Clear %dr6 and %dr7 on boot and on resume from suspend, in case the
BIOS uses but doesn't reset them. Display their values in trap_print()
if it's a trace trap.
problem observed on a MacPro6,1 by mglocker@
ok deraadt@ mglocker@
When auto-fetching files:
1. Error out when a command line argument that is supposed to specify
a URL does not contain a colon, rather than silently ignoring all
subsequent arguments including the bad one and reporting spurious
success. This can only happen for a bad argument following a valid
URL argument.
2. The check whether the "host" part of a URL is empty was ineffective.
Move it after cutting off the directory part to make it actually work,
and let it print a meaningful error message.
Issue 1 reported by Henrich Hartzer <h at hartzer dot sh> on tech@.
Issue 2 found in my audit of the function triggered by the report.
OK tedu@, and deraadt@ is "not worried"
Clear the resp buffer before calling getfh(). If getfh fails the response
would leak stack memory to the less privileged process.
Reported by S. Ai, H. Lefeuvre, Systopia team
OK deraadt@
merge the x509name test into x509_name_test.c
Remove the old x509name test and its Makefile rule. Its logic has
been fully integrated into x509_name_test.c using a new table-driven
approach. Each x509 name entry is added and validated step by step,
checking both the string representation produced by X509_NAME_print_ex()
and the internal RDN set structure.
This makes the test easier to extend and maintain, and eliminates the need
for an external .expected file or output diff.
From Kenjiro Nakayama (with tiny tweaks)
Move agent listener sockets from /tmp to under ~/.ssh/agent for both
ssh-agent(1) and forwarded sockets in sshd(8).
This ensures processes (such as Firefox) that have restricted
filesystem access that includes /tmp (via unveil(3)) do not have the
ability to use keys in an agent.
Moving the default directory has the consequence that the OS will no
longer clean up stale agent sockets, so ssh-agent now gains this
ability.
To support $HOME on NFS, the socket path includes a truncated hash of
the hostname. ssh-agent will by default only clean up sockets from
the same hostname.
ssh-agent gains some new flags: -U suppresses the automatic cleanup
of stale sockets when it starts. -u forces a cleanup without
keeping a running agent, -uu forces a cleanup that ignores the
hostname. -T makes ssh-agent put the socket back in /tmp.
[2 lines not shown]
drm/amdgpu: Use the right function for hdp flush
From Lijo Lazar
54cbce4fe04bc6793178a3daff70fba2acbf7644 in linux-6.12.y/6.12.26
c235a7132258ac30bd43d228222986022d21f5de in mainline linux
drm/amdgpu: use a dummy owner for sysfs triggered cleaner shaders v4
From Christian Koenig
0fd149c26281532ab840df440c6d1f7dfa1c6e90 in linux-6.12.y/6.12.26
447fab30955cf7dba7dd563f42b67c02284860c8 in mainline linux
drm/amdgpu: Increase KIQ invalidate_tlbs timeout
From Jay Cornwall
bbf2d060524764de6e84e5721c95c0a63aa4e6cf in linux-6.12.y/6.12.26
3666ed821832f42baaf25f362680dda603cde732 in mainline linux
drm/amd/display: Force full update in gpu reset
From Roman Li
1ae30272b992dd011f54c7659668ba5521a3c282 in linux-6.12.y/6.12.26
67fe574651c73fe5cc176e35f28f2ec1ba498d14 in mainline linux
drm/amd/display: Fix gpu reset in multidisplay config
From Roman Li
3ff83378b6b1b59f6cf71d021a67fc68c3fb9221 in linux-6.12.y/6.12.26
7eb287beeb60be1e4437be2b4e4e9f0da89aab97 in mainline linux
drm/amd/display/dml2: use vzalloc rather than kzalloc
From Alex Deucher
b26ac563704cf5d0025f4af3290d4b88fa345a3a in linux-6.12.y/6.12.26
cd9e6d6fdd2de60bfb4672387c17d4ee7157cf8e in mainline linux
drm/amd/display: Fix unnecessary cast warnings from checkpatch
From Rohit Chavan
50ec8c24286e528ecc60ebaf5121ae308b742a9c in linux-6.12.y/6.12.26
c299cb6eafaf76d0cb4094623d6401c45d8bd0dc in mainline linux
drm/xe/bmg: Add one additional PCI ID
From Matt Roper
0fdb612c2072c2d0f3dd36d1a1a18250526dfd48 in linux-6.12.y/6.12.26
5529df92b8e8cbb4b14a226665888f74648260ad in mainline linux
Fix race in TCP SYN cache get.
Setting the local and foreign address of a newly created socket did
not happen atomically. During socket setup there was a small window
for an incpb that had a bound laddr, but faddr was emtpy. Although
both listen and new socket are locked during syn_cache_get(),
in_pcblookup_listen() could find the incpb of the new socket. When
a SYN packet of another connection arrived in parallel, it was
processed with the socket under construction instead of the listen
socket.
Setting both faddr and laddr together in in_pcbset_addr() fixes the
race. The relevant code has been copied from in_pcbconnect(). The
table mutex inpt_mtx guarantees that in_pcblookup_listen() finds
the listen socket.
bug found and fix tested by Mark Patruck; OK mvs@
Do not allow readdir and readdirplus NFS operations on non-directory vnodes;
from miod@, reported by Claes M Nyberg to bugs@, ok claudio@
this is errata/7.7/001_nfs.patch.sig
Do not allow readdir and readdirplus NFS operations on non-directory vnodes;
from miod@, reported by Claes M Nyberg to bugs@, ok claudio@
this is errata/7.6/016_nfs.patch.sig