From e2abcdca396661cbe0ae2ddb13d5c2b85682c13a Mon Sep 17 00:00:00 2001
From: Cem Keylan <cem@ckyln.com>
Date: Fri, 16 Oct 2020 17:41:25 +0300
Subject: initial commit
---
patches/0001-fts-Avoid-d_namlen.patch | 49 +++
patches/0002-fts-Add-some-includes.patch | 46 +++
patches/0003-pax-Set-listf-to-stderr-in-main.patch | 34 ++
patches/0004-pax-Add-some-includes.patch | 86 ++++
patches/0005-tar-Default-to-stdin.patch | 25 ++
patches/0006-yacc-Add-some-includes.patch | 24 ++
patches/0007-diff-Add-missing-includes.patch | 37 ++
patches/0008-patch-Add-missing-includes.patch | 24 ++
patches/0009-patch-Avoid-d_namlen.patch | 25 ++
...10-patch-Fix-with-musl-s-basename-dirname.patch | 46 +++
...ix-GNU-long-name-handling-with-short-read.patch | 176 +++++++++
...12-pax-Support-xz-compression-with-J-flag.patch | 90 +++++
...ogname-Explicitly-discard-const-qualifier.patch | 23 ++
...ase-Support-systems-without-VSTATUS-and-T.patch | 38 ++
patches/0015-Remove-getpass-definition.patch | 36 ++
patches/0016-doas-Port-to-linux-musl.patch | 435 +++++++++++++++++++++
...0017-pwcache-Don-t-use-fixed-buffer-sizes.patch | 92 +++++
patches/0018-yacc-Remove-__unused.patch | 27 ++
patches/0019-Add-standalone-freezero.patch | 51 +++
...-written-lexer-to-avoid-cycle-in-bootstra.patch | 327 ++++++++++++++++
.../0021-m4-Use-_Noreturn-instead-of-__dead.patch | 25 ++
patches/0022-m4-Add-missing-includes.patch | 50 +++
patches/0023-libutil-Add-missing-includes.patch | 24 ++
.../0024-acme-client-Add-missing-includes.patch | 25 ++
patches/0025-rsync-Add-missing-includes.patch | 40 ++
...c-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch | 34 ++
...-Use-1-instead-of-INFTIM-for-poll-timeout.patch | 25 ++
...28-rsync-Avoid-pointer-arithmetic-on-void.patch | 148 +++++++
...0029-Include-sys-sysmacros.h-if-necessary.patch | 73 ++++
...-Portability-fixes-from-libressl-portable.patch | 194 +++++++++
.../0031-pax-Ignore-EOPNOTSUPP-from-fchmodat.patch | 26 ++
...-client-Fix-build-with-old-bison-versions.patch | 24 ++
patches/0033-rsync-Add-implementation-of-MD4.patch | 414 ++++++++++++++++++++
...-pax-Fix-some-incorrect-format-specifiers.patch | 48 +++
...cpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch | 27 ++
...sync-Fix-some-incorrect-format-specifiers.patch | 25 ++
...37-m4-Declare-dopaste-only-when-it-s-used.patch | 26 ++
patches/0038-sha2-add-missing-include.patch | 11 +
patches/0039-bcrypt-add-cdefs.patch | 10 +
patches/0040-mandoc-port-to-musl.patch | 159 ++++++++
patches/0041-pidfile-add-cdefs.patch | 10 +
patches/0042-doas-define-gnu-source.patch | 13 +
patches/0043-signify-add-headers.patch | 34 ++
patches/0044-fix-hash-objects.patch | 40 ++
patches/0045-md5-add-headers.patch | 19 +
45 files changed, 3215 insertions(+)
create mode 100644 patches/0001-fts-Avoid-d_namlen.patch
create mode 100644 patches/0002-fts-Add-some-includes.patch
create mode 100644 patches/0003-pax-Set-listf-to-stderr-in-main.patch
create mode 100644 patches/0004-pax-Add-some-includes.patch
create mode 100644 patches/0005-tar-Default-to-stdin.patch
create mode 100644 patches/0006-yacc-Add-some-includes.patch
create mode 100644 patches/0007-diff-Add-missing-includes.patch
create mode 100644 patches/0008-patch-Add-missing-includes.patch
create mode 100644 patches/0009-patch-Avoid-d_namlen.patch
create mode 100644 patches/0010-patch-Fix-with-musl-s-basename-dirname.patch
create mode 100644 patches/0011-pax-Fix-GNU-long-name-handling-with-short-read.patch
create mode 100644 patches/0012-pax-Support-xz-compression-with-J-flag.patch
create mode 100644 patches/0013-setprogname-Explicitly-discard-const-qualifier.patch
create mode 100644 patches/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch
create mode 100644 patches/0015-Remove-getpass-definition.patch
create mode 100644 patches/0016-doas-Port-to-linux-musl.patch
create mode 100644 patches/0017-pwcache-Don-t-use-fixed-buffer-sizes.patch
create mode 100644 patches/0018-yacc-Remove-__unused.patch
create mode 100644 patches/0019-Add-standalone-freezero.patch
create mode 100644 patches/0020-m4-Use-hand-written-lexer-to-avoid-cycle-in-bootstra.patch
create mode 100644 patches/0021-m4-Use-_Noreturn-instead-of-__dead.patch
create mode 100644 patches/0022-m4-Add-missing-includes.patch
create mode 100644 patches/0023-libutil-Add-missing-includes.patch
create mode 100644 patches/0024-acme-client-Add-missing-includes.patch
create mode 100644 patches/0025-rsync-Add-missing-includes.patch
create mode 100644 patches/0026-rsync-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch
create mode 100644 patches/0027-rsync-Use-1-instead-of-INFTIM-for-poll-timeout.patch
create mode 100644 patches/0028-rsync-Avoid-pointer-arithmetic-on-void.patch
create mode 100644 patches/0029-Include-sys-sysmacros.h-if-necessary.patch
create mode 100644 patches/0030-nc-Portability-fixes-from-libressl-portable.patch
create mode 100644 patches/0031-pax-Ignore-EOPNOTSUPP-from-fchmodat.patch
create mode 100644 patches/0032-acme-client-Fix-build-with-old-bison-versions.patch
create mode 100644 patches/0033-rsync-Add-implementation-of-MD4.patch
create mode 100644 patches/0034-pax-Fix-some-incorrect-format-specifiers.patch
create mode 100644 patches/0035-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch
create mode 100644 patches/0036-rsync-Fix-some-incorrect-format-specifiers.patch
create mode 100644 patches/0037-m4-Declare-dopaste-only-when-it-s-used.patch
create mode 100644 patches/0038-sha2-add-missing-include.patch
create mode 100644 patches/0039-bcrypt-add-cdefs.patch
create mode 100644 patches/0040-mandoc-port-to-musl.patch
create mode 100644 patches/0041-pidfile-add-cdefs.patch
create mode 100644 patches/0042-doas-define-gnu-source.patch
create mode 100644 patches/0043-signify-add-headers.patch
create mode 100644 patches/0044-fix-hash-objects.patch
create mode 100644 patches/0045-md5-add-headers.patch
(limited to 'patches')
diff --git a/patches/0001-fts-Avoid-d_namlen.patch b/patches/0001-fts-Avoid-d_namlen.patch
new file mode 100644
index 0000000..acf95b9
--- /dev/null
+++ b/patches/0001-fts-Avoid-d_namlen.patch
@@ -0,0 +1,49 @@
+From b546a0ae0beb2323143aed00d05e2fdf4fef5239 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 17 Apr 2016 23:50:15 -0700
+Subject: [PATCH] fts: Avoid d_namlen
+
+---
+ lib/libc/gen/fts.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/lib/libc/gen/fts.c b/lib/libc/gen/fts.c
+index 98b3a0a39..c186b7af2 100644
+--- a/lib/libc/gen/fts.c
++++ b/lib/libc/gen/fts.c
+@@ -555,6 +555,7 @@ fts_build(FTS *sp, int type)
+ int nitems, cderrno, descend, level, nlinks, nostat, doadjust;
+ int saved_errno;
+ char *cp;
++ size_t namlen;
+
+ /* Set current node pointer. */
+ cur = sp->fts_cur;
+@@ -653,11 +654,12 @@ fts_build(FTS *sp, int type)
+ if (!ISSET(FTS_SEEDOT) && ISDOT(dp->d_name))
+ continue;
+
+- if (!(p = fts_alloc(sp, dp->d_name, dp->d_namlen)))
++ namlen = strlen(dp->d_name);
++ if (!(p = fts_alloc(sp, dp->d_name, namlen)))
+ goto mem1;
+- if (dp->d_namlen >= maxlen) { /* include space for NUL */
++ if (namlen >= maxlen) { /* include space for NUL */
+ oldaddr = sp->fts_path;
+- if (fts_palloc(sp, dp->d_namlen +len + 1)) {
++ if (fts_palloc(sp, namlen +len + 1)) {
+ /*
+ * No more memory for path or structures. Save
+ * errno, free up the current structure and the
+@@ -683,7 +685,7 @@ mem1: saved_errno = errno;
+
+ p->fts_level = level;
+ p->fts_parent = sp->fts_cur;
+- p->fts_pathlen = len + dp->d_namlen;
++ p->fts_pathlen = len + namlen;
+ if (p->fts_pathlen < len) {
+ /*
+ * If we wrap, free up the current structure and
+--
+2.12.2
+
diff --git a/patches/0002-fts-Add-some-includes.patch b/patches/0002-fts-Add-some-includes.patch
new file mode 100644
index 0000000..81a3eeb
--- /dev/null
+++ b/patches/0002-fts-Add-some-includes.patch
@@ -0,0 +1,46 @@
+From e73065515ec3b6c03e45ee7c8c10543ff44a407c Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 18 Apr 2016 01:25:29 -0700
+Subject: [PATCH] fts: Add some includes
+
+---
+ include/fts.h | 2 ++
+ lib/libc/gen/fts.c | 2 ++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/include/fts.h b/include/fts.h
+index eaf6be07c..a5b3aff91 100644
+--- a/include/fts.h
++++ b/include/fts.h
+@@ -35,6 +35,8 @@
+ #ifndef _FTS_H_
+ #define _FTS_H_
+
++#include <sys/cdefs.h>
++
+ typedef struct {
+ struct _ftsent *fts_cur; /* current node */
+ struct _ftsent *fts_child; /* linked list of children */
+diff --git a/lib/libc/gen/fts.c b/lib/libc/gen/fts.c
+index c186b7af2..f41254c71 100644
+--- a/lib/libc/gen/fts.c
++++ b/lib/libc/gen/fts.c
+@@ -31,6 +31,7 @@
+
+ #include <sys/param.h> /* ALIGN */
+ #include <sys/stat.h>
++#include <sys/types.h>
+
+ #include <dirent.h>
+ #include <errno.h>
+@@ -39,6 +40,7 @@
+ #include <limits.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <time.h>
+ #include <unistd.h>
+
+ #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
+--
+2.12.2
+
diff --git a/patches/0003-pax-Set-listf-to-stderr-in-main.patch b/patches/0003-pax-Set-listf-to-stderr-in-main.patch
new file mode 100644
index 0000000..7a8ec25
--- /dev/null
+++ b/patches/0003-pax-Set-listf-to-stderr-in-main.patch
@@ -0,0 +1,34 @@
+From e2ca2e2a530e61e8af65dca829aa1fcad5c59a7d Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 18 Apr 2016 00:13:51 -0700
+Subject: [PATCH] pax: Set listf to stderr in main
+
+---
+ bin/pax/pax.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/bin/pax/pax.c b/bin/pax/pax.c
+index f6b3634369a..3d50e051075 100644
+--- a/bin/pax/pax.c
++++ b/bin/pax/pax.c
+@@ -93,7 +93,7 @@ char *dirptr; /* destination dir in a copy */
+ char *argv0; /* root of argv[0] */
+ enum op_mode op_mode; /* what program are we acting as? */
+ sigset_t s_mask; /* signal mask for cleanup critical sect */
+-FILE *listf = stderr; /* file pointer to print file list to */
++FILE *listf; /* file pointer to print file list to */
+ int listfd = STDERR_FILENO; /* fd matching listf, for sighandler output */
+ char *tempfile; /* tempfile to use for mkstemp(3) */
+ char *tempbase; /* basename of tempfile to use for mkstemp(3) */
+@@ -224,6 +224,8 @@ main(int argc, char **argv)
+ char *tmpdir;
+ size_t tdlen;
+
++ listf = stderr;
++
+ /*
+ * Keep a reference to cwd, so we can always come back home.
