Replace overlay_ranges with visible_ranges which can hold more than
three ranges (will be needed for floating panes); move the visible
ranges checks outside of tty_draw_line and rewrite it to fix issues with
partially-obscured wide characters. With Michael Grant.
bn_const: add RFC 7919 primes
There is no intention to expose these via public API or to use them in TLS.
For now these will only be used for short-circuiting pointless expensive
computations in DH_check().
ok beck
Scapy special for DH_check()
The latest release of Scapy calls DH_check() on all the well-known
Diffie-Hellman parameters for RFCs 2409, 3526, and 7919. It does this
via pyca/cryptography at startup. Every single time. This is obviously
very expensive, due to our 64 MR rounds (which are complete overkill
now that we have BPSW). Instead of pondering the ideal number of rounds
for BPSW with FFDH, simply skip the check if the parameter matches a
well-known prime. These are known to be safe primes, so we can skip
those super-expensive and pointless checks without any risk.
This is only done for the public dh->p parameter. It could be further
optimized, but with the follow-up commit adding the RFC 7919 primes this
reduces the startup time to what it was before Scapy 2.7.0: < 1s.
Reverting from 64 MR rounds to BN_check_primes rounds, we would still
have ~8s startup time without this optimization, which isn't great for
an interactive tool.
[11 lines not shown]
bn regress: add test that double checks the RFC 2409 and 3526 primes
Also has code to check the RFC 7919 primes and run DH_check() once that
knows about these.
Make it clear that DenyUsers/DenyGroups overrides AllowUsers/AllowGroups.
Previously we specified the order in which the directives are
processed but it was ambiguous as to what happened if both matched.
OK djm@
Adds basic implementation of the low-level FUSE API.
This is sufficient to compile and run lowntfs-3g.
In this patch the low and high-level APIs are independent. The next
patch will modify the high-level API to make use of the low-level API
so that there is no longer any code duplication.
The libfuse changes are mostly additions and should be self-explanatory.
There are also some kernel changes required, which are:
- A fusefs dir vnode now keeps a reference to its parent vnode so that ".." is
resolves in fusefs_lookup rather than sending the lookup request to the FUSE
file system. This is consistent with Linux.
- Added sanity checks for the attributes returned from FBT_GETATTR. These
belong in the kernel and not in libfuse.
- fusefs_readdir needed some tweaking to handle full buffers.
- Set the vnode type from the attributes returned from FBT_MKDIR and
FBT_MKNOD.
[6 lines not shown]
wycheproof regress: wycheproof-testvectors was renamed to wycheproof
Installed packages will update and pkg_add wycheproof-testvectors will
continue to work.
libsndio: Increase the length of display strings and control names
Fixes truncated uaudio(4) device names. As we're at it, increase other
strings and add padding in the sioctl_desc structure, for future use.
libsndio: Add the new sio_onxrun(3) function to report underruns
libsndio recovers after underruns, so in most cases they should just
be ignored. However there are cases where a program may use an external
audio clock (ex. an RTP stream) and resample to make the local audio
rate match the remote rate to keep the latency constant. To do so, the
program must measure continuously the clock drift and calculate the
resampling ratio. Upon underrun, such programs must restart the
measurements, hence the need for this new interface.
ok armani
ML-KEM: improve the EncapsTest
New testvectors want some more detailed handling, which brings these
Wycheproof encapsulation tests about on par with our existing tests.
ML-KEM: don't treat API failure as test failure for invalid test cases
An update to the test vectors adds tests which verifies that the API
correctly rejects some inputs.
Revert the rest of commit 1.3.1 and revert commit 1.3.8
This reverts both of these commits in the current tree.
this will be follwed up with changes to re-add the atomic
operations on uvmexp.paging
ok claudio@, kettenis@, (possibly deraadt@?)
In ssh(1), don't try to match certificates held in an agent to
private keys.
This matching is done to support certificates that were
loaded without their private key material, but is unnecessary for
agent-hosted certificate which always have private key material
loaded in the agent. Worse, this matching would mess up the
request sent to the agent in such a way as to break usage of these
keys when the key usage was restricted in the agent.
Patch from Thibault Cools via bz3752, ok dtucker@
If editline has been switched to vi mode (i.e. via "bind -v" in .editrc),
setup a keybinding so that command mode can be entered. Diff originally
from Walter Alejandro Iglesias with tweaks. Feedback from Crystal Kolipe.
ok djm
Revert revision 1.379
Rewrite m_getuio() to better align data in the mbufs
...
Allowing m_getuio() to use m_clget() with sizes up to MAXMCLBYTES (64k)
puts too much pressure on the pmemrange allocator. Right now the
physical pages for mbufs need to be in a single contiguous segment. On
top of this pool multiplies the size by 8 and in pool headers may add an
additional alignment restriction on pysical memory on __HAVE_PMAP_DIRECT
archs. For 64k clusters half a megabyte of contiguous physical memory is
needed, for 12k clusters the use of in page headers result in a 128k
allocation on a 128k boundary (so in the worst case a 252k area is needed).
Both of those requests cause issues on landisk. With 64MB of RAM there is
little room and after some time the physical memory is so fragmented that
the allocations for such large contiguous segements fail. Even dropping
the buffercache to its minimum and paging out all pageable memory does
not help to recover.
[2 lines not shown]
drm/amdkfd: Fix improper NULL termination of queue restore SMI event string
From Brian Kocoloski
47206d70d1fba05470a2bd00ae3d66d27487c195 in linux-6.12.y/6.12.66
969faea4e9d01787c58bab4d945f7ad82dad222d in mainline linux
