OpenBSD/src EyGXaxxsys/nfs nfs_socket.c

by jsg on ⎇
   switch nfs_getreq() to nfsd_adv()

   from miod@ ok jsg@

   This round of commits was prompted by a double-free report
   from Andrew Griffiths at Calif.

   server nfs request mbuf pointers were stored in two structs:
   nmi_mrep in struct nfsm_info
   nd_mrep in struct nfsrv_descript
   but only set to NULL after m_freem() in nmi_mrep

   This problem is avoided by removing the use of struct nfsm_info
   in the server paths and passing struct nfsrv_descript to
   new versions of the nfsm functions.
VersionDeltaFile
1.158+8-18sys/nfs/nfs_socket.c
+8-181 files

OpenBSD/src 1KLkffBsys/nfs nfs_serv.c

by jsg on ⎇
   remove use of struct nfsm_info in nfs_serv.c (the non-trivial part)

   with and ok miod@
VersionDeltaFile
1.149+23-137sys/nfs/nfs_serv.c
+23-1371 files

OpenBSD/src gH6cVX8sys/nfs nfs_serv.c

by jsg on ⎇
   remove use of struct nfsm_info in nfs_serv.c

   with and ok miod@
VersionDeltaFile
1.148+123-200sys/nfs/nfs_serv.c
+123-2001 files

OpenBSD/src GwV5iLxsys/nfs nfs_serv.c

by jsg on ⎇
   convert nfs_serv.c from nfsm_mtouio() to nfsd_mtouio()

   with and ok miod@
VersionDeltaFile
1.147+2-4sys/nfs/nfs_serv.c
+2-41 files

OpenBSD/src hz7bCzPsys/nfs nfs_serv.c

by jsg on ⎇
   convert nfs_serv.c from nfsm_strsiz() to nfsd_strsiz()

   with and ok miod@
VersionDeltaFile
1.146+6-6sys/nfs/nfs_serv.c
+6-61 files

OpenBSD/src xNU2ytDsys/nfs nfs_socket.c

by jsg on ⎇
   convert nfs_socket.c from nfsm_dissect() to nfsd_dissect()

   with and ok miod@
VersionDeltaFile
1.157+8-5sys/nfs/nfs_socket.c
+8-51 files

OpenBSD/src HiyFkhrsys/nfs nfs_serv.c

by jsg on ⎇
   convert nfs_serv.c from nfsm_dissect() to nfsd_dissect()

   with and ok miod@
VersionDeltaFile
1.145+35-34sys/nfs/nfs_serv.c
+35-341 files

OpenBSD/src gwWvB9Osys/nfs nfs_serv.c

by jsg on ⎇
   remove nfsm_info argument from nfsm_srvmtofh1()

   with and ok miod@
VersionDeltaFile
1.144+33-55sys/nfs/nfs_serv.c
+33-551 files

OpenBSD/src rh8vXnWsys/nfs nfs_serv.c

by jsg on ⎇
   remove nfsm_info argument from nfsm_reply()

   callers all set info.nmi_mreq = NULL

   with and ok miod@
VersionDeltaFile
1.143+75-72sys/nfs/nfs_serv.c
+75-721 files

OpenBSD/src Vx6ZMtnsys/nfs nfs_serv.c

by jsg on ⎇
   make nfsm_srvnamesiz() take an nfsrv_descript argument

   with and ok miod@
VersionDeltaFile
1.142+24-24sys/nfs/nfs_serv.c
+24-241 files

OpenBSD/src zjTN81Isys/nfs nfs_serv.c

by jsg on ⎇
   make nfsm_srvmtofh2() take an nfsrv_descript argument

   with and ok miod@
VersionDeltaFile
1.141+74-28sys/nfs/nfs_serv.c
+74-281 files

OpenBSD/src qesik41sys/nfs nfs_srvsubs.c nfs_serv.c

by jsg on ⎇
   make nfsm_srvsattr() take an nfsrv_descript argument

   with and ok miod@
VersionDeltaFile
1.5+14-23sys/nfs/nfs_srvsubs.c
1.140+16-9sys/nfs/nfs_serv.c
1.71+2-2sys/nfs/nfs_var.h
+32-343 files

