OpenBSD/src Ne4H7nxregress/lib/libc/asr regress.subr

   asr regress: /etc/networks was removed in 2018
VersionDeltaFile
1.5+1-2regress/lib/libc/asr/regress.subr
+1-21 files

OpenBSD/src 4y6pFkUregress/lib/libc/asr/bin Makefile.inc

   asr regress: set -Wno-unused-but-set-variables in CFLAGS

   This allows building without modifying some debugging code.
VersionDeltaFile
1.3+2-1regress/lib/libc/asr/bin/Makefile.inc
+2-11 files

OpenBSD/src ZA7qqbDregress/lib/libc/asr/bin threads.c

   asr regress: extern three variables to fix build with -fcommon
VersionDeltaFile
1.2+4-4regress/lib/libc/asr/bin/threads.c
+4-41 files

OpenBSD/src JToRF5ksys/net trunklacp.c trunklacp.h

   remove unused trunklacp code

   trunklacp.c is not built since January's
   'remove lacp support from trunk(4)'

   ok dlg@
VersionDeltaFile
1.35+1-1sys/net/trunklacp.c
1.15+1-1sys/net/trunklacp.h
+2-22 files

OpenBSD/src SCYT7ghsbin/ifconfig ifconfig.c, sys/net if_trunk.h

   make ifconfig build without trunklacp.h

   The only used part of trunklacp.h in ifconfig is LACP_STATE_BITS.
   Add it to if_trunk.h so trunklacp.h can be removed.

   ok dlg@
VersionDeltaFile
1.34+12-1sys/net/if_trunk.h
1.481+1-2sbin/ifconfig/ifconfig.c
+13-32 files

OpenBSD/src taetC1Qregress/usr.sbin/bgpd/integrationtests Makefile

   Add forgotten addpath regress test.
VersionDeltaFile
1.28+2-2regress/usr.sbin/bgpd/integrationtests/Makefile
+2-21 files

OpenBSD/src 5sCH7Yyusr.sbin/bgpd rde_attr.c rde.c

   Use unsigned int for the length variable when traversing the others array.

   Doing this in all places now after fixing an overflow in attr_optadd().

   OK tb@ deraadt@
VersionDeltaFile
1.144+14-8usr.sbin/bgpd/rde_attr.c
1.697+3-3usr.sbin/bgpd/rde.c
1.135+3-2usr.sbin/bgpd/mrt.c
1.194+3-2usr.sbin/bgpd/rde_update.c
+23-154 files

OpenBSD/src dATIJ9Tusr.sbin/bgpd bgpd.h

   Convert grestart.timeout to uint16_t while the value can never be negative
   the compiler trips over this in a comparison with u_int.

   OK tb@
VersionDeltaFile
1.541+5-5usr.sbin/bgpd/bgpd.h
+5-51 files

OpenBSD/src lY1vYJsusr.sbin/bgpd parse.y

   Reduce maximum configurable stale time to CAPA_GR_TIMEMASK (4095) since
   that is the maximum anyway.

   OK tb@
VersionDeltaFile
1.489+5-5usr.sbin/bgpd/parse.y
+5-51 files

OpenBSD/src LUPAbwFlib/libc/gen getgrent.c

   A collection of AI-assisted reports come from Frank Denis, which says that
   the YP getgrent code when doing YP operations has a group of buffer
   mismanagement issues which in the reports are labelled 'high severity'.
   This fixes the buffer checks.
   The big question to ask is this: Is a malicious YP server going to
   send you messages that exercise a buffer overflow codepath, or are
   they going to send you perfectly correct messages containing wrong group members?
   The old-school ypserv model was that you run ypserv on a "trusted network"
   segment, which today is laughable but it matched operations in that era.
   (Our) new operational model is that ypbind is reached with a custom system call
   and provides trusted path to a an on-host ypserv, which is more likely to be
   the ypldap(8) LDAP schema to YP protocol converter.
   If a YP server is broken and sending bad messages, THIS code is the least
   of your worries.  High severity?  No.
   ok millert jmatthew
VersionDeltaFile
1.52+13-1lib/libc/gen/getgrent.c
+13-11 files

OpenBSD/src IQXSShjlib/libc/gen getpwent.c

   A collection of AI-assisted reports come from Frank Denis, which says that
   the YP getpwent code when doing YP operations has a group of buffer
   mismanagement issues which in the reports are labelled 'high severity'.
   This fixes the buffer checks.
   In reality, the memory being operated on is always a full page so the
   overflow onto unmanagement memory is hard to see as a risk.
   The big question to ask is this: Is a malicious YP server going to
   send you messages that exercise a buffer overflow codepath, or are
   they going to send you perfectly correct messages containing :0:0: ?
   The old-school ypserv model was that you run ypserv on a "trusted network"
   segment, which today is laughable but it matched operations in that era.
   (Our) new operational model is that ypbind is reached with a custom system call
   and provides trusted path to a an on-host ypserv, which is more likely to be
   the ypldap(8) LDAP schema to YP protocol converter.
   If a YP server is broken and sending bad messages, THIS code is the least
   of your worries.  High severity?  No.
   ok millert jmatthew
VersionDeltaFile
1.74+8-11lib/libc/gen/getpwent.c
+8-111 files

