OpenBSD/src bBJp7rUsys/arch/amd64/amd64 vmm_support.S, sys/arch/amd64/include vmmvar.h

   Adapt inv{vpid,ept} to return success or failure.

   ok mlarkin@
VersionDeltaFile
1.24+18-2sys/arch/amd64/amd64/vmm_support.S
1.95+3-3sys/arch/amd64/include/vmmvar.h
+21-52 files

OpenBSD/src nc25vVtregress/lib/libcrypto/evp evp_test.c

   EVP test: fix includes
VersionDeltaFile
1.9+3-3regress/lib/libcrypto/evp/evp_test.c
+3-31 files

OpenBSD/src crXqtahregress/lib/libcrypto/evp evp_test.c

   EVP test: add regress coverage for the do_all() API
VersionDeltaFile
1.8+132-1regress/lib/libcrypto/evp/evp_test.c
+132-11 files

OpenBSD/src wvJArFulib/libcrypto cert.pem

   Regen cert.pem

   ok sthen

   New Roots for existing CA:
     /CN=Atos TrustedRoot Root CA ECC TLS 2021/O=Atos/C=DE
     /CN=Atos TrustedRoot Root CA RSA TLS 2021/O=Atos/C=DE

   New CA:
   BEIJING CERTIFICATE AUTHORITY
     /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA1
     /C=CN/O=BEIJING CERTIFICATE AUTHORITY/CN=BJCA Global Root CA2

   Two E-Tugra roots were removed due to a breach:
     /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA ECC v3
     /C=TR/L=Ankara/O=E-Tugra EBG A.S./OU=E-Tugra Trust Center/CN=E-Tugra Global Root CA RSA v3
   https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/C-HrP1SEq1A

   Removed expired root:

    [14 lines not shown]
VersionDeltaFile
1.28+399-223lib/libcrypto/cert.pem
+399-2231 files

OpenBSD/src AuamVXasys/netinet tcp_input.c udp_usrreq.c

   Add NULL check before dereferencing inp_seclevel.

   In some cases inp may be NULL, so check that before passing
   inp->inp_seclevel to ipsp_spd_lookup() or ip_output().

   Missed in previous commit.
VersionDeltaFile
1.394+4-3sys/netinet/tcp_input.c
1.308+2-2sys/netinet/udp_usrreq.c
+6-52 files

OpenBSD/src RINs7pPsys/dev/usb usbdevs_data.h usbdevs.h

   Regen
VersionDeltaFile
1.766+9-1sys/dev/usb/usbdevs_data.h
1.772+5-1sys/dev/usb/usbdevs.h
+14-22 files

OpenBSD/src uRxcZYDsys/dev/usb usbdevs

   New devices, support for which is coming soon.
VersionDeltaFile
1.760+5-1sys/dev/usb/usbdevs
+5-11 files

OpenBSD/src SXqBBZwlib/libcrypto cert.pem

   Remove some trailing whitespace

   x509_prn.c r1.6 changed the output of 'openssl -in foo.pem -noout -text'
   by removing trailing whitespace from non-critical certificate extensions.
   Committing the difference now to reduces noise in an upcoming diff.

   There's some trailing whitespace remaining. That's because we try to print
   a BMPString in an User Notice's Explicit Text with "%*s". That doesn't work
   so well with an encoding full of NULs...
VersionDeltaFile
1.27+211-211lib/libcrypto/cert.pem
+211-2111 files

OpenBSD/src vOeuG2xusr.sbin/ypbind ypbind.c

   Add missing error check for yp_get_default_domain()

   Avoids a crash when no default domain is set.

   from hshoexer
   ok deraadt who had the same diff
VersionDeltaFile
1.79+2-3usr.sbin/ypbind/ypbind.c
+2-31 files

OpenBSD/src 5sEiUBQsys/arch/riscv64/dev stfpcie.c

   additonal -> additional
VersionDeltaFile
1.3+2-2sys/arch/riscv64/dev/stfpcie.c
+2-21 files

OpenBSD/src yET0qL3lib/libcrypto/objects obj_dat.c

   Remove silly parentheses
VersionDeltaFile
1.62+3-3lib/libcrypto/objects/obj_dat.c
+3-31 files

OpenBSD/src tTOc8yeusr.bin/rsync rsync.1

   Document -J, --omit-link-times and remove a confusing sentence from
   the -O, --omit-dir-times description.
   OK tb@
VersionDeltaFile
1.35+5-5usr.bin/rsync/rsync.1
+5-51 files

