sync with OpenBSD -current

distrib/sets/lists/etc/mi

@@ -57,6 +57,7 @@
 ./root/.login
 ./root/.profile
 ./root/.ssh/authorized_keys
+./var/account/acct
 ./var/crash/minfree
 ./var/cron/at.deny
 ./var/cron/cron.deny

etc/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.487 2023/12/13 11:34:56 job Exp $
+#	$OpenBSD: Makefile,v 1.488 2024/02/29 22:21:21 bluhm Exp $
 
 .include <bsd.own.mk>
 
@@ -179,6 +179,8 @@ distribution-etc-root-var: distrib-dirs
 	chown -h root:wheel ${DESTDIR}/etc/localtime
 	ln -fs /usr/sbin/rmt ${DESTDIR}/etc/rmt
 	chown -h root:wheel ${DESTDIR}/etc/rmt
+	${INSTALL} -c -o root -g wheel -m 644 /dev/null \
+	    ${DESTDIR}/var/account/acct
 	${INSTALL} -c -o root -g wheel -m 644 minfree \
 	    ${DESTDIR}/var/crash
 	${INSTALL} -c -o ${BINOWN} -g operator -m 664 /dev/null \

etc/skel/dot.version

@@ -1 +1 @@
-# SecBSD 1.5-de8ea3c: Sat Feb 17 20:41:00 UTC 2024 (Yatagarasu)
+# SecBSD 1.5-df5e0c0: Fri Mar  1 20:10:00 UTC 2024 (Yatagarasu)

lib/libcrypto/hidden/openssl/asn1.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: asn1.h,v 1.7 2023/11/13 12:46:07 beck Exp $ */
+/* $OpenBSD: asn1.h,v 1.8 2024/03/01 07:38:33 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -249,7 +249,5 @@ LCRYPTO_USED(SMIME_text);
 LCRYPTO_USED(ERR_load_ASN1_strings);
 LCRYPTO_USED(ASN1_time_parse);
 LCRYPTO_USED(ASN1_time_tm_cmp);
-LCRYPTO_USED(OPENSSL_gmtime);
-LCRYPTO_USED(OPENSSL_timegm);
 
 #endif /* _LIBCRYPTO_ASN1_H */

lib/libcrypto/hidden/openssl/crypto.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.2 2023/07/28 10:19:20 tb Exp $ */
+/* $OpenBSD: crypto.h,v 1.3 2024/03/01 07:38:33 tb Exp $ */
 /*
  * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
  *
@@ -71,6 +71,7 @@ LCRYPTO_USED(OpenSSLDie);
 LCRYPTO_USED(OPENSSL_cpu_caps);
 LCRYPTO_USED(OPENSSL_init_crypto);
 LCRYPTO_USED(OPENSSL_cleanup);
+LCRYPTO_USED(OPENSSL_gmtime);
 LCRYPTO_USED(ERR_load_CRYPTO_strings);
 
 #endif /* _LIBCRYPTO_CRYPTO_H */

regress/lib/libcrypto/asn1/Makefile

@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.27 2024/02/18 16:32:29 tb Exp $
+#	$OpenBSD: Makefile,v 1.28 2024/02/29 20:03:47 tb Exp $
 
 PROGS = \
 	asn1api \
@@ -25,5 +25,6 @@ CFLAGS+=	-I${.CURDIR}/../../../../lib/libcrypto/bytestring
 LDADD_asn1basic = ${CRYPTO_INT}
 LDADD_asn1object = ${CRYPTO_INT}
 LDADD_asn1time = ${CRYPTO_INT}
+LDADD_x509_algor = ${CRYPTO_INT}
 
 .include <bsd.regress.mk>

regress/lib/libcrypto/asn1/x509_algor.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: x509_algor.c,v 1.6 2023/10/26 08:01:38 tb Exp $ */
+/*	$OpenBSD: x509_algor.c,v 1.7 2024/02/29 20:03:47 tb Exp $ */
 /*
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
  *
@@ -23,7 +23,7 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md);
+int X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md);
 
 static int
 x509_algor_new_test(void)
@@ -321,7 +321,7 @@ x509_algor_get0_test(void)
 }
 
 static int
-x509_algor_set_md_test(void)
+x509_algor_set_evp_md_test(void)
 {
 	X509_ALGOR *alg = NULL;
 	const ASN1_OBJECT *aobj;
@@ -331,7 +331,11 @@ x509_algor_set_md_test(void)
 	if ((alg = X509_ALGOR_new()) == NULL)
 		errx(1, "%s: X509_ALGOR_new", __func__);
 
-	X509_ALGOR_set_md(alg, EVP_sm3());
+	if (!X509_ALGOR_set_evp_md(alg, EVP_sm3())) {
+		fprintf(stderr, "%s: X509_ALGOR_set_evp_md to sm3 failed\n",
+		    __func__);
+		goto failure;
+	}
 	X509_ALGOR_get0(&aobj, &ptype, NULL, alg);
 	if ((nid = OBJ_obj2nid(aobj)) != NID_sm3) {
 		fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__,
@@ -348,15 +352,19 @@ x509_algor_set_md_test(void)
 	if (!X509_ALGOR_set0(alg, NULL, 0, NULL))
 		errx(1, "%s: X509_ALGOR_set0", __func__);
 
