BSD Commit Log Search

   Inherit the DMA tag from the device itself and only override what
   is necessary.  Whether a device is DMA coherent or not depends on
   the device, the SMMU does not influence DMA coherency attributes.
   I assume we have been lucky so far that our machines that have an
   SMMUv2 usually have devices with DMA coherency.  On the RK3588
   this is not the case, and us always adding the COHERENT flag makes
   devices fail to work when used with smmu(4) enabled.

   ok kettenis@

   Assert that `wire_count' doesn't wrap around.

   Remove unhelpful XXXs in comments.

   Add prompt-command-cursor-style, from Joshua Cooper in GitHub issue 4765.

   With status-keys vi, move the cursor left by one when pressing Escape to
   enter command mode, like vi. GitHub issue 4767 from Joshua Cooper.

   Add {current}/{active} for -t for current window or active pane, from
   Manuel Einfalt in GitHub issue 4766.

   correctly quote wildcard host certificate principal name, lest it
   expand to an unrelated filename in the working directory

   return 0 in void function; spotted by clang -Wextra

   regression tests for certificates with empty principals sections
   (which are now unconditionally refused) and for certificates with
   wildcard principals (which should only be accepted in host certs)

   When certificate support was added to OpenSSH, certificates were
   originally specified to represent any principal if the principals
   list was empty.

   This was, in retrospect, a mistake as it created a fail-open
   situation if a CA could be convinced to accidentally sign a
   certificate with no principals. This actually happened in a 3rd-
   party CA product (CVE-2024-7594).

   Somewhat fortunately, the main pathway for using certificates in
   sshd (TrustedUserCAKeys) never supported empty-principals
   certificates, so the blast radius of such mistakes was
   substantially reduced.

   This change removes this footcannon and requires all certificates
   include principals sections. It also fixes interpretation of
   wildcard principals, and properly enables them for host
   certificates only.


    [4 lines not shown]

   don't try to test webauthn signatures.
   Nothing in OpenSSH generates these (yet)

   Don't misuse the sftp limits extension's open-handles field.
   This value is supposed to be the number of handles a server will allow
   to be opened and not a number of outstanding read/write requests
   that can be sent during an upload/download.

   ok markus@

   add a "ssh -O channels user at host" multiplexing command to get a
   running mux process to show information about what channels are
   currently open; ok dtucker@ markus@

   X509_NAME_ENTRY_set_data: remove redundant parentheses

   X509_NAME_ENTRY_set_data(): garbage collect unnecessary i

   Garbage collect V_ASN1_APP_CHOOSE

   ok kenjiro

   Stop documenting V_ASN1_APP_CHOOSE quirk

   ok kenjiro

   X509_NAME_ENTRY_set_data: remove V_ASN1_APP_CHOOSE quirk

   This is the last remaining actual use of ASN1_PRINTABLE_type(), which will
   go away in the next major bump.

   ok kenjiro

   stack: switch data from char ** to void **

   ok jsing kenjiro

   conf_api: remove CONF_DEBUG and disabling of assert()

   The only thing CONF_DEBUG has done in ages is defining NDEBUG in a file
   that does not contain a single assert. Kill it.

   ok jsing kenjiro

   ftp: fix http_time() to use "GMT", not "UTC", per RFC 9110

   ok claudio

   relayd: fix relay_http_time() to emit GMT times again

   The HTTP standard RFC 9110 requires GMT, in HTTP-date. We used to do this
   until a recent modification to localtime.c changed GMT to UTC.

   sync from httpd

   Reimplement ASN1_PRINTABLE_type() dance in ca.c

   In ca.c, there is some minimal validation of strings in the subject of
   a certificate. ASN1_PRINTABLE_type() is silly API that only exists for
   this one call. I want to remove a_print.c in the next major bump.

   ASN1_PRINTABLE_type() returns V_ASN1_PRINTABLESTRING if all characters
   belong to the specific subset of ASCII listed in X.680, 41.4, Table 10.
   Otherwise it returns V_ASN1_T61STRING or V_ASN1_IA5STRING depending on
   whether there is a character with the high bit set or not.

   With this in mind, the logic in ca.c comes down to this: blindly allow
   UTF-8, BMP and T61 strings. All other strings get rejected if the high
   bit of some character is set, or if the string is printable and there
   is a non-printable character.

   ok jsing kenjiro

   Print bridge windows when they're "open".

   ok dlg@

   httpd: fix server_http_time() to emit GMT times again

   The HTTP standard RFC 9110 requires GMT, in HTTP-date. We used to do this
   until a recent change to localtime.c changed GMT to UTC.

   From Sören Tempel, ok sthen

   conf_api: add empty line between !openssl and openssl includes

   conf_api: remove a few rather useless history tidbits

   wycheproof: add minimal glue for the decaps validation tests

   Fix race in vmm(4) where

   vmm(4) tracks the number of virtual machines and vcpus being emulated
   at a given time. When the last known vm is terminated, it disables
   virtualization extensions on all host cpus. Consequently, if the
   virtualization extensions are not currently enabled on the current
   host processor and a caller issues a VMM_IOC_CREATE ioctl(2), vmm(4)
   will enable the extensions on all host cpus before proceeding with
   creation.

   The current method of counting known vm's races with this check. A
   caller issuing a VMM_IOC_CREATE ioctl(2) may be past the initial
   check for extensions being active while another caller issuing a
   VMM_IOC_TERM may be terminating the only running virtual machine.
   The counter will reach zero, and the caller in the VMM_IOC_TERM
   path will trigger the host-wide deactivation.

   On Intel machines, this results in the vcpu initialization code
   (executed by the VMM_IOC_CREATE caller) producing #UD as VMX-specific

    [11 lines not shown]

   This function have -> This function has