diff --git a/distrib/sets/lists/etc/mi b/distrib/sets/lists/etc/mi index 5dc27b187..974ff7ca8 100644 --- a/distrib/sets/lists/etc/mi +++ b/distrib/sets/lists/etc/mi @@ -57,6 +57,7 @@ ./root/.login ./root/.profile ./root/.ssh/authorized_keys +./var/account/acct ./var/crash/minfree ./var/cron/at.deny ./var/cron/cron.deny diff --git a/etc/Makefile b/etc/Makefile index 1632d747d..b17c7a678 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.487 2023/12/13 11:34:56 job Exp $ +# $OpenBSD: Makefile,v 1.488 2024/02/29 22:21:21 bluhm Exp $ .include @@ -179,6 +179,8 @@ distribution-etc-root-var: distrib-dirs chown -h root:wheel ${DESTDIR}/etc/localtime ln -fs /usr/sbin/rmt ${DESTDIR}/etc/rmt chown -h root:wheel ${DESTDIR}/etc/rmt + ${INSTALL} -c -o root -g wheel -m 644 /dev/null \ + ${DESTDIR}/var/account/acct ${INSTALL} -c -o root -g wheel -m 644 minfree \ ${DESTDIR}/var/crash ${INSTALL} -c -o ${BINOWN} -g operator -m 664 /dev/null \ diff --git a/etc/skel/dot.version b/etc/skel/dot.version index 997292484..f6a2e7b7c 100644 --- a/etc/skel/dot.version +++ b/etc/skel/dot.version @@ -1 +1 @@ -# SecBSD 1.5-de8ea3c: Sat Feb 17 20:41:00 UTC 2024 (Yatagarasu) +# SecBSD 1.5-df5e0c0: Fri Mar 1 20:10:00 UTC 2024 (Yatagarasu) diff --git a/lib/libcrypto/hidden/openssl/asn1.h b/lib/libcrypto/hidden/openssl/asn1.h index 11db7b990..63852d1e6 100644 --- a/lib/libcrypto/hidden/openssl/asn1.h +++ b/lib/libcrypto/hidden/openssl/asn1.h @@ -1,4 +1,4 @@ -/* $OpenBSD: asn1.h,v 1.7 2023/11/13 12:46:07 beck Exp $ */ +/* $OpenBSD: asn1.h,v 1.8 2024/03/01 07:38:33 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -249,7 +249,5 @@ LCRYPTO_USED(SMIME_text); LCRYPTO_USED(ERR_load_ASN1_strings); LCRYPTO_USED(ASN1_time_parse); LCRYPTO_USED(ASN1_time_tm_cmp); -LCRYPTO_USED(OPENSSL_gmtime); -LCRYPTO_USED(OPENSSL_timegm); #endif /* _LIBCRYPTO_ASN1_H */ diff --git a/lib/libcrypto/hidden/openssl/crypto.h b/lib/libcrypto/hidden/openssl/crypto.h index dc0b7a02b..083d156d1 100644 --- a/lib/libcrypto/hidden/openssl/crypto.h +++ b/lib/libcrypto/hidden/openssl/crypto.h @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.h,v 1.2 2023/07/28 10:19:20 tb Exp $ */ +/* $OpenBSD: crypto.h,v 1.3 2024/03/01 07:38:33 tb Exp $ */ /* * Copyright (c) 2023 Bob Beck * @@ -71,6 +71,7 @@ LCRYPTO_USED(OpenSSLDie); LCRYPTO_USED(OPENSSL_cpu_caps); LCRYPTO_USED(OPENSSL_init_crypto); LCRYPTO_USED(OPENSSL_cleanup); +LCRYPTO_USED(OPENSSL_gmtime); LCRYPTO_USED(ERR_load_CRYPTO_strings); #endif /* _LIBCRYPTO_CRYPTO_H */ diff --git a/regress/lib/libcrypto/asn1/Makefile b/regress/lib/libcrypto/asn1/Makefile index 16a84c19b..1ba2fecf2 100644 --- a/regress/lib/libcrypto/asn1/Makefile +++ b/regress/lib/libcrypto/asn1/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.27 2024/02/18 16:32:29 tb Exp $ +# $OpenBSD: Makefile,v 1.28 2024/02/29 20:03:47 tb Exp $ PROGS = \ asn1api \ @@ -25,5 +25,6 @@ CFLAGS+= -I${.CURDIR}/../../../../lib/libcrypto/bytestring LDADD_asn1basic = ${CRYPTO_INT} LDADD_asn1object = ${CRYPTO_INT} LDADD_asn1time = ${CRYPTO_INT} +LDADD_x509_algor = ${CRYPTO_INT} .include diff --git a/regress/lib/libcrypto/asn1/x509_algor.c b/regress/lib/libcrypto/asn1/x509_algor.c index 47d730566..abe492ea2 100644 --- a/regress/lib/libcrypto/asn1/x509_algor.c +++ b/regress/lib/libcrypto/asn1/x509_algor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509_algor.c,v 1.6 2023/10/26 08:01:38 tb Exp $ */ +/* $OpenBSD: x509_algor.c,v 1.7 2024/02/29 20:03:47 tb Exp $ */ /* * Copyright (c) 2023 Theo Buehler * @@ -23,7 +23,7 @@ #include #include -void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md); +int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md); static int x509_algor_new_test(void) @@ -321,7 +321,7 @@ x509_algor_get0_test(void) } static int -x509_algor_set_md_test(void) +x509_algor_set_evp_md_test(void) { X509_ALGOR *alg = NULL; const ASN1_OBJECT *aobj; @@ -331,7 +331,11 @@ x509_algor_set_md_test(void) if ((alg = X509_ALGOR_new()) == NULL) errx(1, "%s: X509_ALGOR_new", __func__); - X509_ALGOR_set_md(alg, EVP_sm3()); + if (!X509_ALGOR_set_evp_md(alg, EVP_sm3())) { + fprintf(stderr, "%s: X509_ALGOR_set_evp_md to sm3 failed\n", + __func__); + goto failure; + } X509_ALGOR_get0(&aobj, &ptype, NULL, alg); if ((nid = OBJ_obj2nid(aobj)) != NID_sm3) { fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__, @@ -348,15 +352,19 @@ x509_algor_set_md_test(void) if (!X509_ALGOR_set0(alg, NULL, 0, NULL)) errx(1, "%s: X509_ALGOR_set0", __func__); - X509_ALGOR_set_md(alg, EVP_md5()); + if (!X509_ALGOR_set_evp_md(alg, EVP_md5())) { + fprintf(stderr, "%s: X509_ALGOR_set_evp_md