CVSROOT: /cvs Module name: www Changes by: bcook@cvs.openbsd.org 2026/04/18 19:43:10 Modified files: libressl : index.html releases.html Log message: LibreSSL 4.3.1 CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/19 03:36:56 Modified files: sys/dev/ic : com.c Log message: Get rid of the COM_CONSOLE ifdef maze. This was introduced for sparc which is no longer with us. ok jsg@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/19 03:59:22 Modified files: sys/arch/amd64/amd64: autoconf.c bus_dma.c sys/arch/amd64/include: bus.h Log message: Extend the SEV bounce buffer implementation to make it usable for bouncing memory that isn't DMA reachable. ok deraadt@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/19 13:29:53 Modified files: sys/arch/arm64/stand/efiboot: efiboot.c Log message: Terminate SMBIOS vendor/product matching at first match. ok jsg@, tobhe@, deraadt@ CVSROOT: /cvs Module name: ports Changes by: matthieu@cvs.openbsd.org 2026/04/19 13:38:52 Modified files: graphics/png : Makefile distinfo Log message: Update to png 1.6.58. ok deraadt@, naddy@. Fixes a regression introduced in 1.6.56 xenocara will be updated after unlock as it's not affected. CVSROOT: /cvs Module name: ports Changes by: matthieu@cvs.openbsd.org 2026/04/19 13:43:31 Modified files: graphics/png : Tag: OPENBSD_7_8 Makefile distinfo Log message: Update to png 1.6.58. ok deraadt@, naddy@. Fixes a regression introduced in 1.6.56 CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/19 13:54:02 Modified files: libexec/login_chpass: Makefile Log message: login_chpass: No longer need to install this setuid root When the YP code was removed login_chpass became wrapper that just execs login_lchpass. OK deraadt@ CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/04/19 14:18:57 Modified files: shells/elvish : Makefile distinfo modules.inc shells/elvish/pkg: PLIST Log message: shells/elvish: Update to 0.21.0 The current version in ports is broken/non-functional. approved by naddy@ CVSROOT: /cvs Module name: ports Changes by: bcook@cvs.openbsd.org 2026/04/19 14:37:52 Modified files: sysutils/btop : Makefile Added files: sysutils/btop/patches: patch-src_openbsd_btop_collect.cpp Log message: Patch btop to report active CPU usage correctly from upstream https://github.com/aristocratos/btop/pull/1587 This also allows building on spark64 with gcc 15. CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2026/04/19 17:37:22 Modified files: usr.bin/ssh : clientloop.c Log message: correctly set extended type for client-side channels. Fixes interactive vs bulk IPQoS for client->server traffic. ok job@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/19 18:18:21 Modified files: sys/conf : newvers.sh Log message: 7.9-current ok deraadt@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/19 19:25:12 Modified files: sys/dev/pci/drm/i915/gt: intel_engine_heartbeat.c Log message: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat From Sebastian Brzezinka 2af8b200cae3fdd0e917ecc2753b28bb40c876c1 in linux-6.18.y/6.18.23 4c71fd099513bfa8acab529b626e1f0097b76061 in mainline linux CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/19 19:27:42 Modified files: sys/dev/pci/drm/i915/display: intel_psr.c Log message: drm/i915/psr: Do not use pipe_src as borders for SU area From Jouni Hogander de9aa7e89b98157d2650f25691e40711b8404151 in linux-6.18.y/6.18.23 75519f5df2a9b23f7bf305e12dc9a6e3e65c24b7 in mainline linux CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/19 22:26:12 Modified files: lib/libcrypto/ec: ec_pmeth.c Log message: ec_pmeth: fix 20yo comment: *outlen -> *keylen CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/19 22:35:00 Modified files: lib/libtls : tls_keypair.c Log message: tls_keypair: add missing from bcook kenjiro CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/04/20 00:34:11 Modified files: x11/gtk+4 : Makefile distinfo Log message: Update to gtk+4-4.22.3. ok naddy@ CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2026/04/20 01:43:52 Modified files: usr.bin/ssh : channels.c Log message: Clarify comment on what setting extended types for channels does OK djm@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 02:14:29 Modified files: lib/libcrypto/mlkem: mlkem_internal.h Log message: mlkem: use instead of "mlkem.h" patch from portable CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 02:44:48 Modified files: usr.bin/vi/cl : cl_funcs.c usr.bin/vi/common: recover.c usr.bin/vi/ex : ex_append.c ex_bang.c ex_global.c usr.bin/vi/vi : vs_split.c Log message: vi: avoid set but not used warnings From Walter Alejandro Iglesias ok claudio CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 04:30:02 Modified files: usr.bin/vi/cl : cl_funcs.c cl_read.c cl_screen.c usr.bin/vi/common: cut.c delete.c exf.c gs.h key.c line.c main.c mark.c mem.h msg.c options.c seq.c usr.bin/vi/ex : ex.h ex_argv.c ex_cmd.c ex_filter.c ex_global.c ex_init.c ex_join.c ex_read.c ex_script.c ex_subst.c ex_tag.c ex_txt.c ex_util.c usr.bin/vi/vi : v_cmd.c v_delete.c v_ex.c v_screen.c v_search.c v_txt.c v_yank.c vi.c vs_msg.c vs_smap.c vs_split.c Log message: vi: whitespace fixes Zap trailing whitespace, remove spaces before tabs, and expand 8 spaces to tabs. Prompted by a diff by Walter Alejandro Iglesias CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 05:37:18 Modified files: usr.bin/vi/common: screen.c Log message: vi: fix indent by trailing extra space from Walter Alejandro Iglesias CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/20 10:46:15 Modified files: geo/mapserver : Makefile distinfo Log message: geo/mapserver: security update to 8.6.2. see https://mapserver.org/development/changelog/changelog-8-6.html#changelog-8-6 fixes https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x ok naddy@ CVSROOT: /cvs Module name: ports Changes by: kn@cvs.openbsd.org 2026/04/20 12:16:56 Modified files: net/gelatod : Makefile distinfo Log message: update to gelatod-1.7; same fix as 029_v6daemons; OK naddy CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/04/20 13:07:42 Modified files: graphics/lcms2 : Makefile distinfo Log message: graphics/lcms2: Update to 2.19rc2 Fixes several issues, for reference see https://marc.info/?l=oss-security&m=177646929211758&w=2 pointed out by and ok tb@, ok naddy@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/20 15:18:37 Modified files: sys/arch/octeon/dev: octeon_intr.c Log message: sys/octeon: accept linux,phandle for IRQs SRX300 firmware DT describes the CIU root and several CIB interrupt controllers with linux,phandle, but omits phandle. octeon_intr_register() consumed only the latter; the controllers therefore never entered the interrupt controller registry, and every later interrupt-parent lookup for CIB, AHCI, and xHCI failed. Thus, dev/ofw/fdt lookup code already treats phandle and linux,phandle as equivalent; so the Octeon interrupt layer should do the same when registering interrupt controllers. OK: kettenis@, visa@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/20 15:20:38 Modified files: sys/arch/octeon/dev: cn30xxuart.c Log message: sys/octeon: preserve bootloader console baud The SRX300 console runs at 9600 baud under U-Boot; OpenBSD forced 115200 during console handoff, which garbled output immediately after early memory setup and made a live kernel look dead. Here, I read the programmed UART divisor instead and derive comconsrate from it, so the kernel preserves the bootloader console configuration. OK: visa@ CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:35:08 Modified files: distrib/notes/riscv64: prep Log message: Move hw-specific parts at the end of this file CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:38:55 Modified files: distrib/notes/riscv64: prep Log message: Document specifics for spacemit K1-based boards Orange Pi RV2, BananaPi F3, and Milk-V Jupiter Requested by deraadt CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:43:39 Modified files: distrib/notes/riscv64: prep Log message: Add post-install hints for boards without distro_bootcmd (like BPi F3/Jupiter) The default bootcmd is useless on these boards, so suggest some simple default boot command. CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:47:00 Modified files: distrib/notes/riscv64: hardware Log message: Mention some Spacemit K1 boards that kettenis added support for BananaPi F3, Orange Pi RV2, and Milk-V Jupiter CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:51:22 Modified files: distrib/notes/riscv64: prep Log message: Better wording and typo fix for the Spacemit K1 boards CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 16:20:07 Modified files: distrib/notes/riscv64: prep Log message: Remove the bootcmd hint for now On this jupiter box, U-Boot's bootcmd can't be interrupted on the serial console by pressing any key, Ctrl+C or ESC, even though the official docs say it should be possible by pressing any key. sigh CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/04/20 21:20:14 Modified files: sysutils/rclone: Makefile distinfo Log message: Update to rclone-1.73.5 CVE-2026-41176 rc: add AuthRequired to options/set to prevent auth bypass rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41179 operations: add AuthRequired to operations/fsinfo to prevent backend creation Changelog: https://rclone.org/changelog/#v1-73-5-2026-04-19 OK sthen@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 23:18:35 Modified files: regress/lib/libcrypto/pkcs7: pkcs7test.c Log message: pkcs7test: factor main into a helper so we can add some unit tests easily CVSROOT: /cvs Module name: src Changes by: sashan@cvs.openbsd.org 2026/04/21 00:38:28 Modified files: sys/net : pf_if.c Log message: PFI_FLAG_SKIP may be lost when interface disappears and then reappears if 'set skip on ...' in pf.conf(5) refers to interface (or interface group) which is yet to be created in system, then all is good. However if the interface (or interface group) exists in system at the time when pf.conf(5) is being loaded to pf(4) the effect of skip flag might get lost. The scenario for tap0 interface goes as follows: tap0 (and tap interface) exist in system and is known to pf(4), meaning 'pfctl -sI' reports tap0 and tap. pf.conf with 'set skip on tap' is loaded. The pf(4) sets the flag on `kif` instance without obtaining a reference to keep it in table until skip flag (PFI_FLAG_SKIP) is reset. tap0 interface is removed from system (ifconfig tap0 destroy), the tap0 is removed from system and also corresponding kif instance is removed from pf(4). kif is forgotten together with flag settings. If tap0 happens to be the last tap interface, then tap interface group (including its kif) is also removed from system (and pf(4)). Now tap0 is going to be re-created by running 'ifconfig tap0 up'. The corresponding kif instances (kif instance for tap0 interface and tap interface group) are inserted to interface table in pf(4) with default interface flags, loosing 'set skip on tap...' setting found in pf.conf. To workaround this one has to reload pf.conf so interface flags are set again. The issue has been noticed and kindly reported by Atanas Vladimirov OK bluhm@ CVSROOT: /cvs Module name: src Changes by: renaud@cvs.openbsd.org 2026/04/21 01:42:38 Modified files: libexec/tradcpp: macro.c Log message: expand_domacro() handled a defined() with the wrong argument count via an error path that doesn't drain es->args OK jsg CVSROOT: /cvs Module name: src Changes by: mglocker@cvs.openbsd.org 2026/04/21 02:56:22 Modified files: sys/dev/ic : qwz.c Log message: Enable nwid scanning by doing two things: 1. Disable the 802.11d scanning command for now, since it causes a firmware error for which we currently have no solution. This isn't a critical feature, and we can progress without it until we find a solution. 2. Send the HTT software ring setup messages for the receive rings, otherwise the firmware never initializes its RXDMA pipeline, and delivers no frames to the host. For that we did port over the ath12k_dp_rxdma_ring_sel_config_wcn7850() and ath12k_dp_rx_htt_setup() functions from the linux driver. Tested and ok kettenis@, kirill@ CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/04/21 05:31:15 Modified files: devel/opendht : Makefile Log message: avoid picking up doxygen during build, to avoid build failure with dpb junking requested by naddy CVSROOT: /cvs Module name: src Changes by: henning@cvs.openbsd.org 2026/04/21 06:35:45 Modified files: usr.sbin/ntpd : ntp_dns.c Log message: we use clock_gettime() here and thus shall explicitely include time.h from bcook's portable repo, ok bcook CVSROOT: /cvs Module name: xenocara Changes by: matthieu@cvs.openbsd.org 2026/04/21 07:19:01 Modified files: lib/libXpm/src : data.c parse.c Log message: Fix Out-of-bounds read. CVE-2026-4367 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/21 07:22:18 Modified files: www/mozilla-firefox: Makefile distinfo www/mozilla-firefox/patches: patch-widget_NativeKeyToDOMCodeName_inc www/firefox-i18n: Makefile.inc distinfo Log message: www/mozilla-firefox: update to 150.0. see https://www.firefox.com/en-US/firefox/150.0/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/ - disable PGO again, fixes wasm crashes seen with element-web (cf #2030583) - will need to move to llvm 21 or patch llvm 19 to reenable PGO - add workaround to avoid fetching some pip wheels during configure (#2026497), another workaround would be to move to ./mach configure ? ok naddy@ CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/21 07:24:36 Modified files: www/firefox-esr: Makefile distinfo www/firefox-esr-i18n: Makefile.inc distinfo Log message: www/firefox-esr: update to 140.10.0. see https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/ ok naddy@ CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/21 07:25:31 Modified files: www/firefox-esr: Tag: OPENBSD_7_8 Makefile distinfo Log message: www/firefox-esr: MFC update to 140.10.0. see https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/ CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/21 07:26:10 Modified files: www/mozilla-firefox: Tag: OPENBSD_7_8 Makefile distinfo www/mozilla-firefox/patches: Tag: OPENBSD_7_8 patch-security_manager_ssl_nsNSSCallbacks_cpp patch-security_nss_lib_nss_nss_h Log message: www/mozilla-firefox: MFC update to 150.0. see https://www.firefox.com/en-US/firefox/150.0/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/ CVSROOT: /cvs Module name: xenocara Changes by: bluhm@cvs.openbsd.org 2026/04/21 08:06:16 Modified files: lib/libXpm/src : Tag: OPENBSD_7_8 data.c parse.c Log message: Fix Out-of-bounds read. CVE-2026-4367 from matthieu@ this is errata/7.8/032_libxpm.patch.sig CVSROOT: /cvs Module name: xenocara Changes by: bluhm@cvs.openbsd.org 2026/04/21 08:07:07 Modified files: lib/libXpm/src : Tag: OPENBSD_7_7 data.c parse.c Log message: Fix Out-of-bounds read. CVE-2026-4367 from matthieu@ this is errata/7.7/038_libxpm.patch.sig CVSROOT: /cvs Module name: src Changes by: henning@cvs.openbsd.org 2026/04/21 08:20:00 Modified files: usr.sbin/ntpd : control.c Log message: in control_check(), rename struct sockaddr_un sun to sa - for consistency with control_init() just underneath, and because "sun" causes problems for portable on solaris pretty much from bcook's portable repo, but another name, ok bcook CVSROOT: /cvs Module name: www Changes by: bluhm@cvs.openbsd.org 2026/04/21 08:29:25 Modified files: . : errata77.html errata78.html Log message: Release libxpm and slaacd errata. CVSROOT: /cvs Module name: src Changes by: henning@cvs.openbsd.org 2026/04/21 08:31:03 Modified files: usr.sbin/ntpd : ntp.c Log message: newer gcc thinks it's smart (do they call it AI yet?) and points out peercount may be used unitialized. of course it is utterly wrong. move peercount = 0 initialization 2 lines up to shut gcc up pointed out by bcook, dicussed with, gcc-checked by and ok bcook claudio CVSROOT: /cvs Module name: src Changes by: henning@cvs.openbsd.org 2026/04/21 08:36:00 Modified files: usr.sbin/ntpd : ntpd.c Log message: newer gcc is so smart to point out that settime_deadline may be used uninitialized. of course it is wrong. sprinkle a "= 0" to shut it up. pointed out by bcook, discussed with, gcc confronted by and ok claudio bcook CVSROOT: /cvs Module name: xenocara Changes by: matthieu@cvs.openbsd.org 2026/04/21 