logo

oasis

Own branch of Oasis Linux (upstream: <https://git.sr.ht/~mcf/oasis/>) git clone https://anongit.hacktivis.me/git/oasis.git
commit: 569b21ba94f76e8d419fbc8375daef73cdb43583
parent 00fe346cc1ce9b97dbfeca089b3afc97f0353bfe
Author: Michael Forney <mforney@mforney.org>
Date:   Fri, 22 Apr 2022 13:03:31 -0700

openbsd: Update to 7.1

Diffstat:

Mpkg/openbsd/gen.lua4++--
Apkg/openbsd/include/util.h8++++++++
Mpkg/openbsd/patch/0002-fts-Add-some-includes.patch10+++++-----
Mpkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch97++++++++++++++++++++++++++++++++++++++++++-------------------------------------
Mpkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch16++++++++--------
Mpkg/openbsd/patch/0032-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch8++++----
Mpkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch27++++++++++++++++++++++-----
Mpkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch24++++++++++++------------
Mpkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch176++++++++++++++++++++++++++++++++++++++-----------------------------------------
Apkg/openbsd/patch/0037-pax-Use-POSIX-struct-stat-fields-for-high-resolution.patch46++++++++++++++++++++++++++++++++++++++++++++++
Apkg/openbsd/patch/0038-rsync-Pass-long-long-to-scan_scaled.patch42++++++++++++++++++++++++++++++++++++++++++
Apkg/openbsd/patch/0039-libutil-Include-util.h-instead-of-util.h.patch28++++++++++++++++++++++++++++
Mpkg/openbsd/sha2564++--
Mpkg/openbsd/url4++--
Mpkg/openbsd/ver2+-
15 files changed, 318 insertions(+), 178 deletions(-)

diff --git a/pkg/openbsd/gen.lua b/pkg/openbsd/gen.lua @@ -30,7 +30,7 @@ lib('libbsd.a', [[ stdlib/(freezero.c recallocarray.c strtonum.c) string/(strmode.c timingsafe_bcmp.c timingsafe_memcmp.c) ) - lib/libutil/ohash.c + lib/libutil/(fmt_scaled.c ohash.c) ]]) file('lib/libbsd.a', '644', '$outdir/libbsd.a') @@ -93,7 +93,7 @@ man{'bin/pax/pax.1', 'bin/pax/tar.1', 'bin/pax/cpio.1'} -- rsync exe('rsync', [[ usr.bin/rsync/( - blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c + blocks.c client.c copy.c downloader.c fargs.c flist.c hash.c ids.c io.c log.c main.c md4.c misc.c mkpath.c mktemp.c receiver.c rmatch.c rules.c sender.c server.c session.c socket.c symlinks.c uploader.c ) diff --git a/pkg/openbsd/include/util.h b/pkg/openbsd/include/util.h @@ -0,0 +1,8 @@ +#ifndef _UTIL_H_ +#define _UTIL_H_ + +#define FMT_SCALED_STRSIZE 7 /* minus sign, 4 digits, suffix, null byte */ + +int scan_scaled(char *, long long *); + +#endif diff --git a/pkg/openbsd/patch/0002-fts-Add-some-includes.patch b/pkg/openbsd/patch/0002-fts-Add-some-includes.patch @@ -1,4 +1,4 @@ -From e73065515ec3b6c03e45ee7c8c10543ff44a407c Mon Sep 17 00:00:00 2001 +From 2280f1bcd79a988c95548f65b9e3d7e08ac51b09 Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Mon, 18 Apr 2016 01:25:29 -0700 Subject: [PATCH] fts: Add some includes @@ -9,7 +9,7 @@ Subject: [PATCH] fts: Add some includes 2 files changed, 4 insertions(+) diff --git a/include/fts.h b/include/fts.h -index eaf6be07c..a5b3aff91 100644 +index eaf6be07c6f..a5b3aff91e7 100644 --- a/include/fts.h +++ b/include/fts.h @@ -35,6 +35,8 @@ @@ -22,12 +22,12 @@ index eaf6be07c..a5b3aff91 100644 struct _ftsent *fts_cur; /* current node */ struct _ftsent *fts_child; /* linked list of children */ diff --git a/lib/libc/gen/fts.c b/lib/libc/gen/fts.c -index c186b7af2..f41254c71 100644 +index 77f26d6c27c..86585190a99 100644 --- a/lib/libc/gen/fts.c +++ b/lib/libc/gen/fts.c @@ -31,6 +31,7 @@ - #include <sys/param.h> /* ALIGN */ + #include <sys/param.h> /* ALIGN ALIGNBYTES */ #include <sys/stat.h> +#include <sys/types.h> @@ -42,5 +42,5 @@ index c186b7af2..f41254c71 100644 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) -- -2.12.2 +2.35.1 diff --git a/pkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch b/pkg/openbsd/patch/0015-doas-Port-to-linux-musl.patch @@ -1,4 +1,4 @@ -From dc1adc29e491a5e2cc3befb26ac6230b1551ad7b Mon Sep 17 00:00:00 2001 +From 391a9687a9bde37d10645f0b69f7502635b026cc Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Sun, 26 Feb 2017 16:50:55 -0800 Subject: [PATCH] doas: Port to linux/musl @@ -27,12 +27,12 @@ Simplify handling of PATH in the environment since we don't have login.conf with per-user default PATH. --- usr.bin/doas/doas.1 | 9 --- - usr.bin/doas/doas.c | 163 +++++++++++++---------------------------- + usr.bin/doas/doas.c | 168 +++++++++++++---------------------------- usr.bin/doas/doas.h | 6 +- usr.bin/doas/env.c | 17 ++--- usr.bin/doas/parse.y | 1 + - usr.bin/doas/persist.c | 133 +++++++++++++++++++++++++++++++++ - 6 files changed, 196 insertions(+), 133 deletions(-) + usr.bin/doas/persist.c | 133 ++++++++++++++++++++++++++++++++ + 6 files changed, 198 insertions(+), 136 deletions(-) create mode 100644 usr.bin/doas/persist.c diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1 @@ -63,7 +63,7 @@ index 4d2e09777c8..a91705e8e3f 100644 Parse and check the configuration file .Ar config , diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c -index 5d440311ffe..05eb2948c5b 100644 +index 5fd9a2b7417..78ff88d48e6 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -20,8 +20,6 @@ @@ -99,11 +99,11 @@ index 5d440311ffe..05eb2948c5b 100644 " command [args]\n"); exit(1); } -@@ -200,24 +207,35 @@ checkconfig(const char *confpath, int argc, char **argv, +@@ -200,16 +207,28 @@ checkconfig(const char *confpath, int argc, char **argv, } static int --authuser(char *myname, char *login_style, int persist) +-authuser_checkpass(char *myname, char *login_style) +verifypasswd(const char *user, const char *pass) +{ + struct spwd *sp; @@ -122,22 +122,10 @@ index 5d440311ffe..05eb2948c5b 100644 +} + +static int -+authuser(char *myname, int persist) ++authuser_checkpass(char *myname) { char *challenge = NULL, *response, rbuf[1024], cbuf[128]; - auth_session_t *as; -- int fd = -1; -+ int fd = -1, valid = 0; - -- if (persist) -- fd = open("/dev/tty", O_RDWR); -- if (fd != -1) { -- if (ioctl(fd, TIOCCHKVERAUTH) == 0) -+ if (persist) { -+ fd = openpersist(&valid); -+ if (valid) - goto good; - } - if (!(as = auth_userchallenge(myname, login_style, "auth-doas", - &challenge))) { @@ -146,8 +134,8 @@ index 5d440311ffe..05eb2948c5b 100644 - } if (!challenge) { char host[HOST_NAME_MAX + 1]; - if (gethostname(host, sizeof(host))) -@@ -229,78 +247,34 @@ authuser(char *myname, char *login_style, int persist) + +@@ -222,14 +241,12 @@ authuser_checkpass(char *myname, char *login_style) response = readpassphrase(challenge, rbuf, sizeof(rbuf), RPP_REQUIRE_TTY); if (response == NULL && errno == ENOTTY) { @@ -165,7 +153,31 @@ index 5d440311ffe..05eb2948c5b 100644 warnx("Authentication failed"); return AUTH_FAILED; } - explicit_bzero(rbuf, sizeof(rbuf)); +@@ -238,79 +255,36 @@ authuser_checkpass(char *myname, char *login_style) + } + + static void +-authuser(char *myname, char *login_style, int persist) ++authuser(char *myname, int persist) + { +- int i, fd = -1; ++ int i, fd = -1, valid = 0; + +- if (persist) +- fd = open("/dev/tty", O_RDWR); +- if (fd != -1) { +- if (ioctl(fd, TIOCCHKVERAUTH) == 0) ++ if (persist) { ++ fd = openpersist(&valid); ++ if (valid) + goto good; + } + for (i = 0; i < AUTH_RETRIES; i++) { +- if (authuser_checkpass(myname, login_style) == AUTH_OK) ++ if (authuser_checkpass(myname) == AUTH_OK) + goto good; + } + exit(1); good: if (fd != -1) { - int secs = 5 * 60; @@ -173,8 +185,6 @@ index 5d440311ffe..05eb2948c5b 100644 + setpersist(fd); close(fd); } - - return AUTH_OK; } -int @@ -231,8 +241,8 @@ index 5d440311ffe..05eb2948c5b 100644 struct passwd mypwstore, targpwstore; struct passwd *mypw, *targpw; const struct rule *rule; -@@ -314,28 +288,20 @@ main(int argc, char **argv) - int authed = AUTH_FAILED; +@@ -323,28 +297,20 @@ main(int argc, char **argv) + int nflag = 0; char cwdpath[PATH_MAX]; const char *cwd; - char *login_style = NULL; @@ -263,7 +273,7 @@ index 5d440311ffe..05eb2948c5b 100644 case 'u': if (parseuid(optarg, &target) != 0) errx(1, "unknown user"); -@@ -405,9 +371,9 @@ main(int argc, char **argv) +@@ -414,50 +380,30 @@ main(int argc, char **argv) cmd = argv[0]; if (!permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1)) { @@ -276,18 +286,11 @@ index 5d440311ffe..05eb2948c5b 100644 } if (!