SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2023-12-14 01:14:09 +00:00
parent 24ffeadca5
commit 8801582927
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
30 changed files with 1221 additions and 280 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
distrib/sets/lists/base/mi
View File

@ -292,9 +292,14 @@
./etc/rmt
./etc/rpc
./etc/rpki
./etc/rpki/afrinic.constraints
./etc/rpki/afrinic.tal
./etc/rpki/apnic.constraints
./etc/rpki/apnic.tal
./etc/rpki/arin.constraints
./etc/rpki/lacnic.constraints
./etc/rpki/lacnic.tal
./etc/rpki/ripe.constraints
./etc/rpki/ripe.tal
./etc/services
./etc/signify

4
etc/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.486 2022/06/28 18:46:00 claudio Exp $
# $OpenBSD: Makefile,v 1.487 2023/12/13 11:34:56 job Exp $
.include <bsd.own.mk>
@ -161,6 +161,8 @@ distribution-etc-root-var: distrib-dirs
cd rpki; \
${INSTALL} -c -o root -g wheel -m 644 \
afrinic.tal apnic.tal lacnic.tal ripe.tal \
arin.constraints afrinic.constraints apnic.constraints \
lacnic.constraints ripe.constraints \
${DESTDIR}/etc/rpki
cd examples; \
${INSTALL} -c -o root -g wheel -m 644 ${EXAMPLES} \

7
etc/changelist
View File

@ -1,4 +1,4 @@
# $OpenBSD: changelist,v 1.137 2023/09/19 15:02:54 naddy Exp $
# $OpenBSD: changelist,v 1.138 2023/12/13 11:34:56 job Exp $
#
# List of files which the security script backs up and checks
# for modifications.
@ -112,10 +112,15 @@
/etc/resolv.conf
/etc/ripd.conf
/etc/rpc
/etc/rpki/afrinic.constraints
/etc/rpki/afrinic.tal
/etc/rpki/apnic.constraints
/etc/rpki/apnic.tal
/etc/rpki/arin.constraints
/etc/rpki/arin.tal
/etc/rpki/lacnic.constraints
/etc/rpki/lacnic.tal
/etc/rpki/ripe.constraints
/etc/rpki/ripe.tal
/etc/rpki/skiplist
/etc/sasyncd.conf

