BSD Commit Log Search

   Add the extended message capability to the if statement that checks if
   the peer has anything enabled. Missed when adding ext_msg support.

   OK tb@

   Introduce ch_ext a struct holding the table an meta data pointers for
   the extendible hash.

   Doing this removes the need for handling two arrays in resize operations
   and also keeps the two pointers together. The code becomes simpler and
   with some reshuffling ch_table_resize() is now less problematic.

   The initial allocation of the extendible table is increased from one entry
   to two.

   OK tb@

   In the disklabel check for specific fields with value 0, and return
   early before trying to check for a byte-swapped label.  This avoids
   a /0 in the byte-swapped partition check.
   ok krw, also discussed with krw

   Fix heap buffer overread in compile_delimited()

   OK deraadt

   Do not fatal in pt_fill() instead return an error object that can never exist.

   pt_fill() is in some cases used by semi-trusted content (e.g. from
   bgpctl). The fatalx calls in that function are therefor a problem.

   This alters pt_fill to instead return a pt_entry object that can not
   exist in the tree. This error object is simply initalised with 0xff.

   Also if the prefixlen is too large for the address family just clip it down
   to the maximum (with a log message).

   In pt_add(), the only place a pt_fill() object would be added to the tree,
   check if the returned object is valid. There it is ok to fatal (at least
   for now) since the code previous to pt_add() should validate the prefix.

   Uniform some error messages and switch the prefixlen argument to u_int.

   OK tb@

   strict localtime / zoneinfo __pledge_open() behaviours coming soon

   The ktrace signal structure ktr_psig needs to be zero'd before filling in
   for providing to userland.
   from Stuart Thomas

   Link-local addresses for nexthops also need to check scope_id.

   scope_id, the gift that keeps on giving.

   OK tb@

   Return error on unhandled imsg types in the adj-rib-out case.

   In rde_dump_ctx_new() the adj-rib-out case only covers some of the
   possible imsg types rde_dump_ctx_new() can be called with. So ship back an
   error instead of the fatalx() call.

   OK tb@

   Add missing pfkey_remove() calls in error paths for RTR socket establishment.

   OK tb@

   Fix a couple of bugs in tty_draw_line: do not loop forever if orphan
   padding appears, or if a wide character is trimmed at the right of the
   region. Much help with testing from qingliu at alauda dot io in GitHub
   issue 5024.

   avoid calling free() on an uninitialised pointer from an error path
   ok sashan@ henning@

   Update supported features for Foot, from Meriel Luna Mittelbach in
   GutHub issue 5079.

   Add missing memcpy calls for auth_key_in / out in merge_auth_conf()

   This was broken when refactoring the code for RTR and only affects
   manual IPSec setups which are very uncommon.

   OK tb@

   Error handling the double reallocarray in ch_table_resize() is tricky.

   In case of a realloc failure for the meta tables the ch_tables arrays
   was already successfully reallocated. Doing the free(tables) in the error
   path results in a use-after-free scenario and instead on error ch_tables
   just needs to be updated to this new table. Since the ch_level is not
   adjusted the next time, reallocarray will be called on a memory block
   that is already big enough which is a NOP and so this is safe.
   Further cleanup will follow.

   OK tb@

   Do not crash if set progress bar with no pane, from Dane Jensen.

   use nowake for sleep wait channel instead of an uninitialised
   stack variable

   avoids a -Wuninitialized-const-pointer warning with clang 22
   ok jca@

   avoid validating bad cipher or mac lists in config files / commandline
   arguments as valid.

   Identified by SUSE and reported by Camila Camargo de Matos

   ok deraadt@ tb@

   fix hard-to-reach NULL deref during pubkey auth

   To hit this, the user must be using a PEM style private key with no
   corresponding .pub key adjacent to it.

   rpki-client: fix incomplete strncmp() check

   The directory path in rp->repouri doesn't end in a '/' itself, so check
   that the uri containing an unused file points at something below it.

   Pointed out by Frank Denis

   ok claudio job

   Fix bad sizes in certain graceful restart imsgs.

   The move to use more u_int for aid also changed the imsgs
   IMSG_SESSION_STALE, IMSG_SESSION_NOGRACE, IMSG_SESSION_FLUSH, and
   IMSG_SESSION_RESTARTED. The problem was that not all senders were
   adjusted.

   OK tb@

   Update libexpat to version 2.8.1.

   Relevant for OpenBSD are security fixes #1216, other changes #1209.
   Library bump is not necessary.  CVE-2026-45186

   OK tb@

   getservice() needs to return the port in host byte order but
   getservbyname() returns the value in network byte order. Add some ntohs()
   for those poor little endian systems.

   OK tb@

   ibuf_set_maxsize() need to ensure that the invariants are upheld by
   checking also that wpos and size are not bigger then the new max.

   If wpos is bigger fail hard, for size the allocation may have been used
   before and so do an explicit_bzero() to clear the extra memory out.

   OK tb@

   check_sym: do not run output commands twice

   ok guenther@

   Add a guarded .note.GNU-stack section to crypto assembly files.

   Add a .note.GNU-stack section to avoid ending up with an executable stack
   on toolchains that believe we should have an executable stack by default.

   Reported by ruuda on Github.

   Discussed with tb@

   Fix buglet introduced in 1.85; from clang -Wsometimes-uninitialized via jsg@

   Fix double-close on header-step failure

   OK job@

   sync

   Dropbear recently added a -Q option; use it to query KEX if available.