(rule->options & NOPASS)) { -@@ -415,8 +381,7 @@ main(int argc, char **argv) + if (nflag) errx(1, "Authentication required"); - for (i = 0; i < AUTH_RETRIES; i++) { -- authed = authuser(mypw->pw_name, login_style, -- rule->options & PERSIST); -+ authed = authuser(mypw->pw_name, rule->options & PERSIST); - if (authed == AUTH_OK) - break; - } -@@ -425,36 +390,18 @@ main(int argc, char **argv) - exit(1); +- authuser(mypw->pw_name, login_style, rule->options & PERSIST); ++ authuser(mypw->pw_name, rule->options & PERSIST); } - if ((p = getenv("PATH")) != NULL) @@ -299,6 +302,8 @@ index 5d440311ffe..05eb2948c5b 100644 - err(1, "unveil %s", _PATH_LOGIN_CONF); - if (unveil(_PATH_LOGIN_CONF ".db", "r") == -1) - err(1, "unveil %s.db", _PATH_LOGIN_CONF); +- if (unveil(_PATH_LOGIN_CONF_D, "r") == -1) +- err(1, "unveil %s", _PATH_LOGIN_CONF_D); - if (rule->cmd) { - if (setenv("PATH", safepath, 1) == -1) - err(1, "failed to set PATH '%s'", safepath); @@ -318,7 +323,7 @@ index 5d440311ffe..05eb2948c5b 100644 - if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | - LOGIN_SETPATH | - LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | -- LOGIN_SETUSER) != 0) +- LOGIN_SETUSER | LOGIN_SETENV | LOGIN_SETRTABLE) != 0) - errx(1, "failed to set user context for target"); + if (initgroups(targpw->pw_name, targpw->pw_gid) == -1) + err(1, "initgroups"); @@ -329,7 +334,7 @@ index 5d440311ffe..05eb2948c5b 100644 if (pledge("stdio rpath exec", NULL) == -1) err(1, "pledge"); -@@ -468,23 +415,17 @@ main(int argc, char **argv) +@@ -471,23 +417,17 @@ main(int argc, char **argv) err(1, "pledge"); if (!(rule->options & NOLOG)) { @@ -355,12 +360,12 @@ index 5d440311ffe..05eb2948c5b 100644 errx(1, "%s: command not found", cmd); err(1, "%s", cmd); diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h -index 3a9bf4d4de2..2a9561b5565 100644 +index b98fe353b18..6567625c471 100644 --- a/usr.bin/doas/doas.h +++ b/usr.bin/doas/doas.h @@ -29,13 +29,17 @@ extern struct rule **rules; extern size_t nrules; - extern int parse_errors; + extern int parse_error; -extern const char *formerpath; +extern const char *safepath; @@ -421,12 +426,12 @@ index 2d93a4089b6..dc9be691955 100644 /* at last, we have something to insert */ if (val) { diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y -index eaaf8c4b2e6..587fd2c93a8 100644 +index 604becb5445..e5fc912a9c4 100644 --- a/usr.bin/doas/parse.y +++ b/usr.bin/doas/parse.y -@@ -19,6 +19,7 @@ - #include <sys/types.h> +@@ -20,6 +20,7 @@ #include <ctype.h> + #include <limits.h> #include <unistd.h> +#include <stdlib.h> #include <stdint.h> @@ -572,5 +577,5 @@ index 00000000000..4ad1bf1efbf + return 0; +} -- -2.34.1 +2.35.1 diff --git a/pkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch b/pkg/openbsd/patch/0030-rsync-Add-implementation-of-MD4.patch @@ -1,4 +1,4 @@ -From f066f3d01c72b0d78bcca3fb03501e4e5c66a3ba Mon Sep 17 00:00:00 2001 +From 01657f2c1445cf4874337a0966a76f24ba9c9536 Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Wed, 15 Apr 2020 22:10:06 -0700 Subject: [PATCH] rsync: Add implementation of MD4 @@ -16,20 +16,20 @@ Subject: [PATCH] rsync: Add implementation of MD4 create mode 100644 usr.bin/rsync/md4.h diff --git a/usr.bin/rsync/Makefile b/usr.bin/rsync/Makefile -index f2e4d460c57..47c8edf05b5 100644 +index 3c60f18e07f..172045ce7ac 100644 --- a/usr.bin/rsync/Makefile +++ b/usr.bin/rsync/Makefile @@ -2,7 +2,7 @@ PROG= openrsync - SRCS= blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c \ + SRCS= blocks.c client.c copy.c downloader.c fargs.c flist.c hash.c ids.c \ - io.c log.c main.c misc.c mkpath.c mktemp.c receiver.c rmatch.c \ + io.c log.c main.c md4.c misc.c mkpath.c mktemp.c receiver.c rmatch.c \ rules.c sender.c server.c session.c socket.c symlinks.c uploader.c - LDADD+= -lcrypto -lm - DPADD+= ${LIBCRYPTO} ${LIBM} + LDADD+= -lcrypto -lm -lutil + DPADD+= ${LIBCRYPTO} ${LIBM} ${LIBUTIL} diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c -index fbb7495acdf..62d3139f643 100644 +index 906733c968e..0a8c3f485d1 100644 --- a/usr.bin/rsync/blocks.c +++ b/usr.bin/rsync/blocks.c @@ -26,7 +26,7 @@ @@ -42,7 +42,7 @@ index fbb7495acdf..62d3139f643 100644 #include "extern.h" diff --git a/usr.bin/rsync/downloader.c b/usr.bin/rsync/downloader.c -index c9f0f8e80dc..3fdbd4416ab 100644 +index 07ec334f6b4..6543851fd2c 100644 --- a/usr.bin/rsync/downloader.c +++ b/usr.bin/rsync/downloader.c @@ -28,7 +28,7 @@ @@ -406,5 +406,5 @@ index 9dd008def01..2aeb99b64a0 100644 #include "extern.h" -- -2.34.1 +2.35.1 diff --git a/pkg/openbsd/patch/0032-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch b/pkg/openbsd/patch/0032-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch @@ -1,4 +1,4 @@ -From b6eaf185d9a9c39e31c638ac162ec5f5a364e94d Mon Sep 17 00:00:00 2001 +From e5c8e801a42459bf0c416f6751b687d61f46fcf1 Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Thu, 4 