CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 21:56:36 Modified files: regress/lib/libssl/openssl-ruby: Makefile Log message: openssl-ruby-tests: prefer 40 over 34
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 20:48:09 Modified files: regress/lib/libssl/openssl-ruby: Makefile Log message: openssl-ruby-tests: work with ruby34 and ruby40
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 19:20:17 Modified files: sys/dev/usb: umsm.c Log message: add one of the microsoft branded Quectel EM12-G modems. i have a few i tested with, and it works fine.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 19:17:14 Modified files: sys/dev/usb: usbdevs.h usbdevs_data.h Log message: regen
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 19:16:52 Modified files: sys/dev/usb: usbdevs Log message: add one of the microsoft branded Quectel EM12-G modems i've tested that they work with umsm(4) and umb(4)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/17 18:29:44 Modified files: share/man/man5 : ruby-module.5 Log message: Update ruby-module.5 for default Ruby version switch to 4.0
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 17:43:16 Modified files: sys/dev/pv : xen.c Log message: To work with bounce buffers, xen_bus_dmamap_sync has to call bus_dmamap_sync using the parent dma tag. ok kettenis@ dlg@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 11:02:03 Modified files: share/man/man4 : pppoe.4 sys/net: if_pppoe.c Log message: pppoe(4): leverage if_hardmtu for RFC 4638 instead of parent if_mtu Interfaces operate at their maximum supported packet size at all times, independent of the software IP stack MTU. Enforce MTU ceilings during PPPOESETPARMS and SIOCSIFMTU based on if_hardmtu instead of the parent's software if_mtu. This allows pppoe(4) devices to use "mtu 1500" without requiring manual MTU manipulation on the physical parent interface. Update pppoe.4 to match. "if it works for you then it's ok by me" dlg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/17 07:34:53 Modified files: sys/dev/pci: if_mwx.c if_mwxreg.h Log message: Implement bgscan, add hooks for set and delete key and improve mwx_stop so that there is a better chance to recover after down/up. On top of this implement mwx_activate() so that suspend/resume works. None of this is perfect but hopefully good enough. Tested on MT7921
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 07:29:01 Modified files: lib/libfuse: fuse.c fuse_chan.c fuse_lowlevel.c fuse_lowlevel.h fuse_ops.c fuse_private.h fuse_session.c fuse_subr.c sys/miscfs/fuse: fuse_device.c fuse_file.c fuse_lookup.c fuse_vfsops.c fuse_vnops.c fusebuf.c fusefs.h fusefs_node.h sys/sys: fusebuf.h Log message: Everything needed to bring the FUSE kernel protocol in line with the Linux implementation is now in place. With this update, the kernel can support ports that talk directly to /dev/fuse0 rather than relying on libfuse. sys/fusebuf.h is retained rather than introducing fuse_kernel.h OK claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 07:22:48 Modified files: usr.bin/tmux : screen-write.c server-client.c tmux.h Log message: Tidy up server_client_check_redraw. Get rid of the bitmask tracking panes which want redraw for deferred clients - if they are deferred then they can just have a full redraw instead. Also return earlier if no redraw is actually needed, and improve the comments.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 06:32:54 Modified files: usr.bin/tmux : server-client.c Log message: Fix shifts to 1ULL and check scrollbar even if pane is not being redrawn.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 02:47:28 Modified files: usr.sbin/rpki-client: filemode.c mft.c roa.c tal.c Log message: rpki-client: indent some out labels for consistency
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 02:22:21 Modified files: usr.sbin/rpki-client: aspa.c mft.c roa.c rsc.c spl.c tak.c Log message: rpki-client: unify CMS signed object parsers This commit starts unifying various CMS signed object parsers in preparation for a lot more refactoring of this long-accumulated copy-paste mess. The signed object is passed as a void * object to various handlers, so these handlers all have the same signature. In this step, *_parse() is essentially split into allocation plus: 1. *_cert_info(), which checks some basic things on the EE cert (usually inheritance, presence or absence of RFC 3779 extensions). For MFTs it also extracts some info and hangs that off mft. 2. the already existing *_parse_econtent() 3. *_validate() that does some validation steps and sets ->valid. In most signed object handlers the validate step can't currently fail. This is one of the many warts we've accumulated and is marked with an /* XXX */. This is all straightforward and should not change anything. The reason cert_info comes after parse_econtent is that the latter usually has some helpers and it is easier to reason about this if the future struct members are somewhat close to each other. ok claudio job