OpenBSD/src J3wXlR7sys/nfs nfsm_subs.h

by jsg on ⎇
   add nfsrv_descript versions of nfsm functions

   ok miod@
VersionDeltaFile
1.52+82-1sys/nfs/nfsm_subs.h
+82-11 files

OpenBSD/src s9MzmI3sys/nfs nfs_serv.c nfs_vnops.c

by jsg on ⎇
   remove nmi_mb from struct nfsm_info

   ok miod@
VersionDeltaFile
1.139+204-181sys/nfs/nfs_serv.c
1.213+96-77sys/nfs/nfs_vnops.c
1.135+7-5sys/nfs/nfs_vfsops.c
1.51+1-2sys/nfs/nfsm_subs.h
+308-2654 files

OpenBSD/src zxJ407dsys/nfs nfs_serv.c

by jsg on ⎇
   make nfsm_srvmtofh1() take an mbuf argument

   ok miod@
VersionDeltaFile
1.138+26-26sys/nfs/nfs_serv.c
+26-261 files

OpenBSD/src KtV1lGmsys/nfs nfs_serv.c nfs_srvsubs.c

by jsg on ⎇
   make nfsm_srvwcc() take an mbuf argument

   ok miod@
VersionDeltaFile
1.137+24-24sys/nfs/nfs_serv.c
1.4+5-5sys/nfs/nfs_srvsubs.c
1.70+2-2sys/nfs/nfs_var.h
+31-313 files

OpenBSD/src lmVs4gHsys/nfs nfs_vnops.c nfs_subs.c

by jsg on ⎇
   make nfsm_fhtom() take an mbuf argument

   ok miod@
VersionDeltaFile
1.212+22-22sys/nfs/nfs_vnops.c
1.152+4-4sys/nfs/nfs_subs.c
1.134+3-3sys/nfs/nfs_vfsops.c
1.69+2-2sys/nfs/nfs_var.h
+31-314 files

OpenBSD/src nBdFW73sys/nfs nfs_serv.c

by jsg on ⎇
   make nfsm_srvpostop_fh() take an mbuf argument

   ok miod@
VersionDeltaFile
1.136+7-7sys/nfs/nfs_serv.c
+7-71 files

OpenBSD/src 4T3dS7msys/nfs nfs_serv.c nfs_srvsubs.c

by jsg on ⎇
   make nfsm_srvpostop_attr() take an mbuf argument

   ok miod@
VersionDeltaFile
1.135+32-32sys/nfs/nfs_serv.c
1.3+5-5sys/nfs/nfs_srvsubs.c
1.68+2-2sys/nfs/nfs_var.h
+39-393 files

OpenBSD/src hAo91y8sys/nfs nfs_serv.c

by jsg on ⎇
   make nfsm_reply() take an mbuf argument

   ok miod@
VersionDeltaFile
1.134+77-71sys/nfs/nfs_serv.c
+77-711 files

OpenBSD/src qzoT38Ssys/nfs nfs_vnops.c nfsm_subs.h

by jsg on ⎇
   make nfsm_strtom() take an mbuf argument

   ok miod@
VersionDeltaFile
1.211+13-13sys/nfs/nfs_vnops.c
1.50+4-3sys/nfs/nfsm_subs.h
+17-162 files

OpenBSD/src b62kI7Xgnu/usr.bin/perl regcomp_study.c

by afresh1 on ⎇
   Upstream patch for buffer overflow in 32-bit perl

   * CVE-2026-8376
       https://lists.security.metacpan.org/cve-announce/msg/40396161/
       Perl versions through 5.43.10 have a heap buffer overflow when
       compiling regular expressions with a repeated fixed string on 32-bit
       builds
VersionDeltaFile
1.2+89-174gnu/usr.bin/perl/regcomp_study.c
+89-1741 files

OpenBSD/src znydDs5gnu/usr.bin/perl/cpan/IO-Compress/bin zipdetails, gnu/usr.bin/perl/cpan/IO-Compress/lib/File GlobMapper.pm

by afresh1 on ⎇
   Upstream patches for IO-Compress perl dist

   * CVE-2026-48961
       https://lists.security.metacpan.org/cve-announce/msg/40434383/
       IO::Compress versions from 2.207 before 2.220 for Perl ship a
       zipdetails CLI tool that crashes with undefined subroutine on
       Info-ZIP Unix Extra Field with 8-byte UID or GID

   * CVE-2026-48962
       https://lists.security.metacpan.org/cve-announce/msg/40434385/
       IO::Compress versions before 2.220 for Perl can execute arbitrary
       code in File::GlobMapper via an attacker-controlled output glob

   * CVE-2025-15649
       https://lists.security.metacpan.org/cve-announce/msg/40434380/
       IO::Uncompress::Unzip versions before 2.215 for Perl propagate
       uncaught exception when parsing zip header with malformed DOS date

