diff --git a/lib/libcrypto/cversion.c b/lib/libcrypto/cversion.c
index acb7b7054..95479d338 100644
--- a/lib/libcrypto/cversion.c
+++ b/lib/libcrypto/cversion.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cversion.c,v 1.18 2023/07/08 08:28:23 beck Exp $ */
+/* $OpenBSD: cversion.c,v 1.19 2024/03/16 21:42:20 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -68,15 +68,15 @@ SSLeay_version(int t)
 	case SSLEAY_VERSION:
 		return OPENSSL_VERSION_TEXT;
 	case SSLEAY_BUILT_ON:
-		return("built on: date not available");
+		return "built on: date not available";
 	case SSLEAY_CFLAGS:
-		return("compiler: information not available");
+		return "compiler: information not available";
 	case SSLEAY_PLATFORM:
-		return("platform: information not available");
+		return "platform: information not available";
 	case SSLEAY_DIR:
 		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
 	}
-	return("not available");
+	return "not available";
 }
 LCRYPTO_ALIAS(SSLeay_version);
 
@@ -94,17 +94,17 @@ OpenSSL_version(int t)
 	case OPENSSL_VERSION:
 		return OPENSSL_VERSION_TEXT;
 	case OPENSSL_BUILT_ON:
-		return("built on: date not available");
+		return "built on: date not available";
 	case OPENSSL_CFLAGS:
-		return("compiler: information not available");
+		return "compiler: information not available";
 	case OPENSSL_PLATFORM:
-		return("platform: information not available");
+		return "platform: information not available";
 	case OPENSSL_DIR:
 		return "OPENSSLDIR: \"" OPENSSLDIR "\"";
 	case OPENSSL_ENGINES_DIR:
 		return "ENGINESDIR: N/A";
 	}
-	return("not available");
+	return "not available";
 }
 LCRYPTO_ALIAS(OpenSSL_version);
 
diff --git a/lib/libcrypto/rsa/rsa_ameth.c b/lib/libcrypto/rsa/rsa_ameth.c
index 0c351f49e..c722188c4 100644
--- a/lib/libcrypto/rsa/rsa_ameth.c
+++ b/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_ameth.c,v 1.57 2024/01/10 14:59:19 tb Exp $ */
+/* $OpenBSD: rsa_ameth.c,v 1.58 2024/03/17 07:10:00 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -605,6 +605,10 @@ rsa_md_to_algor(const EVP_MD *md, X509_ALGOR **out_alg)
 
 	if ((alg = X509_ALGOR_new()) == NULL)
 		goto err;
+	/*
+	 * XXX - This omits the parameters, whereas RFC 4055, section 2.1
+	 * explicitly states that an explicit ASN.1 NULL is required.
+	 */
 	if (!X509_ALGOR_set_evp_md(alg, md))
 		goto err;
 
@@ -640,6 +644,10 @@ rsa_mgf1md_to_maskGenAlgorithm(const EVP_MD *mgf1md, X509_ALGOR **out_alg)
 
 	if ((inner_alg = X509_ALGOR_new()) == NULL)
 		goto err;
+	/*
+	 * XXX - This omits the parameters, whereas RFC 4055, section 2.1
+	 * explicitly states that an explicit ASN.1 NULL is required.
+	 */
 	if (!X509_ALGOR_set_evp_md(inner_alg, mgf1md))
 		goto err;
 	if ((astr = ASN1_item_pack(inner_alg, &X509_ALGOR_it, NULL)) == NULL)
diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c
index ea0d55763..da000b2cf 100644
--- a/sys/arch/amd64/amd64/cpu.c
+++ b/sys/arch/amd64/amd64/cpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.183 2024/02/25 22:33:09 guenther Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.184 2024/03/17 05:49:41 guenther Exp $	*/
 /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
 
 /*-
@@ -299,7 +299,8 @@ replacemds(void)
 	CPU_INFO_ITERATOR cii;
 	void *handler = NULL, *vmm_handler = NULL;
 	const char *type;
-	int has_verw, s;
+	int use_verw = 0, s;
+	uint32_t cap = 0;
 