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 01:52:21 Modified files: usr.bin/tmux : cmd-join-pane.c cmd-resize-pane.c key-bindings.c tmux.1 Log message: Add -M to move-pane and default bindings for M-drag. From Michael Grant.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/17 01:43:55 Modified files: usr.bin/tmux : layout.c Log message: FIx a couple of minor errors in use of layout_cell_is_tiled.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/16 16:59:03 Modified files: usr.bin/vi/vi : v_sentence.c Log message: Make the behavior of the '(' command match the ')' command. Previously, the ')' command required a sentence to end with two blanks, but '(' only required a single space. Historic vi (and the documentation) requires two spaces in both directions. Based on a diff from Walter Alejandro Iglesias.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/16 16:27:10 Modified files: regress/usr.bin/ssh/unittests/crypto: test_ed25519.c test_mldsa.c test_mlkem.c regress/usr.bin/ssh/unittests/test_helper: test_helper.c test_helper.h Log message: Factor out hex2bin into a shared helper function. Replace sscanf %hhx (which is C99) with plain %x for better compatibility in -portable. ok djm@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/16 13:29:25 Modified files: sys/kern : kern_synch.c Log message: When releasing, read trace index before reference counter decrement. When btrace(8) is active, refcounting is traced using an index field to the dt(4) backend. When two CPU simultaneously decrement the reference count, one could free the object while the other is still reading the index. Move the load before the dec separated by a membar. Crashes seen while testing an experimental diff from dlg@. OK cludwig@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 05:50:53 Modified files: sbin/isakmpd : message.c Log message: isakmpd: Fix NULL dereference in message_validate_sa() When the responder cookie is non-zero but sa_lookup_by_header() finds no matching SA, msg->isakmp_sa is NULL. Thus check before dereferencing.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/16 04:58:42 Modified files: regress/usr.bin/ssh: sshsig.sh Log message: Use awk instead of cut to help -portable. Some platforms have size limits on cut.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 04:47:35 Modified files: usr.bin/tmux : Makefile cmd-display-panes.c screen-redraw.c screen-write.c server-client.c tmux.h Added files: usr.bin/tmux : window-visible.c Log message: Rename the visible ranges functions since they really relate to windows and put them nto a new file.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 03:28:17 Modified files: usr.bin/tmux : window-copy.c Log message: Allow rectangle selection to extend past end of current line to behave the same as vi with virtualedit=block set. From Mark Kelly in GitHub issue 5227.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/16 03:00:47 Modified files: regress/usr.bin/ssh/unittests/crypto: test_ed25519.c test_mldsa.c Log message: Include stdarg.h for va_list (needed for xmalloc.h).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 03:00:25 Modified files: usr.bin/tmux : cmd-new-window.c Log message: Initialize wname so it we are not freeing garbage if it is not used.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 02:57:07 Modified files: usr.bin/tmux : cmd-resize-pane.c server-client.c Log message: Fix resizing floating pane with a left scrollbar, from Michael Grant.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 02:53:14 Modified files: usr.bin/tmux : screen-redraw.c Log message: Fix missing border when drawing floating panes. From Michael Grant.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/16 02:15:35 Modified files: regress/usr.bin/ssh/unittests/crypto: tests.c Log message: Include stdlib.h for malloc/free and sort headers.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 01:07:49 Modified files: usr.bin/tmux : cmd-break-pane.c Log message: Fix default window check in break-pane, from Dane Jensen.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/16 01:06:32 Modified files: usr.bin/tmux : layout.c Log message: Add layout_cell_is_tiled and layout_cell_has_tiled_child helper functions, from Dane Jensen.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 23:01:56 Modified files: usr.bin/tmux : tmux.1 Log message: botton -> bottom
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 20:15:14 Modified files: usr.bin/vi/vi : v_sentence.c Log message: Fix behavior of ')' used in a range when setence reaches EOF. For a sentence spanning more than one line at the end of the file, when the cursor is placed at the first character of any line except for the last one, running '!)' won't affect the last line. >From Walter Alejandro Iglesias
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 20:03:35 Modified files: usr.bin/vi/ex : ex.c Log message: Check for E_CLRFLAG in ecp->cmd->flags, not ecp->iflags. Fixes a problem where an extra line is printed at the end of the output when the "number" command is given the "l" (literal display) flag. >From Jeremy Mates Walter Alejandro Iglesias and
