commit: 569b21ba94f76e8d419fbc8375daef73cdb43583
parent 00fe346cc1ce9b97dbfeca089b3afc97f0353bfe
Author: Michael Forney <mforney@mforney.org>
Date: Fri, 22 Apr 2022 13:03:31 -0700
openbsd: Update to 7.1
Diffstat:
15 files changed, 318 insertions(+), 178 deletions(-)
diff --git a/pkg/openbsd/gen.lua b/pkg/openbsd/gen.lua
@@ -30,7 +30,7 @@ lib('libbsd.a', [[
stdlib/(freezero.c recallocarray.c strtonum.c)
string/(strmode.c timingsafe_bcmp.c timingsafe_memcmp.c)
)
- lib/libutil/ohash.c
+ lib/libutil/(fmt_scaled.c ohash.c)
]])
file('lib/libbsd.a', '644', '$outdir/libbsd.a')
@@ -93,7 +93,7 @@ man{'bin/pax/pax.1', 'bin/pax/tar.1', 'bin/pax/cpio.1'}
-- rsync
exe('rsync', [[
usr.bin/rsync/(
- blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c
+ blocks.c client.c copy.c downloader.c fargs.c flist.c hash.c ids.c
io.c log.c main.c md4.c misc.c mkpath.c mktemp.c receiver.c rmatch.c
rules.c sender.c server.c session.c socket.c symlinks.c uploader.c
)
diff --git a/pkg/openbsd/include/util.h b/pkg/openbsd/include/util.h
@@ -0,0 +1,8 @@
+#ifndef _UTIL_H_
+#define _UTIL_H_
+
+#define FMT_SCALED_STRSIZE 7 /* minus sign, 4 digits, suffix, null byte */
+
+int scan_scaled(char *, long long *);
+
+#endif
diff --git a/pkg/openbsd/patch/0002-fts-Add-some-includes.patch b/pkg/openbsd/patch/0002-fts-Add-some-includes.patch
@@ -1,4 +1,4 @@
-From e73065515ec3b6c03e45ee7c8c10543ff44a407c Mon Sep 17 00:00:00 2001
+From 2280f1bcd79a988c95548f65b9e3d7e08ac51b09 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Mon, 18 Apr 2016 01:25:29 -0700
Subject: [PATCH] fts: Add some includes
@@ -9,7 +9,7 @@ Subject: [PATCH] fts: Add some includes
2 files changed, 4 insertions(+)
diff --git a/include/fts.h b/include/fts.h
-index eaf6be07c..a5b3aff91 100644
+index eaf6be07c6f..a5b3aff91e7 100644
--- a/include/fts.h
+++ b/include/fts.h
@@ -35,6 +35,8 @@
@@ -22,12 +22,12 @@ index eaf6be07c..a5b3aff91 100644
struct _ftsent *fts_cur; /* current node */
struct _ftsent *fts_child; /* linked list of children */
diff --git a/lib/libc/gen/fts.c b/lib/libc/gen/fts.c
-index c186b7af2..f41254c71 100644
+index 77f26d6c27c..86585190a99 100644
--- a/lib/libc/gen/fts.c
+++ b/lib/libc/gen/fts.c
@@ -31,6 +31,7 @@
- #include <sys/param.h> /* ALIGN */
+ #include <sys/param.h> /* ALIGN ALIGNBYTES */
#include <sys/stat.h>
+#include <sys/types.h>
@@ -42,5 +42,5 @@ index c186b7af2..f41254c71 100644
#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
--
-2.12.2
+2.35.1
diff --git a/pkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch b/pkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch
@@ -1,4 +1,4 @@
-From dc1adc29e491a5e2cc3befb26ac6230b1551ad7b Mon Sep 17 00:00:00 2001
+From 391a9687a9bde37d10645f0b69f7502635b026cc Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Sun, 26 Feb 2017 16:50:55 -0800
Subject: [PATCH] doas: Port to linux/musl
@@ -27,12 +27,12 @@ Simplify handling of PATH in the environment since we don't have
login.conf with per-user default PATH.