to md5 failed\n", + __func__); + goto failure; + } X509_ALGOR_get0(&aobj, &ptype, NULL, alg); if ((nid = OBJ_obj2nid(aobj)) != NID_md5) { - fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__, + fprintf(stderr, "%s: md5 want %d, got %d\n", __func__, NID_sm3, nid); goto failure; } if (ptype != V_ASN1_NULL) { - fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__, + fprintf(stderr, "%s: md5 want %d, got %d\n", __func__, V_ASN1_NULL, ptype); goto failure; } @@ -377,7 +385,7 @@ main(void) failed |= x509_algor_new_test(); failed |= x509_algor_set0_test(); failed |= x509_algor_get0_test(); - failed |= x509_algor_set_md_test(); + failed |= x509_algor_set_evp_md_test(); return failed; } diff --git a/regress/lib/libcrypto/dsa/dsatest.c b/regress/lib/libcrypto/dsa/dsatest.c index 10ebc3a9f..3a761961f 100644 --- a/regress/lib/libcrypto/dsa/dsatest.c +++ b/regress/lib/libcrypto/dsa/dsatest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: dsatest.c,v 1.10 2023/11/19 13:11:05 tb Exp $ */ +/* $OpenBSD: dsatest.c,v 1.11 2024/02/29 20:04:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -196,7 +196,6 @@ end: CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); - CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); bio_err = NULL; diff --git a/regress/lib/libcrypto/ec/ectest.c b/regress/lib/libcrypto/ec/ectest.c index b32b007b3..e60fde60e 100644 --- a/regress/lib/libcrypto/ec/ectest.c +++ b/regress/lib/libcrypto/ec/ectest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ectest.c,v 1.22 2023/11/19 13:11:05 tb Exp $ */ +/* $OpenBSD: ectest.c,v 1.23 2024/02/29 20:04:43 tb Exp $ */ /* * Originally written by Bodo Moeller for the OpenSSL project. */ @@ -769,7 +769,6 @@ main(int argc, char *argv[]) CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); ERR_remove_thread_state(NULL); - CRYPTO_mem_leaks_fp(stderr); return 0; } diff --git a/regress/lib/libcrypto/evp/evp_pkey_cleanup.c b/regress/lib/libcrypto/evp/evp_pkey_cleanup.c index 055a70d27..d4825f68e 100644 --- a/regress/lib/libcrypto/evp/evp_pkey_cleanup.c +++ b/regress/lib/libcrypto/evp/evp_pkey_cleanup.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_pkey_cleanup.c,v 1.4 2024/01/15 15:09:57 tb Exp $ */ +/* $OpenBSD: evp_pkey_cleanup.c,v 1.5 2024/02/29 20:02:00 tb Exp $ */ /* * Copyright (c) 2022 Theo Buehler @@ -34,8 +34,6 @@ int pkey_ids[] = { EVP_PKEY_DSA, EVP_PKEY_EC, EVP_PKEY_ED25519, - EVP_PKEY_GOSTIMIT, - EVP_PKEY_GOSTR01, EVP_PKEY_HMAC, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, diff --git a/regress/lib/libcrypto/evp/evp_test.c b/regress/lib/libcrypto/evp/evp_test.c index 2c9aee2ad..e7ef804ed 100644 --- a/regress/lib/libcrypto/evp/evp_test.c +++ b/regress/lib/libcrypto/evp/evp_test.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evp_test.c,v 1.16 2024/01/21 19:08:59 tb Exp $ */ +/* $OpenBSD: evp_test.c,v 1.17 2024/02/29 20:02:40 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * Copyright (c) 2023 Theo Buehler @@ -734,10 +734,6 @@ obj_name_do_all_test(void) OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_cb, &arg); failure |= arg.failure; - memset(&arg, 0, sizeof(arg)); - OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_cb, &arg); - failure |= arg.failure; - return failure; } diff --git a/regress/lib/libcrypto/evp/evptest.c b/regress/lib/libcrypto/evp/evptest.c index 0b9436a83..f652cf5a2 100644 --- a/regress/lib/libcrypto/evp/evptest.c +++ b/regress/lib/libcrypto/evp/evptest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: evptest.c,v 1.13 2023/11/19 13:11:06 tb Exp $ */ +/* $OpenBSD: evptest.c,v 1.14 2024/02/29 20:04:43 tb Exp $ */ /* Written by Ben Laurie, 2001 */ /* * Copyright (c) 2001 The OpenSSL Project. All rights reserved. @@ -441,7 +441,6 @@ main(int argc, char **argv) CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); - CRYPTO_mem_leaks_fp(stderr); return 0; } diff --git a/regress/lib/libcrypto/free/freenull.c.head b/regress/lib/libcrypto/free/freenull.c.head index 3c4e542fa..3a6aa8bc8 100644 --- a/regress/lib/libcrypto/free/freenull.c.head +++ b/regress/lib/libcrypto/free/freenull.c.head @@ -1,4 +1,4 @@ -/* $OpenBSD: freenull.c.head,v 1.8 2023/11/20 01:20:19 tb Exp $ */ +/* $OpenBSD: freenull.c.head,v 1.9 2024/02/29 20:00:53 tb Exp $ */ #include #include @@ -7,7 +7,9 @@ #include #include #include +#ifndef OPENSSL_NO_GOST #include +#endif #include #include #include diff --git a/regress/lib/libcrypto/gost/gost2814789t.c b/regress/lib/libcrypto/gost/gost2814789t.c index f4914997c..261b9271a 100644 --- a/regress/lib/libcrypto/gost/gost2814789t.c +++ b/regress/lib/libcrypto/gost/gost2814789t.c @@ -1,4 +1,4 @@ -/* $OpenBSD: gost2814789t.c,v 1.10 2023/11/19 13:11:06 tb Exp $ */ +/* $OpenBSD: gost2814789t.c,v 1.11 2024/02/29 20:06:24 tb Exp $ */ /* vim: set fileencoding=ascii : Charset: ASCII */ /* test/gostr2814789t.c */ /* ==================================================================== @@ -9,6 +9,7 @@ * ==================================================================== */ #include +#include #if defined(OPENSSL_NO_GOST) int main(int argc, char *argv[]) diff --git a/regress/lib/libssl/ciphers/cipherstest.c b/regress/lib/libssl/ciphers/cipherstest.c index c43939d4d..e1411d682 100644 --- a/regress/lib/libssl/ciphers/cipherstest.c +++ b/regress/lib/libssl/ciphers/cipherstest.c @@ -129,61 +129,6 @@ cipher_find_test(void) return (ret); } -static int -cipher_get_by_value_tests(void) -{ - STACK_OF(SSL_CIPHER) *ciphers; - const SSL_CIPHER *cipher; - SSL_CTX *ssl_ctx = NULL; - SSL *ssl = NULL; - unsigned long id; - uint16_t value; - int ret = 1; - int i; - - if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) { - fprintf(stderr, "SSL_CTX_new() returned NULL\n"); - goto failure; - } - if ((ssl = SSL_new(ssl_ctx)) == NULL) { - fprintf(stderr, "SSL_new() returned NULL\n"); - goto failure; - } - - if ((ciphers = SSL_get_ciphers(ssl)) == NULL) { - fprintf(stderr, "no ciphers\n"); - goto failure; - } - - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) { - cipher = sk_SSL_CIPHER_value(ciphers, i); - - id = SSL_CIPHER_get_id(cipher); - if (SSL_CIPHER_get_by_id(id) == NULL) { - fprintf(stderr, "SSL_CIPHER_get_by_id() failed " - "for %s (0x%lx)\n", SSL_CIPHER_get_name(cipher), - id); - goto failure; - } - - value = SSL_CIPHER_get_value(cipher); - if (SSL_CIPHER_get_by_value(value) == NULL) { - fprintf(stderr, "SSL_CIPHER_get_by_value() failed " - "for %s (0x%04hx)\n", SSL_CIPHER_get_name(cipher), - value); - goto failure; - } - } - - ret = 0; - - failure: - SSL_CTX_free(ssl_ctx); - SSL_free(ssl); - - return (ret); -} - struct parse_ciphersuites_test { const char *str; const int want; @@ -522,7 +467,6 @@ main(int argc, char **argv) failed |= check_cipher_order(); failed |= cipher_find_test(); - failed |= cipher_get_by_value_tests(); failed |= parse_ciphersuites_test(); failed |= cipher_set_test(); diff --git a/regress/lib/libssl/exporter/exportertest.c b/regress/lib/libssl/exporter/exportertest.c index 252fcb062..ee8dbaa90 100644 --- a/regress/lib/libssl/exporter/exportertest.c +++ b/regress/lib/libssl/exporter/exportertest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: exportertest.c,v 1.3 2023/04/14 14:23:05 tb Exp $ */ +/* $OpenBSD: exportertest.c,v 1.4 2024/03/01 03:46:54 tb Exp $ */ /* * Copyright (c) 2022 Joel Sing * @@ -534,6 +534,7 @@ exporter_test(size_t test_no, const struct exporter_test *et) SSL_CTX *ssl_ctx = NULL; SSL *ssl = NULL; uint8_t export[256]; + unsigned char id[2]; int err, ret; int failed = 1; @@ -602,7 +603,9 @@ exporter_test(size_t test_no, const struct exporter_test *et) ssl->s3->hs.state = SSL_ST_OK; ssl->s3->hs.negotiated_tls_version = et->tls_version; - ssl->s3->hs.cipher = SSL_CIPHER_get_by_id(et->cipher_id); + id[0] = (et->cipher_id >> 8) & 0xff; + id[1] = et->cipher_id & 0xff; + ssl->s3->hs.cipher = SSL_CIPHER_find(ssl, id); ret = SSL_export_keying_material(ssl, export, et->export_len, et->label, et->label_len, et->context_value, et->context_value_len, diff --git a/regress/lib/libssl/ssl/ssltest.c b/regress/lib/libssl/ssl/ssltest.c index 23d7d48f3..27adeeaf1 100644 --- a/regress/lib/libssl/ssl/ssltest.c +++ b/regress/lib/libssl/ssl/ssltest.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssltest.c,v 1.44 2023/11/19 13:12:06 tb Exp $ */ +/* $OpenBSD: ssltest.c,v 1.45 2024/03/01 03:45:16 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -763,7 +763,6 @@ end: ERR_free_strings(); ERR_remove_thread_state(NULL); EVP_cleanup(); - CRYPTO_mem_leaks(bio_err); BIO_free(bio_err); exit(ret); diff --git a/regress/sys/kern/nanosleep/Makefile b/regress/sys/kern/nanosleep/Makefile index 919e33e67..05b75a68d 100644 --- a/regress/sys/kern/nanosleep/Makefile +++ b/regress/sys/kern/nanosleep/Makefile @@ -1,7 +1,8 @@ -# $OpenBSD: Makefile,v 1.4 2018/05/22 18:33:41 cheloha Exp $ +# $OpenBSD: Makefile,v 1.5 2024/02/29 21:47:02 bluhm Exp $ PROG= nanosleep SRCS= nanosleep.c +WARNINGS= yes trivial: nanosleep ./nanosleep -t diff --git a/regress/sys/kern/nanosleep/nanosleep.c b/regress/sys/kern/nanosleep/nanosleep.c index 790707ae0..95bfa79ab 100644 --- a/regress/sys/kern/nanosleep/nanosleep.c +++ b/regress/sys/kern/nanosleep/nanosleep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: nanosleep.c,v 1.8 2024/02/29 18:17:41 bluhm Exp $ */ +/* $OpenBSD: nanosleep.c,v 1.9 2024/02/29 21:47:02 bluhm Exp $ */ /* * Written by Artur Grabowski 2002 Public Domain. */ @@ -50,6 +50,7 @@ main(int argc, char **argv) break; case 'S': ret |= short_time(); + break; default: fprintf(stderr, "Usage: nanosleep [-itseSE]\n"); exit(1); @@ -67,14 +68,14 @@ sighandler(int signum) int trivial(void) { - struct timespec ts, rts; + struct timespec timeout, remainder; - ts.tv_sec = 0; - ts.tv_nsec = 30000000; - rts.tv_sec = 4711; /* Just add to the confusion */ - rts.tv_nsec = 4711; - if (nanosleep(&ts, &rts) < 0) { - warn("trivial: nanosleep"); + timeout.tv_sec = 0; + timeout.tv_nsec = 30000000; + remainder.tv_sec = 4711; /* Just add to the confusion */ + remainder.tv_nsec = 4711; + if (nanosleep(&timeout, &remainder) < 0) { + warn("%s: nanosleep", __func__); return 1; } @@ -83,9 +84,9 @@ trivial(void) * amount of time we want to sleep. * If we receive any signal, something is wrong anyway. */ - if (rts.tv_sec != 0 || rts.tv_nsec != 0) { - warnx("trivial: non-zero time? %lld/%ld", (long long)rts.tv_sec, - rts.tv_nsec); + if (remainder.tv_sec != 0 || remainder.tv_nsec != 0) { + warnx("%s: non-zero time: %lld.%09ld", __func__, + (long long)remainder.tv_sec, remainder.tv_nsec); return 1; } @@ -95,7 +96,7 @@ trivial(void) int with_signal(void) { - struct timespec ts, rts; + struct timespec timeout, remainder; pid_t pid; int status; @@ -106,29 +107,34 @@ with_signal(void) switch(fork()) { case -1: err(1, "fork"); - default: - ts.tv_sec = 1; - ts.tv_nsec = 0; - nanosleep(&ts, NULL); + case 0: + timeout.tv_sec = 1; + timeout.tv_nsec = 0; + nanosleep(&timeout, NULL); kill(pid, SIGUSR1); - exit(0); + _exit(0); + default: + break; } - ts.tv_sec = 10; - ts.tv_nsec = 0; - rts.tv_sec = 0; - rts.tv_nsec = 0; - if (nanosleep(&ts, &rts) == 0) { - warnx("with-signal: nanosleep"); + timeout.tv_sec = 10; + timeout.tv_nsec = 0; + remainder.tv_sec = 0; + remainder.tv_nsec = 0; + if (nanosleep(&timeout, &remainder) == 0) { + warnx("%s: nanosleep", __func__); return 1; } - if (rts.tv_sec == 0 && rts.tv_nsec == 0) { - warnx("with-signal: zero time"); + + if (remainder.tv_sec == 0 && remainder.tv_nsec == 0) { + warnx("%s: zero time", __func__); return 1; } if (wait(&status) < 0) err(1, "wait"); + if (status != 0) + errx(1, "status"); return 0; } @@ -136,31 +142,32 @@ with_signal(void) int time_elapsed(void) { - struct timespec ts; - struct timespec stv, etv; + struct timespec timeout; + struct timespec start, end, duration; - ts.tv_sec = 0; - ts.tv_nsec = 500000000; + timeout.tv_sec = 0; + timeout.tv_nsec = 500000000; - if (clock_gettime(CLOCK_MONOTONIC, &stv) < 0) { - warn("clock_gettime"); + if (clock_gettime(CLOCK_MONOTONIC, &start) < 0) { + warn("%s: clock_gettime", __func__); return 1; } - if (nanosleep(&ts, NULL) < 0) { - warn("nanosleep"); + if (nanosleep(&timeout, NULL) < 0) { + warn("%s: nanosleep", __func__); return 1; } - if (clock_gettime(CLOCK_MONOTONIC, &etv) < 0) { - warn("clock_gettime"); + if (clock_gettime(CLOCK_MONOTONIC, &end) < 0) { + warn("%s: clock_gettime", __func__); return 1; } - timespecsub(&etv, &stv, &stv); + timespecsub(&end, &start, &duration); - if (stv.tv_sec == 0 && stv.tv_nsec < 500000000) { - warnx("slept less than 0.5 sec"); + if (duration.tv_sec == 0 && duration.tv_nsec < 500000000) { + warnx("%s: slept less than 0.5 sec: %lld.%09ld", __func__, + (long long)duration.tv_sec, duration.tv_nsec); return 1; } @@ -170,8 +177,8 @@ time_elapsed(void) int time_elapsed_with_signal(void) { - struct timespec ts, rts; - struct timespec stv, etv; + struct timespec timeout, remainder; + struct timespec start, end, duration; pid_t pid; int status; @@ -182,49 +189,52 @@ time_elapsed_with_signal(void) switch(fork()) { case -1: err(1, "fork"); - default: - ts.tv_sec = 1; - ts.tv_nsec = 0; - nanosleep(&ts, NULL); + case 0: + timeout.tv_sec = 1; + timeout.tv_nsec = 0; + nanosleep(&timeout, NULL); kill(pid, SIGUSR1); - exit(0); + _exit(0); + default: + break; } - ts.tv_sec = 10; - ts.tv_nsec = 0; - rts.tv_sec = 0; - rts.tv_nsec = 0; - - if (clock_gettime(CLOCK_MONOTONIC, &stv) < 0) { - warn("clock_gettime"); + if (clock_gettime(CLOCK_MONOTONIC, &start) < 0) { + warn("%s: clock_gettime", __func__); return 1; } - if (nanosleep(&ts, &rts) == 0) { - warnx("nanosleep"); + timeout.tv_sec = 10; + timeout.tv_nsec = 0; + remainder.tv_sec = 0; + remainder.tv_nsec = 0; + if (nanosleep(&timeout, &remainder) == 0) { + warnx("%s: nanosleep", __func__); return 1; } - if (clock_gettime(CLOCK_MONOTONIC, &etv) < 0) { - warn("clock_gettime"); + if (clock_gettime(CLOCK_MONOTONIC, &end) < 0) { + warn("%s: clock_gettime", __func__); return 1; } - timespecsub(&etv, &stv, &stv); + timespecsub(&end, &start, &duration); + timespecadd(&duration, &remainder, &timeout); + /* XXX remainder may be one tick too small */ + remainder.tv_sec = 0; + remainder.tv_nsec = 10000000; + timespecadd(&timeout, &remainder, &timeout); - etv.tv_sec = rts.tv_sec; - etv.tv_nsec = rts.tv_nsec; - - timespecadd(&etv, &stv, &stv); - - if (stv.tv_sec < 10) { - warnx("slept time + leftover time < 10 sec"); + if (timeout.tv_sec < 10) { + warnx("%s: slept time + leftover time < 10 sec: %lld.