 	/* ci_mds_tmp must be 32byte aligned for AVX instructions */
 	CTASSERT((offsetof(struct cpu_info, ci_mds_tmp) -
@@ -309,20 +310,22 @@ replacemds(void)
 		return;
 	replacedone = 1;
 
-	if (strcmp(cpu_vendor, "GenuineIntel") != 0 ||
-	    ((ci->ci_feature_sefflags_edx & SEFF0EDX_ARCH_CAP) &&
-	     (rdmsr(MSR_ARCH_CAPABILITIES) & ARCH_CAP_MDS_NO))) {
+	if (strcmp(cpu_vendor, "GenuineIntel") != 0)
+		goto notintel;	/* VERW only needed on Intel */
+
+	if ((ci->ci_feature_sefflags_edx & SEFF0EDX_ARCH_CAP))
+		cap = rdmsr(MSR_ARCH_CAPABILITIES);
+
+	if (cap & ARCH_CAP_MDS_NO) {
 		/* Unaffected, nop out the handling code */
-		has_verw = 0;
 	} else if (ci->ci_feature_sefflags_edx & SEFF0EDX_MD_CLEAR) {
 		/* new firmware, use VERW */
-		has_verw = 1;
+		use_verw = 1;
 	} else {
 		int family = ci->ci_family;
 		int model = ci->ci_model;
 		int stepping = CPUID2STEPPING(ci->ci_signature);
 
-		has_verw = 0;
 		if (family == 0x6 &&
 		    (model == 0x2e || model == 0x1e || model == 0x1f ||
 		     model == 0x1a || model == 0x2f || model == 0x25 ||
@@ -395,15 +398,24 @@ replacemds(void)
 		}
 	}
 
+	/* Register File Data Sampling (RFDS) also has a VERW workaround */
+	if ((cap & ARCH_CAP_RFDS_NO) == 0 && (cap & ARCH_CAP_RFDS_CLEAR))
+		use_verw = 1;
+
 	if (handler != NULL) {
 		printf("cpu0: using %s MDS workaround%s\n", type, "");
 		s = splhigh();
 		codepatch_call(CPTAG_MDS, handler);
 		codepatch_call(CPTAG_MDS_VMM, vmm_handler);
 		splx(s);
-	} else if (has_verw) {
-		/* The new firmware enhances L1D_FLUSH MSR to flush MDS too */
-		if (cpu_info_primary.ci_vmm_cap.vcc_vmx.vmx_has_l1_flush_msr == 1) {
+	} else if (use_verw) {
+		/*
+		 * The new firmware enhances L1D_FLUSH MSR to flush MDS too,
+		 * but keep the verw if affected by RFDS
+		 */
+		if ((cap & ARCH_CAP_RFDS_NO) == 0 && (cap & ARCH_CAP_RFDS_CLEAR)) {
+			type = "";
+		} else if (cpu_info_primary.ci_vmm_cap.vcc_vmx.vmx_has_l1_flush_msr == 1) {
 			s = splhigh();
 			codepatch_nop(CPTAG_MDS_VMM);
 			splx(s);
@@ -413,6 +425,7 @@ replacemds(void)
 		}
 		printf("cpu0: using %s MDS workaround%s\n", "VERW", type);
 	} else {
+notintel:
 		s = splhigh();
 		codepatch_nop(CPTAG_MDS);
 		codepatch_nop(CPTAG_MDS_VMM);
diff --git a/sys/arch/amd64/amd64/identcpu.c b/sys/arch/amd64/amd64/identcpu.c
index 0d113e732..c8eb1f239 100644
--- a/sys/arch/amd64/amd64/identcpu.c
+++ b/sys/arch/amd64/amd64/identcpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: identcpu.c,v 1.138 2023/09/03 09:30:43 mlarkin Exp $	*/
+/*	$OpenBSD: identcpu.c,v 1.139 2024/03/17 05:49:41 guenther Exp $	*/
 /*	$NetBSD: identcpu.c,v 1.1 2003/04/26 18:39:28 fvdl Exp $	*/
 
