commit: 2a1b8ab63fa49462529a7a86fc0e3b88e535dcaa
parent 131aab560632f3b8ce9fe1833050e6a31c9531fd
Author: Michael Forney <mforney@mforney.org>
Date: Fri, 18 Feb 2022 02:32:44 -0800
openbsd: Update to 7.0
Diffstat:
12 files changed, 156 insertions(+), 150 deletions(-)
diff --git a/pkg/openbsd/gen.lua b/pkg/openbsd/gen.lua
@@ -94,8 +94,8 @@ man{'bin/pax/pax.1', 'bin/pax/tar.1', 'bin/pax/cpio.1'}
exe('rsync', [[
usr.bin/rsync/(
blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c
- io.c log.c mkpath.c mktemp.c receiver.c sender.c server.c session.c
- socket.c symlinks.c uploader.c main.c misc.c md4.c
+ io.c log.c main.c md4.c misc.c mkpath.c mktemp.c receiver.c rmatch.c
+ rules.c sender.c server.c session.c socket.c symlinks.c uploader.c
)
libbsd.a
]])
diff --git a/pkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch b/pkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch
@@ -1,4 +1,4 @@
-From 3eac1566f49c5edb13c41009b571b1b391f5f841 Mon Sep 17 00:00:00 2001
+From dc1adc29e491a5e2cc3befb26ac6230b1551ad7b Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Sun, 26 Feb 2017 16:50:55 -0800
Subject: [PATCH] doas: Port to linux/musl
@@ -27,12 +27,12 @@ Simplify handling of PATH in the environment since we don't have
login.conf with per-user default PATH.
---
usr.bin/doas/doas.1 | 9 ---
- usr.bin/doas/doas.c | 159 ++++++++++++++---------------------------
+ usr.bin/doas/doas.c | 163 +++++++++++++----------------------------
usr.bin/doas/doas.h | 6 +-
usr.bin/doas/env.c | 17 ++---
usr.bin/doas/parse.y | 1 +
- usr.bin/doas/persist.c | 133 ++++++++++++++++++++++++++++++++++
- 6 files changed, 196 insertions(+), 129 deletions(-)
+ usr.bin/doas/persist.c | 133 +++++++++++++++++++++++++++++++++
+ 6 files changed, 196 insertions(+), 133 deletions(-)
create mode 100644 usr.bin/doas/persist.c
diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1
@@ -63,7 +63,7 @@ index 4d2e09777c8..a91705e8e3f 100644
Parse and check the configuration file
.Ar config ,
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
-index be05be3a968..46b0ceb136b 100644
+index 5d440311ffe..05eb2948c5b 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -20,8 +20,6 @@
@@ -99,11 +99,11 @@ index be05be3a968..46b0ceb136b 100644
" command [args]\n");
exit(1);
}
-@@ -199,23 +206,36 @@ checkconfig(const char *confpath, int argc, char **argv,
- }
+@@ -200,24 +207,35 @@ checkconfig(const char *confpath, int argc, char **argv,
}
-+static int
+ static int
+-authuser(char *myname, char *login_style, int persist)
+verifypasswd(const char *user, const char *pass)
+{
+ struct spwd *sp;
@@ -121,8 +121,7 @@ index be05be3a968..46b0ceb136b 100644
+ return strcmp(p1, p2) == 0;
+}
+
- static void
--authuser(char *myname, char *login_style, int persist)
++static int
+authuser(char *myname, int persist)
{
char *challenge = NULL, *response, rbuf[1024], cbuf[128];
@@ -141,12 +140,14 @@ index be05be3a968..46b0ceb136b 100644
}
- if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
-- &challenge)))
-- errx(1, "Authentication failed");
+- &challenge))) {
+- warnx("Authentication failed");
+- return AUTH_FAILED;
+- }
if (!challenge) {
char host[HOST_NAME_MAX + 1];
if (gethostname(host, sizeof(host)))
-@@ -227,75 +247,31 @@ authuser(char *myname, char *login_style, int persist)
+@@ -229,78 +247,34 @@ authuser(char *myname, char *login_style, int persist)
response = readpassphrase(challenge, rbuf, sizeof(rbuf),
RPP_REQUIRE_TTY);
if (response == NULL && errno == ENOTTY) {
@@ -161,7 +162,8 @@ index be05be3a968..46b0ceb136b 100644
- syslog(LOG_AUTHPRIV | LOG_NOTICE,
- "failed auth for %s", myname);
+ syslog(LOG_NOTICE, "failed auth for %s", myname);
- errx(1, "Authentication failed");
+ warnx("Authentication failed");
+ return AUTH_FAILED;
}
explicit_bzero(rbuf, sizeof(rbuf));