OpenBSD/src M1PBetalib/libc/gen getpwent.c

   In the yp_next() case, on error the key memory is leaked.
   Hiding in an unrelated diff from Frank Denis
   ok millert jmatthew
VersionDeltaFile
1.73+3-2lib/libc/gen/getpwent.c
+3-21 files

OpenBSD/src iyb0O37usr.sbin/bgpd session.c

   In session_graceful_restart() also arm the SessionDown timer

   session_graceful_restart() does more or less the same as session_down()
   and therefor needs to arm the SessionDown timer and on top of that
   update stats.last_updown. The interval for the SessionDown timer needs
   to depend on the graceful restart timer, since that one needs to fire
   first.

   OK tb@
VersionDeltaFile
1.533+10-2usr.sbin/bgpd/session.c
+10-21 files

OpenBSD/src WIJeJHjsbin/iked ikev2.c

   check address size; from markus via millert
   from deraadt@

   this is errata/7.7/042_iked.patch.sig
VersionDeltaFile
1.391.4.2+7-3sbin/iked/ikev2.c
+7-31 files

OpenBSD/src sDltN1qsbin/iked ikev2.c

   check address size; from markus via millert
   from deraadt@

   this is errata/7.8/036_iked.patch.sig
VersionDeltaFile
1.394.2.2+7-3sbin/iked/ikev2.c
+7-31 files

OpenBSD/src YSkUFCLsys/nfs nfs_serv.c

   Add checks for invalid dir count and max size for readdir/readdirplus.

   A zero count or max size value is now rejected early instead of
   relying on VOP_GETATTR to return an error.  Also verify that the
   max size after rounding up to a multiple of DIRBLKSIZ is positive.
   A negative value would turn into a large allocation, causing the
   malloc() to fail.

   From an LLM bug report.  With help from miod@ and kirill@.
   from millert@

   this is errata/7.7/041_nfs.patch.sig
VersionDeltaFile
1.131.4.2+34-23sys/nfs/nfs_serv.c
+34-231 files

OpenBSD/src gyENLM5sys/nfs nfs_serv.c

   Add checks for invalid dir count and max size for readdir/readdirplus.

   A zero count or max size value is now rejected early instead of
   relying on VOP_GETATTR to return an error.  Also verify that the
   max size after rounding up to a multiple of DIRBLKSIZ is positive.
   A negative value would turn into a large allocation, causing the
   malloc() to fail.

   From an LLM bug report.  With help from miod@ and kirill@.
   from millert@

   this is errata/7.8/035_nfs.patch.sig
VersionDeltaFile
1.132.2.1+34-23sys/nfs/nfs_serv.c
+34-231 files

OpenBSD/src 83mUMKtlib/libexpat Changes, lib/libexpat/lib xmlparse.c internal.h

   Backport fixes from libexpat version 2.8.0.

   Relevant for OpenBSD are security fixes #47 #1183.  Library bump
   is not necessary.  CVE-2026-41080

   OK tb@

   this is errata/7.7/040_expat.patch.sig
VersionDeltaFile
1.42.4.4+58-38lib/libexpat/lib/xmlparse.c
1.30.4.4+16-0lib/libexpat/Changes
1.13.4.2+2-0lib/libexpat/lib/internal.h
+76-383 files

OpenBSD/src 4aCTgaglib/libexpat Changes, lib/libexpat/lib xmlparse.c internal.h

   Backport fixes from libexpat version 2.8.0.

   Relevant for OpenBSD are security fixes #47 #1183.  Library bump
   is not necessary.  CVE-2026-41080

   OK tb@

   this is errata/7.8/034_expat.patch.sig
VersionDeltaFile
1.44.2.3+56-38lib/libexpat/lib/xmlparse.c
1.32.2.3+16-0lib/libexpat/Changes
1.15.2.1+2-0lib/libexpat/lib/internal.h
+74-383 files

OpenBSD/src HAYZFeGlib/libcrypto crypto_assembly.h, lib/libcrypto/sha sha256_amd64_shani.S sha256_aarch64_ce.S

   Use macros for global functions and objects within SHA assembly.

