BSD Commit Log Search

   one empty line is enough for anyone

   Simplify, always use FAT16 LBA for the boot partition.

   PR 60360: make the default /boot partition on evbarm 64MB if we need
   the dtb set (the newer dtb files overflow the old 32mb default).
   In ACPI environments where we do not need dtb installed, do not select
   the set by default.

   Ticket #319

   Pull up the following revisions, requested by martin in ticket #319:

   x usr.sbin/sysinst/Makefile.inc                      1.53
   usr.sbin/sysinst/arch/amd64/Makefile         1.3
   usr.sbin/sysinst/arch/i386/Makefile          1.3
   usr.sbin/sysinst/arch/sparc64/Makefile               1.2
   usr.sbin/sysinst/gpt.c                               1.33
   usr.sbin/sysinst/label.c                     1.52
   usr.sbin/sysinst/msg.mi.de                   1.56-1.58
   usr.sbin/sysinst/msg.mi.en                   1.57-1.59
   usr.sbin/sysinst/msg.mi.es                   1.47-1.49
   usr.sbin/sysinst/msg.mi.fr                   1.50-1.52
   usr.sbin/sysinst/msg.mi.pl                   1.53-1.55
   usr.sbin/sysinst/partman.c                   1.58
   usr.sbin/sysinst/util.c                              1.79,1.80

        sysinst(8): PR 60331, 60224, 60133, 60333, 60334:
        various installer fixes:
         - deal with the machine not having any disk available

    [6 lines not shown]

   Added test case for on-demand connection of pppoe(4)

   sppp: Make IFF_RUNNING and IFF_LINK1 handling MP-safe

   Introduce new fields to struct sppp that sync with IFF_RUNNING
   and IFF_LINK1 for MP-safe access.

   sppp: Add new API notifying connection abort to prevent stall

   Keep reconnecting in lower layers after Down event

   This reverts the behavior to match NetBSD-8 and earlier.

   sppp: use atomic_loadstore(9) to read and write sp->pp_last_activity

   doc: libarchive 3.8.8 is out

   Enable RTC, minor clean up.

   Add support for M41T62 as present on Sam460ex.

   Put back __HAVE_UNLOCKED_PMAP for MI PMAP. risc-v and mips broke.

   tests/usr.sbin/inetd/t_accept_max: Handle SIGKRE.

   Fix some cleanup issues and simplify according to most of kre's
   suggestions.  Mostly this fixes the kill-background-jobs-on-trap
   logic by not trying to kill the nonexistent %0, and killing each job
   individually so `kill' doesn't stop early if one doesn't exist.

   I'm keeping the idiom `: >foo' and `: <foo' because I think it's a
   little clearer than a bare `>foo' or `<foo', and I'm keeping the -e
   and -u on shell scripts (except the one-liners) because I want to get
   early feedback as much as possible about unexpected failure modes --
   even if it counterintuitively elides some feedback.

   (I also generally use -o pipefail out of habit for the same reason
   but I'll acquiesce to removing it here in a short script where there
   are definitely no pipes.)

   PR bin/59645: inetd `rate-limiting' algorithm is stupid

   diff3(1): Just use waitpid(2), no need for kevent(2).

   Sidesteps

   PR kern/60358: kevent EVFILT_PROC races with process exit

   in order to fix

   PR bin/60357: diff3(1): tests are failing since BSD diff import

   The FreeBSD version used kevent(2) until February of this year:
   https://cgit.freebsd.org/src/commit/?id=404753664a5e145d98f1749d1c7bc046c8aa32c3
   So this reduces diff from FreeBSD somewhat, except FreeBSD uses
   capsicum and process fds rather than pids.

   netpgpverify(1): Mark DSA test broken on sparc64.

   PR bin/59823: netpgpverify broken for PGP since switch to gcc 14.3

   tests/usr.bin/c++: Mark various profile and pic profile tests xfail.

   PR toolchain/59710: various pic profile tests are failing and/or broken

   tests/usr.bin/c++: Mark xfails for alpha pie business.

   PR port-alpha/60356: pie tests are failing on alpha

   Re-enable -m68020-60 to compile the floppies - with the gcc currently
   in tree this makes binaries shrink a tiny bit so the floppies
   fit again.

   libarchive: Fix cpio(1) tests.

   1. When dropping privileges, setegid to the _gid_ of user `nobody',
      not to the _uid_ of user `nobody'.

   2. In the test, grant that user access to the atf test working
      directory so it can execute the `bsdcpio' symlink we create in
      order to get argv[0] set appropriately for the error messages that
      the test checks for.

   PR bin/60353: cpio(1): tests are failing to run at all

   s/deay/delay/ in comment.

   inetd(8): Fix sh(1) trap save/restore in accept-max test.

   Fixes mysterious

   Failed: 1

   failures like this one:

   https://releng.netbsd.org/b5reports/i386/2026/2026.06.22.22.27.17/test.html#usr.sbin_inetd_t_accept_max_max2_kv

   PR bin/59645: inetd `rate-limiting' algorithm is stupid

   wg(4): Don't leak a prop_dictionary_t on every ioctl!

   PR kern/60349: experimental wg(4) leaks memory on ioctl

   wg(4): Gracefully refuse excess allowed IP address ranges.

   PR kern/60232: kernel panic when adding a wireguard peer with too
   many allowed IP addresses

   wg(4): Drop KASSERT on result of crypto_scalarmult.

   The result of this check is not relevant to security of the protocol,
   either for static peer identity keys or for ephemeral handshake keys.
   See comments for details.

   We can't simply write

        (void)crypto_scalarmult(...);

   because the function was tagged with warn_unused_result.  And
   apparently libsodium may leave the output uninitialized if the check
   fails.  So just yield zero instead of stack garbage / UB -- stack
   garbage is probably actually fine since it is immediately hashed into
   something that won't match anything so downstream logic will just drop
   it, but UB might invite nefarious compilers to cause trouble.

   PR security/60106: wg(4) should properly handle invalid or insecure
   ephemeral Curve25119 public keys

   wg(4): Add a test case for too many allowed IP address ranges.

   PR kern/60232: kernel panic when adding a wireguard peer with too
   many allowed IP addresses

   wg(4): Add test case for bad ephemeral handshake public keys.

   wg(4) should not crash on an assertion if they appear on the network;
   it should just gracefully drop them as forgeries, if a MITM attempted
   to send them without knowledge of a peer's public key, or accept
   them, if a peer legitimately sent them, since that peer could just as
   well simply forward the plaintext of the session on to the NSA.

   PR kern/60106: wg(4) should properly handle invalid or insecure
   ephemeral Curve25119 public keys

   wg(4): Add test case for bad peer public keys.

   wg(4) should not crash on an assertion if they are used -- it should
   just gracefully accept them, with degraded security, since a peer
   that maliciously provides an invalid public key is no worse than a
   peer that voluntarily exposes all its plaintext anyway.

   PR kern/60106: wg(4) should properly handle invalid or insecure
   ephemeral Curve25119 public keys

   Break out and expand FDT property parsing for awge(4) FDT attachment
   frontends

   This uses the device tree's possible burst length bus interface settings,
   and improves performance on, for instance, Rockchip RK3399