---
usr.bin/doas/doas.1 | 9 ---
- usr.bin/doas/doas.c | 163 +++++++++++++----------------------------
+ usr.bin/doas/doas.c | 168 +++++++++++++----------------------------
usr.bin/doas/doas.h | 6 +-
usr.bin/doas/env.c | 17 ++---
usr.bin/doas/parse.y | 1 +
- usr.bin/doas/persist.c | 133 +++++++++++++++++++++++++++++++++
- 6 files changed, 196 insertions(+), 133 deletions(-)
+ usr.bin/doas/persist.c | 133 ++++++++++++++++++++++++++++++++
+ 6 files changed, 198 insertions(+), 136 deletions(-)
create mode 100644 usr.bin/doas/persist.c
diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1
@@ -63,7 +63,7 @@ index 4d2e09777c8..a91705e8e3f 100644
Parse and check the configuration file
.Ar config ,
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
-index 5d440311ffe..05eb2948c5b 100644
+index 5fd9a2b7417..78ff88d48e6 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -20,8 +20,6 @@
@@ -99,11 +99,11 @@ index 5d440311ffe..05eb2948c5b 100644
" command [args]\n");
exit(1);
}
-@@ -200,24 +207,35 @@ checkconfig(const char *confpath, int argc, char **argv,
+@@ -200,16 +207,28 @@ checkconfig(const char *confpath, int argc, char **argv,
}
static int
--authuser(char *myname, char *login_style, int persist)
+-authuser_checkpass(char *myname, char *login_style)
+verifypasswd(const char *user, const char *pass)
+{
+ struct spwd *sp;
@@ -122,22 +122,10 @@ index 5d440311ffe..05eb2948c5b 100644
+}
+
+static int
-+authuser(char *myname, int persist)
++authuser_checkpass(char *myname)
{
char *challenge = NULL, *response, rbuf[1024], cbuf[128];
- auth_session_t *as;
-- int fd = -1;
-+ int fd = -1, valid = 0;
-
-- if (persist)
-- fd = open("/dev/tty", O_RDWR);
-- if (fd != -1) {
-- if (ioctl(fd, TIOCCHKVERAUTH) == 0)
-+ if (persist) {
-+ fd = openpersist(&valid);
-+ if (valid)
- goto good;
- }
- if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
- &challenge))) {
@@ -146,8 +134,8 @@ index 5d440311ffe..05eb2948c5b 100644
- }
if (!challenge) {
char host[HOST_NAME_MAX + 1];
- if (gethostname(host, sizeof(host)))
-@@ -229,78 +247,34 @@ authuser(char *myname, char *login_style, int persist)
+
+@@ -222,14 +241,12 @@ authuser_checkpass(char *myname, char *login_style)
response = readpassphrase(challenge, rbuf, sizeof(rbuf),
RPP_REQUIRE_TTY);
if (response == NULL && errno == ENOTTY) {
@@ -165,7 +153,31 @@ index 5d440311ffe..05eb2948c5b 100644
warnx("Authentication failed");
return AUTH_FAILED;
}
- explicit_bzero(rbuf, sizeof(rbuf));
+@@ -238,79 +255,36 @@ authuser_checkpass(char *myname, char *login_style)
+ }
+
+ static void
+-authuser(char *myname, char *login_style, int persist)
++authuser(char *myname, int persist)
+ {
+- int i, fd = -1;
++ int i, fd = -1, valid = 0;
+
+- if (persist)
+- fd = open("/dev/tty", O_RDWR);
+- if (fd != -1) {
+- if (ioctl(fd, TIOCCHKVERAUTH) == 0)
++ if (persist) {
++ fd = openpersist(&valid);
++ if (valid)
+ goto good;
+ }
+ for (i = 0; i < AUTH_RETRIES; i++) {
+- if (authuser_checkpass(myname, login_style) == AUTH_OK)
++ if (authuser_checkpass(myname) == AUTH_OK)
+ goto good;
+ }
+ exit(1);
good:
if (fd != -1) {
- int secs = 5 * 60;
@@ -173,8 +185,6 @@ index 5d440311ffe..05eb2948c5b 100644
+ setpersist(fd);
close(fd);
}
-
- return AUTH_OK;
}
-int
@@ -231,8 +241,8 @@ index 5d440311ffe..05eb2948c5b 100644
struct passwd mypwstore, targpwstore;
struct passwd *mypw, *targpw;
const struct rule *rule;
-@@ -314,28 +288,20 @@ main(int argc, char **argv)
- int authed = AUTH_FAILED;
+@@ -323,28 +297,20 @@ main(int argc, char **argv)
+ int nflag = 0;
char cwdpath[PATH_MAX];
const char *cwd;
- char *login_style = NULL;
@@ -263,7 +273,7 @@ index 5d440311ffe..05eb2948c5b 100644
case 'u':
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
-@@ -405,9 +371,9 @@ main(int argc, char **argv)
+@@ -414,50 +380,30 @@ main(int argc, char **argv)
cmd = argv[0];
if (!permit(uid, groups, ngroups, &rule, target, cmd,
(const char **)argv + 1)) {
@@ -276,18 +286,11 @@ index 5d440311ffe..05eb2948c5b 100644
}
if (!(rule->options & NOPASS)) {
-@@ -415,8 +381,7 @@ main(int argc, char **argv)
+ if (nflag)
errx(1, "Authentication required");
- for (i = 0; i < AUTH_RETRIES; i++) {
-- authed = authuser(mypw->pw_name, login_style,
-- rule->options & PERSIST);
-+ authed = authuser(mypw->pw_name, rule->options & PERSIST);
- if (authed == AUTH_OK)
- break;
- }
-@@ -425,36 +390,18 @@ main(int argc, char **argv)
- exit(1);
+- authuser(mypw->pw_name, login_style, rule->options & PERSIST);
++ authuser(mypw->pw_name, rule->options & PERSIST);
}