 /*
@@ -274,6 +274,8 @@ const struct {
 	{ ARCH_CAP_PBRSB_NO,		"PBRSB_NO" },
 	{ ARCH_CAP_GDS_CTRL,		"GDS_CTRL" },
 	{ ARCH_CAP_GDS_NO,		"GDS_NO" },
+	{ ARCH_CAP_RFDS_NO,		"RFDS_NO" },
+	{ ARCH_CAP_RFDS_CLEAR,		"RFDS_CLEAR" },
 };
 
 int
diff --git a/sys/arch/amd64/amd64/locore.S b/sys/arch/amd64/amd64/locore.S
index 89f4f40fa..d45180e0a 100644
--- a/sys/arch/amd64/amd64/locore.S
+++ b/sys/arch/amd64/amd64/locore.S
@@ -1,4 +1,4 @@
-/*	$OpenBSD: locore.S,v 1.146 2024/02/25 22:33:09 guenther Exp $	*/
+/*	$OpenBSD: locore.S,v 1.147 2024/03/17 05:49:41 guenther Exp $	*/
 /*	$NetBSD: locore.S,v 1.13 2004/03/25 18:33:17 drochner Exp $	*/
 
 /*
@@ -616,8 +616,15 @@ GENTRY(Xsyscall)
 	movq	TF_R13(%rsp),%r13
 	movq	TF_R14(%rsp),%r14
 	movq	TF_R15(%rsp),%r15
+	movq	TF_RBX(%rsp),%rbx
+	movq	TF_RDX(%rsp),%rdx
 
 	CODEPATCH_START
+	xorl	%edi,%edi
+	xorl	%esi,%esi
+	xorl	%r11d,%r11d
+	xorl	%eax,%eax
+	xorl	%ecx,%ecx
 	movw	%ds,TF_R8(%rsp)
 	verw	TF_R8(%rsp)
 	CODEPATCH_END(CPTAG_MDS)
@@ -625,7 +632,6 @@ GENTRY(Xsyscall)
 	movq	TF_RDI(%rsp),%rdi
 	movq	TF_RSI(%rsp),%rsi
 	movq	TF_RBP(%rsp),%rbp
-	movq	TF_RBX(%rsp),%rbx
 
 	/*
 	 * We need to finish reading from the trapframe, then switch
@@ -635,7 +641,6 @@ GENTRY(Xsyscall)
 	 * user page tables, so save it in CPUVAR(SCRATCH) across
 	 * the switch.
 	 */
-	movq	TF_RDX(%rsp),%rdx
 	movq	TF_RAX(%rsp),%rax
 	movq	TF_RIP(%rsp),%rcx
 	movq	TF_RFLAGS(%rsp),%r11
@@ -806,8 +811,15 @@ intr_user_exit_post_ast:
 	movq	TF_R13(%rsp),%r13
 	movq	TF_R14(%rsp),%r14
 	movq	TF_R15(%rsp),%r15
+	movq	TF_RBX(%rsp),%rbx
 
 	CODEPATCH_START
+	xorl	%edi,%edi
+	xorl	%esi,%esi
+	xorl	%r11d,%r11d
+	xorl	%eax,%eax
+	xorl	%edx,%edx
+	xorl	%ecx,%ecx
 	movw	%ds,TF_R8(%rsp)
 	verw	TF_R8(%rsp)
 	CODEPATCH_END(CPTAG_MDS)
@@ -815,7 +827,6 @@ intr_user_exit_post_ast:
 	movq	TF_RDI(%rsp),%rdi
 	movq	TF_RSI(%rsp),%rsi
 	movq	TF_RBP(%rsp),%rbp
-	movq	TF_RBX(%rsp),%rbx
 
