From owner-svn-src-stable-12@freebsd.org Wed Feb 5 18:24:30 2020 Return-Path: Delivered-To: svn-src-stable-12@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9F818228F14; Wed, 5 Feb 2020 18:24:30 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48CVMf0rkCz3PDT; Wed, 5 Feb 2020 18:24:30 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id F2F086E0C; Wed, 5 Feb 2020 18:24:29 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 015IOTSY014801; Wed, 5 Feb 2020 18:24:29 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 015IOS91014776; Wed, 5 Feb 2020 18:24:28 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <202002051824.015IOS91014776@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 5 Feb 2020 18:24:28 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-12@freebsd.org Subject: svn commit: r357581 - in stable/12/contrib/blacklist: bin diff lib X-SVN-Group: stable-12 X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: in stable/12/contrib/blacklist: bin diff lib X-SVN-Commit-Revision: 357581 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable-12@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for only the 12-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Feb 2020 18:24:30 -0000 Author: emaste Date: Wed Feb 5 18:24:28 2020 New Revision: 357581 URL: https://svnweb.freebsd.org/changeset/base/357581 Log: MFC r354399: blacklist: update to NetBSD snapshot on 20191106 Sponsored by: The FreeBSD Foundation Modified: stable/12/contrib/blacklist/bin/blacklistctl.c stable/12/contrib/blacklist/bin/blacklistd.c stable/12/contrib/blacklist/bin/blacklistd.conf.5 stable/12/contrib/blacklist/bin/support.c stable/12/contrib/blacklist/diff/ssh.diff stable/12/contrib/blacklist/lib/Makefile stable/12/contrib/blacklist/lib/libblacklist.3 Directory Properties: stable/12/ (props changed) Modified: stable/12/contrib/blacklist/bin/blacklistctl.c ============================================================================== --- stable/12/contrib/blacklist/bin/blacklistctl.c Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/bin/blacklistctl.c Wed Feb 5 18:24:28 2020 (r357581) @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $ */ +/* $NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include -__RCSID("$NetBSD: blacklistctl.c,v 1.21 2016/11/02 03:15:07 jnemeth Exp $"); +__RCSID("$NetBSD: blacklistctl.c,v 1.23 2018/05/24 19:21:01 christos Exp $"); #include #include @@ -67,6 +67,15 @@ usage(int c) exit(EXIT_FAILURE); } +static const char * +star(char *buf, size_t len, int val) +{ + if (val == -1) + return "*"; + snprintf(buf, len, "%d", val); + return buf; +} + int main(int argc, char *argv[]) { @@ -128,9 +137,10 @@ main(int argc, char *argv[]) "address", remain ? "remaining time" : "last access"); for (i = 1; state_iterate(db, &c, &dbi, i) != 0; i = 0) { char buf[BUFSIZ]; + char mbuf[64], pbuf[64]; if (!all) { if (blocked) { - if (dbi.count < c.c_nfail) + if (c.c_nfail == -1 || dbi.count < c.c_nfail) continue; } else { if (dbi.count >= c.c_nfail) @@ -138,13 +148,20 @@ main(int argc, char *argv[]) } } sockaddr_snprintf(buf, sizeof(buf), "%a", (void *)&c.c_ss); - printf("%*.*s/%d:%d\t", wide, wide, buf, c.c_lmask, c.c_port); - if (remain) - fmtydhms(buf, sizeof(buf), - c.c_duration - (ts.tv_sec - dbi.last)); - else - fmttime(buf, sizeof(buf), dbi.last); - printf("%s\t%d/%d\t%-s\n", dbi.id, dbi.count, c.c_nfail, buf); + printf("%*.