-	X509_ALGOR_set_md(alg, EVP_md5());
+	if (!X509_ALGOR_set_evp_md(alg, EVP_md5())) {
+		fprintf(stderr, "%s: X509_ALGOR_set_evp_md to md5 failed\n",
+		    __func__);
+		goto failure;
+	}
 	X509_ALGOR_get0(&aobj, &ptype, NULL, alg);
 	if ((nid = OBJ_obj2nid(aobj)) != NID_md5) {
-		fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__,
+		fprintf(stderr, "%s: md5 want %d, got %d\n", __func__,
 		    NID_sm3, nid);
 		goto failure;
 	}
 	if (ptype != V_ASN1_NULL) {
-		fprintf(stderr, "%s: sm3 want %d, got %d\n", __func__,
+		fprintf(stderr, "%s: md5 want %d, got %d\n", __func__,
 		    V_ASN1_NULL, ptype);
 		goto failure;
 	}
@@ -377,7 +385,7 @@ main(void)
 	failed |= x509_algor_new_test();
 	failed |= x509_algor_set0_test();
 	failed |= x509_algor_get0_test();
-	failed |= x509_algor_set_md_test();
+	failed |= x509_algor_set_evp_md_test();
 
 	return failed;
 }

regress/lib/libcrypto/dsa/dsatest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: dsatest.c,v 1.10 2023/11/19 13:11:05 tb Exp $	*/
+/*	$OpenBSD: dsatest.c,v 1.11 2024/02/29 20:04:43 tb Exp $	*/
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -196,7 +196,6 @@ end:
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_thread_state(NULL);
 	ERR_free_strings();
-	CRYPTO_mem_leaks(bio_err);
 	BIO_free(bio_err);
 	bio_err = NULL;
 

regress/lib/libcrypto/ec/ectest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ectest.c,v 1.22 2023/11/19 13:11:05 tb Exp $	*/
+/*	$OpenBSD: ectest.c,v 1.23 2024/02/29 20:04:43 tb Exp $	*/
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -769,7 +769,6 @@ main(int argc, char *argv[])
 	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
 	ERR_remove_thread_state(NULL);
-	CRYPTO_mem_leaks_fp(stderr);
 
 	return 0;
 }

regress/lib/libcrypto/evp/evp_pkey_cleanup.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: evp_pkey_cleanup.c,v 1.4 2024/01/15 15:09:57 tb Exp $ */
+/*	$OpenBSD: evp_pkey_cleanup.c,v 1.5 2024/02/29 20:02:00 tb Exp $ */
 
 /*
  * Copyright (c) 2022 Theo Buehler <tb@openbsd.org>
@@ -34,8 +34,6 @@ int pkey_ids[] = {
 	EVP_PKEY_DSA,
 	EVP_PKEY_EC,
 	EVP_PKEY_ED25519,
-	EVP_PKEY_GOSTIMIT,
-	EVP_PKEY_GOSTR01,
 	EVP_PKEY_HMAC,
 	EVP_PKEY_RSA,
 	EVP_PKEY_RSA_PSS,

regress/lib/libcrypto/evp/evp_test.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: evp_test.c,v 1.16 2024/01/21 19:08:59 tb Exp $ */
+/*	$OpenBSD: evp_test.c,v 1.17 2024/02/29 20:02:40 tb Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -734,10 +734,6 @@ obj_name_do_all_test(void)
 	OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_cb, &arg);
 	failure |= arg.failure;
 
-	memset(&arg, 0, sizeof(arg));
-	OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_cb, &arg);
-	failure |= arg.failure;
-
 	return failure;
 }
 

regress/lib/libcrypto/evp/evptest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: evptest.c,v 1.13 2023/11/19 13:11:06 tb Exp $	*/
+/*	$OpenBSD: evptest.c,v 1.14 2024/02/29 20:04:43 tb Exp $	*/
 /* Written by Ben Laurie, 2001 */
 /*
  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
@@ -441,7 +441,6 @@ main(int argc, char **argv)
 	CRYPTO_cleanup_all_ex_data();
 	ERR_remove_thread_state(NULL);
 	ERR_free_strings();
-	CRYPTO_mem_leaks_fp(stderr);
 
 	return 0;
 }

regress/lib/libcrypto/free/freenull.c.head

@@ -1,4 +1,4 @@
-/*	$OpenBSD: freenull.c.head,v 1.8 2023/11/20 01:20:19 tb Exp $	*/
+/*	$OpenBSD: freenull.c.head,v 1.9 2024/02/29 20:00:53 tb Exp $	*/
 
 #include <openssl/asn1.h>
 #include <openssl/cmac.h>
@@ -7,7 +7,9 @@
 #include <openssl/conf_api.h>
 #include <openssl/ct.h>
 #include <openssl/engine.h>
+#ifndef OPENSSL_NO_GOST
 #include <openssl/gost.h>
+#endif
 #include <openssl/hmac.h>
 #include <openssl/ocsp.h>
 #include <openssl/pkcs12.h>

regress/lib/libcrypto/gost/gost2814789t.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: gost2814789t.c,v 1.10 2023/11/19 13:11:06 tb Exp $	*/
+/*	$OpenBSD: gost2814789t.c,v 1.11 2024/02/29 20:06:24 tb Exp $	*/
 /* vim: set fileencoding=ascii : Charset: ASCII */
 /* test/gostr2814789t.c */
 /* ====================================================================
@@ -9,6 +9,7 @@
  * ====================================================================
  */
 #include <stdio.h>
+#include <openssl/opensslfeatures.h>
 
 #if defined(OPENSSL_NO_GOST)
 int main(int argc, char *argv[])