good:
@@ -171,6 +173,8 @@ index be05be3a968..46b0ceb136b 100644
+ setpersist(fd);
close(fd);
}
+
+ return AUTH_OK;
}
-int
@@ -227,8 +231,8 @@ index be05be3a968..46b0ceb136b 100644
struct passwd mypwstore, targpwstore;
struct passwd *mypw, *targpw;
const struct rule *rule;
-@@ -308,28 +284,20 @@ main(int argc, char **argv)
- int nflag = 0;
+@@ -314,28 +288,20 @@ main(int argc, char **argv)
+ int authed = AUTH_FAILED;
char cwdpath[PATH_MAX];
const char *cwd;
- char *login_style = NULL;
@@ -259,7 +263,7 @@ index be05be3a968..46b0ceb136b 100644
case 'u':
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
-@@ -399,47 +367,30 @@ main(int argc, char **argv)
+@@ -405,9 +371,9 @@ main(int argc, char **argv)
cmd = argv[0];
if (!permit(uid, groups, ngroups, &rule, target, cmd,
(const char **)argv + 1)) {
@@ -272,11 +276,18 @@ index be05be3a968..46b0ceb136b 100644
}
if (!(rule->options & NOPASS)) {
- if (nflag)
+@@ -415,8 +381,7 @@ main(int argc, char **argv)
errx(1, "Authentication required");
-- authuser(mypw->pw_name, login_style, rule->options & PERSIST);
-+ authuser(mypw->pw_name, rule->options & PERSIST);
+ for (i = 0; i < AUTH_RETRIES; i++) {
+- authed = authuser(mypw->pw_name, login_style,
+- rule->options & PERSIST);
++ authed = authuser(mypw->pw_name, rule->options & PERSIST);
+ if (authed == AUTH_OK)
+ break;
+ }
+@@ -425,36 +390,18 @@ main(int argc, char **argv)
+ exit(1);
}
- if ((p = getenv("PATH")) != NULL)
@@ -284,9 +295,10 @@ index be05be3a968..46b0ceb136b 100644
- if (formerpath == NULL)
- formerpath = "";
-
-- if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
-- unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
-- err(1, "unveil");
+- if (unveil(_PATH_LOGIN_CONF, "r") == -1)
+- err(1, "unveil %s", _PATH_LOGIN_CONF);
+- if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+- err(1, "unveil %s.db", _PATH_LOGIN_CONF);
- if (rule->cmd) {
- if (setenv("PATH", safepath, 1) == -1)
- err(1, "failed to set PATH '%s'", safepath);
@@ -317,7 +329,7 @@ index be05be3a968..46b0ceb136b 100644
if (pledge("stdio rpath exec", NULL) == -1)
err(1, "pledge");
-@@ -453,23 +404,17 @@ main(int argc, char **argv)
+@@ -468,23 +415,17 @@ main(int argc, char **argv)
err(1, "pledge");
if (!(rule->options & NOLOG)) {
@@ -343,7 +355,7 @@ index be05be3a968..46b0ceb136b 100644
errx(1, "%s: command not found", cmd);
err(1, "%s", cmd);
diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h
-index 0b3585822eb..63254dabfca 100644
+index 3a9bf4d4de2..2a9561b5565 100644
--- a/usr.bin/doas/doas.h
+++ b/usr.bin/doas/doas.h
@@ -29,13 +29,17 @@ extern struct rule **rules;
@@ -560,5 +572,5 @@ index 00000000000..4ad1bf1efbf
+ return 0;
+}
--
-2.31.1
+2.34.1
diff --git a/pkg/openbsd/patch/0023-rsync-Add-missing-includes.patch b/pkg/openbsd/patch/0023-rsync-Add-missing-includes.patch
@@ -1,30 +1,32 @@
-From ca34590e5d0065db581b3b4c05c9c7aea0015dff Mon Sep 17 00:00:00 2001
+From d423093f8dec64533733deb0762353f68b0adeb2 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 14 Jun 2019 12:40:56 -0700
Subject: [PATCH] rsync: Add missing includes
- stdio.h in socket.c for sscanf
+- stdint.h in extern.h for fixed-width integer types
- sys/types.h in extern.h for various type definitions
---
- usr.bin/rsync/extern.h | 2 ++
+ usr.bin/rsync/extern.h | 3 +++
usr.bin/rsync/socket.c | 1 +
- 2 files changed, 3 insertions(+)
+ 2 files changed, 4 insertions(+)
diff --git a/usr.bin/rsync/extern.h b/usr.bin/rsync/extern.h
-index 305821be579..040588003a4 100644
+index 2815f82cf89..a3f2a15b959 100644
--- a/usr.bin/rsync/extern.h
+++ b/usr.bin/rsync/extern.h
-@@ -17,6 +17,8 @@
+@@ -17,6 +17,9 @@
#ifndef EXTERN_H
#define EXTERN_H
++#include <stdint.h>
+#include <sys/types.h>
+
/*
* This is the rsync protocol version that we support.