*s/%s:%s\t", wide, wide, buf, + star(mbuf, sizeof(mbuf), c.c_lmask), + star(pbuf, sizeof(pbuf), c.c_port)); + if (c.c_duration == -1) { + strlcpy(buf, "never", sizeof(buf)); + } else { + if (remain) + fmtydhms(buf, sizeof(buf), + c.c_duration - (ts.tv_sec - dbi.last)); + else + fmttime(buf, sizeof(buf), dbi.last); + } + printf("%s\t%d/%s\t%-s\n", dbi.id, dbi.count, + star(mbuf, sizeof(mbuf), c.c_nfail), buf); } state_close(db); return EXIT_SUCCESS; Modified: stable/12/contrib/blacklist/bin/blacklistd.c ============================================================================== --- stable/12/contrib/blacklist/bin/blacklistd.c Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/bin/blacklistd.c Wed Feb 5 18:24:28 2020 (r357581) @@ -1,4 +1,4 @@ -/* $NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $ */ +/* $NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -32,7 +32,7 @@ #include "config.h" #endif #include -__RCSID("$NetBSD: blacklistd.c,v 1.37 2017/02/18 00:26:16 christos Exp $"); +__RCSID("$NetBSD: blacklistd.c,v 1.38 2019/02/27 02:20:18 christos Exp $"); #include #include @@ -408,7 +408,6 @@ rules_restore(void) for (f = 1; state_iterate(state, &c, &dbi, f) == 1; f = 0) { if (dbi.id[0] == '\0') continue; - (void)run_change("rem", &c, dbi.id, 0); (void)run_change("add", &c, dbi.id, sizeof(dbi.id)); } } @@ -505,7 +504,8 @@ main(int argc, char *argv[]) conf_parse(configfile); if (flush) { rules_flush(); - flags |= O_TRUNC; + if (!restore) + flags |= O_TRUNC; } struct pollfd *pfd = NULL; @@ -536,8 +536,11 @@ main(int argc, char *argv[]) if (state == NULL) return EXIT_FAILURE; - if (restore) + if (restore) { + if (!flush) + rules_flush(); rules_restore(); + } if (!debug) { if (daemon(0, 0) == -1) Modified: stable/12/contrib/blacklist/bin/blacklistd.conf.5 ============================================================================== --- stable/12/contrib/blacklist/bin/blacklistd.conf.5 Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/bin/blacklistd.conf.5 Wed Feb 5 18:24:28 2020 (r357581) @@ -1,4 +1,4 @@ -.\" $NetBSD: blacklistd.conf.5,v 1.5 2016/06/08 12:48:37 wiz Exp $ +.\" $NetBSD: blacklistd.conf.5,v 1.7 2017/06/07 13:50:57 wiz Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd June 7, 2016 +.Dd June 5, 2017 .Dt BLACKLISTD.CONF 5 .Os .Sh NAME @@ -36,12 +36,13 @@ .Sh DESCRIPTION The .Nm -files contains configuration lines for -.Xr blacklistd 8 . -It contains one entry per line, and is similar to +files contains configuration entries for +.Xr blacklistd 8 +in a fashion similar to .Xr inetd.conf 5 . -There must be an entry for each field of the configuration file, with -entries for each field separated by a tab or a space. +Only one entry per line is permitted. +Every entry must have all fields populated. +Each field can be separated by a tab or a space. Comments are denoted by a .Dq # at the beginning of a line. @@ -109,7 +110,7 @@ The can be an IPv4 address in numeric format, an IPv6 address in numeric format and enclosed by square brackets, or an interface name. Mask modifiers are not allowed on interfaces because interfaces -have multiple address in different protocols where the mask has a different +can have multiple addresses in different protocols where the mask has a different size. .Pp The @@ -150,8 +151,8 @@ If the contains a .Dq / , the remaining portion of the name is interpreted as the mask to be -applied to the address specified in the rule, so one can block whole -subnets for a single rule violation. +applied to the address specified in the rule, causing a single rule violation to +block the entire subnet for the