 	/*
 	 * To get the final value for the register that was used
diff --git a/sys/arch/amd64/amd64/vmm_support.S b/sys/arch/amd64/amd64/vmm_support.S
index aadfb4a96..8da5ac888 100644
--- a/sys/arch/amd64/amd64/vmm_support.S
+++ b/sys/arch/amd64/amd64/vmm_support.S
@@ -1,4 +1,4 @@
-/*	$OpenBSD: vmm_support.S,v 1.25 2024/02/25 22:33:09 guenther Exp $	*/
+/*	$OpenBSD: vmm_support.S,v 1.26 2024/03/17 05:49:41 guenther Exp $	*/
 /*
  * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
  *
@@ -247,6 +247,23 @@ skip_init:
 	 * XXX information yet to make the correct choices.
 	 */
 	CODEPATCH_START
+	xorl	%eax,%eax
+	xorl	%ebx,%ebx
+	xorl	%ecx,%ecx
+	xorl	%edx,%edx
+	xorl	%esi,%esi
+	xorl	%edi,%edi
+	xorl	%ebp,%ebp
+	/*
+	 * r8 is a boolean flagging launch or resume
+	 * r9 is 0-2 about the CPU
+	 */
+	xorl	%r10d,%r10d
+	xorl	%r11d,%r11d
+	xorl	%r12d,%r12d
+	xorl	%r13d,%r13d
+	xorl	%r14d,%r14d
+	xorl	%r15d,%r15d
 	subq	$8, %rsp
 	movw	%ds, (%rsp)
 	verw	(%rsp)
diff --git a/sys/arch/amd64/include/specialreg.h b/sys/arch/amd64/include/specialreg.h
index 38edcca61..f7d3f6eff 100644
--- a/sys/arch/amd64/include/specialreg.h
+++ b/sys/arch/amd64/include/specialreg.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: specialreg.h,v 1.109 2023/09/03 09:30:43 mlarkin Exp $	*/
+/*	$OpenBSD: specialreg.h,v 1.110 2024/03/17 05:49:41 guenther Exp $	*/
 /*	$NetBSD: specialreg.h,v 1.1 2003/04/26 18:39:48 fvdl Exp $	*/
 /*	$NetBSD: x86/specialreg.h,v 1.2 2003/04/25 21:54:30 fvdl Exp $	*/
 
@@ -428,6 +428,8 @@
 #define ARCH_CAP_PBRSB_NO		(1 << 24) /* PBSR safe */
 #define ARCH_CAP_GDS_CTRL		(1 << 25) /* has GDS_MITG_DIS/LOCK */
 #define ARCH_CAP_GDS_NO			(1 << 26) /* GDS safe */
+#define ARCH_CAP_RFDS_NO		(1 << 27) /* RFDS safe */
+#define ARCH_CAP_RFDS_CLEAR		(1 << 28) /* use VERW for RFDS */
 #define MSR_FLUSH_CMD		0x10b
 #define FLUSH_CMD_L1D_FLUSH	0x1	/* (1ULL << 0) */
 #define	MSR_BBL_CR_ADDR		0x116	/* PII+ only */
diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c
index 597733506..a14e1f229 100644
--- a/sys/arch/arm64/arm64/cpu.c
+++ b/sys/arch/arm64/arm64/cpu.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.110 2024/03/16 09:15:04 jsg Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.111 2024/03/17 13:05:40 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -821,11 +821,11 @@ cpu_identify(struct cpu_info *ci)
 		sep = ",";
 	}
 
-	if (ID_AA64PFR1_SBSS(id) >= ID_AA64PFR1_SBSS_PSTATE) {
-		printf("%sSBSS", sep);
+	if (ID_AA64PFR1_SSBS(id) >= ID_AA64PFR1_SSBS_PSTATE) {
+		printf("%sSSBS", sep);
 		sep = ",";
 	}
-	if (ID_AA64PFR1_SBSS(id) >= ID_AA64PFR1_SBSS_PSTATE_MSR)
+	if (ID_AA64PFR1_SSBS(id) >= ID_AA64PFR1_SSBS_PSTATE_MSR)
 		printf("+MSR");
 
