SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync code with last improvements from OpenBSD

Browse Source
This commit is contained in:
purplerain 2023-08-21 16:32:04 +00:00
parent 6b5b190599
commit 30061c429a
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
11 changed files with 179 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
distrib/miniroot/install.sub
View File

@ -1,5 +1,5 @@
#!/bin/ksh #!/bin/ksh
# $OpenBSD: install.sub,v 1.1253 2023/08/10 17:09:34 kn Exp $ # $OpenBSD: install.sub,v 1.1255 2023/08/21 14:33:55 kn Exp $
# #
# Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback # Copyright (c) 1997-2015 Todd Miller, Theo de Raadt, Ken Westerback
# Copyright (c) 2015, Robert Peichaer <rpe@openbsd.org> # Copyright (c) 2015, Robert Peichaer <rpe@openbsd.org>
@ -3078,7 +3078,7 @@ do_autoinstall() {
} }
encrypt_root() { encrypt_root() {
local _chunk _tries=0 local _chunk=$ROOTDISK
[[ $MDBOOTSR == y ]] || return [[ $MDBOOTSR == y ]] || return
@ -3093,17 +3093,11 @@ encrypt_root() {
ask_yn 'Encrypt the root disk with a passphrase?' || return ask_yn 'Encrypt the root disk with a passphrase?' || return
_chunk=$ROOTDISK
echo "\nConfiguring the crypto chunk $_chunk...\n" echo "\nConfiguring the crypto chunk $_chunk...\n"
make_dev $_chunk
md_prep_fdisk $_chunk md_prep_fdisk $_chunk
echo 'RAID *' | disklabel -w -A -T- $_chunk echo 'RAID *' | disklabel -w -A -T- $_chunk
until bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null; do bioctl -Cforce -cC -l${_chunk}a softraid0 >/dev/null
# Most likely botched passphrases, silently retry twice.
((++_tries < 3)) || exit
done
# No volumes existed before asking, but we just created one. # No volumes existed before asking, but we just created one.
ROOTDISK=$(get_softraid_volumes) ROOTDISK=$(get_softraid_volumes)

129
lib/libcrypto/ec/ec_ameth.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ec_ameth.c,v 1.42 2023/08/12 08:07:35 tb Exp $ */ /* $OpenBSD: ec_ameth.c,v 1.43 2023/08/21 09:52:30 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006. * project 2006.
*/ */
@ -75,6 +75,17 @@ static int ecdh_cms_decrypt(CMS_RecipientInfo *ri);
static int ecdh_cms_encrypt(CMS_RecipientInfo *ri); static int ecdh_cms_encrypt(CMS_RecipientInfo *ri);
#endif #endif
static void
eckey_param_free(int ptype, void *pval)
{
if (pval == NULL)
return;
if (ptype == V_ASN1_OBJECT)
ASN1_OBJECT_free(pval); /* XXX - really necessary? */
else
ASN1_STRING_free(pval);
}
static int static int
eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key) eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
{ {
@ -110,36 +121,37 @@ eckey_param2type(int *pptype, void **ppval, EC_KEY *ec_key)
static int static int
eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey) eckey_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
{ {
EC_KEY *ec_key = pkey->pkey.ec; EC_KEY *eckey = pkey->pkey.ec;
int ptype = V_ASN1_UNDEF;
void *pval = NULL; void *pval = NULL;
int ptype; ASN1_OBJECT *aobj;
unsigned char *penc = NULL, *p; unsigned char *key = NULL;
int penclen; int key_len = 0;
int ret = 0;
if (!eckey_param2type(&ptype, &pval, ec_key)) { if (!eckey_param2type(&ptype, &pval, eckey)) {
ECerror(ERR_R_EC_LIB); ECerror(ERR_R_EC_LIB);
return 0; goto err;
} }
penclen = i2o_ECPublicKey(ec_key, NULL); if ((key_len = i2o_ECPublicKey(eckey, &key)) <= 0) {
if (penclen <= 0) key_len = 0;
goto err; goto err;
penc = malloc(penclen); }