+ */
+--
+2.19.0
+
diff --git a/patches/0004-pax-Add-some-includes.patch b/patches/0004-pax-Add-some-includes.patch
new file mode 100644
index 0000000..cc029d5
--- /dev/null
+++ b/patches/0004-pax-Add-some-includes.patch
@@ -0,0 +1,86 @@
+From fbf6dc8783f31408cc090cf42cf92008d4f2a455 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 18 Apr 2016 01:27:29 -0700
+Subject: [PATCH] pax: Add some includes
+
+---
+ bin/pax/ar_subs.c | 3 ++-
+ bin/pax/buf_subs.c | 1 +
+ bin/pax/file_subs.c | 2 ++
+ bin/pax/sel_subs.c | 1 +
+ bin/pax/tables.c | 1 +
+ 5 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/bin/pax/ar_subs.c b/bin/pax/ar_subs.c
+index 51dd6e085..f70ec4ed0 100644
+--- a/bin/pax/ar_subs.c
++++ b/bin/pax/ar_subs.c
+@@ -36,14 +36,15 @@
+
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/time.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <signal.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ #include <string.h>
+ #include <time.h>
+ #include <unistd.h>
+-
+ #include "pax.h"
+ #include "extern.h"
+
+diff --git a/bin/pax/buf_subs.c b/bin/pax/buf_subs.c
+index 41f06ae31..30be3dc46 100644
+--- a/bin/pax/buf_subs.c
++++ b/bin/pax/buf_subs.c
+@@ -36,6 +36,7 @@
+
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/time.h>
+ #include <stdio.h>
+ #include <errno.h>
+ #include <unistd.h>
+diff --git a/bin/pax/file_subs.c b/bin/pax/file_subs.c
+index 9f834bf17..57ebdb490 100644
+--- a/bin/pax/file_subs.c
++++ b/bin/pax/file_subs.c
+@@ -35,6 +35,8 @@
+ */
+
+ #include <sys/stat.h>
++#include <sys/time.h>
++#include <sys/types.h>
+ #include <err.h>
+ #include <errno.h>
+ #include <fcntl.h>
+diff --git a/bin/pax/sel_subs.c b/bin/pax/sel_subs.c
+index 17200b5a4..136f87c5d 100644
+--- a/bin/pax/sel_subs.c
++++ b/bin/pax/sel_subs.c
+@@ -43,6 +43,7 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <time.h>
++#include <unistd.h>
+
+ #include "pax.h"
+ #include "extern.h"
+diff --git a/bin/pax/tables.c b/bin/pax/tables.c
+index b700f1649..99790f986 100644
+--- a/bin/pax/tables.c
++++ b/bin/pax/tables.c
+@@ -36,6 +36,7 @@
+
+ #include <sys/types.h>
+ #include <sys/stat.h>
++#include <sys/time.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <limits.h>
+--
+2.12.2
+
diff --git a/patches/0005-tar-Default-to-stdin.patch b/patches/0005-tar-Default-to-stdin.patch
new file mode 100644
index 0000000..6c4e946
--- /dev/null
+++ b/patches/0005-tar-Default-to-stdin.patch
@@ -0,0 +1,25 @@
+From 901940cdf7fc13516ff55e81df0b546eb7c74595 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 18 Apr 2016 01:16:12 -0700
+Subject: [PATCH] tar: Default to stdin
+
+---
+ bin/pax/options.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/pax/options.c b/bin/pax/options.c
+index 5db0948858c..dbb4b816c37 100644
+--- a/bin/pax/options.c
++++ b/bin/pax/options.c
+@@ -937,7 +937,7 @@ tar_options(int argc, char **argv)
+ if ((arcname == NULL) || (*arcname == '\0')) {
+ arcname = getenv("TAPE");
+ if ((arcname == NULL) || (*arcname == '\0'))
+- arcname = _PATH_DEFTAPE;
++ arcname = "-";
+ }
+ if ((arcname[0] == '-') && (arcname[1]== '\0'))
+ arcname = NULL;
+--
+2.25.0
+
diff --git a/patches/0006-yacc-Add-some-includes.patch b/patches/0006-yacc-Add-some-includes.patch
new file mode 100644
index 0000000..d449874
--- /dev/null
+++ b/patches/0006-yacc-Add-some-includes.patch
@@ -0,0 +1,24 @@
+From f926c3a15c772a7d54561e01682dea486c2a2833 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 18 Apr 2016 17:34:01 -0700
+Subject: [PATCH] yacc: Add some includes
+
+---
+ usr.bin/yacc/defs.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/usr.bin/yacc/defs.h b/usr.bin/yacc/defs.h
+index 7300caec2..fab6e1266 100644
+--- a/usr.bin/yacc/defs.h
++++ b/usr.bin/yacc/defs.h
+@@ -35,6 +35,7 @@
+ * @(#)defs.h 5.6 (Berkeley) 5/24/93
+ */
+
++#include <sys/cdefs.h>
+ #include <assert.h>
+ #include <ctype.h>
+ #include <stdio.h>
+--
+2.12.2
+
diff --git a/patches/0007-diff-Add-missing-includes.patch b/patches/0007-diff-Add-missing-includes.patch
new file mode 100644
index 0000000..643a6da
--- /dev/null
+++ b/patches/0007-diff-Add-missing-includes.patch
@@ -0,0 +1,37 @@
+From 7ce395bfbff36cf0020d0a425ff3053fcf2eaa3d Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 4 Jun 2016 14:48:20 -0700
+Subject: [PATCH] diff: Add missing includes
+
+---
+ usr.bin/diff/diff.c | 1 +
+ usr.bin/diff/diffreg.c | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/usr.bin/diff/diff.c b/usr.bin/diff/diff.c
+index 2b075f12c..80c7f842e 100644
+--- a/usr.bin/diff/diff.c
++++ b/usr.bin/diff/diff.c
+@@ -20,6 +20,7 @@
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/stat.h>
+
+ #include <ctype.h>
+diff --git a/usr.bin/diff/diffreg.c b/usr.bin/diff/diffreg.c
+index 35d61c349..953018cf5 100644
+--- a/usr.bin/diff/diffreg.c
++++ b/usr.bin/diff/diffreg.c
+@@ -77,6 +77,7 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
++#include <time.h>
+ #include <unistd.h>
+ #include <limits.h>
+
+--
+2.12.2
+
diff --git a/patches/0008-patch-Add-missing-includes.patch b/patches/0008-patch-Add-missing-includes.patch
new file mode 100644
index 0000000..ec6f2d9
--- /dev/null
+++ b/patches/0008-patch-Add-missing-includes.patch
@@ -0,0 +1,24 @@
+From 299d570c708b33349131b8ca925c3e9bb733db84 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 4 Jun 2016 18:40:24 -0700
+Subject: [PATCH] patch: Add missing includes
+
+---
+ usr.bin/patch/patch.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/usr.bin/patch/patch.c b/usr.bin/patch/patch.c
+index 0cb924db733..17b3aa4e23a 100644
+--- a/usr.bin/patch/patch.c
++++ b/usr.bin/patch/patch.c
+@@ -26,6 +26,7 @@
+ * behaviour
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
+--
+2.19.0
+
diff --git a/patches/0009-patch-Avoid-d_namlen.patch b/patches/0009-patch-Avoid-d_namlen.patch
new file mode 100644
index 0000000..33d744a
--- /dev/null
+++ b/patches/0009-patch-Avoid-d_namlen.patch
@@ -0,0 +1,25 @@
+From 91483dfca3aa6373451120db45c60198faa0766e Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 4 Jun 2016 18:40:37 -0700
+Subject: [PATCH] patch: Avoid d_namlen
+
+---
+ usr.bin/patch/backupfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr.bin/patch/backupfile.c b/usr.bin/patch/backupfile.c
+index d9e40bcba..1d7858ae3 100644
+--- a/usr.bin/patch/backupfile.c
++++ b/usr.bin/patch/backupfile.c
+@@ -95,7 +95,7 @@ max_backup_version(const char *file, const char *dir)
+ file_name_length = strlen(file);
+
+ while ((dp = readdir(dirp)) != NULL) {
+- if (dp->d_namlen <= file_name_length)
++ if (strlen(dp->d_name) <= file_name_length)
+ continue;
+
+ this_version = version_number(file, dp->d_name, file_name_length);
+--
+2.12.2
+
diff --git a/patches/0010-patch-Fix-with-musl-s-basename-dirname.patch b/patches/0010-patch-Fix-with-musl-s-basename-dirname.patch
new file mode 100644
index 0000000..80a1db3
--- /dev/null
+++ b/patches/0010-patch-Fix-with-musl-s-basename-dirname.patch
@@ -0,0 +1,46 @@
+From e16acc0e80f475b2139eabe1b07b7eb0521a7918 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 4 Jun 2016 20:13:35 -0700
+Subject: [PATCH] patch: Fix with musl's basename/dirname
+
+---
+ usr.bin/patch/backupfile.c | 15 ++++++++-------
+ 1 file changed, 8 insertions(+), 7 deletions(-)
+
+diff --git a/usr.bin/patch/backupfile.c b/usr.bin/patch/backupfile.c
+index 1d7858ae3..243d00e32 100644
+--- a/usr.bin/patch/backupfile.c
++++ b/usr.bin/patch/backupfile.c
+@@ -53,21 +53,22 @@ static void invalid_arg(const char *, const char *, int);
+ char *
+ find_backup_file_name(const char *file)
+ {
+- char *dir, *base_versions;
++ char *path, *base_versions;
+ int highest_backup;
+
+ if (backup_type == simple)
+ return concat(file, simple_backup_suffix);
+- base_versions = concat(basename(file), ".~");
+- if (base_versions == NULL)
++ path = strdup(file);
++ if (path == NULL)
+ return NULL;
+- dir = dirname(file);
+- if (dir == NULL) {
+- free(base_versions);
++ base_versions = concat(basename(path), ".~");
++ if (base_versions == NULL) {
++ free(path);
+ return NULL;
+ }
+- highest_backup = max_backup_version(base_versions, dir);
++ highest_backup = max_backup_version(base_versions, dirname(path));
+ free(base_versions);
++ free(path);
+ if (backup_type == numbered_existing && highest_backup == 0)
+ return concat(file, simple_backup_suffix);
+ return make_version_name(file, highest_backup + 1);
+--
+2.12.2
+
diff --git a/patches/0011-pax-Fix-GNU-long-name-handling-with-short-read.patch b/patches/0011-pax-Fix-GNU-long-name-handling-with-short-read.patch
new file mode 100644
index 0000000..b88aa2b
--- /dev/null
+++ b/patches/0011-pax-Fix-GNU-long-name-handling-with-short-read.patch
@@ -0,0 +1,176 @@
+From ec3fd37495e977af375a98a472d19ae0ccbcd874 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 3 Dec 2016 20:49:24 -0800
+Subject: [PATCH] pax: Fix GNU long name handling with short read
+
+---
+ bin/pax/ar_subs.c | 66 +++++++++++++++++++++++++++++++++------------
+ bin/pax/buf_subs.c | 4 +--
+ bin/pax/file_subs.c | 25 +----------------
+ 3 files changed, 51 insertions(+), 44 deletions(-)
+
+diff --git a/bin/pax/ar_subs.c b/bin/pax/ar_subs.c
+index e5b0a4ee5d1..f0a55abe2f7 100644
+--- a/bin/pax/ar_subs.c
++++ b/bin/pax/ar_subs.c
+@@ -37,6 +37,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/time.h>
++#include <err.h>
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <signal.h>
+@@ -51,6 +52,7 @@
+ static void wr_archive(ARCHD *, int is_app);
+ static int get_arc(void);
+ static int next_head(ARCHD *);
++static int rd_gnu_string(ARCHD *);
+ extern sigset_t s_mask;
+
+ /*
+@@ -93,16 +95,8 @@ list(void)
+ * step through the archive until the format says it is done
+ */
+ while (next_head(arcn) == 0) {
+- if (arcn->type == PAX_GLL || arcn->type == PAX_GLF) {
+- /*
+- * we need to read, to get the real filename
+- */
+- off_t cnt;
+- if (!rd_wrfile(arcn, arcn->type == PAX_GLF
+- ? -1 : -2, &cnt))
+- (void)rd_skip(cnt + arcn->pad);
++ if (rd_gnu_string(arcn))
+ continue;
+- }
+
+ /*
+ * check for pattern, and user specified options match.
+@@ -208,15 +202,8 @@ extract(void)
+ * says it is done
+ */
+ while (next_head(arcn) == 0) {
+- if (arcn->type == PAX_GLL || arcn->type == PAX_GLF) {
+- /*
+- * we need to read, to get the real filename
+- */
+- if (!rd_wrfile(arcn, arcn->type == PAX_GLF
+- ? -1 : -2, &cnt))
+- (void)rd_skip(cnt + arcn->pad);
++ if (rd_gnu_string(arcn))
+ continue;
+- }
+
+ /*
+ * check for pattern, and user specified options match. When
+@@ -1243,3 +1230,48 @@ get_arc(void)
+ paxwarn(1, "Sorry, unable to determine archive format.");
+ return(-1);
+ }
++
++/*
++ * rd_gnu_string()
++ * Read the file contents into an allocated string if it is a GNU tar
++ * long link/file.
++ * Return:
++ * 1 if gnu string read, 0 otherwise
++ */
++
++static int
++rd_gnu_string(ARCHD *arcn)
++{
++ char **strp;
++
++ switch (arcn->type) {
++ case PAX_GLF:
++ strp = &gnu_name_string;
++ break;
++ case PAX_GLL:
++ strp = &gnu_link_string;
++ break;
++ default:
++ strp = NULL;
++ break;
++ }
++ if (!strp)
++ return 0;
++ /*
++ * we need to read, to get the real filename
++ */
++ if (*strp)
++ err(1, "WARNING! Major Internal Error! GNU hack Failing!");
++ *strp = malloc(arcn->sb.st_size + 1);
++ if (*strp == NULL) {
++ paxwarn(1, "Out of memory");
++ (void)rd_skip(arcn->skip + arcn->pad);
++ } else if (rd_wrbuf(*strp, arcn->sb.st_size) < arcn->sb.st_size) {
++ free(*strp);
++ *strp = NULL;
++ } else {
++ (*strp)[arcn->sb.st_size] = '\0';
++ (void)rd_skip(arcn->pad);
++ }
++ return 1;
++}
+diff --git a/bin/pax/buf_subs.c b/bin/pax/buf_subs.c
+index 68534dcbe25..e84f9e0d3d6 100644
+--- a/bin/pax/buf_subs.c
++++ b/bin/pax/buf_subs.c
+@@ -673,9 +673,7 @@ rd_wrfile(ARCHD *arcn, int ofd, off_t *left)
+ * pass the blocksize of the file being written to the write routine,
+ * if the size is zero, use the default MINFBSZ
+ */
+- if (ofd < 0)
+- sz = PAXPATHLEN + 1; /* GNU tar long link/file */
+- else if (fstat(ofd, &sb) == 0) {
++ if (fstat(ofd, &sb) == 0) {
+ if (sb.st_blksize > 0)
+ sz = (int)sb.st_blksize;
+ } else
+diff --git a/bin/pax/file_subs.c b/bin/pax/file_subs.c
+index 89b4872988b..8aa3d249923 100644
+--- a/bin/pax/file_subs.c
++++ b/bin/pax/file_subs.c
+@@ -919,7 +919,6 @@ file_write(int fd, char *str, int cnt, int *rem, int *isempt, int sz,
+ char *end;
+ int wcnt;
+ char *st = str;
+- char **strp;
+
+ /*
+ * while we have data to process
+@@ -978,29 +977,7 @@ file_write(int fd, char *str, int cnt, int *rem, int *isempt, int sz,
+ /*
+ * have non-zero data in this file system block, have to write
+ */
+- switch (fd) {
+- case -1:
+- strp = &gnu_name_string;
+- break;
+- case -2:
+- strp = &gnu_link_string;
+- break;
+- default:
+- strp = NULL;
+- break;
+- }
+- if (strp) {
+- if (*strp)
+- err(1, "WARNING! Major Internal Error! GNU hack Failing!");
+- *strp = malloc(wcnt + 1);
+- if (*strp == NULL) {
+- paxwarn(1, "Out of memory");
+- return(-1);
+- }
+- memcpy(*strp, st, wcnt);
+- (*strp)[wcnt] = '\0';
+- break;
+- } else if (write(fd, st, wcnt) != wcnt) {
++ if (write(fd, st, wcnt) != wcnt) {
+ syswarn(1, errno, "Failed write to file %s", name);
+ return(-1);
+ }
+--
+2.26.2
+
diff --git a/patches/0012-pax-Support-xz-compression-with-J-flag.patch b/patches/0012-pax-Support-xz-compression-with-J-flag.patch
new file mode 100644
index 0000000..00f8a8b
--- /dev/null
+++ b/patches/0012-pax-Support-xz-compression-with-J-flag.patch
@@ -0,0 +1,90 @@
+From ac4a17dd01df3889bac917b0dc34ba9fd15aa7fe Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 3 Dec 2016 23:50:27 -0800
+Subject: [PATCH] pax: Support xz compression with -J flag
+
+---
+ bin/pax/options.c | 25 ++++++++++++++++++++++---
+ 1 file changed, 22 insertions(+), 3 deletions(-)
+
+diff --git a/bin/pax/options.c b/bin/pax/options.c
+index c7e64a5d22c..917414c999a 100644
+--- a/bin/pax/options.c
++++ b/bin/pax/options.c
+@@ -154,6 +154,7 @@ static int xz_id(char *_blk, int _size);
+ #define GZIP_CMD "gzip" /* command to run as gzip */
+ #define COMPRESS_CMD "compress" /* command to run as compress */
+ #define BZIP2_CMD "bzip2" /* command to run as bzip2 */
++#define XZ_CMD "xz" /* command to run as xz */
+
+ /*
+ * Format specific routine table
+@@ -300,7 +301,7 @@ pax_options(int argc, char **argv)
+ /*
+ * process option flags
+ */
+- while ((c=getopt(argc,argv,"ab:cdf:ijklno:p:rs:tuvwx:zB:DE:G:HLOPT:U:XYZ0"))
++ while ((c=getopt(argc,argv,"ab:cdf:ijklno:p:rs:tuvwx:zB:DE:G:HJLOPT:U:XYZ0"))
+ != -1) {
+ switch (c) {
+ case 'a':
+@@ -556,6 +557,12 @@ pax_options(int argc, char **argv)
+ Hflag = 1;
+ flg |= CHF;
+ break;
++ case 'J':
++ /*
++ * use xz. Non standard option.
++ */
++ gzip_program = XZ_CMD;
++ break;
+ case 'L':
+ /*
+ * follow symlinks
+@@ -731,7 +738,7 @@ tar_options(int argc, char **argv)
+ * process option flags
+ */
+ while ((c = getoldopt(argc, argv,
+- "b:cef:hjmopqruts:vwxzBC:HI:LNOPXZ014578")) != -1) {
++ "b:cef:hjmopqruts:vwxzBC:HI:JLNOPXZ014578")) != -1) {
+ switch (c) {
+ case 'b':
+ /*
+@@ -880,6 +887,12 @@ tar_options(int argc, char **argv)
+ incfiles[nincfiles - 1].file = optarg;
+ incfiles[nincfiles - 1].dir = chdname;
+ break;
++ case 'J':
++ /*
++ * use xz. Non standard option.
++ */
++ gzip_program = XZ_CMD;
++ break;
+ case 'L':
+ /*
+ * follow symlinks
+@@ -1164,7 +1177,7 @@ cpio_options(int argc, char **argv)
+ dflag = 1;
+ act = -1;
+ nodirs = 1;
+- while ((c=getopt(argc,argv,"abcdfijklmoprstuvzABC:E:F:H:I:LO:SZ6")) != -1)
++ while ((c=getopt(argc,argv,"abcdfijklmoprstuvzABC:E:F:H:I:JLO:SZ6")) != -1)
+ switch (c) {
+ case 'a':
+ /*
+@@ -1348,6 +1361,12 @@ cpio_options(int argc, char **argv)
+ (void)fputs("\n\n", stderr);
+ cpio_usage();
+ break;
++ case 'J':
++ /*
++ * use xz. Non standard option.