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 15:47:01 Modified files: usr.bin/tmux : cmd-display-panes.c cmd-select-pane.c input-keys.c screen-redraw.c tmux.h window.c Log message: Rename window_pane_visible to match other functions, from Dane Jensen.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 15:41:39 Modified files: usr.bin/tmux : cmd-break-pane.c cmd-new-session.c cmd-new-window.c cmd-rename-session.c cmd-rename-window.c cmd-select-pane.c cmd-split-window.c input.c names.c paste.c popup.c screen.c session.c spawn.c tmux.c tmux.h window.c Log message: Be more strict about what names and titles we allow and reject them immediately when possible, but allow # again for those directly set by commands (but not escape sequences). From Barrett Ruth in GitHub issue 5175.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 11:34:25 Modified files: usr.bin/tmux : cmd-join-pane.c layout.c options-table.c screen-redraw.c server-client.c tmux.1 tmux.h window.c Log message: Add pane-border-lines none like popups (-B to new-pane).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 11:30:04 Modified files: usr.sbin/rpki-client: cert.c Log message: rpki-client: reject certs with duplicate extension OIDs We check this for extensions we know about in cert_parse_extensions(). We keep doing it there since we need to keep track of the extensions we encountered anyway. While cert_parse_extensions() rejects certs with critical extensions we don't know about, we allow duplicate non-critical ones mainly because that's annoying to keep track of. LibreSSL's libcrypto checks for this and rejects the cert when caching the extensions, OpenSSL 4 adds a new EXFLAG_DUPLICATE flag and accepts the cert, and OpenSSL 3 simply ignores duplicates. In short: we get to do it ourselves. This check is basically lifted from libcrypto's x509_purp.c with a few extra contortions due to const sprinkling and making things opaque. The warnx is the same as the one already present in cert_parse_extensions(). We do not NULL check X509_EXTENSION_get_object() because the extension parsed, so an OID is present. ok job
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 11:09:29 Modified files: sbin/dhcpleased: dhcpleased.c dhcpleased.h engine.h usr.sbin/dhcpleasectl: dhcpleasectl.c Log message: Prevent the engine from sending us a negative amount of routes. Pointed out by Andrew Griffiths, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 11:08:15 Modified files: sbin/dhcpleased: dhcpleased.c Log message: We need to accept one more route from the engine process. Off-by-one pointed out by Andrew Griffiths, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 11:07:34 Modified files: sbin/dhcpleased: engine.c Log message: Make sure UDP header length field at least covers the UDP header. We clamp the amount of data we are willing to parse to the length of the UDP packet as indicated by the UDP header length field. While we made sure that the length field did not point past the received data, we never checked if the length is smaller than the udp header. Since we are using BPF, the kernel also does not doe this for us. This might in turn lead to an underflow and a subsequent crash of the engine process. Pointed out and diff provided by Andrew Griffiths, thanks!
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 09:05:12 Modified files: usr.bin/tmux : server-client.c Log message: If the client is blocked, defer the redraw because it may end up partially discarded leading to redraw artifacts.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 08:56:30 Modified files: usr.bin/tmux : screen-write.c Log message: Convert cursor position back to pane coordinates for tty_cmd_cell.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 08:45:19 Modified files: usr.sbin/rpki-client: repo.c rsync.c Log message: Add some guardrails to rsync_base_uri() against future programmer error OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 08:30:53 Modified files: usr.sbin/rpki-client: repo.c rsync.c validate.c extern.h regress/usr.sbin/rpki-client: Makefile.inc Log message: Tighten well-formedness checks on AIA & SIA extensions in certs Valid Rsync URIs always contain a module component. To avoid duplication of URI validation code, refactor rsync_base_uri() to optionally allocate & dup the base URI portion. Thanks to Ties de Kock for reporting. OK tb@ claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 07:41:47 Modified files: sys/kern : sysv_msg.c Log message: Drop unused 'struct proc' argument from msg_copyin() and msg_copyout(). ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 07:40:41 Modified files: regress/sys/kern/sysvmsg: msgtest.c Log message: Make functions arguments list to be newer than K&R. Otherwise modern Clang compiler produces warnings. ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 06:07:49 Modified files: usr.bin/tmux : screen-redraw.c Log message: Tidy up screen_redraw_get_visible_ranges by using a couple of temporaries for start and end of range.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 05:45:51 Modified files: usr.bin/tmux : tty.c Log message: Use correct x position when drawing clipped line.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 05:35:19 Modified files: sys/arch/sparc64/sparc64: autoconf.c Log message: sys/sparc64: accept ide nodes in IDE bootpaths OpenBIOS reports QEMU IDE disks with an intermediate ide node, while the sparc64 bootpath code only treats ata as a channel node. The disk is attached as wd0, but the final disk component is not nailed as the boot device, so the kernel asks for the root device. No QEMU level option seems possible to enforce ata disk. OK: claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 05:02:13 Modified files: usr.sbin/relayd: agentx_control.c ca.c check_icmp.c check_script.c check_tcp.c check_tls.c config.c hce.c http.h log.c log.h pfe.c pfe_filter.c pfe_route.c proc.c proxy_protocol.c relay.c relay_http.c relay_udp.c relayd.c relayd.h ssl.c Log message: relayd: knfmt, no functional change OK tb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 04:36:51 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_gem.c Log message: fix indentation in local version of amdgpu_gem_fault()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 03:21:40 Modified files: usr.bin/tmux : cmd-split-window.c options-table.c screen-redraw.c tmux.1 tmux.h window.c Log message: Add -B to new-pane to select the floating pane border.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 03:20:21 Modified files: usr.sbin/rpki-client: http.c Log message: Clear last_modified after each response on a persistent HTTP connection (In case a later response doesn't contain its own "Last-Modified" header field.) Reported by Ties de Kock. OK tb@ claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/15 02:53:14 Modified files: sys/dev/pci: if_mwx.c Log message: Add missing break ok claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 02:16:05 Modified files: usr.bin/tmux : format.c options-table.c screen-redraw.c server-client.c tmux.1 tmux.h window.c Log message: Add top-floating and bottom-floating to pane-border-status to show status line only on floating panes.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 01:40:45 Modified files: usr.bin/tmux : screen-write.c tmux.h tty.c Log message: When redrawing a whole pane line, fall into tty_draw_line for any characters that are not plain ASCII. Fixes redraw issues with partial tabs and other wide characters when a pane is partly outside the window.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 00:36:52 Modified files: regress/usr.bin/ssh: agent.sh Log message: use different strategy to check whether keys are present or absent in the agent; helps some -portable tests on platforms that have stupid grep(1)
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 00:30:58 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_ttm.c Log message: more closely match how linux maps vram on xgmi parts map cacheable not wc for xgmi parts connected to cpu on x86 don't try to map vram if there isn't any
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/15 00:24:20 Modified files: regress/usr.bin/ssh: agent.sh Log message: avoid use of paste(1); helps portable
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 20:46:12 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_drv.c Log message: call amdgpu_xcp_dev_register() and amdgpu_amdkfd_drm_client_create() in amdgpu_attachhook(), matching amdgpu_pci_probe() CONFIG_HSA_AMD / amdkfd remains disabled
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 19:55:44 Modified files: regress/usr.bin/ssh: hostkey-agent.sh Log message: fix multiple problems with testing hostkey types that are not enabled by default. 1) Add all hostkey types in the "multiple hostkeys" subtest. Previously known_hosts was accidentally clobbered, causing only the last added hostkey type to be used. 2) Explicitly enable the hostkey types under test via HostKeyAlgorithms
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 19:52:53 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_drv.c Log message: move drm_dev_register() call to before connector test and check return
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 19:30:51 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_drv.c Log message: call amdgpu_init_debug_options() in amdgpu_attachhook() matches the call in amdgpu_pci_probe()
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 14:53:20 Modified files: usr.bin/tmux : screen-redraw.c Log message: Fix various errors in redrawing: - Fix the active pane colour when only two panes and scrollbars enabled. - Clip left and right scrollbars the same for floating panes. - Do not subtract scrollbar width twice when working out width of status line. - Check if a character is inside a visible range correctly (do not include the next position outside the range).
