SecBSD
/
src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

This commit is contained in:
purplerain 2023-11-29 12:09:41 +00:00
parent 388947454d
commit 8b84d503c1
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
17 changed files with 446 additions and 330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
lib/libssl/s3_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: s3_lib.c,v 1.246 2023/07/08 16:40:13 beck Exp $ */
/* $OpenBSD: s3_lib.c,v 1.248 2023/11/29 13:39:34 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -150,6 +150,7 @@
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <openssl/bn.h>
#include <openssl/curve25519.h>
@ -1413,18 +1414,26 @@ ssl3_get_cipher(unsigned int u)
return (NULL);
}
const SSL_CIPHER *
ssl3_get_cipher_by_id(unsigned int id)
static int
ssl3_cipher_id_cmp(const void *id, const void *cipher)
{
const SSL_CIPHER *cp;
SSL_CIPHER c;
unsigned long a = *(const unsigned long *)id;
unsigned long b = ((const SSL_CIPHER *)cipher)->id;
c.id = id;
cp = OBJ_bsearch_ssl_cipher_id(&c, ssl3_ciphers, SSL3_NUM_CIPHERS);
if (cp != NULL && cp->valid == 1)
return (cp);
return a < b ? -1 : a > b;
}
return (NULL);
const SSL_CIPHER *
ssl3_get_cipher_by_id(unsigned long id)
{
const SSL_CIPHER *cipher;
cipher = bsearch(&id, ssl3_ciphers, SSL3_NUM_CIPHERS, sizeof(*cipher),
ssl3_cipher_id_cmp);
if (cipher != NULL && cipher->valid == 1)
return cipher;
return NULL;
}
const SSL_CIPHER *

29
lib/libssl/ssl_lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_lib.c,v 1.316 2023/11/25 12:05:08 tb Exp $ */
/* $OpenBSD: ssl_lib.c,v 1.317 2023/11/29 13:39:34 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -3638,30 +3638,3 @@ SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy)
/* Not supported. */
}
LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint);
static int
ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b)
{
long l;
l = a->id - b->id;
if (l == 0L)
return (0);
else
return ((l > 0) ? 1:-1);
}
static int
ssl_cipher_id_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_)
{
SSL_CIPHER const *a = a_;
SSL_CIPHER const *b = b_;
return ssl_cipher_id_cmp(a, b);
}
SSL_CIPHER *
OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
{
return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
ssl_cipher_id_cmp_BSEARCH_CMP_FN);
}

6
lib/libssl/ssl_local.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssl_local.h,v 1.9 2023/11/25 12:05:08 tb Exp $ */
/* $OpenBSD: ssl_local.h,v 1.11 2023/11/29 13:39:34 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@ -1304,8 +1304,6 @@ SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int include_ticket);
int ssl_get_new_session(SSL *s, int session);
int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block,
int *alert);
SSL_CIPHER *OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base,
int num);
int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb);
STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs);
STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
@ -1344,7 +1342,7 @@ int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
int ssl3_num_ciphers(void);
const SSL_CIPHER *ssl3_get_cipher(unsigned int u);
const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned int id);
const SSL_CIPHER *ssl3_get_cipher_by_id(unsigned long id);
const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
uint16_t ssl3_cipher_get_value(const SSL_CIPHER *c);
int ssl3_renegotiate(SSL *ssl);

18
share/man/man4/mpii.4
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: mpii.4,v 1.16 2022/10/18 07:04:20 kn Exp $
.\" $OpenBSD: mpii.4,v 1.17 2023/11/29 06:59:23 jmatthew Exp $
.\"
.\" Copyright (c) 2010 Marco Peereboom <marco@openbsd.org>
.\" Copyright (c) 2009 David Gwynne <dlg@openbsd.org>
@ -15,7 +15,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd $Mdocdate: October 18 2022 $
.Dd $Mdocdate: November 29 2023 $
.Dt MPII 4
.Os
.Sh NAME
@ -43,24 +43,30 @@ LSISAS3108,
LSISAS3408,
LSISAS3416,
LSISAS3508,
LSISAS3516
LSISAS3516,
LSISAS3808,
LSISAS3816,
LSISAS3908,
LSISAS3916
.El
.Pp
These chipsets can be found on the following controllers:
.Pp
.Bl -dash -offset indent -compact
.It
Dell PERC H200, HBA330, 12Gbps SAS HBA
Dell PERC H200, HBA330, HBA345, HBA350, HBA355, 12Gbps SAS HBA
.It
IBM ServeRAID H1110
.It
Lenovo N2215, ThinkSystem 430
Lenovo N2215, ThinkSystem 430, ThinkSystem 440
.It
LSI SAS 9200-8e, SAS 9207-8i, SAS 9211-4i, SAS 9211-8i
.It
Broadcom SAS 9300, HBA 9400
Broadcom SAS 9300, HBA 9400, HBA 9500
.It
Oracle SPARC T Series Platforms
.It
Supermicro AOC-S3808, AOC-S3816
.El
.Pp
Some models of these controllers carry an Integrated RAID (IR) firmware

