sys/tmpfs: use getnanotime() like FFS and MFS
Editing files on tmpfs uses nanotime() to update mtime, and touch uses
utimensat(UTIME_NOW) which uses getnanotime() which is cached and which
can be smaller.
So, sed ... A && touch B leads to mtime(A) > mtime(B) which isn't excted.
"Yep" deraadt@
ML-KEM: ensure that key_768 is only dereferenced with 768-bit keys
This looks like a NULL dereference that should crash, but for some reason
it doesn't, even with -O0 with all compilers i tried. At the very least it
may result in compilers deducing that key_768 != NULL and lead to incorrect
optimizations.
ok claudio jsing kenjiro miod
After the kernel-writes-the-buffer changes to profil(2) a year ago, the
profil(2) call only works for stop/restart of profiling. So pledge no
longer interferes and it is available in "stdio".
Remove pthread rwlocks from vmd(8)'s qcow code.
The users of this code are single threaded today. The locks also
don't look to fully protect key state in qcow images. If/when virtio
block emulation ends up with multiple virtqueues, this will need
to be revisited.
ok mlarkin@, hshoexer@
Provide a crypto_assembly.h internal header.
This will contain defines and macros that we need for assembly code,
without polluting other headers that are primarily used for C code.
For now, this just unconditionally provides _CET_ENDBR on amd64.
ok kenjiro@ tb@
libtls: const workarounds for X509_NAME in OCSP for OpenSSL 4
The API to look up a cert by subject or issuer name clearly only needs to
do name comparisons in a collection of certs so should by all means take a
const X509_NAME * as an argument. However, this isn't all that easy to do
and hence it's only in OpenSSL 4 that this obvious step was reached.
This means that there is no way around casting for older code. One could
cast the return value of X509_get_issuer_name() or the argument passed to
the two lookups by subject. jsing slightly prefers the second approach,
so this is what we do here.
ok djm jsing kenjiro
libtls: simple cases of const for X509_NAME *
After the const sprinkling in OpenSSL 1.1, X509_get_{issuer,subject}_name()
still returned a non-const pointer for unclear reasons. In OpenSSL 4,
the return value also grew a const qualifier, so move the two "name" in
tls_conninfo.c and the "subject_name" in tls_verify.c to const. They are
only used for further processing by already const correct functions (at
least as far as X509_NAME is concerned).
ok djm jsing kenjiro
wcwidth(3): fix return value for L'\0'
wcwidth(3) doesn't return the correct result for the NUL wide character.
Fix this by special casing the check for this value.
Interestingly our man page documents this special case explicitly, but it
looks like the function was broken in rev 1.2 from 2011 when support for
non-printable characters was added.
Flagged by Sortix os-test.
ok stsp@
catgets(3): set errno when a message isn't found as per POSIX.
The same change was made by NetBSD in rev 1.13 in 1998.
Flagged by Sortix os-test.
ok guenther@
Fix unveil in NFS daemon.
With process accouting, nfsd(8) complains about unveil(2) violations.
It happens during daemon(3) in the child process. Instead of
unveiling / and /dev/null, move unveil(2) after daemon(3).
OK deraadt@
after a report from 'K r' on bugs that the manual page section rfc868 '-o'
option has incorrect dates, let's recognize that this is no longer a good
way to get time information and only the ntp interface is needed.
ok sthen florian henning
Make pthread_mutex_destroy() not error out for mutexes that were initalized
with PTHREAD_MUTEX_INITIALIZER but not used.
Unify handling of mutexp == NULL in both version of pthread_mutex_destroy()
and ensure that *mutexp == NULL is not considered an error.
Problem found by tb@ with rpki-client.
OK kettenis@ tb@
