OpenBSD/src M5lCcn2usr.sbin/rpki-client output.c extern.h

   rpki-client: only output config files on successful run

   While the suggested cronjob is 'rpki-client -v && bgpctl reload' and thus
   only reloads bgpd if rpki-client completes successfully, the output logic
   creates a config file that might still be loaded by an operator by hand.

   If an error occurred in one of the subprocesses, only output ometrics (if
   requested) and do not generate bgpd, bird, csv, json, and ccr.

   ok claudio job
VersionDeltaFile
1.47+13-9usr.sbin/rpki-client/output.c
1.290+2-2usr.sbin/rpki-client/extern.h
1.312+2-2usr.sbin/rpki-client/main.c
+17-133 files

OpenBSD/src kqlbNlgsys/dev/usb usb_subr.c

   Fix a potential 1-byte buffer overflow in usbd_get_string_desc().  The code
   allows for a transfer of up to 255 bytes but the struct behind the
   usb_string_descriptor_t type is only 254 bytes.  This is because USB
   strings are UTF-16 and that leaves a single byte that can't be used in
   a meaningful way.  So truncating transfer to 254 bytes should not break
   devices that are already broken.  Found by Andrew Griffiths.

   ok jsg@, deraadt@
VersionDeltaFile
1.166+4-3sys/dev/usb/usb_subr.c
+4-31 files

OpenBSD/src yt6XrAsusr.bin/tmux menu.c popup.c

   Switch menus also to be attached to the window instead of an overlay and
   drawn as part of the client's scene. This means removing the popup menu.
VersionDeltaFile
1.69+161-132usr.bin/tmux/menu.c
1.76+10-207usr.bin/tmux/popup.c
1.52+187-12usr.bin/tmux/cmd-display-menu.c
1.151+102-3usr.bin/tmux/screen-redraw.c
1.491+62-8usr.bin/tmux/server-client.c
1.1404+20-16usr.bin/tmux/tmux.h
+542-3783 files not shown
+568-3829 files

OpenBSD/src 4rTTxcTusr.bin/tmux window-panes.c tmux.1

   Convert display-panes away from an overlay and into a mode. This is
   another step on the road of getting rid of overlays altogether (they are
   full of special cases; popups and menus are to go also eventually). We
   lose some of the styling of borders but gain the ability to run
   display-panes in another pane (perhaps not hugely useful but one never
   knows). The -b flag goes away as no longer useful.
VersionDeltaFile
1.1+1,067-0usr.bin/tmux/window-panes.c
1.1140+59-31usr.bin/tmux/tmux.1
1.237+44-35usr.bin/tmux/options-table.c
1.95+43-33usr.bin/tmux/layout.c
1.362+23-8usr.bin/tmux/window.c
1.58+19-2usr.bin/tmux/cmd-choose-tree.c
+1,255-10916 files not shown
+1,335-15122 files

OpenBSD/src 0zZ8u5hlib/libskey skeysubr.c

   Use SHA1Final() in libskey.

   S/KEY requires hash output in little endian form, while SHA-1 produces big
   endian output. Rather than using SHA1Pad() and then reaching into the SHA-1
   state directly, use SHA1Final() and then convert to little endian using
   be32toh/htole32.

   ok claudio@ millert@ tb@
VersionDeltaFile
1.37+11-13lib/libskey/skeysubr.c
+11-131 files

OpenBSD/src VjUAsoBusr.sbin/nsd nsec3.c xfrd-catalog-zones.c, usr.sbin/nsd/doc ChangeLog RELNOTES

   merge NSD 4.15.0
VersionDeltaFile
1.3+338-417usr.sbin/nsd/simdzone/configure
1.31+167-39usr.sbin/nsd/nsec3.c
1.23+111-0usr.sbin/nsd/doc/ChangeLog
1.5+90-8usr.sbin/nsd/xfrd-catalog-zones.c
1.26+72-9usr.sbin/nsd/difffile.c
1.21+75-0usr.sbin/nsd/doc/RELNOTES
+853-47328 files not shown
+1,170-56834 files

OpenBSD/src fShA4Ncusr.sbin/nsd metrics.c nsec3.c, usr.sbin/nsd/doc ChangeLog RELNOTES

   import NSD 4.15.0, ok florian
VersionDeltaFile
1.1.1.3+194-157usr.sbin/nsd/metrics.c
1.1.1.16+167-39usr.sbin/nsd/nsec3.c
1.1.1.8+111-0usr.sbin/nsd/doc/ChangeLog
1.1.1.4+90-8usr.sbin/nsd/xfrd-catalog-zones.c
1.1.1.25+72-9usr.sbin/nsd/difffile.c
1.1.1.8+75-0usr.sbin/nsd/doc/RELNOTES
+709-21336 files not shown
+1,093-32442 files

OpenBSD/src 4uo3gd2regress/lib/libcrypto/x509 constraints.c

   Improve name constraints URI host regress.
VersionDeltaFile
1.21+56-11regress/lib/libcrypto/x509/constraints.c
+56-111 files

OpenBSD/src sEo4Zzclib/libcrypto/x509 x509_constraints.c

   Fix X.509 constraints URI host parsing.