++ */
++ gzip_program = XZ_CMD;
++ break;
+ case 'L':
+ /*
+ * follow symbolic links
+--
+2.26.2
+
diff --git a/patches/0013-setprogname-Explicitly-discard-const-qualifier.patch b/patches/0013-setprogname-Explicitly-discard-const-qualifier.patch
new file mode 100644
index 0000000..a645a9e
--- /dev/null
+++ b/patches/0013-setprogname-Explicitly-discard-const-qualifier.patch
@@ -0,0 +1,23 @@
+From 7cc3b8b8b1ca390b6ed65d3234827bc7393f9300 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 11 Dec 2016 14:36:13 -0800
+Subject: [PATCH] setprogname: Explicitly discard const qualifier
+
+---
+ lib/libc/gen/setprogname.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/libc/gen/setprogname.c b/lib/libc/gen/setprogname.c
+index bce4cbdac44..0c1573c9162 100644
+--- a/lib/libc/gen/setprogname.c
++++ b/lib/libc/gen/setprogname.c
+@@ -27,5 +27,5 @@ setprogname(const char *progname)
+ if (tmpn == NULL)
+ __progname = (char *)progname;
+ else
+- __progname = tmpn + 1;
++ __progname = (char *)tmpn + 1;
+ }
+--
+2.14.2
+
diff --git a/patches/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch b/patches/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch
new file mode 100644
index 0000000..7866090
--- /dev/null
+++ b/patches/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch
@@ -0,0 +1,38 @@
+From d36036bbd959091b6442d003128342ed515af01b Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 26 Feb 2017 17:01:33 -0800
+Subject: [PATCH] readpassphrase: Support systems without VSTATUS and TCSASOFT
+
+---
+ lib/libc/gen/readpassphrase.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/libc/gen/readpassphrase.c b/lib/libc/gen/readpassphrase.c
+index a1aeb342b..a50eaf003 100644
+--- a/lib/libc/gen/readpassphrase.c
++++ b/lib/libc/gen/readpassphrase.c
+@@ -32,6 +32,10 @@
+ #include <unistd.h>
+ #include <readpassphrase.h>
+
++#ifndef TCSASOFT
++#define TCSASOFT 0
++#endif
++
+ static volatile sig_atomic_t signo[_NSIG];
+
+ static void handler(int);
+@@ -81,8 +85,10 @@ restart:
+ memcpy(&term, &oterm, sizeof(term));
+ if (!(flags & RPP_ECHO_ON))
+ term.c_lflag &= ~(ECHO | ECHONL);
++#ifdef VSTATUS
+ if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+ term.c_cc[VSTATUS] = _POSIX_VDISABLE;
++#endif
+ (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+ } else {
+ memset(&term, 0, sizeof(term));
+--
+2.12.2
+
diff --git a/patches/0015-Remove-getpass-definition.patch b/patches/0015-Remove-getpass-definition.patch
new file mode 100644
index 0000000..f2adafd
--- /dev/null
+++ b/patches/0015-Remove-getpass-definition.patch
@@ -0,0 +1,36 @@
+From e76fda424564544bc8298fb5be7cda966451497d Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 26 Feb 2017 17:12:56 -0800
+Subject: [PATCH] Remove getpass definition
+
+It is a legacy function and musl already provides an implementation.
+---
+ lib/libc/gen/readpassphrase.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/lib/libc/gen/readpassphrase.c b/lib/libc/gen/readpassphrase.c
+index a50eaf003..57c6dc527 100644
+--- a/lib/libc/gen/readpassphrase.c
++++ b/lib/libc/gen/readpassphrase.c
+@@ -183,16 +183,8 @@ restart:
+ }
+ DEF_WEAK(readpassphrase);
+
+-char *
+-getpass(const char *prompt)
+-{
+- static char buf[_PASSWORD_LEN + 1];
+-
+- return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+-}
+-
+-static void handler(int s)
++static void
++handler(int s)
+ {
+-
+ signo[s] = 1;
+ }
+--
+2.12.2
+
diff --git a/patches/0016-doas-Port-to-linux-musl.patch b/patches/0016-doas-Port-to-linux-musl.patch
new file mode 100644
index 0000000..877d3f0
--- /dev/null
+++ b/patches/0016-doas-Port-to-linux-musl.patch
@@ -0,0 +1,435 @@
+From c95443d87b64650823e41016c26b1f5a3b38e7b3 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 26 Feb 2017 16:50:55 -0800
+Subject: [PATCH] doas: Port to linux/musl
+
+Remove -a login style option and BSD authentication. Instead, compare
+against shadow file.
+
+Use timestamp files in /run/doas instead of TIOC*VERAUTH to implement
+persist.
+
+Use initgroups/setgid/setuid instead of setusercontext.
+
+Provide UID_MAX and GID_MAX defaults.
+
+Use LOGIN_NAME_MAX instead of _PW_NAME_LEN.
+
+Remove call to closefrom.
+
+Replace calls to errc with err after setting errno.
+
+Call openlog at start to set syslog identity.
+---
+ usr.bin/doas/doas.1 | 9 ---
+ usr.bin/doas/doas.c | 97 ++++++++++++++++--------------
+ usr.bin/doas/doas.h | 4 ++
+ usr.bin/doas/parse.y | 1 +
+ usr.bin/doas/persist.c | 133 +++++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 191 insertions(+), 53 deletions(-)
+ create mode 100644 usr.bin/doas/persist.c
+
+diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1
+index fc769bdb336..c7196e347a9 100644
+--- a/usr.bin/doas/doas.1
++++ b/usr.bin/doas/doas.1
+@@ -22,7 +22,6 @@
+ .Sh SYNOPSIS
+ .Nm doas
+ .Op Fl Lns
+-.Op Fl a Ar style
+ .Op Fl C Ar config
+ .Op Fl u Ar user
+ .Ar command
+@@ -67,14 +66,6 @@ The working directory is not changed.
+ .Pp
+ The options are as follows:
+ .Bl -tag -width tenletters
+-.It Fl a Ar style
+-Use the specified authentication style when validating the user,
+-as allowed by
+-.Pa /etc/login.conf .
+-A list of doas-specific authentication methods may be configured by adding an
+-.Sq auth-doas
+-entry in
+-.Xr login.conf 5 .
+ .It Fl C Ar config
+ Parse and check the configuration file
+ .Ar config ,
+diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
+index a723c67a3eb..e7e3e639401 100644
+--- a/usr.bin/doas/doas.c
++++ b/usr.bin/doas/doas.c
+@@ -20,8 +20,6 @@
+ #include <sys/ioctl.h>
+
+ #include <limits.h>
+-#include <login_cap.h>
+-#include <bsd_auth.h>
+ #include <readpassphrase.h>
+ #include <string.h>
+ #include <stdio.h>
+@@ -33,13 +31,22 @@
+ #include <syslog.h>
+ #include <errno.h>
+ #include <fcntl.h>
++#include <shadow.h>
+
+ #include "doas.h"
+
++#ifndef UID_MAX
++#define UID_MAX 65535
++#endif
++
++#ifndef GID_MAX
++#define GID_MAX 65535
++#endif
++
+ static void __dead
+ usage(void)
+ {
+- fprintf(stderr, "usage: doas [-Lns] [-a style] [-C config] [-u user]"
++ fprintf(stderr, "usage: doas [-Lns] [-C config] [-u user]"
+ " command [args]\n");
+ exit(1);
+ }
+@@ -197,23 +204,36 @@ checkconfig(const char *confpath, int argc, char **argv,
+ }
+ }
+
++static int
++verifypasswd(const char *user, const char *pass)
++{
++ struct spwd *sp;
++ char *p1, *p2;
++
++ sp = getspnam(user);
++ if (!sp)
++ return 0;
++ p1 = sp->sp_pwdp;
++ if (p1[0] == '!' || p1[0] == '*')
++ return 0;
++ p2 = crypt(pass, p1);
++ if (!p2)
++ return 0;
++ return strcmp(p1, p2) == 0;
++}
++
+ static void
+-authuser(char *myname, char *login_style, int persist)
++authuser(char *myname, int persist)
+ {
+ char *challenge = NULL, *response, rbuf[1024], cbuf[128];
+- auth_session_t *as;
+- int fd = -1;
++ int fd = -1, valid = 0;
+
+- if (persist)
+- fd = open("/dev/tty", O_RDWR);
+- if (fd != -1) {
+- if (ioctl(fd, TIOCCHKVERAUTH) == 0)
++ if (persist) {
++ fd = openpersist(&valid);
++ if (valid)
+ goto good;
+ }
+
+- if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
+- &challenge)))
+- errx(1, "Authorization failed");
+ if (!challenge) {
+ char host[HOST_NAME_MAX + 1];
+ if (gethostname(host, sizeof(host)))
+@@ -225,21 +245,18 @@ authuser(char *myname, char *login_style, int persist)
+ response = readpassphrase(challenge, rbuf, sizeof(rbuf),
+ RPP_REQUIRE_TTY);
+ if (response == NULL && errno == ENOTTY) {
+- syslog(LOG_AUTHPRIV | LOG_NOTICE,
+- "tty required for %s", myname);
++ syslog(LOG_NOTICE, "tty required for %s", myname);
+ errx(1, "a tty is required");
+ }
+- if (!auth_userresponse(as, response, 0)) {
++ if (!verifypasswd(myname, response)) {
+ explicit_bzero(rbuf, sizeof(rbuf));
+- syslog(LOG_AUTHPRIV | LOG_NOTICE,
+- "failed auth for %s", myname);
++ syslog(LOG_NOTICE, "failed auth for %s", myname);
+ errx(1, "Authorization failed");
+ }
+ explicit_bzero(rbuf, sizeof(rbuf));
+ good:
+ if (fd != -1) {
+- int secs = 5 * 60;
+- ioctl(fd, TIOCSETVERAUTH, &secs);
++ setpersist(fd);
+ close(fd);
+ }
+ }
+@@ -285,15 +302,14 @@ done:
+ int
+ main(int argc, char **argv)
+ {
+- const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
+- "/usr/local/bin:/usr/local/sbin";
++ const char *safepath = "/bin";
+ const char *confpath = NULL;
+ char *shargv[] = { NULL, NULL };
+ char *sh;
+ const char *p;
+ const char *cmd;
+ char cmdline[LINE_MAX];
+- char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN];
++ char mypwbuf[1024], targpwbuf[1024];
+ struct passwd mypwstore, targpwstore;
+ struct passwd *mypw, *targpw;
+ const struct rule *rule;
+@@ -306,28 +322,20 @@ main(int argc, char **argv)
+ int nflag = 0;
+ char cwdpath[PATH_MAX];
+ const char *cwd;
+- char *login_style = NULL;
+ char **envp;
+
+ setprogname("doas");
+-
+- closefrom(STDERR_FILENO + 1);
++ openlog("doas", 0, LOG_AUTHPRIV);
+
+ uid = getuid();
+
+- while ((ch = getopt(argc, argv, "a:C:Lnsu:")) != -1) {
++ while ((ch = getopt(argc, argv, "C:Lnsu:")) != -1) {
+ switch (ch) {
+- case 'a':
+- login_style = optarg;
+- break;
+ case 'C':
+ confpath = optarg;
+ break;
+ case 'L':
+- i = open("/dev/tty", O_RDWR);
+- if (i != -1)
+- ioctl(i, TIOCCLRVERAUTH);
+- exit(i == -1);
++ exit(clearpersist() != 0);
+ case 'u':
+ if (parseuid(optarg, &target) != 0)
+ errx(1, "unknown user");
+@@ -395,16 +403,16 @@ main(int argc, char **argv)
+ cmd = argv[0];
+ if (!permit(uid, groups, ngroups, &rule, target, cmd,
+ (const char **)argv + 1)) {
+- syslog(LOG_AUTHPRIV | LOG_NOTICE,
+- "failed command for %s: %s", mypw->pw_name, cmdline);
+- errc(1, EPERM, NULL);
++ syslog(LOG_NOTICE, "failed command for %s: %s", mypw->pw_name, cmdline);
++ errno = EPERM;
++ err(1, NULL);
+ }
+
+ if (!(rule->options & NOPASS)) {
+ if (nflag)
+ errx(1, "Authorization required");
+
+- authuser(mypw->pw_name, login_style, rule->options & PERSIST);
++ authuser(mypw->pw_name, rule->options & PERSIST);
+ }
+
+ if ((p = getenv("PATH")) != NULL)
+@@ -431,11 +439,12 @@ main(int argc, char **argv)
+ if (targpw == NULL)
+ errx(1, "no passwd entry for target");
+
+- if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
+- LOGIN_SETPATH |
+- LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+- LOGIN_SETUSER) != 0)
+- errx(1, "failed to set user context for target");
++ if (initgroups(targpw->pw_name, targpw->pw_gid) < 0)
++ err(1, "initgroups");
++ if (setgid(targpw->pw_gid) < 0)
++ err(1, "setgid");
++ if (setuid(targpw->pw_uid) < 0)
++ err(1, "setuid");
+
+ if (pledge("stdio rpath exec", NULL) == -1)
+ err(1, "pledge");
+@@ -448,7 +457,7 @@ main(int argc, char **argv)
+ if (pledge("stdio exec", NULL) == -1)
+ err(1, "pledge");
+
+- syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
++ syslog(LOG_INFO, "%s ran command %s as %s from %s",
+ mypw->pw_name, cmdline, targpw->pw_name, cwd);
+
+ envp = prepenv(rule, mypw, targpw);
+diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h
+index 6f50fc22869..c97986e3cf3 100644
+--- a/usr.bin/doas/doas.h
++++ b/usr.bin/doas/doas.h
+@@ -36,6 +36,10 @@ struct passwd;
+ char **prepenv(const struct rule *, const struct passwd *,
+ const struct passwd *);
+
++int openpersist(int *valid);
++int setpersist(int fd);
++int clearpersist(void);
++
+ #define PERMIT 1
+ #define DENY 2
+
+diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y
+index dd9466e5f13..d1f698c7679 100644
+--- a/usr.bin/doas/parse.y
++++ b/usr.bin/doas/parse.y
+@@ -19,6 +19,7 @@
+ #include <sys/types.h>
+ #include <ctype.h>
+ #include <unistd.h>
++#include <stdlib.h>
+ #include <stdint.h>
+ #include <stdarg.h>
+ #include <stdio.h>
+diff --git a/usr.bin/doas/persist.c b/usr.bin/doas/persist.c
+new file mode 100644
+index 00000000000..4ad1bf1efbf
+--- /dev/null
++++ b/usr.bin/doas/persist.c
+@@ -0,0 +1,133 @@
++#include <errno.h>
++#include <fcntl.h>
++#include <limits.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <time.h>
++#include <unistd.h>
++
++#include "doas.h"
++
++#define PERSIST_DIR "/run/doas"
++#define PERSIST_TIMEOUT 5 * 60
++
++static int
++ttyid(dev_t *tty)
++{
++ int fd, i;
++ char buf[BUFSIZ], *p;
++ ssize_t n;
++
++ fd = open("/proc/self/stat", O_RDONLY);
++ if (fd == -1)
++ return -1;
++ n = read(fd, buf, sizeof(buf) - 1);
++ if (n >= 0)
++ buf[n] = '\0';
++ /* check that we read the whole file */
++ n = read(fd, buf, 1);
++ close(fd);
++ if (n != 0)
++ return -1;
++ p = strrchr(buf, ')');
++ if (!p)
++ return -1;
++ ++p;
