diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi index be9b7dadf..32186a411 100644 --- a/distrib/sets/lists/base/mi +++ b/distrib/sets/lists/base/mi @@ -292,9 +292,14 @@ ./etc/rmt ./etc/rpc ./etc/rpki +./etc/rpki/afrinic.constraints ./etc/rpki/afrinic.tal +./etc/rpki/apnic.constraints ./etc/rpki/apnic.tal +./etc/rpki/arin.constraints +./etc/rpki/lacnic.constraints ./etc/rpki/lacnic.tal +./etc/rpki/ripe.constraints ./etc/rpki/ripe.tal ./etc/services ./etc/signify diff --git a/etc/Makefile b/etc/Makefile index fe7a118f1..1632d747d 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.486 2022/06/28 18:46:00 claudio Exp $ +# $OpenBSD: Makefile,v 1.487 2023/12/13 11:34:56 job Exp $ .include @@ -161,6 +161,8 @@ distribution-etc-root-var: distrib-dirs cd rpki; \ ${INSTALL} -c -o root -g wheel -m 644 \ afrinic.tal apnic.tal lacnic.tal ripe.tal \ + arin.constraints afrinic.constraints apnic.constraints \ + lacnic.constraints ripe.constraints \ ${DESTDIR}/etc/rpki cd examples; \ ${INSTALL} -c -o root -g wheel -m 644 ${EXAMPLES} \ diff --git a/etc/changelist b/etc/changelist index ad69d8bb2..f5639b660 100644 --- a/etc/changelist +++ b/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.137 2023/09/19 15:02:54 naddy Exp $ +# $OpenBSD: changelist,v 1.138 2023/12/13 11:34:56 job Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -112,10 +112,15 @@ /etc/resolv.conf /etc/ripd.conf /etc/rpc +/etc/rpki/afrinic.constraints /etc/rpki/afrinic.tal +/etc/rpki/apnic.constraints /etc/rpki/apnic.tal +/etc/rpki/arin.constraints /etc/rpki/arin.tal +/etc/rpki/lacnic.constraints /etc/rpki/lacnic.tal +/etc/rpki/ripe.constraints /etc/rpki/ripe.tal /etc/rpki/skiplist /etc/sasyncd.conf diff --git a/etc/rpki/afrinic.constraints b/etc/rpki/afrinic.constraints new file mode 100644 index 000000000..9801407b6 --- /dev/null +++ b/etc/rpki/afrinic.constraints @@ -0,0 +1,627 @@ +# From https://www.iana.org/assignments/ipv4-address-space/ +allow 41.0.0.0/8 +allow 102.0.0.0/8 +allow 105.0.0.0/8 +allow 154.0.0.0/8 +allow 196.0.0.0/7 + +# From https://www.iana.org/assignments/ipv6-address-space/ +allow 2001:4200::/23 +allow 2c00::/12 + +# From https://www.iana.org/assignments/as-numbers/ +allow 36864 - 37887 +allow 327680 - 328703 +allow 328704 - 329727 + +# Holes +deny 154.1.0.0/16 # ARIN +deny 154.2.0.0/15 # ARIN +deny 154.4.0.0/14 # ARIN +deny 154.8.0.0 - 154.8.47.255 # RIPE +deny 154.8.48.0 - 154.8.255.255 # APNIC +deny 154.9.0.0/16 # ARIN +deny 154.10.0.0/16 # APNIC +deny 154.11.0.0/16 # ARIN +deny 154.12.0.0/15 # ARIN +deny 154.14.0.0/15 # RIPE +deny 154.17.0.0/16 # ARIN +deny 154.18.0.0/15 # ARIN +deny 154.20.0.0/14 # ARIN +deny 154.24.0.0/13 # ARIN +deny 154.32.0.0/16 # RIPE +deny 154.33.0.0 - 154.34.255.255 # APNIC +deny 154.35.0.0/16 # ARIN +deny 154.36.0.0/14 # ARIN +deny 154.40.0.0/13 # ARIN +deny 154.48.0.0/12 # ARIN +deny 154.64.0.0/16 # ARIN +deny 196.1.1.0/24 # APNIC +deny 196.1.68.0/24 # APNIC +deny 196.1.104.0 - 196.1.106.255 # APNIC +deny 196.1.108.0/22 # APNIC +deny 196.1.113.0 - 196.1.114.255 # APNIC +deny 196.1.134.0/24 # APNIC +deny 196.3.65.0/24 # APNIC +deny 196.3.72.0/24 # APNIC +deny 196.12.32.0/19 # APNIC +deny 196.15.16.0/20 # APNIC +deny 196.29.64.0/19 # LACNIC +deny 196.32.32.0/19 # LACNIC +deny 196.32.64.0/19 # LACNIC +deny 196.40.0.0 - 196.40.95.255 # LACNIC + +# From https://www.iana.org/assignments/ipv4-recovered-address-space +allow 45.96.0.0 - 45.111.255.255 +allow 45.192.0.0 - 45.222.255.255 +allow 45.240.0.0 - 45.247.255.255 +allow 66.251.128.0 - 66.251.191.255 +allow 139.26.0.0 - 139.26.255.255 +allow 146.196.128.0 - 146.196.255.255 +# 154.16.0.0 - 154.16.255.255 # already contained within 154/8 +allow 160.19.36.0 - 160.19.39.255 +allow 160.19.60.0 - 160.19.63.255 +allow 160.19.96.0 - 160.19.103.255 +allow 160.19.112.0 - 160.19.143.255 +allow 160.19.152.0 - 160.19.155.255 +allow 160.19.188.0 - 160.19.191.255 +allow 160.19.192.0 - 160.19.199.255 +allow 160.19.232.0 - 160.19.239.255 +allow 160.20.24.0 - 160.20.31.255 +allow 160.20.112.0 - 160.20.115.255 +allow 160.20.213.0 - 160.20.213.255 +allow 160.20.217.0 - 160.20.217.255 +allow 160.20.221.0 - 160.20.221.255 +allow 160.20.226.0 - 160.20.227.255 +allow 160.20.252.0 - 160.20.255.255 +allow 160.238.11.0 - 160.238.11.255 +allow 160.238.48.0 - 160.238.49.255 +allow 160.238.50.0 - 160.238.50.255 +allow 160.238.57.0 - 160.238.57.255 +allow 160.238.101.0 - 160.238.101.255 +allow 161.123.0.0 - 161.123.255.255 +allow 164.160.0.0 - 164.160.255.255 +allow 192.12.110.0 - 192.12.111.255 +allow 192.12.116.0 - 192.12.117.255 +allow 192.47.36.0 - 192.47.36.255 +allow 192.51.240.0 - 192.51.240.255 +allow 192.70.200.0 - 192.70.201.255 +allow 192.75.236.0 - 192.75.236.255 +allow 192.83.208.0 - 192.83.215.255 +allow 192.91.200.0 - 192.91.200.255 +allow 192.142.0.0 - 192.143.255.255 +allow 192.145.128.0 - 192.145.191.255 +allow 192.145.230.0 - 192.145.230.255 +allow 204.8.204.0 - 204.8.207.255 +allow 208.85.156.0 - 208.85.159.255 + +# From https://web.archive.org/web/20131120040037/http://www.ripe.net/lir-services/resource-management/erx/transferred-resources +# From https://afrinic.net/fr/library/policies/220-erx-transfer +allow 2561 +allow 3208 +allow 5536 +allow 6127 +allow 6713 +allow 6879 +allow 8524 +allow 8770 +allow 9129 +allow 11380 +allow 12455 +allow 12556 +allow 13224 +allow 15399 +allow 13569 +allow 15475 +allow 15706 +allow 15804 +allow 15825 +allow 15834 +allow 15964 +allow 16058 +allow 16214 +allow 16284 +allow 16853 +allow 16907 +allow 17652 +allow 19676 +allow 20294 +allow 20484 +allow 20858 +allow 20928 +allow 21003 +allow 21152 +allow 21242 +allow 21271 +allow 21278 +allow 21280 +allow 21391 +allow 21452 +allow 23549 +allow 23889 +allow 24736 +allow 24757 +allow 24788 +allow 24801 +allow 24835 +allow 24863 +allow 24878 +allow 24987 +allow 25163 +allow 25250 +allow 25362 +allow 25364 +allow 25543 +allow 25568 +allow 25576 +allow 28683 +allow 28698 +allow 28913 +allow 29091 +allow 29338 +allow 29340 +allow 29428 +allow 29495 +allow 29544 +allow 29571 +allow 29614 +allow 29674 +allow 30896 +allow 31065 +allow 31245 +allow 31619 +allow 83.143.24.0 - 83.143.31.255 +allow 84.205.96.0 - 84.205.127.255 +allow 131.176.0.0 - 131.176.255.255 +allow 163.121.0.0 - 163.121.255.255 +allow 165.231.0.0 - 165.231.255.255 +allow 192.52.232.0 - 192.52.232.255 +allow 193.17.215.0 - 193.17.215.255 +allow 193.19.232.0 - 193.19.235.255 +allow 193.41.146.0 - 193.41.147.255 +allow 193.108.23.0 - 193.108.23.255 +allow 193.108.28.0 - 193.108.28.255 +allow 193.109.66.0 - 193.109.67.255 +allow 193.110.104.0 - 193.110.105.255 +allow 193.194.128.0 - 193.194.128.255 +allow 193.227.128.0 - 193.227.128.255 +allow 194.9.64.0 - 194.9.65.255 +allow 194.9.82.0 - 194.9.83.255 +allow 195.24.80.0 - 195.24.87.255 +allow 195.39.218.0 - 195.39.219.255 +allow 195.234.120.0 - 195.234.123.255 +allow 195.234.168.0 - 195.234.168.255 +allow 195.234.185.0 - 195.234.185.255 +allow 195.234.252.0 - 195.234.255.255 + +# From https://www.ripe.net/participate/internet-governance/internet-technical-community/the-rir-system/afrinic/ripe-ncc-to-afrinic-transition +allow 30980 +allow 30982 - 30999 + +# From https://afrinic.net/ast/pdf/afrinic-whois-audit-report-full-20210121.pdf +# 12.3 Appendix A3 +allow 193.188.7.0/24 +allow 193.189.0.0/18 +allow 193.189.128.0/24 +allow 193.194.160.0/19 +allow 193.221.218.0/24 + +# From https://ftp.arin.net/afrinic/afrinic-transfers-by-resource.txt +# Feb 21, 2005 +allow 1228 - 1232 +allow 