 	if (ID_AA64PFR1_MTE(id) >= ID_AA64PFR1_MTE_IMPL) {
diff --git a/sys/arch/arm64/arm64/machdep.c b/sys/arch/arm64/arm64/machdep.c
index ba1fcf72f..7ae80ca6b 100644
--- a/sys/arch/arm64/arm64/machdep.c
+++ b/sys/arch/arm64/arm64/machdep.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: machdep.c,v 1.87 2024/03/13 14:57:08 kettenis Exp $ */
+/* $OpenBSD: machdep.c,v 1.88 2024/03/17 13:05:40 kettenis Exp $ */
 /*
  * Copyright (c) 2014 Patrick Wildt <patrick@blueri.se>
  * Copyright (c) 2021 Mark Kettenis <kettenis@openbsd.org>
@@ -367,7 +367,7 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 	case CPU_ID_AA64PFR1:
 		value = 0;
 		value |= cpu_id_aa64pfr1 & ID_AA64PFR1_BT_MASK;
-		value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SBSS_MASK;
+		value |= cpu_id_aa64pfr1 & ID_AA64PFR1_SSBS_MASK;
 		return sysctl_rdquad(oldp, oldlenp, newp, value);
 	case CPU_ID_AA64ISAR2:
 	case CPU_ID_AA64MMFR0:
diff --git a/sys/arch/arm64/include/armreg.h b/sys/arch/arm64/include/armreg.h
index 78c0980da..5d0081587 100644
--- a/sys/arch/arm64/include/armreg.h
+++ b/sys/arch/arm64/include/armreg.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: armreg.h,v 1.31 2024/03/05 18:42:20 kettenis Exp $ */
+/* $OpenBSD: armreg.h,v 1.32 2024/03/17 13:05:40 kettenis Exp $ */
 /*-
  * Copyright (c) 2013, 2014 Andrew Turner
  * Copyright (c) 2015 The FreeBSD Foundation
@@ -582,12 +582,12 @@
 #define	ID_AA64PFR1_BT(x)		((x) & ID_AA64PFR1_BT_MASK)
 #define	 ID_AA64PFR1_BT_NONE		(0x0ULL << ID_AA64PFR1_BT_SHIFT)
 #define	 ID_AA64PFR1_BT_IMPL		(0x1ULL << ID_AA64PFR1_BT_SHIFT)
-#define	ID_AA64PFR1_SBSS_SHIFT		4
-#define	ID_AA64PFR1_SBSS_MASK		(0xfULL << ID_AA64PFR1_SBSS_SHIFT)
-#define	ID_AA64PFR1_SBSS(x)		((x) & ID_AA64PFR1_SBSS_MASK)
-#define	 ID_AA64PFR1_SBSS_NONE		(0x0ULL << ID_AA64PFR1_SBSS_SHIFT)
-#define	 ID_AA64PFR1_SBSS_PSTATE	(0x1ULL << ID_AA64PFR1_SBSS_SHIFT)
-#define	 ID_AA64PFR1_SBSS_PSTATE_MSR	(0x2ULL << ID_AA64PFR1_SBSS_SHIFT)
+#define	ID_AA64PFR1_SSBS_SHIFT		4
+#define	ID_AA64PFR1_SSBS_MASK		(0xfULL << ID_AA64PFR1_SSBS_SHIFT)
+#define	ID_AA64PFR1_SSBS(x)		((x) & ID_AA64PFR1_SSBS_MASK)
+#define	 ID_AA64PFR1_SSBS_NONE		(0x0ULL << ID_AA64PFR1_SSBS_SHIFT)
+#define	 ID_AA64PFR1_SSBS_PSTATE	(0x1ULL << ID_AA64PFR1_SSBS_SHIFT)
+#define	 ID_AA64PFR1_SSBS_PSTATE_MSR	(0x2ULL << ID_AA64PFR1_SSBS_SHIFT)
 #define	ID_AA64PFR1_MTE_SHIFT		8
 #define	ID_AA64PFR1_MTE_MASK		(0xfULL << ID_AA64PFR1_MTE_SHIFT)
 #define	ID_AA64PFR1_MTE(x)		((x) & ID_AA64PFR1_MTE_MASK)
diff --git a/sys/dev/mii/eephy.c b/sys/dev/mii/eephy.c
index a03575e1d..c351d1863 100644
--- a/sys/dev/mii/eephy.c
+++ b/sys/dev/mii/eephy.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: eephy.c,v 1.64 2024/01/23 11:51:53 uwe Exp $	*/
+/*	$OpenBSD: eephy.c,v 1.65 2024/03/17 00:06:43 patrick Exp $	*/
 /*
  * Principal Author: Parag Patel
  * Copyright (c) 2001
@@ -55,6 +55,11 @@
 
 #include <dev/mii/eephyreg.h>
 
+#ifdef __HAVE_FDT
+#include <machine/fdt.h>
+#include <dev/ofw/openfirm.h>
+#endif
+
 int	eephy_match(struct device *, void *, void *);
 void	eephy_attach(struct device *, struct device *, void *);
 
