BSD Commit Log Search

   mdoc fixes

   add .Nm for __pledge_open, makes 'man __pledge_open' work

   sys/iwx: increase maximal VHT A-MPDU from 64K to 1024K

   OK: stsp@

   remove whitespace at eol

   spelling

   make ddb output visible when entering ddb from X on amdgpu

   add a call to drm_fb_helper_restore_fbdev_mode_unlocked()
   to amdgpu_enter_ddb() otherwise ddb output can't be seen

   not required on inteldrm or radeondrm

   devel/codex: update to 0.118.0

   Clean up vmctl, remove use of vmd's log.c.

   This reimplements simpler versions of logging functions needed for
   linking the qcow and raw disk image code from vmd.

   Also cleans up the Makefile a bit, removing atomicio.c which is
   unused.

   ok mlarkin@

   sysutils/docker-buildx: update to 0.33.0

   misc/llama.cpp: update to b8598

   devel/libggml: update to 0.9.9

   lang/scala: update to 3.8.3

   Re-order WRKDIST assignment in bsd.port.mk, so that dist-tuple can work
   with it. So far, it has been bypassed in common cases by the logic for
   DISTNAME. With this in place, add the quirk for codeberg which uses
   ${WKRDIR}/${_project} as the WRKDIST.

   With this, ports using DIST_TUPLE=codeberg... should no longer need to
   set WRKDIST.

   ok sthen@

   update p5-YAML-Syck to 1.42

   update

   delete AMD smt related line accidentally deleted

   warn if hw.smt is used, and recommend hw.blockcpu

   Some new intel machines have a new 3rd tier of cpus called LP-E which are
   E-core (Atom) without L3 cache.  These cpus are Lethargic, and it sucks
   when processes migrate to them.
   This introduces sysctl hw.blockcpu= which takes a sequence of 4 letters.
   S (for SMT), P (regular performance cpu), E (efficient cpu) generally
   80% to 50% as fast), and L (lethargic cpu) which are even slower.
   By setting this, you can select cpus to kick out of the scheduler.  The
   default is SL.
   The hw.smt sysctl remains for now but we will eventually delete it.
   hw.smt changes and follows hw.blockcpu=S.
   ok kettenis mlarkin

   add ci_cputypes field which will be needed by an upcoming MI change
   ok kettenis

   fix packaging for gtk3 flavour

   Attempt to power on attached USB hubs.  Add support for SpacemiT K1.

   ok phessler@, jca@, jsing@

   Recognize SpacemiT X60 and X100 cores.

   ok jsg@

   Fix an off-by-one error in the X.509 verifier depth checking.

   In x509_verify_build_chains(), ensure that we check the current depth
   against max_depth prior to turning it into a legacy-style depth index.
   Additionally, add a guard to x509_verify_chain_append() so that we avoid
   exceeding the maximum certs per chain, even if we fail to handle this
   correctly elsewhere. Also prevent the legacy callback from being able
   to override the maximum verification depth.

   The current off-by-one allows for a 4 byte overwrite to occur on heap
   allocated memory - this will likely trigger a crash on OpenBSD (but may
   go unnoticed elsewhere). This is only reachable if a TLS client is talking
   to a malicious server or if a TLS server has client certificate
   verification enabled - in both cases the verification depth also needs to
   be set to the maximum allowed value of 32.

   It is worth noting that many TLS clients/servers set the maximum
   verification depth to a value that is much less than the default. A libtls
   client or server uses a default depth of 6 and is not impacted in this

    [6 lines not shown]

   Update prometheus to the last LTS release (3.5.1)

   This drops two patches which are unneeded. First the Makefile workaround
   to skip the asset build step is unneeded, instead use
   PREBUILT_ASSETS_STATIC_DIR. Second drop the compress_assets.sh diff
   and replace it with a BDEP on shell/bash -- too much bashism there.

   Update the patch-mmap_openbsd to work with 3.5.1 and extend it to also
   cover the chunks and head chunks. This should fix a frequent panic seen
   when head chunks are rotated.
   Note: all of this is an ugly workaround because OpenBSD lacks a unified
   view between mmap and read/write calls.

   Some help and testing done by Alvar Penning (post at 0x21.biz)
   OK sthen@

   Add additional X.509 verifier test cases.

   The second case (14b) currently triggers a bug in the new verifier.

   Run new test certificate bundles through Go's verifier.

   Add additional certificate test bundles.

   Generate two additional certificate test scenarios which have deep chains.

   better error message if anoncvs server admin forgets to enable rsyncd, found by tb@

   update to rspamd-4.0.0

   this probably won't affect most users, but:

   "Action required for per-user Bayes with Redis sharding: Jump Hash has
   been replaced with Ring Hash (Ketama). Run rspamadm statistics_dump
   migrate after upgrading or accept temporary accuracy loss as data is
   re-learned. Single Redis server setups are not affected."