From e26320a0e2e37915978898fd89c8fcfbd073bcfa Mon Sep 17 00:00:00 2001 From: purplerain Date: Thu, 27 Jun 2024 00:27:56 +0000 Subject: [PATCH] sync with OpenBSD -current --- lib/libssl/ssl_tlsext.c | 9 +++++---- sys/dev/ic/nvmevar.h | 3 +-- sys/kern/uipc_usrreq.c | 12 ++++-------- usr.bin/ssh/scp.c | 4 +++- usr.bin/ssh/sftp.c | 4 +++- usr.bin/ssh/sshd-session.c | 13 +++++++++++-- usr.sbin/bgpd/version.h | 4 ++-- 7 files changed, 29 insertions(+), 20 deletions(-) diff --git a/lib/libssl/ssl_tlsext.c b/lib/libssl/ssl_tlsext.c index 64f82b7df..d0d67598d 100644 --- a/lib/libssl/ssl_tlsext.c +++ b/lib/libssl/ssl_tlsext.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_tlsext.c,v 1.151 2024/06/25 05:46:48 tb Exp $ */ +/* $OpenBSD: ssl_tlsext.c,v 1.153 2024/06/26 03:41:10 tb Exp $ */ /* * Copyright (c) 2016, 2017, 2019 Joel Sing * Copyright (c) 2017 Doug Hogan @@ -2368,7 +2368,8 @@ tls_extension_find(uint16_t type, size_t *tls_extensions_idx) for (i = 0; i < N_TLS_EXTENSIONS; i++) { if (tls_extensions[i].type == type) { - *tls_extensions_idx = i; + if (tls_extensions_idx != NULL) + *tls_extensions_idx = i; return &tls_extensions[i]; } } @@ -2409,7 +2410,7 @@ int tlsext_randomize_build_order(SSL *s) { const struct tls_extension *psk_ext; - size_t idx, new_idx, psk_idx; + size_t idx, new_idx; size_t alpn_idx = 0, sni_idx = 0; free(s->tlsext_build_order); @@ -2422,7 +2423,7 @@ tlsext_randomize_build_order(SSL *s) /* RFC 8446, section 4.2 - PSK MUST be the last extension in the CH. */ if ((psk_ext = tls_extension_find(TLSEXT_TYPE_pre_shared_key, - &psk_idx)) == NULL) + NULL)) == NULL) return 0; s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext; diff --git a/sys/dev/ic/nvmevar.h b/sys/dev/ic/nvmevar.h index 4a7c1094e..151370578 100644 --- a/sys/dev/ic/nvmevar.h +++ b/sys/dev/ic/nvmevar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: nvmevar.h,v 1.29 2024/05/13 11:41:52 krw Exp $ */ +/* $OpenBSD: nvmevar.h,v 1.30 2024/06/26 21:41:30 asou Exp $ */ /* * Copyright (c) 2014 David Gwynne @@ -32,7 +32,6 @@ struct nvme_dmamem { #define NVME_DMA_KVA(_ndm) ((void *)(_ndm)->ndm_kva) struct nvme_softc; -struct nvme_queue; struct nvme_ccb { SIMPLEQ_ENTRY(nvme_ccb) ccb_entry; diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 5beb1c433..fee5d29ab 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_usrreq.c,v 1.206 2024/05/03 17:43:09 mvs Exp $ */ +/* $OpenBSD: uipc_usrreq.c,v 1.207 2024/06/26 12:23:36 mvs Exp $ */ /* $NetBSD: uipc_usrreq.c,v 1.18 1996/02/09 19:00:50 christos Exp $ */ /* @@ -761,26 +761,22 @@ unp_detach(struct unpcb *unp) unp->unp_vnode = NULL; - /* - * Enforce `i_lock' -> `solock()' lock order. - */ - sounlock(so); - rw_enter_write(&unp_gc_lock); LIST_REMOVE(unp, unp_link); rw_exit_write(&unp_gc_lock); if (vp != NULL) { + /* Enforce `i_lock' -> solock() lock order. */ + sounlock(so); VOP_LOCK(vp, LK_EXCLUSIVE); vp->v_socket = NULL; KERNEL_LOCK(); vput(vp); KERNEL_UNLOCK(); + solock(so); } - solock(so); - if (unp->unp_conn != NULL) { /* * Datagram socket could be connected to itself. diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index e7c4da1ad..40b006a36 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: scp.c,v 1.260 2023/10/11 05:42:08 djm Exp $ */ +/* $OpenBSD: scp.c,v 1.261 2024/06/26 23:14:14 deraadt Exp $ */ /* * scp - secure remote copy. This is basically patched BSD rcp which * uses ssh to do the data transfer (instead of using rcmd). @@ -194,9 +194,11 @@ suspone(int pid, int signo) static void suspchild(int signo) { + int save_errno = errno; suspone(do_cmd_pid, signo); suspone(do_cmd_pid2, signo); kill(getpid(), SIGSTOP); + errno = save_errno; } static int diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index 67b0fcfbf..933e938c0 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sftp.c,v 1.238 2024/04/30 06:16:55 djm Exp $ */ +/* $OpenBSD: sftp.c,v 1.239 2024/06/26 23:14:14 deraadt Exp $ */ /* * Copyright (c) 2001-2004 Damien Miller * @@ -213,12 +213,14 @@ killchild(int signo) static void suspchild(int signo) { + int save_errno = errno; if (sshpid > 1) { kill(sshpid, signo); while (waitpid(sshpid, NULL, WUNTRACED) == -1 && errno == EINTR) continue; } kill(getpid(), SIGSTOP); + errno = save_errno; } static void diff --git a/usr.bin/ssh/sshd-session.c b/usr.bin/ssh/sshd-session.c index e75b4f80b..54b7a8f71 100644 --- a/usr.bin/ssh/sshd-session.c +++ b/usr.bin/ssh/sshd-session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd-session.c,v 1.3 2024/06/06 17:15:25 djm Exp $ */ +/* $OpenBSD: sshd-session.c,v 1.4 2024/06/26 23:16:52 deraadt Exp $ */ /* * SSH2 implementation: * Privilege Separation: @@ -176,6 +176,8 @@ static void do_ssh2_kex(struct ssh *); /* * Signal handler for the alarm after the login grace period has expired. + * As usual, this may only take signal-safe actions, even though it is + * terminal. */ static void grace_alarm_handler(int sig) @@ -185,7 +187,14 @@ grace_alarm_handler(int sig) * keys command helpers or privsep children. */ if (getpgid(0) == getpid()) { - ssh_signal(SIGTERM, SIG_IGN); + struct sigaction sa; + + /* mask all other signals while in handler */ + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = SIG_IGN; + sigfillset(&sa.sa_mask); + sa.sa_flags = SA_RESTART; + (void)sigaction(SIGTERM, &sa, NULL); kill(0, SIGTERM); } _exit(EXIT_LOGIN_GRACE); diff --git a/usr.sbin/bgpd/version.h b/usr.sbin/bgpd/version.h index aee2b9223..46045c016 100644 --- a/usr.sbin/bgpd/version.h +++ b/usr.sbin/bgpd/version.h @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.15 2024/03/01 16:23:37 claudio Exp $ */ +/* $OpenBSD: version.h,v 1.16 2024/06/26 08:28:45 claudio Exp $ */ -#define BGPD_VERSION "8.4" +#define BGPD_VERSION "8.5"