   An authority in a URI is only terminated by a slash, question mark or hash,
   however the current code also included colons. This allows a specically
   crafted userinfo to bypass name constraints host checks. Additionally, IPv6
   literals may only be specified when enclosed with square brackets, which is
   not enforced.

   Rewrite parts of the host and IP parsing code to be more strict, fixing
   both of these issues in the process.

   Thanks to Jack Lloyd for reporting the userinfo bypass.

   ok tb@
VersionDeltaFile
1.34+72-29lib/libcrypto/x509/x509_constraints.c
+72-291 files

OpenBSD/src xtmsHXsusr.bin/tmux cmd-split-window.c tmux.1

   Typos and doc fixes, from Ben Boeckel.
VersionDeltaFile
1.144+5-5usr.bin/tmux/cmd-split-window.c
1.1139+8-1usr.bin/tmux/tmux.1
1.404+4-4usr.bin/tmux/format.c
1.420+4-4usr.bin/tmux/window-copy.c
+21-144 files

OpenBSD/src LjKr2Zzsys/sys proc.h

   oops, no the bit is available
VersionDeltaFile
1.399+1-0sys/sys/proc.h
+1-01 files

OpenBSD/src XVPgMbgsys/sys proc.h

   0x08000000 is P_SUSPSIG, so also defining PS_avail0 to the same position
   is misleading
VersionDeltaFile
1.398+1-2sys/sys/proc.h
+1-21 files

OpenBSD/src yETK8tdsys/crypto cryptosoft.c, sys/netinet ipsec_input.c ip_ah.c

   Handle allocation failure and track correct mbuf length in IPComp.
   In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
   not checked.  The mbuf chain could be too short, but the expected
   length is returned as result.  Then ipcomp_input() will not set
   m->m_pkthdr.len to the actual length of the mbuf chain.  This only
   affects decompression, other cases do not need additional memory
   for enlarging.
   from bluhm@; OK deraadt@

   IPComp decompression must not overflow mbuf cluster.
   Check after decompressing an IPComp packet, that the content fits
   into a mbuf cluster.  m_copyback() assumes that it can allocate a
   single mbuf cluster to enlarge the mbuf chain.  That means the
   decompressed data must not exceed MAXMCLBYTES.  Prevent panic:
   m_clget: request for 67948 byte cluster.
   from bluhm@; reported by Homura Akemi, SecBuddyF, Tencent KeenLab; OK mvs@

   IPsec AH must contain replay counter.
   Before reading the replay counter from packet header in ah_input(),

    [10 lines not shown]
VersionDeltaFile
1.91.18.1+18-5sys/crypto/cryptosoft.c
1.222.2.1+9-1sys/netinet/ipsec_input.c
1.179.2.1+5-1sys/netinet/ip_ah.c
+32-73 files

OpenBSD/src AKlsqpHsys/crypto cryptosoft.c, sys/netinet ipsec_input.c ip_ah.c

   Handle allocation failure and track correct mbuf length in IPComp.
   In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
   not checked.  The mbuf chain could be too short, but the expected
   length is returned as result.  Then ipcomp_input() will not set
   m->m_pkthdr.len to the actual length of the mbuf chain.  This only
   affects decompression, other cases do not need additional memory
   for enlarging.
   from bluhm@; OK deraadt@

   IPComp decompression must not overflow mbuf cluster.
   Check after decompressing an IPComp packet, that the content fits
   into a mbuf cluster.  m_copyback() assumes that it can allocate a
   single mbuf cluster to enlarge the mbuf chain.  That means the
   decompressed data must not exceed MAXMCLBYTES.  Prevent panic:
   m_clget: request for 67948 byte cluster.
   from bluhm@; reported by Homura Akemi, SecBuddyF, Tencent KeenLab; OK mvs@

   IPsec AH must contain replay counter.
   Before reading the replay counter from packet header in ah_input(),

    [10 lines not shown]
VersionDeltaFile
1.91.14.1+18-5sys/crypto/cryptosoft.c
1.221.2.1+9-1sys/netinet/ipsec_input.c
1.178.2.1+5-1sys/netinet/ip_ah.c
+32-73 files

OpenBSD/src Ao3YdNesys/dev/ic qwx.c

   run qwx_init() code under splnet()
VersionDeltaFile
1.137+13-4sys/dev/ic/qwx.c
+13-41 files

OpenBSD/src kRUU6jnregress/usr.sbin/bgpd/integrationtests as0.sh exabgp.as0.test2.in

   Run monitor exabgp session on new IP 10.12.57.5.