627
etc/rpki/afrinic.constraints Normal file
View File

@ -0,0 +1,627 @@
# From https://www.iana.org/assignments/ipv4-address-space/
allow 41.0.0.0/8
allow 102.0.0.0/8
allow 105.0.0.0/8
allow 154.0.0.0/8
allow 196.0.0.0/7
# From https://www.iana.org/assignments/ipv6-address-space/
allow 2001:4200::/23
allow 2c00::/12
# From https://www.iana.org/assignments/as-numbers/
allow 36864 - 37887
allow 327680 - 328703
allow 328704 - 329727
# Holes
deny 154.1.0.0/16 # ARIN
deny 154.2.0.0/15 # ARIN
deny 154.4.0.0/14 # ARIN
deny 154.8.0.0 - 154.8.47.255 # RIPE
deny 154.8.48.0 - 154.8.255.255 # APNIC
deny 154.9.0.0/16 # ARIN
deny 154.10.0.0/16 # APNIC
deny 154.11.0.0/16 # ARIN
deny 154.12.0.0/15 # ARIN
deny 154.14.0.0/15 # RIPE
deny 154.17.0.0/16 # ARIN
deny 154.18.0.0/15 # ARIN
deny 154.20.0.0/14 # ARIN
deny 154.24.0.0/13 # ARIN
deny 154.32.0.0/16 # RIPE
deny 154.33.0.0 - 154.34.255.255 # APNIC
deny 154.35.0.0/16 # ARIN
deny 154.36.0.0/14 # ARIN
deny 154.40.0.0/13 # ARIN
deny 154.48.0.0/12 # ARIN
deny 154.64.0.0/16 # ARIN
deny 196.1.1.0/24 # APNIC
deny 196.1.68.0/24 # APNIC
deny 196.1.104.0 - 196.1.106.255 # APNIC
deny 196.1.108.0/22 # APNIC
deny 196.1.113.0 - 196.1.114.255 # APNIC
deny 196.1.134.0/24 # APNIC
deny 196.3.65.0/24 # APNIC
deny 196.3.72.0/24 # APNIC
deny 196.12.32.0/19 # APNIC
deny 196.15.16.0/20 # APNIC
deny 196.29.64.0/19 # LACNIC
deny 196.32.32.0/19 # LACNIC
deny 196.32.64.0/19 # LACNIC
deny 196.40.0.0 - 196.40.95.255 # LACNIC
# From https://www.iana.org/assignments/ipv4-recovered-address-space
allow 45.96.0.0 - 45.111.255.255
allow 45.192.0.0 - 45.222.255.255
allow 45.240.0.0 - 45.247.255.255
allow 66.251.128.0 - 66.251.191.255
allow 139.26.0.0 - 139.26.255.255
allow 146.196.128.0 - 146.196.255.255
# 154.16.0.0 - 154.16.255.255 # already contained within 154/8
allow 160.19.36.0 - 160.19.39.255
allow 160.19.60.0 - 160.19.63.255
allow 160.19.96.0 - 160.19.103.255
allow 160.19.112.0 - 160.19.143.255
allow 160.19.152.0 - 160.19.155.255
allow 160.19.188.0 - 160.19.191.255
allow 160.19.192.0 - 160.19.199.255
allow 160.19.232.0 - 160.19.239.255
allow 160.20.24.0 - 160.20.31.255
allow 160.20.112.0 - 160.20.115.255
allow 160.20.213.0 - 160.20.213.255
allow 160.20.217.0 - 160.20.217.255
allow 160.20.221.0 - 160.20.221.255
allow 160.20.226.0 - 160.20.227.255
allow 160.20.252.0 - 160.20.255.255
allow 160.238.11.0 - 160.238.11.255
allow 160.238.48.0 - 160.238.49.255
allow 160.238.50.0 - 160.238.50.255
allow 160.238.57.0 - 160.238.57.255
allow 160.238.101.0 - 160.238.101.255
allow 161.123.0.0 - 161.123.255.255
allow 164.160.0.0 - 164.160.255.255
allow 192.12.110.0 - 192.12.111.255
allow 192.12.116.0 - 192.12.117.255
allow 192.47.36.0 - 192.47.36.255
allow 192.51.240.0 - 192.51.240.255
allow 192.70.200.0 - 192.70.201.255
allow 192.75.236.0 - 192.75.236.255
allow 192.83.208.0 - 192.83.215.255
allow 192.91.200.0 - 192.91.200.255
allow 192.142.0.0 - 192.143.255.255
allow 192.145.128.0 - 192.145.191.255
allow 192.145.230.0 - 192.145.230.255
allow 204.8.204.0 - 204.8.207.255
allow 208.85.156.0 - 208.85.159.255
# From https://web.archive.org/web/20131120040037/http://www.ripe.net/lir-services/resource-management/erx/transferred-resources
# From https://afrinic.net/fr/library/policies/220-erx-transfer
allow 2561
allow 3208
allow 5536
allow 6127
allow 6713
allow 6879
allow 8524
allow 8770
allow 9129
allow 11380
allow 12455
allow 12556
allow 13224
allow 15399
allow 13569
allow 15475
allow 15706
allow 15804
allow 15825
allow 15834
allow 15964
allow 16058
allow 16214
allow 16284
allow 16853
allow 16907
allow 17652
allow 19676
allow 20294
allow 20484
allow 20858
allow 20928
allow 21003
allow 21152
allow 21242
allow 21271
allow 21278
allow 21280
allow 21391
allow 21452
allow 23549
allow 23889
allow 24736
allow 24757
allow 24788
allow 24801
allow 24835
allow 24863
allow 24878
allow 24987
allow 25163
allow 25250
allow 25362
allow 25364
allow 25543
allow 25568
allow 25576
allow 28683
allow 28698
allow 28913
allow 29091
allow 29338
allow 29340
allow 29428
allow 29495
allow 29544
allow 29571
allow 29614
allow 29674
allow 30896
allow 31065
allow 31245
allow 31619
allow 83.143.24.0 - 83.143.31.255
allow 84.205.96.0 - 84.205.127.255
allow 131.176.0.0 - 131.176.255.255
allow 163.121.0.0 - 163.121.255.255
allow 165.231.0.0 - 165.231.255.255
allow 192.52.232.0 - 192.52.232.255
allow 193.17.215.0 - 193.17.215.255
allow 193.19.232.0 - 193.19.235.255
allow 193.41.146.0 - 193.41.147.255
allow 193.108.23.0 - 193.108.23.255
allow 193.108.28.0 - 193.108.28.255
allow 193.109.66.0 - 193.109.67.255
allow 193.110.104.0 - 193.110.105.255
allow 193.194.128.0 - 193.194.128.255
allow 193.227.128.0 - 193.227.128.255
allow 194.9.64.0 - 194.9.65.255
allow 194.9.82.0 - 194.9.83.255
allow 195.24.80.0 - 195.24.87.255
allow 195.39.218.0 - 195.39.219.255
allow 195.234.120.0 - 195.234.123.255
allow 195.234.168.0 - 195.234.168.255
allow 195.234.185.0 - 195.234.185.255
allow 195.234.252.0 - 195.234.255.255
# From https://www.ripe.net/participate/internet-governance/internet-technical-community/the-rir-system/afrinic/ripe-ncc-to-afrinic-transition
allow 30980
allow 30982 - 30999
# From https://afrinic.net/ast/pdf/afrinic-whois-audit-report-full-20210121.pdf
# 12.3 Appendix A3
allow 193.188.7.0/24
allow 193.189.0.0/18
allow 193.189.128.0/24
allow 193.194.160.0/19
allow 193.221.218.0/24
# From https://ftp.arin.net/afrinic/afrinic-transfers-by-resource.txt
# Feb 21, 2005
allow 1228 - 1232
allow 2018
allow 2905
allow 3067
allow 3068
allow 3741
allow 4178
allow 4571
allow 5713
allow 5734
allow 6083
allow 6089
allow 6149
allow 6180
allow 6187
allow 6351
allow 6529
allow 6560
allow 6968
allow 7020
allow 7154
allow 7231
allow 7390
allow 7420
allow 7460
allow 7971
allow 7972
allow 8094
allow 10247
allow 10262
allow 10331
allow 10393
allow 10474
allow 10505
allow 10540
allow 10575
allow 10798
allow 10803
allow 10898
allow 10922
allow 11125
allow 11157
allow 11201
allow 11259
allow 11265
allow 11569
allow 11645
allow 11744
allow 11845
allow 11909
allow 12091
allow 12143
allow 12258
allow 13402
allow 13519
allow 13854
allow 14029
allow 14115
allow 14331
allow 14360
allow 14429
allow 14516
allow 14988
allow 15022
allow 15159
allow 16416
allow 16547
allow 16630
allow 16637
allow 16800
allow 17148
allow 17220
allow 17260
allow 17312
allow 17400
allow 18775
allow 18922
allow 18931
allow 19136
allow 19232
allow 19711
allow 19832
allow 19847
allow 20011
allow 20086
allow 20095
allow 20180
allow 20459
allow 21739
allow 21819
allow 22354
allow 22355
allow 22386
allow 22572
allow 22690
allow 22735
allow 22750
allow 22939
allow 23058
allow 25695
allow 25726
allow 25793
allow 25818
allow 26106
allow 26130
allow 26422
allow 26625
allow 26754
allow 27576
allow 27598
allow 29918
allow 29975
allow 30073
allow 30306
allow 30429
allow 30619
allow 31810
allow 31856
allow 31960
allow 32017
allow 32279
allow 32398
allow 32437
allow 32653
allow 32714
allow 32717
allow 32842
allow 32860
allow 33567
allow 33579
allow 33762 - 33791
allow 64.57.112.0 - 64.57.127.255
allow 66.8.0.0 - 66.8.127.255
allow 66.18.64.0 - 66.18.95.255
allow 69.63.64.0 - 69.63.79.255
allow 69.67.32.0 - 69.67.47.255
allow 137.158.0.0 - 137.158.255.255
allow 137.214.0.0 - 137.214.255.255
allow 137.215.0.0 - 137.215.255.255
allow 139.53.0.0 - 139.53.255.255
allow 143.128.0.0 - 143.128.255.255
allow 143.160.0.0 - 143.160.255.255
allow 146.64.0.0 - 146.64.255.255
allow 146.141.0.0 - 146.141.255.255
allow 146.182.0.0 - 146.182.255.255
allow 146.230.0.0 - 146.230.255.255
allow 146.231.0.0 - 146.231.255.255
allow 146.232.0.0 - 146.232.255.255
allow 147.110.0.0 - 147.110.255.255
allow 152.106.0.0 - 152.106.255.255
allow 152.107.0.0 - 152.107.255.255
allow 152.108.0.0 - 152.108.255.255
allow 152.109.0.0 - 152.109.255.255
allow 152.110.0.0 - 152.110.255.255
allow 152.111.0.0 - 152.111.255.255
allow 152.112.0.0 - 152.112.255.255
allow 155.159.0.0 - 155.159.255.255
allow 155.232.0.0 - 155.232.255.255
allow 155.233.0.0 - 155.233.255.255
allow 155.234.0.0 - 155.234.255.255
allow 155.235.0.0 - 155.235.255.255
allow 155.236.0.0 - 155.236.255.255
allow 155.237.0.0 - 155.237.255.255
allow 155.238.0.0 - 155.238.255.255
allow 155.239.0.0 - 155.239.255.255
allow 155.240.0.0 - 155.240.255.255
allow 156.8.0.0 - 156.8.255.255
allow 160.115.0.0 - 160.115.255.255
allow 160.116.0.0 - 160.116.255.255
allow 160.117.0.0 - 160.117.255.255
allow 160.118.0.0 - 160.118.255.255
allow 160.119.0.0 - 160.119.255.255
allow 160.120.0.0 - 160.120.255.255
allow 160.121.0.0 - 160.121.255.255
allow 160.122.0.0 - 160.122.255.255
allow 160.123.0.0 - 160.123.255.255
allow 160.124.0.0 - 160.124.255.255
allow 163.195.0.0 - 163.195.255.255
allow 163.196.0.0 - 163.196.255.255
allow 163.197.0.0 - 163.197.255.255
allow 163.198.0.0 - 163.198.255.255
allow 163.199.0.0 - 163.199.255.255
allow 163.200.0.0 - 163.200.255.255
allow 163.201.0.0 - 163.201.255.255
allow 163.202.0.0 - 163.202.255.255
allow 163.203.0.0 - 163.203.255.255
allow 164.88.0.0 - 164.88.255.255
allow 164.146.0.0 - 164.151.255.255
allow 164.155.0.0 - 164.155.255.255
allow 165.3.0.0 - 165.5.255.255
allow 165.8.0.0 - 165.11.255.255
allow 165.25.0.0 - 165.25.255.255
allow 165.143.0.0 - 165.149.255.255
allow 165.165.0.0 - 165.165.255.255
allow 165.180.0.0 - 165.180.255.255
allow 165.233.0.0 - 165.233.255.255
allow 166.85.0.0 - 166.85.255.255
allow 168.76.0.0 - 168.76.255.255
allow 168.80.0.0 - 168.81.255.255
allow 168.89.0.0 - 168.89.255.255
allow 168.128.0.0 - 168.128.255.255
allow 168.142.0.0 - 168.142.255.255
allow 168.155.0.0 - 168.155.255.255
allow 168.164.0.0 - 168.164.255.255
allow 168.167.0.0 - 168.167.255.255
allow 168.172.0.0 - 168.172.255.255
allow 168.206.0.0 - 168.206.255.255
allow 168.209.0.0 - 168.210.255.255
allow 169.129.0.0 - 169.129.255.255
allow 169.202.0.0 - 169.202.255.255
allow 192.33.10.0 - 192.33.10.255
allow 192.42.99.0 - 192.42.99.255
allow 192.48.253.0 - 192.48.253.255
allow 192.68.138.0 - 192.68.138.255
allow 192.70.237.0 - 192.70.237.255
allow 192.82.142.0 - 192.82.142.255
allow 192.84.244.0 - 192.84.244.255
allow 192.94.61.0 - 192.94.61.255
allow 192.94.210.0 - 192.94.210.255
allow 192.94.240.0 - 192.94.240.255
allow 192.94.241.0 - 192.94.241.255
allow 192.94.246.0 - 192.94.246.255
allow 192.96.0.0 - 192.96.255.255
allow 192.100.1.0 - 192.100.1.255
allow 192.101.142.0 - 192.101.142.255
allow 192.102.9.0 - 192.102.9.255
allow 192.133.250.0 - 192.133.250.255
allow 192.136.55.0 - 192.136.55.255
allow 192.136.56.0 - 192.136.56.255
allow 192.136.57.0 - 192.136.57.255
allow 192.157.190.0 - 192.157.190.255
allow 192.188.164.0 - 192.188.167.255
allow 192.189.75.0 - 192.189.75.255
allow 192.189.139.0 - 192.189.140.255
allow 192.231.237.0 - 192.231.237.255
allow 192.231.254.0 - 192.231.254.255
allow 192.245.148.0 - 192.245.148.255
allow 192.251.202.0 - 192.251.202.255
allow 198.54.0.0 - 198.54.255.255
allow 200.16.8.0 - 200.16.15.255
allow 204.12.128.0 - 204.12.143.255
allow 204.87.179.0 - 204.87.179.255
allow 204.152.14.0 - 204.152.15.255
allow 204.235.32.0 - 204.235.43.255
allow 205.159.79.0 - 205.159.79.255
allow 206.223.136.0 - 206.223.136.255
allow 209.203.0.0 - 209.203.63.255
allow 209.212.96.0 - 209.212.127.255
allow 216.236.176.0 - 216.236.191.255
# From rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer
# CN=APNICTOAFRINIC/serialNumber=6F1A103E1427FF03483ABFD9E34DACBE1524FF8B
# Not Before: Mar 30 14:17:08 2020 GMT / Not After : Mar 30 00:00:00 2025 GMT
# SHA256:B6w5P1mkoNyJtM99GfGLaaKkGfSkQ6+4eC4tPijBLyM=
allow 202.123.0.0/19
# From rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer
# CN=RIPETOAFRINIC/serialNumber=7F7AC180897983E29E937C0A187803C072755545
# Not Before: Mar 30 14:17:12 2020 GMT / Not After : Mar 30 00:00:00 2025 GMT
# SHA256:64eh2w7qQrFQVPaQrRJ4kA83gUgE3EDvm0D0AWHCXHM=
allow 62.8.64.0/19
allow 62.12.96.0/19
allow 62.24.96.0/19
allow 62.61.192.0/18
allow 62.68.32.0/19
allow 62.68.224.0/19
allow 62.114.0.0/16
allow 62.117.32.0/19
allow 62.135.0.0/17
allow 62.139.0.0/16
allow 62.140.64.0/18
allow 62.173.32.0/19
allow 62.193.64.0/18
allow 62.193.160.0/19
allow 62.240.32.0/19
allow 62.240.96.0/19
allow 62.241.128.0/19
allow 62.251.128.0/17
allow 77.220.0.0/19
allow 80.67.128.0/20
allow 80.72.96.0/20
allow 80.75.160.0/19
allow 80.87.64.0/19
allow 80.88.0.0/20
allow 80.95.0.0/20
allow 80.240.192.0/20
allow 80.246.0.0/20
allow 80.248.0.0/20
allow 80.248.64.0/20
allow 80.249.64.0/20
allow 80.250.32.0/20
allow 81.4.0.0/18
allow 81.10.0.0/17
allow 81.21.96.0/20
allow 81.22.64.0/19
allow 81.26.64.0/20
allow 81.29.96.0/20
allow 81.91.224.0/20
allow 81.192.0.0/16
allow 82.101.128.0/18
allow 82.128.0.0/17
allow 82.129.128.0/17
allow 82.151.64.0/19
allow 82.201.128.0/17
allow 84.36.0.0/16
allow 84.233.0.0/17
allow 87.255.96.0/19
allow 193.95.0.0/17
allow 193.108.214.0/24
allow 193.108.252.0/22
allow 193.189.64.0 - 193.189.65.255
allow 193.194.1.0 - 193.194.5.255
allow 193.194.32.0 - 193.194.95.255
allow 193.227.0.0/18
allow 194.6.224.0/24
allow 194.79.96.0/19
allow 194.204.192.0/18
allow 195.24.192.0/19
allow 195.43.0.0/19
allow 195.166.224.0/19
allow 195.202.64.0/19
allow 195.246.32.0/19
allow 212.0.128.0/19
allow 212.12.224.0/19
allow 212.22.160.0/19
allow 212.49.64.0/19
allow 212.52.128.0/19
allow 212.60.64.0/19
allow 212.85.192.0/19
allow 212.88.96.0/19
allow 212.96.0.0/19
allow 212.100.64.0/19
allow 212.103.160.0/19
allow 212.122.224.0/19
allow 212.217.0.0/17
allow 213.55.64.0/18
allow 213.131.64.0/19
allow 213.136.96.0/19
allow 213.147.64.0/19
allow 213.150.96.0/19
allow 213.150.160.0 - 213.150.223.255
allow 213.152.64.0/19
allow 213.154.32.0 - 213.154.95.255
allow 213.158.160.0/19
allow 213.172.128.0/19
allow 213.179.160.0/19
allow 213.181.224.0/19
allow 213.193.32.0/19
allow 213.212.192.0/18
allow 213.247.0.0/19
allow 213.255.128.0/19
allow 217.14.80.0/20
allow 217.20.224.0/20
allow 217.21.112.0/20
allow 217.29.128.0/20
allow 217.29.208.0/20
allow 217.52.0.0/14
allow 217.64.96.0/20
allow 217.77.64.0/20
allow 217.78.64.0/20
allow 217.117.0.0/20
allow 217.139.0.0/16
allow 217.170.144.0/20
allow 217.199.144.0/20
# From rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer
# CN=ARINTOAFRINIC/serialNumber=B87C5A75F3D957413AB998646946D4541D511455
# Not Before: Mar 30 14:17:09 2020 GMT / Not After : Mar 30 00:00:00 2025 GMT
# SHA256:wmJV3qcwiPcLtEMLBcvvyjs4V1Lz690bK3b8cv5v8F8=
allow 129.0.0.0/16
allow 129.18.0.0/16
allow 129.45.0.0/16
allow 129.56.0.0/16
allow 129.122.0.0/16
allow 129.140.0.0/16
allow 129.205.0.0/16
allow 129.232.0.0/16
allow 137.63.0.0 - 137.64.255.255
allow 137.115.0.0/16
allow 137.171.0.0/16
allow 137.196.0.0/16
allow 137.255.0.0/16
allow 155.0.0.0/16
allow 155.11.0.0 - 155.12.255.255
allow 155.89.0.0/16
allow 155.93.0.0/16
allow 155.196.0.0/16
allow 155.251.0.0/16
allow 155.255.0.0 - 156.0.255.255
allow 156.38.0.0/16
allow 156.155.0.0 - 156.255.255.255
allow 160.0.0.0/16
allow 160.77.0.0/16
allow 160.89.0.0 - 160.90.255.255
allow 160.105.0.0/16
allow 160.113.0.0/16
allow 160.152.0.0/16
allow 160.154.0.0 - 160.179.255.255
allow 160.181.0.0 - 160.184.255.255
allow 160.224.0.0 - 160.226.255.255
allow 160.242.0.0/16
allow 160.255.0.0/16
allow 165.0.0.0/16
allow 165.16.0.0/16
allow 165.49.0.0 - 165.63.255.255
allow 165.73.0.0/16
allow 165.90.0.0/16
allow 165.169.0.0/16
allow 165.210.0.0/15
allow 165.255.0.0/16
allow 168.211.0.0 - 168.211.255.255
allow 168.253.0.0/16
allow 169.0.0.0/15
allow 169.159.0.0/16
allow 169.239.0.0/16
allow 169.255.0.0/16
allow 192.109.242.0/24

