BSD Commit Log Search

   On 2026-03-09 British Columbia will go from daylight to standard
   time, without a UT offset change.  That is, its 2026-03-08 spring
   forward will be its last foreseeable clock change, as it will move
   to permanent -07 thereafter.  (Thanks to Arthur David Olson.)

   Update to 2026agtz from https://github.com/JodaOrg/global-tz
    o Moldova has used EU transition times since 2022.
    o Remove Europe/Chisinau from zonenow.tab, as it now agrees with
      Europe/Athens for future timestamps.

   Add some stats for the use of bitmaps.

   OK tb@

   Add some stats for the use of bitmaps.

   Only account for the extended bitmaps that allocate extra memory.
   The count is much lower since up to 127 bits the map uses the struct
   bitmap itself for storage but tracking those is more complicated.

   OK tb@

   Add pane_pipe_pid with pipe fd and call setpgid to make it easier to kill.

   Fix relayd reload race crash

   Instead of terminating with fatalx() when a private key hash cannot be
   found, log a warning and send an error back to the relay worker.

   This prevents a race condition during "reload" where a request might
   reach the CA process while keys are being repopulated.

   Reported by Nick Owens; thanks!

   OK tb@

   ssh-agent supports a "query" extension that allows a client to request
   a list of extensions it support. This makes this capability available
   to ssh-add via the -Q flag.

   ok markus@

   satisfy the requirements of ksh build with -DSMALL in the install media

   With IANA codepoints for draft-ietf-sshm-ssh-agent now allocated,
   it's safe to start using the standard names for requesting agent
   forwarding over the @openssh.com extension names we've used to date.

   Support for the standard names is advertised via EXT_INFO. When the
   client sees such support it will use the new names preferentially,
   but the existing names remain supported unconditionally.

   ok markus@

   Inspecting Flag(FTALKING) to activate curses in the spot chosen by the
   previous commit seems to fail in some circumstances because of order
   of operations in ksh startup.  So move the test and curses initialization
   immediately before the tputs() calls.
   discussion with tb

   correctness wrt draft-ietf-sshm-ssh-agent:

   extension requests should indicate failure using
   SSH_AGENT_EXTENSION_FAILURE rather than the generic SSH_AGENT_FAILURE
   error code. This allows the client to discern between "the request
   failed" and "the agent doesn't support this extension".

   ok markus@

   relayd: replace unneeded engine.h with needed x509.h

   Adjust a comment. Being non-existent, the OpenSSL engine layer cannot be
   responsible for whatever unholy hacks this code requires.

   fix rcs tag

   Only include <machine/pte.h> on i386/amd64 where we actually need the
   pagetable bits.

   ok jsg@, jcs@

   use vhtcaps in vht probe

   ok stsp@

   em(4) at PCI Express can handle 64 bit DMA transfers.

   OK mvs@ kettenis@

   Make -c work with new-session -A, from Jody Frankowski in GitHub issue
   4906.

   Another memory leak, from Huihui Huang.

   tmux: use VIS_NOSLASH to avoid annoying double escaping on paste

   from nicm

   tmux: tc can be NULL, so check before deref to avoid crashing the server

   ok nicm

   zlib: add unit test to exercise the infinite loop fix

   zlib: sync with userland

   ZLB-01-002: infinite loop in crc32_combine{,_op}()

   zlib.h and our compress(3) manual have documented that len2 in the two
   affected APIs must be non-negative for a long time.  If you ignore this,
   you hang, as a simple test shows. The trivial fix adds a corresponding
   check and makes the documentation even more explicit.

   ok djm

   commit ba829a458576d1ff0f26fc7230c6de816d1f6a77
   Author: Mark Adler <git at madler.net>
   Date:   Sun Dec 21 18:17:56 2025 -0800

       Check for negative lengths in crc32_combine functions.

       Though zlib.h says that len2 must be non-negative, this avoids the
       possibility of an accidental infinite loop.

   If ksh is not interactive, do not initialize curses.  Instrumentation
   showed that during a typical build process the terminfo file was being
   opened (and parsed) a gazilion times.
   diagnosed with matthieu, ok millert

   Enable 64-bit DMA transfers.

   ok kettenis@

   Set User-Agent for HTTP healthchecks

   Joel Carnat (Thanks) notice that GoToSocial does not like it when we sent
   no User-Agent and returns an HTTP/418.

   Lloyd pointed to use RELAYD_SERVERNAME instead hardcoded "relayd"

   OK sthen, claudio (diff without RELAYD_SERVERNAME)

   Unveil fix for traversing up at a mount point in vfs_lookup.

   This fixes an issue where we could use the wrong unveil
   when we had a path starting with a .. starting from a directory
   that was a mount point, and also was unveiled.

   The fix ensures we remember traversing the unveil before
   descending into the underlying filesystem.

   fix by semarie@ with testing by me and deraadt@ and others

   from beck@; ok deraadt@

   this is errata/7.7/025_unveil_mount.patch.sig

   Unveil fix for traversing up at a mount point in vfs_lookup.

   This fixes an issue where we could use the wrong unveil
   when we had a path starting with a .. starting from a directory
   that was a mount point, and also was unveiled.

   The fix ensures we remember traversing the unveil before
   descending into the underlying filesystem.

   fix by semarie@ with testing by me and deraadt@ and others

   from beck@; ok deraadt@

   this is errata/7.8/019_unveil_mount.patch.sig

   In tzpath_ok(), also reject a path ending in "/..".  This replaces
   strstr() with a loop that matches embedded ".." path elements as
   well as leading and trailing ones.  OK tb@

   sys/iwx: support powersave

   This diff enables power save by default for iwx by setting
   IEEE80211_F_PMGTON (and IEEE80211_C_PMGT), and makes iwx react to
   SIOCS80211POWER by switching between PM (level 3) and CAM at runtime.

   OK: stsp@