08:42:57 Modified files: lib/libpng : .gitignore ANNOUNCE CHANGES CMakeLists.txt README configure configure.ac libpng-manual.txt libpng.3 libpngpf.3 png.5 png.c png.h pngconf.h pngrtran.c pngtest.c lib/libpng/contrib/libtests: pnggetset.c lib/libpng/scripts: libpng-config-head.in libpng.pc.in pnglibconf.h.prebuilt Log message: update to libpng 1.6.58. ok deraadt@ CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/21 08:44:29 Modified files: libexec/spamd : spamd.c Log message: Fix handing of multi-line blacklist error strings in spamd.conf When appending the blacklist error string, spamd splits the message on a newline and continues the message on a new line. There was a bug where the current pointer was incremented too far, which resulted in the message being truncated at the newline instead of continued. For very long blacklist messages (around 8K) in spamd.conf, this could result in heap corruption. However, this is very unlikely in practice. OK jsg@ Reported by and fix from Dhiraj Mishra CVSROOT: /cvs Module name: xenocara Changes by: matthieu@cvs.openbsd.org 2026/04/21 09:03:11 Modified files: . : MODULES 3RDPARTY Log message: update CVSROOT: /cvs Module name: src Changes by: miod@cvs.openbsd.org 2026/04/21 10:23:21 Modified files: distrib/sets/lists/comp: md.loongson Log message: sync CVSROOT: /cvs Module name: src Changes by: kn@cvs.openbsd.org 2026/04/21 11:24:40 Modified files: usr.sbin/rad : frontend.c Log message: Fix PREF64 option corruption if DNSSL is also set On octeon (but not amd64) setting both a NAT64 prefix and a search domain causes the former ICMPv6 option to be corrupted due to how it is added last in the Router Advertisement packet, following too much zero padding. Bytes after the DNSSL option are zeroed up the next 8-byte boundary to align options inside the packet. Instead of checking alignment of the pointer address somewhere inside the packet buffer that lives on the stack, which is thus architecture specific, use their offset, i.e. see how many bytes were already written, in order to zero-fill what is left between last search domain and next 8-byte boundary. This makes RAs byte-identical between octeon and amd64 and prevents rad(8) from sending the kind of invalid packets that clients like slaacd(8) and gelatod(8) (from ports) need 029_v6daemons for. OK florian CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2026/04/21 12:18:11 Modified files: sys/sys : systm.h sys/kern : subr_xxx.c Log message: the enosys() stub has not been used for decades ok jsg jca CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/21 12:36:13 Modified files: sys/netinet : tcp_input.c Log message: A packet with a FIN flag needs to act as a barrier in tcp_flush_queue. Once a FIN packet is received all following data should simply be discarded. tcp_input handels this FIN but for that tcp_reass() needs to properly return TH_FIN when a FIN is processed in tcp_flush_queue. This reassembly was not quite correct. Unexpected data directly following the FIN packet was also reassembled and the FIN was actually lost. The failure to return TH_FIN caused the regression in the previous fix. tcp_input() passes some FIN packets through reassembly even though they are in sequence and the queue is empty. tcp_flush_queue() needs to treat packets with TH_FIN set as a barrier and stop reassembly after processing this last packet. This ensures that tcp_reass() returns TH_FIN to tcp_input which then changes the state of the session. It also ensures that only data up to the FIN packet are passed to userland. Reported by Xint Code OK sashan@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/21 13:43:47 Modified files: sys/arch/octeon/dev: octpcie.c Log message: sys/octeon: fix PCIe config tag layout Octeon PCIe config-space MMIO uses a 12-bit register field; function, device, and bus begin at bits 12, 15, and 20. octpcie_make_tag() and octpcie_decompose_tag() used the conventional PCI tag layout instead, so config accesses to non-zero device or function numbers used the wrong MMIO offset. On SRX300 this breaks enumeration of the second Broadcom switch function at 0:0:1, which reads back garbage until the tag layout is corrected. OK: kettenis@, visa@ CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/21 13:58:21 Modified files: share/man/man4 : gpio.4 Log message: Mention sfgpio(4) and smtgpio(4) CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/21 13:58:49 Modified files: share/man/man4 : iic.4 Log message: Mention smtiic(4) CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/21 14:00:55 Modified files: share/man/man4 : openprom.4 Log message: Mention powerpc64 and riscv64 support CVSROOT: /cvs Module name: www Changes by: tb@cvs.openbsd.org 2026/04/21 14:16:15 Modified files: . : 79.html Log message: Add libressl 4.3.0 changelog (portable changes to be added later) CVSROOT: /cvs Module name: ports Changes by: rapha@cvs.openbsd.org 2026/04/21 14:18:54 Modified files: audio/csound : Makefile Log message: disable pipewire ok naddy@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/21 14:20:09 Modified files: sys/arch/octeon/dev: if_cnmac.c Log message: sys/cnmac: support SoftLRO This work based on previous work of Janne Johansson OK: visa@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/21 14:55:21 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: wycheproof: skip BLS test vectors to prepare for update CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/04/21 15:23:28 Modified files: net/librenms : Makefile distinfo net/librenms/pkg: PLIST-doc PLIST-main Log message: update to librenms-26.4.0, ok naddy includes fix for cross-site scripting in alert template list, and adds missing escaping for a few cli commands etc https://github.com/librenms/librenms/releases/tag/26.4.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/04/21 15:25:44 Modified files: net/librenms : Tag: OPENBSD_7_8 Makefile distinfo net/librenms/patches: Tag: OPENBSD_7_8 patch-LibreNMS___init___py patch-app_ConfigRepository_php patch-resources_definitions_config_definitions_json Added files: net/librenms/pkg: Tag: OPENBSD_7_8 DESCR-doc DESCR-main PLIST-doc PLIST-main README-main Removed files: net/librenms/pkg: Tag: OPENBSD_7_8 DESCR PLIST README Log message: MFC update to librenms-26.4.0 CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/21 19:43:48 Modified files: sys/nfs : nfs_var.h nfs_vnops.c Log message: change nfs_ioctl() from a macro with enoioctl() to a proper function this was the only use of enoioctl() ok claudio@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/21 19:51:37 Modified files: sys/sys : systm.h sys/kern : subr_xxx.c Log message: remove unused enoioctl() ok claudio@ CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/21 23:39:56 Modified files: mail/mozilla-thunderbird: Makefile distinfo mail/thunderbird-i18n: Makefile.inc distinfo Log message: mail/mozilla-thunderbird: update to 140.10.0. see https://www.thunderbird.net/en-US/thunderbird/140.10.0esr/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/ ok naddy@ CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/04/22 00:12:24 Modified files: devel/llvm/22/patches: patch-lld_ELF_LinkerScript_cpp devel/llvm/20 : Makefile devel/llvm/20/patches: patch-lld_ELF_LinkerScript_cpp devel/llvm/21 : Makefile devel/llvm/21/patches: patch-lld_ELF_LinkerScript_cpp Log message: fix section merging for .srodata and .openbsd.randomdata there was a bad merge of changes and a comma was lost and with that section merging for .srodata and .openbsd.randomdata ok naddy@, sthen@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 00:57:08 Modified files: usr.bin/tmux : tty-features.c tty-keys.c Log message: Add a default set of features for WezTerm. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 00:58:59 Modified files: usr.bin/tmux : tmux.1 Log message: Remove no longer accurate statement from tmux.1, reported by dkuettel at gmail dot com. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:03:06 Modified files: usr.bin/tmux : window-copy.c Log message: Do not leak hyperlinks in copy mode, from Barrett Ruth in GitHub issue 5020. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:05:03 Modified files: usr.bin/tmux : format.c Log message: Add a fairly low time limit to format evaluation to stop absurdly nested formats from making tmux appear to hang. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:05:59 Modified files: usr.bin/tmux : window-clock.c Log message: Make clock visible on terminals without colours, from Manuel Einfalt in GitHub issue 5001. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:10:16 Modified files: usr.bin/tmux : cmd-new-session.c cmd-rename-session.c format.c input.c names.c screen.c session.c spawn.c tmux.c tmux.h window.c Log message: Sanitize pane titles and window and session names more consistently and strictly, prevents C0 characters and other nonvisible characters causing problems. Reported (with a different fix) by Chris Monardo in GitHub issue 4999. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:13:26 Modified files: usr.bin/tmux : key-bindings.c options-table.c Log message: Add a couple of controls (kill, zoom) to default pane-status-format. Will be more to come with floating panes. From Dane Jensen in GitHub issue 4981. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:15:34 Modified files: usr.bin/tmux : status.c Log message: Translate keypad keys to text in prompt input. From Barrett Ruth in GitHub issue 4996. CVSROOT: /cvs Module name: src Changes by: renaud@cvs.openbsd.org 2026/04/22 01:15:43 Modified files: usr.bin/vi/ex : ex.c Log message: Fix underflows in ex(1) and vi(1) +cmd parser OK millert@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/22 01:25:17 Modified files: usr.bin/tmux : server-client.c tmux.1 tmux.h tty-features.c tty-term.c tty.c Log message: Add feature for progress bar and pass to outside terminal, GitHu issue 4972 from Eric Dorland. CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/22 02:32:31 Modified files: mail/mozilla-thunderbird: Tag: OPENBSD_7_8 Makefile distinfo Log message: mail/mozilla-thunderbird: MFC update to 140.10.0 see https://www.thunderbird.net/en-US/thunderbird/140.10.0esr/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-34/ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/22 04:02:34 Modified files: share/man/man9 : tsleep.9 Log message: tsleep.9: add const volatile qualifiers for ident This matches the changes with kern_synch.c r1.90 (2009). ok claudio jca CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/22 04:04:41 Modified files: share/man/man9 : tsleep.9 Log message: tsleep.9: replace two instances of -- with em dashes per mandoc -Tlint makes sense to jca CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/22 06:28:08 Modified files: sys/scsi : scsi_base.c Log message: Use &nowake as ident in tsleep_nsec call instead of using a stack variable for the same goal. Using &nowake is becomes clear that there is no wakeup call for this sleep. noticed by robert@ with llvm22 OK jca@ krw@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/22 07:51:46 Modified files: usr.sbin/bgpd : bgpd.conf.5 Log message: Add missing It in '.It Ic min-version Ar number' CVSROOT: /cvs Module name: src Changes by: henning@cvs.openbsd.org 2026/04/22 07:54:50 Modified files: usr.sbin/ntpd : ntpd.c Log message: in show_peer_msg, grow the buffer to hold the sprintf'd stratum by 1 byte. the previous buffer was large enough since startum is clamped to 0..15, however, it is a bit much to ask for analyzers - including those in compilers - to detect that, an extra byte on the stack costs us effectively nothing, and it feels a bit more robust. triggered by bcook's portable diffs, ok claudio CVSROOT: /cvs Module name: src Changes by: henning@cvs.openbsd.org 2026/04/22 07:57:58 Modified files: usr.sbin/ntpd : util.c Log message: grow the buffer to hold the sprintf'd rtable id by 8 bytes so it can hold the full range an int can express. the previous buffer was large enough since the rtable id is clamped to 0.. RT_TABLEID_MAX which is 255, however, it is a bit much to ask for analyzers - including those in compilers - to detect that, 8 extra bytes on the stack cost us effectively nothing, and it feels a bit more robust. triggered by bcook's portable diffs, ok claudio CVSROOT: /cvs Module name: ports Changes by: caspar@cvs.openbsd.org 2026/04/22 09:14:43 Modified files: meta/tor-browser: Makefile www/tor-browser: Makefile.inc www/tor-browser/browser: Makefile distinfo Log message: Tor Browser: update to 15.0.10 OK naddy@ CVSROOT: /cvs Module name: ports Changes by: caspar@cvs.openbsd.org 2026/04/22 09:15:02 Modified files: meta/tor-browser: Tag: OPENBSD_7_8 Makefile www/tor-browser: Tag: OPENBSD_7_8 Makefile.inc www/tor-browser/browser: Tag: OPENBSD_7_8 Makefile distinfo Log message: Tor Browser: update to 15.0.10 CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/22 09:17:43 Modified files: sys/net : route.c Log message: Use M_RTABLE and not M_TEMP for MPLS data attached to rt_llinfo. OK phessler@ CVSROOT: /cvs Module name: src Changes by: renaud@cvs.openbsd.org 2026/04/22 09:54:08 Modified files: usr.bin/vi/vi : vs_split.c Log message: vs_split() uses sp's visual map without checking it exists. OK millert CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/22 10:01:08 Modified files: usr.bin/vi/ex : ex_global.c Log message: When updating the ranges after an insertion or deletion, the range should be up to and including the current line number. This behavior is consistent with historic vi as well as modern vim. Reported by Tim Case, fix from Walter Alejandro Iglesias CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/04/22 10:55:44 Modified files: openssh : history.html Log message: fix typos that have been on this page for 26 years CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/22 13:11:04 Modified files: sys/arch/octeon/dev: cn30xxgmx.c cn30xxgmxvar.h if_cnmac.c Log message: sys/cnmac: support CN71xx 1000BASE-X ports Some CN71xx boards describe active GMX ports only in the PIP device tree, and mark the CPU facing link as cavium,sgmii-mac-1000x-mode with cavium,disable-autonegotiation, but without a PHY handle. OpenBSD otherwise trusts GMX0_INF_MODE for port discovery and insists on a PHY attach in cn30xxgmx_attach(), so such ports never reach cnmac with a usable media setup. Enumerate CN71xx SGMII ports from pip/interface@N when that description is present, carry the 1000x and disable-autonegotiation flags into the per port state, and let cnmac seed fixed 1000baseT full duplex media for that case. Ports that still use a normal SGMII PHY path continue to go through cn30xxsmi_get_phy() and mii_attach() unchanged. Tested on two CN71xx Octeon systems: Juniper SRX300, which uses 1000BASE-X DT ports, and Ubiquiti EdgeRouter 4, which does not. OK: visa@ CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2026/04/22 15:58:53 Modified files: usr.bin/netstat: mbuf.c sys/kern : uipc_mbuf.c Log message: increase the 9k mbuf clusters to 9k + 128 bytes pools try to amortise the cost of items against the underlying kernel memory allocator by rounding the "page" size up to fit at least 8 items, and then rounding that up to the next power of 2. the 9k clusters are 9 * 1024 bytes, which is 72k after being multiplied by 8, which becomes 128k cos it's the next power of 2. if you divide 128k by 9k, you get 14 and some change. there's enough change that we can raise the cluster size by 128 bytes without affecting the page size or the number of items on the page. ie, it's still going to use 128k "pages" and fit 14 clusters. i can take advantage of this in some drivers for stupid hardware, so given the above it seems like a plan without any drawbacks apart from the pool name getting a bit bigger. ok claudio@ CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2026/04/22 16:09:18 Modified files: sys/dev/pci : if_ix.c Log message: fix rss hashing on big endian archs i noticed that packets seem to be hashed differently by the network stack and this hardware on sparc64. mucking around with how we handle the endianness of the rss key programmed via registers makes it consistent on both big and little archs. tested by me on sparc64 and arm64 ok claudio@ CVSROOT: /cvs Module name: ports Changes by: jca@cvs.openbsd.org 2026/04/22 16:10:17 