80
etc/rpki/apnic.constraints Normal file
View File

@ -0,0 +1,80 @@
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:200::/23
allow 2001:c00::/23
allow 2001:e00::/23
allow 2001:4400::/23
allow 2001:8000::/19
allow 2001:a000::/20
allow 2001:b000::/20
allow 2400::/12
# AFRINIC Internet Number Resources cannot be transferred
# From https://www.iana.org/assignments/ipv4-address-space/
deny 41.0.0.0/8
deny 102.0.0.0/8
deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
deny 328704 - 329727
# Private use IPv4 & IPv6 addresses and ASNs
deny 0.0.0.0/8 # RFC 1122 Local Identification
deny 10.0.0.0/8 # RFC 1918 private space
deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT
deny 127.0.0.0/8 # RFC 1122 localhost
deny 169.254.0.0/16 # RFC 3927 link local
deny 172.16.0.0/12 # RFC 1918 private space
deny 192.0.2.0/24 # RFC 5737 TEST-NET-1
deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay
deny 192.168.0.0/16 # RFC 1918 private space
deny 198.18.0.0/15 # RFC 2544 benchmarking
deny 198.51.100.0/24 # RFC 5737 TEST-NET-2
deny 203.0.113.0/24 # RFC 5737 TEST-NET-3
deny 224.0.0.0/4 # Multicast
deny 240.0.0.0/4 # Reserved
deny 23456 # RFC 4893 AS_TRANS
deny 64496 - 64511 # RFC 5398
deny 64512 - 65534 # RFC 6996
deny 65535 # RFC 7300
deny 65536 - 65551 # RFC 5398
deny 65552 - 131071 # IANA Reserved
deny 4200000000 - 4294967294 # RFC 6996
deny 4294967295 # RFC 7300
# Allow the complement of what is denied
allow 0.0.0.0/0
allow 1 - 4199999999