- if ((p = getenv("PATH")) != NULL)
@@ -299,6 +302,8 @@ index 5d440311ffe..05eb2948c5b 100644
- err(1, "unveil %s", _PATH_LOGIN_CONF);
- if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
- err(1, "unveil %s.db", _PATH_LOGIN_CONF);
+- if (unveil(_PATH_LOGIN_CONF_D, "r") == -1)
+- err(1, "unveil %s", _PATH_LOGIN_CONF_D);
- if (rule->cmd) {
- if (setenv("PATH", safepath, 1) == -1)
- err(1, "failed to set PATH '%s'", safepath);
@@ -318,7 +323,7 @@ index 5d440311ffe..05eb2948c5b 100644
- if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
- LOGIN_SETPATH |
- LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
-- LOGIN_SETUSER) != 0)
+- LOGIN_SETUSER | LOGIN_SETENV | LOGIN_SETRTABLE) != 0)
- errx(1, "failed to set user context for target");
+ if (initgroups(targpw->pw_name, targpw->pw_gid) == -1)
+ err(1, "initgroups");
@@ -329,7 +334,7 @@ index 5d440311ffe..05eb2948c5b 100644
if (pledge("stdio rpath exec", NULL) == -1)
err(1, "pledge");
-@@ -468,23 +415,17 @@ main(int argc, char **argv)
+@@ -471,23 +417,17 @@ main(int argc, char **argv)
err(1, "pledge");
if (!(rule->options & NOLOG)) {
@@ -355,12 +360,12 @@ index 5d440311ffe..05eb2948c5b 100644
errx(1, "%s: command not found", cmd);
err(1, "%s", cmd);
diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h
-index 3a9bf4d4de2..2a9561b5565 100644
+index b98fe353b18..6567625c471 100644
--- a/usr.bin/doas/doas.h
+++ b/usr.bin/doas/doas.h
@@ -29,13 +29,17 @@ extern struct rule **rules;
extern size_t nrules;
- extern int parse_errors;
+ extern int parse_error;
-extern const char *formerpath;
+extern const char *safepath;
@@ -421,12 +426,12 @@ index 2d93a4089b6..dc9be691955 100644
/* at last, we have something to insert */
if (val) {
diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y
-index eaaf8c4b2e6..587fd2c93a8 100644
+index 604becb5445..e5fc912a9c4 100644
--- a/usr.bin/doas/parse.y
+++ b/usr.bin/doas/parse.y
-@@ -19,6 +19,7 @@
- #include <sys/types.h>
+@@ -20,6 +20,7 @@
#include <ctype.h>
+ #include <limits.h>
#include <unistd.h>
+#include <stdlib.h>
#include <stdint.h>
@@ -572,5 +577,5 @@ index 00000000000..4ad1bf1efbf
+ return 0;
+}
--
-2.34.1
+2.35.1
diff --git a/pkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch b/pkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch
@@ -1,4 +1,4 @@
-From f066f3d01c72b0d78bcca3fb03501e4e5c66a3ba Mon Sep 17 00:00:00 2001
+From 01657f2c1445cf4874337a0966a76f24ba9c9536 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Wed, 15 Apr 2020 22:10:06 -0700
Subject: [PATCH] rsync: Add implementation of MD4
@@ -16,20 +16,20 @@ Subject: [PATCH] rsync: Add implementation of MD4
create mode 100644 usr.bin/rsync/md4.h
diff --git a/usr.bin/rsync/Makefile b/usr.bin/rsync/Makefile
-index f2e4d460c57..47c8edf05b5 100644
+index 3c60f18e07f..172045ce7ac 100644
--- a/usr.bin/rsync/Makefile
+++ b/usr.bin/rsync/Makefile
@@ -2,7 +2,7 @@
PROG= openrsync
- SRCS= blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c \
+ SRCS= blocks.c client.c copy.c downloader.c fargs.c flist.c hash.c ids.c \
- io.c log.c main.c misc.c mkpath.c mktemp.c receiver.c rmatch.c \
+ io.c log.c main.c md4.c misc.c mkpath.c mktemp.c receiver.c rmatch.c \
rules.c sender.c server.c session.c socket.c symlinks.c uploader.c
- LDADD+= -lcrypto -lm
- DPADD+= ${LIBCRYPTO} ${LIBM}
+ LDADD+= -lcrypto -lm -lutil
+ DPADD+= ${LIBCRYPTO} ${LIBM} ${LIBUTIL}
diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c
-index fbb7495acdf..62d3139f643 100644
+index 906733c968e..0a8c3f485d1 100644
--- a/usr.bin/rsync/blocks.c
+++ b/usr.bin/rsync/blocks.c
@@ -26,7 +26,7 @@
@@ -42,7 +42,7 @@ index fbb7495acdf..62d3139f643 100644
#include "extern.h"
diff --git a/usr.bin/rsync/downloader.c b/usr.bin/rsync/downloader.c
-index c9f0f8e80dc..3fdbd4416ab 100644
+index 07ec334f6b4..6543851fd2c 100644
--- a/usr.bin/rsync/downloader.c
+++ b/usr.bin/rsync/downloader.c
@@ -28,7 +28,7 @@
@@ -406,5 +406,5 @@ index 9dd008def01..2aeb99b64a0 100644
#include "extern.h"
--
-2.34.1
+2.35.1
diff --git a/pkg/openbsd/patch/0032-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch b/pkg/openbsd/patch/0032-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch
@@ -1,4 +1,4 @@
-From b6eaf185d9a9c39e31c638ac162ec5f5a364e94d Mon Sep 17 00:00:00 2001
+From e5c8e801a42459bf0c416f6751b687d61f46fcf1 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Thu, 4 Jun 2020 21:44:26 -0700
Subject: [PATCH] pax: Use memcpy to set TMAGIC and TVERSION to avoid warning
@@ -8,10 +8,10 @@ Subject: [PATCH] pax: Use memcpy to set TMAGIC and TVERSION to avoid warning
