Properly export the bitmap count and size.
I decided to not pull in rdemem into bitmap.c so instead create
bitmap_get_stats() which is called in the IMSG_CTL_SHOW_RIB_MEM
handler to update the rdemem stats before the exporting them.
OK tb@
mlkem: use timingsafe_memcmp() in decapsulation
Replace memcmp() with timingsafe_memcmp() when comparing the
re-encrypted ciphertext.
FIPS 203 Section 6.3 defines this comparison result as a secret piece
of intermediate data that must not be revealed in any form.
ok tb
Do not use recallocarray because the stored size may have changed during
reflow so may not match what it expects, fixes crash reported by Caspar
Schutijser.
zlib: zero out allocation to avoid info leak (part of ZLB-01-003)
commit ecbaf031f81ddfcff200dcfd052df48c9047f3cf
Author: Mark Adler <git at madler.net>
Date: Sun Jan 11 09:46:29 2026 -0800
Zero inflate state on allocation.
To further guard against the propagation of uninitialized memory.
inflateCopy: fix a heap info leak (part of ZLB-01-003)
commit 3509ab515f29002f64455d6e34e19df0c16b1707
Author: Mark Adler <git at madler.net>
Date: Sun Dec 21 18:34:14 2025 -0800
Copy only the initialized window contents in inflateCopy.
To avoid the propagation and possible disclosure of uninitialized
memory contents.
On 2026-03-09 British Columbia will go from daylight to standard
time, without a UT offset change. That is, its 2026-03-08 spring
forward will be its last foreseeable clock change, as it will move
to permanent -07 thereafter. (Thanks to Arthur David Olson.)
Update to 2026agtz from https://github.com/JodaOrg/global-tz
o Moldova has used EU transition times since 2022.
o Remove Europe/Chisinau from zonenow.tab, as it now agrees with
Europe/Athens for future timestamps.
Add some stats for the use of bitmaps.
Only account for the extended bitmaps that allocate extra memory.
The count is much lower since up to 127 bits the map uses the struct
bitmap itself for storage but tracking those is more complicated.
OK tb@
Fix relayd reload race crash
Instead of terminating with fatalx() when a private key hash cannot be
found, log a warning and send an error back to the relay worker.
This prevents a race condition during "reload" where a request might
reach the CA process while keys are being repopulated.
Reported by Nick Owens; thanks!
OK tb@
ssh-agent supports a "query" extension that allows a client to request
a list of extensions it support. This makes this capability available
to ssh-add via the -Q flag.
ok markus@
With IANA codepoints for draft-ietf-sshm-ssh-agent now allocated,
it's safe to start using the standard names for requesting agent
forwarding over the @openssh.com extension names we've used to date.
Support for the standard names is advertised via EXT_INFO. When the
client sees such support it will use the new names preferentially,
but the existing names remain supported unconditionally.
ok markus@
Inspecting Flag(FTALKING) to activate curses in the spot chosen by the
previous commit seems to fail in some circumstances because of order
of operations in ksh startup. So move the test and curses initialization
immediately before the tputs() calls.
discussion with tb
correctness wrt draft-ietf-sshm-ssh-agent:
extension requests should indicate failure using
SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE
error code. This allows the client to discern between "the request
failed" and "the agent doesn't support this extension".
ok markus@
relayd: replace unneeded engine.h with needed x509.h
Adjust a comment. Being non-existent, the OpenSSL engine layer cannot be
responsible for whatever unholy hacks this code requires.