79
etc/rpki/arin.constraints Normal file
View File

@ -0,0 +1,79 @@
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:400::/23
allow 2001:1800::/23
allow 2001:4800::/23
allow 2600::/12
allow 2610::/23
allow 2620::/23
allow 2630::/12
# AFRINIC Internet Number Resources cannot be transferred
# From https://www.iana.org/assignments/ipv4-address-space/
deny 41.0.0.0/8
deny 102.0.0.0/8
deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
deny 328704 - 329727
# Private use IPv4 & IPv6 addresses and ASNs
deny 0.0.0.0/8 # RFC 1122 Local Identification
deny 10.0.0.0/8 # RFC 1918 private space
deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT
deny 127.0.0.0/8 # RFC 1122 localhost
deny 169.254.0.0/16 # RFC 3927 link local
deny 172.16.0.0/12 # RFC 1918 private space
deny 192.0.2.0/24 # RFC 5737 TEST-NET-1
deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay
deny 192.168.0.0/16 # RFC 1918 private space
deny 198.18.0.0/15 # RFC 2544 benchmarking
deny 198.51.100.0/24 # RFC 5737 TEST-NET-2
deny 203.0.113.0/24 # RFC 5737 TEST-NET-3
deny 224.0.0.0/4 # Multicast
deny 240.0.0.0/4 # Reserved
deny 23456 # RFC 4893 AS_TRANS
deny 64496 - 64511 # RFC 5398
deny 64512 - 65534 # RFC 6996
deny 65535 # RFC 7300
deny 65536 - 65551 # RFC 5398
deny 65552 - 131071 # IANA Reserved
deny 4200000000 - 4294967294 # RFC 6996
deny 4294967295 # RFC 7300
# Allow the complement of what is denied
allow 0.0.0.0/0
allow 1 - 4199999999

74
etc/rpki/lacnic.constraints Normal file
View File

@ -0,0 +1,74 @@
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:1200::/23
allow 2800::/12
# AFRINIC Internet Number Resources cannot be transferred
# From https://www.iana.org/assignments/ipv4-address-space/
deny 41.0.0.0/8
deny 102.0.0.0/8
deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
deny 328704 - 329727
# Private use IPv4 & IPv6 addresses and ASNs
deny 0.0.0.0/8 # RFC 1122 Local Identification
deny 10.0.0.0/8 # RFC 1918 private space
deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT
deny 127.0.0.0/8 # RFC 1122 localhost
deny 169.254.0.0/16 # RFC 3927 link local
deny 172.16.0.0/12 # RFC 1918 private space
deny 192.0.2.0/24 # RFC 5737 TEST-NET-1
deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay
deny 192.168.0.0/16 # RFC 1918 private space
deny 198.18.0.0/15 # RFC 2544 benchmarking
deny 198.51.100.0/24 # RFC 5737 TEST-NET-2
deny 203.0.113.0/24 # RFC 5737 TEST-NET-3
deny 224.0.0.0/4 # Multicast
deny 240.0.0.0/4 # Reserved
deny 23456 # RFC 4893 AS_TRANS
deny 64496 - 64511 # RFC 5398
deny 64512 - 65534 # RFC 6996
deny 65535 # RFC 7300
deny 65536 - 65551 # RFC 5398
deny 65552 - 131071 # IANA Reserved
deny 4200000000 - 4294967294 # RFC 6996
deny 4294967295 # RFC 7300
# Allow the complement of what is denied
allow 0.0.0.0/0
allow 1 - 4199999999

86
etc/rpki/ripe.constraints Normal file
View File

@ -0,0 +1,86 @@
# From https://www.iana.org/assignments/ipv6-unicast-address-assignments
allow 2001:600::/23
allow 2001:800::/22
allow 2001:1400::/22
allow 2001:1a00::/23
allow 2001:1c00::/22
allow 2001:2000::/19
allow 2001:4000::/23
allow 2001:4600::/23
allow 2001:4a00::/23
allow 2001:4c00::/23
allow 2001:5000::/20
allow 2003::/18
allow 2a00::/12
allow 2a10::/12
# AFRINIC Internet Number Resources cannot be transferred
# From https://www.iana.org/assignments/ipv4-address-space/
deny 41.0.0.0/8
deny 102.0.0.0/8
deny 105.0.0.0/8
deny 154.0.0.0/16
deny 154.16.0.0/16
deny 154.65.0.0 - 154.255.255.255
deny 196.0.0.0/16
deny 196.1.0.0/24
# hole for 196.1.1.0/24
deny 196.1.2.0 - 196.1.67.255
# hole for 196.1.68.0/24
deny 196.1.69.0 - 196.1.103.255
# hole for 196.1.104.0 - 196.1.106.255
deny 196.1.107.0/24
# hole for 196.1.108.0/22
deny 196.1.112.0/24
# hole for 196.1.113.0 - 196.1.114.255
deny 196.1.115.0 - 196.1.133.255
# hole for 196.1.134.0/24
deny 196.1.135.0 - 196.3.64.255
# hole for 196.3.65.0/24
deny 196.3.66.0 - 196.3.71.255
# hole for 196.3.72.0/24
deny 196.3.73.0 - 196.12.31.255
# hole for 196.12.32.0/19
deny 196.12.64.0 - 196.15.15.255
# hole for 196.15.16.0/20
deny 196.15.32.0 - 196.29.63.255
# hole for 196.29.64.0/19
deny 196.29.96.0 - 196.32.31.255
# hole for 196.32.32.0/19
# hole for 196.32.64.0/19
deny 196.32.96.0 - 196.39.255.255
# hole for 196.40.0.0 - 196.40.95.255
deny 196.40.96.0 - 197.255.255.254
# From https://www.iana.org/assignments/as-numbers/
deny 36864 - 37887
deny 327680 - 328703
deny 328704 - 329727
# Private use IPv4 & IPv6 addresses and ASNs
deny 0.0.0.0/8 # RFC 1122 Local Identification
deny 10.0.0.0/8 # RFC 1918 private space
deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT
deny 127.0.0.0/8 # RFC 1122 localhost
deny 169.254.0.0/16 # RFC 3927 link local
deny 172.16.0.0/12 # RFC 1918 private space
deny 192.0.2.0/24 # RFC 5737 TEST-NET-1
deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay
deny 192.168.0.0/16 # RFC 1918 private space
deny 198.18.0.0/15 # RFC 2544 benchmarking
deny 198.51.100.0/24 # RFC 5737 TEST-NET-2
deny 203.0.113.0/24 # RFC 5737 TEST-NET-3
deny 224.0.0.0/4 # Multicast
deny 240.0.0.0/4 # Reserved
deny 23456 # RFC 4893 AS_TRANS
deny 64496 - 64511 # RFC 5398
deny 64512 - 65534 # RFC 6996
deny 65535 # RFC 7300
deny 65536 - 65551 # RFC 5398
deny 65552 - 131071 # IANA Reserved
deny 4200000000 - 4294967294 # RFC 6996
deny 4294967295 # RFC 7300
# Allow the complement of what is denied
allow 0.0.0.0/0
allow 1 - 4199999999

2
gnu/usr.bin/binutils-2.17/ld/emulparams/elf64alpha_obsd.sh
View File

@ -1,3 +1,5 @@
. ${srcdir}/emulparams/elf64alpha.sh
. ${srcdir}/emulparams/elf_obsd.sh
ENTRY=__start
TEXT_START_ADDR="0x2000000"
NONPAGED_TEXT_START_ADDR="0x2000000"