configured prefix. .Pp The .Va nfail @@ -176,10 +177,11 @@ for days. .Pp Matching is done first by checking the .Va local -rules one by one, from the most specific to the least specific. +rules individually, in the order of the most specific to the least specific. If a match is found, then the .Va remote -rules are applied, and if a match is found the +rules are applied. +The .Va name , .Va nfail , and @@ -191,15 +193,15 @@ rule that matched. The .Va remote rules can be used for whitelisting specific addresses, changing the mask -size, or the rule that the packet filter uses, the number of failed attempts, -or the blocked duration. +size, the rule that the packet filter uses, the number of failed attempts, +or the block duration. .Sh FILES .Bl -tag -width /etc/blacklistd.conf -compact .It Pa /etc/blacklistd.conf Configuration file. .El .Sh EXAMPLES -.Bd -literal -offset +.Bd -literal -offset 8n # Block ssh, after 3 attempts for 6 hours on the bnx0 interface [local] # location type proto owner name nfail duration Modified: stable/12/contrib/blacklist/bin/support.c ============================================================================== --- stable/12/contrib/blacklist/bin/support.c Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/bin/support.c Wed Feb 5 18:24:28 2020 (r357581) @@ -1,4 +1,4 @@ -/* $NetBSD: support.c,v 1.8 2016/04/04 15:52:56 christos Exp $ */ +/* $NetBSD: support.c,v 1.9 2018/09/18 22:12:19 christos Exp $ */ /*- * Copyright (c) 2015 The NetBSD Foundation, Inc. @@ -33,7 +33,7 @@ #endif #include -__RCSID("$NetBSD: support.c,v 1.8 2016/04/04 15:52:56 christos Exp $"); +__RCSID("$NetBSD: support.c,v 1.9 2018/09/18 22:12:19 christos Exp $"); #include #include @@ -105,12 +105,16 @@ fmtydhms(char *b, size_t l, time_t t) s = t % 60; t /= 60; + m = t % 60; t /= 60; - h = t % 60; + + h = t % 24; t /= 24; - d = t % 24; - t /= 356; + + d = t % 365; + t /= 365; + y = t; z = 0; Modified: stable/12/contrib/blacklist/diff/ssh.diff ============================================================================== --- stable/12/contrib/blacklist/diff/ssh.diff Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/diff/ssh.diff Wed Feb 5 18:24:28 2020 (r357581) @@ -1,6 +1,6 @@ --- /dev/null 2015-01-22 23:10:33.000000000 -0500 +++ dist/pfilter.c 2015-01-22 23:46:03.000000000 -0500 -@@ -0,0 +1,28 @@ +@@ -0,0 +1,32 @@ +#include "namespace.h" +#include "includes.h" +#include "ssh.h" @@ -28,6 +28,10 @@ + // XXX: 3? + fd = packet_connection_is_on_socket() ? packet_get_connection_in() : 3; + (void)blacklist_r(blstate, a, fd, "ssh"); ++ if (a == 0) { ++ blacklist_close(blstate); ++ blstate = NULL; ++ } +} --- /dev/null 2015-01-20 21:14:44.000000000 -0500 +++ dist/pfilter.h 2015-01-20 20:16:20.000000000 -0500 @@ -58,174 +62,89 @@ diff -u -u -r1.10 Makefile + +LDADD+= -lblacklist +DPADD+= ${LIBBLACKLIST} -Index: dist/auth.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v -retrieving revision 1.10 -diff -u -u -r1.10 auth.c ---- dist/auth.c 19 Oct 2014 16:30:58 -0000 1.10 -+++ dist/auth.c 22 Jan 2015 21:39:22 -0000 -@@ -62,6 +62,7 @@ - #include "monitor_wrap.h" - #include "krl.h" - #include "compat.h" -+#include "pfilter.h" - - #ifdef HAVE_LOGIN_CAP - #include -@@ -362,6 +363,8 @@ - compat20 ? "ssh2" : "ssh1", - authctxt->info != NULL ? ": " : "", - authctxt->info != NULL ? authctxt->info : ""); -+ if (!authctxt->postponed) -+ pfilter_notify(!authenticated); - free(authctxt->info); - authctxt->info = NULL; - } -Index: dist/sshd.