*/
diff --git a/usr.bin/rsync/socket.c b/usr.bin/rsync/socket.c
-index 36384d063a0..43d8d7d01af 100644
+index 953b229afbc..aa95cce9369 100644
--- a/usr.bin/rsync/socket.c
+++ b/usr.bin/rsync/socket.c
@@ -28,6 +28,7 @@
@@ -36,5 +38,5 @@ index 36384d063a0..43d8d7d01af 100644
#include <unistd.h>
#include <err.h>
--
-2.22.0
+2.34.1
diff --git a/pkg/openbsd/patch/0024-rsync-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch b/pkg/openbsd/patch/0024-rsync-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch
@@ -1,4 +1,4 @@
-From b8ea0a7fc75f79d89f9f225da1112f477419d0bd Mon Sep 17 00:00:00 2001
+From d5670219baefe6769a42984abb93e19d8a43dada Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 14 Jun 2019 12:42:15 -0700
Subject: [PATCH] rsync: Use standard S_ISVTX instead of S_ISTXT
@@ -8,10 +8,10 @@ Subject: [PATCH] rsync: Use standard S_ISVTX instead of S_ISTXT
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/usr.bin/rsync/receiver.c b/usr.bin/rsync/receiver.c
-index 5ffd3458b74..51f9ddf6a5c 100644
+index 6e5b01670cd..67510b3e932 100644
--- a/usr.bin/rsync/receiver.c
+++ b/usr.bin/rsync/receiver.c
-@@ -86,7 +86,7 @@ rsync_set_metadata(struct sess *sess, int newfile,
+@@ -87,7 +87,7 @@ rsync_set_metadata(struct sess *sess, int newfile,
"to user.group: %u.%u", f->path, uid, gid);
} else
LOG4("%s: updated uid and/or gid", f->path);
@@ -20,7 +20,7 @@ index 5ffd3458b74..51f9ddf6a5c 100644
}
/* Conditionally adjust file permissions. */
-@@ -147,7 +147,7 @@ rsync_set_metadata_at(struct sess *sess, int newfile, int rootfd,
+@@ -148,7 +148,7 @@ rsync_set_metadata_at(struct sess *sess, int newfile, int rootfd,
"to user.group: %u.%u", f->path, uid, gid);
} else
LOG4("%s: updated uid and/or gid", f->path);
@@ -30,5 +30,5 @@ index 5ffd3458b74..51f9ddf6a5c 100644
/* Conditionally adjust file permissions. */
--
-2.23.0
+2.34.1
diff --git a/pkg/openbsd/patch/0025-rsync-Avoid-pointer-arithmetic-on-void.patch b/pkg/openbsd/patch/0025-rsync-Avoid-pointer-arithmetic-on-void.patch
@@ -1,4 +1,4 @@
-From 56fcd604ca9bf0ae936307c3e56d232a3daef919 Mon Sep 17 00:00:00 2001
+From 18fa17d3834528f4dd1b1087a765eb4ae9db23a5 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Sat, 15 Jun 2019 20:06:13 -0700
Subject: [PATCH] rsync: Avoid pointer arithmetic on `void *`
@@ -11,7 +11,7 @@ Subject: [PATCH] rsync: Avoid pointer arithmetic on `void *`
4 files changed, 14 insertions(+), 13 deletions(-)
diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c
-index 4f21a41833d..242590e5bae 100644
+index 81874c8cba0..fbb7495acdf 100644
--- a/usr.bin/rsync/blocks.c
+++ b/usr.bin/rsync/blocks.c
@@ -157,7 +157,7 @@ blk_find(struct sess *sess, struct blkstat *st,
@@ -51,7 +51,7 @@ index 4f21a41833d..242590e5bae 100644
st->s2 -= osz * map[0];
diff --git a/usr.bin/rsync/downloader.c b/usr.bin/rsync/downloader.c
-index 9ddb8600a73..36b086f74c8 100644
+index cb84c2bfcd9..c9f0f8e80dc 100644
--- a/usr.bin/rsync/downloader.c
+++ b/usr.bin/rsync/downloader.c
@@ -495,7 +495,7 @@ again:
@@ -64,7 +64,7 @@ index 9ddb8600a73..36b086f74c8 100644
/*
* Now we read from our block.