84
lib/libc/arch/hppa/DEFS.h
View File

@ -1,3 +1,85 @@
/* $OpenBSD: DEFS.h,v 1.1 1998/08/28 20:59:40 mickey Exp $ */
/* $OpenBSD: DEFS.h,v 1.2 2023/12/13 09:01:25 miod Exp $ */
/*
* Copyright (c) 1998-2002 Michael Shalayeff
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF MIND
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <machine/asm.h>
#define END(x) EXIT(x)
/*
* We define a hidden alias with the prefix "_libc_" for each global symbol
* that may be used internally. By referencing _libc_x instead of x, other
* parts of libc prevent overriding by the application and avoid unnecessary
* relocations.
*/
#define _HIDDEN(x) _libc_##x
#define _HIDDEN_ALIAS(x,y) \
STRONG_ALIAS(_HIDDEN(x),y) !\
.hidden _HIDDEN(x)
#define _HIDDEN_FALIAS(x,y) \
_HIDDEN_ALIAS(x,y) !\
.type _HIDDEN(x),@function
/*
* For functions implemented in ASM that aren't syscalls.
* END_STRONG(x) Like DEF_STRONG() in C; for standard/reserved C names
* END_WEAK(x) Like DEF_WEAK() in C; for non-ISO C names
* ALTEND_STRONG(x) and ALTEND_WEAK()
* Matching macros for ALTENTRY functions
* END_BUILTIN(x) If compiling with clang, then just END() and
* mark it .protected, else be like END_STRONG();
* for clang builtins like memcpy
*
* If a 'BUILTIN' function needs be referenced by other ASM code, then use
* _BUILTIN(x) If compiled with clang, then just x, otherwise
* _HIDDEN(x)
*
* _END(x) Set a size on a symbol, like END(), but even for
* symbols with no matching ENTRY(). (On alpha and
* mips64, END() generates .end which requires a
* matching .ent from ENTRY())
*/
#define END_STRONG(x) END(x) ! _HIDDEN_FALIAS(x,x) ! _END(_HIDDEN(x))
#define END_WEAK(x) END_STRONG(x) ! .weak x
#define ALTEND_STRONG(x) _HIDDEN_FALIAS(x,x) ! _END(_HIDDEN(x))
#define ALTEND_WEAK(x) ALTEND_STRONG(x) ! .weak x
#ifdef __clang__
#define END_BUILTIN(x) END(x) ! .protected x
#define _BUILTIN(x) x
#else
#define END_BUILTIN(x) END_STRONG(x)
#define _BUILTIN(x) _HIDDEN(x)
#endif
#define _END(x) .size x, . - x
#define PINSYSCALL(sysno, label) \
.pushsection .openbsd.syscalls,"",@progbits !\
.p2align 2 !\
.long label !\
.long sysno !\
.popsection

50
lib/libc/arch/hppa/SYS.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: SYS.h,v 1.26 2023/12/11 22:24:15 kettenis Exp $ */
/* $OpenBSD: SYS.h,v 1.27 2023/12/13 09:01:25 miod Exp $ */
/*
* Copyright (c) 1998-2002 Michael Shalayeff
@ -26,7 +26,7 @@
*/
#include <sys/syscall.h>
#include <machine/asm.h>
#include "DEFS.h"
#undef _LOCORE
#define _LOCORE
#include <machine/frame.h>
@ -36,56 +36,29 @@
/* offsetof(struct tib, tib_errno) - offsetof(struct tib, __tib_tcb) */
#define TCB_OFFSET_ERRNO -8
/*
* We define a hidden alias with the prefix "_libc_" for each global symbol
* that may be used internally. By referencing _libc_x instead of x, other
* parts of libc prevent overriding by the application and avoid unnecessary
* relocations.
*/
#define _HIDDEN(x) _libc_##x
#define _HIDDEN_ALIAS(x,y) \
STRONG_ALIAS(_HIDDEN(x),y) !\
.hidden _HIDDEN(x)
#define _HIDDEN_FALIAS(x,y) \
_HIDDEN_ALIAS(x,y) !\
.type _HIDDEN(x),@function
/*
* For functions implemented in ASM that aren't syscalls.
* EXIT_STRONG(x) Like DEF_STRONG() in C; for standard/reserved C names
* EXIT_WEAK(x) Like DEF_WEAK() in C; for non-ISO C names
* ALTEXIT_STRONG(x) and ALTEXIT_WEAK()
* Matching macros for ALTENTRY functions
*/
#define ALTEXIT_STRONG(x) \
_HIDDEN_FALIAS(x,x) !\
.size _HIDDEN(x), . - _HIDDEN(x)
#define ALTEXIT_WEAK(x) ALTEXIT_STRONG(x) !\
.weak x
#define EXIT_STRONG(x) EXIT(x) !\
ALTEXIT_STRONG(x)
#define EXIT_WEAK(x) EXIT_STRONG(x) !\
.weak x
#define EXIT_STRONG(x) EXIT(x) !\
_HIDDEN_FALIAS(x,x) !\
_END(_HIDDEN(x))
#define EXIT_WEAK(x) EXIT_STRONG(x) !\
.weak x
#define PINSYSCALL(sysno, label) \
.pushsection .openbsd.syscalls,"",@progbits !\
.p2align 2 !\
.long label !\
.long sysno !\
.popsection
#define SYSENTRY(x) !\
LEAF_ENTRY(__CONCAT(_thread_sys_,x)) !\
LEAF_ENTRY(__CONCAT(_thread_sys_,x)) !\
WEAK_ALIAS(x,__CONCAT(_thread_sys_,x))
#define SYSENTRY_HIDDEN(x) !\
LEAF_ENTRY(__CONCAT(_thread_sys_,x))
LEAF_ENTRY(__CONCAT(_thread_sys_,x))
#define SYSEXIT(x) !\
SYSEXIT_HIDDEN(x) !\
.size x, . - x
_END(x)
#define SYSEXIT_HIDDEN(x) !\
EXIT(__CONCAT(_thread_sys_,x)) !\
_HIDDEN_FALIAS(x,_thread_sys_##x) !\
.size _HIDDEN(x), . - _HIDDEN(x)
_END(_HIDDEN(x))
#define SYSCALL(x) !\
stw rp, HPPA_FRAME_ERP(sr0,sp) !\
@ -130,4 +103,3 @@ SYSEXIT(x)
#define RSYSCALL(x) PSEUDO(x,x)
#define RSYSCALL_HIDDEN(x) PSEUDO_HIDDEN(x,x)

4
lib/libc/arch/hppa/string/memmove.S
View File

@ -151,7 +151,7 @@ $bcopy_r.done
bv 0(rp)
nop
EXIT_WEAK(bcopy)
ALTEXIT_STRONG(memmove)
END_WEAK(bcopy)
ALTEND_STRONG(memmove)
.end

