OpenBSD/src DH4BMeEregress/usr.bin/ssh dropbear-server.sh

   Test all mutually supported algorithms, using dropbear's new -Q option
   to query its algorithms where possible.
VersionDeltaFile
1.3+178-26regress/usr.bin/ssh/dropbear-server.sh
+178-261 files

OpenBSD/src eGSr2Piusr.bin/tmux screen-write.c tty.c

   Bring in the single-cell redraw parts for floating panes.
VersionDeltaFile
1.254+81-17usr.bin/tmux/screen-write.c
1.465+2-9usr.bin/tmux/tty.c
1.125+6-5usr.bin/tmux/screen-redraw.c
+89-313 files

OpenBSD/src CfywYacusr.bin/tmux tty-draw.c

   Do not adjust end position when removing partial padding, it does not
   change.
VersionDeltaFile
1.10+1-2usr.bin/tmux/tty-draw.c
+1-21 files

OpenBSD/src YoFr276sbin/unwind/libunbound/iterator iter_priv.c, sbin/unwind/libunbound/services localzone.c authzone.c

   merge changes from unbound 1.25.1, ok florian
VersionDeltaFile
1.25+3,510-3,477sbin/unwind/libunbound/util/configlexer.c
1.17+105-74sbin/unwind/libunbound/services/localzone.c
1.3+167-1sbin/unwind/libunbound/iterator/iter_priv.c
1.24+107-43sbin/unwind/libunbound/services/authzone.c
1.24+95-49sbin/unwind/libunbound/services/mesh.c
1.17+85-33sbin/unwind/libunbound/services/cache/dns.c
+4,069-3,67756 files not shown
+5,305-3,99962 files

OpenBSD/src 4s9Zit8usr.bin/tmux screen-write.c

   Check visible ranges when copying screens.
VersionDeltaFile
1.253+17-11usr.bin/tmux/screen-write.c
+17-111 files

OpenBSD/src MPwFPP9usr.bin/tmux window.c tmux.h

   Add an accessor function needed for floating panes.
VersionDeltaFile
1.324+13-1usr.bin/tmux/window.c
1.1327+2-1usr.bin/tmux/tmux.h
+15-22 files

OpenBSD/src Gh130fNusr.bin/tmux tty.c options-table.c

   Add window-pane-status-format options and adjust the default second
   status line to show panes, also change how window-style is checked now
   it is a pane option.
VersionDeltaFile
1.464+31-30usr.bin/tmux/tty.c
1.212+18-3usr.bin/tmux/options-table.c
1.1058+16-2usr.bin/tmux/tmux.1
1.124+7-11usr.bin/tmux/screen-redraw.c
+72-464 files

OpenBSD/src QMW97R4usr.bin/tmux screen-write.c

   Floating panes clearing bits.
VersionDeltaFile
1.252+166-16usr.bin/tmux/screen-write.c
+166-161 files

OpenBSD/src C1l2JMKsys/dev/ic nvme.c nvmevar.h, sys/dev/pci nvme_pci.c

   use I/O submission queue entry size reported by controller

   On the Apple T2 NVMe, 128-byte submission queue entries on I/O
   queues are required instead of the standard 64 bytes.

   ok jmatthew
VersionDeltaFile
1.127+18-7sys/dev/ic/nvme.c
1.14+3-2sys/dev/pci/nvme_pci.c
1.33+2-1sys/dev/ic/nvmevar.h
+23-103 files

OpenBSD/src t84FHj6usr.bin/ssh/ssh-agent Makefile, usr.bin/ssh/sshd Makefile

   Use the new RELINK feature in bsd.prog.mk to build the relink kits.
VersionDeltaFile
1.44+2-22usr.bin/ssh/ssh-agent/Makefile
1.4+2-22usr.bin/ssh/sshd-auth/Makefile
1.7+2-22usr.bin/ssh/sshd-session/Makefile
1.114+2-22usr.bin/ssh/sshd/Makefile
+8-884 files

OpenBSD/src 0EzneBqusr.sbin/rpki-client x509.c

   rpki-client: use sentinel idiom for timegm(3) error check

   We currently fail on ASN.1 times before the epoch. There is nothing wrong
   in principle with those. Both UTCTime and GeneralizedTimes can represent
   such times and we should be able to accept them.

