BSD Commit Log Search

   As a temporary hack, model the timezone change for America/Vancouver
   as occurring on 2026-11-01 02:00, not on 2026-03-09.  This allows
   for a transition period where America/Vancouver still shows as PDT.

   It also replaces "-07" with "MST" post-transition until such time
   as a better abbreviation is chosen.

   With it's own daemonization / fd cleaning code, ssh-agent opens /dev/null
   O_RDWR after a pledge without "wpath".  This is allowed in current pledge
   because "/dev/null" is implicitly allowed to be opened even with the most
   restrictive pledges or unveils.  This is a design decision in pledge made
   at the very beginning, to satisfy libc requirements.  We've finally had
   enough experience and know how to fix that in the near-future, but need
   to review and fix all code which opens these implicit paths.
   The fix is to add "wpath", so that "/dev/null" can be opened O_RDWR.
   But that is uncomfortable, so we add unveil() allowing "/" with "r",
   4 unveil "x" for the potential askpass and helpers to be execve'd,
   and "/dev/null" with "wr".  As a result filesystem access is substantially
   more restricted than before, and ssh-agent is ready for the future pledge
   change.
   ok djm dtucker

   Stop doing access() before execve().  It is a TOCTOU, but also it
   forces use of unveil "rx" instead of "x".
   This is done by using a pipe() through the fork+execve attempt to
   expose execve failure and create the same error return as the access()
   used to do.
   ok djm dtucker

   Use the (no YP, non-threaded) cleaned up copy of getpwent.c placed into
   usr.bin/chpass instead of reaching around into libc and using crazy cpp
   options.
   In the near future the libc version will have more substantial changes
   (intersecting with pledge and unveil) which are much more difficult to
   manage using cpp features, so we stop this reacharound into libc subtree.

   Remove #ifdef's relating to YP and threading, and directives for symbol
   visibility when compiled inside the libc environment.

   Verbatim copy of /usr/src/lib/libc/gen/getpwent.c to here, which will
   be cleaned up for local purposes in the next steps.

   zlib: add missing cast to reduce diff between userland and kernel

   zlib: avoid double assignment to strm->msg

   harmless merge error from

   commit 4480ad49db70b6d2b90da94cc0d4755aace8a632
   Author: tb <tb at openbsd.org>
   Date:   Sun Jun 30 05:16:17 2024 +0000

       cast string literals with z_const char *

       from upstream 2ba25b2ddab9aa939c321d087fcfca573a9cca55

   zlib: sync with userland

   zlib: fix heap info leak in deflateCopy (ZLB-01-005)

   commit 84045903ee415efbfaf6d3d443224c2f3a1daea0
   Author: Mark Adler <git at madler.net>
   Date:   Sat Jan 10 21:34:20 2026 -0800

       Copy only the initialized deflate state in deflateCopy.

       To avoid the propagation and possible disclosure of uninitialized
       memory contents.

   Add support for more line speeds.

   ok deraadt@

   ignore tar files while diffing destdirs for syspatch as we don't care about them

   Properly export the bitmap count and size.

   I decided to not pull in rdemem into bitmap.c so instead create
   bitmap_get_stats() which is called in the IMSG_CTL_SHOW_RIB_MEM
   handler to update the rdemem stats before the exporting them.

   OK tb@

   mlkem: use timingsafe_memcmp() in decapsulation

   Replace memcmp() with timingsafe_memcmp() when comparing the
   re-encrypted ciphertext.

   FIPS 203 Section 6.3 defines this comparison result as a secret piece
   of intermediate data that must not be revealed in any form.

   ok tb

   tmux: don't leak menu if the tty is too small to display it

   ok nicm

   Do not use recallocarray because the stored size may have changed during
   reflow so may not match what it expects, fixes crash reported by Caspar
   Schutijser.

   add ${VERSION_SCRIPT} to CLEANFILES

   ok tb@, yasuoka@; input from miod@

   Move OpenBSD CVS ID marker to top of file to avoid conflicts when
   syncing changes to portable.

   Replace u_intXX_t types with the equivalent C99 uintXX_t types to match
   similar change to the main ssh code.

   zlib: sync with userland

   zlib: zero out allocation to avoid info leak (part of ZLB-01-003)

   commit ecbaf031f81ddfcff200dcfd052df48c9047f3cf
   Author: Mark Adler <git at madler.net>
   Date:   Sun Jan 11 09:46:29 2026 -0800

       Zero inflate state on allocation.

       To further guard against the propagation of uninitialized memory.

   zlib: sync with userland

   inflateCopy: fix a heap info leak (part of ZLB-01-003)

   commit 3509ab515f29002f64455d6e34e19df0c16b1707
   Author: Mark Adler <git at madler.net>
   Date:   Sun Dec 21 18:34:14 2025 -0800

       Copy only the initialized window contents in inflateCopy.

       To avoid the propagation and possible disclosure of uninitialized
       memory contents.

   Fix incorrect condition for creating client name, from Vlad Apostol in
   GitHub issue 4911.

   Fix previous, I put the + stats->bitmap_size outside the fmt_mem() calculation.

   On 2026-03-09 British Columbia will go from daylight to standard
   time, without a UT offset change.  That is, its 2026-03-08 spring
   forward will be its last foreseeable clock change, as it will move
   to permanent -07 thereafter.  (Thanks to Arthur David Olson.)

   Update to 2026agtz from https://github.com/JodaOrg/global-tz
    o Moldova has used EU transition times since 2022.
    o Remove Europe/Chisinau from zonenow.tab, as it now agrees with
      Europe/Athens for future timestamps.

   Add some stats for the use of bitmaps.

   OK tb@

   Add some stats for the use of bitmaps.

   Only account for the extended bitmaps that allocate extra memory.
   The count is much lower since up to 127 bits the map uses the struct
   bitmap itself for storage but tracking those is more complicated.

   OK tb@

   Add pane_pipe_pid with pipe fd and call setpgid to make it easier to kill.