Jun 2020 21:44:26 -0700 Subject: [PATCH] pax: Use memcpy to set TMAGIC and TVERSION to avoid warning @@ -8,10 +8,10 @@ Subject: [PATCH] pax: Use memcpy to set TMAGIC and TVERSION to avoid warning 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/pax/tar.c b/bin/pax/tar.c -index 8c9e4baea9c..c62705b2199 100644 +index 8d6b3f37012..1f4012123c3 100644 --- a/bin/pax/tar.c +++ b/bin/pax/tar.c -@@ -1030,8 +1030,8 @@ ustar_wr(ARCHD *arcn) +@@ -1040,8 +1040,8 @@ ustar_wr(ARCHD *arcn) break; } @@ -23,5 +23,5 @@ index 8c9e4baea9c..c62705b2199 100644 /* * set the remaining fields. Some versions want all 16 bits of mode -- -2.27.0 +2.35.1 diff --git a/pkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch b/pkg/openbsd/patch/0033-rsync-Fix-some-incorrect-format-specifiers.patch @@ -1,17 +1,34 @@ -From b9210214df47cb4cba51c66f77096c9306cb2ae4 Mon Sep 17 00:00:00 2001 +From 0a32d4f555441c1928547f8f08a6373a6c9d8bf1 Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Thu, 4 Jun 2020 21:36:24 -0700 Subject: [PATCH] rsync: Fix some incorrect format specifiers --- + usr.bin/rsync/fargs.c | 4 ++-- usr.bin/rsync/uploader.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + 2 files changed, 3 insertions(+), 3 deletions(-) +diff --git a/usr.bin/rsync/fargs.c b/usr.bin/rsync/fargs.c +index 7ccb5bff7d2..ef1aaf37c87 100644 +--- a/usr.bin/rsync/fargs.c ++++ b/usr.bin/rsync/fargs.c +@@ -132,9 +132,9 @@ fargs_cmdline(struct sess *sess, const struct fargs *f, size_t *skip) + /* --devices is sent as -D --no-specials */ + addargs(&args, "--no-specials"); + if (sess->opts->max_size >= 0) +- addargs(&args, "--max-size=%lld", sess->opts->max_size); ++ addargs(&args, "--max-size=%jd", (intmax_t)sess->opts->max_size); + if (sess->opts->min_size >= 0) +- addargs(&args, "--min-size=%lld", sess->opts->min_size); ++ addargs(&args, "--min-size=%jd", (intmax_t)sess->opts->min_size); + + /* only add --compare-dest, etc if this is the sender */ + if (sess->opts->alt_base_mode != 0 && diff --git a/usr.bin/rsync/uploader.c b/usr.bin/rsync/uploader.c -index e57647c38e5..ea54bf6496d 100644 +index 678b6c96218..951a5ee4133 100644 --- a/usr.bin/rsync/uploader.c +++ b/usr.bin/rsync/uploader.c -@@ -931,7 +931,7 @@ rsync_uploader(struct upload *u, int *fileinfd, +@@ -1010,7 +1010,7 @@ rsync_uploader(struct upload *u, int *fileinfd, init_blk(&blk.blks[i], &blk, offs, i, mbuf, sess); offs += blk.len; LOG3( @@ -21,5 +38,5 @@ index e57647c38e5..ea54bf6496d 100644 i++; } while (i < blk.blksz); -- -2.34.1 +2.35.1 diff --git a/pkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch b/pkg/openbsd/patch/0035-acme-client-Fix-signed-ness-of-base64buf_url-input.patch @@ -1,4 +1,4 @@ -From 00b21fb61055a23322cbda5572f6635d1e090162 Mon Sep 17 00:00:00 2001 +From a26fe94638fa10455f7525757a57ba6d11c24e8c Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Fri, 23 Apr 2021 20:10:05 -0700 Subject: [PATCH] acme-client: Fix signed-ness of base64buf_url input @@ -13,7 +13,7 @@ This make most of the pointer casts unnecessary. 5 files changed, 17 insertions(+), 14 deletions(-) diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c -index 377f53c12fa..d16680235de 100644 +index cd01f8c3381..d243258beef 100644 --- a/usr.sbin/acme-client/acctproc.c +++ b/usr.sbin/acme-client/acctproc.c @@ -40,8 +40,9 @@ @@ -66,7 +66,7 @@ index 377f53c12fa..d16680235de 100644 } @@ -375,7 +376,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acctop op) - switch (EVP_PKEY_type(pkey->type)) { + switch (EVP_PKEY_base_id(pkey)) { case EVP_PKEY_RSA: - if ((dig64 = base64buf_url((char *)dig, digsz)) == NULL) { + if ((dig64 = base64buf_url(dig, digsz)) == NULL) { @@ -132,20 +132,20 @@ index 96ece27396b..5fba077b7e4 100644 goto out; } else if ((der64 = base64buf_url(der, len)) == NULL) { diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c -index e3cab0cd5a2..6b32205b31b 100644 +index 3eb0bd4cafa..c6c012dd9c1 100644 --- a/usr.sbin/acme-client/revokeproc.c +++ b/usr.sbin/acme-client/revokeproc.c @@ -94,7 +94,8 @@ int revokeproc(int fd, const char *certfile, int force, int revocate, const char *const *alts, size_t altsz) { -- char *der = NULL, *dercp, *der64 = NULL; -+ unsigned char *der = NULL, *dercp; -+ char *der64 = NULL; - char *san = NULL, *str, *tok; - int rc = 0, cc, i, extsz, ssz, len; - size_t *found = NULL; -@@ -283,7 +284,7 @@ revokeproc(int fd, const char *certfile, int