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bin/pax/tar.c b/bin/pax/tar.c
-index 8c9e4baea9c..c62705b2199 100644
+index 8d6b3f37012..1f4012123c3 100644
--- a/bin/pax/tar.c
+++ b/bin/pax/tar.c
-@@ -1030,8 +1030,8 @@ ustar_wr(ARCHD *arcn)
+@@ -1040,8 +1040,8 @@ ustar_wr(ARCHD *arcn)
break;
}
@@ -23,5 +23,5 @@ index 8c9e4baea9c..c62705b2199 100644
/*
* set the remaining fields. Some versions want all 16 bits of mode
--
-2.27.0
+2.35.1
diff --git a/pkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch b/pkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch
@@ -1,17 +1,34 @@
-From b9210214df47cb4cba51c66f77096c9306cb2ae4 Mon Sep 17 00:00:00 2001
+From 0a32d4f555441c1928547f8f08a6373a6c9d8bf1 Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Thu, 4 Jun 2020 21:36:24 -0700
Subject: [PATCH] rsync: Fix some incorrect format specifiers
---
+ usr.bin/rsync/fargs.c | 4 ++--
usr.bin/rsync/uploader.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+diff --git a/usr.bin/rsync/fargs.c b/usr.bin/rsync/fargs.c
+index 7ccb5bff7d2..ef1aaf37c87 100644
+--- a/usr.bin/rsync/fargs.c
++++ b/usr.bin/rsync/fargs.c
+@@ -132,9 +132,9 @@ fargs_cmdline(struct sess *sess, const struct fargs *f, size_t *skip)
+ /* --devices is sent as -D --no-specials */
+ addargs(&args, "--no-specials");
+ if (sess->opts->max_size >= 0)
+- addargs(&args, "--max-size=%lld", sess->opts->max_size);
++ addargs(&args, "--max-size=%jd", (intmax_t)sess->opts->max_size);
+ if (sess->opts->min_size >= 0)
+- addargs(&args, "--min-size=%lld", sess->opts->min_size);
++ addargs(&args, "--min-size=%jd", (intmax_t)sess->opts->min_size);
+
+ /* only add --compare-dest, etc if this is the sender */
+ if (sess->opts->alt_base_mode != 0 &&
diff --git a/usr.bin/rsync/uploader.c b/usr.bin/rsync/uploader.c
-index e57647c38e5..ea54bf6496d 100644
+index 678b6c96218..951a5ee4133 100644
--- a/usr.bin/rsync/uploader.c
+++ b/usr.bin/rsync/uploader.c
-@@ -931,7 +931,7 @@ rsync_uploader(struct upload *u, int *fileinfd,
+@@ -1010,7 +1010,7 @@ rsync_uploader(struct upload *u, int *fileinfd,
init_blk(&blk.blks[i], &blk, offs, i, mbuf, sess);
offs += blk.len;
LOG3(
@@ -21,5 +38,5 @@ index e57647c38e5..ea54bf6496d 100644
i++;
} while (i < blk.blksz);
--
-2.34.1
+2.35.1
diff --git a/pkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch b/pkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch
@@ -1,4 +1,4 @@
-From 00b21fb61055a23322cbda5572f6635d1e090162 Mon Sep 17 00:00:00 2001
+From a26fe94638fa10455f7525757a57ba6d11c24e8c Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 23 Apr 2021 20:10:05 -0700
Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input
@@ -13,7 +13,7 @@ This make most of the pointer casts unnecessary.
5 files changed, 17 insertions(+), 14 deletions(-)
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
-index 377f53c12fa..d16680235de 100644
+index cd01f8c3381..d243258beef 100644
--- a/usr.sbin/acme-client/acctproc.c
+++ b/usr.sbin/acme-client/acctproc.c
@@ -40,8 +40,9 @@
@@ -66,7 +66,7 @@ index 377f53c12fa..d16680235de 100644
}
@@ -375,7 +376,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op)
- switch (EVP_PKEY_type(pkey->type)) {
+ switch (EVP_PKEY_base_id(pkey)) {
case EVP_PKEY_RSA:
- if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) {
+ if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
@@ -132,20 +132,20 @@ index 96ece27396b..5fba077b7e4 100644
goto out;
} else if ((der64 = base64buf_url(der, len)) == NULL) {
diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
-index e3cab0cd5a2..6b32205b31b 100644
+index 3eb0bd4cafa..c6c012dd9c1 100644
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
@@ -94,7 +94,8 @@ int
revokeproc(int fd, const char *certfile, int force,
int revocate, const char *const *alts, size_t altsz)
{
-- char *der = NULL, *dercp, *der64 = NULL;
-+ unsigned char *der = NULL, *dercp;
-+ char *der64 = NULL;
- char *san = NULL, *str, *tok;
- int rc = 0, cc, i, extsz, ssz, len;
- size_t *found = NULL;
-@@ -283,7 +284,7 @@ revokeproc(int fd, const char *certfile, int force,
+- char *der = NULL, *dercp, *der64 = NULL;
++ unsigned char *der = NULL, *dercp;
++ char *der64 = NULL;
+ char *san = NULL, *str, *tok;
+ int rc = 0, cc, i, ssz, len;
+ size_t *found = NULL;
+@@ -285,7 +286,7 @@ revokeproc(int fd, const char *certfile, int force,
} else if ((der = dercp = malloc(len)) == NULL) {
warn("malloc");
goto out;
@@ -155,5 +155,5 @@ index e3cab0cd5a2..6b32205b31b 100644
goto out;