%09ld", + __func__, (long long)timeout.tv_sec, timeout.tv_nsec); return 1; } - if (wait(&status) < 0) err(1, "wait"); + if (status != 0) + errx(1, "status"); return 0; } @@ -232,7 +242,7 @@ time_elapsed_with_signal(void) int short_time(void) { - struct timespec ts, rts; + struct timespec timeout; pid_t pid; int status; @@ -243,24 +253,28 @@ short_time(void) switch(fork()) { case -1: err(1, "fork"); - default: + case 0: /* Sleep two seconds, then shoot parent. */ - ts.tv_sec = 2; - ts.tv_nsec = 0; - nanosleep(&ts, NULL); + timeout.tv_sec = 2; + timeout.tv_nsec = 0; + nanosleep(&timeout, NULL); kill(pid, SIGUSR1); - exit(0); + _exit(0); + default: + break; } - ts.tv_sec = 0; - ts.tv_nsec = 1; - if (nanosleep(&ts, NULL) <= 0) { - warn("short_time: nanosleep"); + timeout.tv_sec = 0; + timeout.tv_nsec = 1; + if (nanosleep(&timeout, NULL) < 0) { + warn("%s: nanosleep", __func__); return 1; } if (wait(&status) < 0) err(1, "wait"); + if (status != 0) + errx(1, "status"); return 0; } @@ -268,14 +282,14 @@ short_time(void) int invalid_time(void) { - struct timespec ts[3] = { {-1, 0}, {0, -1}, {0, 1000000000L} }; + struct timespec timeout[3] = { {-1, 0}, {0, -1}, {0, 1000000000L} }; int i, status; for (i = 0; i < 3; i++) { - status = nanosleep(&ts[i], NULL); + status = nanosleep(&timeout[i], NULL); if (status != -1 || errno != EINVAL) { - warnx("invalid-time: nanosleep %lld %ld", - (long long)ts[i].tv_sec, ts[i].tv_nsec); + warnx("%s: nanosleep %lld %ld", __func__, + (long long)timeout[i].tv_sec, timeout[i].tv_nsec); return 1; } } diff --git a/sbin/fdisk/cmd.c b/sbin/fdisk/cmd.c index c1765db47..f18123fc5 100644 --- a/sbin/fdisk/cmd.c +++ b/sbin/fdisk/cmd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmd.c,v 1.179 2023/11/18 15:42:09 krw Exp $ */ +/* $OpenBSD: cmd.c,v 1.180 2024/03/01 17:48:03 krw Exp $ */ /* * Copyright (c) 1997 Tobias Weingartner @@ -294,6 +294,7 @@ Xedit(const char *args, struct mbr *mbr) int gsetpid(const int pn) { + int32_t is_nil; uint32_t status; GPT_print_parthdr(TERSE); @@ -305,8 +306,9 @@ gsetpid(const int pn) return -1; } + is_nil = uuid_is_nil(&gp[pn].gp_type, NULL); gp[pn].gp_type = *ask_uuid(&gp[pn].gp_type); - if (PRT_protected_uuid(&gp[pn].gp_type)) { + if (PRT_protected_uuid(&gp[pn].gp_type) && is_nil == 0) { printf("can't change partition type to %s\n", PRT_uuid_to_desc(&gp[pn].gp_type)); return -1; diff --git a/sys/arch/arm64/arm64/cpu.c b/sys/arch/arm64/arm64/cpu.c index 4194d2781..910399d2e 100644 --- a/sys/arch/arm64/arm64/cpu.c +++ b/sys/arch/arm64/arm64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.106 2024/02/28 00:53:16 jsg Exp $ */ +/* $OpenBSD: cpu.c,v 1.107 2024/03/01 15:57:43 kettenis Exp $ */ /* * Copyright (c) 2016 Dale Rahn @@ -266,6 +266,13 @@ void cpu_opp_kstat_attach(struct cpu_info *ci); void cpu_identify(struct cpu_info *ci) { + static uint64_t prev_id_aa64isar0; + static uint64_t prev_id_aa64isar1; + static uint64_t prev_id_aa64isar2; + static uint64_t prev_id_aa64mmfr0; + static uint64_t prev_id_aa64mmfr1; + static uint64_t prev_id_aa64pfr0; + static uint64_t prev_id_aa64pfr1; uint64_t midr, impl, part; uint64_t clidr, id; uint32_t ctr, ccsidr, sets, ways, line; @@ -482,6 +489,19 @@ cpu_identify(struct cpu_info *ci) if (impl == CPU_IMPL_APPLE) ci->ci_serror = cpu_serror_apple; + /* + * Skip printing CPU features if they are identical to the + * previous CPU. + */ + if (READ_SPECIALREG(id_aa64isar0_el1) == prev_id_aa64isar0 && + READ_SPECIALREG(id_aa64isar1_el1) == prev_id_aa64isar1 && + READ_SPECIALREG(id_aa64isar2_el1) == prev_id_aa64isar2 && + READ_SPECIALREG(id_aa64mmfr0_el1) == prev_id_aa64mmfr0 && + READ_SPECIALREG(id_aa64mmfr1_el1) == prev_id_aa64mmfr1 && + READ_SPECIALREG(id_aa64pfr0_el1) == prev_id_aa64pfr0 && + READ_SPECIALREG(id_aa64pfr1_el1) == prev_id_aa64pfr1) + return; + /* * Print CPU features encoded in the ID registers. */ @@ -787,6 +807,14 @@ cpu_identify(struct