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 14:37:57 Modified files: usr.bin/tmux : layout.c Log message: Skip floating panes when working out the top or bottom cell. Fixes missing bottom status pane status line when floating panes exist.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 13:31:37 Modified files: usr.bin/tmux : cmd-resize-pane.c format.c layout.c screen-redraw.c server-client.c tmux.h window.c Log message: Add a helper to get pane-border-status for a window for some other changes to come.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 12:59:15 Modified files: usr.bin/tmux : layout.c Log message: Take account of borders when resizing floating panes.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 09:51:17 Modified files: lib/libssl : tls13_client.c Log message: Correct secondary key share handling for HelloRetryRequests. With the introduction of a secondary key share, we fail to ensure that the HelloRetryRequest does not specify the group that was used for the secondary key share. We also fail to free the secondary key share early in this case, meaning that it lingers in memory until the SSL is reset or freed. Fix both of these issues. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 09:47:49 Modified files: lib/libssl : ssl_tlsext.c Log message: Improve TLSv1.3 server handling of no shared groups. While we currently correctly handle the no-shared-group case, it currently fails late when we try to create the key share. Improve detection and handling so that we fail sooner and send an alert to the client when processing client key shares. While here rename preferred_group_found to shared_group_found - we look for the client preferred group, but any group that we select will always be in the client list (even if it's the last one). Reported by the tlspuffin team. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 08:53:07 Modified files: lib/libssl : tls13_client.c Log message: Send illegal parameter alerts for various HelloRetryRequest violations. Be more RFC compliant and send illegal parameter alerts when the client receives a HelloRetryRequest that requests a group that we did not offer or a group that we sent a key share for in the ClientHello. These were annotated as missing, but not previously implemented. Prompted by a report from the tlspuffin team. ok tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 08:33:36 Modified files: regress/lib/libssl/renegotiation: Makefile renegotiation_test.c Log message: Improve renegotation regress. Include coverage of Renegotiation Indication and legacy connection handling.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 08:30:52 Modified files: lib/libssl/man : SSL_CTX_set_options.3 Log message: Mop up SSL_CTX_set_options(3). SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is now a no-op, tidy up SSL_OP_LEGACY_SERVER_CONNECT and reflect the current state of SSL_OP_ALL Delete the entire "SECURE RENEGOTIATION" section that contained ancient ramblings. ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 08:25:55 Modified files: lib/libssl : ssl.h ssl_lib.c Log message: Remove SSL_OP_LEGACY_SERVER_CONNECT from default options. Remove SSL_OP_LEGACY_SERVER_CONNECT from the default SSL options and the SSL_OP_ALL define. This means that we will now refuse to connect to a TLSv1.2 server if it does not support the Renegotiation Indication (RI) extension. This prevents a class of attacks against TLS clients that are talking to TLSv1.2-only servers that permit client initiated renegotiation. Raised by Lucca Hirschi et al from Inria. ok beck@ tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 08:02:44 Modified files: share/man/man5 : cargo-module.5 Log message: cargo-module.5: document more variables >From Andrew Kloet andrew kloet.net
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:57:43 Modified files: usr.sbin/relayd: ca.c relayd.h ssl.c Log message: relayd: drain OpenSSL error queue on TLS failures Borrowed from smtpd. Without draining we just log "RSA_meth_dup failed" and lose the actual reason. Wire ssl_error() into ca_engine_init(), which also kills a dead RSA_meth_free() on a NULL pointer there, and into ssl_load_key()s fail path. Tweaks and OK tb
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:55:54 Modified files: usr.sbin/relayd: ca.c Log message: relayd: remove from and toptr to simplify feedback and OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:54:21 Modified files: usr.sbin/relayd: config.c relayd.c relayd.h Log message: relayd: use ibuf_get_string() and ibuf_get_data() to read imsg payloads Drop the local get_string() and read variable-length string and binary payloads through the ibuf getters instead of the raw imsg->data pointer. ibuf_get_string() no longer trims the input at the first non-printable byte like the old get_string() did; the payloads come from the parent over privsep imsg. idea and ok claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:53:06 Modified files: usr.sbin/relayd: control.c Log message: fix knfmt