0
lib/libc/sys/syscall.2
View File

208
lib/libcrypto/objects/obj_dat.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: obj_dat.c,v 1.62 2023/11/27 11:52:32 tb Exp $ */
/* $OpenBSD: obj_dat.c,v 1.65 2023/12/13 23:34:45 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -59,6 +59,7 @@
#include <ctype.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/opensslconf.h>
@ -74,16 +75,6 @@
/* obj_dat.h is generated from objects.h by obj_dat.pl */
#include "obj_dat.h"
static int sn_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int sn_cmp(const ASN1_OBJECT * const *, unsigned int const *);
static unsigned int *OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num);
static int ln_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int ln_cmp(const ASN1_OBJECT * const *, unsigned int const *);
static unsigned int *OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num);
static int obj_cmp_BSEARCH_CMP_FN(const void *, const void *);
static int obj_cmp(const ASN1_OBJECT * const *, unsigned int const *);
static unsigned int *OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num);
#define ADDED_DATA 0
#define ADDED_SNAME 1
#define ADDED_LNAME 2
@ -98,48 +89,6 @@ DECLARE_LHASH_OF(ADDED_OBJ);
static int new_nid = NUM_NID;
static LHASH_OF(ADDED_OBJ) *added = NULL;
static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{
return (strcmp((*a)->sn, nid_objs[*b].sn));
}
static int
sn_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
const ASN1_OBJECT * const *a = a_;
unsigned int const *b = b_;
return sn_cmp(a, b);
}
static unsigned int *
OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num)
{
return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int),
sn_cmp_BSEARCH_CMP_FN);
}
static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b)
{
return (strcmp((*a)->ln, nid_objs[*b].ln));
}
static int
ln_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
const ASN1_OBJECT * const *a = a_;
unsigned int const *b = b_;
return ln_cmp(a, b);
}
static unsigned int *
OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num)
{
return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int),
ln_cmp_BSEARCH_CMP_FN);
}
static unsigned long
added_obj_hash(const ADDED_OBJ *ca)
{
@ -417,51 +366,42 @@ OBJ_nid2ln(int n)
LCRYPTO_ALIAS(OBJ_nid2ln);
static int
obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp)
obj_objs_cmp(const void *aobj, const void *b)
{
const ASN1_OBJECT *a = *ap;
const ASN1_OBJECT *b = &nid_objs[*bp];
const unsigned int *nid = b;
return OBJ_cmp(a, b);
}
static int
obj_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
const ASN1_OBJECT * const *a = a_;
unsigned int const *b = b_;
return obj_cmp(a, b);
}
static unsigned int *
OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num)
{
return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int),
obj_cmp_BSEARCH_CMP_FN);
return OBJ_cmp(aobj, &nid_objs[*nid]);
}
int
OBJ_obj2nid(const ASN1_OBJECT *a)
OBJ_obj2nid(const ASN1_OBJECT *aobj)
{
const unsigned int *op;
ADDED_OBJ ad, *adp;
const unsigned int *nid;
if (a == NULL || a->length == 0)
return (NID_undef);
if (a->nid != NID_undef)
return (a->nid);
if (aobj == NULL || aobj->length == 0)
return NID_undef;
if (aobj->nid != NID_undef)
return aobj->nid;
/* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */
adp = lh_ADDED_OBJ_retrieve(added, &ad);
if (adp != NULL)
return (adp->obj->nid);
ADDED_OBJ needle = {
.type = ADDED_DATA,
.obj = (ASN1_OBJECT *)aobj,
};
ADDED_OBJ *found;
if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL)
return found->obj->nid;
}
op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ);
if (op == NULL)
return (NID_undef);
return (nid_objs[*op].nid);
/* obj_objs holds built-in obj NIDs in ascending OBJ_cmp() order. */
nid = bsearch(aobj, obj_objs, NUM_OBJ, sizeof(unsigned int), obj_objs_cmp);
if (nid != NULL)
return *nid;
return NID_undef;
}
LCRYPTO_ALIAS(OBJ_obj2nid);
@ -506,49 +446,77 @@ OBJ_txt2nid(const char *s)
}
LCRYPTO_ALIAS(OBJ_txt2nid);
int
OBJ_ln2nid(const char *s)
static int
ln_objs_cmp(const void *ln, const void *b)
{
ASN1_OBJECT o;
const ASN1_OBJECT *oo = &o;
ADDED_OBJ ad, *adp;
const unsigned int *op;
const unsigned int *nid = b;
o.ln = s;
return strcmp(ln, nid_objs[*nid].ln);
}
int
OBJ_ln2nid(const char *ln)
{
const unsigned int *nid;
/* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */
if (added != NULL) {
ad.type = ADDED_LNAME;
ad.obj = &o;
adp = lh_ADDED_OBJ_retrieve(added, &ad);
if (adp != NULL)
return (adp->obj->nid);
ASN1_OBJECT aobj = {
.ln = ln,
};
ADDED_OBJ needle = {
.type = ADDED_LNAME,
.obj = &aobj,
};
ADDED_OBJ *found;
if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL)
return found->obj->nid;
}
op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN);
if (op == NULL)
return (NID_undef);
return (nid_objs[*op].nid);
/* ln_objs holds NIDs in ascending alphabetical order of LN. */
nid = bsearch(ln, ln_objs, NUM_LN, sizeof(unsigned int), ln_objs_cmp);
if (nid != NULL)
return *nid;
return NID_undef;
}
LCRYPTO_ALIAS(OBJ_ln2nid);
int
OBJ_sn2nid(const char *s)
static int
sn_objs_cmp(const void *sn, const void *b)
{
ASN1_OBJECT o;
const ASN1_OBJECT *oo = &o;
ADDED_OBJ ad, *adp;
const unsigned int *op;
const unsigned int *nid = b;
o.sn = s;
return strcmp(sn, nid_objs[*nid].sn);
}
int
OBJ_sn2nid(const char *sn)
{
const unsigned int *nid;
/* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */
if (added != NULL) {
ad.type = ADDED_SNAME;
ad.obj = &o;
adp = lh_ADDED_OBJ_retrieve(added, &ad);
if (adp != NULL)
return (adp->obj->nid);
ASN1_OBJECT aobj = {
.sn = sn,
};
ADDED_OBJ needle = {
.type = ADDED_SNAME,
.obj = &aobj,
};
ADDED_OBJ *found;
if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL)
return found->obj->nid;
}
op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN);
if (op == NULL)
return (NID_undef);
return (nid_objs[*op].nid);
/* sn_objs holds NIDs in ascending alphabetical order of SN. */
nid = bsearch(sn, sn_objs, NUM_SN, sizeof(unsigned int), sn_objs_cmp);
if (nid != NULL)
return *nid;
return NID_undef;
}
LCRYPTO_ALIAS(OBJ_sn2nid);

6
lib/libutil/imsg_init.3
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: imsg_init.3,v 1.31 2023/12/12 15:49:21 claudio Exp $
.\" $OpenBSD: imsg_init.3,v 1.32 2023/12/13 00:37:42 jsg Exp $
.\"
.\" Copyright (c) 2023 Claudio Jeker <claudio@openbsd.org>
.\" Copyright (c) 2010 Nicholas Marriott <nicm@openbsd.org>
@ -15,7 +15,7 @@
.\" IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
.\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: December 12 2023 $
.Dd $Mdocdate: December 13 2023 $
.Dt IMSG_INIT 3
.Os
.Sh NAME
@ -226,7 +226,7 @@ forwards a just received
.Fa msg
unaltered on
.Fa imsgbuf .
Any attached filedescriptor is closed.
Any attached file descriptor is closed.
.Pp
.Fn imsg_flush
calls

4
regress/lib/libcrypto/x509/constraints.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: constraints.c,v 1.17 2023/10/01 04:48:39 tb Exp $ */
/* $OpenBSD: constraints.c,v 1.18 2023/12/13 05:59:50 tb Exp $ */
/*
* Copyright (c) 2020 Bob Beck <beck@openbsd.org>
*
@ -95,7 +95,7 @@ unsigned char *invalid_hostnames[] = {
"-p3nbsd.org",
"openbs-.org",
"openbsd\n.org",
"open\178bsd.org",
"open\177bsd.org",
"open\255bsd.org",
"*.openbsd.org",
NULL,

10
regress/lib/libcrypto/x509/rfc3779/rfc3779.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: rfc3779.c,v 1.9 2023/04/20 07:39:17 tb Exp $ */
/* $OpenBSD: rfc3779.c,v 1.10 2023/12/13 07:19:37 tb Exp $ */
/*
* Copyright (c) 2021 Theo Buehler <tb@openbsd.org>
*
@ -361,10 +361,10 @@ IPAddrBlocks_free(IPAddrBlocks *addr)
* extensions on each call.
*/
static const ASN1_ITEM_EXP *
static ASN1_ITEM_EXP *
get_IPAddrBlocks_it(void)
{
static const ASN1_ITEM_EXP *my_IPAddrBlocks_it;
static ASN1_ITEM_EXP *my_IPAddrBlocks_it;
const X509V3_EXT_METHOD *v3_addr;
if (my_IPAddrBlocks_it != NULL)
@ -383,7 +383,7 @@ get_IPAddrBlocks_it(void)
static IPAddrBlocks *
d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len)
{
const ASN1_ITEM_EXP *my_IPAddrBlocks_it;
ASN1_ITEM_EXP *my_IPAddrBlocks_it;
if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL)
return NULL;
@ -395,7 +395,7 @@ d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len)
static int
i2d_IPAddrBlocks(IPAddrBlocks *addrs, unsigned char **out)
{
const ASN1_ITEM_EXP *my_IPAddrBlocks_it;
ASN1_ITEM_EXP *my_IPAddrBlocks_it;
if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL)
return -1;

