diff --git a/CVE-2020-12062-1.patch b/CVE-2020-12062-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..7c1ae1e1130771dc4541111545b871d041616c87 --- /dev/null +++ b/CVE-2020-12062-1.patch @@ -0,0 +1,202 @@ +From aad87b88fc2536b1ea023213729aaf4eaabe1894 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 1 May 2020 06:31:42 +0000 +Subject: [PATCH] upstream: when receving a file in sink(), be careful to send + at + +most a single error response after the file has been opened. Otherwise the +source() and sink() can become desyncronised. Reported by Daniel Goujot, +Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. + +ok deraadt@ markus@ + +OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035 +--- + scp.c | 96 ++++++++++++++++++++++++++++++++++++----------------------- + 1 file changed, 59 insertions(+), 37 deletions(-) + +diff --git a/scp.c b/scp.c +index 812ab5301..439025980 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.207 2020/01/23 07:10:22 dtucker Exp $ */ ++/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -374,6 +374,7 @@ BUF *allocbuf(BUF *, int, int); + void lostconn(int); + int okname(char *); + void run_err(const char *,...); ++int note_err(const char *,...); + void verifydir(char *); + + struct passwd *pwd; +@@ -1231,9 +1232,6 @@ sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +- enum { +- YES, NO, DISPLAYED +- } wrerr; + BUF *bp; + off_t i; + size_t j, count; +@@ -1241,7 +1239,7 @@ sink(int argc, char **argv, const char *src) + mode_t mode, omode, mask; + off_t size, statbytes; + unsigned long long ull; +- int setimes, targisdir, wrerrno = 0; ++ int setimes, targisdir, wrerr; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; + char **patterns = NULL; + size_t n, npatterns = 0; +@@ -1450,8 +1448,13 @@ bad: run_err("%s: %s", np, strerror(errno)); + continue; + } + cp = bp->buf; +- wrerr = NO; ++ wrerr = 0; + ++ /* ++ * NB. do not use run_err() unless immediately followed by ++ * exit() below as it may send a spurious reply that might ++ * desyncronise us from the peer. Use note_err() instead. ++ */ + statbytes = 0; + if (showprogress) + start_progress_meter(curfile, size, &statbytes); +@@ -1476,11 +1479,12 @@ bad: run_err("%s: %s", np, strerror(errno)); + + if (count == bp->cnt) { + /* Keep reading so we stay sync'd up. */ +- if (wrerr == NO) { ++ if (!wrerr) { + if (atomicio(vwrite, ofd, bp->buf, + count) != count) { +- wrerr = YES; +- wrerrno = errno; ++ note_err("%s: %s", np, ++ strerror(errno)); ++ wrerr = 1; + } + } + count = 0; +@@ -1488,16 +1492,14 @@ bad: run_err("%s: %s", np, strerror(errno)); + } + } + unset_nonblock(remin); +- if (count != 0 && wrerr == NO && ++ if (count != 0 && !wrerr && + atomicio(vwrite, ofd, bp->buf, count) != count) { +- wrerr = YES; +- wrerrno = errno; +- } +- if (wrerr == NO && (!exists || S_ISREG(stb.st_mode)) && +- ftruncate(ofd, size) != 0) { +- run_err("%s: truncate: %s", np, strerror(errno)); +- wrerr = DISPLAYED; ++ note_err("%s: %s", np, strerror(errno)); ++ wrerr = 1; + } ++ if (!wrerr && (!exists || S_ISREG(stb.st_mode)) && ++ ftruncate(ofd, size) != 0) ++ note_err("%s: truncate: %s", np, strerror(errno)); + if (pflag) { + if (exists || omode != mode) + #ifdef HAVE_FCHMOD +@@ -1505,9 +1507,8 @@ bad: run_err("%s: %s", np, strerror(errno)); + #else /* HAVE_FCHMOD */ + if (chmod(np, omode)) { + #endif /* HAVE_FCHMOD */ +- run_err("%s: set mode: %s", ++ note_err("%s: set mode: %s", + np, strerror(errno)); +- wrerr = DISPLAYED; + } + } else { + if (!exists && omode != mode) +@@ -1516,36 +1517,25 @@ bad: run_err("%s: %s", np, strerror(errno)); + #else /* HAVE_FCHMOD */ + if (chmod(np, omode & ~mask)) { + #endif /* HAVE_FCHMOD */ +- run_err("%s: set mode: %s", ++ note_err("%s: set mode: %s", + np, strerror(errno)); +- wrerr = DISPLAYED; + } + } +- if (close(ofd) == -1) { +- wrerr = YES; +- wrerrno = errno; +- } ++ if (close(ofd) == -1) ++ note_err(np, "%s: close: %s", np, strerror(errno)); + (void) response(); + if (showprogress) + stop_progress_meter(); +- if (setimes && wrerr == NO) { ++ if (setimes && !wrerr) { + setimes = 0; + if (utimes(np, tv) == -1) { +- run_err("%s: set times: %s", ++ note_err("%s: set times: %s", + np, strerror(errno)); +- wrerr = DISPLAYED; + } + } +- switch (wrerr) { +- case YES: +- run_err("%s: %s", np, strerror(wrerrno)); +- break; +- case NO: ++ /* If no error was noted then signal success for this file */ ++ if (note_err(NULL) == 0) + (void) atomicio(vwrite, remout, "", 1); +- break; +- case DISPLAYED: +- break; +- } + } + done: + for (n = 0; n < npatterns; n++) +@@ -1633,6 +1623,38 @@ run_err(const char *fmt,...) + } + } + ++/* ++ * Notes a sink error for sending at the end of a file transfer. Returns 0 if ++ * no error has been noted or -1 otherwise. Use note_err(NULL) to flush ++ * any active error at the end of the transfer. ++ */ ++int ++note_err(const char *fmt, ...) ++{ ++ static char *emsg; ++ va_list ap; ++ ++ /* Replay any previously-noted error */ ++ if (fmt == NULL) { ++ if (emsg == NULL) ++ return 0; ++ run_err("%s", emsg); ++ free(emsg); ++ emsg = NULL; ++ return -1; ++ } ++ ++ errs++; ++ /* Prefer first-noted error */ ++ if (emsg != NULL) ++ return -1; ++ ++ va_start(ap, fmt); ++ vasnmprintf(&emsg, INT_MAX, NULL, fmt, ap); ++ va_end(ap); ++ return -1; ++} ++ + void + verifydir(char *cp) + { diff --git a/CVE-2020-12062-2.patch b/CVE-2020-12062-2.patch new file mode 100644 index 0000000000000000000000000000000000000000..2e7caa80835996d40bb4e12edea7c047a5dfdd8a --- /dev/null +++ b/CVE-2020-12062-2.patch @@ -0,0 +1,34 @@ +From 955854cafca88e0cdcd3d09ca1ad4ada465364a1 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 6 May 2020 20:57:38 +0000 +Subject: [PATCH] upstream: another case where a utimes() failure could make + scp send + +a desynchronising error; reminded by Aymeric Vincent ok deraadt markus + +OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381 +--- + scp.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/scp.c b/scp.c +index 439025980..b4492a062 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */ ++/* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -1427,9 +1427,7 @@ sink(int argc, char **argv, const char *src) + sink(1, vect, src); + if (setimes) { + setimes = 0; +- if (utimes(vect[0], tv) == -1) +- run_err("%s: set times: %s", +- vect[0], strerror(errno)); ++ (void) utimes(vect[0], tv); + } + if (mod_flag) + (void) chmod(vect[0], mode); diff --git a/openssh.spec b/openssh.spec index 2e5b3349f0282cf6b29eed15a312812fce8057df..9903bf857807427adb1d1d0c074dcdc67615726d 100644 --- a/openssh.spec +++ b/openssh.spec @@ -9,7 +9,7 @@ Name: openssh Version: 8.2p1 -Release: 4 +Release: 5 URL: http://www.openssh.com/portable.html License: BSD Summary: An open source implementation of SSH protocol version 2 @@ -28,64 +28,66 @@ Source12: sshd-keygen@.service Source13: sshd-keygen Source14: sshd.tmpfiles Source15: sshd-keygen.target -Patch100: openssh-6.7p1-coverity.patch -Patch200: openssh-7.6p1-audit.patch -Patch201: openssh-7.1p2-audit-race-condition.patch -Patch300: pam_ssh_agent_auth-0.9.3-build.patch -Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch -Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch -Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch -Patch306: pam_ssh_agent_auth-0.10.2-compat.patch -Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch -Patch400: openssh-7.8p1-role-mls.patch -Patch404: openssh-6.6p1-privsep-selinux.patch -Patch501: openssh-6.7p1-ldap.patch -Patch502: openssh-6.6p1-keycat.patch -Patch601: openssh-6.6p1-allow-ip-opts.patch -Patch604: openssh-6.6p1-keyperm.patch -Patch606: openssh-5.9p1-ipv6man.patch -Patch607: openssh-5.8p2-sigpipe.patch -Patch609: openssh-7.2p2-x11.patch -Patch700: openssh-7.7p1-fips.patch -Patch702: openssh-5.1p1-askpass-progress.patch -Patch703: openssh-4.3p2-askpass-grab-info.patch -Patch707: openssh-7.7p1.patch -Patch711: openssh-7.8p1-UsePAM-warning.patch -Patch712: openssh-6.3p1-ctr-evp-fast.patch -Patch713: openssh-6.6p1-ctr-cavstest.patch -Patch714: openssh-6.7p1-kdf-cavs.patch -Patch800: openssh-8.0p1-gssapi-keyex.patch -Patch801: openssh-6.6p1-force_krb.patch -Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch -Patch804: openssh-7.7p1-gssapi-new-unique.patch -Patch805: openssh-7.2p2-k5login_directory.patch -Patch901: openssh-6.6p1-kuserok.patch -Patch906: openssh-6.4p1-fromto-remote.patch -Patch916: openssh-6.6.1p1-selinux-contexts.patch -Patch918: openssh-6.6.1p1-log-in-chroot.patch -Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch -Patch922: openssh-6.8p1-sshdT-output.patch -Patch926: openssh-6.7p1-sftp-force-permission.patch -Patch939: openssh-7.2p2-s390-closefrom.patch -Patch944: openssh-7.3p1-x11-max-displays.patch -Patch948: openssh-7.4p1-systemd.patch -Patch949: openssh-7.6p1-cleanup-selinux.patch -Patch950: openssh-7.5p1-sandbox.patch -Patch951: openssh-8.0p1-pkcs11-uri.patch -Patch953: openssh-7.8p1-scp-ipv6.patch -Patch958: openssh-7.9p1-ssh-copy-id.patch -Patch962: openssh-8.0p1-crypto-policies.patch -Patch963: openssh-8.0p1-openssl-evp.patch -Patch964: openssh-8.0p1-openssl-kdf.patch -Patch965: openssh-8.2p1-visibility.patch - -Patch9004: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch -Patch9005: bugfix-openssh-6.6p1-log-usepam-no.patch -Patch9006: bugfix-openssh-add-option-check-username-splash.patch -Patch9007: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch -Patch9009: bugfix-openssh-fix-sftpserver.patch -Patch9010: bugfix-debug3-to-verbose-in-command.patch -Patch9011: set-sshd-config.patch +Patch0: openssh-6.7p1-coverity.patch +Patch1: openssh-7.6p1-audit.patch +Patch2: openssh-7.1p2-audit-race-condition.patch +Patch3: pam_ssh_agent_auth-0.9.3-build.patch +Patch4: pam_ssh_agent_auth-0.10.3-seteuid.patch +Patch5: pam_ssh_agent_auth-0.9.2-visibility.patch +Patch6: pam_ssh_agent_auth-0.9.3-agent_structure.patch +Patch7: pam_ssh_agent_auth-0.10.2-compat.patch +Patch8: pam_ssh_agent_auth-0.10.2-dereference.patch +Patch9: openssh-7.8p1-role-mls.patch +Patch10: openssh-6.6p1-privsep-selinux.patch +Patch11: openssh-6.7p1-ldap.patch +Patch12: openssh-6.6p1-keycat.patch +Patch13: openssh-6.6p1-allow-ip-opts.patch +Patch14: openssh-6.6p1-keyperm.patch +Patch15: openssh-5.9p1-ipv6man.patch +Patch16: openssh-5.8p2-sigpipe.patch +Patch17: openssh-7.2p2-x11.patch +Patch18: openssh-7.7p1-fips.patch +Patch19: openssh-5.1p1-askpass-progress.patch +Patch20: openssh-4.3p2-askpass-grab-info.patch +Patch21: openssh-7.7p1.patch +Patch22: openssh-7.8p1-UsePAM-warning.patch +Patch23: openssh-6.3p1-ctr-evp-fast.patch +Patch24: openssh-6.6p1-ctr-cavstest.patch +Patch25: openssh-6.7p1-kdf-cavs.patch +Patch26: openssh-8.0p1-gssapi-keyex.patch +Patch27: openssh-6.6p1-force_krb.patch +Patch28: openssh-6.6p1-GSSAPIEnablek5users.patch +Patch29: openssh-7.7p1-gssapi-new-unique.patch +Patch30: openssh-7.2p2-k5login_directory.patch +Patch31: openssh-6.6p1-kuserok.patch +Patch32: openssh-6.4p1-fromto-remote.patch +Patch33: openssh-6.6.1p1-selinux-contexts.patch +Patch34: openssh-6.6.1p1-log-in-chroot.patch +Patch35: openssh-6.6.1p1-scp-non-existing-directory.patch +Patch36: openssh-6.8p1-sshdT-output.patch +Patch37: openssh-6.7p1-sftp-force-permission.patch +Patch38: openssh-7.2p2-s390-closefrom.patch +Patch39: openssh-7.3p1-x11-max-displays.patch +Patch40: openssh-7.4p1-systemd.patch +Patch41: openssh-7.6p1-cleanup-selinux.patch +Patch42: openssh-7.5p1-sandbox.patch +Patch43: openssh-8.0p1-pkcs11-uri.patch +Patch44: openssh-7.8p1-scp-ipv6.patch +Patch45: openssh-7.9p1-ssh-copy-id.patch +Patch46: openssh-8.0p1-crypto-policies.patch +Patch47: openssh-8.0p1-openssl-evp.patch +Patch48: openssh-8.0p1-openssl-kdf.patch +Patch49: openssh-8.2p1-visibility.patch +Patch50: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch +Patch51: bugfix-openssh-6.6p1-log-usepam-no.patch +Patch52: bugfix-openssh-add-option-check-username-splash.patch +Patch53: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch +Patch54: bugfix-openssh-fix-sftpserver.patch +Patch55: bugfix-debug3-to-verbose-in-command.patch +Patch56: set-sshd-config.patch +Patch57: CVE-2020-12062-1.patch +Patch58: CVE-2020-12062-2.patch +Patch59: upstream-expose-vasnmprintf.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -182,68 +184,71 @@ instance. The module is most useful for su and sudo service stacks. %setup -q -a 4 pushd pam_ssh_agent_auth-0.10.3 -%patch300 -p2 -b .psaa-build -%patch301 -p2 -b .psaa-seteuid -%patch302 -p2 -b .psaa-visibility -%patch306 -p2 -b .psaa-compat -%patch305 -p2 -b .psaa-agent -%patch307 -p2 -b .psaa-deref +%patch3 -p2 -b .psaa-build +%patch4 -p2 -b .psaa-seteuid +%patch5 -p2 -b .psaa-visibility +%patch7 -p2 -b .psaa-compat +%patch6 -p2 -b .psaa-agent +%patch8 -p2 -b .psaa-deref # Remove duplicate headers and library files rm -f $(cat %{SOURCE5}) popd -%patch400 -p1 -b .role-mls -%patch404 -p1 -b .privsep-selinux -%patch501 -p1 -b .ldap -%patch502 -p1 -b .keycat -%patch601 -p1 -b .ip-opts -%patch604 -p1 -b .keyperm -%patch606 -p1 -b .ipv6man -%patch607 -p1 -b .sigpipe -%patch609 -p1 -b .x11 -%patch702 -p1 -b .progress -%patch703 -p1 -b .grab-info -%patch707 -p1 -%patch711 -p1 -b .log-usepam-no -%patch712 -p1 -b .evp-ctr -%patch713 -p1 -b .ctr-cavs -%patch714 -p1 -b .kdf-cavs -%patch800 -p1 -b .gsskex -%patch801 -p1 -b .force_krb -%patch804 -p1 -b .ccache_name -%patch805 -p1 -b .k5login -%patch901 -p1 -b .kuserok -%patch906 -p1 -b .fromto-remote -%patch916 -p1 -b .contexts -%patch918 -p1 -b .log-in-chroot -%patch919 -p1 -b .scp -%patch802 -p1 -b .GSSAPIEnablek5users -%patch922 -p1 -b .sshdt -%patch926 -p1 -b .sftp-force-mode -%patch939 -p1 -b .s390-dev -%patch944 -p1 -b .x11max -%patch948 -p1 -b .systemd -%patch949 -p1 -b .refactor -%patch950 -p1 -b .sandbox -%patch951 -p1 -b .pkcs11-uri -%patch953 -p1 -b .scp-ipv6 -%patch958 -p1 -b .ssh-copy-id -%patch962 -p1 -b .crypto-policies -%patch963 -p1 -b .openssl-evp -%patch964 -p1 -b .openssl-kdf -%patch965 -p1 -b .visibility -%patch200 -p1 -b .audit -%patch201 -p1 -b .audit-race -%patch700 -p1 -b .fips -%patch100 -p1 -b .coverity - -%patch9004 -p1 -%patch9005 -p1 -%patch9006 -p1 -%patch9007 -p1 -%patch9009 -p1 -%patch9010 -p1 -%patch9011 -p1 +%patch9 -p1 -b .role-mls +%patch10 -p1 -b .privsep-selinux +%patch11 -p1 -b .ldap +%patch12 -p1 -b .keycat +%patch13 -p1 -b .ip-opts +%patch14 -p1 -b .keyperm +%patch15 -p1 -b .ipv6man +%patch16 -p1 -b .sigpipe +%patch17 -p1 -b .x11 +%patch19 -p1 -b .progress +%patch20 -p1 -b .grab-info +%patch21 -p1 +%patch22 -p1 -b .log-usepam-no +%patch23 -p1 -b .evp-ctr +%patch24 -p1 -b .ctr-cavs +%patch25 -p1 -b .kdf-cavs +%patch26 -p1 -b .gsskex +%patch27 -p1 -b .force_krb +%patch29 -p1 -b .ccache_name +%patch30 -p1 -b .k5login +%patch31 -p1 -b .kuserok +%patch32 -p1 -b .fromto-remote +%patch33 -p1 -b .contexts +%patch34 -p1 -b .log-in-chroot +%patch35 -p1 -b .scp +%patch28 -p1 -b .GSSAPIEnablek5users +%patch36 -p1 -b .sshdt +%patch37 -p1 -b .sftp-force-mode +%patch38 -p1 -b .s390-dev +%patch39 -p1 -b .x11max +%patch40 -p1 -b .systemd +%patch41 -p1 -b .refactor +%patch42 -p1 -b .sandbox +%patch43 -p1 -b .pkcs11-uri +%patch44 -p1 -b .scp-ipv6 +%patch45 -p1 -b .ssh-copy-id +%patch46 -p1 -b .crypto-policies +%patch47 -p1 -b .openssl-evp +%patch48 -p1 -b .openssl-kdf +%patch49 -p1 -b .visibility +%patch1 -p1 -b .audit +%patch2 -p1 -b .audit-race +%patch18 -p1 -b .fips +%patch0 -p1 -b .coverity + +%patch50 -p1 +%patch51 -p1 +%patch52 -p1 +%patch53 -p1 +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -456,6 +461,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Thu Jul 2 2020 zhouyihang - 8.2P1-5 +- Type:cves +- ID:CVE-2020-12062 +- SUG:NA +- DESC:Fix CVE-2020-12062 + * Tue Jun 9 2020 openEuler Buildteam - 8.2P1-4 - Type:bugfix - ID:NA diff --git a/upstream-expose-vasnmprintf.patch b/upstream-expose-vasnmprintf.patch new file mode 100644 index 0000000000000000000000000000000000000000..002bb1159d44dab04af1ee6e2c565ebb46fc4d8b --- /dev/null +++ b/upstream-expose-vasnmprintf.patch @@ -0,0 +1,59 @@ +From 31909696c4620c431dd55f6cd15db65c4e9b98da Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 1 May 2020 06:28:52 +0000 +Subject: [PATCH] upstream: expose vasnmprintf(); ok (as part of other commit) + markus + +deraadt + +OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5 +--- + utf8.c | 5 ++--- + utf8.h | 3 ++- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/utf8.c b/utf8.c +index f83401996..7f63b25ae 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: utf8.c,v 1.8 2018/08/21 13:56:27 schwarze Exp $ */ ++/* $OpenBSD: utf8.c,v 1.11 2020/05/01 06:28:52 djm Exp $ */ + /* + * Copyright (c) 2016 Ingo Schwarze + * +@@ -43,7 +43,6 @@ + + static int dangerous_locale(void); + static int grow_dst(char **, size_t *, size_t, char **, size_t); +-static int vasnmprintf(char **, size_t, int *, const char *, va_list); + + + /* +@@ -101,7 +100,7 @@ grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need) + * written is returned in *wp. + */ + +-static int ++int + vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap) + { + char *src; /* Source string returned from vasprintf. */ +diff --git a/utf8.h b/utf8.h +index 20a11dc59..9d6d9a32c 100644 +--- a/utf8.h ++++ b/utf8.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: utf8.h,v 1.1 2016/05/25 23:48:45 schwarze Exp $ */ ++/* $OpenBSD: utf8.h,v 1.3 2020/05/01 06:28:52 djm Exp $ */ + /* + * Copyright (c) 2016 Ingo Schwarze + * +@@ -15,6 +15,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++int vasnmprintf(char **, size_t, int *, const char *, va_list); + int mprintf(const char *, ...) + __attribute__((format(printf, 1, 2))); + int fmprintf(FILE *, const char *, ...)