8
sys/dev/acpi/acpivar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: acpivar.h,v 1.124 2023/07/07 07:37:59 claudio Exp $ */
/* $OpenBSD: acpivar.h,v 1.125 2023/11/29 03:41:31 jsg Exp $ */
/*
* Copyright (c) 2005 Thorsten Lockert <tholo@sigmasoft.com>
*
@ -69,9 +69,9 @@ struct acpi_attach_args {
struct aml_node *aaa_node;
const char *aaa_dev;
const char *aaa_cdev;
uint64_t aaa_addr[4];
uint64_t aaa_size[4];
bus_space_tag_t aaa_bst[4];
uint64_t aaa_addr[8];
uint64_t aaa_size[8];
bus_space_tag_t aaa_bst[8];
int aaa_naddr;
uint32_t aaa_irq[8];
uint32_t aaa_irq_flags[8];

38
sys/dev/pci/mpii.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mpii.c,v 1.146 2023/07/06 10:17:43 visa Exp $ */
/* $OpenBSD: mpii.c,v 1.147 2023/11/29 06:54:09 jmatthew Exp $ */
/*
* Copyright (c) 2010, 2012 Mike Belopuhov
* Copyright (c) 2009 James Giannoules
@ -162,6 +162,7 @@ struct mpii_softc {
int sc_flags;
#define MPII_F_RAID (1<<1)
#define MPII_F_SAS3 (1<<2)
#define MPII_F_AERO (1<<3)
struct scsibus_softc *sc_scsibus;
unsigned int sc_pending;
@ -433,7 +434,11 @@ static const struct pci_matchid mpii_devices[] = {
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS3508 },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS3508_1 },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS3516 },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS3516_1 }
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS3516_1 },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS38XX },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS38XX_1 },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS39XX },
{ PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS39XX_1 },
};
int
@ -494,6 +499,15 @@ mpii_attach(struct device *parent, struct device *self, void *aux)
}
printf(": %s\n", pci_intr_string(sc->sc_pc, ih));
switch (PCI_PRODUCT(pa->pa_id)) {
case PCI_PRODUCT_SYMBIOS_SAS38XX:
case PCI_PRODUCT_SYMBIOS_SAS38XX_1:
case PCI_PRODUCT_SYMBIOS_SAS39XX:
case PCI_PRODUCT_SYMBIOS_SAS39XX_1:
SET(sc->sc_flags, MPII_F_AERO);
break;
}
if (mpii_iocfacts(sc) != 0) {
printf("%s: unable to get iocfacts\n", DEVNAME(sc));
goto unmap;
@ -963,10 +977,24 @@ u_int32_t
mpii_read(struct mpii_softc *sc, bus_size_t r)
{
u_int32_t rv;
int i;
bus_space_barrier(sc->sc_iot, sc->sc_ioh, r, 4,
BUS_SPACE_BARRIER_READ);
rv = bus_space_read_4(sc->sc_iot, sc->sc_ioh, r);
if (ISSET(sc->sc_flags, MPII_F_AERO)) {
i = 0;
do {
if (i > 0)
DNPRINTF(MPII_D_RW, "%s: mpii_read retry %d\n",
DEVNAME(sc), i);
bus_space_barrier(sc->sc_iot, sc->sc_ioh, r, 4,
BUS_SPACE_BARRIER_READ);
rv = bus_space_read_4(sc->sc_iot, sc->sc_ioh, r);
i++;
} while (rv == 0 && i < 3);
} else {
bus_space_barrier(sc->sc_iot, sc->sc_ioh, r, 4,
BUS_SPACE_BARRIER_READ);
rv = bus_space_read_4(sc->sc_iot, sc->sc_ioh, r);
}
DNPRINTF(MPII_D_RW, "%s: mpii_read %#lx %#x\n", DEVNAME(sc), r, rv);

6
sys/dev/pci/pcidevs
View File

@ -1,4 +1,4 @@
$OpenBSD: pcidevs,v 1.2057 2023/11/26 05:47:21 jsg Exp $
$OpenBSD: pcidevs,v 1.2058 2023/11/29 06:46:29 jmatthew Exp $
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
/*
@ -9120,6 +9120,10 @@ product SYMBIOS SAS3416 0x00ac SAS3416
product SYMBIOS SAS3508 0x00ad SAS3508
product SYMBIOS SAS3508_1 0x00ae SAS3508
product SYMBIOS SAS3408 0x00af SAS3408
product SYMBIOS SAS39XX 0x00e1 SAS39XX
product SYMBIOS SAS39XX_1 0x00e2 SAS39XX
product SYMBIOS SAS38XX 0x00e5 SAS38XX
product SYMBIOS SAS38XX_1 0x00e6 SAS38XX
product SYMBIOS MEGARAID_320 0x0407 MegaRAID 320
product SYMBIOS MEGARAID_3202E 0x0408 MegaRAID 320-2E
product SYMBIOS MEGARAID_SATA 0x0409 MegaRAID SATA 4x/8x

