BSD Commit Log Search

   avoid calling free() on an uninitialised pointer from an error path
   ok sashan@ henning@

   Update supported features for Foot, from Meriel Luna Mittelbach in
   GutHub issue 5079.

   Add missing memcpy calls for auth_key_in / out in merge_auth_conf()

   This was broken when refactoring the code for RTR and only affects
   manual IPSec setups which are very uncommon.

   OK tb@

   Error handling the double reallocarray in ch_table_resize() is tricky.

   In case of a realloc failure for the meta tables the ch_tables arrays
   was already successfully reallocated. Doing the free(tables) in the error
   path results in a use-after-free scenario and instead on error ch_tables
   just needs to be updated to this new table. Since the ch_level is not
   adjusted the next time, reallocarray will be called on a memory block
   that is already big enough which is a NOP and so this is safe.
   Further cleanup will follow.

   OK tb@

   Do not crash if set progress bar with no pane, from Dane Jensen.

   use nowake for sleep wait channel instead of an uninitialised
   stack variable

   avoids a -Wuninitialized-const-pointer warning with clang 22
   ok jca@

   avoid validating bad cipher or mac lists in config files / commandline
   arguments as valid.

   Identified by SUSE and reported by Camila Camargo de Matos

   ok deraadt@ tb@

   fix hard-to-reach NULL deref during pubkey auth

   To hit this, the user must be using a PEM style private key with no
   corresponding .pub key adjacent to it.

   rpki-client: fix incomplete strncmp() check

   The directory path in rp->repouri doesn't end in a '/' itself, so check
   that the uri containing an unused file points at something below it.

   Pointed out by Frank Denis

   ok claudio job

   Fix bad sizes in certain graceful restart imsgs.

   The move to use more u_int for aid also changed the imsgs
   IMSG_SESSION_STALE, IMSG_SESSION_NOGRACE, IMSG_SESSION_FLUSH, and
   IMSG_SESSION_RESTARTED. The problem was that not all senders were
   adjusted.

   OK tb@

   Update libexpat to version 2.8.1.

   Relevant for OpenBSD are security fixes #1216, other changes #1209.
   Library bump is not necessary.  CVE-2026-45186

   OK tb@

   getservice() needs to return the port in host byte order but
   getservbyname() returns the value in network byte order. Add some ntohs()
   for those poor little endian systems.

   OK tb@

   ibuf_set_maxsize() need to ensure that the invariants are upheld by
   checking also that wpos and size are not bigger then the new max.

   If wpos is bigger fail hard, for size the allocation may have been used
   before and so do an explicit_bzero() to clear the extra memory out.

   OK tb@

   check_sym: do not run output commands twice

   ok guenther@

   Add a guarded .note.GNU-stack section to crypto assembly files.

   Add a .note.GNU-stack section to avoid ending up with an executable stack
   on toolchains that believe we should have an executable stack by default.

   Reported by ruuda on Github.

   Discussed with tb@

   Fix buglet introduced in 1.85; from clang -Wsometimes-uninitialized via jsg@

   Fix double-close on header-step failure

   OK job@

   sync

   Dropbear recently added a -Q option; use it to query KEX if available.

   Make pane offsets signed, needed for floating panes.

   Turn off the "is this a paste" guessing if the terminal supports bracket
   pasting instead, GitHub issue 5031.

   Check FIONREAD for all panes not just piped panes, fixes issues with
   tests, GitHub issue 4807.

   revert last
   KASSERT(x != 0) to prevent division by zero just after doesn't help anything,
   division by 0 blows up nicely by itself with a very clear message.
   excessive comments and things like useless KASSERTs just make it much harder
   to follow the actual code. ok sashan

   Fix infinite loop due to underflow when redrawing scrollbar, from Pavel
   Lavrukhin in GitHub issue 4932.

   Fix control mode teardown ordering for queued pane output, GitHub issue
   5064 from Aaron Campbell.

   Introduce MAX_ADDPATH_COUNT (set to 100) and use this as the maximum
   for the add-path send plus and max arguments.

   OK tb@

   make sure the command is set to config when writing config register bits

   prompted by a -Wuninitialized-const-pointer warning from clang 21
   ok deraadt@

   Fix signed overflow in ieee80211_40mhz_valid_secondary_below().
   The secondary_chan variable should be uint8_t instead of int8_t,
   matching ieee80211_40mhz_valid_secondary_above().

   ok phessler@ stsp@

   Update libexpat to version 2.8.0

   Relevant for OpenBSD are other changes #1201 #1189 #1203 #1204 #1194
   #1202 #1187 #1192 #1171 #1170.  Minor library bump is necessary as
   XML_SetHashSalt16Bytes() has been added.  Security fixes have been
   backported in previous commit.

   OK tb@

   usr.sbin/httpd: widen server flags to 64-bit integers

   OK job@