OpenBSD/src iplyV3esys/arch/sparc64/conf files.sparc64, sys/lib/libkern clzdi2.c

   sys/sparc64: add __clzdi2 implementation for clang build

   OK: deraadt@, claudio@
VersionDeltaFile
1.1+15-0sys/lib/libkern/clzdi2.c
1.157+2-1sys/arch/sparc64/conf/files.sparc64
+17-12 files

OpenBSD/src MENWEE1usr.bin/tmux status.c window-customize.c

   Fix MOVE flag handling and remove key code (not actually needed).
VersionDeltaFile
1.266+38-33usr.bin/tmux/status.c
1.24+6-6usr.bin/tmux/window-customize.c
1.82+4-4usr.bin/tmux/window-tree.c
1.89+3-3usr.bin/tmux/mode-tree.c
1.73+3-3usr.bin/tmux/cmd-command-prompt.c
1.60+3-3usr.bin/tmux/cmd-confirm-before.c
+57-521 files not shown
+59-557 files

OpenBSD/src KnFiLYpetc/examples bgpd.conf

   Add route leak prevention (ASPA & RFC 9234) to the bgpd.conf example

   The local node's own "role" (in relation to the other side) needs to be
   specified to make ASPA work. Specifying the role also activates the very
   convenient RFC 9234-based route leak prevention.

   ASPA & RFC 9234 are complimentary mechanisms. ASPA uses the RPKI to help
   identify implausible AS_PATHs. RFC 9234 uses an in-band signal (the OTC
   attribute) to help form appropriate route propagation cones.

   Just a handful of simple config lines make bgpd do carrier-grade filtering!

   OK claudio@
VersionDeltaFile
1.27+5-2etc/examples/bgpd.conf
+5-21 files

OpenBSD/src kh0VjeVusr.bin/tmux mode-tree.c tmux.h

   Turn off preview if no draw callback and add a function to move to top.
VersionDeltaFile
1.88+11-3usr.bin/tmux/mode-tree.c
1.1366+2-1usr.bin/tmux/tmux.h
+13-42 files

OpenBSD/src pPmzNmhusr.bin/tmux status.c cmd-command-prompt.c

   Use flags for input callback instead of a single int done so the
   callback can be told about cursor movement in an incremental prompt.
VersionDeltaFile
1.265+32-20usr.bin/tmux/status.c
1.72+7-8usr.bin/tmux/cmd-command-prompt.c
1.23+6-6usr.bin/tmux/window-customize.c
1.81+4-4usr.bin/tmux/window-tree.c
1.1365+5-2usr.bin/tmux/tmux.h
1.87+3-3usr.bin/tmux/mode-tree.c
+57-431 files not shown
+60-467 files

OpenBSD/src P4XbWUwsys/kern kern_prot.c

   sys_getlogin_r: Restore ERANGE behavior

   Do not silently truncate the buffer, but let copyoutstr() enforce the
   user-visible namelen size limit. That restores ERANGE.

   ok mvs@
VersionDeltaFile
1.87+2-2sys/kern/kern_prot.c
+2-21 files

OpenBSD/src 5E9Q77Clib/libc/gen nlist.c

   N_EXT is supposed to be a flag that indicates global/external symbols.
   Also make sure that we add it to the type instead of overriding it.
   This makes pstat -d work for static kernel variables.

   ok deraadt@, jca@
VersionDeltaFile
1.73+3-3lib/libc/gen/nlist.c
+3-31 files

OpenBSD/src Vygtyn4sys/netinet ip_mroute.c

   Remove global variable from multicast routing.

   Global variable struct sockaddr_in sin is used to pre-initialize
   length and family.  Changing sin_addr dynamically does not work in
   a multiprocessor environment.  Allocate and initialize sin on the
   stack.

   OK claudio@
VersionDeltaFile
1.152+4-3sys/netinet/ip_mroute.c
+4-31 files

OpenBSD/src mNShWlnsys/net if_var.h, sys/netinet ip_mroute.c

   Avoid C casts in multicast code by using correct type.

   Instead of using caddr_t for if_mcast and if_mcast6 in struct ifnet,
   use the correct pointer type for struct vif and mif6.  This allows
   to remove many casts in multicast routing code.

   OK florian@
VersionDeltaFile
1.157+14-13sys/netinet6/ip6_mroute.c
1.151+12-12sys/netinet/ip_mroute.c
1.149+3-3sys/net/if_var.h
+29-283 files

OpenBSD/src DY4q7zLusr.sbin/bgpd util.c

   Limit log_aspa() to MAX_ASPA_SPAS_COUNT elements more is verboten!