++ /* ttr_nr is the 5th field after executable name, so skip the next 4 */
++ for (i = 0; i < 4; ++i) {
++ p = strchr(++p, ' ');
++ if (!p)
++ return -1;
++ }
++ *tty = strtol(p, &p, 10);
++ if (*p != ' ')
++ return -1;
++ return 0;
++}
++
++static int
++persistpath(char *buf, size_t len)
++{
++ dev_t tty;
++ int n;
++
++ if (ttyid(&tty) < 0)
++ return -1;
++ n = snprintf(buf, len, PERSIST_DIR "/%ju-%ju", (uintmax_t)getuid(), (uintmax_t)tty);
++ if (n < 0 || n >= (int)len)
++ return -1;
++ return 0;
++}
++
++int
++openpersist(int *valid)
++{
++ char path[256];
++ struct stat st;
++ struct timespec ts;
++ int fd;
++
++ if (stat(PERSIST_DIR, &st) < 0) {
++ if (errno != ENOENT)
++ return -1;
++ if (mkdir(PERSIST_DIR, 0700) < 0)
++ return -1;
++ } else if (st.st_uid != 0 || st.st_mode != (S_IFDIR | 0700)) {
++ return -1;
++ }
++ if (persistpath(path, sizeof(path)) < 0)
++ return -1;
++ fd = open(path, O_RDONLY);
++ if (fd == -1) {
++ char tmp[256];
++ struct timespec ts[2] = { { .tv_nsec = UTIME_OMIT }, { 0 } };
++ int n;
++
++ n = snprintf(tmp, sizeof(tmp), PERSIST_DIR "/.tmp-%d", getpid());
++ if (n < 0 || n >= (int)sizeof(tmp))
++ return -1;
++ fd = open(tmp, O_RDONLY | O_CREAT | O_EXCL, 0);
++ if (fd == -1)
++ return -1;
++ if (futimens(fd, ts) < 0 || rename(tmp, path) < 0) {
++ close(fd);
++ unlink(tmp);
++ return -1;
++ }
++ *valid = 0;
++ } else {
++ *valid = clock_gettime(CLOCK_BOOTTIME, &ts) == 0 &&
++ fstat(fd, &st) == 0 &&
++ (ts.tv_sec < st.st_mtim.tv_sec ||
++ (ts.tv_sec == st.st_mtim.tv_sec && ts.tv_nsec < st.st_mtim.tv_nsec)) &&
++ st.st_mtime - ts.tv_sec <= PERSIST_TIMEOUT;
++ }
++ return fd;
++}
++
++int
++setpersist(int fd)
++{
++ struct timespec times[2];
++
++ if (clock_gettime(CLOCK_BOOTTIME, ×[1]) < 0)
++ return -1;
++ times[0].tv_nsec = UTIME_OMIT;
++ times[1].tv_sec += PERSIST_TIMEOUT;
++ return futimens(fd, times);
++}
++
++int
++clearpersist(void)
++{
++ char path[256];
++
++ if (persistpath(path, sizeof(path)) < 0)
++ return -1;
++ if (unlink(path) < 0 && errno != ENOENT)
++ return -1;
++ return 0;
++}
+--
+2.27.0
+
diff --git a/patches/0017-pwcache-Don-t-use-fixed-buffer-sizes.patch b/patches/0017-pwcache-Don-t-use-fixed-buffer-sizes.patch
new file mode 100644
index 0000000..3b7896b
--- /dev/null
+++ b/patches/0017-pwcache-Don-t-use-fixed-buffer-sizes.patch
@@ -0,0 +1,92 @@
+From ab480e176692b91f2fb6fb9ea2e1725d980d805d Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 14 Apr 2017 11:25:01 -0700
+Subject: [PATCH] pwcache: Don't use fixed buffer sizes
+
+---
+ lib/libc/gen/pwcache.c | 20 ++++++++------------
+ 1 file changed, 8 insertions(+), 12 deletions(-)
+
+diff --git a/lib/libc/gen/pwcache.c b/lib/libc/gen/pwcache.c
+index d54daa08cc7..2f30f4b966b 100644
+--- a/lib/libc/gen/pwcache.c
++++ b/lib/libc/gen/pwcache.c
+@@ -202,8 +202,7 @@ grptb_start(void)
+ const char *
+ user_from_uid(uid_t uid, int noname)
+ {
+- struct passwd pwstore, *pw = NULL;
+- char pwbuf[_PW_BUF_LEN];
++ struct passwd *pw;
+ UIDC **pptr, *ptr = NULL;
+
+ if ((uidtb != NULL) || (uidtb_start() == 0)) {
+@@ -226,7 +225,7 @@ user_from_uid(uid_t uid, int noname)
+ *pptr = ptr = malloc(sizeof(UIDC));
+ }
+
+- getpwuid_r(uid, &pwstore, pwbuf, sizeof(pwbuf), &pw);
++ pw = getpwuid(uid);
+ if (pw == NULL) {
+ /*
+ * no match for this uid in the local password file
+@@ -263,8 +262,7 @@ user_from_uid(uid_t uid, int noname)
+ const char *
+ group_from_gid(gid_t gid, int noname)
+ {
+- struct group grstore, *gr = NULL;
+- char grbuf[_GR_BUF_LEN];
++ struct group *gr;
+ GIDC **pptr, *ptr = NULL;
+
+ if ((gidtb != NULL) || (gidtb_start() == 0)) {
+@@ -287,7 +285,7 @@ group_from_gid(gid_t gid, int noname)
+ *pptr = ptr = malloc(sizeof(GIDC));
+ }
+
+- getgrgid_r(gid, &grstore, grbuf, sizeof(grbuf), &gr);
++ gr = getgrgid(gid);
+ if (gr == NULL) {
+ /*
+ * no match for this gid in the local group file, put in
+@@ -322,8 +320,7 @@ group_from_gid(gid_t gid, int noname)
+ int
+ uid_from_user(const char *name, uid_t *uid)
+ {
+- struct passwd pwstore, *pw = NULL;
+- char pwbuf[_PW_BUF_LEN];
++ struct passwd *pw;
+ UIDC **pptr, *ptr = NULL;
+ size_t namelen;
+
+@@ -357,7 +354,7 @@ uid_from_user(const char *name, uid_t *uid)
+ * no match, look it up, if no match store it as an invalid entry,
+ * or store the matching uid
+ */
+- getpwnam_r(name, &pwstore, pwbuf, sizeof(pwbuf), &pw);
++ pw = getpwnam(name);
+ if (ptr == NULL) {
+ if (pw == NULL)
+ return -1;
+@@ -383,8 +380,7 @@ uid_from_user(const char *name, uid_t *uid)
+ int
+ gid_from_group(const char *name, gid_t *gid)
+ {
+- struct group grstore, *gr = NULL;
+- char grbuf[_GR_BUF_LEN];
++ struct group *gr;
+ GIDC **pptr, *ptr = NULL;
+ size_t namelen;
+
+@@ -418,7 +414,7 @@ gid_from_group(const char *name, gid_t *gid)
+ * no match, look it up, if no match store it as an invalid entry,
+ * or store the matching gid
+ */
+- getgrnam_r(name, &grstore, grbuf, sizeof(grbuf), &gr);
++ gr = getgrnam(name);
+ if (ptr == NULL) {
+ if (gr == NULL)
+ return -1;
+--
+2.19.0
+
diff --git a/patches/0018-yacc-Remove-__unused.patch b/patches/0018-yacc-Remove-__unused.patch
new file mode 100644
index 0000000..d8e49be
--- /dev/null
+++ b/patches/0018-yacc-Remove-__unused.patch
@@ -0,0 +1,27 @@
+From 8c468833465d7fa0d5372807de01272414b1f4bb Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 10 Oct 2017 02:55:38 -0700
+Subject: [PATCH] yacc: Remove __unused
+
+We can't define this to __attribute__((unused)) because musl uses this
+identifier as a structure field.
+---
+ usr.bin/yacc/main.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr.bin/yacc/main.c b/usr.bin/yacc/main.c
+index 3d9f6add5c8..dd34a04c5bf 100644
+--- a/usr.bin/yacc/main.c
++++ b/usr.bin/yacc/main.c
+@@ -122,7 +122,7 @@ done(int k)
+
+
+ void
+-onintr(__unused int signo)
++onintr(int signo)
+ {
+ sigdie = 1;
+ done(1);
+--
+2.14.2
+
diff --git a/patches/0019-Add-standalone-freezero.patch b/patches/0019-Add-standalone-freezero.patch
new file mode 100644
index 0000000..249a3e4
--- /dev/null
+++ b/patches/0019-Add-standalone-freezero.patch
@@ -0,0 +1,51 @@
+From 98a3b77cfa775c87010159d49f5b17d84fe1aa7b Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 10 Oct 2017 03:07:56 -0700
+Subject: [PATCH] Add standalone freezero
+
+---
+ lib/libc/stdlib/freezero.c | 32 ++++++++++++++++++++++++++++++++
+ 1 file changed, 32 insertions(+)
+ create mode 100644 lib/libc/stdlib/freezero.c
+
+diff --git a/lib/libc/stdlib/freezero.c b/lib/libc/stdlib/freezero.c
+new file mode 100644
+index 00000000000..31face3828b
+--- /dev/null
++++ b/lib/libc/stdlib/freezero.c
+@@ -0,0 +1,32 @@
++/*
++ * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
++ * Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
++ * Copyright (c) 2008 Damien Miller <djm@openbsd.org>
++ * Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++
++#include <string.h>
++#include <stdlib.h>
++
++void
++freezero(void *ptr, size_t sz)
++{
++ /* This is legal. */
++ if (ptr == NULL)
++ return;
++
++ explicit_bzero(ptr, sz);
++ free(ptr);
++}
+--
+2.14.2
+
diff --git a/patches/0020-m4-Use-hand-written-lexer-to-avoid-cycle-in-bootstra.patch b/patches/0020-m4-Use-hand-written-lexer-to-avoid-cycle-in-bootstra.patch
new file mode 100644
index 0000000..f58f366
--- /dev/null
+++ b/patches/0020-m4-Use-hand-written-lexer-to-avoid-cycle-in-bootstra.patch
@@ -0,0 +1,327 @@
+From edf250c633bef40e7e37dafc9fc393dd2ad9074f Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 10 Apr 2018 13:37:14 -0700
+Subject: [PATCH] m4: Use hand-written lexer to avoid cycle in bootstrap
+
+---
+ usr.bin/m4/tokenizer.c | 191 +++++++++++++++++++++++++++++++++++++++++
+ usr.bin/m4/tokenizer.l | 109 -----------------------
+ 2 files changed, 191 insertions(+), 109 deletions(-)
+ create mode 100644 usr.bin/m4/tokenizer.c
+ delete mode 100644 usr.bin/m4/tokenizer.l
+
+diff --git a/usr.bin/m4/tokenizer.c b/usr.bin/m4/tokenizer.c
+new file mode 100644
+index 00000000000..fa19fc65035
+--- /dev/null
++++ b/usr.bin/m4/tokenizer.c
+@@ -0,0 +1,191 @@
++/* $OpenBSD: tokenizer.l,v 1.10 2017/06/17 01:55:16 bcallah Exp $ */
++/*
++ * Copyright (c) 2004 Marc Espie <espie@cvs.openbsd.org>
++ *
++ * Permission to use, copy, modify, and distribute this software for any
++ * purpose with or without fee is hereby granted, provided that the above
++ * copyright notice and this permission notice appear in all copies.
++ *
++ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
++ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
++ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
++ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
++ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
++ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
++ */
++#include "parser.tab.h"
++#include <assert.h>
++#include <ctype.h>
++#include <errno.h>
++#include <limits.h>
++#include <stdbool.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <stdint.h>
++
++extern void m4_warnx(const char *, ...);
++extern int mimic_gnu;
++extern int32_t yylval;
++static const char *yypos;
++
++void
++yy_scan_string(const char *s)
++{
++ yypos = s;
++}
++
++static int32_t
++number(const char *yytext, size_t yylen)
++{
++ long l;
++
++ errno = 0;
++ l = strtol(yytext, NULL, 0);
++ if (((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE) ||
++ l > INT32_MAX || l < INT32_MIN)
++ m4_warnx("numeric overflow in expr: %.*s", (int)yylen, yytext);
++ return l;
++}
++
++static int32_t
++parse_radix(const char *yytext, size_t yylen)
++{
++ long base;
++ char *next;
++ long l;
++ int d;
++
++ l = 0;
++ base = strtol(yytext+2, &next, 0);
++ if (base > 36 || next == NULL) {
++ m4_warnx("error in number %.*s", (int)yylen, yytext);
++ } else {
++ next++;
++ while (*next != 0) {
++ if (*next >= '0' && *next <= '9')
++ d = *next - '0';
++ else if (*next >= 'a' && *next <= 'z')
++ d = *next - 'a' + 10;
++ else {
++ assert(*next >= 'A' && *next <= 'Z');
++ d = *next - 'A' + 10;
++ }
++ if (d >= base) {
++ m4_warnx("error in number %.*s", (int)yylen, yytext);
++ return 0;
++ }
++ l = base * l + d;
++ next++;
++ }
++ }
++ return l;
++}
++
++static int
++isodigit(int c)
++{
++ return c >= '0' && c <= '7';
++}
++
++int yylex(void)
++{
++ const char *start;
++
++next:
++ start = yypos;
++ switch (*yypos) {
++ case ' ':
++ case '\t':
++ case '\n':
++ ++yypos;
++ goto next;
++ case '<':
++ switch (yypos[1]) {
++ case '=':
++ yypos += 2;
++ return LE;
++ case '<':
++ yypos += 2;
++ return LSHIFT;
++ }
++ break;
++ case '>':
++ switch (yypos[1]) {
++ case '=':
++ yypos += 2;
++ return GE;
++ case '>':
++ yypos += 2;
++ return RSHIFT;
++ }
++ break;
++ case '=':
++ if (yypos[1] != '=')
++ break;
++ yypos += 2;
++ return EQ;
++ case '!':
++ if (yypos[1] != '=')
++ break;
++ yypos += 2;
++ return NE;
++ case '&':
++ if (yypos[1] != '&')
++ break;
++ yypos += 2;
++ return LAND;
++ case '|':
++ if (yypos[1] != '|')
++ break;
++ yypos += 2;
++ return LOR;
++ case '*':
++ if (!mimic_gnu || yypos[1] != '*')
++ break;
++ yypos += 2;
++ return EXPONENT;
++ case '0':
++ switch (*++yypos) {
++ case 'x':
++ case 'X':
++ if (!isxdigit(*++yypos))
++ return ERROR;
++ do ++yypos;
++ while (isxdigit(*yypos));
++ break;
++ case 'r':
++ case 'R':
++ if (!mimic_gnu)
++ break;
++ if (!isdigit(*++yypos))
++ return ERROR;
++ do ++yypos;
++ while (isdigit(*yypos));
++ if (*yypos != ':')
++ return ERROR;
++ if (!isalnum(*++yypos))
++ return ERROR;
++ do ++yypos;
++ while (isalnum(*yypos));
++ yylval = parse_radix(start, yypos - start);
++ return NUMBER;
++ default:
++ do ++yypos;
++ while (isodigit(*yypos));
++ break;
++ }
++ yylval = number(start, yypos - start);
++ return NUMBER;
++ case '\0':
++ return '\0';
++ }
++ if (isdigit(*yypos)) {
++ do ++yypos;
++ while (isdigit(*yypos));
++ yylval = number(start, yypos - start);
++ return NUMBER;
++ }
++
++ return *yypos++;
++}
+diff --git a/usr.bin/m4/tokenizer.l b/usr.bin/m4/tokenizer.l
+deleted file mode 100644
+index 94f02fb6085..00000000000
+--- a/usr.bin/m4/tokenizer.l
++++ /dev/null
+@@ -1,109 +0,0 @@
+-%{
+-/* $OpenBSD: tokenizer.l,v 1.10 2017/06/17 01:55:16 bcallah Exp $ */
+-/*
+- * Copyright (c) 2004 Marc Espie <espie@cvs.openbsd.org>
+- *
+- * Permission to use, copy, modify, and distribute this software for any
+- * purpose with or without fee is hereby granted, provided that the above
+- * copyright notice and this permission notice appear in all copies.