regress/lib/libssl/ciphers/cipherstest.c

@@ -129,61 +129,6 @@ cipher_find_test(void)
 	return (ret);
 }
 
-static int
-cipher_get_by_value_tests(void)
-{
-	STACK_OF(SSL_CIPHER) *ciphers;
-	const SSL_CIPHER *cipher;
-	SSL_CTX *ssl_ctx = NULL;
-	SSL *ssl = NULL;
-	unsigned long id;
-	uint16_t value;
-	int ret = 1;
-	int i;
-
-	if ((ssl_ctx = SSL_CTX_new(SSLv23_method())) == NULL) {
-		fprintf(stderr, "SSL_CTX_new() returned NULL\n");
-		goto failure;
-	}
-	if ((ssl = SSL_new(ssl_ctx)) == NULL) {
-		fprintf(stderr, "SSL_new() returned NULL\n");
-		goto failure;
-	}
-
-	if ((ciphers = SSL_get_ciphers(ssl)) == NULL) {
-		fprintf(stderr, "no ciphers\n");
-		goto failure;
-	}
-
-	for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-		cipher = sk_SSL_CIPHER_value(ciphers, i);
-
-		id = SSL_CIPHER_get_id(cipher);
-		if (SSL_CIPHER_get_by_id(id) == NULL) {
-			fprintf(stderr, "SSL_CIPHER_get_by_id() failed "
-			    "for %s (0x%lx)\n", SSL_CIPHER_get_name(cipher),
-			    id);
-			goto failure;
-		}
-
-		value = SSL_CIPHER_get_value(cipher);
-		if (SSL_CIPHER_get_by_value(value) == NULL) {
-			fprintf(stderr, "SSL_CIPHER_get_by_value() failed "
-			    "for %s (0x%04hx)\n", SSL_CIPHER_get_name(cipher),
-			    value);
-			goto failure;
-		}
-	}
-
-	ret = 0;
-
- failure:
-	SSL_CTX_free(ssl_ctx);
-	SSL_free(ssl);
-
-	return (ret);
-}
-
 struct parse_ciphersuites_test {
 	const char *str;
 	const int want;
@@ -522,7 +467,6 @@ main(int argc, char **argv)
 	failed |= check_cipher_order();
 
 	failed |= cipher_find_test();
-	failed |= cipher_get_by_value_tests();
 
 	failed |= parse_ciphersuites_test();
 	failed |= cipher_set_test();

regress/lib/libssl/exporter/exportertest.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: exportertest.c,v 1.3 2023/04/14 14:23:05 tb Exp $ */
+/* $OpenBSD: exportertest.c,v 1.4 2024/03/01 03:46:54 tb Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  *
@@ -534,6 +534,7 @@ exporter_test(size_t test_no, const struct exporter_test *et)
 	SSL_CTX *ssl_ctx = NULL;
 	SSL *ssl = NULL;
 	uint8_t export[256];
+	unsigned char id[2];
 	int err, ret;
 	int failed = 1;
 
@@ -602,7 +603,9 @@ exporter_test(size_t test_no, const struct exporter_test *et)
 
 	ssl->s3->hs.state = SSL_ST_OK;
 	ssl->s3->hs.negotiated_tls_version = et->tls_version;
-	ssl->s3->hs.cipher = SSL_CIPHER_get_by_id(et->cipher_id);
+	id[0] = (et->cipher_id >> 8) & 0xff;
+	id[1] = et->cipher_id & 0xff;
+	ssl->s3->hs.cipher = SSL_CIPHER_find(ssl, id);
 
 	ret = SSL_export_keying_material(ssl, export, et->export_len, et->label,
 	    et->label_len, et->context_value, et->context_value_len,

regress/lib/libssl/ssl/ssltest.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: ssltest.c,v 1.44 2023/11/19 13:12:06 tb Exp $ */
+/*	$OpenBSD: ssltest.c,v 1.45 2024/03/01 03:45:16 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -763,7 +763,6 @@ end:
 	ERR_free_strings();
 	ERR_remove_thread_state(NULL);
 	EVP_cleanup();
-	CRYPTO_mem_leaks(bio_err);
 	BIO_free(bio_err);
 
 	exit(ret);

regress/sys/kern/nanosleep/Makefile

@@ -1,7 +1,8 @@
-#	$OpenBSD: Makefile,v 1.4 2018/05/22 18:33:41 cheloha Exp $
+#	$OpenBSD: Makefile,v 1.5 2024/02/29 21:47:02 bluhm Exp $
 
 PROG=	nanosleep
 SRCS=	nanosleep.c
+WARNINGS=	yes
 
 trivial: nanosleep
 	./nanosleep -t

regress/sys/kern/nanosleep/nanosleep.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: nanosleep.c,v 1.8 2024/02/29 18:17:41 bluhm Exp $	*/
+/*	$OpenBSD: nanosleep.c,v 1.9 2024/02/29 21:47:02 bluhm Exp $	*/
 /*
  *	Written by Artur Grabowski <art@openbsd.org> 2002 Public Domain.
  */
@@ -50,6 +50,7 @@ main(int argc, char **argv)
 			break;
 		case 'S':
 			ret |= short_time();
+			break;
 		default:
 			fprintf(stderr, "Usage: nanosleep [-itseSE]\n");
 			exit(1);
@@ -67,14 +68,14 @@ sighandler(int signum)
 int
 trivial(void)
 {
-	struct timespec ts, rts;
+	struct timespec timeout, remainder;
 
-	ts.tv_sec = 0;
+	timeout.tv_sec = 0;
-	ts.tv_nsec = 30000000;
+	timeout.tv_nsec = 30000000;
-	rts.tv_sec = 4711;	/* Just add to the confusion */
+	remainder.tv_sec = 4711;	/* Just add to the confusion */
-	rts.tv_nsec = 4711;
+	remainder.tv_nsec = 4711;
-	if (nanosleep(&ts, &rts) < 0) {
+	if (nanosleep(&timeout, &remainder) < 0) {
-		warn("trivial: nanosleep");
+		warn("%s: nanosleep", __func__);
 		return 1;
 	}
 
@@ -83,9 +84,9 @@ trivial(void)
 	 * amount of time we want to sleep.
 	 * If we receive any signal, something is wrong anyway.
 	 */
-	if (rts.tv_sec != 0 || rts.tv_nsec != 0) {
+	if (remainder.tv_sec != 0 || remainder.tv_nsec != 0) {
-		warnx("trivial: non-zero time? %lld/%ld", (long long)rts.tv_sec,
+		warnx("%s: non-zero time: %lld.%09ld", __func__,
-		    rts.tv_nsec);
+		    (long long)remainder.tv_sec, remainder.tv_nsec);
 		return 1;
 	}
 
@@ -95,7 +96,7 @@ trivial(void)
 int
 with_signal(void)
 {
-	struct timespec ts, rts;
+	struct timespec timeout, remainder;
 	pid_t pid;
 	int status;
 
