OpenBSD/src nlGH1CMdistrib/sets/lists/man mi

   sync
VersionDeltaFile
1.1767+1-0distrib/sets/lists/man/mi
+1-01 files

OpenBSD/src 7L2cYZGlib/libssl d1_both.c dtls_local.h

   Get rid of struct dtls1_retransmit_state.

   In order to retransmit DTLS messages we potentially need to use the
   record protection from a previous epoch. However, DTLS currently also
   saves and restores the session, which is unnecessary - all of the
   record protection and keys are handled in the TLS record layer.

   Remove the rather useless dtls1_retransmit_state struct and just
   keep the epoch - keeping pointers hanging around to sessions is pretty
   nasty and unnecessary.

   ok kenjiro@ tb@
VersionDeltaFile
1.93+8-19lib/libssl/d1_both.c
1.4+2-7lib/libssl/dtls_local.h
+10-262 files

OpenBSD/src 1jXOor1lib/libssl tls_key_share.c

   Avoid use of uninitialised decode_error variable.

   Pull initialisation of decode_error and invalid_key up to
   tls_key_share_{client,server}_peer_public(), which are the entry points
   for the key share code. The entry point was previously
   tls_key_share_peer_public(), however with the introduction of MLKEM this
   was split into separate client and server functions, without the
   initialisation being included. Also initialise decode_error and
   invalid_params on entry to tls_key_share_peer_params().

   Code that reaches tls_key_share_client_peer_public_mlkem768x25519() could
   previously result in code branching based on decode_error, which is
   uninitialised stack based memory.

   Thanks to Guido Vranken of Aisle Research for reporting this issue.

   With and ok tb@
VersionDeltaFile
1.11+14-10lib/libssl/tls_key_share.c
+14-101 files

OpenBSD/src E1Ndyitusr.bin/tmux format.c

   Add time limit to a couple of other loops.
VersionDeltaFile
1.364+47-29usr.bin/tmux/format.c
+47-291 files

OpenBSD/src 36IcmrKlibexec/ld.so/arm rtld_machine.c

   Add missing bounds check for the relocation flags table.
   ok kettenis@
VersionDeltaFile
1.43+5-2libexec/ld.so/arm/rtld_machine.c
+5-21 files

OpenBSD/src 5zs84CNbin/chmod chmod.c

   High Severity end-of-line whitespace found by GrepTechnologies AI
   ok guenther mlarkin
VersionDeltaFile
1.44+2-2bin/chmod/chmod.c
+2-21 files

OpenBSD/src fdmy5XZusr.bin/rsync sender.c

   callloc -> calloc

   from Jan Schreiber
VersionDeltaFile
1.34+2-2usr.bin/rsync/sender.c
+2-21 files

OpenBSD/src i0lEocbsys/netinet ip_output.c

   fix build with ENCDEBUG defined, broken by rev 1.409
   from Jan Schreiber
VersionDeltaFile
1.417+2-2sys/netinet/ip_output.c
+2-21 files

OpenBSD/src xdddKE3libexec/ld.so library.c library_mquery.c

   Add checks to make sure that the ELF header and program header fit into
   the data we read from the on-disk shared library.  These checks should
   only fail for malformed shared libraries, but failing to load a shared
   library is better than crashing the program because of an out-of-bounds
   access.

   Issue found by Frank Denis using the Swival Security Scanner.

   ok guenther@
VersionDeltaFile
1.98+16-2libexec/ld.so/library.c
1.77+16-2libexec/ld.so/library_mquery.c
+32-42 files

OpenBSD/src 00OMrrlusr.bin/mandoc main.c

   Fix a regression in rev. 1.269 reported by anton@.

   Due to unveil(2), mansearch() can no longer change back to the initial
   working directory.  But check_xr() calls mansearch(), so the main program
   needs to change back if -T lint or -W style is requested, such that these
   work even when multiple relative file names are given on the command line.
VersionDeltaFile
1.271+28-9usr.bin/mandoc/main.c
+28-91 files

OpenBSD/src eb0zU1wlibexec/ld.so/sparc64 rtld_machine.c

   Add missing bounds check for the relocation flags table.
   Found by Frank Denis using the Swival Security Scanner.

   ok guenther@, jsg@
VersionDeltaFile
1.72+4-1libexec/ld.so/sparc64/rtld_machine.c
+4-11 files

OpenBSD/src oCvmj7blib/libc/stdio open_wmemstream.c

   Size is the number of wide characters, not the number of bytes.
   The correct amount of memory was allocated but the stored size did
   not match the allocation due to being multiplied by sizeof(wchar_t).

   Spotted by Frank Denis using the Swival Security Scanner
   OK deraadt@
VersionDeltaFile
1.11+3-3lib/libc/stdio/open_wmemstream.c
+3-31 files

OpenBSD/src 1WVtI9Nusr.bin/pkgconf/libpkgconf config.h

   define HAVE_DECL_REALLOCARRAY to use libc reallocarray()
   ok millert@ tb@
VersionDeltaFile
1.3+1-0usr.bin/pkgconf/libpkgconf/config.h
+1-01 files

OpenBSD/src 4w5kkiksys/kern vfs_syscalls.c

   When I added UF_PLEDGEOPEN in the sys_fchflags() chunk I mistakenly
   used the wrong vnode operation.
   spotted by Frank Denis using the Swival Security Scanner
   ok claudio
VersionDeltaFile
1.381+3-3sys/kern/vfs_syscalls.c
+3-31 files

