Add special handling of TEST_SSH_HOSTBASED_AUTH=setupandrun.
This will MODIFY THE CONFIG OF THE SYSTEM IT IS RUNNING ON to enable
hostbased authentication to/from itself and run the hostbased tests. It
won't undo these changes, so don't do this on a system where this matters.
Declare font media types as specified in RFC 8081.
application/vnd.oasis.opendocument.formula-template is now associated
with the file extension odft rather than otf.
ok tb@
clarify that Authorized(Keys|Principals)(File|Command) are only
consulted for valid users.
clarify that TOKENS are expanded without sanitisation or escaping
and that it's the user's reponsibility to ensure their usage is
safe.
prompted by bz3936; feedback/ok deraadt@
Protect IGMP and MLD6 fast timer with rwlock.
Multicast interface addresses for IPv4 and IPv6 get their own per
interface lock. Protect the TAILQ if_maddrlist with rwlock
if_maddrlock. Also struct in_multi and in6_multi use this lock for
their state and timer. Sleeps in malloc(9) are possible. Run IGMP
and MLD6 fast timeout with shared instead of exclusive net lock.
To prevent calling ip_output() or ip6_output() while holding the
multicast lock, delay igmp_sendpkt() and mld6_sendpkt(). All
information that is needed to create and send a multicast packet
is stored in igmp_pktinfo or mld6_pktinfo. If necessary, multiple
pktinfo are queued. After the lock has been released, packes are
sent based on pktinfo.
OK mvs@
Found another deeply hidden open /dev/null O_RDWR which was happening
in awk -safe mode. Reproducer is awk -safe '{ close("/dev/stdin"); }
Rerrange the pledges and unveils to make it work.
ok millert dgl
The percentage heuristic has failed for me on 40% of the machines
I run, so it is clear it is going to fail for many more people when
the next release comes out. It is wrong, back it out.
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
this is errata/7.7/031_sack.patch.sig
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
this is errata/7.8/025_sack.patch.sig
Ignore TCP SACK packets with invalid sequence numbers.
Due to an integer overflow, sequence numbers in selective ACK packets
were accepted. Such packets caused a NULL pointer dereference in
the TCP stack, resulting in a kernel crash.
Reported by Nicholas Carlini at anthropic dot com
with deraadt@; OK markus@
Backport fixes from libexpat version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
OK tb@
this is errata/7.7/030_expat.patch.sig
Backport fixes from libexpat version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
this is errata/7.8/024_expat.patch.sig
switch iwx(4) MA devices to -89 firmware images
Also fix the firmware filename for MA HR devices, and do not try to
load a non-existent .pnvm file for these devices.
tested by + ok kettenis@
drm/amd: Fix a few more NULL pointer dereference in device cleanup
From Mario Limonciello
38f1640db7f8bf57b9e09c5b0b8b205a598f1b3e in linux-6.18.y/6.18.19
72ecb1dae72775fa9fea0159d8445d620a0a2295 in mainline linux