if (!penc) if ((aobj = OBJ_nid2obj(EVP_PKEY_EC)) == NULL)
goto err; goto err;
p = penc; if (!X509_PUBKEY_set0_param(pk, aobj, ptype, pval, key, key_len))
penclen = i2o_ECPublicKey(ec_key, &p);
if (penclen <= 0)
goto err; goto err;
if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_EC), pval = NULL;
ptype, pval, penc, penclen)) key = NULL;
return 1; key_len = 0;
ret = 1;
err: err:
if (ptype == V_ASN1_OBJECT) eckey_param_free(ptype, pval);
ASN1_OBJECT_free(pval); freezero(key, key_len);
else
ASN1_STRING_free(pval); return ret;
free(penc);
return 0;
} }
static EC_KEY * static EC_KEY *
@ -308,54 +320,47 @@ eckey_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
static int static int
eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) eckey_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{ {
EC_KEY *ec_key; EC_KEY *eckey = pkey->pkey.ec;
unsigned char *ep, *p; void *pval = NULL;
int eplen, ptype; int ptype = V_ASN1_UNDEF;
void *pval; ASN1_OBJECT *aobj;
unsigned int tmp_flags, old_flags; unsigned char *key = NULL;
int key_len = 0;
unsigned int flags;
int ret = 0;
ec_key = pkey->pkey.ec; flags = EC_KEY_get_enc_flags(eckey);
if (!eckey_param2type(&ptype, &pval, ec_key)) { if (!eckey_param2type(&ptype, &pval, eckey)) {
ECerror(EC_R_DECODE_ERROR); ECerror(EC_R_DECODE_ERROR);
return 0; goto err;
} }
/* set the private key */
/* /* PKCS#11 12.11: don't include parameters in the SEC1 private key. */
* do not include the parameters in the SEC1 private key see PKCS#11 EC_KEY_set_enc_flags(eckey, flags | EC_PKEY_NO_PARAMETERS);
* 12.11
*/ if ((key_len = i2d_ECPrivateKey(eckey, &key)) <= 0) {
old_flags = EC_KEY_get_enc_flags(ec_key);
tmp_flags = old_flags | EC_PKEY_NO_PARAMETERS;
EC_KEY_set_enc_flags(ec_key, tmp_flags);
eplen = i2d_ECPrivateKey(ec_key, NULL);
if (!eplen) {
EC_KEY_set_enc_flags(ec_key, old_flags);
ECerror(ERR_R_EC_LIB); ECerror(ERR_R_EC_LIB);
return 0; key_len = 0;
goto err;
} }
ep = malloc(eplen); if ((aobj = OBJ_nid2obj(NID_X9_62_id_ecPublicKey)) == NULL)
if (!ep) { goto err;
EC_KEY_set_enc_flags(ec_key, old_flags); if (!PKCS8_pkey_set0(p8, aobj, 0, ptype, pval, key, key_len))
ECerror(ERR_R_MALLOC_FAILURE); goto err;
return 0; pval = NULL;
} key = NULL;
p = ep; key_len = 0;
if (!i2d_ECPrivateKey(ec_key, &p)) {
EC_KEY_set_enc_flags(ec_key, old_flags);
free(ep);
ECerror(ERR_R_EC_LIB);
return 0;
}
/* restore old encoding flags */
EC_KEY_set_enc_flags(ec_key, old_flags);
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_X9_62_id_ecPublicKey), 0, ret = 1;
ptype, pval, ep, eplen))
return 0;
return 1; err:
eckey_param_free(ptype, pval);
freezero(key, key_len);
EC_KEY_set_enc_flags(eckey, flags);
return ret;
} }
static int static int

8
lib/libcrypto/man/EVP_chacha20.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: EVP_chacha20.3,v 1.2 2023/08/16 13:47:18 schwarze Exp $ .\" $OpenBSD: EVP_chacha20.3,v 1.3 2023/08/21 03:26:42 jsg Exp $
.\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200 .\" full merge up to: OpenSSL 35fd9953 May 28 14:49:38 2019 +0200
.\" .\"
.\" This file is a derived work. .\" This file is a derived work.
@ -65,7 +65,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: August 16 2023 $ .Dd $Mdocdate: August 21 2023 $
.Dt EVP_CHACHA20 3 .Dt EVP_CHACHA20 3
.Os .Os
.Sh NAME .Sh NAME
@ -157,7 +157,7 @@ It is strongly recommended to specify
.Fa arg .Fa arg
as exactly 16. as exactly 16.