diff --git a/usr.bin/rsync/io.c b/usr.bin/rsync/io.c
-index 27beba693d4..847af4c4c1b 100644
+index ea35bdb295f..d392e40aeae 100644
--- a/usr.bin/rsync/io.c
+++ b/usr.bin/rsync/io.c
@@ -117,7 +117,7 @@ io_write_blocking(int fd, const void *buf, size_t sz)
@@ -122,7 +122,7 @@ index 27beba693d4..847af4c4c1b 100644
}
diff --git a/usr.bin/rsync/sender.c b/usr.bin/rsync/sender.c
-index 00add6b4e6c..0ac8226816f 100644
+index e2999aa2589..9dd008def01 100644
--- a/usr.bin/rsync/sender.c
+++ b/usr.bin/rsync/sender.c
@@ -128,7 +128,7 @@ send_up_fsm(struct sess *sess, size_t *phase,
@@ -134,7 +134,7 @@ index 00add6b4e6c..0ac8226816f 100644
up->stat.curpos += sz;
if (up->stat.curpos == up->stat.curlen)
-@@ -568,7 +568,8 @@ rsync_sender(struct sess *sess, int fdin,
+@@ -557,7 +557,8 @@ rsync_sender(struct sess *sess, int fdin,
if ((pfd[1].revents & POLLOUT) && wbufsz > 0) {
assert(pfd[2].fd == -1);
assert(wbufsz - wbufpos);
@@ -145,5 +145,5 @@ index 00add6b4e6c..0ac8226816f 100644
ERR("write");
goto out;
--
-2.31.1
+2.34.1
diff --git a/pkg/openbsd/patch/0026-Include-sys-sysmacros.h-if-necessary.patch b/pkg/openbsd/patch/0026-Include-sys-sysmacros.h-if-necessary.patch
@@ -1,4 +1,4 @@
-From a8d547a2cf005a00a111394464fc2692f426ceed Mon Sep 17 00:00:00 2001
+From 0d3a091280d0874fb561c83431803eb2489876cb Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Mon, 5 Aug 2019 21:42:54 -0700
Subject: [PATCH] Include sys/sysmacros.h if necessary
@@ -40,7 +40,7 @@ index 42c70804fb7..405dd2c24ed 100644
#include "pax.h"
#include "extern.h"
diff --git a/bin/pax/tar.c b/bin/pax/tar.c
-index a49a5e885fb..3bfa9444dd5 100644
+index 9d8a92d9d13..e84a9c69a09 100644
--- a/bin/pax/tar.c
+++ b/bin/pax/tar.c
@@ -45,6 +45,9 @@
@@ -54,12 +54,12 @@ index a49a5e885fb..3bfa9444dd5 100644
#include "pax.h"
#include "extern.h"
diff --git a/usr.bin/rsync/flist.c b/usr.bin/rsync/flist.c
-index ac29ad47098..9680883ca77 100644
+index 392ba494423..5f15487623a 100644
--- a/usr.bin/rsync/flist.c
+++ b/usr.bin/rsync/flist.c
-@@ -17,6 +17,10 @@
+@@ -16,6 +16,10 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
- #include <sys/param.h>
#include <sys/stat.h>
+#include <sys/types.h>
+#ifndef major
@@ -69,5 +69,5 @@ index ac29ad47098..9680883ca77 100644
#include <assert.h>
#include <errno.h>
--
-2.22.0
+2.34.1
diff --git a/pkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch b/pkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch
@@ -1,39 +1,35 @@
-From 7fd1cb22e4d028d19ae1a02e50a6fac2c8e26773 Mon Sep 17 00:00:00 2001
+From f066f3d01c72b0d78bcca3fb03501e4e5c66a3ba Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Wed, 15 Apr 2020 22:10:06 -0700
Subject: [PATCH] rsync: Add implementation of MD4
---
- usr.bin/rsync/Makefile | 6 +-
+ usr.bin/rsync/Makefile | 2 +-
usr.bin/rsync/blocks.c | 2 +-
usr.bin/rsync/downloader.c | 2 +-
usr.bin/rsync/hash.c | 2 +-
usr.bin/rsync/md4.c | 266 +++++++++++++++++++++++++++++++++++++
