OpenBSD/src bhGldkssys/dev/pci/bktr bktr_core.c bktr_audio.c

   bktr(4): tsleep(9) -> tsleep_nsec(9)

   ok deraadt@

OpenBSD/src nWQ5I7Dusr.bin/ssh myproposal.h

   sort sk-* methods behind their plain key methods cousins for now
VersionDeltaFile
1.64+5-5usr.bin/ssh/myproposal.h
+5-51 files

OpenBSD/src EmntKXGregress/usr.bin/ssh test-exec.sh keytype.sh

   test security key host keys in addition to user keys

OpenBSD/src 0f33YIjusr.bin/ssh servconf.c

   don't treat HostKeyAgent=none as a path either; avoids spurious
   warnings from the cfgparse regress test
VersionDeltaFile
1.357+2-1usr.bin/ssh/servconf.c
+2-11 files

OpenBSD/src TeXZOU5usr.bin/ssh servconf.c

   do not attempt to find an absolute path for sshd_config
   SecurityKeyProvider=internal - unbreaks cfgparse regress test
VersionDeltaFile
1.356+13-2usr.bin/ssh/servconf.c
+13-21 files

OpenBSD/src JxHa527usr.sbin/ripd message.c

   Clear r_list if the interface is passive. Additionaly move the check
   for passive interface a bit further up so that the function can return
   earlier.

   Memory leak observed and reported by Jason Tubnor.

   OK benno@
VersionDeltaFile
1.15+14-10usr.sbin/ripd/message.c
+14-101 files

OpenBSD/src kfyN31vusr.bin/ssh ssh-keyscan.c

   allow ssh-keyscan to find security key hostkeys
VersionDeltaFile
1.131+21-3usr.bin/ssh/ssh-keyscan.c
+21-31 files

OpenBSD/src xvULCbsregress/usr.bin/ssh/misc/kexfuzz Makefile

   adapt to ssh-sk-client change

OpenBSD/src lc8XrfCusr.bin/ssh sshd.c myproposal.h

   allow security keys to act as host keys as well as user keys.

   Previously we didn't do this because we didn't want to expose
   the attack surface presented by USB and FIDO protocol handling,
   but now that this is insulated behind ssh-sk-helper there is
   less risk.

   ok markus@

OpenBSD/src 0LkRAWqsbin/unwind resolver.c

   Make this fit in 80 cols.
VersionDeltaFile
1.115+5-3sbin/unwind/resolver.c
+5-31 files

OpenBSD/src HA6qvLtsbin/slaacd slaacd.c

   semarie diagnosed a what appeared to be a 'large backwards memcpy' of an
   ipv6 address, but was actually oversize (a large union).  correct access
   to the right subfield.
   ok florian semarie
VersionDeltaFile
1.46+3-3sbin/slaacd/slaacd.c
+3-31 files

OpenBSD/src pOhRT19usr.sbin/vmctl vmctl.c

   Explicitly print root user in status OWNER column

   With "owner root:wheel" (any group) the status output prints ":wheel" only,
   presumably to emphasize that only group membership matters.

   Always print whatever is configured to be explicit and less confusing.

   OK jasper
VersionDeltaFile
1.73+1-3usr.sbin/vmctl/vmctl.c
+1-31 files

OpenBSD/src ANc5928sbin/unwind resolver.c

   Allow more outgoing ports, the default 16 is pretty tight for the
   recursor. Also change strategy to not fetch addresses of nameservers
   pro-actively, it does not help a lot in typical unwind setups and
   consumes resources we would like to spend on actual resolving user
   queries.  ok florian@
VersionDeltaFile
1.114+4-2sbin/unwind/resolver.c
+4-21 files

OpenBSD/src lwqA11Wsys/net if_aggr.c

   Add a missing unlock.

   Spotted by Hrvoje Popovski using witness(4)
   OK dlg@
VersionDeltaFile
1.26+2-1sys/net/if_aggr.c
+2-11 files