force, +- char *der = NULL, *dercp, *der64 = NULL; ++ unsigned char *der = NULL, *dercp; ++ char *der64 = NULL; + char *san = NULL, *str, *tok; + int rc = 0, cc, i, ssz, len; + size_t *found = NULL; +@@ -285,7 +286,7 @@ revokeproc(int fd, const char *certfile, int force, } else if ((der = dercp = malloc(len)) == NULL) { warn("malloc"); goto out; @@ -155,5 +155,5 @@ index e3cab0cd5a2..6b32205b31b 100644 goto out; } else if ((der64 = base64buf_url(der, len)) == NULL) { -- -2.34.1 +2.35.1 diff --git a/pkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch b/pkg/openbsd/patch/0036-acme-client-Port-to-BearSSL.patch @@ -1,19 +1,19 @@ -From f2c85cb223c434e6cbfbe40af689a0d5e39edf87 Mon Sep 17 00:00:00 2001 +From 288aa9ed695a489087e0e73ea1d257d2d13a487f Mon Sep 17 00:00:00 2001 From: Michael Forney <mforney@mforney.org> Date: Fri, 23 Apr 2021 23:14:16 -0700 Subject: [PATCH] acme-client: Port to BearSSL --- - usr.sbin/acme-client/acctproc.c | 305 ++++++++------------------ + usr.sbin/acme-client/acctproc.c | 305 +++++++++------------------ usr.sbin/acme-client/certproc.c | 5 - - usr.sbin/acme-client/key.c | 342 ++++++++++++++++++++++++------ + usr.sbin/acme-client/key.c | 335 ++++++++++++++++++++++++------ usr.sbin/acme-client/key.h | 22 +- - usr.sbin/acme-client/keyproc.c | 195 +++++------------ - usr.sbin/acme-client/revokeproc.c | 280 ++++++++++-------------- - 6 files changed, 558 insertions(+), 591 deletions(-) + usr.sbin/acme-client/keyproc.c | 195 ++++++----------- + usr.sbin/acme-client/revokeproc.c | 274 ++++++++++-------------- + 6 files changed, 551 insertions(+), 585 deletions(-) diff --git a/usr.sbin/acme-client/acctproc.c b/usr.sbin/acme-client/acctproc.c -index d16680235de..372159d0b45 100644 +index d243258beef..7704f2a5be1 100644 --- a/usr.sbin/acme-client/acctproc.c +++ b/usr.sbin/acme-client/acctproc.c @@ -18,72 +18,30 @@ @@ -85,9 +85,9 @@ index d16680235de..372159d0b45 100644 - - if ((r = EVP_PKEY_get0_RSA(pkey)) == NULL) - warnx("EVP_PKEY_get0_RSA"); -- else if ((mod = bn2string(r->n)) == NULL) +- else if ((mod = bn2string(RSA_get0_n(r))) == NULL) - warnx("bn2string"); -- else if ((exp = bn2string(r->e)) == NULL) +- else if ((exp = bn2string(RSA_get0_e(r))) == NULL) - warnx("bn2string"); + + if ((mod = base64buf_url(key->rsa.pk.n, key->rsa.pk.nlen)) == NULL) @@ -158,7 +158,7 @@ index d16680235de..372159d0b45 100644 /* Construct the thumbprint input itself. */ -- switch (EVP_PKEY_type(pkey->type)) { +- switch (EVP_PKEY_base_id(pkey)) { - case EVP_PKEY_RSA: + switch (pkey->type) { + case BR_KEYTYPE_RSA: @@ -171,7 +171,7 @@ index d16680235de..372159d0b45 100644 break; goto out; default: -- warnx("EVP_PKEY_type: unknown key type"); +- warnx("EVP_PKEY_base_id: unknown key type"); + warnx("unknown key type"); goto out; } @@ -230,9 +230,9 @@ index d16680235de..372159d0b45 100644 - if ((r = EVP_PKEY_get0_RSA(pkey)) == NULL) - warnx("EVP_PKEY_get0_RSA"); -- else if ((mod = bn2string(r->n)) == NULL) +- else if ((mod = bn2string(RSA_get0_n(r))) == NULL) - warnx("bn2string"); -- else if ((exp = bn2string(r->e)) == NULL) +- else if ((exp = bn2string(RSA_get0_e(r))) == NULL) - warnx("bn2string"); + if ((mod = base64buf_url(key->rsa.pk.n, key->rsa.pk.nlen)) == NULL) + warnx("base64buf_url"); @@ -326,7 +326,7 @@ index d16680235de..372159d0b45 100644 goto out; } -- switch (EVP_PKEY_type(pkey->type)) { +- switch (EVP_PKEY_base_id(pkey)) { - case EVP_PKEY_RSA: + switch (key->type) { + case BR_KEYTYPE_RSA: @@ -349,7 +349,7 @@ index d16680235de..372159d0b45 100644 goto out; } } else { -- switch (EVP_PKEY_type(pkey->type)) { +- switch (EVP_PKEY_base_id(pkey)) { - case EVP_PKEY_RSA: - if (!op_sign_rsa(&prot, pkey, nonce, url)) + switch (key->type) { @@ -364,7 +364,7 @@ index d16680235de..372159d0b45 100644 goto out; break; default: -- warnx("EVP_PKEY_type"); +- warnx("EVP_PKEY_base_id"); + warnx("unknown key type"); goto out; } @@ -400,7 +400,7 @@ index d16680235de..372159d0b45 100644 + ctx.vtable->out(&ctx.vtable, dig); + digsz = ctx.vtable->desc >> BR_HASHDESC_OUT_OFF & BR_HASHDESC_OUT_MASK; -- switch (EVP_PKEY_type(pkey->type)) { +- switch (EVP_PKEY_base_id(pkey)) { - case EVP_PKEY_RSA: - if ((dig64 = base64buf_url(dig, digsz)) == NULL) { - warnx("base64buf_url"); @@ -458,7 +458,7 @@ index d16680235de..372159d0b45 100644 - break; default: -- warnx("EVP_PKEY_type"); +- warnx("EVP_PKEY_base_id"); + warnx("unknown