = OBJ_nid2obj(NID_X9_62_id_ecPublicKey)) == NULL) + goto err; + if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, pval, key, key_len)) + goto err; + pval = NULL; + key = NULL; + key_len = 0; - if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, - ptype, pval, ep, eplen)) - return 0; + ret = 1; - return 1; + err: + eckey_param_free(ptype, pval); + freezero(key, key_len); + + EC_KEY_set_enc_flags(eckey, flags); + + return ret; } static int diff --git a/lib/libcrypto/man/EVP_chacha20.3 b/lib/libcrypto/man/EVP_chacha20.3 index 01193638b..8d9ea068f 100644 --- a/lib/libcrypto/man/EVP_chacha20.3 +++ b/lib/libcrypto/man/EVP_chacha20.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: EVP_chacha20.3,v 1.2 2023/08/16 13:47:18 schwarze Exp $ +.\" $OpenBSD: EVP_chacha20.3,v 1.3 2023/08/21 03:26:42 jsg Exp $ .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" .\" This file is a derived work. @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 16 2023 $ +.Dd $Mdocdate: August 21 2023 $ .Dt EVP_CHACHA20 3 .Os .Sh NAME @@ -157,7 +157,7 @@ It is strongly recommended to specify .Fa arg as exactly 16. Otherwise, only the initial part of the tag may be compared -and mismatches near the end of the tag may get silently irgnored. +and mismatches near the end of the tag may get silently ignored. This control operation fails if the .Fa ctx is configured for encryption or if @@ -204,7 +204,7 @@ is less than 1 or greater than 16. .It Dv EVP_CTRL_INIT Set the length of the initialization vector to the default value of 12 bytes and clear the Poly1305 internal state. -The application program usually does not need to invoke this contol +The application program usually does not need to invoke this control operation manually because it is automatically called internally by .Xr EVP_EncryptInit_ex 3 , .Xr EVP_DecryptInit_ex 3 , diff --git a/regress/sbin/bioctl/Makefile b/regress/sbin/bioctl/Makefile index 2994418db..837fa50fc 100644 --- a/regress/sbin/bioctl/Makefile +++ b/regress/sbin/bioctl/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.1 2023/08/20 23:19:00 kn Exp $ +# $OpenBSD: Makefile,v 1.2 2023/08/21 05:10:25 anton Exp $ BIOCTL ?= /sbin/bioctl @@ -9,17 +9,17 @@ VOLDEVFILE = vol.txt OLDPW = oldsecret NEWPW = securenew - REGRESS_SETUP_ONCE = create-chunk create-chunk: - dd if=/dev/zero of=${CHUNKFILE} bs=512k count=0 seek=1 status=none + dd if=/dev/zero of=${CHUNKFILE} bs=512k count=0 seek=1 status=none ${SUDO} vnconfig -- ${CHUNKFILE} 1>${CHUNKDEVFILE} echo 'RAID *' | ${SUDO} disklabel -wAT- -- "$$(<${CHUNKDEVFILE})" REGRESS_TARGETS = scripted-create-volume \ scripted-change-passphrase +REGRESS_ROOT_TARGETS = ${REGRESS_TARGETS} scripted-create-volume: printf '%s\n' '${OLDPW}' | \ diff --git a/regress/usr.sbin/installboot/Makefile b/regress/usr.sbin/installboot/Makefile index d9b526011..da2762065 100644 --- a/regress/usr.sbin/installboot/Makefile +++ b/regress/usr.sbin/installboot/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.39 2023/08/20 22:38:49 kn Exp $ +# $OpenBSD: Makefile,v 1.40 2023/08/21 14:25:22 kn Exp $ INSTALLBOOT ?