2018 +allow 2905 +allow 3067 +allow 3068 +allow 3741 +allow 4178 +allow 4571 +allow 5713 +allow 5734 +allow 6083 +allow 6089 +allow 6149 +allow 6180 +allow 6187 +allow 6351 +allow 6529 +allow 6560 +allow 6968 +allow 7020 +allow 7154 +allow 7231 +allow 7390 +allow 7420 +allow 7460 +allow 7971 +allow 7972 +allow 8094 +allow 10247 +allow 10262 +allow 10331 +allow 10393 +allow 10474 +allow 10505 +allow 10540 +allow 10575 +allow 10798 +allow 10803 +allow 10898 +allow 10922 +allow 11125 +allow 11157 +allow 11201 +allow 11259 +allow 11265 +allow 11569 +allow 11645 +allow 11744 +allow 11845 +allow 11909 +allow 12091 +allow 12143 +allow 12258 +allow 13402 +allow 13519 +allow 13854 +allow 14029 +allow 14115 +allow 14331 +allow 14360 +allow 14429 +allow 14516 +allow 14988 +allow 15022 +allow 15159 +allow 16416 +allow 16547 +allow 16630 +allow 16637 +allow 16800 +allow 17148 +allow 17220 +allow 17260 +allow 17312 +allow 17400 +allow 18775 +allow 18922 +allow 18931 +allow 19136 +allow 19232 +allow 19711 +allow 19832 +allow 19847 +allow 20011 +allow 20086 +allow 20095 +allow 20180 +allow 20459 +allow 21739 +allow 21819 +allow 22354 +allow 22355 +allow 22386 +allow 22572 +allow 22690 +allow 22735 +allow 22750 +allow 22939 +allow 23058 +allow 25695 +allow 25726 +allow 25793 +allow 25818 +allow 26106 +allow 26130 +allow 26422 +allow 26625 +allow 26754 +allow 27576 +allow 27598 +allow 29918 +allow 29975 +allow 30073 +allow 30306 +allow 30429 +allow 30619 +allow 31810 +allow 31856 +allow 31960 +allow 32017 +allow 32279 +allow 32398 +allow 32437 +allow 32653 +allow 32714 +allow 32717 +allow 32842 +allow 32860 +allow 33567 +allow 33579 +allow 33762 - 33791 +allow 64.57.112.0 - 64.57.127.255 +allow 66.8.0.0 - 66.8.127.255 +allow 66.18.64.0 - 66.18.95.255 +allow 69.63.64.0 - 69.63.79.255 +allow 69.67.32.0 - 69.67.47.255 +allow 137.158.0.0 - 137.158.255.255 +allow 137.214.0.0 - 137.214.255.255 +allow 137.215.0.0 - 137.215.255.255 +allow 139.53.0.0 - 139.53.255.255 +allow 143.128.0.0 - 143.128.255.255 +allow 143.160.0.0 - 143.160.255.255 +allow 146.64.0.0 - 146.64.255.255 +allow 146.141.0.0 - 146.141.255.255 +allow 146.182.0.0 - 146.182.255.255 +allow 146.230.0.0 - 146.230.255.255 +allow 146.231.0.0 - 146.231.255.255 +allow 146.232.0.0 - 146.232.255.255 +allow 147.110.0.0 - 147.110.255.255 +allow 152.106.0.0 - 152.106.255.255 +allow 152.107.0.0 - 152.107.255.255 +allow 152.108.0.0 - 152.108.255.255 +allow 152.109.0.0 - 152.109.255.255 +allow 152.110.0.0 - 152.110.255.255 +allow 152.111.0.0 - 152.111.255.255 +allow 152.112.0.0 - 152.112.255.255 +allow 155.159.0.0 - 155.159.255.255 +allow 155.232.0.0 - 155.232.255.255 +allow 155.233.0.0 - 155.233.255.255 +allow 155.234.0.0 - 155.234.255.255 +allow 155.235.0.0 - 155.235.255.255 +allow 155.236.0.0 - 155.236.255.255 +allow 155.237.0.0 - 155.237.255.255 +allow 155.238.0.0 - 155.238.255.255 +allow 155.239.0.0 - 155.239.255.255 +allow 155.240.0.0 - 155.240.255.255 +allow 156.8.0.0 - 156.8.255.255 +allow 160.115.0.0 - 160.115.255.255 +allow 160.116.0.0 - 160.116.255.255 +allow 160.117.0.0 - 160.117.255.255 +allow 160.118.0.0 - 160.118.255.255 +allow 160.119.0.0 - 160.119.255.255 +allow 160.120.0.0 - 160.120.255.255 +allow 160.121.0.0 - 160.121.255.255 +allow 160.122.0.0 - 160.122.255.255 +allow 160.123.0.0 - 160.123.255.255 +allow 160.124.0.0 - 160.124.255.255 +allow 163.195.0.0 - 163.195.255.255 +allow 163.196.0.0 - 163.196.255.255 +allow 163.197.0.0 - 163.197.255.255 +allow 163.198.0.0 - 163.198.255.255 +allow 163.199.0.0 - 163.199.255.255 +allow 163.200.0.0 - 163.200.255.255 +allow 163.201.0.0 - 163.201.255.255 +allow 163.202.0.0 - 163.202.255.255 +allow 163.203.0.0 - 163.203.255.255 +allow 164.88.0.0 - 164.88.255.255 +allow 164.146.0.0 - 164.151.255.255 +allow 164.155.0.0 - 164.155.255.255 +allow 165.3.0.0 - 165.5.255.255 +allow 165.8.0.0 - 165.11.255.255 +allow 165.25.0.0 - 165.25.255.255 +allow 165.143.0.0 - 165.149.255.255 +allow 165.165.0.0 - 165.165.255.255 +allow 165.180.0.0 - 165.180.255.255 +allow 165.233.0.0 - 165.233.255.255 +allow 166.85.0.0 - 166.85.255.255 +allow 168.76.0.0 - 168.76.255.255 +allow 168.80.0.0 - 168.81.255.255 +allow 168.89.0.0 - 168.89.255.255 +allow 168.128.0.0 - 168.128.255.255 +allow 168.142.0.0 - 168.142.255.255 +allow 168.155.0.0 - 168.155.255.255 +allow 168.164.0.0 - 168.164.255.255 +allow 168.167.0.0 - 168.167.255.255 +allow 168.172.0.0 - 168.172.255.255 +allow 168.206.0.0 - 168.206.255.255 +allow 168.209.0.0 - 168.210.255.255 +allow 169.129.0.0 - 169.129.255.255 +allow 169.202.0.0 - 169.202.255.255 +allow 192.33.10.0 - 192.33.10.255 +allow 192.42.99.0 - 192.42.99.255 +allow 192.48.253.0 - 192.48.253.255 +allow 192.68.138.0 - 192.68.138.255 +allow 192.70.237.0 - 192.70.237.255 +allow 192.82.142.0 - 192.82.142.255 +allow 192.84.244.0 - 192.84.244.255 +allow 192.94.61.0 - 192.94.61.255 +allow 192.94.210.0 - 192.94.210.255 +allow 192.94.240.0 - 192.94.240.255 +allow 192.94.241.0 - 192.94.241.255 +allow 192.94.246.0 - 192.94.246.255 +allow 192.96.0.0 - 192.96.255.255 +allow 192.100.1.0 - 192.100.1.255 +allow 192.101.142.0 - 192.101.142.255 +allow 192.102.9.0 - 192.102.9.255 +allow 192.133.250.0 - 192.133.250.255 +allow 192.136.55.0 - 192.136.55.255 +allow 192.136.56.0 - 192.136.56.255 +allow 192.136.57.0 - 192.136.57.255 +allow 192.157.190.0 - 192.157.190.255 +allow 192.188.164.0 - 192.188.167.255 +allow 192.189.75.0 - 192.189.75.255 +allow 192.189.139.0 - 192.189.140.255 +allow 192.231.237.0 - 192.231.237.255 +allow 192.231.254.0 - 192.231.254.255 +allow 192.245.148.0 - 192.245.148.255 +allow 192.251.202.0 - 192.251.202.255 +allow 198.54.0.0 - 198.54.255.255 +allow 200.16.8.0 - 200.16.15.255 +allow 204.12.128.0 - 204.12.143.255 +allow 204.87.179.0 - 204.87.179.255 +allow 204.152.14.0 - 204.152.15.255 +allow 204.235.32.0 - 204.235.43.255 +allow 205.159.79.0 - 205.159.79.255 +allow 206.223.136.0 - 206.223.136.255 +allow 209.203.0.0 - 209.203.63.255 +allow 209.212.96.0 - 209.212.127.255 +allow 216.236.176.0 - 216.236.191.255 + +# From rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/apnic-to-afrinic.cer +# CN=APNICTOAFRINIC/serialNumber=6F1A103E1427FF03483ABFD9E34DACBE1524FF8B +# Not Before: Mar 30 14:17:08 2020 GMT / Not After : Mar 30 00:00:00 2025 GMT +# SHA256:B6w5P1mkoNyJtM99GfGLaaKkGfSkQ6+4eC4tPijBLyM= +allow 202.123.0.0/19 + +# From rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/ripe-to-afrinic.cer +# CN=RIPETOAFRINIC/serialNumber=7F7AC180897983E29E937C0A187803C072755545 +# Not Before: Mar 30 14:17:12 2020 GMT / Not After : Mar 30 00:00:00 2025 GMT +# SHA256:64eh2w7qQrFQVPaQrRJ4kA83gUgE3EDvm0D0AWHCXHM= +allow 62.8.64.0/19 +allow 62.12.96.0/19 +allow 62.24.96.0/19 +allow 62.61.192.0/18 +allow 62.68.32.0/19 +allow 62.68.224.0/19 +allow 62.114.0.0/16 +allow 62.117.32.0/19 +allow 62.135.0.0/17 +allow 62.139.0.0/16 +allow 62.140.64.0/18 +allow 62.173.32.0/19 +allow 62.193.64.0/18 +allow 62.193.160.0/19 +allow 62.240.32.0/19 +allow 62.240.96.0/19 +allow 62.241.128.0/19 +allow 62.251.128.0/17 +allow 77.220.0.0/19 +allow 80.67.128.0/20 +allow 80.72.96.0/20 +allow 80.75.160.0/19 +allow 80.87.64.0/19 +allow 80.88.0.0/20 +allow 80.95.0.0/20 +allow 80.240.192.0/20 +allow 80.246.0.0/20 +allow 80.248.0.0/20 +allow 80.248.64.0/20 +allow 80.249.64.0/20 +allow 80.250.32.0/20 +allow 81.4.0.0/18 +allow 81.10.0.0/17 +allow 81.21.96.0/20 +allow 81.22.64.0/19 +allow 81.26.64.0/20 +allow 81.29.96.0/20 +allow 81.91.224.0/20 +allow 81.192.0.0/16 +allow 82.101.128.0/18 +allow 82.128.0.0/17 +allow 82.129.128.0/17 +allow 82.151.64.0/19 +allow 82.201.128.0/17 +allow 84.36.0.0/16 +allow 84.233.0.0/17 +allow 87.255.96.0/19 +allow 193.95.0.0/17 +allow 193.108.214.0/24 +allow 193.108.252.0/22 +allow 193.189.64.0 - 193.189.65.255 +allow 193.194.1.0 - 193.194.5.255 +allow 193.194.32.0 - 193.194.95.255 +allow 193.227.0.0/18 +allow 194.6.224.0/24 +allow 194.79.96.0/19 +allow 194.204.192.0/18 +allow 195.24.192.0/19 +allow 195.43.0.0/19 +allow 195.166.224.0/19 +allow 195.202.64.0/19 +allow 195.246.32.0/19 +allow 212.0.128.0/19 +allow 212.12.224.0/19 +allow 212.22.160.0/19 +allow 212.49.64.0/19 +allow 212.52.128.0/19 +allow 212.60.64.0/19 +allow 212.85.192.0/19 +allow 212.88.96.0/19 +allow 212.96.0.0/19 +allow 212.100.64.0/19 +allow 212.103.160.0/19 +allow 212.122.224.0/19 +allow 212.217.0.0/17 +allow 213.55.64.0/18 +allow 213.131.64.0/19 +allow 213.136.96.0/19 +allow 213.147.64.0/19 +allow 213.150.96.0/19 +allow 213.150.160.0 - 213.150.223.255 +allow 213.152.64.0/19 +allow 213.154.32.0 - 213.154.95.255 +allow 213.158.160.0/19 +allow 213.172.128.0/19 +allow 213.179.160.0/19 +allow 213.181.224.0/19 +allow 213.193.32.0/19 +allow 213.212.192.0/18 +allow 213.247.0.0/19 +allow 213.255.128.0/19 +allow 217.14.80.0/20 +allow 217.20.224.0/20 +allow 217.21.112.0/20 +allow 217.29.128.0/20 +allow 217.29.208.0/20 +allow 217.52.0.0/14 +allow 217.64.96.0/20 +allow 217.77.64.0/20 +allow 217.78.64.0/20 +allow 217.117.0.0/20 +allow 217.139.0.0/16 +allow 217.170.144.0/20 +allow 217.199.144.0/20 + +# From rpki.afrinic.net/repository/04E8B0D80F4D11E0B657D8931367AE7D/arin-to-afrinic.cer +# CN=ARINTOAFRINIC/serialNumber=B87C5A75F3D957413AB998646946D4541D511455 +# Not Before: Mar 30 14:17:09 2020 GMT / Not After : Mar 30 00:00:00 2025 GMT +# SHA256:wmJV3qcwiPcLtEMLBcvvyjs4V1Lz690bK3b8cv5v8F8= +allow 129.0.0.0/16 +allow 129.18.0.0/16 +allow 129.45.0.0/16 +allow 129.56.0.0/16 +allow 129.122.0.0/16 +allow 129.140.0.0/16 +allow 129.205.0.0/16 +allow 129.232.0.0/16 +allow 137.63.0.0 - 137.64.255.255 +allow 137.115.0.0/16 +allow 137.171.0.0/16 +allow 137.196.0.0/16 +allow 137.255.0.0/16 +allow 155.0.0.0/16 +allow 155.11.0.0 - 155.12.255.255 +allow 155.89.0.0/16 +allow 155.93.0.0/16 +allow 155.196.0.0/16 +allow 155.251.0.0/16 +allow 155.255.0.0 - 156.0.255.255 +allow 156.38.0.0/16 +allow 156.155.0.0 - 156.255.255.255 +allow 160.0.0.0/16 +allow 160.77.0.0/16 +allow 160.89.0.0 - 160.90.255.255 +allow 160.105.0.0/16 +allow 160.113.0.0/16 +allow 160.152.0.0/16 +allow 160.154.0.0 - 160.179.255.255 +allow 160.181.0.0 - 160.184.255.255 +allow 160.224.0.0 - 160.226.255.255 +allow 160.242.0.0/16 +allow 160.255.0.0/16 +allow 165.0.0.0/16 +allow 165.16.0.0/16 +allow 165.49.0.0 - 165.63.255.255 +allow 165.73.0.0/16 +allow 165.90.0.0/16 +allow 165.169.0.0/16 +allow 165.210.0.0/15 +allow 165.255.0.0/16 +allow 168.211.0.0 - 168.211.255.255 +allow 168.253.0.0/16 +allow 169.0.0.0/15 +allow 169.159.0.0/16 +allow 169.239.0.0/16 +allow 169.255.0.0/16 +allow 192.109.242.0/24 diff --git a/etc/rpki/apnic.constraints b/etc/rpki/apnic.constraints new file mode 100644 index 000000000..420b86f0c --- /dev/null +++ b/etc/rpki/apnic.constraints @@ -0,0 +1,80 @@ +# From https://www.iana.org/assignments/ipv6-unicast-address-assignments +allow 2001:200::/23 +allow 2001:c00::/23 +allow 2001:e00::/23 +allow 2001:4400::/23 +allow 2001:8000::/19 +allow 2001:a000::/20 +allow 2001:b000::/20 +allow 2400::/12 + +# AFRINIC Internet Number Resources cannot be transferred +# From https://www.iana.org/assignments/ipv4-address-space/ +deny 41.0.0.0/8 +deny 102.0.0.0/8 +deny 105.0.0.0/8 +deny 154.0.0.0/16 +deny 154.16.0.0/16 +deny 154.65.0.0 - 154.255.255.255 +deny 196.0.0.0/16 +deny 196.1.0.0/24 +# hole for 196.1.1.0/24 +deny 196.1.2.0 - 196.1.67.255 +# hole for 196.1.68.0/24 +deny 196.1.69.0 - 196.1.103.255 +# hole for 196.1.104.0 - 196.1.106.255 +deny 196.1.107.0/24 +# hole for 196.1.108.0/22 +deny 196.1.112.0/24 +# hole for 196.1.113.0 - 196.1.114.255 +deny 196.1.115.0 - 196.1.133.255 +# hole for 196.1.134.0/24 +deny 196.1.135.0 - 196.3.64.255 +# hole for 196.3.65.0/24 +deny 196.3.66.0 - 196.3.71.255 +# hole for 196.3.72.0/24 +deny 196.3.73.0 - 196.12.31.255 +# hole for 196.12.32.0/19 +deny 196.12.64.0 - 196.15.15.255 +# hole for 196.15.16.0/20 +deny 196.15.32.0 - 196.29.63.255 +# hole for 196.29.64.0/19 +deny 196.29.96.0 - 196.32.31.255 +# hole for 196.32.32.0/19 +# hole for 196.32.64.0/19 +deny 196.32.96.0 - 196.39.255.255 +# hole for 196.40.0.0 - 196.40.95.255 +deny 196.40.96.0 - 197.255.255.254 + +# From https://www.iana.org/assignments/as-numbers/ +deny 36864 - 37887 +deny 327680 - 328703 +deny 328704 - 329727 + +# Private use IPv4 & IPv6 addresses and ASNs +deny 0.0.0.0/8 # RFC 1122 Local Identification +deny 10.0.0.0/8 # RFC 1918 private space +deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT +deny 127.0.0.0/8 # RFC 1122 localhost +deny 169.254.0.0/16 # RFC 3927 link local +deny 172.16.0.0/12 # RFC 1918 private space +deny 192.0.2.0/24 # RFC 5737 TEST-NET-1 +deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay +deny 192.168.0.0/16 # RFC 1918 private space +deny 198.18.0.0/15 # RFC 2544 benchmarking +deny 198.51.100.0/24 # RFC 5737 TEST-NET-2 +deny 203.0.113.0/24 # RFC 5737 TEST-NET-3 +deny 224.0.0.0/4 # Multicast +deny 240.0.0.0/4 # Reserved +deny 23456 # RFC 4893 AS_TRANS +deny 64496 - 64511 # RFC 5398 +deny 64512 - 65534 # RFC 6996 +deny 65535 # RFC 7300 +deny 65536 - 65551 # RFC 5398 +deny 65552 - 131071 # IANA Reserved +deny 4200000000 - 4294967294 # RFC 6996 +deny 4294967295 # RFC 7300 + +# Allow the complement of what is denied +allow 0.0.0.0/0 +allow 1 - 4199999999 diff --git a/etc/rpki/arin.constraints b/etc/rpki/arin.constraints new file mode 100644 index 000000000..9d6ef47ea --- /dev/null +++ b/etc/rpki/arin.constraints @@ -0,0 +1,79 @@ +# From https://www.iana.org/assignments/ipv6-unicast-address-assignments +allow 2001:400::/23 +allow 2001:1800::/23 +allow 2001:4800::/23 +allow 2600::/12 +allow 2610::/23 +allow 2620::/23 +allow 2630::/12 + +# AFRINIC Internet Number Resources cannot be transferred +# From https://www.iana.org/assignments/ipv4-address-space/ +deny 41.0.0.0/8 +deny 102.0.0.0/8 +deny 105.0.0.0/8 +deny 154.0.0.0/16 +deny 154.16.0.0/16 +deny 154.65.0.0 - 154.255.255.255 +deny 196.0.0.0/16 +deny 196.1.0.0/24 +# hole for 196.1.1.0/24 +deny 196.1.2.0 - 196.1.67.255 +# hole for 196.1.68.0/24 +deny 196.1.69.0 - 196.1.103.255 +# hole for 196.1.104.0 - 196.1.106.255 +deny 196.1.107.0/24 +# hole for 196.1.108.0/22 +deny 196.1.112.0/24 +# hole for 196.1.113.0 - 196.1.114.255 +deny 196.1.115.0 - 196.1.133.255 +# hole for 196.1.134.0/24 +deny 196.1.135.0 - 196.3.64.255 +# hole for 196.3.65.0/24 +deny 196.3.66.0 - 196.3.71.255 +# hole for 196.3.72.0/24 +deny 196.3.73.0 - 196.12.31.255 +# hole for 196.12.32.0/19 +deny 196.12.64.0 - 196.15.15.255 +# hole for 196.15.16.0/20 +deny 196.15.32.0 - 196.29.63.255 +# hole for 196.29.64.0/19 +deny 196.29.96.0 - 196.32.31.255 +# hole for 196.32.32.0/19 +# hole for 196.32.64.0/19 +deny 196.32.96.0 - 196.39.255.255 +# hole for 196.40.0.0 - 196.40.95.255 +deny 196.40.96.0 - 197.255.255.254 + +# From https://www.iana.org/assignments/as-numbers/ +deny 36864 - 37887 +deny 327680 - 328703 +deny 328704 - 329727 + +# Private use IPv4 & IPv6 addresses and ASNs +deny 0.0.0.0/8 # RFC 1122 Local Identification +deny 10.0.0.0/8 # RFC 1918 private space +deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT +deny 127.0.0.0/8 # RFC 1122 localhost +deny 169.254.0.0/16 # RFC 3927 link local +deny 172.16.0.0/12 # RFC 1918 private space +deny 192.0.2.0/24 # RFC 5737 TEST-NET-1 +deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay +deny 192.168.0.0/16 # RFC 1918 private space +deny 198.18.0.0/15 # RFC 2544 benchmarking +deny 198.51.100.0/24 # RFC 5737 TEST-NET-2 +deny 203.0.113.0/24 # RFC 5737 TEST-NET-3 +deny 224.0.0.0/4 # Multicast +deny 240.0.0.0/4 # Reserved +deny 23456 # RFC 4893 AS_TRANS +deny 64496 - 64511 # RFC 5398 +deny 64512 - 65534 # RFC 6996 +deny 65535 # RFC 7300 +deny 65536 - 65551 # RFC 5398 +deny 65552 - 131071 # IANA Reserved +deny 4200000000 - 4294967294 # RFC 6996 +deny 4294967295 # RFC 7300 + +# Allow the complement of what is denied +allow 0.0.0.0/0 +allow 1 - 4199999999 diff --git a/etc/rpki/lacnic.constraints b/etc/rpki/lacnic.constraints new file mode 100644 index 000000000..746265ca2 --- /dev/null +++ b/etc/rpki/lacnic.constraints @@ -0,0 +1,74 @@ +# From https://www.iana.org/assignments/ipv6-unicast-address-assignments +allow 2001:1200::/23 +allow 2800::/12 + +# AFRINIC Internet Number Resources cannot be transferred +# From https://www.iana.org/assignments/ipv4-address-space/ +deny 41.0.0.0/8 +deny 102.0.0.0/8 +deny 105.0.0.0/8 +deny 154.0.0.0/16 +deny 154.16.0.0/16 +deny 154.65.0.0 - 154.255.255.255 +deny 196.0.0.0/16 +deny 196.1.0.0/24 +# hole for 196.1.1.0/24 +deny 196.1.2.0 - 196.1.67.255 +# hole for 196.1.68.0/24 +deny 196.1.69.0 - 196.1.103.255 +# hole for 196.1.104.0 - 196.1.106.255 +deny 196.1.107.0/24 +# hole for 196.1.108.0/22 +deny 196.1.112.0/24 +# hole for 196.1.113.0 - 196.1.114.255 +deny 196.1.115.0 - 196.1.133.255 +# hole for 196.1.134.0/24 +deny 196.1.135.0 - 196.3.64.255 +# hole for 196.3.65.0/24 +deny 196.3.66.0 - 196.3.71.255 +# hole for 196.3.72.0/24 +deny 196.3.73.0 - 196.12.31.255 +# hole for 196.12.32.0/19 +deny 196.12.64.0 - 196.15.15.255 +# hole for 196.15.16.0/20 +deny 196.15.32.0 - 196.29.63.255 +# hole for 196.29.64.0/19 +deny 196.29.96.0 - 196.32.31.255 +# hole for 196.32.32.0/19 +# hole for 196.32.64.0/19 +deny 196.32.96.0 - 196.39.255.255 +# hole for 196.40.0.0 - 196.40.95.255 +deny 196.40.96.0 - 197.255.255.254 + +# From https://www.iana.org/assignments/as-numbers/ +deny 36864 - 37887 +deny 327680 - 328703 +deny 328704 - 329727 + +# Private use IPv4 & IPv6 addresses and ASNs +deny 0.0.0.0/8 # RFC 1122 Local Identification +deny 10.0.0.0/8 # RFC 1918 private space +deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT +deny 127.0.0.0/8 # RFC 1122 localhost +deny 169.254.0.0/16 # RFC 3927 link local +deny 172.16.0.0/12 # RFC 1918 private space +deny 192.0.2.0/24 # RFC 5737 TEST-NET-1 +deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay +deny 192.168.0.0/16 # RFC 1918 private space +deny 198.18.0.0/15 # RFC 2544 benchmarking +deny 198.51.100.0/24 # RFC 5737 TEST-NET-2 +deny 203.0.113.0/24 # RFC 5737 TEST-NET-3 +deny 224.0.0.0/4 # Multicast +deny 240.0.0.0/4 # Reserved +deny 23456 # RFC 4893 AS_TRANS +deny 64496 - 64511 # RFC 5398 +deny 64512 - 65534 # RFC 6996 +deny 65535 # RFC 7300 +deny 65536 - 65551 # RFC 5398 +deny 65552 - 131071 # IANA Reserved +deny 4200000000 - 4294967294 # RFC 6996 +deny 4294967295 # RFC 7300 + +# Allow the complement of what is denied +allow 0.0.0.0/0 +allow 1 - 4199999999 diff --git a/etc/rpki/ripe.constraints b/etc/rpki/ripe.constraints new file mode 100644 index 000000000..c04d5067f --- /dev/null +++ b/etc/rpki/ripe.constraints @@ -0,0 +1,86 @@ +# From https://www.iana.org/assignments/ipv6-unicast-address-assignments +allow 2001:600::/23 +allow 2001:800::/22 +allow 2001:1400::/22 +allow 2001:1a00::/23 +allow 2001:1c00::/22 +allow 2001:2000::/19 +allow 2001:4000::/23 +allow 2001:4600::/23 +allow 2001:4a00::/23 +allow 2001:4c00::/23 +allow 2001:5000::/20 +allow 2003::/18 +allow 2a00::/12 +allow 2a10::/12 + +# AFRINIC Internet Number Resources cannot be transferred +# From https://www.iana.org/assignments/ipv4-address-space/ +deny 41.0.0.0/8 +deny 102.0.0.0/8 +deny 105.0.0.0/8 +deny 154.0.0.0/16 +deny 154.16.0.0/16 +deny 154.65.0.0 - 154.255.255.255 +deny 196.0.0.0/16 +deny 196.1.0.0/24 +# hole for 196.1.1.0/24 +deny 196.1.2.0 - 196.1.67.255 +# hole for 196.1.68.0/24 +deny 196.1.69.0 - 196.1.103.255 +# hole for 196.1.104.0 - 196.1.106.255 +deny 196.1.107.0/24 +# hole for 196.1.108.0/22 +deny 196.1.112.0/24 +# hole for 196.1.113.0 - 196.1.114.255 +deny 196.1.115.0 - 196.1.133.255 +# hole for 196.1.134.0/24 +deny 196.1.135.0 - 196.3.64.255 +# hole for 196.3.65.0/24 +deny 196.3.66.0 - 196.3.71.255 +# hole for 196.3.72.0/24 +deny 196.3.73.0 - 196.12.31.255 +# hole for 196.12.32.0/19 +deny 196.12.64.0 - 196.15.15.255 +# hole for 196.15.16.0/20 +deny 196.15.32.0 - 196.29.63.255 +# hole for 196.29.64.0/19 +deny 196.29.96.0 - 196.32.31.255 +# hole for 196.32.32.0/19 +# hole for 196.32.64.0/19 +deny 196.32.96.0 - 196.39.255.255 +# hole for 196.40.0.0 - 196.40.95.255 +deny 196.40.96.0 - 197.255.255.254 + +# From https://www.iana.org/assignments/as-numbers/ +deny 36864 - 37887 +deny 327680 - 328703 +deny 328704 - 329727 + +# Private use IPv4 & IPv6 addresses and ASNs +deny 0.0.0.0/8 # RFC 1122 Local Identification +deny 10.0.0.0/8 # RFC 1918 private space +deny 100.64.0.0/10 # RFC 6598 Carrier Grade NAT +deny 127.0.0.0/8 # RFC 1122 localhost +deny 169.254.0.0/16 # RFC 3927 link local +deny 172.16.0.0/12 # RFC 1918 private space +deny 192.0.2.0/24 # RFC 5737 TEST-NET-1 +deny 192.88.99.0/24 # RFC 7526 6to4 anycast relay +deny 192.168.0.0/16 # RFC 1918 private space +deny 198.18.0.0/15 # RFC 2544 benchmarking +deny 198.51.100.0/24 # RFC 5737 TEST-NET-2 +deny 203.0.113.0/24 # RFC 5737 TEST-NET-3 +deny 224.0.0.0/4 # Multicast +deny 240.0.0.0/4 # Reserved +deny 23456 # RFC 4893 AS_TRANS +deny 64496 - 64511 # RFC 5398 +deny 64512 - 65534 # RFC 6996 +deny 65535 # RFC 7300 +deny 65536 - 65551 # RFC 5398 +deny 65552 - 131071 # IANA Reserved +deny 4200000000 - 4294967294 # RFC 6996 +deny 4294967295 # RFC 7300 + +# Allow the complement of what is denied +allow 0.0.0.0/0 +allow 1 - 4199999999 diff --git a/gnu/usr.bin/binutils-2.17/ld/emulparams/elf64alpha_obsd.sh b/gnu/usr.bin/binutils-2.17/ld/emulparams/elf64alpha_obsd.sh index 7ffa88dfc..06ec151a9 100644 --- a/gnu/usr.bin/binutils-2.17/ld/emulparams/elf64alpha_obsd.sh +++ b/gnu/usr.bin/binutils-2.17/ld/emulparams/elf64alpha_obsd.sh @@ -1,3 +1,5 @@ . ${srcdir}/emulparams/elf64alpha.sh . ${srcdir}/emulparams/elf_obsd.sh ENTRY=__start +TEXT_START_ADDR="0x2000000" +NONPAGED_TEXT_START_ADDR="0x2000000" diff --git a/lib/libc/arch/hppa/DEFS.h b/lib/libc/arch/hppa/DEFS.h index 31c1d9982..91d138209 100644 --- a/lib/libc/arch/hppa/DEFS.h +++ b/lib/libc/arch/hppa/DEFS.h @@ -1,3 +1,85 @@ -/* $OpenBSD: DEFS.h,v 1.1 1998/08/28 20:59:40 mickey Exp $ */ +/* $OpenBSD: DEFS.h,v 1.2 2023/12/13 09:01:25 miod Exp $ */ + +/* + * Copyright (c) 1998-2002 Michael Shalayeff + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF MIND + * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ #include + +#define END(x) EXIT(x) + +/* + * We define a hidden alias with the prefix "_libc_" for each global symbol + * that may be used internally. By referencing _libc_x instead of x, other + * parts of libc prevent overriding by the application and avoid unnecessary + * relocations. + */ +#define _HIDDEN(x) _libc_##x +#define _HIDDEN_ALIAS(x,y) \ + STRONG_ALIAS(_HIDDEN(x),y) !\ + .hidden _HIDDEN(x) +#define _HIDDEN_FALIAS(x,y) \ + _HIDDEN_ALIAS(x,y) !