6
sys/dev/pci/pcidevs.h
View File

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: pcidevs,v 1.2057 2023/11/26 05:47:21 jsg Exp
* OpenBSD: pcidevs,v 1.2058 2023/11/29 06:46:29 jmatthew Exp
*/
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -9125,6 +9125,10 @@
#define PCI_PRODUCT_SYMBIOS_SAS3508 0x00ad /* SAS3508 */
#define PCI_PRODUCT_SYMBIOS_SAS3508_1 0x00ae /* SAS3508 */
#define PCI_PRODUCT_SYMBIOS_SAS3408 0x00af /* SAS3408 */
#define PCI_PRODUCT_SYMBIOS_SAS39XX 0x00e1 /* SAS39XX */
#define PCI_PRODUCT_SYMBIOS_SAS39XX_1 0x00e2 /* SAS39XX */
#define PCI_PRODUCT_SYMBIOS_SAS38XX 0x00e5 /* SAS38XX */
#define PCI_PRODUCT_SYMBIOS_SAS38XX_1 0x00e6 /* SAS38XX */
#define PCI_PRODUCT_SYMBIOS_MEGARAID_320 0x0407 /* MegaRAID 320 */
#define PCI_PRODUCT_SYMBIOS_MEGARAID_3202E 0x0408 /* MegaRAID 320-2E */
#define PCI_PRODUCT_SYMBIOS_MEGARAID_SATA 0x0409 /* MegaRAID SATA 4x/8x */

18
sys/dev/pci/pcidevs_data.h
View File

@ -2,7 +2,7 @@
* THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT.
*
* generated from:
* OpenBSD: pcidevs,v 1.2057 2023/11/26 05:47:21 jsg Exp
* OpenBSD: pcidevs,v 1.2058 2023/11/29 06:46:29 jmatthew Exp
*/
/* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */
@ -32767,6 +32767,22 @@ static const struct pci_known_product pci_known_products[] = {
PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS3408,
"SAS3408",
},
{
PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS39XX,
"SAS39XX",
},
{
PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS39XX_1,
"SAS39XX",
},
{
PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS38XX,
"SAS38XX",
},
{
PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_SAS38XX_1,
"SAS38XX",
},
{
PCI_VENDOR_SYMBIOS, PCI_PRODUCT_SYMBIOS_MEGARAID_320,
"MegaRAID 320",

25
sys/kern/kern_malloc.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: kern_malloc.c,v 1.148 2022/08/14 01:58:27 jsg Exp $ */
/* $OpenBSD: kern_malloc.c,v 1.149 2023/11/29 11:47:15 claudio Exp $ */
/* $NetBSD: kern_malloc.c,v 1.15.4.2 1996/06/13 17:10:56 cgd Exp $ */
/*
@ -88,18 +88,13 @@ struct vm_map *kmem_map = NULL;
u_int nkmempages = NKMEMPAGES;
/*
* Defaults for lower- and upper-bounds for the kmem_map page count.
* Defaults for upper-bounds for the kmem_map page count.
* Can be overridden by kernel config options.
*/
#ifndef NKMEMPAGES_MIN
#define NKMEMPAGES_MIN 0
#endif
u_int nkmempages_min = 0;
#ifndef NKMEMPAGES_MAX
#define NKMEMPAGES_MAX NKMEMPAGES_MAX_DEFAULT
#endif
u_int nkmempages_max = 0;
u_int nkmempages_max = NKMEMPAGES_MAX;
struct mutex malloc_mtx = MUTEX_INITIALIZER(IPL_VM);
struct kmembuckets bucket[MINBUCKET + 16];
@ -517,17 +512,6 @@ kmeminit_nkmempages(void)
return;
}
/*
* We can't initialize these variables at compilation time, since
* the page size may not be known (on sparc GENERIC kernels, for
* example). But we still want the MD code to be able to provide
* better values.
*/
if (nkmempages_min == 0)
nkmempages_min = NKMEMPAGES_MIN;
if (nkmempages_max == 0)
nkmempages_max = NKMEMPAGES_MAX;
/*
* We use the following (simple) formula:
*
@ -542,9 +526,6 @@ kmeminit_nkmempages(void)
if (npages > nkmempages_max)
npages = nkmempages_max;
if (npages < nkmempages_min)
npages = nkmempages_min;
nkmempages = npages;
}