= /usr/sbin/installboot DRY_RUN = ${INSTALLBOOT} -n @@ -103,11 +103,13 @@ REGRESS_TARGETS = prepare prepare: ${SUDO} ${REAL_RUN} -p -- "$$(<${ROOTDEVFILE})" -REGRESS_TARGETS += dry-prepare \ +SUCCESS_TESTS += dry-prepare \ dry-default \ dry-root \ root \ root-stages +REGRESS_TARGETS += ${SUCCESS_TESTS} +REGRESS_ROOT_TARGETS += ${SUCCESS_TESTS} dry-prepare: ${SUDO} ${DRY_RUN} -p -- "$$(<${ROOTDEVFILE})" @@ -122,12 +124,14 @@ root-stages: ${SUDO} ${REAL_RUN} -- "$$(<${ROOTDEVFILE})" ${STAGEFILES} -REGRESS_EXPECTED_FAILURES = dry-prepare-root \ +FAILURE_TESTS = dry-prepare-root \ dry-prepare-stages \ dry-nodisk-stages \ dry-toofew \ dry-toomany -REGRESS_TARGETS += ${REGRESS_EXPECTED_FAILURES} +REGRESS_EXPECTED_FAILURES += ${FAILURE_TESTS} +REGRESS_TARGETS += ${FAILURE_TESTS} +REGRESS_ROOT_TARGETS += dry-nodisk-stages dry-prepare-root: ${DRY_RUN} -p -r/ -- "$$(<${ROOTDEVFILE})" 2>/dev/null diff --git a/sbin/bioctl/bioctl.8 b/sbin/bioctl/bioctl.8 index e8c6bcbce..3323de05e 100644 --- a/sbin/bioctl/bioctl.8 +++ b/sbin/bioctl/bioctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bioctl.8,v 1.112 2023/08/18 14:09:19 kn Exp $ +.\" $OpenBSD: bioctl.8,v 1.113 2023/08/21 08:33:11 kn Exp $ .\" .\" Copyright (c) 2004, 2005 Marco Peereboom .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: August 18 2023 $ +.Dd $Mdocdate: August 21 2023 $ .Dt BIOCTL 8 .Os .Sh NAME @@ -288,10 +288,11 @@ is specified as "auto", the number of rounds will be automatically determined based on system performance. Otherwise the minimum is 4 rounds and the default is 16. .It Fl s -Omit prompts and read passphrases without confirmation from +Read passphrases from .Pa /dev/stdin rather than -.Pa /dev/tty . +.Pa /dev/tty , +without prompts, confirmation or retry on mismatch. .El .Sh EXAMPLES Configure a new diff --git a/sbin/bioctl/bioctl.c b/sbin/bioctl/bioctl.c index 644cddee2..542801f2d 100644 --- a/sbin/bioctl/bioctl.c +++ b/sbin/bioctl/bioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: bioctl.c,v 1.152 2023/08/18 14:09:19 kn Exp $ */ +/* $OpenBSD: bioctl.c,v 1.154 2023/08/21 08:33:11 kn Exp $ */ /* * Copyright (c) 2004, 2005 Marco Peereboom @@ -376,7 +376,8 @@ bio_status(struct bio_status *bs) prefix = __progname; for (i = 0; i < bs->bs_msg_count; i++) - printf("%s: %s\n", prefix, bs->bs_msgs[i].bm_msg); + fprintf(bs->bs_msgs[i].bm_type == BIO_MSG_INFO ? + stdout : stderr, "%s: %s\n", prefix, bs->bs_msgs[i].bm_msg); if (bs->bs_status == BIO_STATUS_ERROR) { if (bs->bs_msg_count == 0) @@ -1354,6 +1355,7 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, } else { rpp_flag |= interactive ? RPP_REQUIRE_TTY : RPP_STDIN; + retry: if (readpassphrase(prompt, passphrase, sizeof(passphrase), rpp_flag) == NULL) err(1, "unable to read passphrase"); @@ -1370,6 +1372,10 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz, (strcmp(passphrase, verifybuf) != 0)) { explicit_bzero(passphrase, sizeof(passphrase)); explicit_bzero(verifybuf, sizeof(verifybuf)); + if (interactive) { + warnx("Passphrases did not match, try again"); + goto retry; + } errx(1, "Passphrases did not match"); } /* forget the re-typed one */ diff --git a/share/man/man5/bsd.port.mk.5 b/share/man/man5/bsd.port.mk.5 index 4e88c6e6b..42f9bf97b 100644 --- a/share/man/man5/bsd.port.mk.5 +++ b/share/man/man5/bsd.port.mk.