@@ -106,29 +107,34 @@ with_signal(void)
 	switch(fork()) {
 	case -1:
 		err(1, "fork");
-	default:
+	case 0:
-		ts.tv_sec = 1;
+		timeout.tv_sec = 1;
-		ts.tv_nsec = 0;
+		timeout.tv_nsec = 0;
-		nanosleep(&ts, NULL);
+		nanosleep(&timeout, NULL);
 		kill(pid, SIGUSR1);
-		exit(0);
+		_exit(0);
+	default:
+		break;
 	}
 
-	ts.tv_sec = 10;
+	timeout.tv_sec = 10;
-	ts.tv_nsec = 0;
+	timeout.tv_nsec = 0;
-	rts.tv_sec = 0;
+	remainder.tv_sec = 0;
-	rts.tv_nsec = 0;
+	remainder.tv_nsec = 0;
-	if (nanosleep(&ts, &rts) == 0) {
+	if (nanosleep(&timeout, &remainder) == 0) {
-		warnx("with-signal: nanosleep");
+		warnx("%s: nanosleep", __func__);
 		return 1;
 	}
-	if (rts.tv_sec == 0 && rts.tv_nsec == 0) {
+
-		warnx("with-signal: zero time");
+	if (remainder.tv_sec == 0 && remainder.tv_nsec == 0) {
+		warnx("%s: zero time", __func__);
 		return 1;
 	}
 
 	if (wait(&status) < 0)
 		err(1, "wait");
+	if (status != 0)
+		errx(1, "status");
 
 	return 0;
 }
@@ -136,31 +142,32 @@ with_signal(void)
 int
 time_elapsed(void)
 {
-	struct timespec ts;
+	struct timespec timeout;
-	struct timespec stv, etv;
+	struct timespec start, end, duration;
 
-	ts.tv_sec = 0;
+	timeout.tv_sec = 0;
-	ts.tv_nsec = 500000000;
+	timeout.tv_nsec = 500000000;
 
-	if (clock_gettime(CLOCK_MONOTONIC, &stv) < 0) {
+	if (clock_gettime(CLOCK_MONOTONIC, &start) < 0) {
-		warn("clock_gettime");
+		warn("%s: clock_gettime", __func__);
 		return 1;
 	}
 
-	if (nanosleep(&ts, NULL) < 0) {
+	if (nanosleep(&timeout, NULL) < 0) {
-		warn("nanosleep");
+		warn("%s: nanosleep", __func__);
 		return 1;
 	}
 
-	if (clock_gettime(CLOCK_MONOTONIC, &etv) < 0) {
+	if (clock_gettime(CLOCK_MONOTONIC, &end) < 0) {
-		warn("clock_gettime");
+		warn("%s: clock_gettime", __func__);
 		return 1;
 	}
 
-	timespecsub(&etv, &stv, &stv);
+	timespecsub(&end, &start, &duration);
 
-	if (stv.tv_sec == 0 && stv.tv_nsec < 500000000) {
+	if (duration.tv_sec == 0 && duration.tv_nsec < 500000000) {
-		warnx("slept less than 0.5 sec");
+		warnx("%s: slept less than 0.5 sec: %lld.%09ld", __func__,
+		    (long long)duration.tv_sec, duration.tv_nsec);
 		return 1;
 	}
 
@@ -170,8 +177,8 @@ time_elapsed(void)
 int
 time_elapsed_with_signal(void)
 {
-	struct timespec ts, rts;
+	struct timespec timeout, remainder;
-	struct timespec stv, etv;
+	struct timespec start, end, duration;
 	pid_t pid;
 	int status;
 
@@ -182,49 +189,52 @@ time_elapsed_with_signal(void)
 	switch(fork()) {
 	case -1:
 		err(1, "fork");
-	default:
+	case 0:
-		ts.tv_sec = 1;
+		timeout.tv_sec = 1;
-		ts.tv_nsec = 0;
+		timeout.tv_nsec = 0;
-		nanosleep(&ts, NULL);
+		nanosleep(&timeout, NULL);
 		kill(pid, SIGUSR1);
-		exit(0);
+		_exit(0);
+	default:
+		break;
 	}
 
-	ts.tv_sec = 10;
+	if (clock_gettime(CLOCK_MONOTONIC, &start) < 0) {
-	ts.tv_nsec = 0;
+		warn("%s: clock_gettime", __func__);
-	rts.tv_sec = 0;
-	rts.tv_nsec = 0;
-
-	if (clock_gettime(CLOCK_MONOTONIC, &stv) < 0) {
-		warn("clock_gettime");
 		return 1;
 	}
 
-	if (nanosleep(&ts, &rts) == 0) {
+	timeout.tv_sec = 10;
-		warnx("nanosleep");
+	timeout.tv_nsec = 0;
+	remainder.tv_sec = 0;
+	remainder.tv_nsec = 0;
+	if (nanosleep(&timeout, &remainder) == 0) {
+		warnx("%s: nanosleep", __func__);
 		return 1;
 	}
 
-	if (clock_gettime(CLOCK_MONOTONIC, &etv) < 0) {
+	if (clock_gettime(CLOCK_MONOTONIC, &end) < 0) {
-		warn("clock_gettime");
+		warn("%s: clock_gettime", __func__);
 		return 1;
 	}
 
-	timespecsub(&etv, &stv, &stv);
+	timespecsub(&end, &start, &duration);
+	timespecadd(&duration, &remainder, &timeout);
+	/* XXX remainder may be one tick too small */
+	remainder.tv_sec = 0;
+	remainder.tv_nsec = 10000000;
+	timespecadd(&timeout, &remainder, &timeout);
 
-	etv.tv_sec = rts.tv_sec;
+	if (timeout.tv_sec < 10) {
-	etv.tv_nsec = rts.tv_nsec;
+		warnx("%s: slept time + leftover time < 10 sec: %lld.%09ld",
-
+		    __func__, (long long)timeout.tv_sec, timeout.tv_nsec);
-	timespecadd(&etv, &stv, &stv);
-
-	if (stv.tv_sec < 10) {
-		warnx("slept time + leftover time < 10 sec");
 		return 1;
 	}
 