@@ -70,6 +75,10 @@ int	eephy_service(struct mii_softc *, struct mii_data *, int);
 void	eephy_status(struct mii_softc *);
 void	eephy_reset(struct mii_softc *);
 
+#ifdef __HAVE_FDT
+void	eephy_fdt_reg_init(struct mii_softc *);
+#endif
+
 const struct mii_phy_funcs eephy_funcs = {
 	eephy_service, eephy_status, eephy_reset,
 };
@@ -213,6 +222,10 @@ eephy_attach(struct device *parent, struct device *self, void *aux)
 		PHY_WRITE(sc, E1000_EADR, page);
 	}
 
+#ifdef __HAVE_FDT
+	eephy_fdt_reg_init(sc);
+#endif
+
 	PHY_RESET(sc);
 
 	sc->mii_capabilities = PHY_READ(sc, E1000_SR) & ma->mii_capmask;
@@ -428,3 +441,40 @@ eephy_status(struct mii_softc *sc)
 			mii->mii_media_active |= IFM_ETH_MASTER;
 	}
 }
+
+#ifdef __HAVE_FDT
+void eephy_fdt_reg_init(struct mii_softc *sc)
+{
+	uint32_t *prop, opage;
+	int i, len;
+
+	if (!sc->mii_pdata->mii_node)
+		return;
+
+	len = OF_getproplen(sc->mii_pdata->mii_node, "marvell,reg-init");
+	if (len <= 0 || len % (4 * sizeof(uint32_t)) != 0)
+		return;
+
+	opage = PHY_READ(sc, E1000_EADR);
+	prop = malloc(len, M_TEMP, M_WAITOK);
+	OF_getpropintarray(sc->mii_pdata->mii_node, "marvell,reg-init",
+	    prop, len);
+	for (i = 0; i < len; i += 4) {
+		uint32_t page = prop[i + 0];
+		uint32_t reg = prop[i + 1];
+		uint32_t keep = prop[i + 2];
+		uint32_t set = prop[i + 3];
+		uint32_t val = 0;
+
+		PHY_WRITE(sc, E1000_EADR, page);
+		if (keep) {
+			val = PHY_READ(sc, reg);
+			val &= keep;
+		}
+		val |= set;
+		PHY_WRITE(sc, reg, val);
+	}
+	free(prop, M_TEMP, len);
+	PHY_WRITE(sc, E1000_EADR, opage);
+}
+#endif
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index 0a93d28d8..6ceb1e411 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_usrreq.c,v 1.200 2023/11/28 09:29:20 jsg Exp $	*/
+/*	$OpenBSD: uipc_usrreq.c,v 1.201 2024/03/17 19:47:08 mvs Exp $	*/
 /*	$NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $	*/
 
 /*
@@ -415,6 +415,8 @@ uipc_listen(struct socket *so)
 {
 	struct unpcb *unp = sotounpcb(so);
 
+	if (unp->unp_flags & (UNP_BINDING | UNP_CONNECTING))
+		return (EINVAL);
 	if (unp->unp_vnode == NULL)
 		return (EINVAL);
 	return (0);
diff --git a/usr.sbin/rpki-client/extern.h b/usr.sbin/rpki-client/extern.h
index a27dd2123..cca436a1c 100644
--- a/usr.sbin/rpki-client/extern.h
+++ b/usr.sbin/rpki-client/extern.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: extern.h,v 1.210 2024/02/26 15:40:33 job Exp $ */
+/*	$OpenBSD: extern.h,v 1.211 2024/03/17 01:44:59 tb Exp $ */
 /*
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
  *
@@ -24,14 +24,6 @@
 #include <openssl/x509.h>
 #include <openssl/x509v3.h>
 
-/*
- * Enumeration for ASN.1 explicit tags in RSC eContent
- */
-enum rsc_resourceblock_tag {
-	RSRCBLK_TYPE_ASID,
-	RSRCBLK_TYPE_IPADDRBLK,
-};
-
 enum cert_as_type {
 	CERT_AS_ID, /* single identifier */
 	CERT_AS_INHERIT, /* inherit from parent */