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: bsd.port.mk.5,v 1.579 2023/08/08 12:46:56 espie Exp $ +.\" $OpenBSD: bsd.port.mk.5,v 1.581 2023/08/21 12:54:04 espie Exp $ .\" .\" Copyright (c) 2000-2008 Marc Espie .\" @@ -24,7 +24,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: August 8 2023 $ +.Dd $Mdocdate: August 21 2023 $ .Dt BSD.PORT.MK 5 .Os .Sh NAME @@ -153,7 +153,7 @@ Check that patches would apply cleanly, but do not modify anything. Compute a .Xr sha256 1 digest -of ${CHECKSUMFILES} (files listed in DISTFILES and PATCHFILES) and +of ${CHECKSUMFILES} (files listed in DISTFILES* and PATCHFILES*) and check it against ${CHECKSUM_FILE}, normally .Pa distinfo . In case of a mismatch, running @@ -286,12 +286,12 @@ See .Cm print-package-args . .It Cm fetch Fetch the list of files in -.Ev DISTFILES +.Ev DISTFILES* and -.Ev PATCHFILES +.Ev PATCHFILES* using ${FETCH_CMD}. Files are normally retrieved from the list of sites in -.Ev MASTER_SITES . +.Ev MASTER_SITES* . .Pp Appending .Sq :0 @@ -303,6 +303,19 @@ ${FETCH_CMD} retrieve from to .Ev MASTER_SITES9 instead. +.Pp +Preferably, adding a suffix to +.Ev DISTFILES , +.Ev PATCHFILES , +.Ev SUPDISTFILES +will switch the site entry to the corresponding +.Ev MASTER_SITES +variable, e.g., +.Bd -literal -offset indent +DISTFILES.go = ... +MASTER_SITES.go = ... +.Ed +.Pp If the rest of the entry parses as .Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx ${FETCH_CMD} will fetch @@ -332,24 +345,23 @@ hooks is forbidden, as this would make mirroring of distfiles very complicated. See .Ev CHECKSUMFILES , .Ev DISTDIR , -.Ev DISTFILES , +.Ev DISTFILES* , .Ev DIST_SUBDIR , .Ev FETCH_CMD , .Ev FETCH_MANUALLY , -.Ev FETCH_SYMLINK_DISTFILES , .Ev FULLDISTDIR , .Ev MAKESUMFILES , -.Ev MASTER_SITES , +.Ev MASTER_SITES* , .Ev MASTER_SITES0 , ... , .Ev MASTER_SITES9 , -.Ev PATCHFILES , -.Ev SUPDISTFILES , +.Ev PATCHFILES* , +.Ev SUPDISTFILES* , .Ev REFETCH . .It Cm fetch-all Like .Cm fetch , but also fetches -.Ev SUPDISTFILES , +.Ev SUPDISTFILES* , for use with e.g., .Cm makesum . .It Cm fix-permissions @@ -458,7 +470,7 @@ for details. Run .Xr sha256 1 on ${MAKESUMFILES} -that is, files listed in ${DISTFILES}, ${SUPDISTFILES} and ${PATCHFILES}, +that is, files listed in ${DISTFILES*}, ${SUPDISTFILES*} and ${PATCHFILES*}, and store the result in ${CHECKSUM_FILE}, normally .Pa distinfo . Also store the lengths of all files for a quick check during @@ -1547,10 +1559,10 @@ Always use to refer to ports' distribution files location, as it takes an eventual .Ev DIST_SUBDIR into account. -.It Ev DISTFILES +.It Ev DISTFILES* The main port's distribution files (the actual software source, except for binary-only ports). -Will be retrieved from the MASTER_SITES (see +Will be retrieved from the corresponding MASTER_SITES* (see .Cm fetch ) , checksummed and extracted (see .Cm checksum , @@ -1563,6 +1575,16 @@ to appended to select a different .Ev MASTER_SITES . .Pp +Preferably, adding a suffix to +.Ev DISTFILES , +will switch the site entry to the corresponding +.Ev MASTER_SITES +variable, e.g., +.Bd -literal -offset indent +DISTFILES.go = ... +MASTER_SITES.go = ... +.Ed +.Pp Each entry may optionally be of the form .Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx to deal with sites that only offer archives as weird urls, doing the transfer @@ -1582,17 +1604,17 @@ will retrieve from url into .Sq minetest-${V}${EXTRACT_SUFX} . .Pp -If ${DISTFILES} varies depending on +If ${DISTFILES*} varies depending on .Ev FLAVORS or architecture, use -.Ev SUPDISTFILES +.Ev SUPDISTFILES* to ensure distfiles mirroring and .Cm makesum proper operation. .It Ev DISTNAME Name used to identify the port. See -.Ev DISTFILES +.Ev DISTFILES* and .Ev PKGNAME . .It Ev DISTORIG @@ -1748,6 +1770,12 @@ Used to set DISTFILES default value to ${DISTNAME}${EXTRACT_SUFX}. The decompression tool needed will be automatically added as .Ev BUILD_DEPENDS . Default value is .tar.gz. +.Pp +Note that +.Ev DISTFILES +will only be set in the absence of +.Ev DISTFILES.sufx +as well. .It Ev EXTRACT_FILES Set to the list of files to actually extract from distfiles. Its content is subject to shell evaluation as part of @@ -1912,8 +1940,8 @@ the target will also update installed packages even when the signature did not change. .It Ev FULLDISTDIR -Complete path to directory where ${DISTFILES} and ${PATCHFILES} will be -located, to be used in hand-crafted extraction targets. +Complete path to directory where ${DISTFILES*} ${SUPDISTFILES*} and +${PATCHFILES*} will be located, to be used in hand-crafted extraction targets. Read-only. .It Ev FULLPKGNAME Full name of the created package, taking flavors into account. @@ -1944,7 +1972,7 @@ Set by .Nm to the generated name of the distribution file. This can be useful for ports listing multiple -.Ev DISTFILES . +.Ev DISTFILES* . .It Ev GH_PROJECT Name of the project on GitHub. .It Ev GH_TAGNAME @@ -2205,6 +2233,16 @@ see See .Xr ports 7 for user configuration. +.It Ev MASTER_SITES* +List of alternate locations from which ${DISTFILES*}, ${PATCHFILES*}, +${SUPDISTFILES*} are retrieved. +See +.Cm fetch +for details. +Suffix should start with +.Sq \&. +for consistency. +.Pp .It Ev MASTER_SITES0 , ... , MASTER_SITES9 Supplementary locations from which distribution files and patchfiles are retrieved. @@ -2416,7 +2454,7 @@ to re-generate by looking for files using this suffix. Defaults to .Pa .orig.port . -In the unlikely event that one of the ${DISTFILES} already contains +In the unlikely event that one of the ${DISTFILES*} already contains .Pa .orig.port files, set this to something else, such as .Pa .orig.obsdport . @@ -2427,7 +2465,7 @@ See also In the normal .Cm distpatch stage (when -.Ev PATCHFILES +.Ev PATCHFILES* is not empty), this is the contents of a case statement, used to apply distribution patches. Fragments are automatically appended to handle gzip'ed, bzip'ed and lzip'ed @@ -2456,15 +2494,15 @@ Location for patches applied by the target. Default: .Pa patches . -.It Ev PATCHFILES +.It Ev PATCHFILES* Files to fetch from the master sites like -.Ev DISTFILES , +.Ev DISTFILES* , but serving a different purpose, as they hold distribution patches that will be applied at the .Cm patch stage. See also -.Ev SUPDISTFILES . +.Ev SUPDISTFILES* . .It Ev PATCH_ARGS Full list of options used while applying port's patches. .It Ev PATCH_CHECK_ONLY @@ -3150,23 +3188,25 @@ in .Xr mk.conf 5 , the ports tree will only invoke root's privileges for the parts that