} else if ((der64 = base64buf_url(der, len)) == NULL) {
--
-2.34.1
+2.35.1
diff --git a/pkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch b/pkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch
@@ -1,19 +1,19 @@
-From f2c85cb223c434e6cbfbe40af689a0d5e39edf87 Mon Sep 17 00:00:00 2001
+From 288aa9ed695a489087e0e73ea1d257d2d13a487f Mon Sep 17 00:00:00 2001
From: Michael Forney <mforney@mforney.org>
Date: Fri, 23 Apr 2021 23:14:16 -0700
Subject: [PATCH] acme-client: Port to BearSSL
---
- usr.sbin/acme-client/acctproc.c | 305 ++++++++------------------
+ usr.sbin/acme-client/acctproc.c | 305 +++++++++------------------
usr.sbin/acme-client/certproc.c | 5 -
- usr.sbin/acme-client/key.c | 342 ++++++++++++++++++++++++------
+ usr.sbin/acme-client/key.c | 335 ++++++++++++++++++++++++------
usr.sbin/acme-client/key.h | 22 +-
- usr.sbin/acme-client/keyproc.c | 195 +++++------------
- usr.sbin/acme-client/revokeproc.c | 280 ++++++++++--------------
- 6 files changed, 558 insertions(+), 591 deletions(-)
+ usr.sbin/acme-client/keyproc.c | 195 ++++++-----------
+ usr.sbin/acme-client/revokeproc.c | 274 ++++++++++--------------
+ 6 files changed, 551 insertions(+), 585 deletions(-)
diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c
-index d16680235de..372159d0b45 100644
+index d243258beef..7704f2a5be1 100644
--- a/usr.sbin/acme-client/acctproc.c
+++ b/usr.sbin/acme-client/acctproc.c
@@ -18,72 +18,30 @@
@@ -85,9 +85,9 @@ index d16680235de..372159d0b45 100644
-
- if ((r = EVP_PKEY_get0_RSA(pkey)) == NULL)
- warnx("EVP_PKEY_get0_RSA");
-- else if ((mod = bn2string(r->n)) == NULL)
+- else if ((mod = bn2string(RSA_get0_n(r))) == NULL)
- warnx("bn2string");
-- else if ((exp = bn2string(r->e)) == NULL)
+- else if ((exp = bn2string(RSA_get0_e(r))) == NULL)
- warnx("bn2string");
+
+ if ((mod = base64buf_url(key->rsa.pk.n, key->rsa.pk.nlen)) == NULL)
@@ -158,7 +158,7 @@ index d16680235de..372159d0b45 100644
/* Construct the thumbprint input itself. */
-- switch (EVP_PKEY_type(pkey->type)) {
+- switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
+ switch (pkey->type) {
+ case BR_KEYTYPE_RSA:
@@ -171,7 +171,7 @@ index d16680235de..372159d0b45 100644
break;
goto out;
default:
-- warnx("EVP_PKEY_type: unknown key type");
+- warnx("EVP_PKEY_base_id: unknown key type");
+ warnx("unknown key type");
goto out;
}
@@ -230,9 +230,9 @@ index d16680235de..372159d0b45 100644
- if ((r = EVP_PKEY_get0_RSA(pkey)) == NULL)
- warnx("EVP_PKEY_get0_RSA");
-- else if ((mod = bn2string(r->n)) == NULL)
+- else if ((mod = bn2string(RSA_get0_n(r))) == NULL)
- warnx("bn2string");
-- else if ((exp = bn2string(r->e)) == NULL)
+- else if ((exp = bn2string(RSA_get0_e(r))) == NULL)
- warnx("bn2string");
+ if ((mod = base64buf_url(key->rsa.pk.n, key->rsa.pk.nlen)) == NULL)
+ warnx("base64buf_url");
@@ -326,7 +326,7 @@ index d16680235de..372159d0b45 100644
goto out;
}
-- switch (EVP_PKEY_type(pkey->type)) {
+- switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
+ switch (key->type) {
+ case BR_KEYTYPE_RSA:
@@ -349,7 +349,7 @@ index d16680235de..372159d0b45 100644
goto out;
}
} else {
-- switch (EVP_PKEY_type(pkey->type)) {
+- switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
- if (!op_sign_rsa(&prot, pkey, nonce, url))
+ switch (key->type) {
@@ -364,7 +364,7 @@ index d16680235de..372159d0b45 100644
goto out;
break;
default:
-- warnx("EVP_PKEY_type");
+- warnx("EVP_PKEY_base_id");
+ warnx("unknown key type");
goto out;
}
@@ -400,7 +400,7 @@ index d16680235de..372159d0b45 100644
+ ctx.vtable->out(&ctx.vtable, dig);
+ digsz = ctx.vtable->desc >> BR_HASHDESC_OUT_OFF & BR_HASHDESC_OUT_MASK;
-- switch (EVP_PKEY_type(pkey->type)) {
+- switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
- if ((dig64 = base64buf_url(dig, digsz)) == NULL) {
- warnx("base64buf_url");
@@ -458,7 +458,7 @@ index d16680235de..372159d0b45 100644
-
break;
default:
-- warnx("EVP_PKEY_type");
+- warnx("EVP_PKEY_base_id");
+ warnx("unknown key type");
goto out;
}
@@ -543,7 +543,7 @@ index f443d573675..85c3897a4b8 100644
#define BEGIN_MARKER "-----BEGIN CERTIFICATE-----"
diff --git a/usr.sbin/acme-client/key.c b/usr.sbin/acme-client/key.c
-index 1bc1eee8f59..e95f737d22c 100644
+index c3374914547..c9dc9b10b45 100644
--- a/usr.sbin/acme-client/key.c
+++ b/usr.sbin/acme-client/key.c
@@ -17,15 +17,11 @@
@@ -564,7 +564,7 @@ index 1bc1eee8f59..e95f737d22c 100644
#include "key.h"
-@@ -33,114 +29,320 @@
+@@ -33,113 +29,320 @@
* Default number of bits when creating a new RSA key.