   Modern OpenSSL and LibreSSL ensure in ASN1_TIME_to_tm() that the times are
   well formed according to the DER, so this call is really only a translation
   step.

   ok claudio deraadt
VersionDeltaFile
1.132+3-2usr.sbin/rpki-client/x509.c
+3-21 files

OpenBSD/src 9EU1fFIusr.bin/ssh misc.c

   ssh: use sentinel idiom for timegm(3) and mktime(3)

   There is nothing wrong with times before the epoch, even -1, so use the
   idiom recently added to the CAVEATS section to figure out whether there
   was an error in the timegm() or mktime() calls.

   We should sweep the tree for this. If anyone is bored, feel free to beat
   me to it...

   ok deraadt djm
VersionDeltaFile
1.214+5-3usr.bin/ssh/misc.c
+5-31 files

OpenBSD/src hQLceBXshare/mk bsd.prog.mk

   A new variable (RELINK) makes rules for creating a relink tar file and
   installing it in the correct place.  The variable needs to be a test
   command which verifies the re-linked binary works correctly, which
   requires it to exit(0).
   This 1-liner will replace the large adhoc relink tarfile production
   in the Makefiles of various relinked programs.
VersionDeltaFile
1.85+24-1share/mk/bsd.prog.mk
+24-11 files

OpenBSD/src PdxRyLyusr.bin/tmux screen-redraw.c tmux.h

   Cache border and active border style separately, fixes problem reported
   by Marcel Partap in GitHub issue 5125.
VersionDeltaFile
1.123+29-26usr.bin/tmux/screen-redraw.c
1.1326+3-1usr.bin/tmux/tmux.h
+32-272 files

OpenBSD/src 2KK1vRXusr.bin/tmux screen-redraw.c

   Remove reference to an option that hasn't been added yet.
VersionDeltaFile
1.122+13-17usr.bin/tmux/screen-redraw.c
+13-171 files

OpenBSD/src U4JpKAhsys/dev/pci/drm/amd/amdgpu atom.c

   add back the local #undef DEBUG lost with last drm update
   reported by Jan Schreiber
VersionDeltaFile
1.2+4-0sys/dev/pci/drm/amd/amdgpu/atom.c
+4-01 files

OpenBSD/src NRTiAYOusr.sbin/bgpd kroute.c rde_rib.c

   Sync the nexthop comperators in rde_rib.c and kroute.c

   While nexthop_cmp() already looked for the scope_id for link-local IPv6
   nexthops, knexthop_compare() did not.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.314+15-11usr.sbin/bgpd/kroute.c
1.298+6-6usr.sbin/bgpd/rde_rib.c
+21-172 files

OpenBSD/src mmgZppfusr.bin/tmux screen-write.c tty.c

   Bring in some more floating panes changes - obscured panes need to be
   handled specially in screen_write_* rather than dropping into the client
   redraw (tty.c).
VersionDeltaFile
1.251+184-77usr.bin/tmux/screen-write.c
1.463+9-9usr.bin/tmux/tty.c
+193-862 files

OpenBSD/src WNqADiYusr.sbin/bgpctl mrtparser.c

   Add some extra checks to the mrtparser

   Fail if the mrt message length is larger than MRT_MAX_LEN (1MB).
   No message should have such a large size.
   Ensure the dump callback is never called with a mrt peer table
   that is NULL.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.24+25-25usr.sbin/bgpctl/mrtparser.c
+25-251 files

OpenBSD/src nf1OhqYusr.sbin/rpki-client rsync.c

   Add an explict "--" argument for portable.

   GNU libc getopt allows options out of order with other arguments
   so force getopt to stop option parsing using "--".
   OK tb@
VersionDeltaFile
1.62+2-1usr.sbin/rpki-client/rsync.c
+2-11 files

OpenBSD/src VqWeSdJusr.sbin/bgplgd bgplgd.c

   Add a "--" argv to the execvp of bgpctl for portable.