6
usr.bin/awk/FIXES
View File

@ -25,6 +25,12 @@ THIS SOFTWARE.
This file lists all bug fixes, changes, etc., made since the
second edition of the AWK book was published in September 2023.
Nov 27, 2023:
Fix exit status of system on MacOS. update to REGRESS.
Thanks to Arnold Robbins.
Fix inconsistent handling of -F and --csv, and loss of csv
mode when FS is set. Thanks to Wilbert van der Poel.
Nov 24, 2023:
Fix issue #199: gototab improvements to dynamically resize the
table, qsort and bsearch to improve the lookup speed as the

2
usr.bin/awk/README.md
View File

@ -32,8 +32,6 @@ Aribtrary characters may be included with `\u` followed by 1 to 8 hexadecimal di
### Regular expressions ###
Regular expressions may include UTF-8 code points, including `\u`.
Character classes are likely to be limited to about 256 characters
when expanded.
### CSV ###

4
usr.bin/awk/lib.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: lib.c,v 1.54 2023/10/30 17:52:54 millert Exp $ */
/* $OpenBSD: lib.c,v 1.55 2023/11/28 20:54:38 millert Exp $ */
/****************************************************************
Copyright (C) Lucent Technologies 1997
All Rights Reserved
@ -396,7 +396,7 @@ void fldbld(void) /* create fields from current record */
i = 0; /* number of fields accumulated here */
if (inputFS == NULL) /* make sure we have a copy of FS */
savefs();
if (strlen(inputFS) > 1) { /* it's a regular expression */
if (!CSV && strlen(inputFS) > 1) { /* it's a regular expression */
i = refldbld(r, inputFS);
} else if (!CSV && (sep = *inputFS) == ' ') { /* default whitespace */
for (i = 0; ; ) {

8
usr.bin/awk/main.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: main.c,v 1.66 2023/11/25 16:31:33 millert Exp $ */
/* $OpenBSD: main.c,v 1.67 2023/11/28 20:54:38 millert Exp $ */
/****************************************************************
Copyright (C) Lucent Technologies 1997
All Rights Reserved
@ -23,7 +23,7 @@ ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF
THIS SOFTWARE.
****************************************************************/
const char *version = "version 20231124";
const char *version = "version 20231127";
#define DEBUG
#include <stdio.h>
@ -180,6 +180,8 @@ int main(int argc, char *argv[])
}
if (strcmp(argv[1], "--csv") == 0) { /* turn on csv input processing */
CSV = true;
if (fs)
WARNING("danger: don't set FS when --csv is in effect");
argc--;
argv++;
continue;
@ -201,6 +203,8 @@ int main(int argc, char *argv[])
break;
case 'F': /* set field separator */
fs = setfs(getarg(&argc, &argv, "no field separator"));
if (CSV)
WARNING("danger: don't set FS when --csv is in effect");
break;
case 'v': /* -v a=1 to be done NOW. one -v for each */
vn = getarg(&argc, &argv, "no variable name");

16
usr.bin/awk/run.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: run.c,v 1.82 2023/11/25 16:31:33 millert Exp $ */
/* $OpenBSD: run.c,v 1.83 2023/11/28 20:54:38 millert Exp $ */
/****************************************************************
Copyright (C) Lucent Technologies 1997
All Rights Reserved
@ -2069,6 +2069,7 @@ Cell *bltin(Node **a, int n) /* builtin functions. a[0] is type, a[1] is arg lis
int status = 0;
time_t tv;
struct tm *tm, tmbuf;
int estatus = 0;
t = ptoi(a[0]);
x = execute(a[1]);
@ -2169,20 +2170,21 @@ Cell *bltin(Node **a, int n) /* builtin functions. a[0] is type, a[1] is arg lis
break;
case FSYSTEM:
fflush(stdout); /* in case something is buffered already */
status = system(getsval(x));
u = status;
estatus = status = system(getsval(x));
if (status != -1) {
if (WIFEXITED(status)) {
u = WEXITSTATUS(status);
estatus = WEXITSTATUS(status);
} else if (WIFSIGNALED(status)) {
u = WTERMSIG(status) + 256;
estatus = WTERMSIG(status) + 256;
#ifdef WCOREDUMP
if (WCOREDUMP(status))
u += 256;
estatus += 256;
#endif
} else /* something else?!? */
u = 0;
estatus = 0;
}
/* else estatus was set to -1 */
u = estatus;
break;
case FRAND:
/* random() returns numbers in [0..2^31-1]