*/
#define KBITS 4096
@@ -711,7 +711,7 @@ index 1bc1eee8f59..e95f737d22c 100644
+ warnx("br_ec_keygen");
goto err;
}
--
+-
- /* set OPENSSL_EC_NAMED_CURVE to be able to load the key */
-
- EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE);
@@ -719,7 +719,7 @@ index 1bc1eee8f59..e95f737d22c 100644
- /* Serialise the key to the disc in EC format */
-
- if (!PEM_write_ECPrivateKey(f, eckey, NULL, NULL, 0, NULL, NULL)) {
-- warnx("PEM_write_ECPrivateKey");
+- warnx("%s: PEM_write_ECPrivateKey", fname);
+ if (br_ec_compute_pub(ec, &key->ec.pk, pbuf, &key->ec.sk) == 0) {
+ warnx("br_ec_compute_pub");
goto err;
@@ -728,41 +728,39 @@ index 1bc1eee8f59..e95f737d22c 100644
- /* Convert the EC key into a PKEY structure */
+ /* Serialise the key to the disk in EC format */
-- if ((pkey=EVP_PKEY_new()) == NULL) {
+- if ((pkey = EVP_PKEY_new()) == NULL) {
- warnx("EVP_PKEY_new");
+ if ((derlen = br_encode_ec_raw_der(NULL, &key->ec.sk,
+ &key->ec.pk)) == 0) {
+ warnx("br_encode_ec_raw_der");
- goto err;
- }
-- if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
-- warnx("EVP_PKEY_assign_EC_KEY");
++ goto err;
++ }
+ if ((der = malloc(derlen)) == NULL) {
+ warn("malloc");
goto err;
}
+- if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
+- warnx("EVP_PKEY_assign_EC_KEY");
+ br_encode_ec_raw_der(der, &key->ec.sk, &key->ec.pk);
+ pemlen = br_pem_encode(NULL, der, derlen, BR_ENCODE_PEM_EC_RAW, 0);
+ if ((pem = malloc(pemlen + 1)) == NULL) {
+ warn("malloc");
-+ goto err;
-+ }
+ goto err;
+ }
+ br_pem_encode(pem, der, derlen, BR_ENCODE_PEM_EC_RAW, 0);
+ if (fwrite(pem, 1, pemlen, f) == pemlen)
+ goto out;
-- warnx("%s: PEM_write_ECPrivateKey", fname);
--
- goto out;
+ warn("write private key");
err:
-- EC_KEY_free(eckey);
- EVP_PKEY_free(pkey);
- pkey = NULL;
+ free(key);
+ key = NULL;
out:
+- EC_KEY_free(eckey);
- return pkey;
+ free(der);
+ free(pem);
@@ -781,18 +779,6 @@ index 1bc1eee8f59..e95f737d22c 100644
key_load(FILE *f, const char *fname)
{
- EVP_PKEY *pkey;
--
-- pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
-- if (pkey == NULL) {
-- warnx("%s: PEM_read_PrivateKey", fname);
-- return NULL;
-- } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA ||
-- EVP_PKEY_type(pkey->type) == EVP_PKEY_EC )
-- return pkey;
--
-- warnx("%s: unsupported key type", fname);
-- EVP_PKEY_free(pkey);
-- return NULL;
+ struct key *key = NULL;
+ size_t datasz, len = 0, n;
+ int type = 0, err;
@@ -867,7 +853,11 @@ index 1bc1eee8f59..e95f737d22c 100644
+ }
+ datasz += 4 + rsa->plen + rsa->qlen + rsa->dplen + rsa->dqlen +
+ rsa->iqlen;
-+
+
+- pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL);
+- if (pkey == NULL) {
+- warnx("%s: PEM_read_PrivateKey", fname);
+- return NULL;
+ if ((key = malloc(sizeof(*key) + datasz)) == NULL) {
+ warn("malloc");
+ goto err;
@@ -937,8 +927,14 @@ index 1bc1eee8f59..e95f737d22c 100644
+ br_ec_compute_pub(ecimpl, &key->ec.pk,
+ key->ec.sk.x + key->ec.sk.xlen, &key->ec.sk);
+ goto out;
-+ }
-+
+ }
+- if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA ||
+- EVP_PKEY_base_id(pkey) == EVP_PKEY_EC)
+- return pkey;
+
+- warnx("%s: unsupported key type", fname);
+- EVP_PKEY_free(pkey);
+- return NULL;
+ warnx("%s: missing private key", fname);
+
+err:
@@ -1241,10 +1237,10 @@ index 5fba077b7e4..25e676e7829 100644
return rc;
}
diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c
-index 6b32205b31b..122dcda0620 100644
+index c6c012dd9c1..337bcfd8900 100644
--- a/usr.sbin/acme-client/revokeproc.c
+++ b/usr.sbin/acme-client/revokeproc.c
-@@ -22,92 +22,53 @@
+@@ -22,93 +22,53 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -1338,38 +1334,35 @@ index 6b32205b31b..122dcda0620 100644