cpu_info *ci) sep = ","; } + prev_id_aa64isar0 = READ_SPECIALREG(id_aa64isar0_el1); + prev_id_aa64isar1 = READ_SPECIALREG(id_aa64isar1_el1); + prev_id_aa64isar2 = READ_SPECIALREG(id_aa64isar2_el1); + prev_id_aa64mmfr0 = READ_SPECIALREG(id_aa64mmfr0_el1); + prev_id_aa64mmfr1 = READ_SPECIALREG(id_aa64mmfr1_el1); + prev_id_aa64pfr0 = READ_SPECIALREG(id_aa64pfr0_el1); + prev_id_aa64pfr1 = READ_SPECIALREG(id_aa64pfr1_el1); + #ifdef CPU_DEBUG id = READ_SPECIALREG(id_aa64afr0_el1); printf("\nID_AA64AFR0_EL1: 0x%016llx", id); diff --git a/sys/dev/pci/drm/i915/i915_pci.c b/sys/dev/pci/drm/i915/i915_pci.c index e1c6c2671..620eb82eb 100644 --- a/sys/dev/pci/drm/i915/i915_pci.c +++ b/sys/dev/pci/drm/i915/i915_pci.c @@ -771,6 +771,7 @@ static const struct intel_device_info xehpsdv_info = { static const struct intel_device_info dg2_info = { DG2_FEATURES, + .require_force_probe = 1, }; static const struct intel_device_info ats_m_info = { diff --git a/sys/dev/pci/if_vmx.c b/sys/dev/pci/if_vmx.c index 7a3c772e2..d94e052f0 100644 --- a/sys/dev/pci/if_vmx.c +++ b/sys/dev/pci/if_vmx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: if_vmx.c,v 1.81 2024/02/15 13:24:45 jan Exp $ */ +/* $OpenBSD: if_vmx.c,v 1.82 2024/02/29 22:09:33 jan Exp $ */ /* * Copyright (c) 2013 Tsubai Masanari @@ -18,6 +18,7 @@ #include "bpfilter.h" #include "kstat.h" +#include "vlan.h" #include #include diff --git a/sys/dev/pci/pcidevs b/sys/dev/pci/pcidevs index caf04f461..d52626a4f 100644 --- a/sys/dev/pci/pcidevs +++ b/sys/dev/pci/pcidevs @@ -1,4 +1,4 @@ -$OpenBSD: pcidevs,v 1.2064 2024/02/29 10:09:54 jsg Exp $ +$OpenBSD: pcidevs,v 1.2065 2024/03/01 08:34:42 jsg Exp $ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ /* @@ -8537,6 +8537,7 @@ product QUMRANET VIO1_NET 0x1041 Virtio 1.x Network product QUMRANET VIO1_BLOCK 0x1042 Virtio 1.x Storage product QUMRANET VIO1_CONS 0x1043 Virtio 1.x Console product QUMRANET VIO1_RNG 0x1044 Virtio 1.x RNG +product QUMRANET VIO1_MEM 0x1045 Virtio 1.x Memory Balloon product QUMRANET VIO1_SCSI 0x1048 Virtio 1.x SCSI product QUMRANET VIO1_GPU 0x1050 Virtio 1.x GPU product QUMRANET VIO1_INPUT 0x1052 Virtio 1.x Input @@ -8702,6 +8703,10 @@ product REDHAT SERIAL2 0x0003 Qemu Serial 2x product REDHAT SERIAL4 0x0004 Qemu Serial 4x product REDHAT SDMMC 0x0007 SD/MMC product REDHAT HB 0x0008 Host +product REDHAT PCIE 0x000c PCIE +product REDHAT XHCI 0x000d xHCI +product REDHAT PCI 0x000e PCI +product REDHAT NVME 0x0010 NVMe product REDHAT QXL 0x0100 QXL Video /* Rendition products */ diff --git a/sys/dev/pci/pcidevs.h b/sys/dev/pci/pcidevs.h index fdaff6d74..43b12fd75 100644 --- a/sys/dev/pci/pcidevs.h +++ b/sys/dev/pci/pcidevs.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2064 2024/02/29 10:09:54 jsg Exp + * OpenBSD: pcidevs,v 1.2065 2024/03/01 08:34:42 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -8542,6 +8542,7 @@ #define PCI_PRODUCT_QUMRANET_VIO1_BLOCK 0x1042 /* Virtio 1.x Storage */ #define PCI_PRODUCT_QUMRANET_VIO1_CONS 0x1043 /* Virtio 1.x Console */ #define PCI_PRODUCT_QUMRANET_VIO1_RNG 0x1044 /* Virtio 1.x RNG */ +#define PCI_PRODUCT_QUMRANET_VIO1_MEM 0x1045 /* Virtio 1.x Memory Balloon */ #define PCI_PRODUCT_QUMRANET_VIO1_SCSI 0x1048 /* Virtio 1.x SCSI */ #define PCI_PRODUCT_QUMRANET_VIO1_GPU 0x1050 /* Virtio 1.x GPU */ #define PCI_PRODUCT_QUMRANET_VIO1_INPUT 0x1052 /* Virtio 1.x Input */ @@ -8707,6 +8708,10 @@ #define PCI_PRODUCT_REDHAT_SERIAL4 0x0004 /* Qemu Serial 4x */ #define PCI_PRODUCT_REDHAT_SDMMC 0x0007 /* SD/MMC */ #define PCI_PRODUCT_REDHAT_HB 0x0008 /* Host */ +#define PCI_PRODUCT_REDHAT_PCIE 0x000c /* PCIE */ +#define PCI_PRODUCT_REDHAT_XHCI 0x000d /* xHCI */ +#define PCI_PRODUCT_REDHAT_PCI 0x000e /* PCI */ +#define PCI_PRODUCT_REDHAT_NVME 0x0010 /* NVMe */ #define PCI_PRODUCT_REDHAT_QXL 0x0100 /* QXL Video */ /* Rendition products */ diff --git a/sys/dev/pci/pcidevs_data.h b/sys/dev/pci/pcidevs_data.h index d4a8b9153..8fdafd5b1 100644 --- a/sys/dev/pci/pcidevs_data.h +++ b/sys/dev/pci/pcidevs_data.h @@ -2,7 +2,7 @@ * THIS FILE AUTOMATICALLY GENERATED. DO NOT EDIT. * * generated from: - * OpenBSD: pcidevs,v 1.2064 2024/02/29 10:09:54 jsg Exp + * OpenBSD: pcidevs,v 1.2065 2024/03/01 08:34:42 jsg Exp */ /* $NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $ */ @@ -30763,6 +30763,10 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_QUMRANET, PCI_PRODUCT_QUMRANET_VIO1_RNG, "Virtio 1.x RNG", }, + { + PCI_VENDOR_QUMRANET, PCI_PRODUCT_QUMRANET_VIO1_MEM, + "Virtio 1.x Memory Balloon", + }, { PCI_VENDOR_QUMRANET, PCI_PRODUCT_QUMRANET_VIO1_SCSI, "Virtio 1.x