Update libexpat to version 2.8.1.
Relevant for OpenBSD are security fixes #1216, other changes #1209.
Library bump is not necessary. CVE-2026-45186
OK tb@
getservice() needs to return the port in host byte order but
getservbyname() returns the value in network byte order. Add some ntohs()
for those poor little endian systems.
OK tb@
ibuf_set_maxsize() need to ensure that the invariants are upheld by
checking also that wpos and size are not bigger then the new max.
If wpos is bigger fail hard, for size the allocation may have been used
before and so do an explicit_bzero() to clear the extra memory out.
OK tb@
Add a guarded .note.GNU-stack section to crypto assembly files.
Add a .note.GNU-stack section to avoid ending up with an executable stack
on toolchains that believe we should have an executable stack by default.
Reported by ruuda on Github.
Discussed with tb@
revert last
KASSERT(x != 0) to prevent division by zero just after doesn't help anything,
division by 0 blows up nicely by itself with a very clear message.
excessive comments and things like useless KASSERTs just make it much harder
to follow the actual code. ok sashan
Fix signed overflow in ieee80211_40mhz_valid_secondary_below().
The secondary_chan variable should be uint8_t instead of int8_t,
matching ieee80211_40mhz_valid_secondary_above().
ok phessler@ stsp@
Update libexpat to version 2.8.0
Relevant for OpenBSD are other changes #1201 #1189 #1203 #1204 #1194
#1202 #1187 #1192 #1171 #1170. Minor library bump is necessary as
XML_SetHashSalt16Bytes() has been added. Security fixes have been
backported in previous commit.
OK tb@
Impose the same MAX_ASPA_SPAS_COUNT limit onto the merged APSA sets that
are sent to the RDE.
The merged ASPA table could in theory become so big that the imsg framework
fails. So limit the merged ASPA set to the same MAX_ASPA_SPAS_COUNT as
the aspa-set { } in the main config and the RTR ASPA PDUs.
Log a warning when a ASPA entry is skipped because of this limit.
There is nothing persisted so the warning will be repeated whenever there
is an update. Since it is highly unlikly that such an big ASPA will ever
exists this is good enough for now.
OK tb@
In merge_aspa_set() do the MAX_ASPA_SPAS_COUNT check the same way it is
done in the rest of the code and by doing so fix a harmless off by one
error.
OK tb@
Track the number of elements in the array instead of the highest possible bit.
The bitmap code tracked the maximum number of bits allowed but that could
trigger an overflow in BITMAP_ROUNDUP() for very big bitmaps.
Move the max from tracking bits to tracking the number of elements in the
array covering the bitmap.
Add extra casts in BITMAP_SETPTR() and BITMAP_GETPTR() to stop 32bit archs
warning about a pointer to int case of different size.
OK tb@