\ + .type _HIDDEN(x),@function + +/* + * For functions implemented in ASM that aren't syscalls. + * END_STRONG(x) Like DEF_STRONG() in C; for standard/reserved C names + * END_WEAK(x) Like DEF_WEAK() in C; for non-ISO C names + * ALTEND_STRONG(x) and ALTEND_WEAK() + * Matching macros for ALTENTRY functions + * END_BUILTIN(x) If compiling with clang, then just END() and + * mark it .protected, else be like END_STRONG(); + * for clang builtins like memcpy + * + * If a 'BUILTIN' function needs be referenced by other ASM code, then use + * _BUILTIN(x) If compiled with clang, then just x, otherwise + * _HIDDEN(x) + * + * _END(x) Set a size on a symbol, like END(), but even for + * symbols with no matching ENTRY(). (On alpha and + * mips64, END() generates .end which requires a + * matching .ent from ENTRY()) + */ +#define END_STRONG(x) END(x) ! _HIDDEN_FALIAS(x,x) ! _END(_HIDDEN(x)) +#define END_WEAK(x) END_STRONG(x) ! .weak x +#define ALTEND_STRONG(x) _HIDDEN_FALIAS(x,x) ! _END(_HIDDEN(x)) +#define ALTEND_WEAK(x) ALTEND_STRONG(x) ! .weak x + +#ifdef __clang__ +#define END_BUILTIN(x) END(x) ! .protected x +#define _BUILTIN(x) x +#else +#define END_BUILTIN(x) END_STRONG(x) +#define _BUILTIN(x) _HIDDEN(x) +#endif + +#define _END(x) .size x, . - x + +#define PINSYSCALL(sysno, label) \ + .pushsection .openbsd.syscalls,"",@progbits !\ + .p2align 2 !\ + .long label !\ + .long sysno !\ + .popsection diff --git a/lib/libc/arch/hppa/SYS.h b/lib/libc/arch/hppa/SYS.h index 2e78cff63..299f11aef 100644 --- a/lib/libc/arch/hppa/SYS.h +++ b/lib/libc/arch/hppa/SYS.h @@ -1,4 +1,4 @@ -/* $OpenBSD: SYS.h,v 1.26 2023/12/11 22:24:15 kettenis Exp $ */ +/* $OpenBSD: SYS.h,v 1.27 2023/12/13 09:01:25 miod Exp $ */ /* * Copyright (c) 1998-2002 Michael Shalayeff @@ -26,7 +26,7 @@ */ #include -#include +#include "DEFS.h" #undef _LOCORE #define _LOCORE #include @@ -36,56 +36,29 @@ /* offsetof(struct tib, tib_errno) - offsetof(struct tib, __tib_tcb) */ #define TCB_OFFSET_ERRNO -8 -/* - * We define a hidden alias with the prefix "_libc_" for each global symbol - * that may be used internally. By referencing _libc_x instead of x, other - * parts of libc prevent overriding by the application and avoid unnecessary - * relocations. - */ -#define _HIDDEN(x) _libc_##x -#define _HIDDEN_ALIAS(x,y) \ - STRONG_ALIAS(_HIDDEN(x),y) !\ - .hidden _HIDDEN(x) -#define _HIDDEN_FALIAS(x,y) \ - _HIDDEN_ALIAS(x,y) !\ - .type _HIDDEN(x),@function - /* * For functions implemented in ASM that aren't syscalls. * EXIT_STRONG(x) Like DEF_STRONG() in C; for standard/reserved C names * EXIT_WEAK(x) Like DEF_WEAK() in C; for non-ISO C names - * ALTEXIT_STRONG(x) and ALTEXIT_WEAK() - * Matching macros for ALTENTRY functions */ -#define ALTEXIT_STRONG(x) \ - _HIDDEN_FALIAS(x,x) !\ - .size _HIDDEN(x), . - _HIDDEN(x) -#define ALTEXIT_WEAK(x) ALTEXIT_STRONG(x) !\ - .weak x -#define EXIT_STRONG(x) EXIT(x) !\ - ALTEXIT_STRONG(x) -#define EXIT_WEAK(x) EXIT_STRONG(x) !\ - .weak x +#define EXIT_STRONG(x) EXIT(x) !\ + _HIDDEN_FALIAS(x,x) !\ + _END(_HIDDEN(x)) +#define EXIT_WEAK(x) EXIT_STRONG(x) !\ + .weak x -#define PINSYSCALL(sysno, label) \ - .pushsection .openbsd.syscalls,"",@progbits !\ - .p2align 2 !\ - .long label !\ - .long sysno !\ - .popsection - #define SYSENTRY(x) !\ -LEAF_ENTRY(__CONCAT(_thread_sys_,x)) !\ + LEAF_ENTRY(__CONCAT(_thread_sys_,x)) !\ WEAK_ALIAS(x,__CONCAT(_thread_sys_,x)) #define SYSENTRY_HIDDEN(x) !\ -LEAF_ENTRY(__CONCAT(_thread_sys_,x)) + LEAF_ENTRY(__CONCAT(_thread_sys_,x)) #define SYSEXIT(x) !\ SYSEXIT_HIDDEN(x) !\ - .size x, . - x + _END(x) #define SYSEXIT_HIDDEN(x) !\ EXIT(__CONCAT(_thread_sys_,x)) !\ _HIDDEN_FALIAS(x,_thread_sys_##x) !\ - .size _HIDDEN(x), . - _HIDDEN(x) + _END(_HIDDEN(x)) #define SYSCALL(x) !\ stw rp, HPPA_FRAME_ERP(sr0,sp) !\ @@ -130,4 +103,3 @@ SYSEXIT(x) #define RSYSCALL(x) PSEUDO(x,x) #define RSYSCALL_HIDDEN(x) PSEUDO_HIDDEN(x,x) - diff --git a/lib/libc/arch/hppa/string/memmove.S b/lib/libc/arch/hppa/string/memmove.S index 2bbe3045b..5d86e2537 100644 --- a/lib/libc/arch/hppa/string/memmove.S +++ b/lib/libc/arch/hppa/string/memmove.S @@ -151,7 +151,7 @@ $bcopy_r.done bv 0(rp) nop -EXIT_WEAK(bcopy) -ALTEXIT_STRONG(memmove) +END_WEAK(bcopy) +ALTEND_STRONG(memmove) .end diff --git a/lib/libc/sys/syscall.2 b/lib/libc/sys/syscall.2 deleted file mode 100644 index e69de29bb..000000000 diff --git a/lib/libcrypto/objects/obj_dat.c b/lib/libcrypto/objects/obj_dat.c index f2a6515b2..14da51645 100644 --- a/lib/libcrypto/objects/obj_dat.c +++ b/lib/libcrypto/objects/obj_dat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: obj_dat.c,v 1.62 2023/11/27 11:52:32 tb Exp $ */ +/* $OpenBSD: obj_dat.c,v 1.65 2023/12/13 23:34:45 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -59,6 +59,7 @@ #include #include #include +#include #include #include @@ -74,16 +75,6 @@ /* obj_dat.h is generated from objects.h by obj_dat.pl */ #include "obj_dat.h" -static int sn_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int sn_cmp(const ASN1_OBJECT * const *, unsigned int const *); -static unsigned int *OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num); -static int ln_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int ln_cmp(const ASN1_OBJECT * const *, unsigned int const *); -static unsigned int *OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num); -static int obj_cmp_BSEARCH_CMP_FN(const void *, const void *); -static int obj_cmp(const ASN1_OBJECT * const *, unsigned int const *); -static unsigned int *OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num); - #define ADDED_DATA 0 #define ADDED_SNAME 1 #define ADDED_LNAME 2 @@ -98,48 +89,6 @@ DECLARE_LHASH_OF(ADDED_OBJ); static int new_nid = NUM_NID; static LHASH_OF(ADDED_OBJ) *added = NULL; -static int sn_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) -{ - return (strcmp((*a)->sn, nid_objs[*b].sn)); -} - - -static int -sn_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - const ASN1_OBJECT * const *a = a_; - unsigned int const *b = b_; - return sn_cmp(a, b); -} - -static unsigned int * -OBJ_bsearch_sn(const ASN1_OBJECT * *key, unsigned int const *base, int num) -{ - return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), - sn_cmp_BSEARCH_CMP_FN); -} - -static int ln_cmp(const ASN1_OBJECT * const *a, const unsigned int *b) -{ - return (strcmp((*a)->ln, nid_objs[*b].ln)); -} - - -static int -ln_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - const ASN1_OBJECT * const *a = a_; - unsigned int const *b = b_; - return ln_cmp(a, b); -} - -static unsigned int * -OBJ_bsearch_ln(const ASN1_OBJECT * *key, unsigned int const *base, int num) -{ - return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), - ln_cmp_BSEARCH_CMP_FN); -} - static unsigned long added_obj_hash(const ADDED_OBJ *ca) { @@ -417,51 +366,42 @@ OBJ_nid2ln(int n) LCRYPTO_ALIAS(OBJ_nid2ln); static int -obj_cmp(const ASN1_OBJECT * const *ap, const unsigned int *bp) +obj_objs_cmp(const void *aobj, const void *b) { - const ASN1_OBJECT *a = *ap; - const ASN1_OBJECT *b = &nid_objs[*bp]; + const unsigned int *nid = b; - return OBJ_cmp(a, b); -} - -static int -obj_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) -{ - const ASN1_OBJECT * const *a = a_; - unsigned int const *b = b_; - return obj_cmp(a, b); -} - -static unsigned int * -OBJ_bsearch_obj(const ASN1_OBJECT * *key, unsigned int const *base, int num) -{ - return (unsigned int *)OBJ_bsearch_(key, base, num, sizeof(unsigned