OpenBSD/src ATaTwVZusr.bin/ssh sshsig.c

   leak of principals file lines; ok dtucker@
VersionDeltaFile
1.39+2-1usr.bin/ssh/sshsig.c
+2-11 files

OpenBSD/src 14MUQZ8usr.bin/ssh sshd-auth.c

   leak of authentication options at exit; ok dtucker@
VersionDeltaFile
1.9+2-1usr.bin/ssh/sshd-auth.c
+2-11 files

OpenBSD/src huToK7Ousr.bin/ssh sshconnect2.c

   memleak of keys not used for authentication; ok dtucker@
VersionDeltaFile
1.378+2-2usr.bin/ssh/sshconnect2.c
+2-21 files

OpenBSD/src 9h7yFgLusr.bin/ssh ssh.c

   memleak of certificate path; ok dtucker@
VersionDeltaFile
1.618+2-1usr.bin/ssh/ssh.c
+2-11 files

OpenBSD/src wK8yof4usr.bin/ssh sshconnect.c

   memleak of hostkey when downgrading host cert->key;
ok dtucker
VersionDeltaFile
1.375+2-1usr.bin/ssh/sshconnect.c
+2-11 files

OpenBSD/src eh0BXOpusr.bin/ssh sftp.c

   memleak of editline history; ok dtucker@
VersionDeltaFile
1.242+3-1usr.bin/ssh/sftp.c
+3-11 files

OpenBSD/src t9TeimQusr.bin/ssh mux.c

   memleak of rfwd callback context; ok dtucker@
VersionDeltaFile
1.106+2-1usr.bin/ssh/mux.c
+2-11 files

OpenBSD/src mR07Vyousr.bin/ssh monitor.c

   memleaks of request packet and hostkeys blob;
ok dtucker@
VersionDeltaFile
1.248+5-6usr.bin/ssh/monitor.c
+5-61 files

OpenBSD/src dKqfFKGusr.bin/ssh krl.c

   memleak of KRL revoked certs struct; ok dtucker
VersionDeltaFile
1.62+4-1usr.bin/ssh/krl.c
+4-11 files

OpenBSD/src Z3slNY7usr.bin/ssh kex.c

   memleak of kex->server_sig_algs; ok dtucker@
VersionDeltaFile
1.189+2-1usr.bin/ssh/kex.c
+2-11 files

OpenBSD/src vSKbUDuusr.bin/ssh channels.c

   fix memleak of channel forwarding permissions; ok dtucker@
VersionDeltaFile
1.449+6-3usr.bin/ssh/channels.c
+6-31 files

OpenBSD/src c3tvEPiusr.bin/ssh auth.c

   when merging auth options into the active set, don't leak the
   old struct sshauthopt; ok dtucker@
VersionDeltaFile
1.163+2-1usr.bin/ssh/auth.c
+2-11 files

OpenBSD/src jGXManbusr.bin/ssh auth-options.c

   fix memleak when applying certificate options; ok dtucker
VersionDeltaFile
1.102+2-1usr.bin/ssh/auth-options.c
+2-11 files

OpenBSD/src uBivEDXlib/libcrypto/mlkem mlkem_key.c

   MLKEM_private_key_new: add missing space before =
VersionDeltaFile
1.3+2-2lib/libcrypto/mlkem/mlkem_key.c
+2-21 files

OpenBSD/src Xs3yApwregress/usr.bin/ssh/unittests/misc test_expand.c, regress/usr.bin/ssh/unittests/sshbuf test_sshbuf_getput_basic.c test_sshbuf_misc.c

   memory leaks in unit tests
VersionDeltaFile
1.4+19-10regress/usr.bin/ssh/unittests/misc/test_expand.c
1.5+5-1regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_getput_basic.c
1.7+3-1regress/usr.bin/ssh/unittests/sshbuf/test_sshbuf_misc.c
+27-123 files

OpenBSD/src u9DL3L2usr.sbin/pkg_add/OpenBSD PkgCreate.pm

   Revert previous

   I failed to build devel/gtest with it, so it will need more testing
   to find the correct fix.
VersionDeltaFile
1.200+2-2usr.sbin/pkg_add/OpenBSD/PkgCreate.pm
+2-21 files

OpenBSD/src g7N57bRusr.bin/newsyslog newsyslog.c

   newsyslog: replace parse8601() by strptime(3) to parse time

   Simplifies time parsing here and removes unsave uses of strtol(3).

   ok sthen
VersionDeltaFile
1.118+33-64usr.bin/newsyslog/newsyslog.c
+33-641 files

OpenBSD/src LTKJe59sys/netinet6 nd6_nbr.c

   Fix use after free in ND6 DAD timer.

   In IPv6 neighbor discovery, the duplicate address detection code
   could trigger a use after free.  Kernel reported a data modifed on
   NDP freelist panic.  The offset pointed to timeout field of struct
   dadq.
   nd6_dad_stop() calls nd6_dad_stoptimer() and nd6_dad_destroy()
   without waiting for the timer to run before freeing.  As a quick
   fix implement a reaper on the timeout queue.
   While there remove an useless NULL check in nd6_dad_timer().