revokeproc(int fd, const char *certfile, int force,
int revocate, const char *const *alts, size_t altsz)
{
-- unsigned char *der = NULL, *dercp;
-- char *der64 = NULL;
-- char *san = NULL, *str, *tok;
-- int rc = 0, cc, i, extsz, ssz, len;
-- size_t *found = NULL;
-- BIO *bio = NULL;
-- FILE *f = NULL;
-- X509 *x = NULL;
-- long lval;
-- enum revokeop op, rop;
-- time_t t;
-- X509_EXTENSION *ex;
-- ASN1_OBJECT *obj;
-- size_t j;
-+ static const unsigned char dnsname[] = {0, 2};
-+ char buf[8192], *pos, *sans = NULL, *der64 = NULL;
-+ int rc = 0, cc, state, err;
-+ size_t i, j, n, len = 0, altlen, altmax, eltsz;
-+ FILE *f = NULL;
-+ br_pem_decoder_context pc;
-+ br_x509_decoder_context xd;
-+ br_x509_minimal_context xc;
-+ br_x509_certificate cert = {0};
-+ br_name_element *elts = NULL;
-+ uint32_t days, secs;
-+ long lval;
-+ enum revokeop op, rop;
-+ time_t t;
+- unsigned char *der = NULL, *dercp;
+- char *der64 = NULL;
+- char *san = NULL, *str, *tok;
+- int rc = 0, cc, i, ssz, len;
+- size_t *found = NULL;
+- BIO *bio = NULL;
++ static const unsigned char dnsname[] = {0, 2};
++ char buf[8192], *pos, *sans = NULL, *der64 = NULL;
++ int rc = 0, cc, state, err;
++ size_t i, j, n, len = 0, altlen, altmax, eltsz;
+ FILE *f = NULL;
+- X509 *x = NULL;
++ br_pem_decoder_context pc;
++ br_x509_decoder_context xd;
++ br_x509_minimal_context xc;
++ br_x509_certificate cert = {0};
++ br_name_element *elts = NULL;
++ uint32_t days, secs;
+ long lval;
+ enum revokeop op, rop;
+ time_t t;
+- const STACK_OF(X509_EXTENSION) *exts;
+- X509_EXTENSION *ex;
+- ASN1_OBJECT *obj;
+- size_t j;
/*
* First try to open the certificate before we drop privileges
-@@ -122,8 +83,6 @@ revokeproc(int fd, const char *certfile, int force,
+@@ -123,8 +83,6 @@ revokeproc(int fd, const char *certfile, int force,
/* File-system and sandbox jailing. */
@@ -1378,7 +1371,7 @@ index 6b32205b31b..122dcda0620 100644
if (pledge("stdio", NULL) == -1) {
warn("pledge");
goto out;
-@@ -147,17 +106,54 @@ revokeproc(int fd, const char *certfile, int force,
+@@ -148,17 +106,54 @@ revokeproc(int fd, const char *certfile, int force,
goto out;
}
@@ -1438,17 +1431,16 @@ index 6b32205b31b..122dcda0620 100644
/*
* Next, the long process to make sure that the SAN entries
-@@ -165,99 +161,66 @@ revokeproc(int fd, const char *certfile, int force,
+@@ -166,100 +161,66 @@ revokeproc(int fd, const char *certfile, int force,
* command line.
*/
-- extsz = x->cert_info->extensions != NULL ?
-- sk_X509_EXTENSION_num(x->cert_info->extensions) : 0;
+- exts = X509_get0_extensions(x);
-
- /* Scan til we find the SAN NID. */
-
-- for (i = 0; i < extsz; i++) {
-- ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i);
+- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
+- ex = sk_X509_EXTENSION_value(exts, i);
- assert(ex != NULL);
- obj = X509_EXTENSION_get_object(ex);
- assert(obj != NULL);
@@ -1464,15 +1456,17 @@ index 6b32205b31b..122dcda0620 100644
- if (bio == NULL) {
- warnx("BIO_new");
- goto out;
-- } else if (!X509V3_EXT_print(bio, ex, 0, 0)) {
+- }
+- if (!X509V3_EXT_print(bio, ex, 0, 0)) {
- warnx("X509V3_EXT_print");
- goto out;
-- } else if ((san = calloc(1, bio->num_write + 1)) == NULL) {
+- }
+- if ((san = calloc(1, BIO_number_written(bio) + 1)) == NULL) {
- warn("calloc");
- goto out;
- }
-- ssz = BIO_read(bio, san, bio->num_write);
-- if (ssz < 0 || (unsigned)ssz != bio->num_write) {
+- ssz = BIO_read(bio, san, BIO_number_written(bio));
+- if (ssz < 0 || (unsigned)ssz != BIO_number_written(bio)) {
- warnx("BIO_read");
- goto out;
- }
@@ -1575,7 +1569,7 @@ index 6b32205b31b..122dcda0620 100644
/*
* If we're going to revoke, write the certificate to the
* netproc in DER and base64-encoded format.