int), - obj_cmp_BSEARCH_CMP_FN); + return OBJ_cmp(aobj, &nid_objs[*nid]); } int -OBJ_obj2nid(const ASN1_OBJECT *a) +OBJ_obj2nid(const ASN1_OBJECT *aobj) { - const unsigned int *op; - ADDED_OBJ ad, *adp; + const unsigned int *nid; - if (a == NULL || a->length == 0) - return (NID_undef); - if (a->nid != NID_undef) - return (a->nid); + if (aobj == NULL || aobj->length == 0) + return NID_undef; + if (aobj->nid != NID_undef) + return aobj->nid; + + /* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */ if (added != NULL) { - ad.type = ADDED_DATA; - ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->nid); + ADDED_OBJ needle = { + .type = ADDED_DATA, + .obj = (ASN1_OBJECT *)aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj->nid; } - op = OBJ_bsearch_obj(&a, obj_objs, NUM_OBJ); - if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + + /* obj_objs holds built-in obj NIDs in ascending OBJ_cmp() order. */ + nid = bsearch(aobj, obj_objs, NUM_OBJ, sizeof(unsigned int), obj_objs_cmp); + if (nid != NULL) + return *nid; + + return NID_undef; } LCRYPTO_ALIAS(OBJ_obj2nid); @@ -506,49 +446,77 @@ OBJ_txt2nid(const char *s) } LCRYPTO_ALIAS(OBJ_txt2nid); -int -OBJ_ln2nid(const char *s) +static int +ln_objs_cmp(const void *ln, const void *b) { - ASN1_OBJECT o; - const ASN1_OBJECT *oo = &o; - ADDED_OBJ ad, *adp; - const unsigned int *op; + const unsigned int *nid = b; - o.ln = s; + return strcmp(ln, nid_objs[*nid].ln); +} + +int +OBJ_ln2nid(const char *ln) +{ + const unsigned int *nid; + + /* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */ if (added != NULL) { - ad.type = ADDED_LNAME; - ad.obj = &o; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->nid); + ASN1_OBJECT aobj = { + .ln = ln, + }; + ADDED_OBJ needle = { + .type = ADDED_LNAME, + .obj = &aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj->nid; } - op = OBJ_bsearch_ln(&oo, ln_objs, NUM_LN); - if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + + /* ln_objs holds NIDs in ascending alphabetical order of LN. */ + nid = bsearch(ln, ln_objs, NUM_LN, sizeof(unsigned int), ln_objs_cmp); + if (nid != NULL) + return *nid; + + return NID_undef; } LCRYPTO_ALIAS(OBJ_ln2nid); -int -OBJ_sn2nid(const char *s) +static int +sn_objs_cmp(const void *sn, const void *b) { - ASN1_OBJECT o; - const ASN1_OBJECT *oo = &o; - ADDED_OBJ ad, *adp; - const unsigned int *op; + const unsigned int *nid = b; - o.sn = s; + return strcmp(sn, nid_objs[*nid].sn); +} + +int +OBJ_sn2nid(const char *sn) +{ + const unsigned int *nid; + + /* XXX - locking. OpenSSL 3 moved this after built-in object lookup. */ if (added != NULL) { - ad.type = ADDED_SNAME; - ad.obj = &o; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return (adp->obj->nid); + ASN1_OBJECT aobj = { + .sn = sn, + }; + ADDED_OBJ needle = { + .type = ADDED_SNAME, + .obj = &aobj, + }; + ADDED_OBJ *found; + + if ((found = lh_ADDED_OBJ_retrieve(added, &needle)) != NULL) + return found->obj->nid; } - op = OBJ_bsearch_sn(&oo, sn_objs, NUM_SN); - if (op == NULL) - return (NID_undef); - return (nid_objs[*op].nid); + + /* sn_objs holds NIDs in ascending alphabetical order of SN. */ + nid = bsearch(sn, sn_objs, NUM_SN, sizeof(unsigned int), sn_objs_cmp); + if (nid != NULL) + return *nid; + + return NID_undef; } LCRYPTO_ALIAS(OBJ_sn2nid); diff --git a/lib/libutil/imsg_init.3 b/lib/libutil/imsg_init.3 index 5b02f5a4a..c581f3a6e 100644 --- a/lib/libutil/imsg_init.3 +++ b/lib/libutil/imsg_init.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: imsg_init.3,v 1.31 2023/12/12 15:49:21 claudio Exp $ +.\" $OpenBSD: imsg_init.3,v 1.32 2023/12/13 00:37:42 jsg Exp $ .\" .\" Copyright (c) 2023 Claudio Jeker .\" Copyright (c) 2010 Nicholas Marriott @@ -15,7 +15,7 @@ .\" IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING .\" OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: December 12 2023 $ +.Dd $Mdocdate: December 13 2023 $ .Dt IMSG_INIT 3 .Os .Sh NAME @@ -226,7 +226,7 @@ forwards a just received .Fa msg unaltered on .Fa imsgbuf . -Any attached filedescriptor is closed. +Any attached file descriptor is closed. .Pp .Fn imsg_flush calls diff --git a/regress/lib/libcrypto/x509/constraints.c b/regress/lib/libcrypto/x509/constraints.c index 6677b58c1..16e135bb4 100644 --- a/regress/lib/libcrypto/x509/constraints.c +++ b/regress/lib/libcrypto/x509/constraints.c @@ -1,4 +1,4 @@ -/* $OpenBSD: constraints.c,v 1.17 2023/10/01 04:48:39 tb Exp $ */ +/* $OpenBSD: constraints.c,v 1.18 2023/12/13 05:59:50 tb Exp $ */ /* * Copyright (c) 2020 Bob Beck * @@ -95,7 +95,7 @@ unsigned char *invalid_hostnames[] = { "-p3nbsd.org", "openbs-.org", "openbsd\n.org", - "open\178bsd.org", + "open\177bsd.org", "open\255bsd.org", "*.openbsd.org", NULL, diff --git a/regress/lib/libcrypto/x509/rfc3779/rfc3779.c b/regress/lib/libcrypto/x509/rfc3779/rfc3779.c index 33808d43e..1274df745 100644 --- a/regress/lib/libcrypto/x509/rfc3779/rfc3779.c +++ b/regress/lib/libcrypto/x509/rfc3779/rfc3779.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rfc3779.c,v 1.9 2023/04/20 07:39:17 tb Exp $ */ +/* $OpenBSD: rfc3779.c,v 1.10 2023/12/13 07:19:37 tb Exp $ */ /* * Copyright (c) 2021 Theo Buehler * @@ -361,10 +361,10 @@ IPAddrBlocks_free(IPAddrBlocks *addr) * extensions on each call. */ -static const ASN1_ITEM_EXP * +static ASN1_ITEM_EXP * get_IPAddrBlocks_it(void) { - static const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + static ASN1_ITEM_EXP *my_IPAddrBlocks_it; const X509V3_EXT_METHOD *v3_addr; if (my_IPAddrBlocks_it != NULL) @@ -383,7 +383,7 @@ get_IPAddrBlocks_it(void) static IPAddrBlocks * d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len) { - const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + ASN1_ITEM_EXP *my_IPAddrBlocks_it; if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL) return NULL; @@ -395,7 +395,7 @@ d2i_IPAddrBlocks(IPAddrBlocks **addrs, const unsigned char **in, long len) static int i2d_IPAddrBlocks(IPAddrBlocks *addrs, unsigned char **out) { - const ASN1_ITEM_EXP *my_IPAddrBlocks_it; + ASN1_ITEM_EXP *my_IPAddrBlocks_it; if ((my_IPAddrBlocks_it = get_IPAddrBlocks_it()) == NULL) return -1; diff --git a/regress/lib/libcrypto/x509/x509_asn1.c b/regress/lib/libcrypto/x509/x509_asn1.c index c7753623f..f3a4ad063 100644 --- a/regress/lib/libcrypto/x509/x509_asn1.c +++ b/regress/lib/libcrypto/x509/x509_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_asn1.c,v 1.20 2023/06/05 18:32:06 job Exp $ */ +/* $OpenBSD: x509_asn1.c,v 1.21 2023/12/13 05:57:37 tb Exp $ */ /* * Copyright (c) 2023 Job Snijders * @@ -29,37 +29,6 @@ #include #include -static const struct fnnames { - char *name; - void (*fn); -} fnnames[] = { - { "X509_set_version", X509_set_version }, - { "X509_set_serialNumber", X509_set_serialNumber }, - { "X509_set_issuer_name", X509_set_issuer_name }, - { "X509_set_subject_name", X509_set_subject_name }, - { "X509_set_notBefore", X509_set_notBefore }, - { "X509_set_notAfter", X509_set_notAfter }, - { "X509_set_pubkey", X509_set_pubkey }, - { "X509_CRL_set_version", X509_CRL_set_version }, - { "X509_CRL_set_issuer_name", X509_CRL_set_issuer_name }, - { "X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate }, - { "X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate }, - { "X509_REQ_add_extensions", X509_REQ_add_extensions }, - { "X509_REQ_add1_attr", X509_REQ_add1_attr }, - { NULL, NULL } -}; - -static void -lookup_and_err(void (*fn)) -{ - int i; - - for (i = 0; fnnames[i].name; i++) { - if (fnnames[i].fn == fn) - errx(1, "%s