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v -retrieving revision 1.15 -diff -u -u -r1.15 sshd.c ---- dist/sshd.c 28 Oct 2014 21:36:16 -0000 1.15 -+++ dist/sshd.c 22 Jan 2015 21:39:22 -0000 -@@ -109,6 +109,7 @@ - #include "roaming.h" - #include "ssh-sandbox.h" - #include "version.h" -+#include "pfilter.h" - - #ifdef LIBWRAP - #include -@@ -364,6 +365,7 @@ - killpg(0, SIGTERM); - } - -+ pfilter_notify(1); - /* Log error and exit. */ - sigdie("Timeout before authentication for %s", get_remote_ipaddr()); - } -@@ -1160,6 +1162,7 @@ - for (i = 0; i < options.max_startups; i++) - startup_pipes[i] = -1; - -+ pfilter_init(); - /* - * Stay listening for connections until the system crashes or - * the daemon is killed with a signal. -Index: auth1.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v -retrieving revision 1.9 -diff -u -u -r1.9 auth1.c ---- auth1.c 19 Oct 2014 16:30:58 -0000 1.9 -+++ auth1.c 14 Feb 2015 15:40:51 -0000 -@@ -41,6 +41,7 @@ +diff -ru openssh-7.7p1/auth-pam.c dist/auth-pam.c +--- openssh-7.7p1/auth-pam.c 2018-04-02 01:38:28.000000000 -0400 ++++ dist/auth-pam.c 2018-05-23 11:56:22.206661484 -0400 +@@ -103,6 +103,7 @@ + #include "ssh-gss.h" #endif #include "monitor_wrap.h" - #include "buffer.h" +#include "pfilter.h" - /* import */ extern ServerOptions options; -@@ -445,6 +446,7 @@ - else { - debug("do_authentication: invalid user %s", user); - authctxt->pw = fakepw(); -+ pfilter_notify(1); - } + extern Buffer loginmsg; +@@ -526,6 +527,7 @@ + ssh_msg_send(ctxt->pam_csock, PAM_MAXTRIES, &buffer); + else + ssh_msg_send(ctxt->pam_csock, PAM_AUTH_ERR, &buffer); ++ pfilter_notify(1); + buffer_free(&buffer); + pthread_exit(NULL); - /* Configuration may have changed as a result of Match */ -Index: auth2.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth2.c,v -retrieving revision 1.9 -diff -u -u -r1.9 auth2.c ---- auth2.c 19 Oct 2014 16:30:58 -0000 1.9 -+++ auth2.c 14 Feb 2015 15:40:51 -0000 -@@ -52,6 +52,7 @@ +@@ -804,6 +806,7 @@ + free(msg); + return (0); + } ++ pfilter_notify(1); + error("PAM: %s for %s%.100s from %.100s", msg, + sshpam_authctxt->valid ? "" : "illegal user ", + sshpam_authctxt->user, +diff -ru openssh-7.7p1/auth2.c dist/auth2.c +--- openssh-7.7p1/auth2.c 2018-04-02 01:38:28.000000000 -0400 ++++ dist/auth2.c 2018-05-23 11:57:31.022197317 -0400 +@@ -51,6 +51,7 @@ + #include "dispatch.h" #include "pathnames.h" #include "buffer.h" - #include "canohost.h" +#include "pfilter.h" #ifdef GSSAPI #include "ssh-gss.h" -@@ -256,6 +257,7 @@ +@@ -242,6 +243,7 @@ } else { - logit("input_userauth_request: invalid user %s", user); + /* Invalid user, fake password information */ authctxt->pw = fakepw(); + pfilter_notify(1); - } - #ifdef USE_PAM - if (options.use_pam) -Index: sshd.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/sshd.c,v -retrieving revision 1.16 -diff -u -r1.16 sshd.c ---- sshd.c 25 Jan 2015 15:52:44 -0000 1.16 -+++ sshd.c 14 Feb 2015 09:55:06 -0000 -@@ -628,6 +628,8 @@ - explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd)); - endpwent(); - -+ pfilter_init(); -+ - /* Change our root directory */ - if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) - fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, - -Index: auth-pam.