50
usr.sbin/pkg_add/package.5
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: package.5,v 1.32 2022/12/28 21:30:18 jmc Exp $
.\" $OpenBSD: package.5,v 1.33 2023/11/29 14:32:01 espie Exp $
.\" Copyright (c) 2005-2006 Marc Espie <espie@openbsd.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
@ -12,12 +12,14 @@
.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.Dd $Mdocdate: December 28 2022 $
.Dd $Mdocdate: November 29 2023 $
.Dt PACKAGE 5
.Os
.Sh NAME
.Nm package
.Nd format for OpenBSD binary packages
.Nm package ,
.Nm packing-list ,
.Nm plist
.Nd format for OpenBSD binary packages and packing-lists
.Sh DESCRIPTION
Binary packages for
.Ox
@ -54,12 +56,19 @@ devices.
.Pp
In order to allow just-in-time extraction,
packages always begin with a table of contents, named
.Pa +CONTENTS .
.Pa +CONTENTS ,
nicknamed
.Nm packing-list
.Po
.Nm plist
for short
.Pc .
This table of contents can be read using the API described in
.Xr OpenBSD::PackingList 3p .
.Pp
All the remaining information in the archive should be referenced in
the packing-list, including all relevant information: symlinks destinations,
All the remaining information in the archive should be referenced in the
.Nm packing-list ,
including symlinks destinations,
special permissions, and file owners
.Po
.Xr pkg_create 1
@ -97,13 +106,17 @@ Starting with
.Ox 5.6 ,
tarballs are stored
.Qq out-of-order :
each archive entry will match an entry in the packing-list (and all file-like
entries will be matched), but the order will be adjusted so that most recently
changed files come first, in order to allow faster updates.
each archive entry will match an entry in the
.Nm packing-list
(and all file-like entries will be matched), but the order will be adjusted
so that most recently changed files come first, in order to allow
faster updates.
.Pp
Starting with
.Ox 5.7 ,
by default, timestamps are stored directly in the packing-list as
by default, timestamps are stored directly in the
.Nm packing-list
as
.Cm @ts
annotations.
The files in the archive will have a null timestamp.
@ -185,7 +198,8 @@ Some options are automatically inserted/modified by the package tools:
.Bl -tag -width indent
.It Ar always-update
.Xr pkg_create 1
will complete the option line with a sha256 digest of the whole packing-list
will complete the option line with a sha256 digest of the whole
.Nm packing-list
encoded in base64.
.It Ar firmware
Set by
@ -259,12 +273,9 @@ All information within a package is checksummed, using SHA256 since
.Ox 4.4 .
During creation and installation, meta-information, such as file owners and
permissions, are also checked: any important stuff that isn't recorded
in the packing-list is an error.
.Pp
Packing-lists can be signed.
If a signature is found, then it will be checked
during installation, and failure to verify will prevent the package from
installing correctly.
in the
.Nm packing-list
is an error.
.Pp
Starting with
.Ox 6.1 ,
@ -288,4 +299,5 @@ Packages are valid gzip'ed ustar archives that can be extracted using
In particular, hardlink names should be valid, and all items will
extract to different names.
However, it may be a bit difficult to make sense of the package contents
without peeking at the packing-list.
without peeking at the
.Nm packing-list .