+- *
+- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+- */
+-#include "parser.h"
+-#include <assert.h>
+-#include <stdlib.h>
+-#include <errno.h>
+-#include <stdint.h>
+-#include <limits.h>
+-
+-extern void m4_warnx(const char *, ...);
+-extern int mimic_gnu;
+-extern int32_t yylval;
+-
+-int32_t number(void);
+-int32_t parse_radix(void);
+-%}
+-
+-delim [ \t\n]
+-ws {delim}+
+-hex 0[xX][0-9a-fA-F]+
+-oct 0[0-7]*
+-dec [1-9][0-9]*
+-radix 0[rR][0-9]+:[0-9a-zA-Z]+
+-
+-%option noyywrap
+-
+-%%
+-{ws} {/* just skip it */}
+-{hex}|{oct}|{dec} { yylval = number(); return(NUMBER); }
+-{radix} { if (mimic_gnu) {
+- yylval = parse_radix(); return(NUMBER);
+- } else {
+- return(ERROR);
+- }
+- }
+-"<=" { return(LE); }
+-">=" { return(GE); }
+-"<<" { return(LSHIFT); }
+-">>" { return(RSHIFT); }
+-"==" { return(EQ); }
+-"!=" { return(NE); }
+-"&&" { return(LAND); }
+-"||" { return(LOR); }
+-"**" { if (mimic_gnu) { return (EXPONENT); } }
+-. { return yytext[0]; }
+-%%
+-
+-int32_t
+-number()
+-{
+- long l;
+-
+- errno = 0;
+- l = strtol(yytext, NULL, 0);
+- if (((l == LONG_MAX || l == LONG_MIN) && errno == ERANGE) ||
+- l > INT32_MAX || l < INT32_MIN)
+- m4_warnx("numeric overflow in expr: %s", yytext);
+- return l;
+-}
+-
+-int32_t
+-parse_radix()
+-{
+- long base;
+- char *next;
+- long l;
+- int d;
+-
+- l = 0;
+- base = strtol(yytext+2, &next, 0);
+- if (base > 36 || next == NULL) {
+- m4_warnx("error in number %s", yytext);
+- } else {
+- next++;
+- while (*next != 0) {
+- if (*next >= '0' && *next <= '9')
+- d = *next - '0';
+- else if (*next >= 'a' && *next <= 'z')
+- d = *next - 'a' + 10;
+- else {
+- assert(*next >= 'A' && *next <= 'Z');
+- d = *next - 'A' + 10;
+- }
+- if (d >= base) {
+- m4_warnx("error in number %s", yytext);
+- return 0;
+- }
+- l = base * l + d;
+- next++;
+- }
+- }
+- return l;
+-}
+-
+--
+2.17.0
+
diff --git a/patches/0021-m4-Use-_Noreturn-instead-of-__dead.patch b/patches/0021-m4-Use-_Noreturn-instead-of-__dead.patch
new file mode 100644
index 0000000..c78d504
--- /dev/null
+++ b/patches/0021-m4-Use-_Noreturn-instead-of-__dead.patch
@@ -0,0 +1,25 @@
+From 0f0eb43f3d6fb749fac229e3d6c8f74b2c40ece2 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 10 Apr 2018 16:03:44 -0700
+Subject: [PATCH] m4: Use _Noreturn instead of __dead
+
+---
+ usr.bin/m4/extern.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr.bin/m4/extern.h b/usr.bin/m4/extern.h
+index ea8406b8540..0c07599777d 100644
+--- a/usr.bin/m4/extern.h
++++ b/usr.bin/m4/extern.h
+@@ -113,7 +113,7 @@ extern void usage(void);
+ extern void resizedivs(int);
+ extern size_t buffer_mark(void);
+ extern void dump_buffer(FILE *, size_t);
+-extern void __dead m4errx(int, const char *, ...);
++extern void _Noreturn m4errx(int, const char *, ...);
+
+ extern int obtain_char(struct input_file *);
+ extern void set_input(struct input_file *, FILE *, const char *);
+--
+2.17.0
+
diff --git a/patches/0022-m4-Add-missing-includes.patch b/patches/0022-m4-Add-missing-includes.patch
new file mode 100644
index 0000000..d647009
--- /dev/null
+++ b/patches/0022-m4-Add-missing-includes.patch
@@ -0,0 +1,50 @@
+From 3cc2a61c553d138778a6ec1dd84cd042ce834b4e Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 10 Apr 2018 16:24:12 -0700
+Subject: [PATCH] m4: Add missing includes
+
+---
+ usr.bin/m4/look.c | 1 +
+ usr.bin/m4/main.c | 1 +
+ usr.bin/m4/parser.y | 1 +
+ 3 files changed, 3 insertions(+)
+
+diff --git a/usr.bin/m4/look.c b/usr.bin/m4/look.c
+index ac504570a9f..5feb0413cd6 100644
+--- a/usr.bin/m4/look.c
++++ b/usr.bin/m4/look.c
+@@ -38,6 +38,7 @@
+ * by: oz
+ */
+
++#include <sys/cdefs.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <stdint.h>
+diff --git a/usr.bin/m4/main.c b/usr.bin/m4/main.c
+index f1b8fa5a55b..4e664c0a50b 100644
+--- a/usr.bin/m4/main.c
++++ b/usr.bin/m4/main.c
+@@ -39,6 +39,7 @@
+ * by: oz
+ */
+
++#include <sys/cdefs.h>
+ #include <assert.h>
+ #include <signal.h>
+ #include <err.h>
+diff --git a/usr.bin/m4/parser.y b/usr.bin/m4/parser.y
+index 5b46d261a9a..fedded1e44c 100644
+--- a/usr.bin/m4/parser.y
++++ b/usr.bin/m4/parser.y
+@@ -17,6 +17,7 @@
+ */
+ #include <math.h>
+ #include <stdint.h>
++#include <stdlib.h>
+ #define YYSTYPE int32_t
+ extern int32_t end_result;
+ extern int yylex(void);
+--
+2.22.0
+
diff --git a/patches/0023-libutil-Add-missing-includes.patch b/patches/0023-libutil-Add-missing-includes.patch
new file mode 100644
index 0000000..c441c19
--- /dev/null
+++ b/patches/0023-libutil-Add-missing-includes.patch
@@ -0,0 +1,24 @@
+From 72cfeec702c7b76cce88be4c411ce40a8abb628c Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Tue, 10 Apr 2018 16:23:22 -0700
+Subject: [PATCH] libutil: Add missing includes
+
+---
+ lib/libutil/ohash.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/lib/libutil/ohash.c b/lib/libutil/ohash.c
+index 74ca4fafd9c..9537c60eac4 100644
+--- a/lib/libutil/ohash.c
++++ b/lib/libutil/ohash.c
+@@ -15,6 +15,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/cdefs.h>
+ #include <stddef.h>
+ #include <stdint.h>
+ #include <stdlib.h>
+--
+2.17.0
+
diff --git a/patches/0024-acme-client-Add-missing-includes.patch b/patches/0024-acme-client-Add-missing-includes.patch
new file mode 100644
index 0000000..31f034c
--- /dev/null
+++ b/patches/0024-acme-client-Add-missing-includes.patch
@@ -0,0 +1,25 @@
+From 7ea4349d2ed8afd672348a7d2f3534007e5dc442 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 18 Mar 2019 14:52:31 -0700
+Subject: [PATCH] acme-client: Add missing includes
+
+---
+ usr.sbin/acme-client/extern.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/usr.sbin/acme-client/extern.h b/usr.sbin/acme-client/extern.h
+index dda2edde4..d83ead634 100644
+--- a/usr.sbin/acme-client/extern.h
++++ b/usr.sbin/acme-client/extern.h
+@@ -17,6 +17,8 @@
+ #ifndef EXTERN_H
+ #define EXTERN_H
+
++#include <sys/cdefs.h>
++#include <sys/types.h>
+ #include "parse.h"
+
+ #define MAX_SERVERS_DNS 8
+--
+2.21.0
+
diff --git a/patches/0025-rsync-Add-missing-includes.patch b/patches/0025-rsync-Add-missing-includes.patch
new file mode 100644
index 0000000..2f632cb
--- /dev/null
+++ b/patches/0025-rsync-Add-missing-includes.patch
@@ -0,0 +1,40 @@
+From ca34590e5d0065db581b3b4c05c9c7aea0015dff Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 14 Jun 2019 12:40:56 -0700
+Subject: [PATCH] rsync: Add missing includes
+
+- stdio.h in socket.c for sscanf
+- sys/types.h in extern.h for various type definitions
+---
+ usr.bin/rsync/extern.h | 2 ++
+ usr.bin/rsync/socket.c | 1 +
+ 2 files changed, 3 insertions(+)
+
+diff --git a/usr.bin/rsync/extern.h b/usr.bin/rsync/extern.h
+index 305821be579..040588003a4 100644
+--- a/usr.bin/rsync/extern.h
++++ b/usr.bin/rsync/extern.h
+@@ -17,6 +17,8 @@
+ #ifndef EXTERN_H
+ #define EXTERN_H
+
++#include <sys/types.h>
++
+ /*
+ * This is the rsync protocol version that we support.
+ */
+diff --git a/usr.bin/rsync/socket.c b/usr.bin/rsync/socket.c
+index 36384d063a0..43d8d7d01af 100644
+--- a/usr.bin/rsync/socket.c
++++ b/usr.bin/rsync/socket.c
+@@ -28,6 +28,7 @@
+ #include <poll.h>
+ #include <resolv.h>
+ #include <stdlib.h>
++#include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
+ #include <err.h>
+--
+2.22.0
+
diff --git a/patches/0026-rsync-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch b/patches/0026-rsync-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch
new file mode 100644
index 0000000..39bc650
--- /dev/null
+++ b/patches/0026-rsync-Use-standard-S_ISVTX-instead-of-S_ISTXT.patch
@@ -0,0 +1,34 @@
+From b8ea0a7fc75f79d89f9f225da1112f477419d0bd Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 14 Jun 2019 12:42:15 -0700
+Subject: [PATCH] rsync: Use standard S_ISVTX instead of S_ISTXT
+
+---
+ usr.bin/rsync/receiver.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/usr.bin/rsync/receiver.c b/usr.bin/rsync/receiver.c
+index 5ffd3458b74..51f9ddf6a5c 100644
+--- a/usr.bin/rsync/receiver.c
++++ b/usr.bin/rsync/receiver.c
+@@ -86,7 +86,7 @@ rsync_set_metadata(struct sess *sess, int newfile,
+ "to user.group: %u.%u", f->path, uid, gid);
+ } else
+ LOG4("%s: updated uid and/or gid", f->path);
+- mode &= ~(S_ISTXT | S_ISUID | S_ISGID);
++ mode &= ~(S_ISVTX | S_ISUID | S_ISGID);
+ }
+
+ /* Conditionally adjust file permissions. */
+@@ -147,7 +147,7 @@ rsync_set_metadata_at(struct sess *sess, int newfile, int rootfd,
+ "to user.group: %u.%u", f->path, uid, gid);
+ } else
+ LOG4("%s: updated uid and/or gid", f->path);
+- mode &= ~(S_ISTXT | S_ISUID | S_ISGID);
++ mode &= ~(S_ISVTX | S_ISUID | S_ISGID);
+ }
+
+ /* Conditionally adjust file permissions. */
+--
+2.23.0
+
diff --git a/patches/0027-rsync-Use-1-instead-of-INFTIM-for-poll-timeout.patch b/patches/0027-rsync-Use-1-instead-of-INFTIM-for-poll-timeout.patch
new file mode 100644
index 0000000..6169131
--- /dev/null
+++ b/patches/0027-rsync-Use-1-instead-of-INFTIM-for-poll-timeout.patch
@@ -0,0 +1,25 @@
+From 588522657724047a2e4c838e62dfff5db41bd506 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 14 Jun 2019 12:44:02 -0700
+Subject: [PATCH] rsync: Use -1 instead of INFTIM for poll timeout
+
+---
+ usr.bin/rsync/extern.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr.bin/rsync/extern.h b/usr.bin/rsync/extern.h
+index 040588003a4..64a02349adc 100644
+--- a/usr.bin/rsync/extern.h
++++ b/usr.bin/rsync/extern.h
+@@ -47,7 +47,7 @@
+ * Use this for debugging deadlocks.
+ * All poll events will use it and catch time-outs.
+ */
+-#define POLL_TIMEOUT (INFTIM)
++#define POLL_TIMEOUT (-1)
+
+ /*
+ * Operating mode for a client or a server.
+--
+2.22.0
+
diff --git a/patches/0028-rsync-Avoid-pointer-arithmetic-on-void.patch b/patches/0028-rsync-Avoid-pointer-arithmetic-on-void.patch
new file mode 100644
index 0000000..885ce49
--- /dev/null
+++ b/patches/0028-rsync-Avoid-pointer-arithmetic-on-void.patch
@@ -0,0 +1,148 @@
+From bae6ab2cb50b4c5784dcd17207f145707c77f317 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sat, 15 Jun 2019 20:06:13 -0700
+Subject: [PATCH] rsync: Avoid pointer arithmetic on `void *`
+
+---
+ usr.bin/rsync/blocks.c | 8 ++++----
+ usr.bin/rsync/downloader.c | 2 +-
+ usr.bin/rsync/io.c | 12 ++++++------
+ usr.bin/rsync/sender.c | 4 ++--
+ 4 files changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c
+index 4f21a41833d..242590e5bae 100644
+--- a/usr.bin/rsync/blocks.c
++++ b/usr.bin/rsync/blocks.c
+@@ -157,7 +157,7 @@ blk_find(struct sess *sess, struct blkstat *st,
+ if (!recomp) {
+ fhash = (st->s1 & 0xFFFF) | (st->s2 << 16);
+ } else {
+- fhash = hash_fast(st->map + st->offs, (size_t)osz);
++ fhash = hash_fast((char *)st->map + st->offs, (size_t)osz);
+ st->s1 = fhash & 0xFFFF;
+ st->s2 = fhash >> 16;
+ }
+@@ -170,7 +170,7 @@ blk_find(struct sess *sess, struct blkstat *st,
+ if (st->hint < blks->blksz &&
+ fhash == blks->blks[st->hint].chksum_short &&
+ (size_t)osz == blks->blks[st->hint].len) {
+- hash_slow(st->map + st->offs, (size_t)osz, md, sess);
++ hash_slow((char *)st->map + st->offs, (size_t)osz, md, sess);
+ have_md = 1;
+ if (memcmp(md, blks->blks[st->hint].chksum_long, blks->csum) == 0) {
+ LOG4("%s: found matching hinted match: "
+@@ -203,7 +203,7 @@ blk_find(struct sess *sess, struct blkstat *st,
+ (intmax_t)ent->blk->offs, ent->blk->len);
+
+ if (have_md == 0) {
+- hash_slow(st->map + st->offs, (size_t)osz, md, sess);
++ hash_slow((char *)st->map + st->offs, (size_t)osz, md, sess);
+ have_md = 1;
+ }
+
+@@ -221,7 +221,7 @@ blk_find(struct sess *sess, struct blkstat *st,
+ * block in the sequence.
+ */
+
+- map = st->map + st->offs;
++ map = (char *)st->map + st->offs;
+ st->s1 -= map[0];
+ st->s2 -= osz * map[0];
+
+diff --git a/usr.bin/rsync/downloader.c b/usr.bin/rsync/downloader.c
+index 9ddb8600a73..36b086f74c8 100644
+--- a/usr.bin/rsync/downloader.c
++++ b/usr.bin/rsync/downloader.c
+@@ -495,7 +495,7 @@ again:
+ sz = tok == p->blk.blksz - 1 ? p->blk.rem : p->blk.len;
+ assert(sz);
+ assert(p->map != MAP_FAILED);
+- buf = p->map + (tok * p->blk.len);
++ buf = (char *)p->map + (tok * p->blk.len);
+
+ /*
+ * Now we read from our block.
