OpenBSD/src jYukIByetc rpc services

   Add entries used by CDE (ports/x11/cde) to make it easier to run it
   out of the box.

   ok sthen@ claudio@ deraadt@
VersionDeltaFile
1.7+3-1etc/rpc
1.110+2-1etc/services
+5-22 files

OpenBSD/src i9CVgAfsys/netinet ip_input.c ip_var.h, sys/netinet6 ip6_input.c in6_proto.c

   Unlock ip6_sysctl().

   Use temporary local buffer for lockless IO within ip6_sysctl_soiikey().
   Use existing `sysctl_lock' rwlock(9) to protect `ip6_soiikey'. Also,
   replace temporary `ip_sysctl_lock' with `sysctl_lock' rwlock(9). It was
   introduced as temporary to avoid recursive lock acquisition in
   ip*_sysctl() until upcoming unlocked. The usage paths are not the hot
   paths, no reason to have dedicated locks for them.

   ok bluhm
VersionDeltaFile
1.294+18-5sys/netinet6/ip6_input.c
1.425+3-6sys/netinet/ip_input.c
1.123+1-5sys/netinet/ip_var.h
1.246+3-1sys/sys/sysctl.h
1.149+2-1sys/netinet6/in6_proto.c
+27-185 files

OpenBSD/src OrrEfTiusr.sbin/rpki-client rpki-client.8 main.c

   Use two threads for validation

   OK tb@ claudio@
VersionDeltaFile
1.126+3-3usr.sbin/rpki-client/rpki-client.8
1.286+2-2usr.sbin/rpki-client/main.c
+5-52 files

OpenBSD/src aoUvHKUlib/libcrypto/cms cms_sd.c, lib/libcrypto/pkcs7 pk7_attr.c

   Rework PKCS7_simple_smimecap()

   This is nearly identical to CMS_add_simple_smimecap(). We can reuse
   its doc comment mutatis mutandis and use the same construction.

   Maybe this wants deduplicating. Maybe not.

   ok kenjiro
VersionDeltaFile
1.22+33-26lib/libcrypto/pkcs7/pk7_attr.c
1.36+3-1lib/libcrypto/cms/cms_sd.c
+36-272 files

OpenBSD/src J5SkoMWlib/libcrypto/pkcs7 pk7_attr.c

   Rework PKCS7_add1_attrib_digest()

   There's nothing really wrong here (at least when compared to the rest of
   this file an hour or so ago), but we can make this look somewhat more like
   code. That there's no bug here is not really related to the fact that it's
   an add1 function, not an add0 one. In fact, it's kind of surprising that
   the author had an uncharacteristic moment of lucidity and remembered to
   free the last argument passed to PKCS7_add_signed_attribute() on failure.

   ok kenjiro
VersionDeltaFile
1.21+18-12lib/libcrypto/pkcs7/pk7_attr.c
+18-121 files

OpenBSD/src ifwmFhplib/libcrypto/pkcs7 pk7_attr.c

   Rewrite PKCS7_get_smimecap() to use d2i_X509_ALGORS()

   Since we finally found a use for i2d_X509_ALGORS(), make use of its
   sibling here. This avoids some ridiculous contortions in not quite
   peak muppet code (obviously this was a first test run for the grand
   finale in CMS).

   ok kenjiro
VersionDeltaFile
1.20+9-6lib/libcrypto/pkcs7/pk7_attr.c
+9-61 files

OpenBSD/src B91EKqslib/libcrypto/pkcs7 pk7_attr.c, lib/libcrypto/ts ts_rsp_sign.c

   Plug leaks due to misuse of PKCS7_add_signed_attribute()

   set0/add0 functions that can fail are the worst. Without fail this trips
   up both users and authors (by and large these are two identical groups
   consisting of a single person), resulting in leaks and double frees.

   In today's episode of spelunking in the gruesome gore provided by the
   PKCS#7 and Time-Stamp protocol "implementations", we fix a couple of
   leaks in PKCS7_add_attrib_smimecap() and ESS_add_signing_cert().

   We do so by recalling that there is i2d_X509_ALGORS(), so we might
   as well put it to use instead of inlining it poorly (aka, without
   error checking). Normalize said error checking and ensure ownership
   is handled correctly in the usual single-exit idiom.

   ESS_add_signing_cert() can also make use of proper i2d handling, so
   it's simpler and correct and in the end looks pretty much the same
   as PKCS7_add_attrib_smimecap().

   ok kenjiro
VersionDeltaFile
1.37+22-18lib/libcrypto/ts/ts_rsp_sign.c
1.19+30-8lib/libcrypto/pkcs7/pk7_attr.c
+52-262 files

OpenBSD/src eYxmp17usr.bin/vi/common cut.c line.c, usr.bin/vi/ex ex_shift.c ex_bang.c

   Fix crash with expandtab and running external commands.

