lint: mention the assignment operator in 'illegal combination'
In source lines that contain both a 'return' statement as well as a
function-like macro, such as the C11 atomics, seeing the word 'init' in
the diagnostic helps to see that the type conflict is not in the
'return' statement but instead in some initializer.
Seen in userspace-rcu/wfcqueue.h:147.
lint: support __attribute__((__mode__(TI)))
This fixes the wrong lint warnings about the shift amount being greater
than the type size in compiler_rt/popcountti2.c.
Pull up following revision(s) (requested by jakllsch in ticket #1936):
sys/dev/dksubr.c: revision 1.115
Prevent leakage of 4 bytes of stack data via return of uninitialized b_error.
Pull up following revision(s) (requested by jakllsch in ticket #1051):
sys/dev/dksubr.c: revision 1.115
Prevent leakage of 4 bytes of stack data via return of uninitialized b_error.
Pull up following revision(s) (requested by sborrill in ticket #1050):
sys/arch/xen/xenbus/xenbus_probe.c: revision 1.61
sys/arch/xen/xenbus/xenbus_probe.c: revision 1.62
cdroms as xbd devices are skipped in PVHVM mode to avoid hangs if they
are not ready, i.e. do not contain an ISO image (that they hang is a bug
that should be fixed in itself). They are instead detected as an emulated
cdX which does deal with not being ready.
This leads to a regression in pure PV mode where xbd devices are hot-plugged
when an ISO is mounted and there are no emulated block devices such as cdX.
The xbd devices never appear and thus ISO images are not accessible.
Revert to pre-10 behaviour on pure PV kernels.
Ignore cdroms only for VM_GUEST_XENPVHVM guests, not for all !XENPV kernels
(we can also have PVH guests with !XENPV kernels)
Pull up following revision(s) (requested by ozaki-r in ticket #1049):
sys/altq/altq_rmclass.h: revision 1.14
altq, cbq: fix TS_ADD_DELTA on ILP32
TS_ADD_DELTA adds a nanosecond value, delta, to a timespec value while
delta is int64_t and tv_nsec is long. delta is guaranteed as positive
in ALTQ/CBQ. However, the original code used delta after casting it
into long. So it could be negative on ILP32 systems. TS_ADD_DELTA
didn't assume that delta was negative and resulting tv_nsec could be
negative unexpectedly.
This issue was likely to occur when bandwidth borrowing was used where
the borrowing class had a absolutely small bandwidth (e.g., less than
10 Mbps) or a relatively small bandwidth (e.g., 10 Mbps when the parent
class had 200 Mbps).
KASSERT has been added to guarantee resulting tv_nsec is always not
[2 lines not shown]
Pull up following revision(s) (requested by tsutsui in ticket #1047):
etc/skel/dot.cshrc: revision 1.10
Set $ENV in the default skel/dot.cshrc as dot.profile for su(1) etc.
Fixes PR/59008.
Pull up following revision(s) (requested by tsutsui in ticket #1048):
sys/arch/macppc/stand/ofwboot/version: revision 1.16
sys/arch/macppc/stand/ofwboot/boot.c: revision 1.32
Tweak bootpath strings in ofwboot for OpenBIOS used on qemu-system-ppc.
Bump version to denote the visible change.
This makes qemu-system-ppc -M mac99 booting from a harddisk image
using ofwboot installed by installboot(8) with /usr/mdec/bootxx:
---
% qemu-system-ppc --version
QEMU emulator version 9.1.2
Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers
% qemu-system-ppc -M mac99 -drive file=NetBSD-10.1-macppc.img,media=disk,format=raw -nographic
> =============================================================
> OpenBIOS 1.1 [Mar 7 2023 22:21]
> Configuration device id QEMU version 1 machine id 1
> CPUs: 1
[32 lines not shown]
Pull up following revision(s) (requested by tsutsui in ticket #1046):
distrib/vax/liveimage/emuimage/Makefile: revision 1.5
distrib/common/bootimage/Makefile.bootimage: revision 1.43
It turns out vax liveimage requires INSTALLBOOT_AFTER_DISKLABEL.
It looks tools disklabel(8) doesn't preserve installed bootblock
on creating a new label. Confirmed on simh.
Remove "(untested)" comment from INSTALLBOOT_AFTER_DISKLABEL.
Also note vax requires it.
Bring in changes from OpenSSH-9.9p2:
Security
========
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
[18 lines not shown]