OpenBSD/src op5vKZ8usr.bin/rsync main.c receiver.c

   Implement --omit-link-times / -J based on the --omit-dir-times work
   done by job@.
   OK tb@
VersionDeltaFile
1.71+11-5usr.bin/rsync/main.c
1.32+3-2usr.bin/rsync/receiver.c
1.26+3-1usr.bin/rsync/fargs.c
1.47+2-1usr.bin/rsync/extern.h
+19-94 files

OpenBSD/src R5rvr6gusr.bin/rsync uploader.c

   The uploader tail shortcut to skip dir postprocessing should also check
   if ignore_dir_times is set. In that case preserve_times loses its meaning.
   OK tb@
VersionDeltaFile
1.36+2-3usr.bin/rsync/uploader.c
+2-31 files

OpenBSD/src rtUQX3susr.bin/rsync main.c

   Add --no-O and --no-omit-dir-times options. For some reason the real
   rsync has these options and so should ours. These strange --no-XYZ
   options are undocumented and are there just for compatibility.
   OK tb@ job@
VersionDeltaFile
1.70+3-1usr.bin/rsync/main.c
+3-11 files

OpenBSD/src c2vpUbrusr.sbin/slaacctl slaacctl.8

   interfacename -> interface to match usage and other manuals;  OK florian
VersionDeltaFile
1.7+7-7usr.sbin/slaacctl/slaacctl.8
+7-71 files

OpenBSD/src xP9KGz8lib/libcrypto/x509 x509_vfy.c

   Move the callers X509_STORE_CTX_purpose_inherit() down a bit
VersionDeltaFile
1.127+15-15lib/libcrypto/x509/x509_vfy.c
+15-151 files

OpenBSD/src LNgtqBOsys/dev/acpi pchgpio.c

   support Alder Lake-N and Alder Lake-S

   Alder Lake-N tested by sthen@
   Alder Lake-S tested by Laurence Tratt (on Raptor Lake-S)
   feedback and ok kettenis@
VersionDeltaFile
1.15+79-1sys/dev/acpi/pchgpio.c
+79-11 files

OpenBSD/src JsVtjQjgnu/llvm/lld/ELF Thunks.cpp Symbols.h, gnu/llvm/lld/ELF/Arch AArch64.cpp

   Add arm64 bti pads for range extension thunks.

   Large arm64 binaries like chromium use range extension thunks
   for accessing plt entries. Add bti landing pads for the
   additional indirection.

   upstream commit: 60827df765156cee6cca3dc5049388dde9dac1c0

   ok kettenis@
VersionDeltaFile
1.2+592-157gnu/llvm/lld/ELF/Thunks.cpp
1.6+3-0gnu/llvm/lld/ELF/Symbols.h
1.4+2-1gnu/llvm/lld/ELF/Arch/AArch64.cpp
1.5+1-1gnu/llvm/lld/ELF/Symbols.cpp
+598-1594 files

OpenBSD/src Zuv4zFSsys/netinet ip_spd.c ip_output.c, sys/netinet6 ip6_output.c

   Remove inp parameter from ip_output().

   ip_output() received inp as parameter.  This is only used to lookup
   the IPsec level of the socket.  Reasoning about MP locking is much
   easier if only relevant data is passed around.  Convert ip_output()
   to receive constant inp_seclevel as argument and mark it as protected
   by net lock.

   OK mvs@
VersionDeltaFile
1.119+29-30sys/netinet/ip_spd.c
1.391+7-12sys/netinet/ip_output.c
1.280+7-11sys/netinet6/ip6_output.c
1.141+6-4sys/netinet/tcp_output.c
1.307+3-3sys/netinet/udp_usrreq.c
1.393+3-3sys/netinet/tcp_input.c
+55-638 files not shown
+73-8114 files

OpenBSD/src QdUPyzvgnu/usr.bin/perl regcomp.c, gnu/usr.bin/perl/t/re pat_advanced.t

   Fix read/write past buffer end

   From upstream commit:

   From 7047915eef37fccd93e7cd985c29fe6be54650b6 Mon Sep 17 00:00:00 2001
   From: Karl Williamson <khw at cpan.org>
   Date: Sat, 9 Sep 2023 11:59:09 -0600
   Subject: [PATCH] Fix read/write past buffer end: perl-security#140

   A package name may be specified in a \p{...} regular expression
   construct.  If unspecified, "utf8::" is assumed, which is the package
   all official Unicode properties are in.  By specifying a different
   package, one can create a user-defined property with the same
   unqualified name as a Unicode one.  Such a property is defined by a sub
   whose name begins with "Is" or "In", and if the sub wishes to refer to
   an official Unicode property, it must explicitly specify the "utf8::".
   S_parse_uniprop_string() is used to parse the interior of both \p{} and
   the user-defined sub lines.