507
usr.sbin/relayd/relay_http.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: relay_http.c,v 1.84 2022/12/28 21:38:29 jmc Exp $ */
/* $OpenBSD: relay_http.c,v 1.86 2023/11/29 15:35:07 millert Exp $ */
/*
* Copyright (c) 2006 - 2016 Reyk Floeter <reyk@openbsd.org>
@ -161,6 +161,20 @@ relay_httpdesc_free(struct http_descriptor *desc)
desc->http_lastheader = NULL;
}
static int
relay_http_header_name_valid(const char *name)
{
/*
* RFC 9110 specifies that only the following characters are
* permitted within HTTP header field names.
*/
const char token_chars[] = "!#$%&'*+-.^_`|~0123456789"
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
const size_t len = strspn(name, token_chars);
return (name[len] == '\0');
}
void
relay_read_http(struct bufferevent *bev, void *arg)
{
@ -196,10 +210,15 @@ relay_read_http(struct bufferevent *bev, void *arg)
goto done;
}
while (!cre->done) {
for (;;) {
line = evbuffer_readln(src, &linelen, EVBUFFER_EOL_CRLF);
if (line == NULL)
if (line == NULL) {
/*
* We do not process the last header on premature
* EOF as it may not be complete.
*/
break;
}
/*
* An empty line indicates the end of the request.
@ -208,35 +227,168 @@ relay_read_http(struct bufferevent *bev, void *arg)
if (linelen == 0) {
cre->done = 1;
free(line);
line = NULL;
if (cre->line > 1) {
/* Process last (complete) header line. */
goto last_header;
}
break;
}
key = line;
/* Limit the total header length minus \r\n */
cre->headerlen += linelen;
if (cre->headerlen > proto->httpheaderlen) {
free(line);
relay_abort_http(con, 413,
"request headers too large", 0);
return;
goto abort;
}
/* Reject requests with an embedded NUL byte. */
if (memchr(line, '\0', linelen) != NULL) {
relay_abort_http(con, 400, "malformed", 0);
goto abort;
}
hs = con->se_priv;
DPRINTF("%s: session %d http_session %p", __func__,
con->se_id, hs);
/*
* The first line is the GET/POST/PUT/... request,
* subsequent lines are HTTP headers.
*/
if (++cre->line == 1)
value = strchr(key, ' ');
else if (*key == ' ' || *key == '\t')
/* Multiline headers wrap with a space or tab */
value = NULL;
else
value = strchr(key, ':');
if (value == NULL) {
if (cre->line <= 2) {
free(line);
if (++cre->line == 1) {
key = line;
if ((value = strchr(key, ' ')) == NULL) {
relay_abort_http(con, 400, "malformed", 0);
return;
goto abort;
}
*value++ = '\0';
if (cre->dir == RELAY_DIR_RESPONSE) {
desc->http_method = HTTP_METHOD_RESPONSE;
hmn = SIMPLEQ_FIRST(&hs->hs_methods);
/*
* There is nothing preventing the relay from
* sending an unbalanced response. Be prepared.
*/
if (hmn == NULL) {
request_method = HTTP_METHOD_NONE;
DPRINTF("%s: session %d unbalanced "
"response", __func__, con->se_id);
} else {
SIMPLEQ_REMOVE_HEAD(&hs->hs_methods,
hmn_entry);
request_method = hmn->hmn_method;
DPRINTF("%s: session %d dequeuing %s",
__func__, con->se_id,
relay_httpmethod_byid(request_method));
free(hmn);
}
/*
* Decode response path and query
*/
desc->http_version = strdup(key);
if (desc->http_version == NULL) {
free(line);
goto fail;
}
desc->http_rescode = strdup(value);
if (desc->http_rescode == NULL) {
free(line);
goto fail;
}
desc->http_resmesg = strchr(desc->http_rescode,
' ');
if (desc->http_resmesg == NULL) {
free(line);
goto fail;
}
*desc->http_resmesg++ = '\0';
desc->http_resmesg = strdup(desc->http_resmesg);
if (desc->http_resmesg == NULL) {
free(line);
goto fail;
}
desc->http_status = strtonum(desc->http_rescode,
100, 599, &errstr);
if (errstr) {
DPRINTF(
"%s: http_status %s: errno %d, %s",
__func__, desc->http_rescode, errno,
errstr);
free(line);
goto fail;
}
DPRINTF("http_version %s http_rescode %s "
"http_resmesg %s", desc->http_version,
desc->http_rescode, desc->http_resmesg);
} else if (cre->dir == RELAY_DIR_REQUEST) {
desc->http_method =
relay_httpmethod_byname(key);
if (desc->http_method == HTTP_METHOD_NONE) {
free(line);
goto fail;
}
if ((hmn = calloc(1, sizeof *hmn)) == NULL) {
free(line);
goto fail;
}
hmn->hmn_method = desc->http_method;
DPRINTF("%s: session %d enqueuing %s",
__func__, con->se_id,
relay_httpmethod_byid(hmn->hmn_method));
SIMPLEQ_INSERT_TAIL(&hs->hs_methods, hmn,
hmn_entry);
/*
* Decode request path and query
*/
desc->http_path = strdup(value);
if (desc->http_path == NULL) {
free(line);
goto fail;
}
desc->http_version = strchr(desc->http_path,
' ');
if (desc->http_version == NULL) {
free(line);
goto fail;
}
*desc->http_version++ = '\0';
desc->http_query = strchr(desc->http_path, '?');
if (desc->http_query != NULL)
*desc->http_query++ = '\0';
/*
* Have to allocate the strings because they
* could be changed independently by the
* filters later.
*/
if ((desc->http_version =
strdup(desc->http_version)) == NULL) {