96
regress/lib/libcrypto/x509/x509_asn1.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: x509_asn1.c,v 1.20 2023/06/05 18:32:06 job Exp $ */
/* $OpenBSD: x509_asn1.c,v 1.21 2023/12/13 05:57:37 tb Exp $ */
/*
* Copyright (c) 2023 Job Snijders <job@openbsd.org>
*
@ -29,37 +29,6 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
static const struct fnnames {
char *name;
void (*fn);
} fnnames[] = {
{ "X509_set_version", X509_set_version },
{ "X509_set_serialNumber", X509_set_serialNumber },
{ "X509_set_issuer_name", X509_set_issuer_name },
{ "X509_set_subject_name", X509_set_subject_name },
{ "X509_set_notBefore", X509_set_notBefore },
{ "X509_set_notAfter", X509_set_notAfter },
{ "X509_set_pubkey", X509_set_pubkey },
{ "X509_CRL_set_version", X509_CRL_set_version },
{ "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name },
{ "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate },
{ "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate },
{ "X509_REQ_add_extensions", X509_REQ_add_extensions },
{ "X509_REQ_add1_attr", X509_REQ_add1_attr },
{ NULL, NULL }
};
static void
lookup_and_err(void (*fn))
{
int i;
for (i = 0; fnnames[i].name; i++) {
if (fnnames[i].fn == fn)
errx(1, "%s failed", fnnames[i].name);
}
}
static void
x509_setup(unsigned char **der, unsigned char **der2, X509 **x,
long dersz, long *der2sz)
@ -83,7 +52,8 @@ x509_cleanup(X509 **x, unsigned char **der)
}
static void
x509_set_integer(int (*f)(X509 *, ASN1_INTEGER *), X509 **x, int i)
x509_set_integer(const char *descr, int (*f)(X509 *, ASN1_INTEGER *), X509 **x,
int i)
{
ASN1_INTEGER *ai;
@ -92,13 +62,13 @@ x509_set_integer(int (*f)(X509 *, ASN1_INTEGER *), X509 **x, int i)
if (!ASN1_INTEGER_set(ai, i))
errx(1, "ASN1_INTEGER_set");
if (!f(*x, ai))
lookup_and_err(f);
errx(1, "%s: %s failed", __func__, descr);
ASN1_INTEGER_free(ai);
}
static void
x509_set_name(int (*f)(X509 *, X509_NAME *), X509 **x,
x509_set_name(const char *descr, int (*f)(X509 *, X509_NAME *), X509 **x,
const unsigned char *n)
{
X509_NAME *xn;
@ -108,20 +78,21 @@ x509_set_name(int (*f)(X509 *, X509_NAME *), X509 **x,
if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0))
errx(1, "X509_NAME_add_entry_by_txt");
if (!f(*x, xn))
lookup_and_err(f);
errx(1, "%s: %s failed", __func__, descr);
X509_NAME_free(xn);
}
static void
x509_set_time(int (*f)(X509 *, const ASN1_TIME *), X509 **x, int t)
x509_set_time(const char *descr, int (*f)(X509 *, const ASN1_TIME *), X509 **x,
int t)
{
ASN1_TIME *at;
if ((at = X509_gmtime_adj(NULL, t)) == NULL)
errx(1, "X509_gmtime_adj");
if (!f(*x, at))
lookup_and_err(f);
errx(1, "%s: %s failed", __func__, descr);
ASN1_TIME_free(at);
}
@ -172,8 +143,8 @@ x509_crl_cleanup(X509_CRL **xc, unsigned char **der)
}
static void
x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc,
const unsigned char *n)
x509_crl_set_name(const char *descr, int (*f)(X509_CRL *, X509_NAME *),
X509_CRL **xc, const unsigned char *n)
{
X509_NAME *xn;
@ -182,20 +153,21 @@ x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc,
if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0))
errx(1, "X509_NAME_add_entry_by_txt");
if (!f(*xc, xn))
lookup_and_err(f);
errx(1, "%s: %s failed", __func__, descr);
X509_NAME_free(xn);
}
static void
x509_crl_set_time(int (*f)(X509_CRL *, const ASN1_TIME *), X509_CRL **xc, int t)
x509_crl_set_time(const char *descr, int (*f)(X509_CRL *, const ASN1_TIME *),
X509_CRL **xc, int t)
{
ASN1_TIME *at;
if ((at = X509_gmtime_adj(NULL, t)) == NULL)
errx(1, "X509_gmtime_adj");
if (!f(*xc, at))
lookup_and_err(f);
errx(1, "%s: %s failed", __func__, descr);
ASN1_TIME_free(at);
}
@ -247,11 +219,11 @@ test_x509_setters(void)
if (X509_set_pubkey(x, pkey) != 1)
errx(1, "X509_set_pubkey");
x509_set_integer(X509_set_serialNumber, &x, 1);
x509_set_time(X509_set_notBefore, &x, 0);
x509_set_time(X509_set_notAfter, &x, 60);
x509_set_name(X509_set_issuer_name, &x, "NL");
x509_set_name(X509_set_subject_name, &x, "BE");
x509_set_integer("X509_set_serialNumber", X509_set_serialNumber, &x, 1);
x509_set_time("X509_set_notBefore", X509_set_notBefore, &x, 0);
x509_set_time("X509_set_notAfter", X509_set_notAfter, &x, 60);
x509_set_name("X509_set_issuer_name", X509_set_issuer_name, &x, "NL");
x509_set_name("X509_set_subject_name", X509_set_subject_name, &x, "BE");
/* one time creation of the original DER */
if (!X509_sign(x, pkey, EVP_sha256()))
@ -268,31 +240,31 @@ test_x509_setters(void)
/* test X509_set_serialNumber */
x509_setup(&der, &der2, &a, dersz, &der2sz);
x509_set_integer(X509_set_serialNumber, &a, 2);
x509_set_integer("X509_set_serialNumber", X509_set_serialNumber, &a, 2);
failed |= x509_compare("X509_set_serialNumber", a, der2, der2sz);
x509_cleanup(&a, &der2);
/* test X509_set_issuer_name */
x509_setup(&der, &der2, &a, dersz, &der2sz);
x509_set_name(X509_set_issuer_name, &a, "DE");
x509_set_name("X509_set_issuer_name", X509_set_issuer_name, &a, "DE");
failed |= x509_compare("X509_set_issuer_name", a, der2, der2sz);
x509_cleanup(&a, &der2);
/* test X509_set_subject_name */
x509_setup(&der, &der2, &a, dersz, &der2sz);
x509_set_name(X509_set_subject_name, &a, "FR");
x509_set_name("X509_set_subject_name", X509_set_subject_name, &a, "FR");
failed |= x509_compare("X509_set_subject_name", a, der2, der2sz);
x509_cleanup(&a, &der2);
/* test X509_set_notBefore */
x509_setup(&der, &der2, &a, dersz, &der2sz);
x509_set_time(X509_set_notBefore, &a, 120);
x509_set_time("X509_set_notBefore", X509_set_notBefore, &a, 120);
failed |= x509_compare("X509_set_notBefore", a, der2, der2sz);
x509_cleanup(&a, &der2);
/* test X509_set_notAfter */
x509_setup(&der, &der2, &a, dersz, &der2sz);
x509_set_time(X509_set_notAfter, &a, 180);
x509_set_time("X509_set_notAfter", X509_set_notAfter, &a, 180);
failed |= x509_compare("X509_set_notAfter", a, der2, der2sz);
x509_cleanup(&a, &der2);
@ -335,9 +307,12 @@ test_x509_crl_setters(void)
if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0)
errx(1, "EVP_PKEY_keygen");
x509_crl_set_time(X509_CRL_set_lastUpdate, &xc, 0);
x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60);
x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL");
x509_crl_set_time("X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate,
&xc, 0);
x509_crl_set_time("X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate,
&xc, 60);
x509_crl_set_name("X509_CRL_set_issuer_name", X509_CRL_set_issuer_name,
&xc, "NL");
/* one time creation of the original DER */
if (!X509_CRL_sign(xc, pkey, EVP_sha256()))
@ -354,20 +329,23 @@ test_x509_crl_setters(void)
/* test X509_CRL_set_issuer_name */
x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
x509_crl_set_name(X509_CRL_set_issuer_name, &ac, "DE");
x509_crl_set_name("X509_CRL_set_issuer_name", X509_CRL_set_issuer_name,
&ac, "DE");
failed |= x509_crl_compare("X509_CRL_set_issuer_name", ac, der2,
der2sz);
x509_crl_cleanup(&ac, &der2);
/* test X509_CRL_set_lastUpdate */
x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
x509_crl_set_time(X509_CRL_set_lastUpdate, &ac, 120);
x509_crl_set_time("X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate,
&ac, 120);
failed |= x509_crl_compare("X509_CRL_set_lastUpdate", ac, der2, der2sz);
x509_crl_cleanup(&ac, &der2);
/* test X509_CRL_set_nextUpdate */
x509_crl_setup(&der, &der2, &ac, dersz, &der2sz);
x509_crl_set_time(X509_CRL_set_nextUpdate, &ac, 180);
x509_crl_set_time("X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate,
&ac, 180);
failed |= x509_crl_compare("X509_CRL_set_nextUpdate", ac, der2, der2sz);
x509_crl_cleanup(&ac, &der2);

4
regress/lib/libssl/tlsext/tlsexttest.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */
/* $OpenBSD: tlsexttest.c,v 1.83 2023/12/13 06:00:28 tb Exp $ */
/*
* Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@ -4367,7 +4367,7 @@ static const struct tls_sni_test tls_sni_tests[] = {
.valid = 0,
},
{
.hostname = "open\178bsd.org",
.hostname = "open\177bsd.org",
.valid = 0,
},
{