key type"); goto out; } @@ -543,7 +543,7 @@ index f443d573675..85c3897a4b8 100644 #define BEGIN_MARKER "-----BEGIN CERTIFICATE-----" diff --git a/usr.sbin/acme-client/key.c b/usr.sbin/acme-client/key.c -index 1bc1eee8f59..e95f737d22c 100644 +index c3374914547..c9dc9b10b45 100644 --- a/usr.sbin/acme-client/key.c +++ b/usr.sbin/acme-client/key.c @@ -17,15 +17,11 @@ @@ -564,7 +564,7 @@ index 1bc1eee8f59..e95f737d22c 100644 #include "key.h" -@@ -33,114 +29,320 @@ +@@ -33,113 +29,320 @@ * Default number of bits when creating a new RSA key. */ #define KBITS 4096 @@ -711,7 +711,7 @@ index 1bc1eee8f59..e95f737d22c 100644 + warnx("br_ec_keygen"); goto err; } -- +- - /* set OPENSSL_EC_NAMED_CURVE to be able to load the key */ - - EC_KEY_set_asn1_flag(eckey, OPENSSL_EC_NAMED_CURVE); @@ -719,7 +719,7 @@ index 1bc1eee8f59..e95f737d22c 100644 - /* Serialise the key to the disc in EC format */ - - if (!PEM_write_ECPrivateKey(f, eckey, NULL, NULL, 0, NULL, NULL)) { -- warnx("PEM_write_ECPrivateKey"); +- warnx("%s: PEM_write_ECPrivateKey", fname); + if (br_ec_compute_pub(ec, &key->ec.pk, pbuf, &key->ec.sk) == 0) { + warnx("br_ec_compute_pub"); goto err; @@ -728,41 +728,39 @@ index 1bc1eee8f59..e95f737d22c 100644 - /* Convert the EC key into a PKEY structure */ + /* Serialise the key to the disk in EC format */ -- if ((pkey=EVP_PKEY_new()) == NULL) { +- if ((pkey = EVP_PKEY_new()) == NULL) { - warnx("EVP_PKEY_new"); + if ((derlen = br_encode_ec_raw_der(NULL, &key->ec.sk, + &key->ec.pk)) == 0) { + warnx("br_encode_ec_raw_der"); - goto err; - } -- if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) { -- warnx("EVP_PKEY_assign_EC_KEY"); ++ goto err; ++ } + if ((der = malloc(derlen)) == NULL) { + warn("malloc"); goto err; } +- if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) { +- warnx("EVP_PKEY_assign_EC_KEY"); + br_encode_ec_raw_der(der, &key->ec.sk, &key->ec.pk); + pemlen = br_pem_encode(NULL, der, derlen, BR_ENCODE_PEM_EC_RAW, 0); + if ((pem = malloc(pemlen + 1)) == NULL) { + warn("malloc"); -+ goto err; -+ } + goto err; + } + br_pem_encode(pem, der, derlen, BR_ENCODE_PEM_EC_RAW, 0); + if (fwrite(pem, 1, pemlen, f) == pemlen) + goto out; -- warnx("%s: PEM_write_ECPrivateKey", fname); -- - goto out; + warn("write private key"); err: -- EC_KEY_free(eckey); - EVP_PKEY_free(pkey); - pkey = NULL; + free(key); + key = NULL; out: +- EC_KEY_free(eckey); - return pkey; + free(der); + free(pem); @@ -781,18 +779,6 @@ index 1bc1eee8f59..e95f737d22c 100644 key_load(FILE *f, const char *fname) { - EVP_PKEY *pkey; -- -- pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL); -- if (pkey == NULL) { -- warnx("%s: PEM_read_PrivateKey", fname); -- return NULL; -- } else if (EVP_PKEY_type(pkey->type) == EVP_PKEY_RSA || -- EVP_PKEY_type(pkey->type) == EVP_PKEY_EC ) -- return pkey; -- -- warnx("%s: unsupported key type", fname); -- EVP_PKEY_free(pkey); -- return NULL; + struct key *key = NULL; + size_t datasz, len = 0, n; + int type = 0, err; @@ -867,7 +853,11 @@ index 1bc1eee8f59..e95f737d22c 100644 + } + datasz += 4 + rsa->plen + rsa->qlen + rsa->dplen + rsa->dqlen + + rsa->iqlen; -+ + +- pkey = PEM_read_PrivateKey(f, NULL, NULL, NULL); +- if (pkey == NULL) { +- warnx("%s: PEM_read_PrivateKey", fname); +- return NULL; + if ((key = malloc(sizeof(*key) + datasz)) == NULL) { + warn("malloc"); + goto err; @@ -937,8 +927,14 @@ index 1bc1eee8f59..e95f737d22c 100644 + br_ec_compute_pub(ecimpl, &key->ec.pk, + key->ec.sk.x + key->ec.sk.xlen, &key->ec.sk); + goto out; -+ } -+ + } +- if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA || +- EVP_PKEY_base_id(pkey) == EVP_PKEY_EC) +- return pkey; + +- warnx("%s: unsupported key type", fname); +- EVP_PKEY_free(pkey); +- return NULL; + warnx("%s: missing private key", fname); + +err: @@ -1241,10 +1237,10 @@ index 5fba077b7e4..25e676e7829 100644 return rc; } diff --git a/usr.sbin/acme-client/revokeproc.c b/usr.sbin/acme-client/revokeproc.c -index 6b32205b31b..122dcda0620 100644 +index c6c012dd9c1..337bcfd8900 100644 --- a/usr.sbin/acme-client/revokeproc.c +++ b/usr.sbin/acme-client/revokeproc.c -@@ -22,92 +22,53 @@ +@@ -22,93 +22,53 @@ #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -1338,38 +1334,35 @@ index 6b32205b31b..122dcda0620 100644 revokeproc(int fd, const char *certfile, int force, int revocate, const char *const *alts, size_t altsz) { -- unsigned