failed", fnnames[i].name); - } -} - static void x509_setup(unsigned char **der, unsigned char **der2, X509 **x, long dersz, long *der2sz) @@ -83,7 +52,8 @@ x509_cleanup(X509 **x, unsigned char **der) } static void -x509_set_integer(int (*f)(X509 *, ASN1_INTEGER *), X509 **x, int i) +x509_set_integer(const char *descr, int (*f)(X509 *, ASN1_INTEGER *), X509 **x, + int i) { ASN1_INTEGER *ai; @@ -92,13 +62,13 @@ x509_set_integer(int (*f)(X509 *, ASN1_INTEGER *), X509 **x, int i) if (!ASN1_INTEGER_set(ai, i)) errx(1, "ASN1_INTEGER_set"); if (!f(*x, ai)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); ASN1_INTEGER_free(ai); } static void -x509_set_name(int (*f)(X509 *, X509_NAME *), X509 **x, +x509_set_name(const char *descr, int (*f)(X509 *, X509_NAME *), X509 **x, const unsigned char *n) { X509_NAME *xn; @@ -108,20 +78,21 @@ x509_set_name(int (*f)(X509 *, X509_NAME *), X509 **x, if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0)) errx(1, "X509_NAME_add_entry_by_txt"); if (!f(*x, xn)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); X509_NAME_free(xn); } static void -x509_set_time(int (*f)(X509 *, const ASN1_TIME *), X509 **x, int t) +x509_set_time(const char *descr, int (*f)(X509 *, const ASN1_TIME *), X509 **x, + int t) { ASN1_TIME *at; if ((at = X509_gmtime_adj(NULL, t)) == NULL) errx(1, "X509_gmtime_adj"); if (!f(*x, at)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); ASN1_TIME_free(at); } @@ -172,8 +143,8 @@ x509_crl_cleanup(X509_CRL **xc, unsigned char **der) } static void -x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc, - const unsigned char *n) +x509_crl_set_name(const char *descr, int (*f)(X509_CRL *, X509_NAME *), + X509_CRL **xc, const unsigned char *n) { X509_NAME *xn; @@ -182,20 +153,21 @@ x509_crl_set_name(int (*f)(X509_CRL *, X509_NAME *), X509_CRL **xc, if (!X509_NAME_add_entry_by_txt(xn, "C", MBSTRING_ASC, n, -1, -1, 0)) errx(1, "X509_NAME_add_entry_by_txt"); if (!f(*xc, xn)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); X509_NAME_free(xn); } static void -x509_crl_set_time(int (*f)(X509_CRL *, const ASN1_TIME *), X509_CRL **xc, int t) +x509_crl_set_time(const char *descr, int (*f)(X509_CRL *, const ASN1_TIME *), + X509_CRL **xc, int t) { ASN1_TIME *at; if ((at = X509_gmtime_adj(NULL, t)) == NULL) errx(1, "X509_gmtime_adj"); if (!f(*xc, at)) - lookup_and_err(f); + errx(1, "%s: %s failed", __func__, descr); ASN1_TIME_free(at); } @@ -247,11 +219,11 @@ test_x509_setters(void) if (X509_set_pubkey(x, pkey) != 1) errx(1, "X509_set_pubkey"); - x509_set_integer(X509_set_serialNumber, &x, 1); - x509_set_time(X509_set_notBefore, &x, 0); - x509_set_time(X509_set_notAfter, &x, 60); - x509_set_name(X509_set_issuer_name, &x, "NL"); - x509_set_name(X509_set_subject_name, &x, "BE"); + x509_set_integer("X509_set_serialNumber", X509_set_serialNumber, &x, 1); + x509_set_time("X509_set_notBefore", X509_set_notBefore, &x, 0); + x509_set_time("X509_set_notAfter", X509_set_notAfter, &x, 60); + x509_set_name("X509_set_issuer_name", X509_set_issuer_name, &x, "NL"); + x509_set_name("X509_set_subject_name", X509_set_subject_name, &x, "BE"); /* one time creation of the original DER */ if (!X509_sign(x, pkey, EVP_sha256())) @@ -268,31 +240,31 @@ test_x509_setters(void) /* test X509_set_serialNumber */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_integer(X509_set_serialNumber, &a, 2); + x509_set_integer("X509_set_serialNumber", X509_set_serialNumber, &a, 2); failed |= x509_compare("X509_set_serialNumber", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_issuer_name */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_name(X509_set_issuer_name, &a, "DE"); + x509_set_name("X509_set_issuer_name", X509_set_issuer_name, &a, "DE"); failed |= x509_compare("X509_set_issuer_name", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_subject_name */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_name(X509_set_subject_name, &a, "FR"); + x509_set_name("X509_set_subject_name", X509_set_subject_name, &a, "FR"); failed |= x509_compare("X509_set_subject_name", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_notBefore */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_time(X509_set_notBefore, &a, 120); + x509_set_time("X509_set_notBefore", X509_set_notBefore, &a, 120); failed |= x509_compare("X509_set_notBefore", a, der2, der2sz); x509_cleanup(&a, &der2); /* test X509_set_notAfter */ x509_setup(&der, &der2, &a, dersz, &der2sz); - x509_set_time(X509_set_notAfter, &a, 180); + x509_set_time("X509_set_notAfter", X509_set_notAfter, &a, 180); failed |= x509_compare("X509_set_notAfter", a, der2, der2sz); x509_cleanup(&a, &der2); @@ -335,9 +307,12 @@ test_x509_crl_setters(void) if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) errx(1, "EVP_PKEY_keygen"); - x509_crl_set_time(X509_CRL_set_lastUpdate, &xc, 0); - x509_crl_set_time(X509_CRL_set_nextUpdate, &xc, 60); - x509_crl_set_name(X509_CRL_set_issuer_name, &xc, "NL"); + x509_crl_set_time("X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate, + &xc, 0); + x509_crl_set_time("X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate, + &xc, 60); + x509_crl_set_name("X509_CRL_set_issuer_name", X509_CRL_set_issuer_name, + &xc, "NL"); /* one time creation of the original DER */ if (!X509_CRL_sign(xc, pkey, EVP_sha256())) @@ -354,20 +329,23 @@ test_x509_crl_setters(void) /* test X509_CRL_set_issuer_name */ x509_crl_setup(&der, &der2, &ac, dersz, &der2sz); - x509_crl_set_name(X509_CRL_set_issuer_name, &ac, "DE"); + x509_crl_set_name("X509_CRL_set_issuer_name", X509_CRL_set_issuer_name, + &ac, "DE"); failed |= x509_crl_compare("X509_CRL_set_issuer_name", ac, der2, der2sz); x509_crl_cleanup(&ac, &der2); /* test X509_CRL_set_lastUpdate */ x509_crl_setup(&der, &der2, &ac, dersz, &der2sz); - x509_crl_set_time(X509_CRL_set_lastUpdate, &ac, 120); + x509_crl_set_time("X509_CRL_set_lastUpdate", X509_CRL_set_lastUpdate, + &ac, 120); failed |= x509_crl_compare("X509_CRL_set_lastUpdate", ac, der2, der2sz); x509_crl_cleanup(&ac, &der2); /* test X509_CRL_set_nextUpdate */ x509_crl_setup(&der, &der2, &ac, dersz, &der2sz); - x509_crl_set_time(X509_CRL_set_nextUpdate, &ac, 180); + x509_crl_set_time("X509_CRL_set_nextUpdate", X509_CRL_set_nextUpdate, + &ac, 180); failed |= x509_crl_compare("X509_CRL_set_nextUpdate", ac, der2, der2sz); x509_crl_cleanup(&ac, &der2); diff --git a/regress/lib/libssl/tlsext/tlsexttest.c b/regress/lib/libssl/tlsext/tlsexttest.c index e4da328c6..778fd0729 100644 --- a/regress/lib/libssl/tlsext/tlsexttest.c +++ b/regress/lib/libssl/tlsext/tlsexttest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tlsexttest.c,v 1.82 2023/07/05 17:30:14 tb Exp $ */ +/* $OpenBSD: tlsexttest.c,v 1.83 2023/12/13 06:00:28 tb Exp $ */ /* * Copyright (c) 2017 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -4367,7 +4367,7 @@ static const struct tls_sni_test tls_sni_tests[] = { .valid = 0, }, { - .hostname = "open\178bsd.org", + .hostname = "open\177bsd.org", .valid = 0, }, { diff --git a/regress/usr.bin/ftp/Makefile b/regress/usr.bin/ftp/Makefile index e27c4550a..a1138ba3e 100644 --- a/regress/usr.bin/ftp/Makefile +++ b/regress/usr.bin/ftp/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 2010/07/14 06:19:26 halex Exp $ +# $OpenBSD: Makefile,v 1.3 2023/12/13 12:14:10 kn Exp $ REGRESS_TARGETS= \ ${DASHO_TARGETS:C/^/t-dasho-/} \ @@ -47,19 +47,7 @@ t-dasho-11: t-dasho-12: ${dasho} "-V -o./- ${xfile}" 0 "" "" "[-] XXXX" -t-dasho-13: - ${dasho} "-V -oX -o '' ${xfile}" 0 "" "" "[X] XXXX" - -t-dasho-14: - ${dasho} "-V -o- -o '' ${dfile}" 0 "" "" "[-] DASH" - -t-dasho-15: - ${dasho} "-V -oX -o '' ${xfile}" 0 "" "" "[X] XXXX" - -t-dasho-16: - ${dasho} "-V -o- -o '' ${dfile}" 0 "" "" "[-] DASH" - -DASHO_TARGETS=1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 +DASHO_TARGETS=1 2 3 4 5 6 7 8 9 10 11 12 rport1?