+diff --git a/usr.bin/rsync/io.c b/usr.bin/rsync/io.c
+index 8d113d6d013..181458ced08 100644
+--- a/usr.bin/rsync/io.c
++++ b/usr.bin/rsync/io.c
+@@ -117,7 +117,7 @@ io_write_blocking(int fd, const void *buf, size_t sz)
+ ERRX("io_write_nonblocking: short write");
+ return 0;
+ }
+- buf += wsz;
++ buf = (char *)buf + wsz;
+ sz -= wsz;
+ }
+
+@@ -156,7 +156,7 @@ io_write_buf(struct sess *sess, int fd, const void *buf, size_t sz)
+ }
+ sess->total_write += wsz;
+ sz -= wsz;
+- buf += wsz;
++ buf = (char *)buf + wsz;
+ }
+
+ return 1;
+@@ -250,7 +250,7 @@ io_read_blocking(int fd, void *buf, size_t sz)
+ ERRX("io_read_nonblocking: short read");
+ return 0;
+ }
+- buf += rsz;
++ buf = (char *)buf + rsz;
+ sz -= rsz;
+ }
+
+@@ -367,7 +367,7 @@ io_read_buf(struct sess *sess, int fd, void *buf, size_t sz)
+ }
+ sz -= rsz;
+ sess->mplex_read_remain -= rsz;
+- buf += rsz;
++ buf = (char *)buf + rsz;
+ sess->total_read += rsz;
+ continue;
+ }
+@@ -463,7 +463,7 @@ io_buffer_buf(void *buf, size_t *bufpos, size_t buflen, const void *val,
+ {
+
+ assert(*bufpos + valsz <= buflen);
+- memcpy(buf + *bufpos, val, valsz);
++ memcpy((char *)buf + *bufpos, val, valsz);
+ *bufpos += valsz;
+ }
+
+@@ -661,7 +661,7 @@ io_unbuffer_buf(const void *buf, size_t *bufpos, size_t bufsz, void *val,
+ {
+
+ assert(*bufpos + valsz <= bufsz);
+- memcpy(val, buf + *bufpos, valsz);
++ memcpy(val, (char *)buf + *bufpos, valsz);
+ *bufpos += valsz;
+ }
+
+diff --git a/usr.bin/rsync/sender.c b/usr.bin/rsync/sender.c
+index 5f9850ee9d2..d6a1f55d1a9 100644
+--- a/usr.bin/rsync/sender.c
++++ b/usr.bin/rsync/sender.c
+@@ -128,7 +128,7 @@ send_up_fsm(struct sess *sess, size_t *phase,
+ return 0;
+ }
+ io_lowbuffer_buf(sess, *wb, &pos, *wbsz,
+- up->stat.map + up->stat.curpos, sz);
++ (char *)up->stat.map + up->stat.curpos, sz);
+
+ up->stat.curpos += sz;
+ if (up->stat.curpos == up->stat.curlen)
+@@ -569,7 +569,7 @@ rsync_sender(struct sess *sess, int fdin,
+ assert(pfd[2].fd == -1);
+ assert(wbufsz - wbufpos);
+ ssz = write(fdout,
+- wbuf + wbufpos, wbufsz - wbufpos);
++ (char *)wbuf + wbufpos, wbufsz - wbufpos);
+ if (ssz == -1) {
+ ERR("write");
+ goto out;
+--
+2.23.0
+
diff --git a/patches/0029-Include-sys-sysmacros.h-if-necessary.patch b/patches/0029-Include-sys-sysmacros.h-if-necessary.patch
new file mode 100644
index 0000000..6b64a04
--- /dev/null
+++ b/patches/0029-Include-sys-sysmacros.h-if-necessary.patch
@@ -0,0 +1,73 @@
+From a8d547a2cf005a00a111394464fc2692f426ceed Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 5 Aug 2019 21:42:54 -0700
+Subject: [PATCH] Include sys/sysmacros.h if necessary
+
+---
+ bin/pax/cpio.c | 4 ++++
+ bin/pax/gen_subs.c | 3 +++
+ bin/pax/tar.c | 3 +++
+ usr.bin/rsync/flist.c | 4 ++++
+ 4 files changed, 14 insertions(+)
+
+diff --git a/bin/pax/cpio.c b/bin/pax/cpio.c
+index 92fe965163a..3832b1e87aa 100644
+--- a/bin/pax/cpio.c
++++ b/bin/pax/cpio.c
+@@ -41,6 +41,10 @@
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <stdlib.h>
++#ifndef major
++#include <sys/sysmacros.h>
++#endif
++
+ #include "pax.h"
+ #include "cpio.h"
+ #include "extern.h"
+diff --git a/bin/pax/gen_subs.c b/bin/pax/gen_subs.c
+index 42c70804fb7..405dd2c24ed 100644
+--- a/bin/pax/gen_subs.c
++++ b/bin/pax/gen_subs.c
+@@ -45,6 +45,9 @@
+ #include <unistd.h>
+ #include <utmp.h>
+ #include <vis.h>
++#ifndef major
++#include <sys/sysmacros.h>
++#endif
+
+ #include "pax.h"
+ #include "extern.h"
+diff --git a/bin/pax/tar.c b/bin/pax/tar.c
+index a49a5e885fb..3bfa9444dd5 100644
+--- a/bin/pax/tar.c
++++ b/bin/pax/tar.c
+@@ -45,6 +45,9 @@
+ #include <stdlib.h>
+ #include <string.h>
+ #include <unistd.h>
++#ifndef major
++#include <sys/sysmacros.h>
++#endif
+
+ #include "pax.h"
+ #include "extern.h"
+diff --git a/usr.bin/rsync/flist.c b/usr.bin/rsync/flist.c
+index ac29ad47098..9680883ca77 100644
+--- a/usr.bin/rsync/flist.c
++++ b/usr.bin/rsync/flist.c
+@@ -17,6 +17,10 @@
+ */
+ #include <sys/param.h>
+ #include <sys/stat.h>
++#include <sys/types.h>
++#ifndef major
++#include <sys/sysmacros.h>
++#endif
+
+ #include <assert.h>
+ #include <errno.h>
+--
+2.22.0
+
diff --git a/patches/0030-nc-Portability-fixes-from-libressl-portable.patch b/patches/0030-nc-Portability-fixes-from-libressl-portable.patch
new file mode 100644
index 0000000..2c3cb23
--- /dev/null
+++ b/patches/0030-nc-Portability-fixes-from-libressl-portable.patch
@@ -0,0 +1,194 @@
+From 074f2b35512b16c9644c8bd878fa9ace208c17a6 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Mon, 2 Dec 2019 21:11:04 -0800
+Subject: [PATCH] nc: Portability fixes from libressl-portable
+
+---
+ usr.bin/nc/netcat.c | 55 +++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 48 insertions(+), 7 deletions(-)
+
+diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c
+index 503095584ad..f052766213e 100644
+--- a/usr.bin/nc/netcat.c
++++ b/usr.bin/nc/netcat.c
+@@ -93,9 +93,13 @@ int zflag; /* Port Scan Flag */
+ int Dflag; /* sodebug */
+ int Iflag; /* TCP receive buffer size */
+ int Oflag; /* TCP send buffer size */
++#ifdef TCP_MD5SIG
+ int Sflag; /* TCP MD5 signature option */
++#endif
+ int Tflag = -1; /* IP Type of Service */
++#ifdef SO_RTABLE
+ int rtableid = -1;
++#endif
+
+ int usetls; /* use TLS */
+ const char *Cflag; /* Public cert file */
+@@ -269,12 +273,14 @@ main(int argc, char *argv[])
+ case 'u':
+ uflag = 1;
+ break;
++#ifdef SO_RTABLE
+ case 'V':
+ rtableid = (int)strtonum(optarg, 0,
+ RT_TABLEID_MAX, &errstr);
+ if (errstr)
+ errx(1, "rtable %s: %s", errstr, optarg);
+ break;
++#endif
+ case 'v':
+ vflag = 1;
+ break;
+@@ -321,9 +327,11 @@ main(int argc, char *argv[])
+ case 'o':
+ oflag = optarg;
+ break;
++#ifdef TCP_MD5SIG
+ case 'S':
+ Sflag = 1;
+ break;
++#endif
+ case 'T':
+ errstr = NULL;
+ errno = 0;
+@@ -347,9 +355,11 @@ main(int argc, char *argv[])
+ argc -= optind;
+ argv += optind;
+
++#ifdef SO_RTABLE
+ if (rtableid >= 0)
+ if (setrtable(rtableid) == -1)
+ err(1, "setrtable");
++#endif
+
+ /* Cruft to make sure options are clean, and used properly. */
+ if (argc == 1 && family == AF_UNIX) {
+@@ -947,7 +957,10 @@ remote_connect(const char *host, const char *port, struct addrinfo hints,
+ char *ipaddr)
+ {
+ struct addrinfo *res, *res0;
+- int s = -1, error, herr, on = 1, save_errno;
++ int s = -1, error, herr, save_errno;
++#ifdef SO_BINDANY
++ int on = 1;
++#endif
+
+ if ((error = getaddrinfo(host, port, &hints, &res0)))
+ errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
+@@ -962,8 +975,10 @@ remote_connect(const char *host, const char *port, struct addrinfo hints,
+ if (sflag || pflag) {
+ struct addrinfo ahints, *ares;
+
++#ifdef SO_BINDANY
+ /* try SO_BINDANY, but don't insist */
+ setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
++#endif
+ memset(&ahints, 0, sizeof(struct addrinfo));
+ ahints.ai_family = res->ai_family;
+ ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
+@@ -1055,8 +1070,11 @@ int
+ local_listen(const char *host, const char *port, struct addrinfo hints)
+ {
+ struct addrinfo *res, *res0;
+- int s = -1, ret, x = 1, save_errno;
++ int s = -1, save_errno;
+ int error;
++#ifdef SO_REUSEPORT
++ int ret, x = 1;
++#endif
+
+ /* Allow nodename to be null. */
+ hints.ai_flags |= AI_PASSIVE;
+@@ -1076,9 +1094,11 @@ local_listen(const char *host, const char *port, struct addrinfo hints)
+ res->ai_protocol)) == -1)
+ continue;
+
++#ifdef SO_REUSEPORT
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
+ if (ret == -1)
+ err(1, NULL);
++#endif
+
+ set_common_sockopts(s, res->ai_family);
+
+@@ -1548,11 +1568,13 @@ set_common_sockopts(int s, int af)
+ {
+ int x = 1;
+
++#ifdef TCP_MD5SIG
+ if (Sflag) {
+ if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
+ &x, sizeof(x)) == -1)
+ err(1, NULL);
+ }
++#endif
+ if (Dflag) {
+ if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
+ &x, sizeof(x)) == -1)
+@@ -1563,9 +1585,16 @@ set_common_sockopts(int s, int af)
+ IP_TOS, &Tflag, sizeof(Tflag)) == -1)
+ err(1, "set IP ToS");
+
++#ifdef IPV6_TCLASS
+ else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
+ err(1, "set IPv6 traffic class");
++#else
++ else if (af == AF_INET6) {
++ errno = ENOPROTOOPT;
++ err(1, "set IPv6 traffic class not supported");
++ }
++#endif
+ }
+ if (Iflag) {
+ if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
+@@ -1589,13 +1618,17 @@ set_common_sockopts(int s, int af)
+ }
+
+ if (minttl != -1) {
++#ifdef IP_MINTTL
+ if (af == AF_INET && setsockopt(s, IPPROTO_IP,
+ IP_MINTTL, &minttl, sizeof(minttl)))
+ err(1, "set IP min TTL");
++#endif
+
+- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
++#ifdef IPV6_MINHOPCOUNT
++ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+ IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
+ err(1, "set IPv6 min hop count");
++#endif
+ }
+ }
+
+@@ -1820,14 +1853,22 @@ help(void)
+ \t-P proxyuser\tUsername for proxy authentication\n\
+ \t-p port\t Specify local port for remote connects\n\
+ \t-R CAfile CA bundle\n\
+- \t-r Randomize remote ports\n\
+- \t-S Enable the TCP MD5 signature option\n\
++ \t-r Randomize remote ports\n"
++#ifdef TCP_MD5SIG
++ "\
++ \t-S Enable the TCP MD5 signature option\n"
++#endif
++ "\
+ \t-s sourceaddr Local source address\n\
+ \t-T keyword TOS value or TLS options\n\
+ \t-t Answer TELNET negotiation\n\
+ \t-U Use UNIX domain socket\n\
+- \t-u UDP mode\n\
+- \t-V rtable Specify alternate routing table\n\
++ \t-u UDP mode\n"
++#ifdef SO_RTABLE
++ "\
++ \t-V rtable Specify alternate routing table\n"
++#endif
++ "\
+ \t-v Verbose\n\
+ \t-W recvlimit Terminate after receiving a number of packets\n\
+ \t-w timeout Timeout for connects and final net reads\n\
+--
+2.26.2
+
diff --git a/patches/0031-pax-Ignore-EOPNOTSUPP-from-fchmodat.patch b/patches/0031-pax-Ignore-EOPNOTSUPP-from-fchmodat.patch
new file mode 100644
index 0000000..2b0a5f2
--- /dev/null
+++ b/patches/0031-pax-Ignore-EOPNOTSUPP-from-fchmodat.patch
@@ -0,0 +1,26 @@
+From 0f49ae38698a163f7954d28bbaba473b6bf28239 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Fri, 10 Jan 2020 21:40:03 -0800
+Subject: [PATCH] pax: Ignore EOPNOTSUPP from fchmodat
+
+Linux does not support changing the mode of symlinks.
+---
+ bin/pax/file_subs.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/bin/pax/file_subs.c b/bin/pax/file_subs.c
+index 8aa3d249923..2c0994feca6 100644
+--- a/bin/pax/file_subs.c
++++ b/bin/pax/file_subs.c
+@@ -795,7 +795,7 @@ void
+ set_pmode(char *fnm, mode_t mode)
+ {
+ mode &= ABITS;
+- if (fchmodat(AT_FDCWD, fnm, mode, AT_SYMLINK_NOFOLLOW) == -1)
++ if (fchmodat(AT_FDCWD, fnm, mode, AT_SYMLINK_NOFOLLOW) == -1 && errno != EOPNOTSUPP)
+ syswarn(1, errno, "Could not set permissions on %s", fnm);
+ }
+
+--
+2.26.2
+
diff --git a/patches/0032-acme-client-Fix-build-with-old-bison-versions.patch b/patches/0032-acme-client-Fix-build-with-old-bison-versions.patch
new file mode 100644
index 0000000..5063920
--- /dev/null
+++ b/patches/0032-acme-client-Fix-build-with-old-bison-versions.patch
@@ -0,0 +1,24 @@
+From c3aab43559f17feb64a29f8b0d395532cb423e8b Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Wed, 15 Apr 2020 20:26:16 -0700
+Subject: [PATCH] acme-client: Fix build with old bison versions
+
+---
+ usr.sbin/acme-client/parse.y | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/usr.sbin/acme-client/parse.y b/usr.sbin/acme-client/parse.y
+index 20818328d92..f392e516b63 100644
+--- a/usr.sbin/acme-client/parse.y
++++ b/usr.sbin/acme-client/parse.y
+@@ -97,6 +97,7 @@ typedef struct {
+ } v;
+ int lineno;
+ } YYSTYPE;
++#define YYSTYPE_IS_DECLARED 1
+
+ %}
+
+--
+2.26.1
+
diff --git a/patches/0033-rsync-Add-implementation-of-MD4.patch b/patches/0033-rsync-Add-implementation-of-MD4.patch
new file mode 100644
index 0000000..fc02ee8
--- /dev/null
+++ b/patches/0033-rsync-Add-implementation-of-MD4.patch
@@ -0,0 +1,414 @@
+From 7fd1cb22e4d028d19ae1a02e50a6fac2c8e26773 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Wed, 15 Apr 2020 22:10:06 -0700
+Subject: [PATCH] rsync: Add implementation of MD4
+
+---
+ usr.bin/rsync/Makefile | 6 +-
+ usr.bin/rsync/blocks.c | 2 +-
+ usr.bin/rsync/downloader.c | 2 +-
+ usr.bin/rsync/hash.c | 2 +-
+ usr.bin/rsync/md4.c | 266 +++++++++++++++++++++++++++++++++++++
+ usr.bin/rsync/md4.h | 47 +++++++
+ usr.bin/rsync/sender.c | 2 +-
+ 7 files changed, 320 insertions(+), 7 deletions(-)
+ create mode 100644 usr.bin/rsync/md4.c
+ create mode 100644 usr.bin/rsync/md4.h
+
+diff --git a/usr.bin/rsync/Makefile b/usr.bin/rsync/Makefile
+index d7af8bd0a87..e04a0268392 100644
+--- a/usr.bin/rsync/Makefile
++++ b/usr.bin/rsync/Makefile
+@@ -3,9 +3,9 @@
+ PROG= openrsync
+ SRCS= blocks.c client.c downloader.c fargs.c flist.c hash.c ids.c \
+ io.c log.c mkpath.c mktemp.c receiver.c sender.c server.c session.c \
+- socket.c symlinks.c uploader.c main.c misc.c
+-LDADD+= -lcrypto -lm
+-DPADD+= ${LIBCRYPTO} ${LIBM}
++ socket.c symlinks.c uploader.c main.c misc.c md4.c
++LDADD+= -lm
++DPADD+= ${LIBM}
+ MAN= openrsync.1
+
+ CFLAGS+=-g -W -Wall -Wextra
+diff --git a/usr.bin/rsync/blocks.c b/usr.bin/rsync/blocks.c
+index 242590e5bae..8c1564005e2 100644
+--- a/usr.bin/rsync/blocks.c
++++ b/usr.bin/rsync/blocks.c
+@@ -26,7 +26,7 @@
+ #include <string.h>
+ #include <unistd.h>
+
+-#include <openssl/md4.h>
++#include "md4.h"
+
+ #include "extern.h"
+
+diff --git a/usr.bin/rsync/downloader.c b/usr.bin/rsync/downloader.c
+index 36b086f74c8..26d1b531f85 100644
+--- a/usr.bin/rsync/downloader.c
++++ b/usr.bin/rsync/downloader.c
+@@ -28,7 +28,7 @@
+ #include <time.h>
+ #include <unistd.h>
+
+-#include <openssl/md4.h>
++#include "md4.h"
+
+ #include "extern.h"
+
+diff --git a/usr.bin/rsync/hash.c b/usr.bin/rsync/hash.c
+index edad21f13a6..6cb131b4b3e 100644
+--- a/usr.bin/rsync/hash.c
++++ b/usr.bin/rsync/hash.c
+@@ -21,7 +21,7 @@
+ #include <stdint.h>
+ #include <stdlib.h>
+
+-#include <openssl/md4.h>
++#include "md4.h"
+
+ #include "extern.h"
+
+diff --git a/usr.bin/rsync/md4.c b/usr.bin/rsync/md4.c
+new file mode 100644
+index 00000000000..528f985563f
+--- /dev/null
++++ b/usr.bin/rsync/md4.c
+@@ -0,0 +1,266 @@
++/*
++ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
++ * MD4 Message-Digest Algorithm (RFC 1320).