usr.bin/rsync/md4.h | 47 +++++++
usr.bin/rsync/sender.c | 2 +-
- 7 files changed, 320 insertions(+), 7 deletions(-)
+ 7 files changed, 318 insertions(+), 5 deletions(-)
create mode 100644 usr.bin/rsync/md4.c
create mode 100644 usr.bin/rsync/md4.h
diff --git a/usr.bin/rsync/Makefile b/usr.bin/rsync/Makefile
-index d7af8bd0a87..e04a0268392 100644
+index f2e4d460c57..47c8edf05b5 100644
--- a/usr.bin/rsync/Makefile
+++ b/usr.bin/rsync/Makefile
-@@ -3,9 +3,9 @@
+@@ -2,7 +2,7 @@
+
PROG= openrsync
SRCS= blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c \
- io.c log.c mkpath.c mktemp.c receiver.c sender.c server.c session.c \
-- socket.c symlinks.c uploader.c main.c misc.c
--LDADD+= -lcrypto -lm
--DPADD+= ${LIBCRYPTO} ${LIBM}
-+ socket.c symlinks.c uploader.c main.c misc.c md4.c
-+LDADD+= -lm
-+DPADD+= ${LIBM}
- MAN= openrsync.1
-
- CFLAGS+=-g -W -Wall -Wextra
+- io.c log.c main.c misc.c mkpath.c mktemp.c receiver.c rmatch.c \
++ io.c log.c main.c md4.c misc.c mkpath.c mktemp.c receiver.c rmatch.c \
+ rules.c sender.c server.c session.c socket.c symlinks.c uploader.c
+ LDADD+= -lcrypto -lm
+ DPADD+= ${LIBCRYPTO} ${LIBM}
diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c
-index 242590e5bae..8c1564005e2 100644
+index fbb7495acdf..62d3139f643 100644
--- a/usr.bin/rsync/blocks.c
+++ b/usr.bin/rsync/blocks.c
@@ -26,7 +26,7 @@
@@ -46,7 +42,7 @@ index 242590e5bae..8c1564005e2 100644
#include "extern.h"
diff --git a/usr.bin/rsync/downloader.c b/usr.bin/rsync/downloader.c
-index 36b086f74c8..26d1b531f85 100644
+index c9f0f8e80dc..3fdbd4416ab 100644
--- a/usr.bin/rsync/downloader.c
+++ b/usr.bin/rsync/downloader.c
@@ -28,7 +28,7 @@
@@ -59,7 +55,7 @@ index 36b086f74c8..26d1b531f85 100644
#include "extern.h"
diff --git a/usr.bin/rsync/hash.c b/usr.bin/rsync/hash.c
-index edad21f13a6..6cb131b4b3e 100644
+index b87c56f527c..44ae0d26282 100644
--- a/usr.bin/rsync/hash.c
+++ b/usr.bin/rsync/hash.c
@@ -21,7 +21,7 @@
@@ -397,7 +393,7 @@ index 00000000000..ebf5bb555a0
+
+#endif
diff --git a/usr.bin/rsync/sender.c b/usr.bin/rsync/sender.c
-index d6a1f55d1a9..3dacfc3709d 100644
+index 9dd008def01..2aeb99b64a0 100644
--- a/usr.bin/rsync/sender.c
+++ b/usr.bin/rsync/sender.c
@@ -26,7 +26,7 @@
@@ -410,5 +406,5 @@ index d6a1f55d1a9..3dacfc3709d 100644
#include "extern.h"
--
-2.26.1
+2.34.1
diff --git a/pkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch b/pkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch
@@ -1,4 +1,4 @@
-From 02cf1f8b022fd8c27eeb312ee3d649f4157899d6 Mon Sep 17 00:00:00 2001
+From b9210214df47cb4cba51c66f77096c9306cb2ae4 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Thu, 4 Jun 2020 21:36:24 -0700
Subject: [PATCH] rsync: Fix some incorrect format specifiers
@@ -8,10 +8,10 @@ Subject: [PATCH] rsync: Fix some incorrect format specifiers
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/usr.bin/rsync/uploader.c b/usr.bin/rsync/uploader.c
-index db8bc626ae2..d1ebb7bcf1b 100644