Otherwise, only the initial part of the tag may be compared Otherwise, only the initial part of the tag may be compared
and mismatches near the end of the tag may get silently irgnored. and mismatches near the end of the tag may get silently ignored.
This control operation fails if the This control operation fails if the
.Fa ctx .Fa ctx
is configured for encryption or if is configured for encryption or if
@ -204,7 +204,7 @@ is less than 1 or greater than 16.
.It Dv EVP_CTRL_INIT .It Dv EVP_CTRL_INIT
Set the length of the initialization vector to the default value Set the length of the initialization vector to the default value
of 12 bytes and clear the Poly1305 internal state. of 12 bytes and clear the Poly1305 internal state.
The application program usually does not need to invoke this contol The application program usually does not need to invoke this control
operation manually because it is automatically called internally by operation manually because it is automatically called internally by
.Xr EVP_EncryptInit_ex 3 , .Xr EVP_EncryptInit_ex 3 ,
.Xr EVP_DecryptInit_ex 3 , .Xr EVP_DecryptInit_ex 3 ,

6
regress/sbin/bioctl/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.1 2023/08/20 23:19:00 kn Exp $ # $OpenBSD: Makefile,v 1.2 2023/08/21 05:10:25 anton Exp $
BIOCTL ?= /sbin/bioctl BIOCTL ?= /sbin/bioctl
@ -9,17 +9,17 @@ VOLDEVFILE = vol.txt
OLDPW = oldsecret OLDPW = oldsecret
NEWPW = securenew NEWPW = securenew
REGRESS_SETUP_ONCE = create-chunk REGRESS_SETUP_ONCE = create-chunk
create-chunk: create-chunk:
dd if=/dev/zero of=${CHUNKFILE} bs=512k count=0 seek=1 status=none dd if=/dev/zero of=${CHUNKFILE} bs=512k count=0 seek=1 status=none
${SUDO} vnconfig -- ${CHUNKFILE} 1>${CHUNKDEVFILE} ${SUDO} vnconfig -- ${CHUNKFILE} 1>${CHUNKDEVFILE}
echo 'RAID *' | ${SUDO} disklabel -wAT- -- "$$(<${CHUNKDEVFILE})" echo 'RAID *' | ${SUDO} disklabel -wAT- -- "$$(<${CHUNKDEVFILE})"
REGRESS_TARGETS = scripted-create-volume \ REGRESS_TARGETS = scripted-create-volume \
scripted-change-passphrase scripted-change-passphrase
REGRESS_ROOT_TARGETS = ${REGRESS_TARGETS}
scripted-create-volume: scripted-create-volume:
printf '%s\n' '${OLDPW}' | \ printf '%s\n' '${OLDPW}' | \

12
regress/usr.sbin/installboot/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.39 2023/08/20 22:38:49 kn Exp $ # $OpenBSD: Makefile,v 1.40 2023/08/21 14:25:22 kn Exp $
INSTALLBOOT ?= /usr/sbin/installboot INSTALLBOOT ?= /usr/sbin/installboot
DRY_RUN = ${INSTALLBOOT} -n DRY_RUN = ${INSTALLBOOT} -n
@ -103,11 +103,13 @@ REGRESS_TARGETS = prepare
prepare: prepare:
${SUDO} ${REAL_RUN} -p -- "$$(<${ROOTDEVFILE})" ${SUDO} ${REAL_RUN} -p -- "$$(<${ROOTDEVFILE})"
REGRESS_TARGETS += dry-prepare \ SUCCESS_TESTS += dry-prepare \
dry-default \ dry-default \
dry-root \ dry-root \
root \ root \
root-stages root-stages
REGRESS_TARGETS += ${SUCCESS_TESTS}
REGRESS_ROOT_TARGETS += ${SUCCESS_TESTS}
dry-prepare: dry-prepare:
${SUDO} ${DRY_RUN} -p -- "$$(<${ROOTDEVFILE})" ${SUDO} ${DRY_RUN} -p -- "$$(<${ROOTDEVFILE})"
@ -122,12 +124,14 @@ root-stages:
${SUDO} ${REAL_RUN} -- "$$(<${ROOTDEVFILE})" ${STAGEFILES} ${SUDO} ${REAL_RUN} -- "$$(<${ROOTDEVFILE})" ${STAGEFILES}
REGRESS_EXPECTED_FAILURES = dry-prepare-root \ FAILURE_TESTS = dry-prepare-root \
dry-prepare-stages \ dry-prepare-stages \
dry-nodisk-stages \ dry-nodisk-stages \
dry-toofew \ dry-toofew \
dry-toomany dry-toomany
REGRESS_TARGETS += ${REGRESS_EXPECTED_FAILURES} REGRESS_EXPECTED_FAILURES += ${FAILURE_TESTS}
REGRESS_TARGETS += ${FAILURE_TESTS}