   This lets us remove some of the repetitive statements and allows for them
   to be adjusted for various platforms.

   ok kenjiro@ tb@
VersionDeltaFile
1.5+23-1lib/libcrypto/crypto_assembly.h
1.7+6-10lib/libcrypto/sha/sha256_amd64_shani.S
1.10+4-7lib/libcrypto/sha/sha256_aarch64_ce.S
1.7+4-7lib/libcrypto/sha/sha1_amd64_shani.S
1.9+4-7lib/libcrypto/sha/sha256_amd64_generic.S
1.7+4-7lib/libcrypto/sha/sha512_amd64_generic.S
+45-393 files not shown
+53-539 files

OpenBSD/src p8Gfsnzlib/libcrypto crypto_assembly.h, lib/libcrypto/sha sha512_aarch64_ce.S sha256_aarch64_ce.S

   Use defines for symbol offsets in aarch64 assembly.

   These also very between platforms.

   ok kenjiro@ tb@
VersionDeltaFile
1.4+6-1lib/libcrypto/crypto_assembly.h
1.7+3-3lib/libcrypto/sha/sha512_aarch64_ce.S
1.9+3-3lib/libcrypto/sha/sha256_aarch64_ce.S
+12-73 files

OpenBSD/src STs8jeZlib/libcrypto crypto_assembly.h, lib/libcrypto/sha sha256_amd64_generic.S sha1_amd64_shani.S

   Use defines for text and rodata section names in SHA assembly.

   These vary between platforms.

   ok kenjiro@ tb@
VersionDeltaFile
1.3+11-1lib/libcrypto/crypto_assembly.h
1.8+3-3lib/libcrypto/sha/sha256_amd64_generic.S
1.6+3-3lib/libcrypto/sha/sha1_amd64_shani.S
1.8+3-3lib/libcrypto/sha/sha256_aarch64_ce.S
1.6+3-3lib/libcrypto/sha/sha512_amd64_generic.S
1.6+3-3lib/libcrypto/sha/sha256_amd64_shani.S
+26-162 files not shown
+31-218 files

OpenBSD/src EeW7Jc4lib/libcrypto/sha sha512_amd64_generic.S sha256_amd64_generic.S

   Use a define based instruction separator in SHA assembly.

   Unfortunately, not all assemblers use the same instruction separator.
   In particular, LLVM on macOS uses %% as an instruction separator, while
   most other assemblers use a semi-colon.

   ok kenjiro@ tb@
VersionDeltaFile
1.5+59-57lib/libcrypto/sha/sha512_amd64_generic.S
1.7+59-57lib/libcrypto/sha/sha256_amd64_generic.S
1.6+36-34lib/libcrypto/sha/sha1_amd64_generic.S
1.6+18-14lib/libcrypto/sha/sha1_aarch64_ce.S
1.5+17-13lib/libcrypto/sha/sha512_aarch64_ce.S
1.5+15-13lib/libcrypto/sha/sha256_amd64_shani.S
+204-1883 files not shown
+230-2029 files

OpenBSD/src 3YkrGnksys/netinet ipsec_input.c

   In ipsec_common_input_cb() ensure that the packet size does not overflow
   the maximum packet size before writing the value back to the IP header.
   IPv4 and IPv6 have slightly different rules and so do it per AF.

   OK millert@
VersionDeltaFile
1.223+9-1sys/netinet/ipsec_input.c
+9-11 files

OpenBSD/src zGgJGtklib/libagentx ax.c

   Include the padding length when testing the remaining bytes in an octet
   string, to prevent a size_t underflow on a malformed packet and make us run
   into infinity.

   Same diff as for snmpd
VersionDeltaFile
1.12+2-2lib/libagentx/ax.c
+2-21 files

OpenBSD/src s2mFhhWusr.sbin/bgpd session.c

   Template peers need to check xp->rdesession to know if the RDE has the
   session running or not. Right now it checks the template itself which
   is never synced.

   OK tb@
VersionDeltaFile
1.532+2-2usr.sbin/bgpd/session.c
+2-21 files

OpenBSD/src oAGfINzusr.sbin/snmpd ax.c

   Include the padding length when testing the remaining bytes in an octet
   string, to prevent a size_t underflow on a malformed packet and make us run
   into infinity.

   OK deraadt@
VersionDeltaFile
1.8+2-2usr.sbin/snmpd/ax.c
+2-21 files

OpenBSD/src GEeHBuZusr.sbin/bgpctl parser.c

   Default to STDIN_FILENO for the mrtfd so that the documented behaviour of
   using stdin in show mrt, if no file argument is used, is restored.

   OK tb@
VersionDeltaFile
1.140+3-3usr.sbin/bgpctl/parser.c
+3-31 files

OpenBSD/src mi3MV7Vusr.sbin/bgpd rde_adjout.c

   Typecast idx to size_t so that the comparison is safe on 32bit arch.

   idx < 0 was already checked so casting this value from signed to unsigned
   is safe.

   OK tb@
VersionDeltaFile
1.17+2-2usr.sbin/bgpd/rde_adjout.c
+2-21 files

OpenBSD/src somb7ZPusr.sbin/bgpd session_bgp.c

   KNF
VersionDeltaFile
1.8+2-2usr.sbin/bgpd/session_bgp.c
+2-21 files