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:52:16 Modified files: usr.sbin/relayd: proc.c relayd.h Log message: Check error in proc_forward_imsg
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:51:11 Modified files: usr.sbin/relayd: relayd.c relayd.h Log message: relayd: read parent_dispatch_pfe() payloads via the imsg getters Use imsg_get_data() for the fixed-size messages and imsg_get_ibuf() for the variable-length IMSG_CTL_RELOAD path, taking the config name from the ibuf via ibuf_data()/ibuf_size(). Remove IMSG_SIZE_CHECK and IMSG_DATA_SIZE, no consumer left. OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:50:26 Modified files: usr.sbin/relayd: ca.c Log message: relayd: use imsg_get_ibuf() for variable-length CA key operations The IMSG_CA_PRIVENC/PRIVDEC messages carry a ctl_keyop header followed by cko_flen (request) or cko_tlen (response) trailing bytes, so the exact-size imsg_get_data() cannot be used. Read the header with imsg_get_ibuf() + ibuf_get() and take the payload from the same ibuf via ibuf_data()/ibuf_size(). Tweaks (in a different commit) and OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:48:04 Modified files: usr.sbin/relayd: config.c Log message: relayd: read imsg payloads via the new imsg/ibuf getters Convert the config_get* handlers from IMSG_SIZE_CHECK() + memcpy() to the new imsg API. Fixed-size payloads use imsg_get_data(). Functions with a fixed header followed by variable-length data use imsg_get_ibuf() + ibuf_get() and read the remainder from the same ibuf cursor, since imsg_get_data() requires the payload to match the requested size exactly. Feedback and OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/14 02:47:44 Modified files: usr.bin/tmux : layout-custom.c Log message: Return early if connect construct cell, reported by Jere Viikari.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:45:02 Modified files: usr.sbin/relayd: control.c pfe.c relayd.h Log message: relayd: convert control imsg forwarding to imsg_forward() Rework control_imsg_forward() to forward the message unaltered via imsg_forward() instead of rebuilding it with imsg_compose_event(). read the type via imsg_get_type(), dropping the manual header-length Switch to use read the payload with imsg_get_data() and checks and the memcpy() that wrote the data back into the imsg before forwarding. OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:41:08 Modified files: usr.sbin/relayd: ca.c hce.c pfe.c relay.c Log message: relayd: use imsg_get_data() and imsg_get_type() Replace IMSG_SIZE_CHECK() + memcpy()/bcopy() with imsg_get_data(), which does the length check and copy in one call, and read the message type via imsg_get_type() instead of imsg->hdr.type. OK claudio
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected] 2026/06/14 02:37:00 Modified files: usr.sbin/relayd: control.c proc.c relayd.h Log message: relayd: convert proc.c to new imsg API Replace IMSG_SIZE_CHECK() + memcpy() with imsg_get_data(), which does the length check and copy in one call. Use the imsg accessors (imsg_get_*) instead of touching imsg.hdr directly and imsgbuf_get()/imsgbuf_read() instead of imsg_get(). Rewrite proc_forward_imsg() to use imsg_forward() per target imsgbuf instead of re-composing via proc_compose_imsg(); arm the write event with imsg_event_add() after each forward. proc_forward_imsg() never forwarded an fd, and imsg_forward() rewinds the buffer internally, so multiple forwards per message keep working. Drop the now-unused n parameter (all callers passed -1). ok claudio@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 23:39:23 Modified files: sys/net: if_spppsubr.c Log message: sppp_pap_input(): do not compare credentials if the lengths of received ones is not the same of configured. ok renaud bluhm
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 22:16:19 Modified files: usr.bin/ssh: ed25519.c ed25519.sh Log message: make crypto_sign_ed25519_keypair_from_seed non-static. The new ML-DSA/ed25519 code needs it