free(line);
goto fail;
}
if (desc->http_query != NULL &&
(desc->http_query =
strdup(desc->http_query)) == NULL) {
free(line);
goto fail;
}
}
free(line);
continue;
}
/* Multiline headers wrap with a space or tab. */
if (*line == ' ' || *line == '\t') {
if (cre->line == 2) {
/* First header line cannot start with space. */
relay_abort_http(con, 400, "malformed", 0);
goto abort;
}
/* Append line to the last header, if present */
@ -249,220 +401,134 @@ relay_read_http(struct bufferevent *bev, void *arg)
free(line);
continue;
}
if (*value == ':') {
*value++ = '\0';
value += strspn(value, " \t\r\n");
} else {
*value++ = '\0';
}
DPRINTF("%s: session %d: header '%s: %s'", __func__,
con->se_id, key, value);
/* Process the last complete header line. */
last_header:
if (desc->http_lastheader != NULL) {
key = desc->http_lastheader->kv_key;
value = desc->http_lastheader->kv_value;
hs = con->se_priv;
DPRINTF("%s: session %d http_session %p", __func__,
con->se_id, hs);
DPRINTF("%s: session %d: header '%s: %s'", __func__,
con->se_id, key, value);
/*
* Identify and handle specific HTTP request methods
*/
if (cre->line == 1 && cre->dir == RELAY_DIR_RESPONSE) {
desc->http_method = HTTP_METHOD_RESPONSE;
hmn = SIMPLEQ_FIRST(&hs->hs_methods);
/*
* There is nothing preventing the relay to send
* an unbalanced response. Be prepared.
*/
if (hmn == NULL) {
request_method = HTTP_METHOD_NONE;
DPRINTF("%s: session %d unbalanced response",
__func__, con->se_id);
} else {
SIMPLEQ_REMOVE_HEAD(&hs->hs_methods, hmn_entry);
request_method = hmn->hmn_method;
DPRINTF("%s: session %d dequeuing %s", __func__,
con->se_id,
relay_httpmethod_byid(request_method));
free(hmn);
}
/*
* Decode response path and query
*/
desc->http_version = strdup(line);
if (desc->http_version == NULL) {
free(line);
goto fail;
}
desc->http_rescode = strdup(value);
if (desc->http_rescode == NULL) {
free(line);
goto fail;
}
desc->http_resmesg = strchr(desc->http_rescode, ' ');
if (desc->http_resmesg == NULL) {
free(line);
goto fail;
}
*desc->http_resmesg++ = '\0';
if ((desc->http_resmesg = strdup(desc->http_resmesg))
== NULL) {
free(line);
goto fail;
}
desc->http_status = strtonum(desc->http_rescode, 100,
599, &errstr);
if (errstr) {
DPRINTF("%s: http_status %s: errno %d, %s",
__func__, desc->http_rescode, errno,
errstr);
free(line);
goto fail;
}
DPRINTF("http_version %s http_rescode %s "
"http_resmesg %s", desc->http_version,
desc->http_rescode, desc->http_resmesg);
goto lookup;
} else if (cre->line == 1 && cre->dir == RELAY_DIR_REQUEST) {
if ((desc->http_method = relay_httpmethod_byname(key))
== HTTP_METHOD_NONE) {
free(line);
goto fail;
}
if ((hmn = calloc(1, sizeof *hmn)) == NULL) {
free(line);
goto fail;
}
hmn->hmn_method = desc->http_method;
DPRINTF("%s: session %d enqueuing %s", __func__,
con->se_id,
relay_httpmethod_byid(hmn->hmn_method));
SIMPLEQ_INSERT_TAIL(&hs->hs_methods, hmn, hmn_entry);
/*
* Decode request path and query
*/
desc->http_path = strdup(value);
if (desc->http_path == NULL) {
free(line);
goto fail;
}
desc->http_version = strchr(desc->http_path, ' ');
if (desc->http_version == NULL) {
free(line);
goto fail;
}
*desc->http_version++ = '\0';
desc->http_query = strchr(desc->http_path, '?');
if (desc->http_query != NULL)
*desc->http_query++ = '\0';
/*
* Have to allocate the strings because they could
* be changed independently by the filters later.
*/
if ((desc->http_version =
strdup(desc->http_version)) == NULL) {
free(line);
goto fail;
}
if (desc->http_query != NULL &&
(desc->http_query =
strdup(desc->http_query)) == NULL) {
free(line);
goto fail;
}
} else if (desc->http_method != HTTP_METHOD_NONE &&
strcasecmp("Content-Length", key) == 0) {
/*
* These methods should not have a body
* and thus no Content-Length header.
*/
if (desc->http_method == HTTP_METHOD_TRACE ||
desc->http_method == HTTP_METHOD_CONNECT) {
relay_abort_http(con, 400, "malformed", 0);
goto abort;
}
/*
* HEAD responses may provide a Content-Length header,
* but if so it should just be ignored, since there is
* no actual payload in the response.
*/
if (desc->http_method != HTTP_METHOD_RESPONSE
|| request_method != HTTP_METHOD_HEAD) {
if (desc->http_method != HTTP_METHOD_NONE &&
strcasecmp("Content-Length", key) == 0) {
/*
* Need to read data from the client after the
* HTTP header.
* XXX What about non-standard clients not
* using the carriage return? And some browsers
* seem to include the line length in the
* content-length.
* These methods should not have a body
* and thus no Content-Length header.
*/
cre->toread = strtonum(value, 0, LLONG_MAX,
&errstr);
if (errstr) {
relay_abort_http(con, 500, errstr, 0);