+index e57647c38e5..ea54bf6496d 100644
--- a/usr.bin/rsync/uploader.c
+++ b/usr.bin/rsync/uploader.c
-@@ -942,7 +942,7 @@ rsync_uploader(struct upload *u, int *fileinfd,
+@@ -931,7 +931,7 @@ rsync_uploader(struct upload *u, int *fileinfd,
init_blk(&blk.blks[i], &blk, offs, i, mbuf, sess);
offs += blk.len;
LOG3(
@@ -21,5 +21,5 @@ index db8bc626ae2..d1ebb7bcf1b 100644
i++;
} while (i < blk.blksz);
--
-2.31.1
+2.34.1
diff --git a/pkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch b/pkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch
@@ -1,4 +1,4 @@
-From 710536e5ddcb952ccbb9d1611b2a913c1ed3b69d Mon Sep 17 00:00:00 2001
+From 00b21fb61055a23322cbda5572f6635d1e090162 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 23 Apr 2021 20:10:05 -0700
Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
@@ -13,7 +13,7 @@ This make most of the pointer casts unnecessary.
5 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
-index a07f9d07021..d01efa848d6 100644
+index 377f53c12fa..d16680235de 100644
--- a/usr.sbin/acme-client/acctproc.c
+++ b/usr.sbin/acme-client/acctproc.c
@@ -40,8 +40,9 @@
@@ -109,7 +109,7 @@ index 32d4b4b3d85..701733df786 100644
/*
* JSON parsing routines.
diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
-index 1b58b4575c8..157e4947667 100644
+index 96ece27396b..5fba077b7e4 100644
--- a/usr.sbin/acme-client/keyproc.c
+++ b/usr.sbin/acme-client/keyproc.c
@@ -77,7 +77,8 @@ int
@@ -122,7 +122,7 @@ index 1b58b4575c8..157e4947667 100644
char *sans = NULL, *san = NULL;
FILE *f;
size_t i, sansz;
-@@ -237,7 +238,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
+@@ -235,7 +236,7 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
} else if ((der = dercp = malloc(len)) == NULL) {
warn("malloc");
goto out;
@@ -155,5 +155,5 @@ index e3cab0cd5a2..6b32205b31b 100644
goto out;
} else if ((der64 = base64buf_url(der, len)) == NULL) {
--
-2.31.1
+2.34.1
diff --git a/pkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch b/pkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch
@@ -1,4 +1,4 @@
-From 7a7651831514493537b25975ab9c6866d15050d7 Mon Sep 17 00:00:00 2001
+From f2c85cb223c434e6cbfbe40af689a0d5e39edf87 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 23 Apr 2021 23:14:16 -0700
Subject: [PATCH] acme-client: Port to BearSSL
@@ -8,12 +8,12 @@ Subject: [PATCH] acme-client: Port to BearSSL
usr.sbin/acme-client/certproc.c | 5 -
usr.sbin/acme-client/key.c | 342 ++++++++++++++++++++++++------
usr.sbin/acme-client/key.h | 22 +-
- usr.sbin/acme-client/keyproc.c | 198 ++++++-----------
+ usr.sbin/acme-client/keyproc.c | 195 +++++------------
usr.sbin/acme-client/revokeproc.c | 280 ++++++++++--------------
- 6 files changed, 560 insertions(+), 592 deletions(-)
+ 6 files changed, 558 insertions(+), 591 deletions(-)
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
-index d01efa848d6..24a31ed19ad 100644
+index d16680235de..372159d0b45 100644
--- a/usr.sbin/acme-client/acctproc.c