REGRESS_ROOT_TARGETS += dry-nodisk-stages
dry-prepare-root: dry-prepare-root:
${DRY_RUN} -p -r/ -- "$$(<${ROOTDEVFILE})" 2>/dev/null ${DRY_RUN} -p -r/ -- "$$(<${ROOTDEVFILE})" 2>/dev/null

9
sbin/bioctl/bioctl.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: bioctl.8,v 1.112 2023/08/18 14:09:19 kn Exp $ .\" $OpenBSD: bioctl.8,v 1.113 2023/08/21 08:33:11 kn Exp $
.\" .\"
.\" Copyright (c) 2004, 2005 Marco Peereboom .\" Copyright (c) 2004, 2005 Marco Peereboom
.\" .\"
@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: August 18 2023 $ .Dd $Mdocdate: August 21 2023 $
.Dt BIOCTL 8 .Dt BIOCTL 8
.Os .Os
.Sh NAME .Sh NAME
@ -288,10 +288,11 @@ is specified as "auto", the number of rounds will be automatically determined
based on system performance. based on system performance.
Otherwise the minimum is 4 rounds and the default is 16. Otherwise the minimum is 4 rounds and the default is 16.
.It Fl s .It Fl s
Omit prompts and read passphrases without confirmation from Read passphrases from
.Pa /dev/stdin .Pa /dev/stdin
rather than rather than
.Pa /dev/tty . .Pa /dev/tty ,
without prompts, confirmation or retry on mismatch.
.El .El
.Sh EXAMPLES .Sh EXAMPLES
Configure a new Configure a new

10
sbin/bioctl/bioctl.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: bioctl.c,v 1.152 2023/08/18 14:09:19 kn Exp $ */ /* $OpenBSD: bioctl.c,v 1.154 2023/08/21 08:33:11 kn Exp $ */
/* /*
* Copyright (c) 2004, 2005 Marco Peereboom * Copyright (c) 2004, 2005 Marco Peereboom
@ -376,7 +376,8 @@ bio_status(struct bio_status *bs)
prefix = __progname; prefix = __progname;
for (i = 0; i < bs->bs_msg_count; i++) for (i = 0; i < bs->bs_msg_count; i++)
printf("%s: %s\n", prefix, bs->bs_msgs[i].bm_msg); fprintf(bs->bs_msgs[i].bm_type == BIO_MSG_INFO ?
stdout : stderr, "%s: %s\n", prefix, bs->bs_msgs[i].bm_msg);
if (bs->bs_status == BIO_STATUS_ERROR) { if (bs->bs_status == BIO_STATUS_ERROR) {
if (bs->bs_msg_count == 0) if (bs->bs_msg_count == 0)
@ -1354,6 +1355,7 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz,
} else { } else {
rpp_flag |= interactive ? RPP_REQUIRE_TTY : RPP_STDIN; rpp_flag |= interactive ? RPP_REQUIRE_TTY : RPP_STDIN;
retry:
if (readpassphrase(prompt, passphrase, sizeof(passphrase), if (readpassphrase(prompt, passphrase, sizeof(passphrase),
rpp_flag) == NULL) rpp_flag) == NULL)
err(1, "unable to read passphrase"); err(1, "unable to read passphrase");
@ -1370,6 +1372,10 @@ derive_key(u_int32_t type, int rounds, u_int8_t *key, size_t keysz,
(strcmp(passphrase, verifybuf) != 0)) { (strcmp(passphrase, verifybuf) != 0)) {
explicit_bzero(passphrase, sizeof(passphrase)); explicit_bzero(passphrase, sizeof(passphrase));
explicit_bzero(verifybuf, sizeof(verifybuf)); explicit_bzero(verifybuf, sizeof(verifybuf));
if (interactive) {
warnx("Passphrases did not match, try again");
goto retry;
}
errx(1, "Passphrases did not match"); errx(1, "Passphrases did not match");
} }
/* forget the re-typed one */ /* forget the re-typed one */

108
share/man/man5/bsd.port.mk.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: bsd.port.mk.5,v 1.579 2023/08/08 12:46:56 espie Exp $ .\" $OpenBSD: bsd.port.mk.5,v 1.581 2023/08/21 12:54:04 espie Exp $
.\" .\"
.\" Copyright (c) 2000-2008 Marc Espie .\" Copyright (c) 2000-2008 Marc Espie
.\" .\"
@ -24,7 +24,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: August 8 2023 $ .Dd $Mdocdate: August 21 2023 $
.Dt BSD.PORT.MK 5 .Dt BSD.PORT.MK 5
.Os .Os
.Sh NAME .Sh NAME
@ -153,7 +153,7 @@ Check that patches would apply cleanly, but do not modify anything.