OpenBSD/src UNfRXw3sbin/unwind resolver.c, sbin/unwind/libunbound/util alloc.c

   Be less aggressive pre-allocating memory; ok florian@

OpenBSD/src ya6azYIregress/lib/libcrypto/wycheproof wycheproof.go

   whitespace from go fmt + update a comment

OpenBSD/src HMAoFrusys/dev/fdt rkpcie.c

   rkpcie: Add support for gen2 negotiation
   * Enable gen2 link training when the dtb is configured with
     max-link-speed = <2>;
   * Workaround a rockchip bug where Target Link Speed is not set when
     PCIE_CLIENT_PCIE_GEN_SEL_2 is configured
   * Wait for LTSSM L0 state after initial link training to ensure gen2
     link training does not start too early

   okay kettenis@
VersionDeltaFile
1.9+80-13sys/dev/fdt/rkpcie.c
+80-131 files

OpenBSD/src azAMYDusbin/unwind resolver.c

   Simplify resolve_done.
   - check if this is an answer to a still running query up front,
     if not there is nothing more to do
   - get rid of the retry case, we can now just inline it
   - reduce indent by always calculating elapsed time for DOUBT_NXDOMAIN_SEC
   Triggered by, input and OK otto
VersionDeltaFile
1.112+50-63sbin/unwind/resolver.c
+50-631 files

OpenBSD/src r7r4xbUusr.sbin/smtpd mail.mboxfile.c

   failing fsync() with EINVAL should not cause a TempFail in mboxfile,
   it means the file was most likely a device not supporting fsync() so
   we can't do much and retrying isn't going to help.
VersionDeltaFile
1.4+1-1usr.sbin/smtpd/mail.mboxfile.c
+1-11 files

OpenBSD/src RYHVwZZusr.sbin/smtpd lka_filter.c parse.y

   introduce a bypass keyword so that builtin filters can bypass processing of
   a phase when a condition is met

   suggested by several people including jung@, ok jung@

OpenBSD/src NAfvZOrusr.sbin/radiusd radiusd_bsdauth.c

   Strip out the optional login style before looking up user in passwd.
   Reported by Dennis Lindroos.  OK tb@
VersionDeltaFile
1.14+2-1usr.sbin/radiusd/radiusd_bsdauth.c
+2-11 files

OpenBSD/src s7NDTgJlibexec/login_passwd login.c

   Return BI_SILENT not BI_AUTH if the challenge service is requested.
   This bug was introduced in the login_passwd rewrite back in 2001.
   From Tom Longshine.
VersionDeltaFile
1.20+2-2libexec/login_passwd/login.c
+2-21 files

OpenBSD/src yT6GMzVsys/dev/pci eso.c

   Add sizes for free() in eso(4).

   OK tedu@
VersionDeltaFile
1.45+3-3sys/dev/pci/eso.c
+3-31 files

OpenBSD/src xI6mNcCsys/dev/pci eap.c

   Add sizes for free() in eap(4).

   OK tedu@
VersionDeltaFile
1.57+3-3sys/dev/pci/eap.c
+3-31 files

OpenBSD/src R3uy83dsys/dev/pci auixp.c

   Add sizes for free() in auixp(4).

   OK tedu@
VersionDeltaFile
1.41+4-4sys/dev/pci/auixp.c
+4-41 files

OpenBSD/src UtlAwz5sys/dev/pci auglx.c

   Add sizes for free() in auglx(4).

   OK tedu@
VersionDeltaFile
1.17+3-3sys/dev/pci/auglx.c
+3-31 files

OpenBSD/src V3NG0rXsys/dev/pci auacer.c

   Add sizes for free() in auacer(4).

   OK tedu@
VersionDeltaFile
1.22+3-3sys/dev/pci/auacer.c
+3-31 files

OpenBSD/src Hh1NGXlsbin/unwind resolver.c

   No use to create resolvers we know are going to be dead; ok florian@
VersionDeltaFile
1.111+7-1sbin/unwind/resolver.c
+7-11 files

OpenBSD/src DYl1Kjbsys/dev/acpi acpivout.c

   Revert previous.  When we get an ACPI notification we already have the
   ACPI lock and when we call our own ws_[gs]et_param functions we cannot
   take the lock again, because it's non-recursive.  Thus we need to find
   another way, like not taking the lock if we already have it.  But the
   solutions need to be discussed first, so back it out in the meantime.
VersionDeltaFile
1.16+19-35sys/dev/acpi/acpivout.c
+19-351 files

OpenBSD/src 6wgoTaSetc/examples vm.conf

   Fix comment: vmctl command options come before arguments
VersionDeltaFile
1.9+2-2etc/examples/vm.conf
+2-21 files

OpenBSD/src tzAvgqeregress/lib/libcrypto/wycheproof wycheproof.go

   Run Wycheproof HMAC test vectors against libcrypto.

