OpenBSD/src VgQRBlEusr.sbin/rpki-client validate.c extern.h

   Limit the length of filenames as they appear in various ASN.1 fields to 255

   OK tb@
VersionDeltaFile
1.83+7-2usr.sbin/rpki-client/validate.c
1.280+7-1usr.sbin/rpki-client/extern.h
1.138+4-2usr.sbin/rpki-client/mft.c
1.237+2-3usr.sbin/rpki-client/cert.c
1.44+2-2usr.sbin/rpki-client/rsc.c
+22-105 files

OpenBSD/src sLVTfBulib/libcrypto/x509 x509_prn.c

   x509_prn: zap more than useless comments
VersionDeltaFile
1.11+1-8lib/libcrypto/x509/x509_prn.c
+1-81 files

OpenBSD/src I6suLKolib/libcrypto/x509 x509_prn.c

   x509_prn: hoist unknown_ext_print() above its only caller; drop prototype
VersionDeltaFile
1.10+25-29lib/libcrypto/x509/x509_prn.c
+25-291 files

OpenBSD/src fdF6O8Blib/libcrypto/asn1 tasn_prn.c

   asn1_print_obstring_ctx: cast to const char * rather than char *

   Another call to BIO_dump_indent() that cast away const for no good reason.
VersionDeltaFile
1.30+2-2lib/libcrypto/asn1/tasn_prn.c
+2-21 files

OpenBSD/src lQ2dq2Zlib/libcrypto/x509 x509_prn.c

   unknown_ext_print: avoid casting away const

   The BIO_dump_indent() API masterpiece expects a const char pointer as
   input. Don't cast away const when suppressing pointer sign warnings.

   Prompted by a report by N. Dossche

   ok kenjiro
VersionDeltaFile
1.9+2-2lib/libcrypto/x509/x509_prn.c
+2-21 files

OpenBSD/src QifK1j6lib/libcrypto/x509 x509_prn.c

   Ensure X509V3_EXT_print() only returns 0 and 1

   In a rare mistake by schwarze, X509V3_EXT_print() is documented to return
   0 and 1. This is also what most internal callers expect.

   However, if either X509V3_EXT_DUMP_UNKNOWN or X509V3_EXT_PARSE_UNKNOWN is
   set, the extension has an unknown NID or on failure to deserialize the
   extension value, the return values of BIO_dump_indent() (which is number
   of bytes written or -1 on error) and ASN1_parse_dump() (which is 0, 1, or
   2 on EOC) are propagated.

   Follow what OpenSSL did and translate to Boolean returns. Error indicators
   are rather useless here since most errors are ignored anyway. Most callers
   do if (!X509V3_EXT_print(...)) but they also pass a zero flag.

   Reported by N. Dossche

   ok kenjiro
VersionDeltaFile
1.8+3-3lib/libcrypto/x509/x509_prn.c
+3-31 files

OpenBSD/src yBd2bWelib/libcrypto/conf ssleay.cnf

   remove unused ssleay.cnf file; ok tb@
VersionDeltaFile
1.2+0-0lib/libcrypto/conf/ssleay.cnf
+0-01 files

OpenBSD/src GKO8Qkllib/libcrypto/man ASN1_parse_dump.3

   ASN1{,_parse}_dump: document return value 2 on EOC

   Prompted by a report by N. Dossche

   ok kenjiro
VersionDeltaFile
1.5+7-3lib/libcrypto/man/ASN1_parse_dump.3
+7-31 files

OpenBSD/src 12TXCaxlib/libcrypto/man BIO_dump.3

   BIO_dump: Xr BIO_printf rather than BIO_write/fwrite

   Prompted by a report by N. Dossche

   ok kenjiro
VersionDeltaFile
1.7+4-6lib/libcrypto/man/BIO_dump.3
+4-61 files

OpenBSD/src vKOYt2Lshare/man/man4 qwz.4

   ifconfig qwz0 down/up is now working.
VersionDeltaFile
1.2+1-6share/man/man4/qwz.4
+1-61 files

OpenBSD/src tEs1Icpdistrib/sets/lists/man mi

   sync
VersionDeltaFile
1.1768+1-0distrib/sets/lists/man/mi
+1-01 files

OpenBSD/src 1Q5RU6psys/dev/ic qwz.c qwzvar.h, sys/dev/pci if_qwz_pci.c

   After ifconfig qwz0 down followed by ifconfig qwz0 up, the second up
   would fail with SIOCSIFFLAGS: Resource temporarily unavailable, and
   after the first failure the device could not be brought up at all
   until reboot. The same symptom appeared when changing nwid while the
   interface was up (which internally does down+up).

   To fix this issue, we do following changes:

   1. Keep the firmware running for the lifetime of the device attachment,
   matching what Linux ath12k does. ifconfig down/up no longer power-cycles
   the chip; it only tears down and re-establishes the per-BSS association.