   Kills a gcc4 warning on sparc64 since the previous check was always false.
   OK tb@
VersionDeltaFile
1.103+2-2usr.sbin/bgpd/util.c
+2-21 files

OpenBSD/src lVe4lUEusr.sbin/bgpd rde_attr.c

   Silence gcc4 warning by setting nseg = 0. The dependency on newseg == 0,
   which can only happen when nseg is also set, is to intranspatent for the
   compiler to see through.
   OK tb@
VersionDeltaFile
1.148+2-2usr.sbin/bgpd/rde_attr.c
+2-21 files

OpenBSD/src Rbm4t2Xsys/dev/pci if_ix.c

   ix(4): remove redundant code

   paylen is already calculated in ether_extract_headers().

   ok bluhm@
VersionDeltaFile
1.228+6-13sys/dev/pci/if_ix.c
+6-131 files

OpenBSD/src Fanhd5rlib/libc/asr res_send_async.c

   _asr_make_fqdn() indicates error by returning 0; from Andrew Griffiths

   OK deraadt
VersionDeltaFile
1.44+2-2lib/libc/asr/res_send_async.c
+2-21 files

OpenBSD/src 9Wnjoz5lib/libc/asr getrrsetbyname_async.c

   ttl is u_int32_t; from Andrew Griffiths

   OK deraadt
VersionDeltaFile
1.16+3-3lib/libc/asr/getrrsetbyname_async.c
+3-31 files

OpenBSD/src 3UlJynllib/libc/asr getrrsetbyname.c

   Avoid a bunch of useless checks, free(NULL) is valid.

   While here, use a counter of type unsigned int, which is the same type
   as rri_nrdatas in our termination condition. (In practice there can't
   be more than 65k RRSets).

   Andrew Griffiths pointed out that we'd leak memory if rri_rdatas or
   rri_sigs are sparsely populated. In practice this will not happen but
   it made me look.

   OK deraadt
VersionDeltaFile
1.7+5-12lib/libc/asr/getrrsetbyname.c
+5-121 files

OpenBSD/src jbE3RoHlib/libc/asr getnameinfo_async.c

   Check for IPv6 scope truncation in getnameinfo(3); from Andrew Griffiths

   OK deraadt
VersionDeltaFile
1.16+5-2lib/libc/asr/getnameinfo_async.c
+5-21 files

OpenBSD/src KDD82LClib/libc/asr asr.c

   Nothing to do if we get a zero length buffer; from Andrew Griffiths

   OK deraadt
VersionDeltaFile
1.71+4-1lib/libc/asr/asr.c
+4-11 files

OpenBSD/src lEHxYHksys/netinet6 ip6_output.c ip6_var.h

   Remove IPv6 source routing from output path.

   Routing header type 0 has been deprecated by RFC 5095 and we do not
   support any other type.  While OpenBSD blocks routing header in pf
   and during the input path, IPv6 output still allowed the user to
   generate them.

   Remove the code to set IPV6_RTHDR with setsockopt(2) and return
   "Protocol not available" error instead.  Also delete the code in
   ip6_output() to insert the routing header.

   Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from
   Tsinghua University using the GLM model from Z.ai.
   reported that a regular user could attach deprecated routing header.

   OK claudio@ florian@
VersionDeltaFile
1.305+5-105sys/netinet6/ip6_output.c
1.130+3-14sys/netinet6/ip6_var.h
1.130+2-2sys/netinet6/ip6_forward.c
+10-1213 files

OpenBSD/src XixhY9uusr.sbin/bgpd chash.c

   Use ffs and slots &= slots - 1 to walk over the slots in a way to only
   look at matches. Kills another branch in the hot path and reduces the
   loop form 7 to the number of hits (which is close to 1).

   On systems without native ffs instruction this can be a tiny bit slower
   but modern systems have native ffs and there the speedup can be noticable.
   Even systems without ffs benefit on lookup misses since the loop is skipped.

   Based on a diff from Rango (kombucha at mm.st)
   OK tb@
VersionDeltaFile
1.15+35-35usr.sbin/bgpd/chash.c
+35-351 files

OpenBSD/src stkeyyIsys/dev/pci if_iavf.c if_ice.c, sys/kern uipc_mbuf.c

   Allocate mbufs in high memory if only 64 bit DMA interfaces exist.

   Mbufs on amd64 were allocated below 4 GB so that devices not capable
   of 64 bit DMA can access the memory.  Interface drivers use
   BUS_DMA_64BIT to allow the DMA layer doing 64 bit transfers.  Now
   flag interfaces with IFXF_MBUF_64BIT that are capable of 64 bit DMA
   on all their mbuf rings.

   If only such interfaces exist in the system during amd64 boot,
   allocate mbufs and mbuf clusters also in high memory.  Other
   architectures may be limited to 32 bit memory anyway or use an
   IOMMU.  On riscv64 or arm64 busses may exists that support less
   than 64 bit, this will be handled later.

   Hotplug devices that do not support 64 bit DMA will use bounce
   buffering.  By changing the flags in device drivers we can force
   bounce buffering and find missing calls to bus_dmamap_sync().