SCSI", @@ -31383,6 +31387,22 @@ static const struct pci_known_product pci_known_products[] = { PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_HB, "Host", }, + { + PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_PCIE, + "PCIE", + }, + { + PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_XHCI, + "xHCI", + }, + { + PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_PCI, + "PCI", + }, + { + PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_NVME, + "NVMe", + }, { PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_QXL, "QXL Video", diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index c57950af2..97690f8db 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uipc_syscalls.c,v 1.217 2024/02/03 22:50:09 mvs Exp $ */ +/* $OpenBSD: uipc_syscalls.c,v 1.218 2024/03/01 14:15:01 bluhm Exp $ */ /* $NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $ */ /* @@ -1560,12 +1560,12 @@ sys_ypconnect(struct proc *p, void *v, register_t *retval) if (p->p_p->ps_flags & PS_CHROOT) return EACCES; + KERNEL_LOCK(); name = pool_get(&namei_pool, PR_WAITOK); snprintf(name, MAXPATHLEN, "/var/yp/binding/%s.2", domainname); NDINIT(&nid, 0, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, name, p); nid.ni_pledge = PLEDGE_RPATH; - KERNEL_LOCK(); error = namei(&nid); pool_put(&namei_pool, name); if (error) diff --git a/usr.sbin/bgpd/version.h b/usr.sbin/bgpd/version.h index c62203fcd..aee2b9223 100644 --- a/usr.sbin/bgpd/version.h +++ b/usr.sbin/bgpd/version.h @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.14 2023/10/11 06:30:10 claudio Exp $ */ +/* $OpenBSD: version.h,v 1.15 2024/03/01 16:23:37 claudio Exp $ */ -#define BGPD_VERSION "8.3" +#define BGPD_VERSION "8.4" diff --git a/usr.sbin/rpki-client/main.c b/usr.sbin/rpki-client/main.c index 231ddd821..f962d8174 100644 --- a/usr.sbin/rpki-client/main.c +++ b/usr.sbin/rpki-client/main.c @@ -1,4 +1,4 @@ -/* $OpenBSD: main.c,v 1.252 2024/02/26 15:40:33 job Exp $ */ +/* $OpenBSD: main.c,v 1.254 2024/03/01 09:36:55 job Exp $ */ /* * Copyright (c) 2021 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -72,6 +72,7 @@ int filemode; int shortlistmode; int rrdpon = 1; int repo_timeout; +int experimental; time_t deadline; /* 9999-12-31 23:59:59 UTC */ @@ -671,7 +672,8 @@ entity_process(struct ibuf *b, struct stats *st, struct vrp_tree *tree, case RTYPE_SPL: io_read_buf(b, &c, sizeof(c)); if (c == 0) { - repo_stat_inc(rp, talid, type, STYPE_FAIL); + if (experimental) + repo_stat_inc(rp, talid, type, STYPE_FAIL); break; } spl = spl_read(b); @@ -895,9 +897,9 @@ load_shortlist(const char *fqdn) static void check_fs_size(int fd, const char *cachedir) { - struct statvfs fs; - const long long minsize = 500 * 1024 * 1024; - const long long minnode = 300 * 1000; + struct statvfs fs; + unsigned long long minsize = 500 * 1024 * 1024; + unsigned long long minnode = 300 * 1000; if (fstatvfs(fd, &fs) == -1) err(1, "statfs %s", cachedir); @@ -907,13 +909,13 @@ check_fs_size(int fd, const char *cachedir) fprintf(stderr, "WARNING: rpki-client may need more than " "the available disk space\n" "on the file-system holding %s.\n", cachedir); - fprintf(stderr, "available space: %lldkB, " - "suggested minimum %lldkB\n", - (long long)fs.f_bavail * fs.f_frsize / 1024, + fprintf(stderr, "available space: %llukB, " + "suggested minimum %llukB\n", + (unsigned long long)fs.f_bavail * fs.f_frsize / 1024, minsize / 1024); - fprintf(stderr, "available inodes %lld, " - "suggested minimum %lld\n\n", - (long long)fs.f_favail, minnode); + fprintf(stderr, "available inodes: %llu, " + "suggested minimum: %llu\n\n", + (unsigned long long)fs.f_favail, minnode); fflush(stderr); } } @@ -998,7 +1000,7 @@ main(int argc, char *argv[]) "proc exec unveil", NULL) == -1) err(1, "pledge"); - while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:rRs:S:t:T:vV")) != -1) + while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:rRs:S:t:T:vVx")) != -1) switch (c) { case 'A': excludeaspa = 1; @@ -1076,6 +1078,9 @@ main(int argc, char *argv[]) case 'V': fprintf(stderr, "rpki-client %s\n", RPKI_VERSION); return 0; + case 'x': + experimental = 1; + break; default: goto usage; } @@ -1509,7 +1514,7 @@ main(int argc, char *argv[]) usage: fprintf(stderr, - "usage: rpki-client [-ABcjmnoRrVv] [-b sourceaddr] [-d cachedir]" + "usage: rpki-client [-ABcjmnoRrVvx] [-b sourceaddr] [-d cachedir]" " [-e rsync_prog]\n" " [-H fqdn] [-P epoch] [-S skiplist] [-s timeout]" " [-T table]\n" diff --git a/usr.sbin/rpki-client/output-json.c b/usr.sbin/rpki-client/output-json.c index f19a49c5e..fd3719630 100644 --- a/usr.sbin/rpki-client/output-json.c +++ b/usr.sbin/rpki-client/output-json.c @@ -1,4 +1,4 @@ -/* $OpenBSD: output-json.c,v 1.44 2024/02/26 15:40:33 job Exp $ */ +/* $OpenBSD: output-json.c,v 1.46 2024/03/01 08:10:09 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * @@ -23,6 +23,8 @@ #include "extern.h" #include "json.h" +extern int experimental; + static void outputheader_json(struct stats *st) { @@ -113,6 +115,31 @@ output_aspa(struct vap_tree *vaps) json_do_end(); } +static void +output_spl(struct vsp_tree *vsps) +{ + struct vsp *vsp; + char buf[64]; + size_t i; + + json_do_array("signedprefixlists"); + RB_FOREACH(vsp, vsp_tree, vsps) { + json_do_object("vsp", 1); + json_do_int("origin_as", vsp->asid); + json_do_array("prefixes"); + for (i = 0; i < vsp->prefixesz; i++) { + ip_addr_print(&vsp->prefixes[i].prefix, + vsp->prefixes[i].afi, buf, sizeof(buf)); + json_do_string("prefix", buf); + } + json_do_end(); + json_do_int("expires", vsp->expires); + json_do_string("ta", taldescs[vsp->talid]); + json_do_end(); + } + json_do_end(); +} + int output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, struct vap_tree *vaps, struct vsp_tree *vsps, struct stats *st) @@ -120,8 +147,6 @@ output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, char buf[64]; struct vrp *v; struct brk *b; - struct vsp *vsp; - size_t i; json_do_start(out); outputheader_json(st); @@ -155,22 +180,8 @@ output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks, if (!excludeaspa) output_aspa(vaps); - json_do_array("signedprefixlists"); - RB_FOREACH(vsp, vsp_tree, vsps) { - json_do_object("vsp", 1); - json_do_int("origin_as", vsp->asid); - json_do_array("prefixes"); - for (i = 0; i < vsp->prefixesz; i++) { - ip_addr_print(&vsp->prefixes[i].prefix, - vsp->prefixes[i].afi, buf, sizeof(buf)); - json_do_string("prefix", buf); - } - json_do_end(); - json_do_int("expires", vsp->expires); - json_do_string("ta", taldescs[vsp->talid]); - json_do_end(); - } - json_do_end(); + if (experimental) + output_spl(vsps); return json_do_finish(); } diff --git a/usr.sbin/rpki-client/parser.c b/usr.sbin/rpki-client/parser.c index 62ebcade6..6bb52a6a7 100644 --- a/usr.sbin/rpki-client/parser.c +++ b/usr.sbin/rpki-client/parser.c @@ -1,4 +1,4 @@ -/* $OpenBSD: parser.c,v 1.129 2024/02/22 12:49:42 job Exp $ */ +/* $OpenBSD: parser.c,v 1.130 2024/03/01 08:10:09 tb Exp $ */ /* * Copyright (c) 2019 Claudio Jeker * Copyright (c) 2019 Kristaps Dzonsons @@ -39,6 +39,8 @@ #include "extern.h" extern int noop; +extern int experimental; +extern int verbose; static X509_STORE_CTX *ctx; static struct auth_tree auths = RB_INITIALIZER(&auths); @@ -861,9 +863,15 @@ parse_entity(struct entityq *q, struct msgbuf *msgq) case RTYPE_SPL: file = parse_load_file(entp, &f, &flen); io_str_buffer(b, file); - spl = proc_parser_spl(file, f, flen, entp); - if (spl != NULL) - mtime = spl->signtime; + if (experimental) { + spl = proc_parser_spl(file, f, flen, entp); + if (spl != NULL) + mtime = spl->signtime; + } else { + if (verbose > 0) + warnx("%s: skipped", file); + spl = NULL; + } io_simple_buffer(b, &mtime, sizeof(mtime)); c = (spl != NULL); io_simple_buffer(b, &c, sizeof(int)); diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8 index 057eff62d..15708529d 100644 --- a/usr.sbin/rpki-client/rpki-client.8 +++ b/usr.sbin/rpki-client/rpki-client.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rpki-client.8,v 1.102 2024/02/22 17:54:08 tb Exp $ +.\" $OpenBSD: rpki-client.8,v 1.103 2024/03/01 08:10:09 tb Exp $ .\" .\" Copyright (c) 2019 Kristaps Dzonsons .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: February 22 2024 $ +.Dd $Mdocdate: March 1 2024 $ .Dt RPKI-CLIENT 8 .Os .Sh NAME @@ -22,7 +22,7 @@ .Nd RPKI validator to support BGP routing security .Sh SYNOPSIS .Nm -.Op Fl ABcjmnoRrVv +.Op Fl ABcjmnoRrVvx .Op Fl b Ar sourceaddr .Op Fl d Ar cachedir .Op Fl e Ar rsync_prog @@ -231,6 +231,10 @@ If .Fl f is given, specify once to print more information about the encapsulated X.509 certificate, twice to print the certificate in PEM format. +.It Fl x +Enable processing of experimental file formats. +This option is implied by +.Fl f . .It Ar outputdir The directory where .Nm diff --git a/usr.sbin/rpki-client/version.h b/usr.sbin/rpki-client/version.h index ffbda5b70..d9fb1a356 100644 --- a/usr.sbin/rpki-client/version.h +++ b/usr.sbin/rpki-client/version.h @@ -1,3 +1,3 @@ -/* $OpenBSD: version.h,v 1.21 2024/02/09 13:49:41 job Exp $ */ +/* $OpenBSD: version.h,v 1.22 2024/03/01 16:27:34 tb Exp $ */ -#define RPKI_VERSION "8.9" +#define RPKI_VERSION "9.0"