+++ b/usr.sbin/acme-client/acctproc.c
@@ -18,72 +18,30 @@
@@ -116,9 +116,9 @@ index d01efa848d6..24a31ed19ad 100644
- warnx("BN_new");
- else if ((Y = BN_new()) == NULL)
- warnx("BN_new");
-- else if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
+- else if (!EC_POINT_get_affine_coordinates(EC_KEY_get0_group(ec),
- EC_KEY_get0_public_key(ec), X, Y, NULL))
-- warnx("EC_POINT_get_affine_coordinates_GFp");
+- warnx("EC_POINT_get_affine_coordinates");
- else if ((x = bn2string(X)) == NULL)
- warnx("bn2string");
- else if ((y = bn2string(Y)) == NULL)
@@ -262,9 +262,9 @@ index d01efa848d6..24a31ed19ad 100644
- warnx("BN_new");
- else if ((Y = BN_new()) == NULL)
- warnx("BN_new");
-- else if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec),
+- else if (!EC_POINT_get_affine_coordinates(EC_KEY_get0_group(ec),
- EC_KEY_get0_public_key(ec), X, Y, NULL))
-- warnx("EC_POINT_get_affine_coordinates_GFp");
+- warnx("EC_POINT_get_affine_coordinates");
- else if ((x = bn2string(X)) == NULL)
- warnx("bn2string");
- else if ((y = bn2string(Y)) == NULL)
@@ -982,7 +982,7 @@ index 272d36eb09a..12abdec813c 100644
#endif /* ! KEY_H */
diff --git a/usr.sbin/acme-client/keyproc.c b/usr.sbin/acme-client/keyproc.c
-index 157e4947667..93c758fdc56 100644
+index 5fba077b7e4..25e676e7829 100644
--- a/usr.sbin/acme-client/keyproc.c
+++ b/usr.sbin/acme-client/keyproc.c
@@ -18,55 +18,18 @@
@@ -1086,7 +1086,7 @@ index 157e4947667..93c758fdc56 100644
if (pledge("stdio", NULL) == -1) {
warn("pledge");
goto out;
-@@ -145,101 +108,64 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
+@@ -145,99 +108,61 @@ keyproc(int netsock, const char *keyfile, const char **alts, size_t altsz,
* Then set it as the X509 requester's key.
*/
@@ -1131,7 +1131,6 @@ index 157e4947667..93c758fdc56 100644
+ dn.rdn_len = 1;
+ req.subject.enc = x509cert_dn_encoder;
+ req.subject.val = &dn;
-+ req.alts_len = 0;
- /*
- * Now add the SAN extensions.
@@ -1142,68 +1141,65 @@ index 157e4947667..93c758fdc56 100644
- */
+ /* Now add the SAN extension. */
- if (altsz > 1) {
-- nid = NID_subject_alt_name;
-- if ((exts = sk_X509_EXTENSION_new_null()) == NULL) {
-- warnx("sk_X509_EXTENSION_new_null");
-+ req.alts_len = altsz;
-+ req.alts = calloc(altsz, sizeof(req.alts[0]));
-+ if (req.alts == NULL) {
-+ warn("calloc");
- goto out;
- }
-- /* Initialise to empty string. */
-- if ((sans = strdup("")) == NULL) {
-- warn("strdup");
-- goto out;
-- }
-- sansz = strlen(sans) + 1;
+- nid = NID_subject_alt_name;
+- if ((exts = sk_X509_EXTENSION_new_null()) == NULL) {
+- warnx("sk_X509_EXTENSION_new_null");
++ req.alts_len = altsz;
++ req.alts = calloc(altsz, sizeof(req.alts[0]));
++ if (req.alts == NULL) {
++ warn("calloc");
+ goto out;
+ }
+- /* Initialise to empty string. */
+- if ((sans = strdup("")) == NULL) {
+- warn("strdup");
+- goto out;
+- }
+- sansz = strlen(sans) + 1;
-- /*
-- * For each SAN entry, append it to the string.