char *der = NULL, *dercp; -- char *der64 = NULL; -- char *san = NULL, *str, *tok; -- int rc = 0, cc, i, extsz, ssz, len; -- size_t *found = NULL; -- BIO *bio = NULL; -- FILE *f = NULL; -- X509 *x = NULL; -- long lval; -- enum revokeop op, rop; -- time_t t; -- X509_EXTENSION *ex; -- ASN1_OBJECT *obj; -- size_t j; -+ static const unsigned char dnsname[] = {0, 2}; -+ char buf[8192], *pos, *sans = NULL, *der64 = NULL; -+ int rc = 0, cc, state, err; -+ size_t i, j, n, len = 0, altlen, altmax, eltsz; -+ FILE *f = NULL; -+ br_pem_decoder_context pc; -+ br_x509_decoder_context xd; -+ br_x509_minimal_context xc; -+ br_x509_certificate cert = {0}; -+ br_name_element *elts = NULL; -+ uint32_t days, secs; -+ long lval; -+ enum revokeop op, rop; -+ time_t t; +- unsigned char *der = NULL, *dercp; +- char *der64 = NULL; +- char *san = NULL, *str, *tok; +- int rc = 0, cc, i, ssz, len; +- size_t *found = NULL; +- BIO *bio = NULL; ++ static const unsigned char dnsname[] = {0, 2}; ++ char buf[8192], *pos, *sans = NULL, *der64 = NULL; ++ int rc = 0, cc, state, err; ++ size_t i, j, n, len = 0, altlen, altmax, eltsz; + FILE *f = NULL; +- X509 *x = NULL; ++ br_pem_decoder_context pc; ++ br_x509_decoder_context xd; ++ br_x509_minimal_context xc; ++ br_x509_certificate cert = {0}; ++ br_name_element *elts = NULL; ++ uint32_t days, secs; + long lval; + enum revokeop op, rop; + time_t t; +- const STACK_OF(X509_EXTENSION) *exts; +- X509_EXTENSION *ex; +- ASN1_OBJECT *obj; +- size_t j; /* * First try to open the certificate before we drop privileges -@@ -122,8 +83,6 @@ revokeproc(int fd, const char *certfile, int force, +@@ -123,8 +83,6 @@ revokeproc(int fd, const char *certfile, int force, /* File-system and sandbox jailing. */ @@ -1378,7 +1371,7 @@ index 6b32205b31b..122dcda0620 100644 if (pledge("stdio", NULL) == -1) { warn("pledge"); goto out; -@@ -147,17 +106,54 @@ revokeproc(int fd, const char *certfile, int force, +@@ -148,17 +106,54 @@ revokeproc(int fd, const char *certfile, int force, goto out; } @@ -1438,17 +1431,16 @@ index 6b32205b31b..122dcda0620 100644 /* * Next, the long process to make sure that the SAN entries -@@ -165,99 +161,66 @@ revokeproc(int fd, const char *certfile, int force, +@@ -166,100 +161,66 @@ revokeproc(int fd, const char *certfile, int force, * command line. */ -- extsz = x->cert_info->extensions != NULL ? -- sk_X509_EXTENSION_num(x->cert_info->extensions) : 0; +- exts = X509_get0_extensions(x); - - /* Scan til we find the SAN NID. */ - -- for (i = 0; i < extsz; i++) { -- ex = sk_X509_EXTENSION_value(x->cert_info->extensions, i); +- for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) { +- ex = sk_X509_EXTENSION_value(exts, i); - assert(ex != NULL); - obj = X509_EXTENSION_get_object(ex); - assert(obj != NULL); @@ -1464,15 +1456,17 @@ index 6b32205b31b..122dcda0620 100644 - if (bio == NULL) { - warnx("BIO_new"); - goto out; -- } else if (!X509V3_EXT_print(bio, ex, 0, 0)) { +- } +- if (!X509V3_EXT_print(bio, ex, 0, 0)) { - warnx("X509V3_EXT_print"); - goto out; -- } else if ((san = calloc(1, bio->num_write + 1)) == NULL) { +- } +- if ((san = calloc(1, BIO_number_written(bio) + 1)) == NULL) { - warn("calloc"); - goto out; - } -- ssz = BIO_read(bio, san, bio->num_write); -- if (ssz < 0 || (unsigned)ssz != bio->num_write) { +- ssz = BIO_read(bio, san, BIO_number_written(bio)); +- if (ssz < 0 || (unsigned)ssz != BIO_number_written(bio)) { - warnx("BIO_read"); - goto out; - } @@ -1575,7 +1569,7 @@ index 6b32205b31b..122dcda0620 100644 /* * If we're going to revoke, write the certificate to the * netproc in DER and base64-encoded format. -@@ -278,16 +241,7 @@ revokeproc(int fd, const char *certfile, int force, +@@ -280,16 +241,7 @@ revokeproc(int fd, const char *certfile, int force, if (cc <= 0) goto out; @@ -1593,7 +1587,7 @@ index 6b32205b31b..122dcda0620 100644 warnx("base64buf_url"); goto out; } else if (writestr(fd, COMM_CSR, der64) >= 0) -@@ -340,13 +294,9 @@ out: +@@ -342,13 +294,9 @@ out: close(fd); if (f != NULL) fclose(f); @@ -1611,5 +1605,5 @@ index 6b32205b31b..122dcda0620 100644 return rc; } -- -2.34.1 +2.35.1 diff --git a/pkg/openbsd/patch/0037-pax-Use-POSIX-struct-stat-fields-for-high-resolution.patch b/pkg/openbsd/patch/0037-pax-Use-POSIX-struct-stat-fields-for-high-resolution.patch @@ -0,0 +1,46 @@ +From 82646d38665109ec5f0753ba384da94d529bbbe9 