if (desc->http_method == HTTP_METHOD_TRACE ||
desc->http_method == HTTP_METHOD_CONNECT) {
relay_abort_http(con, 400, "malformed",
0);
goto abort;
}
/*
* HEAD responses may provide a Content-Length
* header, but if so it should just be ignored,
* since there is no actual payload in the
* response.
*/
if (desc->http_method != HTTP_METHOD_RESPONSE
|| request_method != HTTP_METHOD_HEAD) {
/*
* Need to read data from the client
* after the HTTP header.
* XXX What about non-standard clients
* not using the carriage return? And
* some browsers seem to include the
* line length in the content-length.
*/
if (*value == '+' || *value == '-') {
errstr = "invalid";
} else {
cre->toread = strtonum(value, 0,
LLONG_MAX, &errstr);
}
if (errstr) {
relay_abort_http(con, 500,
errstr, 0);
goto abort;
}
}
/*
* Response with a status code of 1xx
* (Informational) or 204 (No Content) MUST
* not have a Content-Length (rfc 7230 3.3.3)
* Instead we check for value != 0 because there
* are servers that do not follow the rfc and
* send Content-Length: 0.
*/
if (desc->http_method == HTTP_METHOD_RESPONSE &&
(((desc->http_status >= 100 &&
desc->http_status < 200) ||
desc->http_status == 204)) &&
cre->toread != 0) {
relay_abort_http(con, 502,
"Bad Gateway", 0);
goto abort;
}
}
/*
* response with a status code of 1xx
* (Informational) or 204 (No Content) MUST
* not have a Content-Length (rfc 7230 3.3.3)
* Instead we check for value != 0 because there are
* servers that do not follow the rfc and send
* Content-Length: 0.
*/
if (desc->http_method == HTTP_METHOD_RESPONSE && (
((desc->http_status >= 100 &&
desc->http_status < 200) ||
desc->http_status == 204)) &&
cre->toread != 0) {
relay_abort_http(con, 502,
"Bad Gateway", 0);
goto abort;
}
}
lookup:
if (strcasecmp("Transfer-Encoding", key) == 0 &&
strcasecmp("chunked", value) == 0)
desc->http_chunked = 1;
/* The following header should only occur once */
if (strcasecmp("Host", key) == 0) {
unique = 1;
/*
* The path may contain a URL. The host in the
* URL has to match the Host: value.
*/
if (parse_url(desc->http_path,
&urlproto, &host, &path) == 0) {
ret = strcasecmp(host, value);
free(urlproto);
free(host);
free(path);
if (ret != 0) {
if (strcasecmp("Transfer-Encoding", key) == 0) {
/* We don't support other encodings. */
if (strcasecmp("chunked", value) != 0) {
relay_abort_http(con, 400,
"malformed host", 0);
"malformed", 0);
goto abort;
}
desc->http_chunked = 1;
}
} else
unique = 0;
if (cre->line != 1) {
if ((hdr = kv_add(&desc->http_headers, key,
value, unique)) == NULL) {
relay_abort_http(con, 400,
"malformed header", 0);
goto abort;
if (strcasecmp("Host", key) == 0) {
/*
* The path may contain a URL. The host in the
* URL has to match the Host: value.
*/
if (parse_url(desc->http_path,
&urlproto, &host, &path) == 0) {
ret = strcasecmp(host, value);
free(urlproto);
free(host);
free(path);
if (ret != 0) {
relay_abort_http(con, 400,
"malformed host", 0);
goto abort;
}
}
}
desc->http_lastheader = hdr;
}
if (cre->done)
break;
/* Validate header field name and check for missing value. */
key = line;
if ((value = strchr(line, ':')) == NULL) {
relay_abort_http(con, 400, "malformed", 0);
goto abort;
}
*value++ = '\0';
value += strspn(value, " \t\r\n");
if (!relay_http_header_name_valid(key)) {
relay_abort_http(con, 400, "malformed", 0);
goto abort;
}
/* The "Host" header must only occur once. */
unique = strcasecmp("Host", key) == 0;
if ((hdr = kv_add(&desc->http_headers, key,
value, unique)) == NULL) {
relay_abort_http(con, 400, "malformed header", 0);
goto abort;
}
desc->http_lastheader = hdr;
free(line);
}
if (cre->done) {
if (desc->http_method == HTTP_METHOD_NONE) {
relay_abort_http(con, 406, "no method", 0);
@ -721,7 +787,7 @@ relay_read_httpchunks(struct bufferevent *bev, void *arg)
struct rsession *con = cre->con;
struct protocol *proto = con->se_relay->rl_proto;
struct evbuffer *src = EVBUFFER_INPUT(bev);
char *line;
char *line, *ep;
long long llval;
size_t size, linelen;
@ -766,10 +832,19 @@ relay_read_httpchunks(struct bufferevent *bev, void *arg)
}
/*
* Read prepended chunk size in hex, ignore the trailer.
* Read prepended chunk size in hex without leading +0[Xx].
* The returned signed value must not be negative.
*/
if (sscanf(line, "%llx", &llval) != 1 || llval < 0) {
if (line[0] == '+' || line[0] == '-' ||
(line[0] == '0' && (line[1] == 'x' || line[1] == 'X'))) {
/* Reject values like 0xdead and 0XBEEF or +FEED. */
ep = line;
} else {
errno = 0;
llval = strtoll(line, &ep, 16);
}
if (ep == line || *ep != '\0' || llval < 0 ||
(errno == ERANGE && llval == LLONG_MAX)) {
free(line);
relay_close(con, "invalid chunk size", 1);
return;