   OK kettenis@ deraadt@
VersionDeltaFile
1.306+30-1sys/kern/uipc_mbuf.c
1.160+6-1sys/uvm/uvm_km.c
1.270+3-2sys/sys/mbuf.h
1.29+2-2sys/dev/pci/if_iavf.c
1.69+2-2sys/dev/pci/if_ice.c
1.32+2-2sys/dev/pci/if_igc.c
+45-1011 files not shown
+69-2817 files

OpenBSD/src DeoY3E1sbin/isakmpd udp_encap.c

   isakmpd: Do not leak transport in error paths of udp_encap_handle_message()

   This is simiar to what we do in udp_handle_message() in udp.c.

   ok markus
VersionDeltaFile
1.25+10-5sbin/isakmpd/udp_encap.c
+10-51 files

OpenBSD/src E6vMantsbin/isakmpd ipsec.c

   isakmpd: Enforce per-type ID payload size in ipsec_validate_id_information()

   ok markus@
VersionDeltaFile
1.159+11-1sbin/isakmpd/ipsec.c
+11-11 files

OpenBSD/src zBd0Bbxsbin/isakmpd ike_phase_1.c

   isakmpd: Bound check ID-payload memcmp()

   Make sure the ID supplied by the peer is the size anticipated from
   the configuration.  Only apply memcmp() if the size matches.
   Otherwise, reject the ID right away.

   ok markus@
VersionDeltaFile
1.80+4-2sbin/isakmpd/ike_phase_1.c
+4-21 files

OpenBSD/src BIy49xpsbin/isakmpd ike_phase_1.c policy.c

   isakmpd: Bound check decode_* in policy_callback() and attribute_unacceptable()

   Before decoding 16-bit or 32-bit TLV values, verify that the provided
   values have proper minimum size.

   ok markus@
VersionDeltaFile
1.79+7-1sbin/isakmpd/ike_phase_1.c
1.104+6-1sbin/isakmpd/policy.c
+13-22 files

OpenBSD/src CyFU6Hqsbin/isakmpd ipsec.c

   isakmpd: Bound check decode_16() in ipsec_decode_attribute()

   Before decoding a 16 bit TLV value verify that the provided value
   is at least 16 bit in size.

   The LIFE_DURATION attributes will already be validated individually,
   so just pass them on.

   ok markus@
VersionDeltaFile
1.158+11-1sbin/isakmpd/ipsec.c
+11-11 files

OpenBSD/src nedMwewlib/libc/string strstr.c

   Fix misleading comment in strstr(3)

   From upstream musl:
   https://git.musl-libc.org/cgit/musl/commit?id=c53e9b239418eb3e0e8be256abd0f6ad7608bbcf

   OK tb@
VersionDeltaFile
1.11+1-1lib/libc/string/strstr.c
+1-11 files

OpenBSD/src pQbFCfnlib/libc/string memmem.c strstr.c

   Avoid shift overflow in memmem(3) and strstr(3)

   Fix from upstream musl:
   https://git.musl-libc.org/cgit/musl/commit?id=593caa456309714402ca4cb77c3770f4c24da9da

   OK tb@
VersionDeltaFile
1.6+5-5lib/libc/string/memmem.c
1.10+5-5lib/libc/string/strstr.c
+10-102 files

OpenBSD/src FGmNRxysbin/isakmpd ipsec.c

   isakmpd: Bound check decode_16() in ipsec_is_attribute_incompatible()

   Before decoding a 16 bit TLV value verify that the provided value
   is at least 16 bit in size.

   ok markus@
VersionDeltaFile
1.157+6-2sbin/isakmpd/ipsec.c
+6-21 files

OpenBSD/src 0k7I4Ztusr.sbin/bgpd chash.c Makefile

   Implement ch_meta_locate() using some bit tricks to avoid branches and loops.

   ch_haszero() first sets the high bit for every byte in lookup that is 0
   and then uses a multiplaction plus shift to compact this bits into the
   output.

   Also use a multiplication with 0x0101010101010101 instead of the memset().
   Modern compilers produce the same code but older ones produce a bit simpler
   code this way.

   Based on a diff from Rango (kombucha at mm.st)
   OK tb@
VersionDeltaFile
1.14+29-12usr.sbin/bgpd/chash.c
1.47+2-1usr.sbin/bgpd/Makefile
+31-132 files

OpenBSD/src VemJKDesbin/isakmpd exchange.c

   isakmpd: Only call sa_isakmp_upgrade() when ISAKMP SAs actually exist

   Informational and transactional exchanges do not have ISAKMP SAs.
   Therefore only upgrade ISAKMP SAs when these actually exist.

   ok markus@
VersionDeltaFile
1.144+3-2sbin/isakmpd/exchange.c
+3-21 files