-
 	if (wait(&status) < 0)
 		err(1, "wait");
+	if (status != 0)
+		errx(1, "status");
 
 	return 0;
 }
@@ -232,7 +242,7 @@ time_elapsed_with_signal(void)
 int
 short_time(void)
 {
-	struct timespec ts, rts;
+	struct timespec timeout;
 	pid_t pid;
 	int status;
 
@@ -243,24 +253,28 @@ short_time(void)
 	switch(fork()) {
 	case -1:
 		err(1, "fork");
-	default:
+	case 0:
 		/* Sleep two seconds, then shoot parent. */
-		ts.tv_sec = 2;
+		timeout.tv_sec = 2;
-		ts.tv_nsec = 0;
+		timeout.tv_nsec = 0;
-		nanosleep(&ts, NULL);
+		nanosleep(&timeout, NULL);
 		kill(pid, SIGUSR1);
-		exit(0);
+		_exit(0);
+	default:
+		break;
 	}
 
-	ts.tv_sec = 0;
+	timeout.tv_sec = 0;
-	ts.tv_nsec = 1;
+	timeout.tv_nsec = 1;
-	if (nanosleep(&ts, NULL) <= 0) {
+	if (nanosleep(&timeout, NULL) < 0) {
-		warn("short_time: nanosleep");
+		warn("%s: nanosleep", __func__);
 		return 1;
 	}
 
 	if (wait(&status) < 0)
 		err(1, "wait");
+	if (status != 0)
+		errx(1, "status");
 
 	return 0;
 }
@@ -268,14 +282,14 @@ short_time(void)
 int
 invalid_time(void)
 {
-	struct timespec ts[3] = { {-1, 0}, {0, -1}, {0, 1000000000L} };
+	struct timespec timeout[3] = { {-1, 0}, {0, -1}, {0, 1000000000L} };
 	int i, status;
 
 	for (i = 0; i < 3; i++) {
-		status = nanosleep(&ts[i], NULL);
+		status = nanosleep(&timeout[i], NULL);
 		if (status != -1 || errno != EINVAL) {
-			warnx("invalid-time: nanosleep %lld %ld",
+			warnx("%s: nanosleep %lld %ld", __func__,
-			    (long long)ts[i].tv_sec, ts[i].tv_nsec);
+			    (long long)timeout[i].tv_sec, timeout[i].tv_nsec);
 			return 1;
 		}
 	}

sbin/fdisk/cmd.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cmd.c,v 1.179 2023/11/18 15:42:09 krw Exp $	*/
+/*	$OpenBSD: cmd.c,v 1.180 2024/03/01 17:48:03 krw Exp $	*/
 
 /*
  * Copyright (c) 1997 Tobias Weingartner
@@ -294,6 +294,7 @@ Xedit(const char *args, struct mbr *mbr)
 int
 gsetpid(const int pn)
 {
+	int32_t			 is_nil;
 	uint32_t		 status;
 
 	GPT_print_parthdr(TERSE);
@@ -305,8 +306,9 @@ gsetpid(const int pn)
 		return -1;
 	}
 
+	is_nil = uuid_is_nil(&gp[pn].gp_type, NULL);
 	gp[pn].gp_type = *ask_uuid(&gp[pn].gp_type);
-	if (PRT_protected_uuid(&gp[pn].gp_type)) {
+	if (PRT_protected_uuid(&gp[pn].gp_type) && is_nil == 0) {
 		printf("can't change partition type to %s\n",
 		    PRT_uuid_to_desc(&gp[pn].gp_type));
 		return -1;

sys/arch/arm64/arm64/cpu.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: cpu.c,v 1.106 2024/02/28 00:53:16 jsg Exp $	*/
+/*	$OpenBSD: cpu.c,v 1.107 2024/03/01 15:57:43 kettenis Exp $	*/
 
 /*
  * Copyright (c) 2016 Dale Rahn <drahn@dalerahn.com>
@@ -266,6 +266,13 @@ void	cpu_opp_kstat_attach(struct cpu_info *ci);
 void
 cpu_identify(struct cpu_info *ci)
 {
+	static uint64_t prev_id_aa64isar0;
+	static uint64_t prev_id_aa64isar1;
+	static uint64_t prev_id_aa64isar2;
+	static uint64_t prev_id_aa64mmfr0;
+	static uint64_t prev_id_aa64mmfr1;
+	static uint64_t prev_id_aa64pfr0;
+	static uint64_t prev_id_aa64pfr1;
 	uint64_t midr, impl, part;
 	uint64_t clidr, id;
 	uint32_t ctr, ccsidr, sets, ways, line;
@@ -482,6 +489,19 @@ cpu_identify(struct cpu_info *ci)
 	if (impl == CPU_IMPL_APPLE)
 		ci->ci_serror = cpu_serror_apple;
 
+	/*
+	 * Skip printing CPU features if they are identical to the
+	 * previous CPU.
+	 */
+	if (READ_SPECIALREG(id_aa64isar0_el1) == prev_id_aa64isar0 &&
+	    READ_SPECIALREG(id_aa64isar1_el1) == prev_id_aa64isar1 &&
+	    READ_SPECIALREG(id_aa64isar2_el1) == prev_id_aa64isar2 &&
+	    READ_SPECIALREG(id_aa64mmfr0_el1) == prev_id_aa64mmfr0 &&
+	    READ_SPECIALREG(id_aa64mmfr1_el1) == prev_id_aa64mmfr1 &&
+	    READ_SPECIALREG(id_aa64pfr0_el1) == prev_id_aa64pfr0 &&
+	    READ_SPECIALREG(id_aa64pfr1_el1) == prev_id_aa64pfr1)
+		return;
+
 	/*
 	 * Print CPU features encoded in the ID registers.
 	 */
@@ -787,6 +807,14 @@ cpu_identify(struct cpu_info *ci)
 		sep = ",";
 	}
 
