You can not use ibuf_add_n32 for an signed 32bit type.
ibuf_add_nXY() and ibuf_add_hXY() pass values as uint64_t so the sign
extension of a negative 32bit value will cause an overflow check to trigger.
The relative metric field can be negative and so this will trigger this
error. Use ibuf_add() instead, which is more what this should use anyway.
Found the hard way by sthen@ who also debugged it.
OK tb@ sthen@
libz: sync with userland, ok bluhm deraadt
Two new diffs to upstream in sys/:
1. Remove the new '#warning zlib not thread-safe': amd64 boot blocks
are compiled with -Werror and this warning breaks the build. Since
there are no threads in the boot blocks this warning (for ZLB-01-004)
is irrelevant to OpenBSD.
2. In the kernel, compress.c is compiled without NULL in scope which
breaks due to newly added NULL checks in compress2_z(), so I
added an #include <sys/_null.h> under the existing #ifdef _KERNEL
in zutil.h. Not sure if sys/param.h or something else is preferred.
Update to zlib 1.3.2
This is a minor library bump since it adds six *_z functions that take
size_t instead of uLong (this only really matters for Windows).
The non-blocking device support added quite a bit of churn and so did
the deck chair shuffling for ZLB-01-004, in particular moving the
BUILDFIXED tables around.
See the additions to the ChangeLog for more details.
ok bluhm deraadt
crank libc major to reduce issues if users update from 7.8 and then have
to backout (as I had to do and ran into this). discussed with tb@ deraadt@
If you move from 7.8 to -current and run into problems and need to go
back to 7.8, you'll still have a libc.so.102.2 using syscalls that
weren't available in a 7.8 kernel. If it's the same major and higher
minor it'll be used in preference by the 7.8 binaries so anything
using __pledge_open will fail, bad system call, until you figure it
out, boot single-user, remove the newer libc and reboot/ldconfig.
If libc is bumped, users that were on 7.8 or a snap before pledge
changes before they updated, who then need to backout, won't have that
problem.
switch PF queue bandwidths from u_int to uint64_t, from Andy Lemin
earlier version ok sashan@, changes since then: drop the change to the
manual, and reorder struct
ok tb@
Implement imsg_send_config and imsg_recv_config which handle the
sending of bgpd_config.
struct bgpd_config includes various pointers and those should not be passed.
Instead use an zeroed stack object and copy_config() to ensure that all
pointers are NULL before passing the struct.
Also implement imsg_recv_config() which does the reverse.
Reported by Shibo, Shawn, Hugo, Systopia Team
OK tb@
pledge(2): access() and open() are no longer special for pledge
Reflects kern_pledge.c r1.346 and r1.348.
Also in open(2): Document when __pledge_open appeared and add a missing word.
ok deraadt
openssl speed: add benchmarking support for ML-KEM
Add support for benchmarking ML-KEM key encapsulation mechanisms to
openssl speed. The following operations are measured:
- key generation
- encapsulation
- decapsulation
Two parameter sets are supported:
mlkem768
mlkem1024
The benchmark can be invoked using the following options:
mlkem run all ML-KEM benchmarks
mlkem768 run ML-KEM-768 benchmarks
mlkem1024 run ML-KEM-1024 benchmarks
[6 lines not shown]
sync with Mozilla root CA store, ok tb@
- remove CommScope CA (they requested it themselves;
https://bugzilla.mozilla.org/show_bug.cgi?id=1994866)
- add new cert:
/C=HU/L=Budapest/O=Microsec Ltd./2.5.4.97=VATHU-23584497/CN=e-Szigno TLS Root CA 2023
/dev/null is no longer implicitly permitted by some pledges, so explicitly
unveil it. fixes calendar -a. ok deraadt
calendar also needs to unveil cpp / sendmail, I forgot to make install
when I was testing :( from James J. Lippard
sendmail/cpp only need "x" no "rx" unveil; ok deraadt
from sthen@
this is errata/7.7/029_calendar.patch.sig
/dev/null is no longer implicitly permitted by some pledges, so explicitly
unveil it. fixes calendar -a. ok deraadt
calendar also needs to unveil cpp / sendmail, I forgot to make install
when I was testing :( from James J. Lippard
sendmail/cpp only need "x" no "rx" unveil; ok deraadt
from sthen@
this is errata/7.8/023_calendar.patch.sig
Update libexpat to version 2.7.5.
Relevant for OpenBSD are security fixes #1158 #1161 #1162 #1163,
other changes #1156 #1153. Library bump is not necessary.
CVE-2026-32776CVE-2026-32777CVE-2026-32778
tested and OK tb@
libcrypto: prefix EC_KEY methods with ec_key_
We received reports that the too generic internal ecdsa_{sign,verify}()
symbol names clash in some static links. The naming here is annoying
because the EC_KEY_METHOD amalgamated the no longer existing ECDH and
ECDSA methods which themselves had poorly chosen method names, still
reflected in public API.
There are various messes here. The ECDSA verify methods are declared
in ec_local.h, whereas the ECDSA sign methods are in ecdsa_local.h
(which is itself pretty useless and really only about EC_KEY_METHOD).
I therefore merged the ECDSA method declarations into ec_local.h and
deleted ecdsa_local.h since I see no real benefit to the latter.
ecdsa.c needs ec_local.h anyway. Having the method declarations next
to EC_KEY_METHOD seems sensible. I left the order as it was, matching
ecdsa.c. The eckey_compute_pubkey() prototype should probably be moved
down.
With one exception I just added an ec_key_ prefix. This leads to a
[10 lines not shown]
rework the way we reconsturct the object file order for syspatches
this change drops the exclude regex and just simply checks if the
object files are actually available and then constucts a response
file which we pass for linking and this seems to be good enough
to have reproducible make build output (which is what we want here)
ok tb@