   Fix from Jerry Fletcher, OK job@
VersionDeltaFile
1.11+7-3usr.bin/vi/ex/ex_shift.c
1.18+6-1usr.bin/vi/common/cut.c
1.13+3-3usr.bin/vi/ex/ex_bang.c
1.17+3-3usr.bin/vi/common/line.c
+19-104 files

OpenBSD/src TPZ96bIusr.sbin/smtpd smtpd.c

   ensure some strings are actually sent to the parent process

   some imsgs messages to the parent are not allowed to send an empty
   string.  if it happens, fatal() instead of possibly crashing later
   on trying to process those strings.

   diff from gilles@, committing on his behalf.
   ok millert@
VersionDeltaFile
1.357+10-1usr.sbin/smtpd/smtpd.c
+10-11 files

OpenBSD/src lTo1UACgnu/usr.bin/gcc/gcc/config/m88k m88k.c

   PIC code which needs to load data from the GOT and thus has code to setup
   r25 for that purpose in the function prologue, needs to mark r1 as needing
   to be saved, as the GOT setup relies on a local branch and a pc-relative
   relocation.

   The comment was correct, the code wasn't - and this was hidden by another bug,
   soon to be removed.
VersionDeltaFile
1.40+1-0gnu/usr.bin/gcc/gcc/config/m88k/m88k.c
+1-01 files

OpenBSD/src TZEX24Egnu/usr.bin/gcc/gcc/config/m88k m88k.c

   Remove the last unsafe use of XINT in the m88k backend.
VersionDeltaFile
1.39+1-1gnu/usr.bin/gcc/gcc/config/m88k/m88k.c
+1-11 files

OpenBSD/src q9KcnmUusr.bin/ssh ssh-pkcs11-client.c

   Plug leak in case where sigp is passed as NULL.  Coverity CID 483725,
   ok djm@
VersionDeltaFile
1.24+2-1usr.bin/ssh/ssh-pkcs11-client.c
+2-11 files

OpenBSD/src O5EmzVmusr.bin/ssh ssh-pkcs11.c ssh-pkcs11-helper.c

   unbreak WITH_OPENSSL=no builds, also allowing ed25519 keys to be
   used via PKCS#11 when OpenSSH is built without libcrypto.
VersionDeltaFile
1.69+20-13usr.bin/ssh/ssh-pkcs11.c
1.29+1-20usr.bin/ssh/ssh-pkcs11-helper.c
1.100+3-4usr.bin/ssh/Makefile.inc
1.9+1-5usr.bin/ssh/ssh-pkcs11.h
+25-424 files

OpenBSD/src cTMPbIZusr.bin/ssh ssh-pkcs11.c

   fix variable name in disabled code
VersionDeltaFile
1.68+3-3usr.bin/ssh/ssh-pkcs11.c
+3-31 files

OpenBSD/src BIkjAAksys/arch/m88k/conf files.m88k, sys/arch/m88k/m88k in_cksum.c

   Remove local in{,4}_cksum routines and use the MI routines instead. The
   MI routines unroll more aggressively for large mbufs and are thus faster.

   Be sure to rm in_cksum.d from the compile directory before rebuilding the
   kernel.
VersionDeltaFile
1.33+4-2sys/arch/m88k/conf/files.m88k
1.6+1-1sys/arch/m88k/m88k/in_cksum.c
+5-32 files

OpenBSD/src QQA0LzMregress/usr.bin/mandoc/roff/esc Makefile

   Revert previous.
   With help from gbranden@, the defective commit causing the regression was
   found much more quickly than anticipated, and i drafted a patch than can
   be used in our upcoming groff-1.23.0 port and that can be pushed upstream,
   so SKIP_GROFF is no longer needed for the A1 and w tests.
   See https://savannah.gnu.org/bugs/index.php?67372 .
VersionDeltaFile
1.25+1-8regress/usr.bin/mandoc/roff/esc/Makefile
+1-81 files

OpenBSD/src AaJyr2Vlib/libcrypto/curve25519 curve25519.c

   curve25519.c: zap trailing whitespace introduced in previous
VersionDeltaFile
1.18+2-2lib/libcrypto/curve25519/curve25519.c
+2-21 files

OpenBSD/src NknxqcEregress/usr.bin/mandoc/roff/esc Makefile

   mark tests affected by groff-1.23 \A and \w regressions with SKIP_GROFF for now
VersionDeltaFile
1.24+8-1regress/usr.bin/mandoc/roff/esc/Makefile
+8-11 files

OpenBSD/src ErYVvfuregress/usr.bin/mandoc/roff/de Makefile

   Mark the Dd_opt test with SKIP_GROFF for now because groff-1.23.0 changed
   behaviour with respect to groff-1.22.4.  This is closely related to the
   other .Dd regressions, so it is not yet clear whether mandoc(1) behaviour
   should be changed.
VersionDeltaFile
1.16+9-2regress/usr.bin/mandoc/roff/de/Makefile
+9-21 files