Modified files: net/openvpn : Tag: OPENBSD_7_8 Makefile distinfo net/openvpn/patches: Tag: OPENBSD_7_8 patch-configure Log message: SECURITY update to openvpn-2.6.20 fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances (CVE-2026-40215) fix server ASSERT() on receiving a suitably malformed packet with a valid tls-crypt-v2 key (CVE-2026-35058) Other changes: https://github.com/OpenVPN/openvpn/blob/v2.6.20/Changes.rst CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2026/04/22 16:12:49 Modified files: sys/dev/pci : if_ix.c Log message: fix tx dma segment size i thought it was weird that an MI driver like ix(4) is using an MD number like PAGE_SIZE for the maximum segment size in its tx dma maps. the manual says tx segments can be 16k (and goes into a 16bit field), so let's try using the documented value here. the rx descs also use 16 * 1024 as a magic number here, so it's in keeping with other code in the same driver. tested by me on arm64 and sparc64 (which has 8k pages) tested by and ok jan@ CVSROOT: /cvs Module name: src Changes by: sashan@cvs.openbsd.org 2026/04/22 17:06:01 Modified files: sys/net : if_pfsync.c Log message: pf_purge_states() may trip assert(st->timeout == PFTM_UNLINKED) in pf_free_state(). Once member ->timeout in pf_state structure reaches PFTM_UNLINKED value, then the ->timeout member must not not be updated. This diff reminds pfsync(4) to follow PFTM_UNLINKED rule too. The pfsync(4) currently may accidentally update ->timeout member while state is being purged, causing pf_purge_states() to trip the assert. Issue was kindly reported by Stuart Henderson. OK @bluhm CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/22 19:08:46 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_vm.c Log message: drm/amdgpu: Handle GPU page faults correctly on non-4K page systems From Donet Tom 6a9f2683c66dc54d3598589684c0b3c5cb2862ad in linux-6.18.y/6.18.24 4e9597f22a3cb8600c72fc266eaac57981d834c8 in mainline linux CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/22 19:08:47 Modified files: lib/libc/time : difftime.c Log message: Fix difftime() result when it is passed a negative value We need to cast the result of bitwise AND to time_t before the cast to double in the HI and LO macros. Otherwise, we get a very large positive floating point value instead of a negative value. Reported by Xuntao Chi CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/22 19:10:33 Modified files: sys/dev/pci/drm/amd/amdkfd: kfd_queue.c Log message: drm/amdkfd: Fix queue preemption/eviction failures by aligning control stack size to GPU page size From Donet Tom 647fb0dc3818733024fc96c1df1ec3af806b0256 in linux-6.18.y/6.18.24 78746a474e92fc7aaed12219bec7c78ae1bd6156 in mainline linux CVSROOT: /cvs Module name: src Changes by: dlg@cvs.openbsd.org 2026/04/22 19:15:07 Modified files: sys/ddb : db_input.c Log message: make ctrl-w remove trailing space from words too this makes it more consistent with what i experience with ctrl-w in the shell. ok deraadt@ claudio@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/22 19:16:32 Modified files: sys/dev/pci/drm/i915: i915_gem.c Log message: x86: rename and clean up __copy_from_user_inatomic_nocache() From Linus Torvalds 03fd014cd9f3a3d173740ab9c5cbede82fd6322c in linux-6.18.y/6.18.24 5de7bcaadf160c1716b20a263cf8f5b06f658959 in mainline linux CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/22 19:16:55 Modified files: sys/dev/pci/drm/include/linux: uaccess.h Log message: rename __copy_from_user_inatomic_nocache() to copy_from_user_inatomic_nontemporal() to follow changes in linux 6.18.24 CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/22 19:28:03 Modified files: sys/net : art.h art.c Log message: remove unused art_walk() ok dlg@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/22 19:33:01 Modified files: sys/net : pf_ioctl.c Log message: remove unused pf_statelim_clr() ok dlg@ CVSROOT: /cvs Module name: ports Changes by: phessler@cvs.openbsd.org 2026/04/23 01:51:18 Modified files: cad/openscad : Makefile Log message: add missing build dep. it wouldn't build without the build dep being available, so no need for a REVISION bump. noticed by myself and naddy on arm64 and amd64 bulk package builds. OK sthen@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/23 05:29:23 Modified files: usr.bin/tmux : screen-redraw.c Log message: Redraw correctly when a popup is present above pane borders, GitHub issue 4997 from Manuel Einfalt. CVSROOT: /cvs Module name: ports Changes by: jca@cvs.openbsd.org 2026/04/23 05:46:03 Added files: devel/orc/patches: patch-orc_riscv_orcriscvtarget_c Log message: Fix orc riscv64-specific code paths orc previously failed to build because of inconsistent #ifdefs that exposed Linux-only calls. While here hook up call to (__builtin)__clear_cache and correct default assumptions (the 'V' extension can't be assumed, on any OS). Prompted by a report from matthieu@, maintainer timeout, ok sthen@ CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/04/23 06:00:58 Modified files: devel/clang-tools-extra: Makefile devel/py-llvmlite: Makefile lang/zig : Makefile www/chromium : Makefile www/iridium : Makefile www/ungoogled-chromium: Makefile Log message: bump REVISION after the fixes in the llvm ports ok sthen@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/23 06:36:15 Modified files: usr.bin/tmux : file.c server-client.c tmux.h Log message: Kill client rather than fatalx on bad file handling messages, reported by Tim Zheng. CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/23 06:57:47 Modified files: regress/usr.bin/ssh/unittests: Makefile.inc Log message: Drop -Winline from CDIAGFLAGS it breaks on sparc64 On sparc64 ssh/unittests/kex fails to build with: usr.bin/ssh/libcrux_mlkem768_sha3.h:8196: warning: inlining failed in call to 'libcrux_ml_kem_polynomial_ZERO_89_ea': --param max-inline-insns-single limit reached OK djm@ (long time ago) reminded by tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/23 08:15:53 Modified files: usr.sbin/rpki-client: parser.c Log message: Move repo_tree_free() up to where the other repo functions live. OK tb@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/23 13:51:37 Modified files: sys/arch/riscv64/dev: simplebus.c sys/arch/riscv64/include: bus.h sys/arch/riscv64/riscv64: autoconf.c bus_dma.c Log message: Implement bounce buffers for riscv64. ok jca@ CVSROOT: /cvs Module name: ports Changes by: kmos@cvs.openbsd.org 2026/04/23 14:00:09 Modified files: audio/ncmpc : Makefile Log message: span.h is provided by GCC 15. Drop BROKEN-sparc64 ok naddy CVSROOT: /cvs Module name: ports Changes by: kmos@cvs.openbsd.org 2026/04/23 14:00:49 Modified files: math/libqalculate: Makefile Log message: Now that ports-gcc is gcc 15, this is no longer BROKEN on sparc64 Remove BROKEN-sparc64 ok naddy CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/04/23 15:11:39 Modified files: net/ejabberd : Makefile Log message: net/ejabberd: prevent linking agains wayland/libei instead erlang's libei.a CVSROOT: /cvs Module name: ports Changes by: naddy@cvs.openbsd.org 2026/04/23 15:44:49 Modified files: lang/gawk : Makefile Log message: lang/gawk: do not pick up gettext-tools in configure configure picks up xgettext and it is then used during the build, but to no effect. Reported by jca@ CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/04/23 17:21:41 Modified files: build/mirrors : openbgpd-ftp.html.head libressl : mail.html openbgpd : ftp.html openiked : manual.html openntpd : features.html opensmtpd : report.html Log message: fix broken/outdated links CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/04/23 17:22:40 Modified files: libressl : papers.html openbgpd : users.html openntpd/txt : release-6.1p1.txt release-6.8p1.txt opensmtpd : list.html opensmtpd/announces: libasr-1.0.0.txt libasr-1.0.1.txt libasr-1.0.2.txt Log message: fix some typos CVSROOT: /cvs Module name: ports Changes by: matthieu@cvs.openbsd.org 2026/04/23 23:59:22 Modified files: sysutils/ttyplot: Makefile sysutils/ttyplot/patches: patch-ttyplot_c Log message: Fix ttypplot by moving pledge() call after open(/dev/tty). Add 'use pledge()' marker to Makefile while