OpenBSD/src nwzjDYrusr.bin/tmux screen.c tmux.h

   Do not sanitize title when popping it from stack, also add a limit to
   number of pushed titles.
VersionDeltaFile
1.101+16-4usr.bin/tmux/screen.c
1.1311+2-1usr.bin/tmux/tmux.h
+18-52 files

OpenBSD/src sfgq96Jusr.bin/rdistd server.c

   correct bounds test
   found with smatch, ok tb@ deraadt@
VersionDeltaFile
1.50+3-2usr.bin/rdistd/server.c
+3-21 files

OpenBSD/src UE6rwrmsys/kern kern_pledge.c

   Frank Denis using the Swival Security Scanner concludes that
   kill(0,sig) should not be allowed because of a source code comment.
   Actually, kill of the default pgid 0 MUST be allowed or large amounts
   of userland software won't work.  What pledge prevents is playing with
   other process groups (ie. -pid where pid is not 0) which require
   permission from the "proc" pledge.  Killing the default pgrp 0 is a
   common way for privsep (and other) software to tear itself down it's
   process trees, for cases where a pipe read of 0 doesn't work.
   The current behaviour is intentional, and the proposed diff was not
   considered nor tested for consequences.
   Change the comment very subtly to see which AI/human collaboration fails next.
VersionDeltaFile
1.357+2-2sys/kern/kern_pledge.c
+2-21 files

OpenBSD/src BqNeZjkregress/lib/libcrypto/wycheproof Makefile

   wycheproof: add regress target to ensure proper go formatting
VersionDeltaFile
1.13+5-2regress/lib/libcrypto/wycheproof/Makefile
+5-21 files

OpenBSD/src lcnEFwTsys/kern kern_time.c

   Use the correct struct itemerval when recording the old value for ktrace.
   This fixes a potential information leak from an uninitializes stack
   variable.
   Found by Frank Denis using the Swival Security Scanner.

   ok deraadt@
VersionDeltaFile
1.171+2-2sys/kern/kern_time.c
+2-21 files

OpenBSD/src jUvmONHusr.bin/tmux screen.c

   Add missing flags to screen_mode_to_string and do not write before
   before if any are missed, second bit from qingliu at alauda dot io.
VersionDeltaFile
1.100+7-2usr.bin/tmux/screen.c
+7-21 files

OpenBSD/src 3feVztmusr.bin/tmux control.c

   Discard queued data and clear offsets when turning pane off to prevent
   later read of data that has been removed. From Aaron Campbell in GitHub
   issue 5054.
VersionDeltaFile
1.56+4-1usr.bin/tmux/control.c
+4-11 files

OpenBSD/src LSNbksxusr.sbin/eigrpd packet.c

   In eigrp the TLV encoding includes the header length in the length encoding.

   So check that the minimal length is at least that of the TLV header.
   OK renato@
VersionDeltaFile
1.24+3-2usr.sbin/eigrpd/packet.c
+3-21 files

OpenBSD/src ZwBiQ7Nusr.sbin/ldpd notification.c

   Fix minimal length check for notification status messages.

   Found while reviewing all the length checks in ldpd.
   OK renato@
VersionDeltaFile
1.47+2-2usr.sbin/ldpd/notification.c
+2-21 files

OpenBSD/src kMqu512usr.sbin/ldpd labelmapping.c

   Unlike all other TLV encodings in ldp the sub-tlv includes the header size
   in its length. Therefore check that the size is at least that of the header.

   OK renato@
VersionDeltaFile
1.70+3-2usr.sbin/ldpd/labelmapping.c
+3-21 files

OpenBSD/src uG3wpFTusr.sbin/ldpd address.c

   Ensure that alt_len includes at least the size of alt.family member
   to ensure that the parser is not going off the rails.

   OK renato@
VersionDeltaFile
1.36+2-2usr.sbin/ldpd/address.c
+2-21 files

OpenBSD/src FVh1eoQsys/dev/fdt rkrng.c rkclock.c

   Add RK3576 support.

   ok dlg@
VersionDeltaFile
1.9+51-3sys/dev/fdt/rkrng.c
1.99+5-1sys/dev/fdt/rkclock.c
1.71+1-0sys/dev/fdt/rkclock_clocks.h
+57-43 files

OpenBSD/src t3Uyo1dsys/dev/pci/drm/include/linux xarray.h

   add parentheses around use of a macro argument
VersionDeltaFile
1.11+1-1sys/dev/pci/drm/include/linux/xarray.h
+1-11 files

OpenBSD/src 3AtEbwIusr.sbin/rpki-client mft.c ip.c

   rpki-client: convert ip.c and mft.c to ASN1_BIT_STRING_get_length()

   This isn't the greatest of APIs, but we're going to be stuck with it
   since better APIs depend on libcrypto not doing the implicit truncation
   nonsense, which only OpenSSL 4 and BoringSSL dropped by now.

   Some of the error checks become now unreachable. This will be cleaned
   up another time.

   ok claudio job
VersionDeltaFile
1.137+11-6usr.sbin/rpki-client/mft.c
1.39+7-7usr.sbin/rpki-client/ip.c
+18-132 files

OpenBSD/src KXcbsSxusr.sbin/rpki-client ccr.c

   rpki-client: convert ccr.c to ASN1_BIT_STRING_set1()

   This becomes slightly simpler and more correct with this change.
   In particular, this now makes sure that the unused bits are set
   to 0 as required by the DER.

   ok claudio job
VersionDeltaFile
1.37+4-8usr.sbin/rpki-client/ccr.c
+4-81 files

OpenBSD/src eap5xTFsbin/iked ikev2.c

   check address size; from markus via millert
VersionDeltaFile
1.398+7-3sbin/iked/ikev2.c
+7-31 files