OpenBSD/src G4h1ATMlib/libcrypto/man HMAC.3

   Fix documented signatures of HMAC(3) and HMAC_Update(3). The n and len
   arguments were changed from int to size_t with the import of OpenSSL 0.9.8h
   in 2008.
VersionDeltaFile
1.16+4-4lib/libcrypto/man/HMAC.3
+4-41 files

OpenBSD/src DqEow8Uetc/etc.amd64 MAKEDEV, etc/etc.arm64 MAKEDEV

   sync

OpenBSD/src kkmX7aBetc MAKEDEV.common

   usb devices nodes have been excesively permissive.
   repair that.
VersionDeltaFile
1.105+5-5etc/MAKEDEV.common
+5-51 files

OpenBSD/src zHCTdbudistrib/sets/lists/comp mi, distrib/sets/lists/man mi

   sync
VersionDeltaFile
1.1550+0-1distrib/sets/lists/man/mi
1.1484+0-1distrib/sets/lists/comp/mi
+0-22 files

OpenBSD/src a0Qu7JVetc/etc.amd64 MAKEDEV, etc/etc.i386 MAKEDEV

   sync

OpenBSD/src pqb2z6ietc MAKEDEV.common, etc/etc.amd64 MAKEDEV.md

   gpr(4) goes away

OpenBSD/src YUfikiqshare/man/man4 pcmcia.4 Makefile, sys/arch/amd64/amd64 conf.c

   noone has gpr(4) devices.

OpenBSD/src Q9PrvaOusr.bin/ssh ssh-sk-client.c

   actually commit the ssh-sk-helper client code; ok markus
VersionDeltaFile
1.1+323-0usr.bin/ssh/ssh-sk-client.c
+323-01 files

OpenBSD/src 3ehXprjusr.sbin/smtpd smtpd.conf.5

   fix DKIM example

   mistake spotted by jmc@
VersionDeltaFile
1.241+2-2usr.sbin/smtpd/smtpd.conf.5
+2-21 files

OpenBSD/src a6sH5qCusr.bin/ssh ssh-sk-helper.c sshkey.h, usr.bin/ssh/ssh-keygen Makefile

   perform security key enrollment via ssh-sk-helper too. This means
   that ssh-keygen no longer needs to link against ssh-sk-helper,
   and only ssh-sk-helper needs libfido2 and /dev/uhid* access;

   feedback & ok markus@

OpenBSD/src 3sH07Egusr.bin/ssh sshbuf-getput-basic.c

   allow sshbuf_put_stringb(buf, NULL); ok markus@
VersionDeltaFile
1.10+4-1usr.bin/ssh/sshbuf-getput-basic.c
+4-11 files

OpenBSD/src 31GrIyCusr.bin/ssh ssh-agent.c sshkey.c, usr.bin/ssh/ssh Makefile

   use ssh-sk-helper for all security key signing operations

   This extracts and refactors the client interface for ssh-sk-helper
   from ssh-agent and generalises it for use by the other programs.
   This means that most OpenSSH tools no longer need to link against
   libfido2 or directly interact with /dev/uhid*

   requested by, feedback and ok markus@

OpenBSD/src mxQHr23usr.sbin/smtpd smtpd-filters.7

   occuring -> occurring

   spotted by jmc@
VersionDeltaFile
1.3+2-2usr.sbin/smtpd/smtpd-filters.7
+2-21 files

OpenBSD/src 3JY7p6Vusr.sbin/smtpd smtpd.conf.5

   trim previous; ok gilles
VersionDeltaFile
1.240+5-8usr.sbin/smtpd/smtpd.conf.5
+5-81 files

OpenBSD/src aOWH8KFsbin/unwind resolver.c

   Don't try dead resolvers; ok florian@
VersionDeltaFile
1.110+3-2sbin/unwind/resolver.c
+3-21 files

OpenBSD/src vYruVKisbin/unwind resolver.c

   print type as type and not as rcode
VersionDeltaFile
1.109+2-2sbin/unwind/resolver.c
+2-21 files

OpenBSD/src 6O9DWRVsbin/unwind Makefile, sbin/unwind/libunbound/util alloc.c

   Revert two files committed by accident

OpenBSD/src 76M5x8Usbin/unwind frontend.c resolver.c, sbin/unwind/libunbound/util alloc.c

   Avoid leaks by using the _buf versions of sldns_wire2str_* functions.
   Also add some consistentcy checking to detect logic errors. ok @florian

OpenBSD/src MapcDKGusr.sbin/bgpd rde.c

   In rde_dispatch_imsg_session() reorder the case blocks a bit so they
   group better together.
VersionDeltaFile
1.492+8-8usr.sbin/bgpd/rde.c
+8-81 files