   10.12.57.2 is used in test1 and since exabgp retries immediatly the
   idleHoldTime of that peer goes up quickly and blocks further connects.
   Before this worked since bgpd sent the notification and the error count
   was not increased and with this immediate retries were possible.
VersionDeltaFile
1.3+3-1regress/usr.sbin/bgpd/integrationtests/as0.sh
1.3+2-2regress/usr.sbin/bgpd/integrationtests/exabgp.as0.test2.in
+5-32 files

OpenBSD/src Yu39M5zsys/dev/pci if_qwx_pci.c

   stop MHI channels and clear MHI event rings when the qwx interface goes down
VersionDeltaFile
1.39+103-32sys/dev/pci/if_qwx_pci.c
+103-321 files

OpenBSD/src 14TCGkosys/dev/pci if_qwx_pci.c

   reset qwx mhi transfer ring "queued" counter to zero when restarting the ring
VersionDeltaFile
1.38+2-1sys/dev/pci/if_qwx_pci.c
+2-11 files

OpenBSD/src jgMXgEJsys/dev/ic qwx.c

   do not zero the entire qwx sc->hal structure during resume

   The structure contains pointers to DMA allocations which are leaked and
   replaced by new allocations during resume if we zero the entire structure.
   At attach time, the structure comes pre-zeroed so an initial memset is
   not needed either.
VersionDeltaFile
1.136+1-4sys/dev/ic/qwx.c
+1-41 files

OpenBSD/src flY6XLzsys/nfs nfs_serv.c nfs_vnops.c

   cleanup when nfsm_srvmtofh1() errors in nfsrv_rename()
   corrects vnode references and namei_pool leak
   reported by Andrew Griffiths of Calif
   from jsg@; initial diff from deraadt@ ok miod@

   remove use of struct nfsm_info in nfs_serv.c (the non-trivial part)
   from jsg@; with and ok miod@

   remove use of struct nfsm_info in nfs_serv.c
   from jsg@; with and ok miod@

   convert nfs_serv.c from nfsm_mtouio() to nfsd_mtouio()
   from jsg@; with and ok miod@

   convert nfs_serv.c from nfsm_strsiz() to nfsd_strsiz()
   from jsg@; with and ok miod@

   convert nfs_serv.c from nfsm_dissect() to nfsd_dissect()
   from jsg@; with and ok miod@

    [106 lines not shown]
VersionDeltaFile
1.133.2.1+431-559sys/nfs/nfs_serv.c
1.209.6.1+100-78sys/nfs/nfs_vnops.c
1.49.10.1+85-4sys/nfs/nfsm_subs.h
1.2.10.1+21-30sys/nfs/nfs_srvsubs.c
1.156.8.1+12-19sys/nfs/nfs_socket.c
1.133.6.1+7-5sys/nfs/nfs_vfsops.c
+656-6952 files not shown
+665-7048 files

OpenBSD/src nCFCcdEsys/dev/ic qwx.c

   do not attempt to clean up qwx Tx rings which are uninitialized
VersionDeltaFile
1.135+3-2sys/dev/ic/qwx.c
+3-21 files

OpenBSD/src he5fHQxsys/nfs nfs_serv.c nfs_vnops.c

   cleanup when nfsm_srvmtofh1() errors in nfsrv_rename()
   corrects vnode references and namei_pool leak
   reported by Andrew Griffiths of Calif
   from jsg@; initial diff from deraadt@ ok miod@

   remove use of struct nfsm_info in nfs_serv.c (the non-trivial part)
   from jsg@; with and ok miod@

   remove use of struct nfsm_info in nfs_serv.c
   from jsg@; with and ok miod@

   convert nfs_serv.c from nfsm_mtouio() to nfsd_mtouio()
   from jsg@; with and ok miod@

   convert nfs_serv.c from nfsm_strsiz() to nfsd_strsiz()
   from jsg@; with and ok miod@

   convert nfs_serv.c from nfsm_dissect() to nfsd_dissect()
   from jsg@; with and ok miod@

    [106 lines not shown]
VersionDeltaFile
1.132.2.2+431-559sys/nfs/nfs_serv.c
1.209.2.1+100-78sys/nfs/nfs_vnops.c
1.49.4.1+85-4sys/nfs/nfsm_subs.h
1.2.2.1+21-30sys/nfs/nfs_srvsubs.c
1.156.2.1+12-19sys/nfs/nfs_socket.c
1.133.2.1+7-5sys/nfs/nfs_vfsops.c
+656-6952 files not shown
+665-7048 files