Compute a Compute a
.Xr sha256 1 .Xr sha256 1
digest digest
of ${CHECKSUMFILES} (files listed in DISTFILES and PATCHFILES) and of ${CHECKSUMFILES} (files listed in DISTFILES* and PATCHFILES*) and
check it against ${CHECKSUM_FILE}, normally check it against ${CHECKSUM_FILE}, normally
.Pa distinfo . .Pa distinfo .
In case of a mismatch, running In case of a mismatch, running
@ -286,12 +286,12 @@ See
.Cm print-package-args . .Cm print-package-args .
.It Cm fetch .It Cm fetch
Fetch the list of files in Fetch the list of files in
.Ev DISTFILES .Ev DISTFILES*
and and
.Ev PATCHFILES .Ev PATCHFILES*
using ${FETCH_CMD}. using ${FETCH_CMD}.
Files are normally retrieved from the list of sites in Files are normally retrieved from the list of sites in
.Ev MASTER_SITES . .Ev MASTER_SITES* .
.Pp .Pp
Appending Appending
.Sq :0 .Sq :0
@ -303,6 +303,19 @@ ${FETCH_CMD} retrieve from
to to
.Ev MASTER_SITES9 .Ev MASTER_SITES9
instead. instead.
.Pp
Preferably, adding a suffix to
.Ev DISTFILES ,
.Ev PATCHFILES ,
.Ev SUPDISTFILES
will switch the site entry to the corresponding
.Ev MASTER_SITES
variable, e.g.,
.Bd -literal -offset indent
DISTFILES.go = ...
MASTER_SITES.go = ...
.Ed
.Pp
If the rest of the entry parses as If the rest of the entry parses as
.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx .Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
${FETCH_CMD} will fetch ${FETCH_CMD} will fetch
@ -332,24 +345,23 @@ hooks is forbidden, as this would make mirroring of distfiles very complicated.
See See
.Ev CHECKSUMFILES , .Ev CHECKSUMFILES ,
.Ev DISTDIR , .Ev DISTDIR ,
.Ev DISTFILES , .Ev DISTFILES* ,
.Ev DIST_SUBDIR , .Ev DIST_SUBDIR ,
.Ev FETCH_CMD , .Ev FETCH_CMD ,
.Ev FETCH_MANUALLY , .Ev FETCH_MANUALLY ,
.Ev FETCH_SYMLINK_DISTFILES ,
.Ev FULLDISTDIR , .Ev FULLDISTDIR ,
.Ev MAKESUMFILES , .Ev MAKESUMFILES ,
.Ev MASTER_SITES , .Ev MASTER_SITES* ,
.Ev MASTER_SITES0 , ... , .Ev MASTER_SITES0 , ... ,
.Ev MASTER_SITES9 , .Ev MASTER_SITES9 ,
.Ev PATCHFILES , .Ev PATCHFILES* ,
.Ev SUPDISTFILES , .Ev SUPDISTFILES* ,
.Ev REFETCH . .Ev REFETCH .
.It Cm fetch-all .It Cm fetch-all
Like Like
.Cm fetch , .Cm fetch ,
but also fetches but also fetches
.Ev SUPDISTFILES , .Ev SUPDISTFILES* ,
for use with e.g., for use with e.g.,
.Cm makesum . .Cm makesum .