+	prev_id_aa64isar0 = READ_SPECIALREG(id_aa64isar0_el1);
+	prev_id_aa64isar1 = READ_SPECIALREG(id_aa64isar1_el1);
+	prev_id_aa64isar2 = READ_SPECIALREG(id_aa64isar2_el1);
+	prev_id_aa64mmfr0 = READ_SPECIALREG(id_aa64mmfr0_el1);
+	prev_id_aa64mmfr1 = READ_SPECIALREG(id_aa64mmfr1_el1);
+	prev_id_aa64pfr0 = READ_SPECIALREG(id_aa64pfr0_el1);
+	prev_id_aa64pfr1 = READ_SPECIALREG(id_aa64pfr1_el1);
+
 #ifdef CPU_DEBUG
 	id = READ_SPECIALREG(id_aa64afr0_el1);
 	printf("\nID_AA64AFR0_EL1: 0x%016llx", id);

sys/dev/pci/drm/i915/i915_pci.c

@@ -771,6 +771,7 @@ static const struct intel_device_info xehpsdv_info = {
 
 static const struct intel_device_info dg2_info = {
 	DG2_FEATURES,
+	.require_force_probe = 1,
 };
 
 static const struct intel_device_info ats_m_info = {

sys/dev/pci/if_vmx.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vmx.c,v 1.81 2024/02/15 13:24:45 jan Exp $	*/
+/*	$OpenBSD: if_vmx.c,v 1.82 2024/02/29 22:09:33 jan Exp $	*/
 
 /*
  * Copyright (c) 2013 Tsubai Masanari
@@ -18,6 +18,7 @@
 
 #include "bpfilter.h"
 #include "kstat.h"
+#include "vlan.h"
 
 #include <sys/param.h>
 #include <sys/device.h>

sys/dev/pci/pcidevs

@@ -1,4 +1,4 @@
-$OpenBSD: pcidevs,v 1.2064 2024/02/29 10:09:54 jsg Exp $
+$OpenBSD: pcidevs,v 1.2065 2024/03/01 08:34:42 jsg Exp $
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
 
 /*
@@ -8537,6 +8537,7 @@ product QUMRANET VIO1_NET	0x1041	Virtio 1.x Network
 product QUMRANET VIO1_BLOCK	0x1042	Virtio 1.x Storage
 product QUMRANET VIO1_CONS	0x1043	Virtio 1.x Console
 product QUMRANET VIO1_RNG	0x1044	Virtio 1.x RNG
+product QUMRANET VIO1_MEM	0x1045	Virtio 1.x Memory Balloon
 product QUMRANET VIO1_SCSI	0x1048	Virtio 1.x SCSI
 product QUMRANET VIO1_GPU	0x1050	Virtio 1.x GPU
 product QUMRANET VIO1_INPUT	0x1052	Virtio 1.x Input
@@ -8702,6 +8703,10 @@ product REDHAT SERIAL2		0x0003	Qemu Serial 2x
 product REDHAT SERIAL4		0x0004	Qemu Serial 4x
 product REDHAT SDMMC		0x0007	SD/MMC
 product REDHAT HB		0x0008	Host
+product REDHAT PCIE		0x000c	PCIE
+product REDHAT XHCI		0x000d	xHCI
+product REDHAT PCI		0x000e	PCI
+product REDHAT NVME		0x0010	NVMe
 product REDHAT QXL		0x0100	QXL Video
 
 /* Rendition products */

sys/dev/pci/pcidevs.h

@@ -2,7 +2,7 @@
  * THIS FILE AUTOMATICALLY GENERATED.  DO NOT EDIT.
  *
  * generated from:
- *	OpenBSD: pcidevs,v 1.2064 2024/02/29 10:09:54 jsg Exp 
+ *	OpenBSD: pcidevs,v 1.2065 2024/03/01 08:34:42 jsg Exp 
  */
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
 
@@ -8542,6 +8542,7 @@
 #define	PCI_PRODUCT_QUMRANET_VIO1_BLOCK	0x1042		/* Virtio 1.x Storage */
 #define	PCI_PRODUCT_QUMRANET_VIO1_CONS	0x1043		/* Virtio 1.x Console */
 #define	PCI_PRODUCT_QUMRANET_VIO1_RNG	0x1044		/* Virtio 1.x RNG */
+#define	PCI_PRODUCT_QUMRANET_VIO1_MEM	0x1045		/* Virtio 1.x Memory Balloon */
 #define	PCI_PRODUCT_QUMRANET_VIO1_SCSI	0x1048		/* Virtio 1.x SCSI */
 #define	PCI_PRODUCT_QUMRANET_VIO1_GPU	0x1050		/* Virtio 1.x GPU */
 #define	PCI_PRODUCT_QUMRANET_VIO1_INPUT	0x1052		/* Virtio 1.x Input */
@@ -8707,6 +8708,10 @@
 #define	PCI_PRODUCT_REDHAT_SERIAL4	0x0004		/* Qemu Serial 4x */
 #define	PCI_PRODUCT_REDHAT_SDMMC	0x0007		/* SD/MMC */
 #define	PCI_PRODUCT_REDHAT_HB	0x0008		/* Host */
+#define	PCI_PRODUCT_REDHAT_PCIE	0x000c		/* PCIE */
+#define	PCI_PRODUCT_REDHAT_XHCI	0x000d		/* xHCI */
+#define	PCI_PRODUCT_REDHAT_PCI	0x000e		/* PCI */
+#define	PCI_PRODUCT_REDHAT_NVME	0x0010		/* NVMe */
 #define	PCI_PRODUCT_REDHAT_QXL	0x0100		/* QXL Video */
 
 /* Rendition products */

sys/dev/pci/pcidevs_data.h

@@ -2,7 +2,7 @@
  * THIS FILE AUTOMATICALLY GENERATED.  DO NOT EDIT.
  *
  * generated from:
- *	OpenBSD: pcidevs,v 1.2064 2024/02/29 10:09:54 jsg Exp 
+ *	OpenBSD: pcidevs,v 1.2065 2024/03/01 08:34:42 jsg Exp 
  */
 