there. ok tb@, fcambus@, naddy@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/24 04:08:52 Modified files: usr.bin/tmux : window.c Log message: No need to stravis the window name twice. CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/24 07:25:44 Modified files: sys/net : pipex_local.h trunklacp.c Log message: use __kprintf__ not __printf__ for format attributes avoids format warnings with clang 21 and later ok robert@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/24 09:10:20 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: Simplify PKCS7_get_issuer_and_serial() The i variable is unused. Likewise for the first assignment to ri. Instead of an incomplete check that idx is in range, which still results in a NULL deref if idx < 0, check if ri is not NULL before accessing, as sk_value() checks the index correctly. ok jsing kenjiro CVSROOT: /cvs Module name: ports Changes by: jca@cvs.openbsd.org 2026/04/24 10:01:38 Modified files: net/openvpn : Makefile distinfo Log message: SECURITY update to openvpn-2.7.2 fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances (CVE-2026-40215) fix server ASSERT() on receiving a suitably malformed packet with a valid tls-crypt-v2 key (CVE-2026-35058) Other changes: https://github.com/OpenVPN/openvpn/blob/v2.7.2/Changes.rst ok naddy@ CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/24 11:31:12 Modified files: security/nss : Makefile distinfo Log message: security/nss: bugfix update to 3.123.1 fixes #2033783: invalid DTLS CertificateVerify signature breaks Firefox WebRTC to pion and webrtc-rs servers see https://hg-edge.mozilla.org/projects/nss/raw-file/tip/doc/rst/releases/nss_3_123_1.rst ok naddy@ CVSROOT: /cvs Module name: ports Changes by: phessler@cvs.openbsd.org 2026/04/24 11:42:24 Modified files: graphics/ImageMagick: Makefile Log message: remove BROKEN marker to try building on arm(v7). the platform has changed a lot since 2019 OK sthen@ naddy@ CVSROOT: /cvs Module name: www Changes by: kmos@cvs.openbsd.org 2026/04/24 16:33:40 Modified files: . : plus.html Log message: Added changes for November and December 2025 Done with pamela@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/24 23:47:03 Modified files: lib/libcrypto/sha: sha256.c Log message: Add FIPS 180-4 references for SHA-256 constants. CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/25 04:30:11 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: pkcs7: Simplify PKCS7_type_is_other() Remove unnecessary isOther and nid variables and use direct returns. The function should probably be removed... ok jsing kenjiro CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/25 04:48:59 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: pkcs7: avoid assignment to i in PKCS7_dataInit() We can switch over the return value of OBJ_obj2nid() rather than using i for an indirection. ok jsing kenjiro CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/25 04:50:50 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: pkcs7: don't use i and j for NIDs in PKCS7_dataDecode() There's no need to assign to i before the switch and j is a terrible name for a NID. Inline the latter and switch directly over the return value of OBJ_obj2nid(). ok jsing kenjiro CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/25 04:53:13 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: pkcs7: don't use i, j for NIDs in PKCS7_dataFinal() Use nid for NIDs and use i only for for loops. ok jsing kenjiro CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/25 04:54:30 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: pkcs7: drop silly use of i in PKCS7_dataVerify() ok jsing kenjiro CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/25 05:41:41 Modified files: sys/dev/fdt : dwpcie.c Log message: If the PCIe link is down, provide access to config space for bus 0, but return 0xffffffff (and ignore writes) for other busses. This gets rid of the "can't initialize hardware" messages that confuse some users and better matches what happens on other platforms with PCIe when a slot is empty. ok jca@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/25 06:14:38 Modified files: sys/arch/sparc64/sparc64: trap.c Log message: Do not clear the dirty upper and lower bits when enabling the FPU in fprs When handling a FPU disabled trap and the FPU context is still pointing to curproc then all that needs to be done is enable the FPU but on sparc64 this needs to be done in two places. In pstate and %fprs. Writing FPRS_FEF into %fprs clears the DU and DL bits which marks the FPU state as clean (but it may not be). If the proc only reads the FPU state and later a lazy FPU switch is forced the FPU context is not correctly saved. Instead read %fprs and or FPRS_FEF into it, keeping the DU and DL bits intact. See also rev 1.68 for why %fprs needs to be fumbled with. This fixes various issues seen during ports bulk builds. Like perl tripping over "use 5.12.0;" with a -NaN is not a version error, various awk issues and even cmake failures via 'std::bad_array_new_length'. OK kettenis@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/25 08:36:12 Modified files: regress/lib/libssl/dtls: Makefile Added files: regress/lib/libssl/dtls: dtls_wire_test.c Log message: Add DTLS wire tests. Add tests that ensure the wire bytes for DTLS are what we expect for both CCS and fragmented handshake messages. CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/25 11:47:46 Modified files: usr.bin/vi/common: delete.c Log message: Fix a misapplied patch in rev 1.12, the goto belongs outside the len check. CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/25 11:51:11 Modified files: usr.bin/vi/vi : v_sentence.c Log message: Prevent '(' from moving the cursor forward. Fixes an issue where '(' moved forward the start of the next (not previous) sentence when used within whitespace at the start if a line. From Debian bug 193498 (Tommy Pettersson) via nvi2. CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/25 11:58:56 Modified files: usr.bin/vi/vi : v_sentence.c Log message: Fix special case of ')' when the cursor is on white-space. The forward sentence code has a special case to support moving to the start of the next sentence when it is in the middle of a empty line or whitespace between sentences. However, the logic was incorrect and applied when the curson was on _any_ white-space. This change adds logic to look back and detect whether the cursor is actually in between two sentences. Based on a diff from Walter Alejandro. CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/25 13:30:59 Modified files: usr.bin/vi/vi : v_paragraph.c v_sentence.c Log message: Allow '!}' and '!)' at EOF, even though there is no forward movement. The updated behavior differs from traditional vi but matches vim. It is already possible to run bang commands at EOF in conjunction with some other forward movement commands such as 'l' and 'w'. From Walter Alejandro Iglesias CVSROOT: /cvs Module name: www Changes by: naddy@cvs.openbsd.org 2026/04/25 14:07:56 Modified files: . : 79.html Log message: 13044 amd64 packages CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/04/25 15:04:11 Modified files: faq : upgrade78.html Log message: zap invalid