.It Cm fix-permissions .It Cm fix-permissions
@ -458,7 +470,7 @@ for details.
Run Run
.Xr sha256 1 .Xr sha256 1
on ${MAKESUMFILES} on ${MAKESUMFILES}
that is, files listed in ${DISTFILES}, ${SUPDISTFILES} and ${PATCHFILES}, that is, files listed in ${DISTFILES*}, ${SUPDISTFILES*} and ${PATCHFILES*},
and store the result in ${CHECKSUM_FILE}, normally and store the result in ${CHECKSUM_FILE}, normally
.Pa distinfo . .Pa distinfo .
Also store the lengths of all files for a quick check during Also store the lengths of all files for a quick check during
@ -1547,10 +1559,10 @@ Always use
to refer to ports' distribution files location, as it takes an eventual to refer to ports' distribution files location, as it takes an eventual
.Ev DIST_SUBDIR .Ev DIST_SUBDIR
into account. into account.
.It Ev DISTFILES .It Ev DISTFILES*
The main port's distribution files (the actual software source, except The main port's distribution files (the actual software source, except
for binary-only ports). for binary-only ports).
Will be retrieved from the MASTER_SITES (see Will be retrieved from the corresponding MASTER_SITES* (see
.Cm fetch ) , .Cm fetch ) ,
checksummed and extracted (see checksummed and extracted (see
.Cm checksum , .Cm checksum ,
@ -1563,6 +1575,16 @@ to
appended to select a different appended to select a different
.Ev MASTER_SITES . .Ev MASTER_SITES .
.Pp .Pp
Preferably, adding a suffix to
.Ev DISTFILES ,
will switch the site entry to the corresponding
.Ev MASTER_SITES
variable, e.g.,
.Bd -literal -offset indent
DISTFILES.go = ...
MASTER_SITES.go = ...
.Ed
.Pp
Each entry may optionally be of the form Each entry may optionally be of the form
.Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx .Sq Ar filename Ns { Ns Ar url Ns } Ns Ar sufx
to deal with sites that only offer archives as weird urls, doing the transfer to deal with sites that only offer archives as weird urls, doing the transfer
@ -1582,17 +1604,17 @@ will retrieve from url
into into
.Sq minetest-${V}${EXTRACT_SUFX} . .Sq minetest-${V}${EXTRACT_SUFX} .
.Pp .Pp
If ${DISTFILES} varies depending on If ${DISTFILES*} varies depending on
.Ev FLAVORS .Ev FLAVORS
or architecture, use or architecture, use
.Ev SUPDISTFILES .Ev SUPDISTFILES*
to ensure distfiles mirroring and to ensure distfiles mirroring and
.Cm makesum .Cm makesum
proper operation. proper operation.
.It Ev DISTNAME .It Ev DISTNAME
Name used to identify the port. Name used to identify the port.
See See
.Ev DISTFILES .Ev DISTFILES*
and and
.Ev PKGNAME . .Ev PKGNAME .
.It Ev DISTORIG .It Ev DISTORIG
@ -1748,6 +1770,12 @@ Used to set DISTFILES default value to ${DISTNAME}${EXTRACT_SUFX}.
The decompression tool needed will be automatically added as The decompression tool needed will be automatically added as
.Ev BUILD_DEPENDS . .Ev BUILD_DEPENDS .
Default value is .tar.gz. Default value is .tar.gz.
.Pp
Note that
.Ev DISTFILES
will only be set in the absence of
.Ev DISTFILES.sufx
as well.
.It Ev EXTRACT_FILES .It Ev EXTRACT_FILES
Set to the list of files to actually extract from distfiles. Set to the list of files to actually extract from distfiles.
Its content is subject to shell evaluation as part of Its content is subject to shell evaluation as part of
@ -1912,8 +1940,8 @@ the
target will also update installed packages even when the signature target will also update installed packages even when the signature
did not change. did not change.
.It Ev FULLDISTDIR .It Ev FULLDISTDIR
Complete path to directory where ${DISTFILES} and ${PATCHFILES} will be Complete path to directory where ${DISTFILES*} ${SUPDISTFILES*} and
located, to be used in hand-crafted extraction targets. ${PATCHFILES*} will be located, to be used in hand-crafted extraction targets.