    [27 lines not shown]
VersionDeltaFile
1.34+11-6gnu/usr.bin/perl/regcomp.c
1.8+8-0gnu/usr.bin/perl/t/re/pat_advanced.t
+19-62 files

OpenBSD/src g8CbegUbin/pax file_subs.c extern.h

   mark functions as static when they're unused elsewhere, makes the
   code slightly easier to understand.

   okay and tweak kn@
VersionDeltaFile
1.56+11-6bin/pax/file_subs.c
1.61+1-13bin/pax/extern.h
1.106+7-5bin/pax/options.c
1.32+6-3bin/pax/buf_subs.c
1.57+3-2bin/pax/pax.c
1.55+3-2bin/pax/tables.c
+31-316 files

OpenBSD/src KzqLImvsys/dev/fdt rkclock.c rkclock_clocks.h

   Add a few more RK3588 clocks/resets that are reference by newer device
   trees.

   ok dlg@
VersionDeltaFile
1.84+13-1sys/dev/fdt/rkclock.c
1.56+2-0sys/dev/fdt/rkclock_clocks.h
+15-12 files

OpenBSD/src mn0fdfcsys/arch/amd64/amd64 vmm_machdep.c

   vmm(4)/vmx: pass correct vpid value to invvpid.

   While vmm's use of invvpid in the vmx vcpu run loop is questionable
   since we require and use EPT, the vpid value is unquestionably wrong
   in these calls.

   ok mlarkin@
VersionDeltaFile
1.11+3-3sys/arch/amd64/amd64/vmm_machdep.c
+3-31 files

OpenBSD/src xtC3Z5Wsys/dev/pci pcidevs_data.h pcidevs.h

   regen
VersionDeltaFile
1.2046+19-3sys/dev/pci/pcidevs_data.h
1.2051+10-6sys/dev/pci/pcidevs.h
+29-92 files

OpenBSD/src 0eODDCosys/dev/pci pcidevs, sys/dev/pci/drm/i915 i915_devlist.h

   drm/i915/rpl: Update pci ids for RPL P/U

   From Dnyaneshwar Bhadane
   5d5fea7c79a7f7b61a9683784c83d539aca8dafe in mainline linux
VersionDeltaFile
1.2057+10-6sys/dev/pci/pcidevs
1.18+11-3sys/dev/pci/drm/include/drm/i915_pciids.h
1.20+7-3sys/dev/pci/drm/i915/i915_devlist.h
+28-123 files

OpenBSD/src MRNsUThsys/arch/arm64/dev rtkit.c

   Fix oslog support and be more forgiving when we see messages that we don't
   recognize.  Fixes booting with newer firmware (such as the firmware
   currently installed by the Asahi installer).

   ok tobhe@
VersionDeltaFile
1.13+41-14sys/arch/arm64/dev/rtkit.c
+41-141 files

OpenBSD/src 1J5raSQusr.sbin/pkg_add/OpenBSD PkgAdd.pm

   recognize future updatedb tagged packages
VersionDeltaFile
1.148+3-3usr.sbin/pkg_add/OpenBSD/PkgAdd.pm
+3-31 files

OpenBSD/src tuK5uujusr.bin/awk b.c lex.c

   Update awk to the Nov 24, 2023 version.
VersionDeltaFile
1.49+102-32usr.bin/awk/b.c
1.32+10-6usr.bin/awk/lex.c
1.55+13-3usr.bin/awk/FIXES
1.31+9-4usr.bin/awk/awk.h
1.82+3-2usr.bin/awk/run.c
1.66+2-2usr.bin/awk/main.c
+139-496 files

OpenBSD/src MbxFZ5psbin/dhcpleased printconf.c

   whitespace; spotted by kn
VersionDeltaFile
1.6+2-2sbin/dhcpleased/printconf.c
+2-21 files