   * CVE-2026-48959

    [3 lines not shown]
VersionDeltaFile
1.2+108-55gnu/usr.bin/perl/cpan/IO-Compress/t/globmapper.t
1.8+90-23gnu/usr.bin/perl/cpan/IO-Compress/bin/zipdetails
1.8+43-9gnu/usr.bin/perl/cpan/IO-Compress/lib/File/GlobMapper.pm
1.11+16-4gnu/usr.bin/perl/cpan/IO-Compress/lib/IO/Uncompress/Unzip.pm
+257-914 files

OpenBSD/src xkJUDI2gnu/usr.bin/perl/cpan/HTTP-Tiny/lib/HTTP Tiny.pm

by afresh1 on ⎇
   Upstream patch for HTTP-Tiny perl dist

   * CVE-2026-7010
       https://lists.security.metacpan.org/cve-announce/msg/39952806/
       HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in
       HTTP request lines or control field header values
VersionDeltaFile
1.10+8-0gnu/usr.bin/perl/cpan/HTTP-Tiny/lib/HTTP/Tiny.pm
+8-01 files

OpenBSD/src 5kDjAsggnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive Tar.pm, gnu/usr.bin/perl/cpan/Archive-Tar/t 04_resolved_issues.t

by afresh1 on ⎇
   Upstream patches for Archive-Tar perl dist

   * CVE-2026-42496
       https://lists.security.metacpan.org/cve-announce/msg/40396459/
       Archive::Tar versions before 3.08 for Perl extract symlinks with
       attacker controlled targets outside the extraction directory

   * CVE-2026-42497
       https://lists.security.metacpan.org/cve-announce/msg/40396457/
       Archive::Tar versions before 3.08 for Perl extract hardlinks to
       attacker controlled paths outside the extraction directory

   * CVE-2026-9538
       https://lists.security.metacpan.org/cve-announce/msg/40396448/
       Archive::Tar versions before 3.10 for Perl allow memory exhaustion
       via attacker controlled entry size field in tar header
VersionDeltaFile
1.2+150-48gnu/usr.bin/perl/cpan/Archive-Tar/t/04_resolved_issues.t
1.11+47-1gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive/Tar.pm
+197-492 files

OpenBSD/src 7RFiFasusr.bin/tmux window.c server-client.c

by nicm on ⎇
   Fix mouse events on tiled pane status line - when panes share a border,
   prefer the pane for which the border is the status line. With Dane
   Jensen.
VersionDeltaFile
1.331+22-2usr.bin/tmux/window.c
1.464+3-7usr.bin/tmux/server-client.c
+25-92 files

OpenBSD/src URIEaorusr.bin/tmux window-tree.c

by nicm on ⎇
   Fix squash-groups skipping every session, GitHub issue 5180 from Bryce
   Miller.
VersionDeltaFile
1.79+5-5usr.bin/tmux/window-tree.c
+5-51 files

OpenBSD/src 7ACuy1lusr.bin/tmux server-acl.c cmd-server-access.c

by nicm on ⎇
   Allow ACLs to use groups as well as users, GitHub issue 4917.
VersionDeltaFile
1.3+135-89usr.bin/tmux/server-acl.c
1.5+50-46usr.bin/tmux/cmd-server-access.c
1.1074+31-9usr.bin/tmux/tmux.1
1.1339+9-7usr.bin/tmux/tmux.h
1.31+11-3usr.bin/tmux/proc.c
+236-1545 files

OpenBSD/src 4DbJZIXusr.bin/tmux format.c tmux.1

by nicm on ⎇
   Add a relative time option for time formatting, GitHub issue 5009.
VersionDeltaFile
1.374+51-2usr.bin/tmux/format.c
1.1073+9-3usr.bin/tmux/tmux.1
+60-52 files

OpenBSD/src IP7Tjjnusr.bin/tmux tmux.1 window-tree.c

by nicm on ⎇
   Add a -h flag to choose-tree and choose-client to hide the pane
   containing the mode, intended for use with floating panes. From Michael
   Grant, GitHub issue 5177.
VersionDeltaFile
1.1072+37-11usr.bin/tmux/tmux.1
1.78+16-2usr.bin/tmux/window-tree.c
1.39+13-3usr.bin/tmux/window-client.c
1.55+5-5usr.bin/tmux/cmd-choose-tree.c
+71-214 files