If the PCIe link is down, provide access to config space for bus 0, but
return 0xffffffff (and ignore writes) for other busses. This gets rid of
the "can't initialize hardware" messages that confuse some users and
better matches what happens on other platforms with PCIe when a slot is
empty.
ok jca@
pkcs7: don't use i and j for NIDs in PKCS7_dataDecode()
There's no need to assign to i before the switch and j is a terrible
name for a NID. Inline the latter and switch directly over the return
value of OBJ_obj2nid().
ok jsing kenjiro
pkcs7: avoid assignment to i in PKCS7_dataInit()
We can switch over the return value of OBJ_obj2nid() rather than using i
for an indirection.
ok jsing kenjiro
pkcs7: Simplify PKCS7_type_is_other()
Remove unnecessary isOther and nid variables and use direct returns.
The function should probably be removed...
ok jsing kenjiro
SECURITY update to openvpn-2.7.2
fix race condition in TLS handshake that could lead to leaking of packet
data from a previous handshake under specific circumstances
(CVE-2026-40215)
fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key (CVE-2026-35058)
Other changes: https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst
ok naddy@
Simplify PKCS7_get_issuer_and_serial()
The i variable is unused. Likewise for the first assignment to ri.
Instead of an incomplete check that idx is in range, which still
results in a NULL deref if idx < 0, check if ri is not NULL before
accessing, as sk_value() checks the index correctly.
ok jsing kenjiro
lang/gawk: do not pick up gettext-tools in configure
configure picks up xgettext and it is then used during the build, but
to no effect.
Reported by jca@
Drop -Winline from CDIAGFLAGS it breaks on sparc64
On sparc64 ssh/unittests/kex fails to build with:
usr.bin/ssh/libcrux_mlkem768_sha3.h:8196: warning: inlining failed
in call to 'libcrux_ml_kem_polynomial_ZERO_89_ea':
--param max-inline-insns-single limit reached
OK djm@ (long time ago) reminded by tb@
Fix orc riscv64-specific code paths
orc previously failed to build because of inconsistent #ifdefs that
exposed Linux-only calls. While here hook up call to
(__builtin)__clear_cache and correct default assumptions (the 'V'
extension can't be assumed, on any OS).
Prompted by a report from matthieu@, maintainer timeout, ok sthen@
add missing build dep. it wouldn't build without the build dep being
available, so no need for a REVISION bump.
noticed by myself and naddy on arm64 and amd64 bulk package builds.
OK sthen@
x86: rename and clean up __copy_from_user_inatomic_nocache()
From Linus Torvalds
03fd014cd9f3a3d173740ab9c5cbede82fd6322c in linux-6.18.y/6.18.24
5de7bcaadf160c1716b20a263cf8f5b06f658959 in mainline linux
