243,128 commits found in 44 milliseconds
switch nfs_getreq() to nfsd_adv()
from miod@ ok jsg@
This round of commits was prompted by a double-free report
from Andrew Griffiths at Calif.
server nfs request mbuf pointers were stored in two structs:
nmi_mrep in struct nfsm_info
nd_mrep in struct nfsrv_descript
but only set to NULL after m_freem() in nmi_mrep
This problem is avoided by removing the use of struct nfsm_info
in the server paths and passing struct nfsrv_descript to
new versions of the nfsm functions.
remove use of struct nfsm_info in nfs_serv.c (the non-trivial part)
with and ok miod@
remove use of struct nfsm_info in nfs_serv.c
with and ok miod@
convert nfs_serv.c from nfsm_mtouio() to nfsd_mtouio()
with and ok miod@
convert nfs_serv.c from nfsm_strsiz() to nfsd_strsiz()
with and ok miod@
convert nfs_socket.c from nfsm_dissect() to nfsd_dissect()
with and ok miod@
convert nfs_serv.c from nfsm_dissect() to nfsd_dissect()
with and ok miod@
remove nfsm_info argument from nfsm_srvmtofh1()
with and ok miod@
remove nfsm_info argument from nfsm_reply()
callers all set info.nmi_mreq = NULL
with and ok miod@
make nfsm_srvnamesiz() take an nfsrv_descript argument
with and ok miod@
make nfsm_srvmtofh2() take an nfsrv_descript argument
with and ok miod@
make nfsm_srvsattr() take an nfsrv_descript argument
with and ok miod@
add nfsrv_descript versions of nfsm functions
ok miod@
remove nmi_mb from struct nfsm_info
ok miod@
make nfsm_srvmtofh1() take an mbuf argument
ok miod@
make nfsm_srvwcc() take an mbuf argument
ok miod@
make nfsm_fhtom() take an mbuf argument
ok miod@
make nfsm_srvpostop_fh() take an mbuf argument
ok miod@
make nfsm_srvpostop_attr() take an mbuf argument
ok miod@
make nfsm_reply() take an mbuf argument
ok miod@
make nfsm_strtom() take an mbuf argument
ok miod@
Upstream patch for buffer overflow in 32-bit perl
* CVE-2026-8376
https://lists.security.metacpan.org/cve-announce/msg/40396161/
Perl versions through 5.43.10 have a heap buffer overflow when
compiling regular expressions with a repeated fixed string on 32-bit
builds
OpenBSD /src znydDs5 — gnu/usr.bin/perl/cpan/IO-Compress/bin zipdetails, gnu/usr.bin/perl/cpan/IO-Compress/lib/File GlobMapper.pm Upstream patches for IO-Compress perl dist
* CVE-2026-48961
https://lists.security.metacpan.org/cve-announce/msg/40434383/
IO::Compress versions from 2.207 before 2.220 for Perl ship a
zipdetails CLI tool that crashes with undefined subroutine on
Info-ZIP Unix Extra Field with 8-byte UID or GID
* CVE-2026-48962
https://lists.security.metacpan.org/cve-announce/msg/40434385/
IO::Compress versions before 2.220 for Perl can execute arbitrary
code in File::GlobMapper via an attacker-controlled output glob
* CVE-2025-15649
https://lists.security.metacpan.org/cve-announce/msg/40434380/
IO::Uncompress::Unzip versions before 2.215 for Perl propagate
uncaught exception when parsing zip header with malformed DOS date
* CVE-2026-48959
[3 lines not shown ] Upstream patch for HTTP-Tiny perl dist
* CVE-2026-7010
https://lists.security.metacpan.org/cve-announce/msg/39952806/
HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in
HTTP request lines or control field header values
OpenBSD /src 5kDjAsg — gnu/usr.bin/perl/cpan/Archive-Tar/lib/Archive Tar.pm, gnu/usr.bin/perl/cpan/Archive-Tar/t 04_resolved_issues.t Upstream patches for Archive-Tar perl dist
* CVE-2026-42496
https://lists.security.metacpan.org/cve-announce/msg/40396459/
Archive::Tar versions before 3.08 for Perl extract symlinks with
attacker controlled targets outside the extraction directory
* CVE-2026-42497
https://lists.security.metacpan.org/cve-announce/msg/40396457/
Archive::Tar versions before 3.08 for Perl extract hardlinks to
attacker controlled paths outside the extraction directory
* CVE-2026-9538
https://lists.security.metacpan.org/cve-announce/msg/40396448/
Archive::Tar versions before 3.10 for Perl allow memory exhaustion
via attacker controlled entry size field in tar header
Fix mouse events on tiled pane status line - when panes share a border,
prefer the pane for which the border is the status line. With Dane
Jensen.
Fix squash-groups skipping every session, GitHub issue 5180 from Bryce
Miller.
Allow ACLs to use groups as well as users, GitHub issue 4917.
Add a relative time option for time formatting, GitHub issue 5009.
Add a -h flag to choose-tree and choose-client to hide the pane
containing the mode, intended for use with floating panes. From Michael
Grant, GitHub issue 5177.