Read-only. Read-only.
.It Ev FULLPKGNAME .It Ev FULLPKGNAME
Full name of the created package, taking flavors into account. Full name of the created package, taking flavors into account.
@ -1944,7 +1972,7 @@ Set by
.Nm .Nm
to the generated name of the distribution file. to the generated name of the distribution file.
This can be useful for ports listing multiple This can be useful for ports listing multiple
.Ev DISTFILES . .Ev DISTFILES* .
.It Ev GH_PROJECT .It Ev GH_PROJECT
Name of the project on GitHub. Name of the project on GitHub.
.It Ev GH_TAGNAME .It Ev GH_TAGNAME
@ -2205,6 +2233,16 @@ see
See See
.Xr ports 7 .Xr ports 7
for user configuration. for user configuration.
.It Ev MASTER_SITES*
List of alternate locations from which ${DISTFILES*}, ${PATCHFILES*},
${SUPDISTFILES*} are retrieved.
See
.Cm fetch
for details.
Suffix should start with
.Sq \&.
for consistency.
.Pp
.It Ev MASTER_SITES0 , ... , MASTER_SITES9 .It Ev MASTER_SITES0 , ... , MASTER_SITES9
Supplementary locations from which distribution files and patchfiles are Supplementary locations from which distribution files and patchfiles are
retrieved. retrieved.
@ -2416,7 +2454,7 @@ to re-generate
by looking for files using this suffix. by looking for files using this suffix.
Defaults to Defaults to
.Pa .orig.port . .Pa .orig.port .
In the unlikely event that one of the ${DISTFILES} already contains In the unlikely event that one of the ${DISTFILES*} already contains
.Pa .orig.port .Pa .orig.port
files, set this to something else, such as files, set this to something else, such as
.Pa .orig.obsdport . .Pa .orig.obsdport .
@ -2427,7 +2465,7 @@ See also
In the normal In the normal
.Cm distpatch .Cm distpatch
stage (when stage (when
.Ev PATCHFILES .Ev PATCHFILES*
is not empty), this is the contents of a case statement, used to apply is not empty), this is the contents of a case statement, used to apply
distribution patches. distribution patches.
Fragments are automatically appended to handle gzip'ed, bzip'ed and lzip'ed Fragments are automatically appended to handle gzip'ed, bzip'ed and lzip'ed
@ -2456,15 +2494,15 @@ Location for patches applied by the
target. target.
Default: Default:
.Pa patches . .Pa patches .
.It Ev PATCHFILES .It Ev PATCHFILES*
Files to fetch from the master sites like Files to fetch from the master sites like
.Ev DISTFILES , .Ev DISTFILES* ,
but serving a different purpose, as they hold distribution patches that but serving a different purpose, as they hold distribution patches that
will be applied at the will be applied at the
.Cm patch .Cm patch
stage. stage.
See also See also
.Ev SUPDISTFILES . .Ev SUPDISTFILES* .
.It Ev PATCH_ARGS .It Ev PATCH_ARGS
Full list of options used while applying port's patches. Full list of options used while applying port's patches.
.It Ev PATCH_CHECK_ONLY .It Ev PATCH_CHECK_ONLY
@ -3150,23 +3188,25 @@ in
.Xr mk.conf 5 , .Xr mk.conf 5 ,
the ports tree will only invoke root's privileges for the parts that the ports tree will only invoke root's privileges for the parts that
really require it. really require it.
.It Ev SUPDISTFILES .It Ev SUPDISTFILES*
Supplementary files that need to be retrieved under some specific Supplementary files that need to be retrieved under some specific
circumstances. circumstances.
For instance, a port might need architecture-specific files. For instance, a port might need architecture-specific files.
.Ev SUPDISTFILES .Ev SUPDISTFILES*
should hold a list of all distribution files and patchfiles that are not should hold a list of all distribution files and patchfiles that are not
always needed, so that a mirror will be able to grab all files, or that always needed, so that a mirror will be able to grab all files, or that
.Cm makesum .Cm makesum
will work. will work.