++ *
++ * Homepage:
++ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
++ *
++ * Author:
++ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
++ *
++ * This software was written by Alexander Peslyak in 2001. No copyright is
++ * claimed, and the software is hereby placed in the public domain.
++ * In case this attempt to disclaim copyright and place the software in the
++ * public domain is deemed null and void, then the software is
++ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
++ * general public under the following terms:
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted.
++ *
++ * There's ABSOLUTELY NO WARRANTY, express or implied.
++ *
++ * (This is a heavily cut-down "BSD license".)
++ *
++ * This differs from Colin Plumb's older public domain implementation in that
++ * no exactly 32-bit integer data type is required (any 32-bit or wider
++ * unsigned integer data type will do), there's no compile-time endianness
++ * configuration, and the function prototypes match OpenSSL's. No code from
++ * Colin Plumb's implementation has been reused; this comment merely compares
++ * the properties of the two independent implementations.
++ *
++ * The primary goals of this implementation are portability and ease of use.
++ * It is meant to be fast, but not as fast as possible. Some known
++ * optimizations are not included to reduce source code size and avoid
++ * compile-time configuration.
++ */
++
++#include <string.h>
++
++#include "md4.h"
++
++/*
++ * The basic MD4 functions.
++ *
++ * F and G are optimized compared to their RFC 1320 definitions, with the
++ * optimization for F borrowed from Colin Plumb's MD5 implementation.
++ */
++#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
++#define G(x, y, z) (((x) & ((y) | (z))) | ((y) & (z)))
++#define H(x, y, z) ((x) ^ (y) ^ (z))
++
++/*
++ * The MD4 transformation for all three rounds.
++ */
++#define STEP(f, a, b, c, d, x, s) \
++ (a) += f((b), (c), (d)) + (x); \
++ (a) = (((a) << (s)) | (((a) & 0xffffffff) >> (32 - (s))));
++
++/*
++ * SET reads 4 input bytes in little-endian byte order and stores them in a
++ * properly aligned word in host byte order.
++ *
++ * The check for little-endian architectures that tolerate unaligned memory
++ * accesses is just an optimization. Nothing will break if it fails to detect
++ * a suitable architecture.
++ *
++ * Unfortunately, this optimization may be a C strict aliasing rules violation
++ * if the caller's data buffer has effective type that cannot be aliased by
++ * MD4_u32plus. In practice, this problem may occur if these MD4 routines are
++ * inlined into a calling function, or with future and dangerously advanced
++ * link-time optimizations. For the time being, keeping these MD4 routines in
++ * their own translation unit avoids the problem.
++ */
++#if defined(__i386__) || defined(__x86_64__) || defined(__vax__)
++#define SET(n) \
++ (*(MD4_u32plus *)&ptr[(n) * 4])
++#define GET(n) \
++ SET(n)
++#else
++#define SET(n) \
++ (ctx->block[(n)] = \
++ (MD4_u32plus)ptr[(n) * 4] | \
++ ((MD4_u32plus)ptr[(n) * 4 + 1] << 8) | \
++ ((MD4_u32plus)ptr[(n) * 4 + 2] << 16) | \
++ ((MD4_u32plus)ptr[(n) * 4 + 3] << 24))
++#define GET(n) \
++ (ctx->block[(n)])
++#endif
++
++/*
++ * This processes one or more 64-byte data blocks, but does NOT update the bit
++ * counters. There are no alignment requirements.
++ */
++static const void *body(MD4_CTX *ctx, const void *data, unsigned long size)
++{
++ const unsigned char *ptr;
++ MD4_u32plus a, b, c, d;
++ MD4_u32plus saved_a, saved_b, saved_c, saved_d;
++ const MD4_u32plus ac1 = 0x5a827999, ac2 = 0x6ed9eba1;
++
++ ptr = (const unsigned char *)data;
++
++ a = ctx->a;
++ b = ctx->b;
++ c = ctx->c;
++ d = ctx->d;
++
++ do {
++ saved_a = a;
++ saved_b = b;
++ saved_c = c;
++ saved_d = d;
++
++/* Round 1 */
++ STEP(F, a, b, c, d, SET(0), 3)
++ STEP(F, d, a, b, c, SET(1), 7)
++ STEP(F, c, d, a, b, SET(2), 11)
++ STEP(F, b, c, d, a, SET(3), 19)
++ STEP(F, a, b, c, d, SET(4), 3)
++ STEP(F, d, a, b, c, SET(5), 7)
++ STEP(F, c, d, a, b, SET(6), 11)
++ STEP(F, b, c, d, a, SET(7), 19)
++ STEP(F, a, b, c, d, SET(8), 3)
++ STEP(F, d, a, b, c, SET(9), 7)
++ STEP(F, c, d, a, b, SET(10), 11)
++ STEP(F, b, c, d, a, SET(11), 19)
++ STEP(F, a, b, c, d, SET(12), 3)
++ STEP(F, d, a, b, c, SET(13), 7)
++ STEP(F, c, d, a, b, SET(14), 11)
++ STEP(F, b, c, d, a, SET(15), 19)
++
++/* Round 2 */
++ STEP(G, a, b, c, d, GET(0) + ac1, 3)
++ STEP(G, d, a, b, c, GET(4) + ac1, 5)
++ STEP(G, c, d, a, b, GET(8) + ac1, 9)
++ STEP(G, b, c, d, a, GET(12) + ac1, 13)
++ STEP(G, a, b, c, d, GET(1) + ac1, 3)
++ STEP(G, d, a, b, c, GET(5) + ac1, 5)
++ STEP(G, c, d, a, b, GET(9) + ac1, 9)
++ STEP(G, b, c, d, a, GET(13) + ac1, 13)
++ STEP(G, a, b, c, d, GET(2) + ac1, 3)
++ STEP(G, d, a, b, c, GET(6) + ac1, 5)
++ STEP(G, c, d, a, b, GET(10) + ac1, 9)
++ STEP(G, b, c, d, a, GET(14) + ac1, 13)
++ STEP(G, a, b, c, d, GET(3) + ac1, 3)
++ STEP(G, d, a, b, c, GET(7) + ac1, 5)
++ STEP(G, c, d, a, b, GET(11) + ac1, 9)
++ STEP(G, b, c, d, a, GET(15) + ac1, 13)
++
++/* Round 3 */
++ STEP(H, a, b, c, d, GET(0) + ac2, 3)
++ STEP(H, d, a, b, c, GET(8) + ac2, 9)
++ STEP(H, c, d, a, b, GET(4) + ac2, 11)
++ STEP(H, b, c, d, a, GET(12) + ac2, 15)
++ STEP(H, a, b, c, d, GET(2) + ac2, 3)
++ STEP(H, d, a, b, c, GET(10) + ac2, 9)
++ STEP(H, c, d, a, b, GET(6) + ac2, 11)
++ STEP(H, b, c, d, a, GET(14) + ac2, 15)
++ STEP(H, a, b, c, d, GET(1) + ac2, 3)
++ STEP(H, d, a, b, c, GET(9) + ac2, 9)
++ STEP(H, c, d, a, b, GET(5) + ac2, 11)
++ STEP(H, b, c, d, a, GET(13) + ac2, 15)
++ STEP(H, a, b, c, d, GET(3) + ac2, 3)
++ STEP(H, d, a, b, c, GET(11) + ac2, 9)
++ STEP(H, c, d, a, b, GET(7) + ac2, 11)
++ STEP(H, b, c, d, a, GET(15) + ac2, 15)
++
++ a += saved_a;
++ b += saved_b;
++ c += saved_c;
++ d += saved_d;
++
++ ptr += 64;
++ } while (size -= 64);
++
++ ctx->a = a;
++ ctx->b = b;
++ ctx->c = c;
++ ctx->d = d;
++
++ return ptr;
++}
++
++void MD4_Init(MD4_CTX *ctx)
++{
++ ctx->a = 0x67452301;
++ ctx->b = 0xefcdab89;
++ ctx->c = 0x98badcfe;
++ ctx->d = 0x10325476;
++
++ ctx->lo = 0;
++ ctx->hi = 0;
++}
++
++void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size)
++{
++ MD4_u32plus saved_lo;
++ unsigned long used, available;
++
++ saved_lo = ctx->lo;
++ if ((ctx->lo = (saved_lo + size) & 0x1fffffff) < saved_lo)
++ ctx->hi++;
++ ctx->hi += size >> 29;
++
++ used = saved_lo & 0x3f;
++
++ if (used) {
++ available = 64 - used;
++
++ if (size < available) {
++ memcpy(&ctx->buffer[used], data, size);
++ return;
++ }
++
++ memcpy(&ctx->buffer[used], data, available);
++ data = (const unsigned char *)data + available;
++ size -= available;
++ body(ctx, ctx->buffer, 64);
++ }
++
++ if (size >= 64) {
++ data = body(ctx, data, size & ~(unsigned long)0x3f);
++ size &= 0x3f;
++ }
++
++ memcpy(ctx->buffer, data, size);
++}
++
++#define OUT(dst, src) \
++ (dst)[0] = (unsigned char)(src); \
++ (dst)[1] = (unsigned char)((src) >> 8); \
++ (dst)[2] = (unsigned char)((src) >> 16); \
++ (dst)[3] = (unsigned char)((src) >> 24);
++
++void MD4_Final(unsigned char *result, MD4_CTX *ctx)
++{
++ unsigned long used, available;
++
++ used = ctx->lo & 0x3f;
++
++ ctx->buffer[used++] = 0x80;
++
++ available = 64 - used;
++
++ if (available < 8) {
++ memset(&ctx->buffer[used], 0, available);
++ body(ctx, ctx->buffer, 64);
++ used = 0;
++ available = 64;
++ }
++
++ memset(&ctx->buffer[used], 0, available - 8);
++
++ ctx->lo <<= 3;
++ OUT(&ctx->buffer[56], ctx->lo)
++ OUT(&ctx->buffer[60], ctx->hi)
++
++ body(ctx, ctx->buffer, 64);
++
++ OUT(&result[0], ctx->a)
++ OUT(&result[4], ctx->b)
++ OUT(&result[8], ctx->c)
++ OUT(&result[12], ctx->d)
++
++ memset(ctx, 0, sizeof(*ctx));
++}
+diff --git a/usr.bin/rsync/md4.h b/usr.bin/rsync/md4.h
+new file mode 100644
+index 00000000000..ebf5bb555a0
+--- /dev/null
++++ b/usr.bin/rsync/md4.h
+@@ -0,0 +1,47 @@
++/*
++ * This is an OpenSSL-compatible implementation of the RSA Data Security, Inc.
++ * MD4 Message-Digest Algorithm (RFC 1320).
++ *
++ * Homepage:
++ * http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
++ *
++ * Author:
++ * Alexander Peslyak, better known as Solar Designer <solar at openwall.com>
++ *
++ * This software was written by Alexander Peslyak in 2001. No copyright is
++ * claimed, and the software is hereby placed in the public domain.
++ * In case this attempt to disclaim copyright and place the software in the
++ * public domain is deemed null and void, then the software is
++ * Copyright (c) 2001 Alexander Peslyak and it is hereby released to the
++ * general public under the following terms:
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted.
++ *
++ * There's ABSOLUTELY NO WARRANTY, express or implied.
++ *
++ * See md4.c for more information.
++ */
++
++#ifndef _MD4_H
++#define _MD4_H
++
++#include <stdint.h>
++
++#define MD4_DIGEST_LENGTH 16
++
++/* Any 32-bit or wider unsigned integer data type will do */
++typedef uint_fast32_t MD4_u32plus;
++
++typedef struct {
++ MD4_u32plus lo, hi;
++ MD4_u32plus a, b, c, d;
++ unsigned char buffer[64];
++ MD4_u32plus block[16];
++} MD4_CTX;
++
++extern void MD4_Init(MD4_CTX *ctx);
++extern void MD4_Update(MD4_CTX *ctx, const void *data, unsigned long size);
++extern void MD4_Final(unsigned char *result, MD4_CTX *ctx);
++
++#endif
+diff --git a/usr.bin/rsync/sender.c b/usr.bin/rsync/sender.c
+index d6a1f55d1a9..3dacfc3709d 100644
+--- a/usr.bin/rsync/sender.c
++++ b/usr.bin/rsync/sender.c
+@@ -26,7 +26,7 @@
+ #include <string.h>
+ #include <unistd.h>
+
+-#include <openssl/md4.h>
++#include "md4.h"
+
+ #include "extern.h"
+
+--
+2.26.1
+
diff --git a/patches/0034-pax-Fix-some-incorrect-format-specifiers.patch b/patches/0034-pax-Fix-some-incorrect-format-specifiers.patch
new file mode 100644
index 0000000..05dd7d3
--- /dev/null
+++ b/patches/0034-pax-Fix-some-incorrect-format-specifiers.patch
@@ -0,0 +1,48 @@
+From f855b534ca2c34c3691a0c89d1be482a33a3610c Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Thu, 4 Jun 2020 21:36:11 -0700
+Subject: [PATCH] pax: Fix some incorrect format specifiers
+
+---
+ bin/pax/cpio.c | 2 +-
+ bin/pax/gen_subs.c | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/bin/pax/cpio.c b/bin/pax/cpio.c
+index 3832b1e87aa..769a9dfb990 100644
+--- a/bin/pax/cpio.c
++++ b/bin/pax/cpio.c
+@@ -214,7 +214,7 @@ rd_ln_nm(ARCHD *arcn)
+ */
+ if ((arcn->sb.st_size <= 0) ||
+ (arcn->sb.st_size >= (off_t)sizeof(arcn->ln_name))) {
+- paxwarn(1, "Cpio link name length is invalid: %lld",
++ paxwarn(1, "Cpio link name length is invalid: %zu",
+ arcn->sb.st_size);
+ return(-1);
+ }
+diff --git a/bin/pax/gen_subs.c b/bin/pax/gen_subs.c
+index 405dd2c24ed..7eb82007e3b 100644
+--- a/bin/pax/gen_subs.c
++++ b/bin/pax/gen_subs.c
+@@ -109,7 +109,7 @@ ls_list(ARCHD *arcn, time_t now, FILE *fp)
+ if (strftime(f_date, sizeof(f_date), TIMEFMT(sbp->st_mtime, now),
+ localtime(&(sbp->st_mtime))) == 0)
+ f_date[0] = '\0';
+- (void)fprintf(fp, "%s%2u %-*.*s %-*.*s ", f_mode, sbp->st_nlink,
++ (void)fprintf(fp, "%s%2u %-*.*s %-*.*s ", f_mode, (unsigned)sbp->st_nlink,
+ NAME_WIDTH, UT_NAMESIZE, user_from_uid(sbp->st_uid, 0),
+ NAME_WIDTH, UT_NAMESIZE, group_from_gid(sbp->st_gid, 0));
+
+@@ -121,7 +121,7 @@ ls_list(ARCHD *arcn, time_t now, FILE *fp)
+ (unsigned long)MAJOR(sbp->st_rdev),
+ (unsigned long)MINOR(sbp->st_rdev));
+ else {
+- (void)fprintf(fp, "%9llu ", sbp->st_size);
++ (void)fprintf(fp, "%9zu ", sbp->st_size);
+ }
+
+ /*
+--
+2.27.0
+
diff --git a/patches/0035-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch b/patches/0035-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch
new file mode 100644
index 0000000..ecf17ad
--- /dev/null
+++ b/patches/0035-pax-Use-memcpy-to-set-TMAGIC-and-TVERSION-to-avoid-w.patch
@@ -0,0 +1,27 @@
+From b6eaf185d9a9c39e31c638ac162ec5f5a364e94d Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Thu, 4 Jun 2020 21:44:26 -0700
+Subject: [PATCH] pax: Use memcpy to set TMAGIC and TVERSION to avoid warning
+
+---
+ bin/pax/tar.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/bin/pax/tar.c b/bin/pax/tar.c
+index 8c9e4baea9c..c62705b2199 100644
+--- a/bin/pax/tar.c
++++ b/bin/pax/tar.c
+@@ -1030,8 +1030,8 @@ ustar_wr(ARCHD *arcn)
+ break;
+ }
+
+- strncpy(hd->magic, TMAGIC, TMAGLEN);
+- strncpy(hd->version, TVERSION, TVERSLEN);
++ memcpy(hd->magic, TMAGIC, TMAGLEN);
++ memcpy(hd->version, TVERSION, TVERSLEN);
+
+ /*
+ * set the remaining fields. Some versions want all 16 bits of mode
+--
+2.27.0
+
diff --git a/patches/0036-rsync-Fix-some-incorrect-format-specifiers.patch b/patches/0036-rsync-Fix-some-incorrect-format-specifiers.patch
new file mode 100644
index 0000000..14d9a00
--- /dev/null
+++ b/patches/0036-rsync-Fix-some-incorrect-format-specifiers.patch
@@ -0,0 +1,25 @@
+From dbec208559b72489671f119e695a4c340a288803 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Thu, 4 Jun 2020 21:36:24 -0700
+Subject: [PATCH] rsync: Fix some incorrect format specifiers
+
+---
+ usr.bin/rsync/uploader.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/usr.bin/rsync/uploader.c b/usr.bin/rsync/uploader.c
+index 38d5d24fcc7..bf82896d221 100644
+--- a/usr.bin/rsync/uploader.c
++++ b/usr.bin/rsync/uploader.c
+@@ -945,7 +945,7 @@ rsync_uploader(struct upload *u, int *fileinfd,
+ init_blk(&blk.blks[i], &blk, offs, i, mbuf, sess);
+ offs += blk.len;
+ LOG3(
+- "i=%ld, offs=%lld, msz=%ld, blk.len=%lu, blk.rem=%lu",
++ "i=%zu, offs=%td, msz=%zd, blk.len=%zu, blk.rem=%zu",
+ i, offs, msz, blk.len, blk.rem);
+ i++;
+ } while (i < blk.blksz);
+--
+2.27.0
+
diff --git a/patches/0037-m4-Declare-dopaste-only-when-it-s-used.patch b/patches/0037-m4-Declare-dopaste-only-when-it-s-used.patch
new file mode 100644
index 0000000..3d3ccfd
--- /dev/null
+++ b/patches/0037-m4-Declare-dopaste-only-when-it-s-used.patch
@@ -0,0 +1,26 @@
+From 666a050e706230ba5b0316a316100d8c7e86c93c Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Thu, 4 Jun 2020 21:42:18 -0700
+Subject: [PATCH] m4: Declare dopaste only when it's used
+
+---
+ usr.bin/m4/eval.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/usr.bin/m4/eval.c b/usr.bin/m4/eval.c
+index d226505cab3..fe9fbde3d9c 100644
+--- a/usr.bin/m4/eval.c
++++ b/usr.bin/m4/eval.c
+@@ -61,7 +61,9 @@ static void dodump(const char *[], int);
+ static void dotrace(const char *[], int, int);
+ static void doifelse(const char *[], int);
+ static int doincl(const char *);
++#ifdef EXTENDED
+ static int dopaste(const char *);
++#endif
+ static void dochq(const char *[], int);
+ static void dochc(const char *[], int);
+ static void dom4wrap(const char *);
+--
+2.27.0
+
diff --git a/patches/0038-sha2-add-missing-include.patch b/patches/0038-sha2-add-missing-include.patch
new file mode 100644
index 0000000..3bde964
--- /dev/null
+++ b/patches/0038-sha2-add-missing-include.patch
@@ -0,0 +1,11 @@
+--- a/lib/libc/hash/sha2.c 2019-07-23 15:35:22.000000000 +0300
++++ b/lib/libc/hash/sha2.c 2020-10-15 16:36:04.849056534 +0300
+@@ -35,6 +35,8 @@
+ */
+
+ #include <sys/types.h>
++#include <sys/cdefs.h>
++#include <sys/compat.h>
+
+ #include <string.h>
+ #include <sha2.h>
diff --git a/patches/0039-bcrypt-add-cdefs.patch b/patches/0039-bcrypt-add-cdefs.patch
new file mode 100644
index 0000000..1182442
--- /dev/null
+++ b/patches/0039-bcrypt-add-cdefs.patch
@@ -0,0 +1,10 @@
+--- a/lib/libutil/bcrypt_pbkdf.c 2019-11-21 19:13:39.000000000 +0300
++++ b/lib/libutil/bcrypt_pbkdf.c 2020-10-15 17:25:45.569164914 +0300
+@@ -16,6 +16,7 @@
+ */
+
+ #include <sys/types.h>
++#include <sys/cdefs.h>
+
+ #include <stdint.h>
+ #include <stdlib.h>
diff --git a/patches/0040-mandoc-port-to-musl.patch b/patches/0040-mandoc-port-to-musl.patch
new file mode 100644
index 0000000..fe2b769
--- /dev/null
+++ b/patches/0040-mandoc-port-to-musl.patch
@@ -0,0 +1,159 @@
+Apart from some definitions and includes, this patch also removes the LESS -T
+call so that other implementations of LESS (such as busybox) work as well.