 /*	$NetBSD: pcidevs,v 1.30 1997/06/24 06:20:24 thorpej Exp $	*/
@@ -30763,6 +30763,10 @@ static const struct pci_known_product pci_known_products[] = {
 	    PCI_VENDOR_QUMRANET, PCI_PRODUCT_QUMRANET_VIO1_RNG,
 	    "Virtio 1.x RNG",
 	},
+	{
+	    PCI_VENDOR_QUMRANET, PCI_PRODUCT_QUMRANET_VIO1_MEM,
+	    "Virtio 1.x Memory Balloon",
+	},
 	{
 	    PCI_VENDOR_QUMRANET, PCI_PRODUCT_QUMRANET_VIO1_SCSI,
 	    "Virtio 1.x SCSI",
@@ -31383,6 +31387,22 @@ static const struct pci_known_product pci_known_products[] = {
 	    PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_HB,
 	    "Host",
 	},
+	{
+	    PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_PCIE,
+	    "PCIE",
+	},
+	{
+	    PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_XHCI,
+	    "xHCI",
+	},
+	{
+	    PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_PCI,
+	    "PCI",
+	},
+	{
+	    PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_NVME,
+	    "NVMe",
+	},
 	{
 	    PCI_VENDOR_REDHAT, PCI_PRODUCT_REDHAT_QXL,
 	    "QXL Video",

sys/kern/uipc_syscalls.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: uipc_syscalls.c,v 1.217 2024/02/03 22:50:09 mvs Exp $	*/
+/*	$OpenBSD: uipc_syscalls.c,v 1.218 2024/03/01 14:15:01 bluhm Exp $	*/
 /*	$NetBSD: uipc_syscalls.c,v 1.19 1996/02/09 19:00:48 christos Exp $	*/
 
 /*
@@ -1560,12 +1560,12 @@ sys_ypconnect(struct proc *p, void *v, register_t *retval)
 
 	if (p->p_p->ps_flags & PS_CHROOT)
 		return EACCES;
+	KERNEL_LOCK();
 	name = pool_get(&namei_pool, PR_WAITOK);
 	snprintf(name, MAXPATHLEN, "/var/yp/binding/%s.2", domainname);
 	NDINIT(&nid, 0, NOFOLLOW|LOCKLEAF|KERNELPATH, UIO_SYSSPACE, name, p);
 	nid.ni_pledge = PLEDGE_RPATH;
 
-	KERNEL_LOCK();
 	error = namei(&nid);
 	pool_put(&namei_pool, name);
 	if (error)

usr.sbin/bgpd/version.h

@@ -1,3 +1,3 @@
-/* $OpenBSD: version.h,v 1.14 2023/10/11 06:30:10 claudio Exp $ */
+/* $OpenBSD: version.h,v 1.15 2024/03/01 16:23:37 claudio Exp $ */
 
-#define BGPD_VERSION	"8.3"
+#define BGPD_VERSION	"8.4"

usr.sbin/rpki-client/main.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: main.c,v 1.252 2024/02/26 15:40:33 job Exp $ */
+/*	$OpenBSD: main.c,v 1.254 2024/03/01 09:36:55 job Exp $ */
 /*
  * Copyright (c) 2021 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -72,6 +72,7 @@ int	filemode;
 int	shortlistmode;
 int	rrdpon = 1;
 int	repo_timeout;
+int	experimental;
 time_t	deadline;
 
 /* 9999-12-31 23:59:59 UTC */
@@ -671,6 +672,7 @@ entity_process(struct ibuf *b, struct stats *st, struct vrp_tree *tree,
 	case RTYPE_SPL:
 		io_read_buf(b, &c, sizeof(c));
 		if (c == 0) {
+			if (experimental)
 				repo_stat_inc(rp, talid, type, STYPE_FAIL);
 			break;
 		}
@@ -896,8 +898,8 @@ static void
 check_fs_size(int fd, const char *cachedir)
 {
 	struct statvfs		fs;
-	const long long	minsize = 500 * 1024 * 1024;
+	unsigned long long	minsize = 500 * 1024 * 1024;
-	const long long	minnode = 300 * 1000;
+	unsigned long long	minnode = 300 * 1000;
 
 	if (fstatvfs(fd, &fs) == -1)
 		err(1, "statfs %s", cachedir);
@@ -907,13 +909,13 @@ check_fs_size(int fd, const char *cachedir)
 		fprintf(stderr, "WARNING: rpki-client may need more than "
 		    "the available disk space\n"
 		    "on the file-system holding %s.\n", cachedir);
-		fprintf(stderr, "available space: %lldkB, "
+		fprintf(stderr, "available space: %llukB, "
-		    "suggested minimum %lldkB\n",
+		    "suggested minimum %llukB\n",
-		    (long long)fs.f_bavail * fs.f_frsize / 1024,
+		    (unsigned long long)fs.f_bavail * fs.f_frsize / 1024,
 		    minsize / 1024);
-		fprintf(stderr, "available inodes %lld, "
+		fprintf(stderr, "available inodes: %llu, "
-		    "suggested minimum %lld\n\n",
+		    "suggested minimum: %llu\n\n",
-		    (long long)fs.f_favail, minnode);
+		    (unsigned long long)fs.f_favail, minnode);
 		fflush(stderr);
 	}
 }
@@ -998,7 +1000,7 @@ main(int argc, char *argv[])
 	    "proc exec unveil", NULL) == -1)
 		err(1, "pledge");
 