   OK florian@
VersionDeltaFile
1.163+14-10sys/netinet6/nd6_nbr.c
+14-101 files

OpenBSD/src Xe1uZxwgnu/gcc/gcc/config/m88k m88k.md m88k.c

   Implement [bs]{,un}ordered insns for proper floating-point comparisons results
   against NaNs.
VersionDeltaFile
1.18+38-0gnu/gcc/gcc/config/m88k/m88k.md
1.36+7-1gnu/gcc/gcc/config/m88k/m88k.c
1.4+3-3gnu/gcc/gcc/config/m88k/predicates.md
+48-43 files

OpenBSD/src 0Mp5NLSgnu/gcc/gcc/config/m88k m88k.c m88k.md

   Allow expand_block_move() to fail and have the MI code generate the memcpy
   call, rather than doing it ourselves.
VersionDeltaFile
1.35+16-20gnu/gcc/gcc/config/m88k/m88k.c
1.17+12-9gnu/gcc/gcc/config/m88k/m88k.md
1.9+1-1gnu/gcc/gcc/config/m88k/m88k-protos.h
+29-303 files

OpenBSD/src v0eSBoagnu/gcc/gcc/config/m88k m88k.c m88k.h

   Minor exception handling bug and comment fixes.

   Also, revert override of TARGET_BUILTIN_SETJMP_FRAME_VALUE - this was done
   while experimenting with sjlj exceptions support, to make them work better,
   but now that unwinding works it is no longer useful.
VersionDeltaFile
1.34+13-17gnu/gcc/gcc/config/m88k/m88k.c
1.27+1-1gnu/gcc/gcc/config/m88k/m88k.h
+14-182 files

OpenBSD/src LGX8gvzgnu/gcc/gcc/config/m88k m88k.h

   Define AVOID_CCMODE_COPIES. While CCmode values are kept in registers, there
   is no reason to copy {f,}cmp results to another register; prefer keeping that
   register live as long as necessary.
VersionDeltaFile
1.26+2-1gnu/gcc/gcc/config/m88k/m88k.h
+2-11 files

OpenBSD/src cDV8X6Tgnu/gcc/gcc/config/m88k m88k.md

   Add more barriers for proper basic block computation.
VersionDeltaFile
1.16+5-0gnu/gcc/gcc/config/m88k/m88k.md
+5-01 files

OpenBSD/src 23HIGDQgnu/gcc/gcc/config/m88k m88k.md

   Fix harmless compilation warnings.
VersionDeltaFile
1.15+2-6gnu/gcc/gcc/config/m88k/m88k.md
+2-61 files

OpenBSD/src i2RX5PQsys/arch/sh/sh pmap.c

   Do not leave a bogus dangling pv entry if __pmap_pte_alloc() fails in
   pmap_enter() and PMAP_CANFAIL.

   From NetBSD.
VersionDeltaFile
1.31+5-2sys/arch/sh/sh/pmap.c
+5-21 files

OpenBSD/src UicVEf8usr.sbin/pkg_add/OpenBSD PkgCreate.pm

   Fix precedence problem in PkgCreate version check

   Noticed when testing out perl 5.42 which has a new warning for this.

   "Go Ahead" Marc Espie <marc.espie.openbsd () gmail ! com>
VersionDeltaFile
1.199+2-2usr.sbin/pkg_add/OpenBSD/PkgCreate.pm
+2-21 files

OpenBSD/src PFHlHKhregress/usr.sbin/pkg_add Makefile lib-error.ref

   Add pkg_add test for invalid libs

   Validating that it outputs the expected message.

   From Marc Espie <marc.espie.openbsd () gmail ! com>
VersionDeltaFile
1.90+11-3regress/usr.sbin/pkg_add/Makefile
1.1+4-0regress/usr.sbin/pkg_add/lib-error.ref
+15-32 files

OpenBSD/src sxatsJ3regress/lib/libcrypto/wycheproof wycheproof.go

   wycheproof: run ML-KEM test vectors against libcrypto
VersionDeltaFile
1.191+139-2regress/lib/libcrypto/wycheproof/wycheproof.go
+139-21 files

OpenBSD/src aXxGKFNlib/libcrypto/mlkem mlkem_internal.c

   mlkem_public_to_private: fix overread/information leak

   After the guts of MLKEM_public_key were changed from a union to a struct,
   the aligner grew the struct, leaking as many bytes of private key data as
   the struct grew (on normal platforms that would be 2).

   Ideally this would all be a bit more robust.

   CID 621603 621604

   ok jsing kenjiro
VersionDeltaFile
1.2+3-3lib/libcrypto/mlkem/mlkem_internal.c
+3-31 files

OpenBSD/src FkSMpChsys/arch/amd64/amd64 vmm_machdep.c identcpu.c, sys/arch/amd64/include vmmvar.h

   require unrestricted guest support for VMX hosts using vmm(4)

   Support for CPUs that don't allow unrestricted guest support is getting
   in the way of making progress elsewhere. This diff requires support for
   unrestricted guest capability in the host CPU.

   Practically speaking, this means original first-generation Nehalem
   microarchitecture machines won't be supported anymore. Even before this
   change, those CPUs were very limited in what guest VMs they could run
   with vmm(4) anyway - they could only use the -b option to directly boot
   an OpenBSD kernel, not being able to support a BIOS. This diff adds
   code to check for the required capabilities, and not attach vmm(4)
   if we don't detected a supported configuration.

   FWIW, the CPUs affected by this change are now close to 15 years old.

   ok dv
   discussed with deraadt
VersionDeltaFile
1.64+14-8sys/arch/amd64/amd64/vmm_machdep.c
1.152+4-3sys/arch/amd64/amd64/identcpu.c
1.6+2-2sys/dev/vmm/vmm.c
1.116+2-1sys/arch/amd64/include/vmmvar.h
+22-144 files