Update HTTP::Tiny to 0.096
This is mostly to pick up the fix for CVE-2026-7017 since we already
had the fixes for the earlier bugs. However, applying the patches
just for the fix was being painful so instead pull in the full update.
vmd(8): fix qcow2 refcounts on lazy allocated refcnt blocks.
Lazy-allocated refcount blocks, such as those created when growing the
disk past 2 GiB, should have refcount initialized to 1. While the disk
is functional, operations on the metadata (such as resizing) fail as
the reference counting is corrupt.
From Chris Cunningham.
"looks right to me" from @ori (original author of vioqcow2.c)
Use ENTRY_NB() for sig{set,long}jmp
Like on arm, the END_WEAK() trigger "changed binding to STB_WEAK"
warnings on sparc64 when compiled with clang.
ok kettenis
Encrypt swap pages "inline" instead of going through a bounce buffer. This
means we no longer need to reserve bounce pages for the pagdaemon. Instead
we can use the complete set of psegs to swap out pages. Note that there is
another important consequence of this diff. Before the old page remaines
unencrypted and on the inactive queue, where it will sit until the
pagedaemon runs again and kills it. With this diff, pages will be freed
as soon as the I/O completes. This is probably an improvement in itself.
This is simplified version of a diff posted by mpi@ earlier this year.
These simplifications were possible because we no longer bounce pages to
meet DMA constraints in the swap code.
ok deraadt@
Restructure the SSHFP test in preparation for adding other key types:
- change the DNS names to be rsa.* for the existing RSA fingerprints.
- verify that all required SSHFP records exist in DNS.
- only run the RSA tests if the build supports RSA.
Change the fusefs_node i_ump member name to i_fmp to better reflect
that it is a struct fusefs_mount pointer and not a struct ufsmount
pointer. There is also no need to cast it each time.
OK claudio@
Replace the notification system with events. Events can carry a payload of
additional payload (to reduce problems with lifetime of objects) and are
delivered to one or more event sinks. This is more powerful and reduces the
complex dependencies between control mode and hooks. Events are now used for
hooks, control mode notifications and for monitors (set-hook -B).
wait-for can now wait for an event to fire (-E flag, with -F to for filter),
with -v to print the payload, as well as listing (-l) waiting clients on an
event and forcing one to wake (-w).
A few additional hooks are also now available (pane-created, pane-resized, etc)
and some of the existing ones have additional format variables available.
Change NOTHING (which means only redraw the indicator) to MOVE. And
redefine NOTHING as /actually/ nothing. Use it for commands which
actually make no change. Fixes flickering due to excessive redrawing of
indicator lines. Mostly from Michael Grant.
Tighten up parsing of paged search controls in search results so we error
out if the control is badly formed rather than trusting that it contained
the right elements.
some problems pointed out by Frank Denis, some more identified after that
ok jan@
'pfctl -s all' should not dump all OS fingerprints loaded to pf(4)
The '-s all' pfctl(8) option is supposed to report only the number
of OS fingerprints loaded to kernel instead. The issue was noticed
and kindly reported by David Adams (support _at_ tarma _dot_ com).
This is 7.9 regression.
OK @jsg
ld.so/sparc64: preserve unaligned relocation byte order
The unaligned relocation path reconstructs the relocation target in
SPARC byte order, but writes the adjusted value back least significant
byte first; this reverses R_SPARC_UA64 results on a big endian target.
Write the value back in target byte order, so relocated function
pointers retain their canonical representation.
Tested by tb@, OK: kettenis@
ld.so/sparc64: fix UA64 relocation mask selection
The relocation mask table is indexed by relocation number; the missing
separator after the R_SPARC_6 entry shifts subsequent initializers, so
R_SPARC_UA64 receives the R_SPARC_UA16 mask. Restore the table layout,
otherwise only the low 16 bits of relocated 64 bit pointers survive.
Tested by tb@, OK: kettenis@
Also batch retries of non-functional CAs based on their Rsync base URI
While there, ensure RRDP URIs are ignored when batching in Rsync-only mode.
OK tb@
Properly apply constraints to BGPsec Router certs.
The goal is to just warn about overclaiming intermediate certs but
BGPsec Router Keys are also certs and those should use strict constraint
validation.
OK tb@
acpidmar(4): Unload maps before destruction
Remove dmar_dumpseg() as dmar_dmamap_unload() also calls dmar_dumpseg().
This changes slightly the trace output with enabled debugging. But
avoids duplicate information.
ok kettenis@
sndiod: Remove the app/xxx.level controls before exit
All other structures are freeed before exit; this mostly reduces the
noise in malloc(3) leak reports.