-- * We need a single SAN entry for all of the SAN
-- * domains: NOT an entry per domain!
-- */
--
-- for (i = 1; i < altsz; i++) {
-- cc = asprintf(&san, "%sDNS:%s",
-- i > 1 ? "," : "", alts[i]);
-- if (cc == -1) {
-- warn("asprintf");
-- goto out;
-- }
-- pp = recallocarray(sans, sansz, sansz + strlen(san), 1);
-- if (pp == NULL) {
-- warn("recallocarray");
-- goto out;
-- }
-- sans = pp;
-- sansz += strlen(san);
-- strlcat(sans, san, sansz);
-- free(san);
-- san = NULL;
-- }
-+ /* Add a dNSName SAN entry for each alternate name. */
+- /*
+- * For each SAN entry, append it to the string.
+- * We need a single SAN entry for all of the SAN
+- * domains: NOT an entry per domain!
+- */
++ /* Add a dNSName SAN entry for each alternate name. */
-- if (!add_ext(exts, nid, sans)) {
-- warnx("add_ext");
+ for (i = 0; i < altsz; i++) {
+- cc = asprintf(&san, "%sDNS:%s",
+- i ? "," : "", alts[i]);
+- if (cc == -1) {
+- warn("asprintf");
- goto out;
-- } else if (!X509_REQ_add_extensions(x, exts)) {
-- warnx("X509_REQ_add_extensions");
+- }
+- pp = recallocarray(sans, sansz, sansz + strlen(san), 1);
+- if (pp == NULL) {
+- warn("recallocarray");
- goto out;
-+ for (i = 0; i < altsz; i++) {
-+ req.alts[i].tag = X509CERT_SAN_DNSNAME;
-+ req.alts[i].val = alts[i];
-+ req.alts[i].len = strlen(alts[i]);
- }
-- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+- }
+- sans = pp;
+- sansz += strlen(san);
+- strlcat(sans, san, sansz);
+- free(san);
+- san = NULL;
+- }
+-
+- if (!add_ext(exts, nid, sans)) {
+- warnx("add_ext");
+- goto out;
+- } else if (!X509_REQ_add_extensions(x, exts)) {
+- warnx("X509_REQ_add_extensions");
+- goto out;
- }
+- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
- /* Sign the X509 request using SHA256. */
-
- if (!X509_REQ_sign(x, pkey, EVP_sha256())) {
- warnx("X509_sign");
- goto out;
++ req.alts[i].tag = X509CERT_SAN_DNSNAME;
++ req.alts[i].val = alts[i];
++ req.alts[i].len = strlen(alts[i]);
}
- /* Now, serialise to DER, then base64. */
@@ -1228,7 +1224,7 @@ index 157e4947667..93c758fdc56 100644
goto out;
} else if ((der64 = base64buf_url(der, len)) == NULL) {
warnx("base64buf_url");
-@@ -264,12 +190,8 @@ out:
+@@ -262,12 +187,8 @@ out:
fclose(f);
free(der);
free(der64);
@@ -1615,5 +1611,5 @@ index 6b32205b31b..122dcda0620 100644
return rc;
}
--
-2.31.1
+2.34.1
diff --git a/pkg/openbsd/sha256 b/pkg/openbsd/sha256
@@ -1,2 +1,2 @@
-eb06c8c1e0edf003af279ec31f7b67692dbf80aabd99dccde557be523e41761b src.tar.gz
-e1a41a8290a68ff1ffb0851606ce8edf96093b44824136b1d131d0f3a81f4993 sys.tar.gz
+afb37f5f4e1daee76e6b23f83801addbe1e3f6283aa729c8d5339ebfddc6e714 src.tar.gz
+a87324046be2850a9685cd0e906e0237cbc966deff727ee7d9e3f799d02283bb sys.tar.gz
diff --git a/pkg/openbsd/url b/pkg/openbsd/url
@@ -1,5 +1,5 @@
remote-name
-url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/6.9/src.tar.gz"
+url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.0/src.tar.gz"
remote-name
-url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/6.9/sys.tar.gz"
+url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.0/sys.tar.gz"