+diff -upr a/usr.bin/mandoc/chars.c b/usr.bin/mandoc/chars.c
+--- a/usr.bin/mandoc/chars.c 2020-02-13 19:16:03.000000000 +0300
++++ b/usr.bin/mandoc/chars.c 2020-10-15 20:28:37.865510442 +0300
+@@ -16,6 +16,7 @@
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+
+ #include <assert.h>
+diff -upr a/usr.bin/mandoc/dba.c b/usr.bin/mandoc/dba.c
+--- a/usr.bin/mandoc/dba.c 2017-02-09 21:26:17.000000000 +0300
++++ b/usr.bin/mandoc/dba.c 2020-10-15 20:14:07.403360262 +0300
+@@ -17,6 +17,7 @@
+ * Allocation-based version of the mandoc database, for read-write access.
+ * The interface is defined in "dba.h".
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <endian.h>
+ #include <errno.h>
+diff -upr a/usr.bin/mandoc/dbm.c b/usr.bin/mandoc/dbm.c
+--- a/usr.bin/mandoc/dbm.c 2019-07-02 01:43:03.000000000 +0300
++++ b/usr.bin/mandoc/dbm.c 2020-10-15 20:15:44.217488475 +0300
+@@ -31,6 +31,10 @@
+ #include "dbm_map.h"
+ #include "dbm.h"
+
++#ifndef EFTYPE
++#define EFTYPE 79
++#endif
++
+ struct macro {
+ int32_t value;
+ int32_t pages;
+diff -upr a/usr.bin/mandoc/dbm_map.c b/usr.bin/mandoc/dbm_map.c
+--- a/usr.bin/mandoc/dbm_map.c 2017-02-09 21:26:17.000000000 +0300
++++ b/usr.bin/mandoc/dbm_map.c 2020-10-15 20:16:40.740563806 +0300
+@@ -36,6 +36,10 @@
+ #include "dbm_map.h"
+ #include "dbm.h"
+
++#ifndef EFTYPE
++#define EFTYPE 79
++#endif
++
+ static struct stat st;
+ static char *dbm_base;
+ static int ifd;
+diff -upr a/usr.bin/mandoc/html.c b/usr.bin/mandoc/html.c
+--- a/usr.bin/mandoc/html.c 2020-04-20 15:59:24.000000000 +0300
++++ b/usr.bin/mandoc/html.c 2020-10-15 20:31:07.733706743 +0300
+@@ -18,6 +18,7 @@
+ * Common functions for mandoc(1) HTML formatters.
+ * For use by individual formatters and by the main program.
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <sys/stat.h>
+
+diff -upr a/usr.bin/mandoc/main.c b/usr.bin/mandoc/main.c
+--- a/usr.bin/mandoc/main.c 2020-04-03 01:10:27.000000000 +0300
++++ b/usr.bin/mandoc/main.c 2020-10-15 20:36:12.432111094 +0300
+@@ -405,8 +405,10 @@ main(int argc, char *argv[])
+ }
+ if (search.arch == NULL)
+ search.arch = getenv("MACHINE");
++#ifdef MACHINE
+ if (search.arch == NULL)
+ search.arch = MACHINE;
++#endif
+ if (outmode == OUTMODE_ONE)
+ search.firstmatch = 1;
+ }
+@@ -1183,7 +1185,6 @@ spawn_pager(struct tag_files *tag_files,
+ char *argv[MAX_PAGER_ARGS];
+ const char *pager;
+ char *cp;
+- size_t cmdlen;
+ int argc, use_ofn;
+ pid_t pager_pid;
+
+@@ -1218,18 +1219,6 @@ spawn_pager(struct tag_files *tag_files,
+ /* For more(1) and less(1), use the tag file. */
+
+ use_ofn = 1;
+- if (*tag_files->tfn != '\0' && (cmdlen = strlen(argv[0])) >= 4) {
+- cp = argv[0] + cmdlen - 4;
+- if (strcmp(cp, "less") == 0 || strcmp(cp, "more") == 0) {
+- argv[argc++] = mandoc_strdup("-T");
+- argv[argc++] = tag_files->tfn;
+- if (tag_target != NULL) {
+- argv[argc++] = mandoc_strdup("-t");
+- argv[argc++] = tag_target;
+- use_ofn = 0;
+- }
+- }
+- }
+ if (use_ofn)
+ argv[argc++] = tag_files->ofn;
+ argv[argc] = NULL;
+diff -upr a/usr.bin/mandoc/mandoc_ohash.c b/usr.bin/mandoc/mandoc_ohash.c
+--- a/usr.bin/mandoc/mandoc_ohash.c 2015-10-19 21:58:20.000000000 +0300
++++ b/usr.bin/mandoc/mandoc_ohash.c 2020-10-15 20:22:30.788037370 +0300
+@@ -14,6 +14,7 @@
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <stddef.h>
+ #include <stdint.h>
+diff -upr a/usr.bin/mandoc/mandoc_xr.c b/usr.bin/mandoc/mandoc_xr.c
+--- a/usr.bin/mandoc/mandoc_xr.c 2017-07-03 00:17:12.000000000 +0300
++++ b/usr.bin/mandoc/mandoc_xr.c 2020-10-15 20:22:48.871060409 +0300
+@@ -14,6 +14,7 @@
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+
+ #include <assert.h>
+diff -upr a/usr.bin/mandoc/mansearch.c b/usr.bin/mandoc/mansearch.c
+--- a/usr.bin/mandoc/mansearch.c 2019-07-02 01:43:03.000000000 +0300
++++ b/usr.bin/mandoc/mansearch.c 2020-10-15 20:23:05.476081586 +0300
+@@ -16,6 +16,7 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/mman.h>
+ #include <sys/types.h>
+
+diff -upr a/usr.bin/mandoc/roff.c b/usr.bin/mandoc/roff.c
+--- a/usr.bin/mandoc/roff.c 2020-04-08 14:54:14.000000000 +0300
++++ b/usr.bin/mandoc/roff.c 2020-10-15 20:23:23.988105223 +0300
+@@ -17,6 +17,7 @@
+ *
+ * Implementation of the roff(7) parser for mandoc(1).
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+
+ #include <assert.h>
+diff -upr a/usr.bin/mandoc/tag.c b/usr.bin/mandoc/tag.c
+--- a/usr.bin/mandoc/tag.c 2020-04-19 19:26:11.000000000 +0300
++++ b/usr.bin/mandoc/tag.c 2020-10-15 20:23:39.327124832 +0300
+@@ -17,6 +17,7 @@
+ * Functions to tag syntax tree nodes.
+ * For internal use by mandoc(1) validation modules only.
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+
+ #include <assert.h>
diff --git a/patches/0041-pidfile-add-cdefs.patch b/patches/0041-pidfile-add-cdefs.patch
new file mode 100644
index 0000000..99efd99
--- /dev/null
+++ b/patches/0041-pidfile-add-cdefs.patch
@@ -0,0 +1,10 @@
+--- a/lib/libutil/pidfile.c 2019-06-28 17:20:40.000000000 +0300
++++ b/lib/libutil/pidfile.c 2020-10-16 12:52:17.812742477 +0300
+@@ -30,6 +30,7 @@
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <errno.h>
+ #include <paths.h>
diff --git a/patches/0042-doas-define-gnu-source.patch b/patches/0042-doas-define-gnu-source.patch
new file mode 100644
index 0000000..cfd119b
--- /dev/null
+++ b/patches/0042-doas-define-gnu-source.patch
@@ -0,0 +1,13 @@
+--- a/usr.bin/doas/doas.c 2020-10-16 13:11:26.769202572 +0300
++++ b/usr.bin/doas/doas.c 2020-10-16 13:09:43.558056917 +0300
+@@ -15,6 +15,10 @@
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
++#ifndef _GNU_SOURCE
++#define _GNU_SOURCE
++#endif
++
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <sys/ioctl.h>
diff --git a/patches/0043-signify-add-headers.patch b/patches/0043-signify-add-headers.patch
new file mode 100644
index 0000000..b07991f
--- /dev/null
+++ b/patches/0043-signify-add-headers.patch
@@ -0,0 +1,34 @@
+diff -ur openbsd-nopatch/usr.bin/signify/crypto_api.c b/usr.bin/signify/crypto_api.c
+--- a/usr.bin/signify/crypto_api.c 2014-01-08 05:59:46.000000000 +0200
++++ b/usr.bin/signify/crypto_api.c 2020-10-16 14:29:11.994722510 +0300
+@@ -3,6 +3,7 @@
+ * Public domain. Author: Ted Unangst <tedu@openbsd.org>
+ * API compatible reimplementation of functions from nacl
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+
+ #include <string.h>
+diff -ur a/usr.bin/signify/signify.c b/usr.bin/signify/signify.c
+--- a/usr.bin/signify/signify.c 2020-01-21 15:13:21.000000000 +0300
++++ b/usr.bin/signify/signify.c 2020-10-16 14:27:02.856481664 +0300
+@@ -14,6 +14,7 @@
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
++#include <sys/cdefs.h>
+ #include <sys/stat.h>
+
+ #include <netinet/in.h>
+diff -ur a/usr.bin/signify/zsig.c b/usr.bin/signify/zsig.c
+--- a/usr.bin/signify/zsig.c 2019-12-22 09:37:25.000000000 +0300
++++ b/usr.bin/signify/zsig.c 2020-10-16 14:31:00.168365855 +0300
+@@ -16,6 +16,8 @@
+ */
+
+ #ifndef VERIFYONLY
++#include <sys/cdefs.h>
++#include <sys/compat.h>
+ #include <stdint.h>
+ #include <err.h>
+ #include <stdio.h>
diff --git a/patches/0044-fix-hash-objects.patch b/patches/0044-fix-hash-objects.patch
new file mode 100644
index 0000000..bf7bdc0
--- /dev/null
+++ b/patches/0044-fix-hash-objects.patch
@@ -0,0 +1,40 @@
+--- a/lib/libc/hash/helper.c 2019-06-28 16:32:41.000000000 +0300
++++ b/lib/libc/hash/helper.c 2020-10-15 17:19:18.086197995 +0300
+@@ -22,6 +22,7 @@
+ */
+
+ #include <sys/types.h>
++#include <sys/cdefs.h>
+ #include <sys/stat.h>
+
+ #include <errno.h>
+--- a/lib/libc/hash/md5.c 2015-09-11 12:18:27.000000000 +0300
++++ b/lib/libc/hash/md5.c 2020-10-16 16:15:28.878466917 +0300
+@@ -17,6 +17,7 @@
+ * will fill a supplied 16-byte array with the digest.
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <string.h>
+ #include <md5.h>
+--- a/lib/libc/hash/rmd160.c 2015-09-11 12:18:27.000000000 +0300
++++ b/lib/libc/hash/rmd160.c 2020-10-16 16:16:34.873811145 +0300
+@@ -26,6 +26,7 @@
+ * RSA Laboratories, CryptoBytes, Volume 3, Number 2, Autumn 1997,
+ * ftp://ftp.rsasecurity.com/pub/cryptobytes/crypto3n2.pdf
+ */
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <endian.h>
+ #include <string.h>
+--- a/lib/libc/hash/sha1.c 2019-06-08 01:56:36.000000000 +0300
++++ b/lib/libc/hash/sha1.c 2020-10-16 16:12:06.772977604 +0300
+@@ -14,6 +14,7 @@
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <string.h>
+ #include <sha1.h>
diff --git a/patches/0045-md5-add-headers.patch b/patches/0045-md5-add-headers.patch
new file mode 100644
index 0000000..117faa5
--- /dev/null
+++ b/patches/0045-md5-add-headers.patch
@@ -0,0 +1,19 @@
+--- openbsd-nopatch/bin/md5/md5.c 2019-05-18 19:53:39.000000000 +0300
++++ src/bin/md5/md5.c 2020-10-16 16:05:40.294296211 +0300
+@@ -21,6 +21,7 @@
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
++#include <sys/cdefs.h>
+ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <sys/queue.h>
+@@ -42,7 +43,7 @@
+ #include <rmd160.h>
+ #include <sha1.h>
+ #include <sha2.h>
+-#include <crc.h>
++#include "crc.h"
+
+ #define STYLE_MD5 0
+ #define STYLE_CKSUM 1
--
cgit v1.2.3