really require it. -.It Ev SUPDISTFILES +.It Ev SUPDISTFILES* Supplementary files that need to be retrieved under some specific circumstances. For instance, a port might need architecture-specific files. -.Ev SUPDISTFILES +.Ev SUPDISTFILES* should hold a list of all distribution files and patchfiles that are not always needed, so that a mirror will be able to grab all files, or that .Cm makesum will work. Having an overlap between -.Ev SUPDISTFILES +.Ev SUPDISTFILES* and -.Ev DISTFILES , -.Ev PATCHFILES +.Ev DISTFILES* , +.Ev PATCHFILES* is admissible, and in fact, expected, as it is much simpler to build an error-free list of files to retrieve in that way. -See the xanim port for an example. +See the +.Pa devel/jdk/1.8 +port for an example. .It Ev SYSCONFDIR Location for this port's configuration files, should always be derived from @@ -4084,7 +4124,7 @@ Holds the output of .Xr cksum 1 , using .Xr sha256 1 -for the port's ${DISTFILES} and ${PATCHFILES}, +for the port's ${DISTFILES*}, ${SUPDISFILES*} and ${PATCHFILES*}, as well as the sizes of these files. .It Pa ${DISTDIR}/${CHECKSUMFILES} Cache of normal distribution files for a given port. @@ -4245,7 +4285,7 @@ resulting in a double inclusion. This would lead to weird results, such as .Ev PKG_ARGS being defined twice. -.It "Fatal: MASTER_SITESn is not defined but referenced by in " +.It "Fatal: MASTER_SITES* is not defined but referenced by in " Pretty much self-explanatory. .It "Fatal: SUBPACKAGES should always begin with -: " That is the only way to differentiate between diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 0c13f9b87..c669c02ee 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.236 2023/03/08 04:43:12 guenther Exp $ */ +/* $OpenBSD: serverloop.c,v 1.237 2023/08/21 04:59:54 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -247,7 +247,7 @@ wait_until_can_do_something(struct ssh *ssh, /* ClientAliveInterval probing */ if (client_alive_scheduled) { if (ret == 0 && - now > last_client_time + options.client_alive_interval) { + now >= last_client_time + options.client_alive_interval) { /* ppoll timed out and we're due to probe */ client_alive_check(ssh); last_client_time = now; diff --git a/usr.bin/ssh/sshkey.c b/usr.bin/ssh/sshkey.c index ff58b1bd1..c3c3c5135 100644 --- a/usr.bin/ssh/sshkey.c +++ b/usr.bin/ssh/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.137 2023/07/27 22:23:05 djm Exp $ */ +/* $OpenBSD: sshkey.c,v 1.138 2023/08/21 04:36:46 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -38,6 +38,7 @@ #include #include +#include #include #include #include diff --git a/usr.bin/whois/whois.1 b/usr.bin/whois/whois.1 index a61298bc1..89898f5ca 100644 --- a/usr.bin/whois/whois.1 +++ b/usr.bin/whois/whois.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: whois.1,v 1.37 2022/02/18 10:24:33 jsg Exp $ +.\" $OpenBSD: whois.1,v 1.38 2023/08/21 11:12:28 jsg Exp $ .\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $ .\" .\" Copyright (c) 1985, 1990, 1993 @@ -30,7 +30,7 @@ .\" .\" @(#)whois.1 8.2 (Berkeley) 6/20/94 .\" -.Dd $Mdocdate: February 18 2022 $ +.Dd $Mdocdate: August 21 2023 $ .Dt WHOIS 1 .Os .Sh NAME @@ -309,4 +309,4 @@ on port The .Nm command appeared in -.Bx 4.3 . +.Bx 4.1c .