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Wed, 27 Apr 2022 19:57:54 -0700 +Subject: [PATCH] pax: Use POSIX struct stat fields for high resolution + timestamps + +--- + bin/pax/tar.c | 15 +++++---------- + 1 file changed, 5 insertions(+), 10 deletions(-) + +diff --git a/bin/pax/tar.c b/bin/pax/tar.c +index 1f4012123c3..7ede7938c3d 100644 +--- a/bin/pax/tar.c ++++ b/bin/pax/tar.c +@@ -417,8 +417,7 @@ tar_rd(ARCHD *arcn, char *buf) + arcn->sb.st_mtime = INT_MAX; /* XXX 2038 */ + else + arcn->sb.st_mtime = val; +- arcn->sb.st_ctime = arcn->sb.st_atime = arcn->sb.st_mtime; +- arcn->sb.st_ctimensec = arcn->sb.st_atimensec = arcn->sb.st_mtimensec; ++ arcn->sb.st_ctim = arcn->sb.st_atim = arcn->sb.st_mtim; + + /* + * have to look at the last character, it may be a '/' and that is used +@@ -795,14 +794,10 @@ reset: + else + arcn->sb.st_mtime = val; + } +- if (arcn->sb.st_ctime == 0) { +- arcn->sb.st_ctime = arcn->sb.st_mtime; +- arcn->sb.st_ctimensec = arcn->sb.st_mtimensec; +- } +- if (arcn->sb.st_atime == 0) { +- arcn->sb.st_atime = arcn->sb.st_mtime; +- arcn->sb.st_atimensec = arcn->sb.st_mtimensec; +- } ++ if (arcn->sb.st_ctime == 0) ++ arcn->sb.st_ctim = arcn->sb.st_mtim; ++ if (arcn->sb.st_atime == 0) ++ arcn->sb.st_atim = arcn->sb.st_mtim; + + /* + * If we can find the ascii names for gname and uname in the password +-- +2.35.1 + diff --git a/pkg/openbsd/patch/0038-rsync-Pass-long-long-to-scan_scaled.patch b/pkg/openbsd/patch/0038-rsync-Pass-long-long-to-scan_scaled.patch @@ -0,0 +1,42 @@ +From 2165fef297534420b3fbd557cedcb65ec45f0a49 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Wed, 27 Apr 2022 20:03:45 -0700 +Subject: [PATCH] rsync: Pass long long * to scan_scaled + +off_t might not be long long. +--- + usr.bin/rsync/main.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/usr.bin/rsync/main.c b/usr.bin/rsync/main.c +index e7713cc548a..6009eb734ff 100644 +--- a/usr.bin/rsync/main.c ++++ b/usr.bin/rsync/main.c +@@ -346,6 +346,7 @@ main(int argc, char *argv[]) + struct fargs *fargs; + char **args; + const char *errstr; ++ long long size; + + /* Global pledge. */ + +@@ -475,12 +476,14 @@ basedir: + opts.basedir[basedir_cnt++] = optarg; + break; + case OP_MAX_SIZE: +- if (scan_scaled(optarg, &opts.max_size) == -1) ++ if (scan_scaled(optarg, &size) == -1) + err(1, "bad max-size"); ++ opts.max_size = size; + break; + case OP_MIN_SIZE: +- if (scan_scaled(optarg, &opts.min_size) == -1) ++ if (scan_scaled(optarg, &size) == -1) + err(1, "bad min-size"); ++ opts.max_size = size; + break; + case OP_VERSION: + fprintf(stderr, "openrsync: protocol version %u\n", +-- +2.35.1 + diff --git a/pkg/openbsd/patch/0039-libutil-Include-util.h-instead-of-util.h.patch b/pkg/openbsd/patch/0039-libutil-Include-util.h-instead-of-util.h.patch @@ -0,0 +1,28 @@ +From 43cb99e0700fe904af34962b9b7ca4560dd70d62 Mon Sep 17 00:00:00 2001 +From: Michael Forney <mforney@mforney.org> +Date: Tue, 6 Sep 2022 23:36:35 -0700 +Subject: [PATCH] libutil: Include <util.h> instead of "util.h" + +We provide our own util.h and want to use that instead of OpenBSD's +version. +--- + lib/libutil/fmt_scaled.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/libutil/fmt_scaled.c b/lib/libutil/fmt_scaled.c +index 374901ffe1e..05ef9983afe 100644 +--- a/lib/libutil/fmt_scaled.c ++++ b/lib/libutil/fmt_scaled.c +@@ -42,8 +42,7 @@ + #include <string.h> + #include <ctype.h> + #include <limits.h> +- +-#include "util.h" ++#include <util.h> + + typedef enum { + NONE = 0, KILO = 1, MEGA = 2, GIGA = 3, TERA = 4, PETA = 5, EXA = 6 +-- +2.35.1 + diff --git a/pkg/openbsd/sha256 b/pkg/openbsd/sha256 @@ -1,2 +1,2 @@ -afb37f5f4e1daee76e6b23f83801addbe1e3f6283aa729c8d5339ebfddc6e714 src.tar.gz -a87324046be2850a9685cd0e906e0237cbc966deff727ee7d9e3f799d02283bb sys.tar.gz +4a7f61068752b3ed020271a357eb8cfd230057be502e92eb7f5e130ec78d2070 src.tar.gz +890cb97c01052f26cefe5430d635e0fdf6047ca701a99992968e16801e2a6565 sys.tar.gz diff --git a/pkg/openbsd/url b/pkg/openbsd/url @@ -1,5 +1,5 @@ remote-name -url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.0/src.tar.gz" +url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.1/src.tar.gz" remote-name -url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.0/sys.tar.gz" +url = "https://fastly.cdn.openbsd.org/pub/OpenBSD/7.1/sys.tar.gz" diff --git a/pkg/openbsd/ver b/pkg/openbsd/ver @@ -1 +1 @@ -6.9 r2 +7.1 r0