= 9000 diff --git a/share/man/man9/ktrace.9 b/share/man/man9/ktrace.9 index f4fa00758..36fbc29a1 100644 --- a/share/man/man9/ktrace.9 +++ b/share/man/man9/ktrace.9 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ktrace.9,v 1.13 2022/08/04 06:20:24 jsg Exp $ +.\" $OpenBSD: ktrace.9,v 1.14 2023/12/13 06:39:10 jmc Exp $ .\" .\" Copyright (c) 2003 Michael Shalayeff .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: August 4 2022 $ +.Dd $Mdocdate: December 13 2023 $ .Dt KTRACE 9 .Os .Sh NAME @@ -145,7 +145,6 @@ The process tracing facility is implemented in .Sh SEE ALSO .Xr errno 2 , .Xr ktrace 2 , -.Xr syscall 2 , .Xr namei 9 , .Xr syscall 9 .Sh HISTORY diff --git a/share/man/man9/syscall.9 b/share/man/man9/syscall.9 index aef3c0014..32bad940c 100644 --- a/share/man/man9/syscall.9 +++ b/share/man/man9/syscall.9 @@ -1,4 +1,4 @@ -.\" $OpenBSD: syscall.9,v 1.15 2019/05/14 13:17:09 schwarze Exp $ +.\" $OpenBSD: syscall.9,v 1.16 2023/12/13 06:39:10 jmc Exp $ .\" .\" Copyright (c) 2003 Michael Shalayeff .\" @@ -23,7 +23,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: May 14 2019 $ +.Dd $Mdocdate: December 13 2023 $ .Dt SYSCALL 9 .Os .Sh NAME @@ -235,7 +235,6 @@ Machine-independent syscall entry end return handling. .El .Sh SEE ALSO .Xr ktrace 2 , -.Xr syscall 2 , .Xr ktrace 9 , .Xr sysctl_int 9 .Sh HISTORY diff --git a/sys/arch/arm/arm/syscall.c b/sys/arch/arm/arm/syscall.c index 3879834e2..0252626ee 100644 --- a/sys/arch/arm/arm/syscall.c +++ b/sys/arch/arm/arm/syscall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall.c,v 1.27 2023/12/12 15:30:55 deraadt Exp $ */ +/* $OpenBSD: syscall.c,v 1.28 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: syscall.c,v 1.24 2003/11/14 19:03:17 scw Exp $ */ /*- @@ -114,7 +114,7 @@ swi_handler(trapframe_t *frame) code = frame->tf_r12; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; nargs = callp->sy_argsize / sizeof(register_t); diff --git a/sys/arch/arm64/arm64/syscall.c b/sys/arch/arm64/arm64/syscall.c index eec3777d2..675423d1c 100644 --- a/sys/arch/arm64/arm64/syscall.c +++ b/sys/arch/arm64/arm64/syscall.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syscall.c,v 1.15 2023/12/12 15:30:55 deraadt Exp $ */ +/* $OpenBSD: syscall.c,v 1.17 2023/12/13 15:57:22 miod Exp $ */ /* * Copyright (c) 2015 Dale Rahn * @@ -33,7 +33,7 @@ svc_handler(trapframe_t *frame) { struct proc *p = curproc; const struct sysent *callp; - int code, error = ENOSYS, indirect = -1; + int code, error = ENOSYS; u_int nap = 8, nargs; register_t *ap, *args, copyargs[MAXARGS], rval[2]; @@ -50,7 +50,7 @@ svc_handler(trapframe_t *frame) ap = &frame->tf_x[0]; - if (code < 0 || code >= SYS_MAXSYSCALL) + if (code <= 0 || code >= SYS_MAXSYSCALL) goto bad; callp = sysent + code; diff --git a/sys/arch/i386/i386/trap.c b/sys/arch/i386/i386/trap.c index 69860df90..73634e238 100644 --- a/sys/arch/i386/i386/trap.c +++ b/sys/arch/i386/i386/trap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: trap.c,v 1.163 2023/12/12 15:30:55 deraadt Exp $ */ +/* $OpenBSD: trap.c,v 1.164 2023/12/13 15:57:22 miod Exp $ */ /* $NetBSD: trap.c,v 1.95 1996/05/05 06:50:02 mycroft Exp $ */ /*- @@ -544,7 +544,7 @@ syscall(struct trapframe *frame) code = frame->tf_eax; // XXX out of range stays on syscall0, which we assume is enosys - if (code >= 0 || code <= SYS_MAXSYSCALL) + if (code > 0 && code < SYS_MAXSYSCALL) callp += code; argsize = callp->sy_argsize; diff --git a/usr.bin/ftp/main.c b/usr.bin/ftp/main.c index 53e588efe..2aecd5ad3 100644 --- a/usr.bin/ftp/main.c +++ b/usr.bin/ftp/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.143 2023/11/30 14:52:00 kn Exp $ */ +/* $OpenBSD: main.c,v 1.144 2023/12/12 22:00:43 kn Exp $ */ /* $NetBSD: main.c,v 1.24 1997/08/18 10:20:26 lukem Exp $ */ /* @@ -502,14 +502,8 @@ main(volatile int argc, char *argv[]) case 'o': outfile = optarg; - if (*outfile == '\0') { - pipeout = 0; - outfile = NULL; - ttyout = stdout; - } else { - pipeout = strcmp(outfile, "-") == 0; - ttyout = pipeout ? stderr : stdout; - } + pipeout = strcmp(outfile, "-") == 0; + ttyout = pipeout ? stderr : stdout; break; case 'p': diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index 3bf4d6c1a..a7198755f 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.368 2023/10/12 02:15:53 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.369 2023/12/13 03:28:19 djm Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -135,7 +135,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port, } if (options.known_hosts_command != NULL) { load_hostkeys_command(hostkeys, options.known_hosts_command, - "ORDER", cinfo, NULL, host); + "ORDER", cinfo, NULL, hostname); } /* * If a plain public key exists that matches the type of the best diff --git a/usr.sbin/ospf6d/ospfe.c b/usr.sbin/ospf6d/ospfe.c index e10926de6..a2a161a98 100644 --- a/usr.sbin/ospf6d/ospfe.c +++ b/usr.sbin/ospf6d/ospfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfe.c,v 1.70 2023/07/03 09:51:38 claudio Exp $ */ +/* $OpenBSD: ospfe.c,v 1.71 2023/12/13 15:34:43 claudio Exp $ */ /* * Copyright (c) 2005 Claudio Jeker @@ -401,7 +401,7 @@ ospfe_dispatch_main(int fd, short event, void *bula) control_imsg_relay(&imsg); break; case IMSG_CONTROLFD: - if ((fd = imsg.fd) == -1) + if ((fd = imsg_get_fd(&imsg)) == -1) fatalx("%s: expected to receive imsg control" "fd but didn't receive any", __func__); /* Listen on control socket. */ diff --git a/usr.sbin/ospfd/ospfe.c b/usr.sbin/ospfd/ospfe.c index 0cc8470de..575dbb898 100644 --- a/usr.sbin/ospfd/ospfe.c +++ b/usr.sbin/ospfd/ospfe.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ospfe.c,v 1.113 2023/07/03 09:40:47 claudio Exp $ */ +/* $OpenBSD: ospfe.c,v 1.114 2023/12/13 15:34:27 claudio Exp $ */ /* * Copyright (c) 2005 Claudio Jeker @@ -452,7 +452,7 @@ ospfe_dispatch_main(int fd, short event, void *bula) control_imsg_relay(&imsg); break; case IMSG_CONTROLFD: - if ((fd = imsg.fd) == -1) + if ((fd = imsg_get_fd(&imsg)) == -1) fatalx("%s: expected to receive imsg control" "fd but didn't receive any", __func__); /* Listen on control socket. */ diff --git a/usr.sbin/syspatch/syspatch.sh b/usr.sbin/syspatch/syspatch.sh index 6475f3f37..57eaee205 100644 --- a/usr.sbin/syspatch/syspatch.sh +++ b/usr.sbin/syspatch/syspatch.sh @@ -1,6 +1,6 @@ #!/bin/ksh # -# $OpenBSD: syspatch.sh,v 1.167 2020/12/07 21:19:28 ajacoutot Exp $ +# $OpenBSD: syspatch.sh,v 1.168 2023/12/13 17:50:23 ajacoutot Exp $ # # Copyright (c) 2016, 2017 Antoine Jacoutot # @@ -34,7 +34,7 @@ usage() apply_patch() { - local _edir _file _files _patch=$1 _rc=0 _s _upself=false + local _edir _file _files _kernel _patch=$1 _rc=0 _s _upself=false [[ -n ${_patch} ]] _edir=${_TMP}/${_patch} @@ -45,7 +45,8 @@ apply_patch() echo "Installing patch ${_patch##${_OSrev}-}" install -d ${_edir} ${_PDIR}/${_patch} - (($(sysctl -n hw.ncpufound) > 1)) && + _kernel=$(sysctl -n kern.osversion) + [[ ${_kernel%#*} == "GENERIC.MP" ]] && _s="-s @usr/share/relink/kernel/GENERIC/.*@@g" || _s="-s @usr/share/relink/kernel/GENERIC.MP/.*@@g" _files="$(tar -xvzphf ${_TMP}/syspatch${_patch}.tgz -C ${_edir} \