   GNU libc has this stupid behaviour of allowing options in any order
   and so one needs to terminate the option parsing to be sure none of
   the later user supplied arguments could be interpreted as an option.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.5+2-1usr.sbin/bgplgd/bgplgd.c
+2-11 files

OpenBSD/src 3RlBDhOusr.sbin/bgplgd slowcgi.c

   Don't fail hard on version mismatch and ignore extra end-of-params messages.

   Replace the lerrx on version mismatch with a lwarnx and error return.
   Switch to ssize_t return for that so that slowcgi_request() can properly
   fail when this happens.

   Also do not execute multiple bgplgd commands when extra end-of-params
   messages are received. Once a command is executed fail to start a 2nd
   one.

   Reported by Frank Denis
   OK tb@
VersionDeltaFile
1.9+14-7usr.sbin/bgplgd/slowcgi.c
+14-71 files

OpenBSD/src douaM8Uusr.sbin/bgpd rde_community.c

   Improve handling of unknown extended communities

   Ext communities are split over the 3 data fields of struct community.
   All ext communities put the first 2 bytes (type and subtype) into data3.
   For EXT_COMMUNITY_TRANS_IPV4 and EXT_COMMUNITY_TRANS_FOUR_AS a 2-4-2 split
   is used. All other types use a 2-2-4 split this should include all unknown
   types. So add default cases into the various switch statements to make this
   happen.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.26+5-2usr.sbin/bgpd/rde_community.c
+5-21 files

OpenBSD/src IzxgO8Husr.sbin/bgpd mrt.c

   Increase the MRT attribute buffer to MAX_EXT_PKTSIZE so it works in all cases.

   Dumping messages from peers with extended message capability would fail
   since the MRT code was still limited to the old 4096byte size.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.136+4-4usr.sbin/bgpd/mrt.c
+4-41 files

OpenBSD/src csKnHRqusr.sbin/bgpd parse.y

   Fix use-after-free problems in parse.y

   In error cases using YYERROR data is freed but the global pointer is not
   reset (to NULL or in the case of curpeer to curgroup). On YYERROR yacc
   still moves on and so any rules using e.g. curpeer do a use-after-free.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.501+6-1usr.sbin/bgpd/parse.y
+6-11 files

OpenBSD/src Fa7t1BOusr.sbin/bgpd rde_rib.c

   Move pt_unref() after the RB_REMOVE() call in rib_remove() to
   prevent use-after-free.

   rib_remove calls pt_unref() before the RB_REMOVE() call which also uses
   re_rib(). re_rib() evaluates re->prefix but pt_unref() could free the
   prefix if the refcount drops to 0.

   Reported by 7Asecurity
   OK tb@
VersionDeltaFile
1.297+3-3usr.sbin/bgpd/rde_rib.c
+3-31 files

OpenBSD/src EjNVoPxusr.bin/tmux sort.c

   fix sort_get_clients() indentation; ok nicm@
VersionDeltaFile
1.6+6-6usr.bin/tmux/sort.c
+6-61 files

OpenBSD/src FLoKJzvusr.bin/tmux window.c

   Check error result correctly (*cause not cause), pointed out by jsg.
VersionDeltaFile
1.323+2-2usr.bin/tmux/window.c
+2-21 files

OpenBSD/src iQqWIxQdistrib/sets/lists/man mi

   sync
VersionDeltaFile
1.1771+1-0distrib/sets/lists/man/mi
+1-01 files

OpenBSD/src x2sxek7usr.bin/newsyslog newsyslog.c newsyslog.8

   newsyslog: add glob(3) support for logfile names

   Allow glob patterns in the logfile_name field of newsyslog.conf(5),
   so that entries like /var/log/app/*.log are expanded at parse time.

   From Alvar Penning, feedback and OK jan@
VersionDeltaFile
1.121+143-47usr.bin/newsyslog/newsyslog.c
1.57+6-2usr.bin/newsyslog/newsyslog.8
+149-492 files