OpenBSD/src mebvrOqshare/man/man9 cond_init.9

   tweak previous: fix an obvious typo in a function name
VersionDeltaFile
1.5+3-3share/man/man9/cond_init.9
+3-31 files

OpenBSD/src Zqx0m1Fsys/dev/pci/drm/amd/display/dc/clk_mgr/dcn401 dcn401_clk_mgr.c

   drm/amd/display: Free memory allocation

   From Clayton King
   084eb54b820f737652a0f35ccae67a579b69b0c8 in linux-6.12.y/6.12.40
   b2ee9fa0fe6416e16c532f61b909c79b5d4ed282 in mainline linux
VersionDeltaFile
1.3+2-1sys/dev/pci/drm/amd/display/dc/clk_mgr/dcn401/dcn401_clk_mgr.c
+2-11 files

OpenBSD/src 2QFFPQ2sys/dev/pci/drm/amd/display/amdgpu_dm amdgpu_dm_crtc.c

   drm/amd/display: Disable CRTC degamma LUT for DCN401

   From Melissa Wen
   74162dda80e7dacffa9642d113fbfdecac01fe79 in linux-6.12.y/6.12.40
   97a0f2b5f4d4afcec34376e4428e157ce95efa71 in mainline linux
VersionDeltaFile
1.10+10-1sys/dev/pci/drm/amd/display/amdgpu_dm/amdgpu_dm_crtc.c
+10-11 files

OpenBSD/src bbkvLqNsys/dev/pci/drm/amd/amdgpu amdgpu_ring.c

   drm/amdgpu: Increase reset counter only on success

   From Lijo Lazar
   62f2a58a4cb087f7e06472ae915826485b2dd596 in linux-6.12.y/6.12.40
   86790e300d8b7bbadaad5024e308c52f1222128f in mainline linux
VersionDeltaFile
1.12+7-2sys/dev/pci/drm/amd/amdgpu/amdgpu_ring.c
+7-21 files

OpenBSD/src O7luHnosys/dev/pci/drm/amd/amdgpu gfx_v8_0.c

   drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume

   From Eeli Haapalainen
   228ad2ab5b333596ec58bdf925c0bdc8f68365e1 in linux-6.12.y/6.12.40
   83261934015c434fabb980a3e613b01d9976e877 in mainline linux
VersionDeltaFile
1.10+1-0sys/dev/pci/drm/amd/amdgpu/gfx_v8_0.c
+1-01 files

OpenBSD/src 76BkwhVsys/kern kern_timeout.c kern_smr.c, sys/net ifq.c

   use cond_signal_handler instead of having little wrappers for cond_signal.

   ok tb@
VersionDeltaFile
1.112+2-11sys/kern/kern_timeout.c
1.62+2-11sys/net/ifq.c
1.18+2-10sys/kern/kern_smr.c
+6-323 files

OpenBSD/src SvsuLcwshare/man/man9 cond_init.9

   cond_signal_handler
VersionDeltaFile
1.4+23-5share/man/man9/cond_init.9
+23-51 files

OpenBSD/src tVr7Io4sys/kern kern_synch.c, sys/sys systm.h

   add void cond_signal_handler(void *), for use with tasks, timeouts, etc.

   based on a discussion with tb@ about function pointers and casts.
   ok tb@
VersionDeltaFile
1.177+8-2sys/sys/systm.h
1.230+4-2sys/kern/kern_synch.c
+12-42 files

OpenBSD/src fTNhjCxlib/libcrypto/pkcs7 pk7_attr.c

   PKCS7_add0_attrib_signing_time: tweak comment
VersionDeltaFile
1.18+2-2lib/libcrypto/pkcs7/pk7_attr.c
+2-21 files

OpenBSD/src cKBQhFpusr.sbin/installboot efi_bootmgr.c

   Remove htole64() calls on GPT data.  GPT is little-endian as
   are all current OpenBSD architectures using UEFI booting.

   In the unlikely event that BE architectures using UEFI
   booting ever materialize this will be one of many things
   that need attention.

   Suggested by kettenis@ in response to my original diff.
VersionDeltaFile
1.6+3-3usr.sbin/installboot/efi_bootmgr.c
+3-31 files

OpenBSD/src 5GmD7Xslib/libcrypto/man PKCS7_add_attribute.3

   Below STANDARDS, reference the two most relevant sections of RFC 5652.

   Given that RFC 5652 does not override the earlier (and simpler)
   standards but instead strives to remain compatible, referencing
   both the original and the latest versions seems helpful.

   OK tb@
VersionDeltaFile
1.6+6-2lib/libcrypto/man/PKCS7_add_attribute.3
+6-21 files