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 22:08:06 Modified files: regress/usr.bin/ssh: agent.sh cert-hostkey.sh cert-userkey.sh keytype.sh knownhosts-command.sh regress/usr.bin/ssh/unittests: Makefile regress/usr.bin/ssh/unittests/authopt: Makefile regress/usr.bin/ssh/unittests/hostkeys: Makefile regress/usr.bin/ssh/unittests/kex: Makefile regress/usr.bin/ssh/unittests/servconf: Makefile regress/usr.bin/ssh/unittests/sshkey: Makefile mktestdata.sh test_file.c test_fuzz.c test_sshkey.c regress/usr.bin/ssh/unittests/sshsig: Makefile mktestdata.sh tests.c Added files: regress/usr.bin/ssh/unittests/crypto: Makefile test_ed25519.c test_mldsa.c test_mldsa_eddsa.c test_mlkem.c tests.c regress/usr.bin/ssh/unittests/crypto/testdata: draft-ietf-lamps-pq-composite-sigs.json nistkats-44.json regress/usr.bin/ssh/unittests/sshkey/testdata: mldsa44_ed25519_1 mldsa44_ed25519_1-cert.fp mldsa44_ed25519_1-cert.pub mldsa44_ed25519_1.fp mldsa44_ed25519_1.fp.bb mldsa44_ed25519_1.pub mldsa44_ed25519_1_pw mldsa44_ed25519_2 mldsa44_ed25519_2.fp mldsa44_ed25519_2.fp.bb mldsa44_ed25519_2.pub regress/usr.bin/ssh/unittests/sshsig/testdata: mldsa44-ed25519 mldsa44-ed25519.pub mldsa44-ed25519.sig Log message: unit and regression tests for composite PQ ML-DSA44/Ed25519 keys. Includes a new unittests/crypto test that tests basic functionality of the underlying crypto primitives against public test vectors
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 22:04:24 src/regress/usr.bin/ssh/unittests/crypto/testdata Update of /cvs/src/regress/usr.bin/ssh/unittests/crypto/testdata In directory cvs.openbsd.org:/tmp/cvs-serv81019/unittests/crypto/testdata Log Message: Directory /cvs/src/regress/usr.bin/ssh/unittests/crypto/testdata added to the repository
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 22:04:09 src/regress/usr.bin/ssh/unittests/crypto Update of /cvs/src/regress/usr.bin/ssh/unittests/crypto In directory cvs.openbsd.org:/tmp/cvs-serv61847/unittests/crypto Log Message: Directory /cvs/src/regress/usr.bin/ssh/unittests/crypto added to the repository
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 21:59:34 Modified files: usr.bin/ssh: Makefile.inc authfd.c authfile.c crypto_api.h ed25519-openssl.c kexmlkem768x25519.c pathnames.h servconf.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c sshconnect.c sshd-auth.c sshd-session.c sshd.c ssherr.c ssherr.h sshkey.c sshkey.h Added files: usr.bin/ssh: libcrux-mlkem-mldsa.c libcrux_internal.h mlkem_mldsa.sh ssh-mldsa-eddsa.c Removed files: usr.bin/ssh: libcrux_mlkem768_sha3.h mlkem768.sh Log message: Add experimental support for a composite post-quantum signature scheme that combines ML-DSA 44 and Ed25519 using the construction specified in draft-ietf-lamps-pq-composite-sigs. There's also an early draft documenting use of the integration of this scheme into SSH as draft-miller-sshm-mldsa44-ed25519-composite-sigs This scheme is not enabled by default. To you use, you'll need to add it to HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc. Keys may be generated using "ssh-keygen -t mldsa44-ed25519". The ML-DSA implementation comes from libcrux. Thanks to Jonas Schneider-Bensch and Jonathan Protzenko for their work to make this available. Consensus is that it's time to get this in to allow people to experiment with it. feedback markus@ tb@ logan@ deraadt@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 14:39:11 Modified files: usr.bin/tmux : tmux.1 window-copy.c Log message: With mode-keys vi, keep cursor in the same position relative to the text when scrolling. GitHub issue 5216 from Arseniy Simonov.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 14:07:30 Modified files: usr.bin/tmux : environ.c format.c input-keys.c input.c Log message: Add some missing const, from Jere Viikari.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 14:03:10 Modified files: usr.bin/tmux : layout.c Log message: Skip floating cells when moving to previous cell for resize of tiled cells.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 13:57:44 Modified files: usr.bin/tmux : key-bindings.c Log message: Make the resize keys always change right and bottom borders for floating panes which is more intuitive.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 13:17:59 Modified files: usr.sbin/rpki-client: cert.c Log message: Provide standards reference for signed object displacement/replay warning OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 13:16:14 Modified files: usr.sbin/rpki-client: ccr.c Log message: Don't include ASPAs with too many providers in the CCR output Reported by Ties de Kock OK tb@
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 12:30:16 Modified files: usr.bin/tmux : cmd-split-window.c layout.c Log message: Tidy up error messages from split-window.
CVS: cvs.openbsd.org: src
CVSROOT:/cvs Module name:src Changes by: [email protected]/06/13 12:06:01 Modified files: usr.bin/tmux : cmd-join-pane.c tmux.1 Log message: Add move-pane -z to move a pane to a particular the z-index.