Having an overlap between Having an overlap between
.Ev SUPDISTFILES .Ev SUPDISTFILES*
and and
.Ev DISTFILES , .Ev DISTFILES* ,
.Ev PATCHFILES .Ev PATCHFILES*
is admissible, and in fact, expected, as it is much simpler to build is admissible, and in fact, expected, as it is much simpler to build
an error-free list of files to retrieve in that way. an error-free list of files to retrieve in that way.
See the xanim port for an example. See the
.Pa devel/jdk/1.8
port for an example.
.It Ev SYSCONFDIR .It Ev SYSCONFDIR
Location for this port's configuration files, should always be derived Location for this port's configuration files, should always be derived
from from
@ -4084,7 +4124,7 @@ Holds the output of
.Xr cksum 1 , .Xr cksum 1 ,
using using
.Xr sha256 1 .Xr sha256 1
for the port's ${DISTFILES} and ${PATCHFILES}, for the port's ${DISTFILES*}, ${SUPDISFILES*} and ${PATCHFILES*},
as well as the sizes of these files. as well as the sizes of these files.
.It Pa ${DISTDIR}/${CHECKSUMFILES} .It Pa ${DISTDIR}/${CHECKSUMFILES}
Cache of normal distribution files for a given port. Cache of normal distribution files for a given port.
@ -4245,7 +4285,7 @@ resulting in a double inclusion.
This would lead to weird results, such as This would lead to weird results, such as
.Ev PKG_ARGS .Ev PKG_ARGS
being defined twice. being defined twice.
.It "Fatal: MASTER_SITESn is not defined but referenced by <file> in <DISTFILES/PATCHFILES/SUPDISTFILES>" .It "Fatal: MASTER_SITES* is not defined but referenced by <file> in <DISTFILES*/PATCHFILES*/SUPDISTFILES*>"
Pretty much self-explanatory. Pretty much self-explanatory.
.It "Fatal: SUBPACKAGES should always begin with -: <offending list>" .It "Fatal: SUBPACKAGES should always begin with -: <offending list>"
That is the only way to differentiate between That is the only way to differentiate between

4
usr.bin/ssh/serverloop.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: serverloop.c,v 1.236 2023/03/08 04:43:12 guenther Exp $ */ /* $OpenBSD: serverloop.c,v 1.237 2023/08/21 04:59:54 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -247,7 +247,7 @@ wait_until_can_do_something(struct ssh *ssh,
/* ClientAliveInterval probing */ /* ClientAliveInterval probing */
if (client_alive_scheduled) { if (client_alive_scheduled) {
if (ret == 0 && if (ret == 0 &&
now > last_client_time + options.client_alive_interval) { now >= last_client_time + options.client_alive_interval) {
/* ppoll timed out and we're due to probe */ /* ppoll timed out and we're due to probe */
client_alive_check(ssh); client_alive_check(ssh);
last_client_time = now; last_client_time = now;

3
usr.bin/ssh/sshkey.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.137 2023/07/27 22:23:05 djm Exp $ */ /* $OpenBSD: sshkey.c,v 1.138 2023/08/21 04:36:46 djm Exp $ */
/* /*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -38,6 +38,7 @@
#include <errno.h> #include <errno.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h>
#include <string.h> #include <string.h>
#include <util.h> #include <util.h>
#include <limits.h> #include <limits.h>

6
usr.bin/whois/whois.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: whois.1,v 1.37 2022/02/18 10:24:33 jsg Exp $ .\" $OpenBSD: whois.1,v 1.38 2023/08/21 11:12:28 jsg Exp $
.\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $ .\" $NetBSD: whois.1,v 1.5 1995/08/31 21:51:32 jtc Exp $
.\" .\"
.\" Copyright (c) 1985, 1990, 1993 .\" Copyright (c) 1985, 1990, 1993
@ -30,7 +30,7 @@
.\" .\"
.\" @(#)whois.1 8.2 (Berkeley) 6/20/94 .\" @(#)whois.1 8.2 (Berkeley) 6/20/94
.\" .\"
.Dd $Mdocdate: February 18 2022 $ .Dd $Mdocdate: August 21 2023 $
.Dt WHOIS 1 .Dt WHOIS 1
.Os .Os
.Sh NAME .Sh NAME
@ -309,4 +309,4 @@ on port
The The
.Nm .Nm
command appeared in command appeared in
.Bx 4.3 . .Bx 4.1c .