OpenBSD/src 1oGPYL9sys/dev/ic qwx.c

   properly reset driver and device state if we fail to get RUNNING in qwx_init()
VersionDeltaFile
1.134+40-16sys/dev/ic/qwx.c
+40-161 files

OpenBSD/src OLhgXzxsys/dev/ic qwx.c, sys/dev/pci if_qwx_pci.c

   remove pointless down/up dance in qwx_media_change()

   Already handled by qwx_ioctl() when ieee80211_ioctl() returns ENETRESET.
VersionDeltaFile
1.133+2-20sys/dev/ic/qwx.c
1.37+3-2sys/dev/pci/if_qwx_pci.c
+5-222 files

OpenBSD/src wfRyFDBsys/dev/ic qwx.c

   ensure that qrtr_server state does not race with qwx device during power-on
VersionDeltaFile
1.132+4-4sys/dev/ic/qwx.c
+4-41 files

OpenBSD/src JFR9WXosys/dev/ic qwx.c

   use the ioctl rwlock correctly in qwx_activate()
VersionDeltaFile
1.131+5-3sys/dev/ic/qwx.c
+5-31 files

OpenBSD/src UBRlEWFsys/dev/ic qwx.c

   ensure that rx_ring->bufs_max and freemap are always initialized correctly
VersionDeltaFile
1.130+4-4sys/dev/ic/qwx.c
+4-41 files

OpenBSD/src o3slRl3sys/dev/ic qwx.c

   the qwx init task should not wait for the ioctl lock to become available
VersionDeltaFile
1.129+11-2sys/dev/ic/qwx.c
+11-21 files

OpenBSD/src M9UOOflsys/kern sysv_sem.c sysv_msg.c

   Do not zeroize already zeroed buffer in sysctl_sysvipc(). The
   KERN_SYSVIPC_SEM_INFO case was a part of the big semaphores diff,
   KERN_SYSVIPC_SHM_INFO case to the next one.
   from mvs@; ok deraadt

   Replace semid_ds with semid_ds_kern for in-kernel sysv semaphore
   implementation.
   Note, the buffer used for userland dlivery in sysctl_sysvipc() was
   filled with zeros during allocation, we don't need extra zeroing.
   from mvs@; ok deraadt millert

   Make concurrent sys_msgrcv() wait until we finish message delivery. We
   left acquired message in the queue while we are sleeping in msg_copyout().
   Concurrent sys_msgrcv() could acquire and delete this message.
   Reported-by: syzbot+c80235d951da9769a00f at syzkaller.appspotmail.com
   from mvs@

   Restore msgrcv(2) MSG_NOERROR/E2BIG error path. Silently truncate
   message is not a good idea.

    [74 lines not shown]
VersionDeltaFile
1.66.2.1+119-53sys/kern/sysv_sem.c
1.41.12.1+79-46sys/kern/sysv_msg.c
1.491.2.1+34-11sys/kern/kern_sysctl.c
1.82.2.1+24-7sys/kern/sysv_shm.c
+256-1174 files

OpenBSD/src 6yz7VQrsys/kern sysv_sem.c sysv_msg.c

   Do not zeroize already zeroed buffer in sysctl_sysvipc(). The
   KERN_SYSVIPC_SEM_INFO case was a part of the big semaphores diff,
   KERN_SYSVIPC_SHM_INFO case to the next one.
   from mvs@; ok deraadt

   Replace semid_ds with semid_ds_kern for in-kernel sysv semaphore
   implementation.
   Note, the buffer used for userland dlivery in sysctl_sysvipc() was
   filled with zeros during allocation, we don't need extra zeroing.
   from mvs@; ok deraadt millert

   Make concurrent sys_msgrcv() wait until we finish message delivery. We
   left acquired message in the queue while we are sleeping in msg_copyout().
   Concurrent sys_msgrcv() could acquire and delete this message.
   Reported-by: syzbot+c80235d951da9769a00f at syzkaller.appspotmail.com
   from mvs@

   Restore msgrcv(2) MSG_NOERROR/E2BIG error path. Silently truncate
   message is not a good idea.

    [74 lines not shown]
VersionDeltaFile
1.65.2.1+119-53sys/kern/sysv_sem.c
1.41.8.1+79-46sys/kern/sysv_msg.c
1.483.2.1+35-11sys/kern/kern_sysctl.c
1.81.2.1+24-7sys/kern/sysv_shm.c
+257-1174 files