   2. Reset wmi.unified_ready before sending WMI_INIT so the host
   actually waits for the firmware's ready event instead of returning
   immediately from a stale flag.

   3. Transition firmware to MHI state M3 before resetting the device in
   power_down, so the chip starts from a clean slate on the next power-up.
VersionDeltaFile
1.10+46-15sys/dev/pci/if_qwz_pci.c
1.28+45-15sys/dev/ic/qwz.c
1.16+1-0sys/dev/ic/qwzvar.h
+92-303 files

OpenBSD/src z9WivFPshare/man/man4 pci.4

   Xr qwz
VersionDeltaFile
1.415+4-2share/man/man4/pci.4
+4-21 files

OpenBSD/src twMSDt1share/man/man4 qwz.4 Makefile

   Add qwz(4) man page.

   ok deraadt@
VersionDeltaFile
1.1+146-0share/man/man4/qwz.4
1.878+2-2share/man/man4/Makefile
+148-22 files

OpenBSD/src dA6dUvGetc/etc.amd64 login.conf, etc/etc.arm64 login.conf

   bump datasize to 2176M for the build class in prep for llvm22

   ok deraadt@
VersionDeltaFile
1.28+3-3etc/etc.amd64/login.conf
1.20+3-3etc/etc.arm64/login.conf
1.19+3-3etc/etc.armv7/login.conf
1.23+3-3etc/etc.i386/login.conf
1.11+3-3etc/etc.powerpc64/login.conf
1.11+3-3etc/etc.riscv64/login.conf
+18-186 files

OpenBSD/src I9csxpWsys/sys namei.h

   remove commented-out unused namei structure fields not used for a long time
   ok beck
VersionDeltaFile
1.53+1-5sys/sys/namei.h
+1-51 files

OpenBSD/src ZGfJTMWusr.bin/lex nfa.c

   Fix signed integer overflow in repetition count

   OK millert
VersionDeltaFile
1.13+5-1usr.bin/lex/nfa.c
+5-11 files

OpenBSD/src KzcPdBbusr.sbin/relayd parse.y relayd.c

   relayd: allow explicit paths for certificates, keys and OCSP staples

   Extend the "keypair" keyword in relayd.conf to support optional explicit paths.
   Previously, relayd enforced a naming convention, looking up files in /etc/ssl
   and /etc/ssl/private based on the keypair name.

   This change allows other applications to manage their certificates without
   having to comply with relayd's internal naming logic.

   Input and OK kirill@, help form tb@
VersionDeltaFile
1.263+115-13usr.sbin/relayd/parse.y
1.198+66-23usr.sbin/relayd/relayd.c
1.216+26-5usr.sbin/relayd/relayd.conf.5
1.279+5-2usr.sbin/relayd/relayd.h
+212-434 files

OpenBSD/src uvQLZGjlib/libc/time localtime.c

   incorrect test for error
VersionDeltaFile
1.79+2-2lib/libc/time/localtime.c
+2-21 files

OpenBSD/src IwJU6hKdistrib/special/bioctl Makefile, sbin/bioctl Makefile

   remove -Wno-uninitialized, no warnings seen with gcc4 or clang
   ok dlg@
VersionDeltaFile
1.3+1-2distrib/special/bioctl/Makefile
1.15+1-2sbin/bioctl/Makefile
+2-42 files

OpenBSD/src Ryxtfe7sys/netinet6 frag6.c

   frag6_input(): must always decrement counter when dropping fragment

   Currently frag6_input() does not decrement counter in one case:
   - it is processing fragment with offset 0 which arrives after
   the last fragment (fragment with max. offset)
   - there are more IPv6 extension headers between IPv6 header
   and IPv6 fragment header
   - re-assembled packet exceeds IPV6_MAXPACKET size limit

   if conditions above are met, then fragment gets dropped without
   decrementing counters. This commit fixes that.

   The issue was pointed out by Frank Denis.

   OK bluhm@
VersionDeltaFile
1.96+3-1sys/netinet6/frag6.c
+3-11 files

OpenBSD/src r0ZBVHwlib/libc/sys open.2

   correct mdoc macro ordering
VersionDeltaFile
1.61+3-3lib/libc/sys/open.2
+3-31 files

OpenBSD/src jmmVlJAlib/libc/sys pledge.2

   remove tab at end of line
VersionDeltaFile
1.85+3-3lib/libc/sys/pledge.2
+3-31 files

OpenBSD/src CWghTJulib/libc/time localtime.c

   Insist on opening only regular files. (On OpenBSD, the directory
   case is handled by the kernel, but I want to stop other weird stuff)
   ok millert, dgl
VersionDeltaFile
1.78+13-3lib/libc/time/localtime.c
+13-31 files