-	while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:rRs:S:t:T:vV")) != -1)
+	while ((c = getopt(argc, argv, "Ab:Bcd:e:fH:jmnoP:rRs:S:t:T:vVx")) != -1)
 		switch (c) {
 		case 'A':
 			excludeaspa = 1;
@@ -1076,6 +1078,9 @@ main(int argc, char *argv[])
 		case 'V':
 			fprintf(stderr, "rpki-client %s\n", RPKI_VERSION);
 			return 0;
+		case 'x':
+			experimental = 1;
+			break;
 		default:
 			goto usage;
 		}
@@ -1509,7 +1514,7 @@ main(int argc, char *argv[])
 
 usage:
 	fprintf(stderr,
-	    "usage: rpki-client [-ABcjmnoRrVv] [-b sourceaddr] [-d cachedir]"
+	    "usage: rpki-client [-ABcjmnoRrVvx] [-b sourceaddr] [-d cachedir]"
 	    " [-e rsync_prog]\n"
 	    "                   [-H fqdn] [-P epoch] [-S skiplist] [-s timeout]"
 	    " [-T table]\n"

usr.sbin/rpki-client/output-json.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: output-json.c,v 1.44 2024/02/26 15:40:33 job Exp $ */
+/*	$OpenBSD: output-json.c,v 1.46 2024/03/01 08:10:09 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  *
@@ -23,6 +23,8 @@
 #include "extern.h"
 #include "json.h"
 
+extern int experimental;
+
 static void
 outputheader_json(struct stats *st)
 {
@@ -113,6 +115,31 @@ output_aspa(struct vap_tree *vaps)
 	json_do_end();
 }
 
+static void
+output_spl(struct vsp_tree *vsps)
+{
+	struct vsp	*vsp;
+	char		 buf[64];
+	size_t		 i;
+
+	json_do_array("signedprefixlists");
+	RB_FOREACH(vsp, vsp_tree, vsps) {
+		json_do_object("vsp", 1);
+		json_do_int("origin_as", vsp->asid);
+		json_do_array("prefixes");
+		for (i = 0; i < vsp->prefixesz; i++) {
+			ip_addr_print(&vsp->prefixes[i].prefix,
+			    vsp->prefixes[i].afi, buf, sizeof(buf));
+			json_do_string("prefix", buf);
+		}
+		json_do_end();
+		json_do_int("expires", vsp->expires);
+		json_do_string("ta", taldescs[vsp->talid]);
+		json_do_end();
+	}
+	json_do_end();
+}
+
 int
 output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks,
     struct vap_tree *vaps, struct vsp_tree *vsps, struct stats *st)
@@ -120,8 +147,6 @@ output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks,
 	char		 buf[64];
 	struct vrp	*v;
 	struct brk	*b;
-	struct vsp	*vsp;
-	size_t		 i;
 
 	json_do_start(out);
 	outputheader_json(st);
@@ -155,22 +180,8 @@ output_json(FILE *out, struct vrp_tree *vrps, struct brk_tree *brks,
 	if (!excludeaspa)
 		output_aspa(vaps);
 
-	json_do_array("signedprefixlists");
+	if (experimental)
-	RB_FOREACH(vsp, vsp_tree, vsps) {
+		output_spl(vsps);
-		json_do_object("vsp", 1);
-		json_do_int("origin_as", vsp->asid);
-		json_do_array("prefixes");
-		for (i = 0; i < vsp->prefixesz; i++) {
-			ip_addr_print(&vsp->prefixes[i].prefix,
-			    vsp->prefixes[i].afi, buf, sizeof(buf));
-			json_do_string("prefix", buf);
-		}
-		json_do_end();
-		json_do_int("expires", vsp->expires);
-		json_do_string("ta", taldescs[vsp->talid]);
-		json_do_end();
-	}
-	json_do_end();
 
 	return json_do_finish();
 }

usr.sbin/rpki-client/parser.c

@@ -1,4 +1,4 @@
-/*	$OpenBSD: parser.c,v 1.129 2024/02/22 12:49:42 job Exp $ */
+/*	$OpenBSD: parser.c,v 1.130 2024/03/01 08:10:09 tb Exp $ */
 /*
  * Copyright (c) 2019 Claudio Jeker <claudio@openbsd.org>
  * Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
@@ -39,6 +39,8 @@
 #include "extern.h"
 
 extern int noop;
+extern int experimental;
+extern int verbose;
 
 static X509_STORE_CTX	*ctx;
 static struct auth_tree	 auths = RB_INITIALIZER(&auths);
@@ -861,9 +863,15 @@ parse_entity(struct entityq *q, struct msgbuf *msgq)
 		case RTYPE_SPL:
 			file = parse_load_file(entp, &f, &flen);
 			io_str_buffer(b, file);
+			if (experimental) {
 				spl = proc_parser_spl(file, f, flen, entp);
 				if (spl != NULL)
 					mtime = spl->signtime;
+			} else {
+				if (verbose > 0)
+					warnx("%s: skipped", file);
+				spl = NULL;
+			}
 			io_simple_buffer(b, &mtime, sizeof(mtime));
 			c = (spl != NULL);
 			io_simple_buffer(b, &c, sizeof(int));

usr.sbin/rpki-client/rpki-client.8

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rpki-client.8,v 1.102 2024/02/22 17:54:08 tb Exp $
+.\"	$OpenBSD: rpki-client.8,v 1.103 2024/03/01 08:10:09 tb Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: February 22 2024 $
+.Dd $Mdocdate: March 1 2024 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -22,7 +22,7 @@
 .Nd RPKI validator to support BGP routing security
 .Sh SYNOPSIS
 .Nm
-.Op Fl ABcjmnoRrVv
+.Op Fl ABcjmnoRrVvx
 .Op Fl b Ar sourceaddr
 .Op Fl d Ar cachedir
 .Op Fl e Ar rsync_prog
@@ -231,6 +231,10 @@ If
 .Fl f
 is given, specify once to print more information about the encapsulated X.509
 certificate, twice to print the certificate in PEM format.
+.It Fl x
+Enable processing of experimental file formats.
+This option is implied by
+.Fl f .
 .It Ar outputdir
 The directory where
 .Nm

usr.sbin/rpki-client/version.h

@@ -1,3 +1,3 @@
-/* $OpenBSD: version.h,v 1.21 2024/02/09 13:49:41 job Exp $ */
+/* $OpenBSD: version.h,v 1.22 2024/03/01 16:27:34 tb Exp $ */
 
-#define RPKI_VERSION	"8.9"
+#define RPKI_VERSION	"9.0"