-@@ -278,16 +241,7 @@ revokeproc(int fd, const char *certfile, int force,
+@@ -280,16 +241,7 @@ revokeproc(int fd, const char *certfile, int force,
if (cc <= 0)
goto out;
@@ -1593,7 +1587,7 @@ index 6b32205b31b..122dcda0620 100644
warnx("base64buf_url");
goto out;
} else if (writestr(fd, COMM_CSR, der64) >= 0)
-@@ -340,13 +294,9 @@ out:
+@@ -342,13 +294,9 @@ out:
close(fd);
if (f != NULL)
fclose(f);
@@ -1611,5 +1605,5 @@ index 6b32205b31b..122dcda0620 100644
return rc;
}
--
-2.34.1
+2.35.1
diff --git a/pkg/openbsd/patch/0037-pax-Use-POSIX-struct-stat-fields-for-high-resolution.patch b/pkg/openbsd/patch/0037-pax-Use-POSIX-struct-stat-fields-for-high-resolution.patch
@@ -0,0 +1,46 @@
+From 82646d38665109ec5f0753ba384da94d529bbbe9 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Wed, 27 Apr 2022 19:57:54 -0700
+Subject: [PATCH] pax: Use POSIX struct stat fields for high resolution
+ timestamps
+
+---
+ bin/pax/tar.c | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/bin/pax/tar.c b/bin/pax/tar.c
+index 1f4012123c3..7ede7938c3d 100644
+--- a/bin/pax/tar.c
++++ b/bin/pax/tar.c
+@@ -417,8 +417,7 @@ tar_rd(ARCHD *arcn, char *buf)
+ arcn->sb.st_mtime = INT_MAX; /* XXX 2038 */
+ else
+ arcn->sb.st_mtime = val;
+- arcn->sb.st_ctime = arcn->sb.st_atime = arcn->sb.st_mtime;
+- arcn->sb.st_ctimensec = arcn->sb.st_atimensec = arcn->sb.st_mtimensec;
++ arcn->sb.st_ctim = arcn->sb.st_atim = arcn->sb.st_mtim;
+
+ /*
+ * have to look at the last character, it may be a '/' and that is used
+@@ -795,14 +794,10 @@ reset:
+ else
+ arcn->sb.st_mtime = val;
+ }
+- if (arcn->sb.st_ctime == 0) {
+- arcn->sb.st_ctime = arcn->sb.st_mtime;
+- arcn->sb.st_ctimensec = arcn->sb.st_mtimensec;
+- }
+- if (arcn->sb.st_atime == 0) {
+- arcn->sb.st_atime = arcn->sb.st_mtime;
+- arcn->sb.st_atimensec = arcn->sb.st_mtimensec;
+- }
++ if (arcn->sb.st_ctime == 0)
++ arcn->sb.st_ctim = arcn->sb.st_mtim;
++ if (arcn->sb.st_atime == 0)
++ arcn->sb.st_atim = arcn->sb.st_mtim;
+
+ /*
+ * If we can find the ascii names for gname and uname in the password
+--
+2.35.1
+
diff --git a/pkg/openbsd/patch/0038-rsync-Pass-long-long-to-scan_scaled.patch b/pkg/openbsd/patch/0038-rsync-Pass-long-long-to-scan_scaled.patch
@@ -0,0 +1,42 @@
+From 2165fef297534420b3fbd557cedcb65ec45f0a49 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Wed, 27 Apr 2022 20:03:45 -0700
+Subject: [PATCH] rsync: Pass long long * to scan_scaled
+
+off_t might not be long long.
+---
+ usr.bin/rsync/main.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/usr.bin/rsync/main.c b/usr.bin/rsync/main.c
+index e7713cc548a..6009eb734ff 100644
+--- a/usr.bin/rsync/main.c
++++ b/usr.bin/rsync/main.c
+@@ -346,6 +346,7 @@ main(int argc, char *argv[])
+ struct fargs *fargs;
+ char **args;
+ const char *errstr;
++ long long size;
+
+ /* Global pledge. */
+
+@@ -475,12 +476,14 @@ basedir:
+ opts.basedir[basedir_cnt++] = optarg;
+ break;
+ case OP_MAX_SIZE:
+- if (scan_scaled(optarg, &opts.max_size) == -1)
++ if (scan_scaled(optarg, &size) == -1)
+ err(1, "bad max-size");
++ opts.max_size = size;
+ break;
+ case OP_MIN_SIZE:
+- if (scan_scaled(optarg, &opts.min_size) == -1)
++ if (scan_scaled(optarg, &size) == -1)
+ err(1, "bad min-size");
++ opts.max_size = size;
+ break;
+ case OP_VERSION:
+ fprintf(stderr, "openrsync: protocol version %u\n",
+--
+2.35.1
+
diff --git a/pkg/openbsd/patch/0039-libutil-Include-util.h-instead-of-util.h.patch b/pkg/openbsd/patch/0039-libutil-Include-util.h-instead-of-util.h.patch
@@ -0,0 +1,28 @@
+From 43cb99e0700fe904af34962b9b7ca4560dd70d62 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 6 Sep 2022 23:36:35 -0700
+Subject: [PATCH] libutil: Include <util.h> instead of "util.h"
+
+We provide our own util.h and want to use that instead of OpenBSD's
+version.
+---
+ lib/libutil/fmt_scaled.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/lib/libutil/fmt_scaled.c b/lib/libutil/fmt_scaled.c
+index 374901ffe1e..05ef9983afe 100644
+--- a/lib/libutil/fmt_scaled.c
++++ b/lib/libutil/fmt_scaled.c
+@@ -42,8 +42,7 @@
+ #include <string.h>
+ #include <ctype.h>
+ #include <limits.h>
+-
+-#include "util.h"
++#include <util.h>
+
+ typedef enum {
+ NONE = 0, KILO = 1, MEGA = 2, GIGA = 3, TERA = 4, PETA = 5, EXA = 6
+--
+2.35.1
+
diff --git a/pkg/openbsd/sha256 b/pkg/openbsd/sha256
@@ -1,2 +1,2 @@
-afb37f5f4e1daee76e6b23f83801addbe1e3f6283aa729c8d5339ebfddc6e714 src.tar.gz
-a87324046be2850a9685cd0e906e0237cbc966deff727ee7d9e3f799d02283bb sys.tar.gz
+4a7f61068752b3ed020271a357eb8cfd230057be502e92eb7f5e130ec78d2070 src.tar.gz
+890cb97c01052f26cefe5430d635e0fdf6047ca701a99992968e16801e2a6565 sys.tar.gz
diff --git a/pkg/openbsd/url b/pkg/openbsd/url
@@ -1,5 +1,5 @@
remote-name
-url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.0/src.tar.gz"
+url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.1/src.tar.gz"
remote-name
-url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.0/sys.tar.gz"
+url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.1/sys.tar.gz"
diff --git a/pkg/openbsd/ver b/pkg/openbsd/ver
@@ -1 +1 @@
-6.9 r2
+7.1 r0