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth-pam.c,v -retrieving revision 1.7 -diff -u -u -r1.7 auth-pam.c ---- auth-pam.c 3 Jul 2015 00:59:59 -0000 1.7 -+++ auth-pam.c 23 Jan 2016 00:01:16 -0000 -@@ -114,6 +114,7 @@ - #include "ssh-gss.h" + #ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_INVALID_USER)); #endif - #include "monitor_wrap.h" +Only in dist: pfilter.c +Only in dist: pfilter.h +diff -ru openssh-7.7p1/sshd.c dist/sshd.c +--- openssh-7.7p1/sshd.c 2018-04-02 01:38:28.000000000 -0400 ++++ dist/sshd.c 2018-05-23 11:59:39.573197347 -0400 +@@ -122,6 +122,7 @@ + #include "auth-options.h" + #include "version.h" + #include "ssherr.h" +#include "pfilter.h" - extern ServerOptions options; - extern Buffer loginmsg; -@@ -809,6 +810,7 @@ - free(msg); - return (0); - } -+ pfilter_notify(1); - error("PAM: %s for %s%.100s from %.100s", msg, - sshpam_authctxt->valid ? "" : "illegal user ", - sshpam_authctxt->user, -Index: auth.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth.c,v -retrieving revision 1.15 -diff -u -u -r1.15 auth.c ---- auth.c 21 Aug 2015 08:20:59 -0000 1.15 -+++ auth.c 23 Jan 2016 00:01:16 -0000 -@@ -656,6 +656,7 @@ + /* Re-exec fds */ + #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) +@@ -346,6 +347,7 @@ + static void + grace_alarm_handler(int sig) + { ++ pfilter_notify(1); + if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) + kill(pmonitor->m_pid, SIGALRM); - pw = getpwnam(user); - if (pw == NULL) { -+ pfilter_notify(1); - logit("Invalid user %.100s from %.100s", - user, get_remote_ipaddr()); - return (NULL); -Index: auth1.c -=================================================================== -RCS file: /cvsroot/src/crypto/external/bsd/openssh/dist/auth1.c,v -retrieving revision 1.12 -diff -u -u -r1.12 auth1.c ---- auth1.c 3 Jul 2015 00:59:59 -0000 1.12 -+++ auth1.c 23 Jan 2016 00:01:16 -0000 -@@ -376,6 +376,7 @@ - char *msg; - size_t len; +@@ -1835,6 +1837,8 @@ + if (test_flag) + exit(0); -+ pfilter_notify(1); - error("Access denied for user %s by PAM account " - "configuration", authctxt->user); - len = buffer_len(&loginmsg); ++ pfilter_init(); ++ + /* + * Clear out any supplemental groups we may have inherited. This + * prevents inadvertent creation of files with bad modes (in the +@@ -2280,6 +2284,9 @@ + { + struct ssh *ssh = active_state; /* XXX */ + ++ if (i == 255) ++ pfilter_notify(1); ++ + if (the_authctxt) { + do_cleanup(ssh, the_authctxt); + if (use_privsep && privsep_is_preauth && Modified: stable/12/contrib/blacklist/lib/Makefile ============================================================================== --- stable/12/contrib/blacklist/lib/Makefile Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/lib/Makefile Wed Feb 5 18:24:28 2020 (r357581) @@ -1,11 +1,11 @@ -# $NetBSD: Makefile,v 1.6 2016/01/05 13:07:46 christos Exp $ +# $NetBSD: Makefile,v 1.7 2019/03/08 20:40:05 christos Exp $ .include USE_SHLIBDIR= yes CPPFLAGS+=-D_REENTRANT -LIBDPLIBS+=pthread ${NETBSDSRCDIR}/lib/libpthread +#LIBDPLIBS+=pthread ${NETBSDSRCDIR}/lib/libpthread LIB=blacklist SRCS=bl.c blacklist.c MAN=libblacklist.3 Modified: stable/12/contrib/blacklist/lib/libblacklist.3 ============================================================================== --- stable/12/contrib/blacklist/lib/libblacklist.3 Wed Feb 5 17:21:36 2020 (r357580) +++ stable/12/contrib/blacklist/lib/libblacklist.3 Wed Feb 5 18:24:28 2020 (r357581) @@ -1,4 +1,4 @@ -.\" $NetBSD: libblacklist.3,v 1.7 2017/02/04 23:33:56 wiz Exp $ +.\" $NetBSD: libblacklist.3,v 1.8 2017/10/22 10:31:57 abhinav Exp $ .\" .\" Copyright (c) 2015 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -35,7 +35,7 @@ .Nm blacklist_close , .Nm blacklist_r , .Nm blacklist , -.Nm blacklist_sa +.Nm blacklist_sa , .Nm blacklist_sa_r .Nd Blacklistd notification library .Sh LIBRARY