OpenBSD/src ufFxq3slib/libc/sys open.2, sys/kern kern_pledge.c vfs_lookup.c

   Make __pledge_open(2) of /etc/localtime and /usr/share/zoneinfo much
   more strict.  If /etc/localtime is a symbolic link, allow one translation
   which must land cleanly in /usr/share/zoneinfo (.. is checked for) otherwise
   error with EACCES.  In /usr/share/zoneinfo, do not allow symbolic links and
   error with ELOOP.
   Alfredo Ortega observed the non-strict handling, but agrees no specific
   exploitability exists.  Changing this took almost a month with many
   discarded prototypes.
   ok beck dgl
VersionDeltaFile
1.358+25-18sys/kern/kern_pledge.c
1.60+25-4lib/libc/sys/open.2
1.92+19-1sys/kern/vfs_lookup.c
1.52+4-1sys/sys/namei.h
+73-244 files

OpenBSD/src mQtr82husr.sbin/ypldap ypldap.c

   If the main process receives an oversized passwd or group entry message from
   the ldap client process, discard it rather than overflowing the struct
   idm_req on the stack.

   Pointed out by Frank Denis
   ok claudio@
VersionDeltaFile
1.32+5-1usr.sbin/ypldap/ypldap.c
+5-11 files

OpenBSD/src buLn6uXusr.sbin/bgpd rde_rib.c

   Rework the re-evaluation of a prefix if PREFIX_FLAG_FILTERED changed.

   The fix committed in rev 1.291 is not quite right. The problem is that
   prefix_evaluate() uses prefix_best() which calls prefix_eligible().
   It is wrong to alter the eligible state of a prefix while it is still
   on the rib list.

   Instead remove the prefix first, toggle the state, then readd it again.
   Even though prefix_evaluate() is called twice the code complexity is
   about the same since the 2 calls only do half the work.

   OK tb@
VersionDeltaFile
1.294+6-4usr.sbin/bgpd/rde_rib.c
+6-41 files

OpenBSD/src DvKQK1Lsys/arch/amd64/conf RAMDISK_CD, sys/arch/arm64/conf RAMDISK

   Enable qwz(4) for amd64 and arm64 RAMDISK.
VersionDeltaFile
1.215+2-2sys/arch/amd64/conf/RAMDISK_CD
1.241+2-2sys/arch/arm64/conf/RAMDISK
+4-42 files

OpenBSD/src mD7KB4dsys/arch/amd64/conf GENERIC, sys/arch/arm64/conf GENERIC

   Enable qwz(4) for amd64 and arm64 GENERIC.
VersionDeltaFile
1.539+2-2sys/arch/amd64/conf/GENERIC
1.315+2-2sys/arch/arm64/conf/GENERIC
+4-42 files

OpenBSD/src hPjSrccsys/dev/ic qwz.c qwzreg.h, sys/dev/pci if_qwz_pci.c

   Get qwz(4) in to an initial working state (assoc/rx/tx).

   Bug fixes (HAL/WMI drift vs. current ath12k):
     1. RX_BE_PADDING0_BYTES 80 -> 8 -- fixes RX-descriptor misalignment
        (dlpager crash, Hexagon 0x23).
     2. Send WMI_VDEV_PARAM_SET_HEMU_MODE = 0 before peer_assoc_cmd --
        clears stale HE-MU state.
     3. volatile cast on dst-ring hp_addr read in
        qwz_hal_srng_access_begin() -- matches SRC branch, fixes ARM64 hoist.
     4. BUFFER_ADDR_INFO1: RET_BUF_MGR GENMASK(10,8) -> (11,8),
        SW_COOKIE (31,11) -> (31,12).
     5. wbm2sw_cc_enable = WBM2SW3_EN only -- keeps HW Cookie Convert off
        the TX rings.
     6. HTT_TX_WBM_COMP_INFO0_STATUS (12,9) -> (16,13); drop bogus
        INFO2_SW_PEER_ID/VALID; add INFO1_REINJECT_REASON,
        INFO1_EXCEPTION_FRAME, INFO2_ACK_RSSI.
     7. REO/TX_RATE_STATS GENMASK shifts
        (HAL_REO_UPD_RX_QUEUE_INFO2_*, HAL_RX_REO_QUEUE_INFO0/1_* +2 bits;
        HAL_TX_RATE_STATS_INFO0_* +1 bit) + new

    [25 lines not shown]
VersionDeltaFile
1.27+411-118sys/dev/ic/qwz.c
1.14+122-39sys/dev/ic/qwzreg.h
1.9+56-6sys/dev/pci/if_qwz_pci.c
1.15+3-1sys/dev/ic/qwzvar.h
+592-1644 files