16
regress/usr.bin/ftp/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.2 2010/07/14 06:19:26 halex Exp $
# $OpenBSD: Makefile,v 1.3 2023/12/13 12:14:10 kn Exp $
REGRESS_TARGETS= \
${DASHO_TARGETS:C/^/t-dasho-/} \
@ -47,19 +47,7 @@ t-dasho-11:
t-dasho-12:
${dasho} "-V -o./- ${xfile}" 0 "" "" "[-] XXXX"
t-dasho-13:
${dasho} "-V -oX -o '' ${xfile}" 0 "" "" "[X] XXXX"
t-dasho-14:
${dasho} "-V -o- -o '' ${dfile}" 0 "" "" "[-] DASH"
t-dasho-15:
${dasho} "-V -oX -o '' ${xfile}" 0 "" "" "[X] XXXX"
t-dasho-16:
${dasho} "-V -o- -o '' ${dfile}" 0 "" "" "[-] DASH"
DASHO_TARGETS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
DASHO_TARGETS=1 2 3 4 5 6 7 8 9 10 11 12
rport1?= 9000

5
share/man/man9/ktrace.9
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ktrace.9,v 1.13 2022/08/04 06:20:24 jsg Exp $
.\" $OpenBSD: ktrace.9,v 1.14 2023/12/13 06:39:10 jmc Exp $
.\"
.\" Copyright (c) 2003 Michael Shalayeff
.\"
@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd $Mdocdate: August 4 2022 $
.Dd $Mdocdate: December 13 2023 $
.Dt KTRACE 9
.Os
.Sh NAME
@ -145,7 +145,6 @@ The process tracing facility is implemented in
.Sh SEE ALSO
.Xr errno 2 ,
.Xr ktrace 2 ,
.Xr syscall 2 ,
.Xr namei 9 ,
.Xr syscall 9
.Sh HISTORY

5
share/man/man9/syscall.9
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: syscall.9,v 1.15 2019/05/14 13:17:09 schwarze Exp $
.\" $OpenBSD: syscall.9,v 1.16 2023/12/13 06:39:10 jmc Exp $
.\"
.\" Copyright (c) 2003 Michael Shalayeff
.\"
@ -23,7 +23,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.Dd $Mdocdate: May 14 2019 $
.Dd $Mdocdate: December 13 2023 $
.Dt SYSCALL 9
.Os
.Sh NAME
@ -235,7 +235,6 @@ Machine-independent syscall entry end return handling.
.El
.Sh SEE ALSO
.Xr ktrace 2 ,
.Xr syscall 2 ,
.Xr ktrace 9 ,
.Xr sysctl_int 9
.Sh HISTORY

4
sys/arch/arm/arm/syscall.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: syscall.c,v 1.27 2023/12/12 15:30:55 deraadt Exp $ */
/* $OpenBSD: syscall.c,v 1.28 2023/12/13 15:57:22 miod Exp $ */
/* $NetBSD: syscall.c,v 1.24 2003/11/14 19:03:17 scw Exp $ */
/*-
@ -114,7 +114,7 @@ swi_handler(trapframe_t *frame)
code = frame->tf_r12;
// XXX out of range stays on syscall0, which we assume is enosys
if (code >= 0 || code <= SYS_MAXSYSCALL)
if (code > 0 && code < SYS_MAXSYSCALL)
callp += code;
nargs = callp->sy_argsize / sizeof(register_t);

6
sys/arch/arm64/arm64/syscall.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: syscall.c,v 1.15 2023/12/12 15:30:55 deraadt Exp $ */
/* $OpenBSD: syscall.c,v 1.17 2023/12/13 15:57:22 miod Exp $ */
/*
* Copyright (c) 2015 Dale Rahn <drahn@dalerahn.com>
*
@ -33,7 +33,7 @@ svc_handler(trapframe_t *frame)
{
struct proc *p = curproc;
const struct sysent *callp;
int code, error = ENOSYS, indirect = -1;
int code, error = ENOSYS;
u_int nap = 8, nargs;
register_t *ap, *args, copyargs[MAXARGS], rval[2];
@ -50,7 +50,7 @@ svc_handler(trapframe_t *frame)
ap = &frame->tf_x[0];
if (code < 0 || code >= SYS_MAXSYSCALL)
if (code <= 0 || code >= SYS_MAXSYSCALL)
goto bad;
callp = sysent + code;

4
sys/arch/i386/i386/trap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: trap.c,v 1.163 2023/12/12 15:30:55 deraadt Exp $ */
/* $OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $ */
/* $NetBSD: trap.c,v 1.95 1996/05/05 06:50:02 mycroft Exp $ */
/*-
@ -544,7 +544,7 @@ syscall(struct trapframe *frame)
code = frame->tf_eax;
// XXX out of range stays on syscall0, which we assume is enosys
if (code >= 0 || code <= SYS_MAXSYSCALL)
if (code > 0 && code < SYS_MAXSYSCALL)
callp += code;
argsize = callp->sy_argsize;

12
usr.bin/ftp/main.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.143 2023/11/30 14:52:00 kn Exp $ */
/* $OpenBSD: main.c,v 1.144 2023/12/12 22:00:43 kn Exp $ */
/* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */
/*
@ -502,14 +502,8 @@ main(volatile int argc, char *argv[])
case 'o':
outfile = optarg;
if (*outfile == '\0') {
pipeout = 0;
outfile = NULL;
ttyout = stdout;
} else {
pipeout = strcmp(outfile, "-") == 0;
ttyout = pipeout ? stderr : stdout;
}
pipeout = strcmp(outfile, "-") == 0;
ttyout = pipeout ? stderr : stdout;
break;
case 'p':

4
usr.bin/ssh/sshconnect2.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect2.c,v 1.368 2023/10/12 02:15:53 djm Exp $ */
/* $OpenBSD: sshconnect2.c,v 1.369 2023/12/13 03:28:19 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
@ -135,7 +135,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port,
}
if (options.known_hosts_command != NULL) {
load_hostkeys_command(hostkeys, options.known_hosts_command,
"ORDER", cinfo, NULL, host);
"ORDER", cinfo, NULL, hostname);
}
/*
* If a plain public key exists that matches the type of the best

4
usr.sbin/ospf6d/ospfe.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ospfe.c,v 1.70 2023/07/03 09:51:38 claudio Exp $ */
/* $OpenBSD: ospfe.c,v 1.71 2023/12/13 15:34:43 claudio Exp $ */
/*
* Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@ -401,7 +401,7 @@ ospfe_dispatch_main(int fd, short event, void *bula)
control_imsg_relay(&imsg);
break;
case IMSG_CONTROLFD:
if ((fd = imsg.fd) == -1)
if ((fd = imsg_get_fd(&imsg)) == -1)
fatalx("%s: expected to receive imsg control"
"fd but didn't receive any", __func__);
/* Listen on control socket. */

4
usr.sbin/ospfd/ospfe.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ospfe.c,v 1.113 2023/07/03 09:40:47 claudio Exp $ */
/* $OpenBSD: ospfe.c,v 1.114 2023/12/13 15:34:27 claudio Exp $ */
/*
* Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org>
@ -452,7 +452,7 @@ ospfe_dispatch_main(int fd, short event, void *bula)
control_imsg_relay(&imsg);
break;
case IMSG_CONTROLFD:
if ((fd = imsg.fd) == -1)
if ((fd = imsg_get_fd(&imsg)) == -1)
fatalx("%s: expected to receive imsg control"
"fd but didn't receive any", __func__);
/* Listen on control socket. */

7
usr.sbin/syspatch/syspatch.sh
View File

@ -1,6 +1,6 @@
#!/bin/ksh
#
# $OpenBSD: syspatch.sh,v 1.167 2020/12/07 21:19:28 ajacoutot Exp $
# $OpenBSD: syspatch.sh,v 1.168 2023/12/13 17:50:23 ajacoutot Exp $
#
# Copyright (c) 2016, 2017 Antoine Jacoutot <ajacoutot@openbsd.org>
#
@ -34,7 +34,7 @@ usage()
apply_patch()
{
local _edir _file _files _patch=$1 _rc=0 _s _upself=false
local _edir _file _files _kernel _patch=$1 _rc=0 _s _upself=false
[[ -n ${_patch} ]]
_edir=${_TMP}/${_patch}
@ -45,7 +45,8 @@ apply_patch()
echo "Installing patch ${_patch##${_OSrev}-}"
install -d ${_edir} ${_PDIR}/${_patch}
(($(sysctl -n hw.ncpufound) > 1)) &&
_kernel=$(sysctl -n kern.osversion)
[[ ${_kernel%#*} == "GENERIC.MP" ]] &&
_s="-s @usr/share/relink/kernel/GENERIC/.*@@g" ||
_s="-s @usr/share/relink/kernel/GENERIC.MP/.*@@g"
_files="$(tar -xvzphf ${_TMP}/syspatch${_patch}.tgz -C ${_edir} \