tag CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/04/25 15:05:16 Modified files: faq/ports : differences.html specialtopics.html Log message: fix some typos CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/04/25 15:21:15 Modified files: faq : faq17.html Log message: android's vpn client supports ikev2 now, so remove some outdated info. discussed with landry CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/25 22:19:11 Modified files: lib/libcrypto/pkcs7: pk7_doit.c Log message: Fix PKCS7_set_{un,}signed_attributes() In both these functions, if the X509_ATTRIBUTE_dup() fails, the remainder of the sk stack is shared with p7si->{un,}auth_attr and the caller will likely end up freeing it twice. Fix this by writing another sk_deep_copy() patterned after the existing ones in x509_lu.c and x509_vpm.c. PKCS7_set_{un,}signed_attributes() become trivial wrappers of that. ok jsing kenjiro CVSROOT: /cvs Module name: www Changes by: matthieu@cvs.openbsd.org 2026/04/26 00:22:19 Modified files: . : 79.html Log message: Update versions of base+xenocara CVSROOT: /cvs Module name: www Changes by: matthieu@cvs.openbsd.org 2026/04/26 00:24:32 Modified files: . : 79.html Log message: 7.7 -> 7.8 where needed. CVSROOT: /cvs Module name: www Changes by: matthieu@cvs.openbsd.org 2026/04/26 01:00:54 Modified files: . : 79.html Log message: ports versions CVSROOT: /cvs Module name: www Changes by: tb@cvs.openbsd.org 2026/04/26 01:07:31 Modified files: . : 79.html Log message: zlib 1.3.2 CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/26 03:27:15 Modified files: sys/dev/ic : com.c Log message: Attempt to drain the transmit FIFO before resetting or disabling it such that output that is currently in the FIFO makes it out. We already do this when attaching as a console by using a fixed delay, but not in compwroff() which runs when userland closes the associated tty. Instead of using a fixed delay, look at the LSR_TSRE bit which should get set if the FIFO (or the itransmit shift register if the FIFO is disabled) is empty. Use a fixed timeout such that on hardware with a non-functional LSR_TSRE bit the loops still terminate. This should fix issues where we lose serial output when userland closes a tty or when com(4) attaches to the port that is used as the console. ok deraadt@ CVSROOT: /cvs Module name: www Changes by: tb@cvs.openbsd.org 2026/04/26 03:42:46 Modified files: . : 79.html Log message: go 1.26.2 CVSROOT: /cvs Module name: www Changes by: sthen@cvs.openbsd.org 2026/04/26 07:09:56 Modified files: . : 79.html Log message: 10631 i386 packages CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/26 11:58:58 Modified files: lib/libcrypto/x509: x509_addr.c Log message: make_addressRange: unused bits in max must be zero X509v3_addr_add_range() requires that min and max of an address range have network encoding. In the RFC 3779 encoding of an actual address range (as opposed to a prefix) as a SEQUENCE OF two ASN.1 BIT STRINGs, the trailing one bits of the maximum become unused bits and therefore must be DER encoded as zeroes. The DER encoder will clear them via i2d but these trailing ones are annoying. Make a copy in which the unused bits are cleared. ok kenjiro CVSROOT: /cvs Module name: www Changes by: kirill@cvs.openbsd.org 2026/04/26 12:27:12 Modified files: . : 79.html Log message: 79.html: jdk8 was removed CVSROOT: /cvs Module name: src Changes by: mglocker@cvs.openbsd.org 2026/04/26 13:25:08 Modified files: sys/dev/pci : if_qwz_pci.c sys/dev/ic : qwz.c qwzreg.h qwzvar.h Log message: Bring the qwz driver up to WPA2 association on the Qualcomm WCN7850 chip. Major changes: 1. Fix the RX path. 2. Fix the TX path. 3. Fix MSI interrupt routing. 4. Make the WPA2 4-way handshake complete. 5. Add bus_dmamap_sync() barriers on RX and TX. 6. Update register/descriptor defines from ath11k to ath12k WiFi7. Known limitations: - DHCP does not yet complete on most setups: TX of DISCOVER works (the DHCP server sees it), but the OFFER does not reach the host. Likely an RX-path or post-handshake GTK state issue. Reported by kettenis@ with an athn(4) AP on a Vivobook. - Some hardware (e.g. Honor laptop) hits a firmware page fault during association. RDDM dump shows a fault in dlpager_main.c inside the firmware; likely a memory addressing issue specific to that silicon stepping or IOMMU configuration. Reported by kirill@. - On APs with PMF (Protected Management Frames) enabled, the association flaps continuously; on APs without PMF (Apple hotspot, athn(4)) the connection reaches a stable "active" state and survives subsequent firmware crashes via the recovery path. - Firmware occasionally crashes after sustained traffic on some APs (FritzBox in particular can drive the device into an unrecoverable "tx credits timeout" state); the driver normally recovers via the existing RDDM path in if_qwz_pci.c without a system reboot. - One PN-replay loop in qwz_dp_peer_rx_pn_replay_config doesn't iterate the non-QoS TID slot. Cosmetic for normal use; will land as a separate small commit. This is a foundation commit: enough to associate and exchange some frames, but not yet a usable network connection. Further work is required. OK kettenis@, kirill@ CVSROOT: /cvs Module name: src Changes by: dtucker@cvs.openbsd.org 2026/04/26 23:49:41 Modified files: regress/usr.bin/ssh: keyscan.sh Log message: Use supported hostkeyalgorithms specifically in sshd_config instead of supported key types, which is almost but not completely correct. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/27 06:31:11 Modified files: usr.bin/tmux : cmd-parse.y Log message: Add a limit on maximum length of environment variable assignment in configuration files. CVSROOT: /cvs Module name: src Changes by: hshoexer@cvs.openbsd.org 2026/04/27 07:06:14 Modified files: usr.sbin/vmd : config.c Log message: vmd(8): Avoid reuse of dead filedescriptor When the vmd process sends a kernfd to the vmm process, that descriptor will be closed in msgbuf_write() after a successful sendmsg(). However, that descriptor number is still stored in vm->vm_kernel. When termination of one VM is interleaved with lauch of another VM, that number might be reassigned to a _new_ kernfd of the launching VM. Now we have a race: - the vmd process queues an imsg with that descriptor in config_setvm() (for the launching VM) - the vmd process calls in vm_stop() close() on that descriptor (for the terminating VM) - when the vmd process calls proc_dispatch() imsgbuf_send() for imsg queued in config_setvm(), sendmsg() will return EBADF (the descriptor in the control message is invalid) By dupping kernfd we can avoid this race. ok dv@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/27 09:06:01 Modified files: usr.sbin/bgpd : bgpd.h rde.c rde.h rde_filter.c session.c session.h Log message: Change to enum filter_action and enum direction since the plural form does not work well with these enums. OK denis@ tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/27 09:24:43 Modified files: usr.sbin/bgpd : rde.c Log message: Shuffle the softreconfig functions into an order that makes more sense. OK tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/27 09:52:20 Modified files: usr.sbin/bgpd : rde.c Log message: Rename out_rules to simply rules. In the near future this list will be used for both 'from' and 'to' filter rules. OK tb@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/27 10:39:50 Modified files: sys/arch/octeon/dev: cn30xxgmx.c cn30xxgmxvar.h if_cnmac.c iobusvar.h octeon_iobus.c octpip.c Log message: sys/cnmac: read MAC address from device tree Read local-mac-address from the matching ethernet port node in device tree; fall back to the old board address allocation when it is absent. As suggested by visa@, this changes HW address assignment on the EdgeRouter Pro, and probably on the ER-8, by swapping ports as follows: cnmac0 <-> cnmac4 cnmac1 <-> cnmac5 cnmac2 <-> cnmac6 cnmac3 <-> cnmac7 Affected devices uses the same MAC addresses as the original firmware. OK: visa@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/27 10:54:49 Modified files: sys/arch/octeon/dev: cn30xxpip.c cn30xxpipvar.h if_cnmac.c if_cnmacvar.h Log message: sys/cnmac: add RX queues Add RX queues to cnmac, backed by shared POW groups. Use PIP tags for RX group selection and pass the tag up as M_FLOWID. OK: visa@ CVSROOT: /cvs Module name: www Changes by: thfr@cvs.openbsd.org 2026/04/27 14:18:03 Modified files: . : 79.html Log message: mention Vulkan 1.4.341.0 CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2026/04/27 16:23:27 Modified files: usr.sbin/rpki-client: parser.c Log message: adjust style OK tb@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/27 19:14:07 Modified files: sys/dev/pci/drm: drm_linux.c Log message: Make xarray cyclic start looking for a free id at the position specified by the next argument and stop after wrapping back to that position. Previously looking for a free id started at the beginning of the allocation range and stopped at the end, ignoring the next argument. Currently xarray cyclic id allocations are only used by the GuC code in inteldrm. In 6.18.25 drm, the amdgpu PASID allocation changes from using cyclic idr to cyclic xarray. CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/04/27 21:02:50 Modified files: . : 79.html Log message: suporting -> supporting CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/27 21:25:46 Modified files: sys/dev/pci/drm/include/linux: xarray.h Log message: add DEFINE_XARRAY_FLAGS() for 6.18.25 drm CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/27 21:33:56 Modified files: sys/dev/pci/drm/include/linux: xarray.h Log message: use DEFINE_XARRAY_FLAGS() for DEFINE_XARRAY_ALLOC() CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/27 21:44:14 Modified files: sys/dev/pci/drm: drm_linux.c Log message: Change xarray pool from IPL_NONE to IPL_TTY as amdgpu will soon use it from interrupt context. Matches the IPL of the IDR pool. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/28 02:32:44 Modified files: usr.bin/tmux : cmd-join-pane.c Log message: Fix -p for for join-pane, from Dane Jensen. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/28 02:34:15 Modified files: usr.bin/tmux : cmd-run-shell.c Log message: Do not hang run-shell when job_run fails, from Barrett Ruth in GitHub issue 5037. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/28 02:35:21 Modified files: usr.bin/tmux : window-copy.c Log message: Do not deref NULL job in window_copy_pipe_run when job_run fails. From Barrett Ruth in GitHub issue 5036. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/28 02:47:55 Modified files: usr.bin/tmux : cmd-pipe-pane.c Log message: Do not leak socketpair fds in pipe-pane when fork fails. From Barrett Ruth. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/28 02:52:37 Modified files: usr.bin/tmux : paste.c Log message: Sanitize paste buffer names in paste_set and paste_rename, GitHub issue 5032 from Barrett Ruth. CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/28 03:23:22 Modified files: sys/dev/pci/drm/amd/amdgpu: amdgpu_ids.c Log message: drm/amdgpu: replace PASID IDR with XArray From Mikhail Gavrilov b7cddf6c017510cd0c79980ea551e7bcdf0edc7e in linux-6.18.y/6.18.25 3c863ff920b45fa7a9b7d4cb932f466488a87a58 in mainline linux CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/04/28 04:01:07 Modified files: usr.bin/tmux : key-bindings.c menu.c mode-tree.c status.c Log message: Make C-[ have the same bindings as Escape for terminals with extended keys where they are different, GitHub issue 5035 from Eric NICOLAS. CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/28 07:25:04 Modified files: usr.sbin/rdate : Makefile ntp.c rdate.8 rdate.c Removed files: usr.sbin/rdate : ntpleaps.c ntpleaps.h Log message: rdate: remove -c option, we don't install the "right" zone files This option was non-functional since OpenBSD does not ship with the /usr/share/zoneinfo/right time zone files, which include leap seconds. OK dgl@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/28 08:06:44 Modified files: usr.sbin/bgpd : rde.c Log message: Fix possible reload bug that leave old filters on a peer. In rde_reload_done() the code handling the peer->reconf_rib case has a continue which skips the code path that actually reapplies the outbound filters. The result is that such a peer keeps on running with the old filters -- a subsequent reload will then fix this. Removing the continue changes the way peer->reconf_rib and peer->reconf_out interact. Now reconf_rib needs to be checked before reconf_out since it is possible for both to be set. Adjust the code in rde_softreconfig_in_done() accordingly. OK tb@ CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/28 09:36:52 Modified files: lib/libc/gen : cgetent.3 Log message: Escape is octal 33, not 27 (which is escape in decimal) From Eric Mulholland CVSROOT: /cvs Module name: www Changes by: sthen@cvs.openbsd.org 2026/04/28 10:23:08 Modified files: . : 79.html Log message: 12883 aarch64 packages CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/28 15:31:48 Modified files: share/zoneinfo/datfiles: northamerica southamerica zone.tab zone1970.tab zonenow.tab Log message: Update to 2026bgtz from https://github.com/JodaOrg/global-tz CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2026/04/28 15:32:05 Modified files: usr.bin/ssh : ssh-agent.c Log message: unveil the actual listening socket path and its directory so it can be cleaned up at exit. Reported by / tested by David Krause, ok markus@ CVSROOT: /cvs Module name: www Changes by: kmos@cvs.openbsd.org 2026/04/29 00:49:05 Modified files: . : plus.html Log message: Changes for January 2026 Done with pamela@ CVSROOT: /cvs Module name: src Changes by: renaud@cvs.openbsd.org 2026/04/29 02:18:55 Modified files: sbin/pfctl : parse.y Log message: The dual-pool form of the af-to action, af-to af FROM redirpool pool_opts TO redirpool pool_opts was writing the TO side options in the FROM side. OK sashan@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/29 05:14:11 Modified files: usr.sbin/rpki-client: parser.c Log message: rpki-client: properly ignore missing unsupported files in -n mode RFC 9286 section 6.5 mandates that we fetch all the files in a manifest fileList and validate their hashes. By design, RRDP will ship all the available files whereas in rsync we decided to fetch only the files of types we explicitly support. While we check the hashes of unsupported files, they won't be copied into the cache of validated files. Since unsupported files are not in the validated cache and may or may not be present in the temporary directory of fetched objects, there is logic that ensures that the hashes of all available files are correct and attempts to avoid an error for files absent from both directories. Whether all the above decisions in both, standards and our code, are fully sound is not entirely clear. Be that as it may, Job observed that this logic was incorrect in noop mode where no temporary directory is available. This resulted in rejecting the one manifest that still lists a Ghostbuster's record (RFC 6493) and as a consequence marking the corresponding CA incorrectly non-functional. This is a clear bug and this is fixed in this commit by adding a special case for noop mode. Further refinements may follow. ok claudio job CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/29 08:55:21 Modified files: lib/libssl : d1_both.c Log message: Convert DTLS code to ssl_msg_callback(). ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/29 08:57:29 Modified files: lib/libssl : d1_both.c Log message: Inline dtls1_fix_message_header(). This is only used in one place and it makes no sense to have it as a separate function. Furthermore, pull up an assertion so that we check before assigning frag_len. ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/29 08:59:26 Modified files: lib/libssl : d1_both.c dtls_local.h Log message: Make dtls1_retransmit_message() static. This function is only called from dtls1_retransmit_buffered_messages(). Make it static and move it above the caller. ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/29 09:00:53 Modified files: lib/libssl : d1_both.c Log message: Remove unused frag_off argument from dtls1_retransmit_message(). ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/29 09:04:15 Modified files: lib/libssl : d1_both.c Log message: Avoid unnecessary lookups in dtls1_retransmit_message(). dtls1_retransmit_buffered_messages() is iterating over the sent_messages pqueue, only to pass dtls1_retransmit_message() a sequence number that it turns back into a priority, to then do a lookup on the sent_messages pqueue. This is pointless given that we already have the message that we need to retransmit - just pass that to dtls1_retransmit_message() directly. ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/29 09:13:27 Modified files: lib/libssl : d1_both.c Log message: Split dtls1_do_write() into handshake message and CCS handling. dtls1_do_write() is currently a single function that handles both handshake messages and CCS. This is a strange mix that only serves to complicate the code - handshake messages have their own headers and may need to be fragmented, while CCS must be sent verbatim (and only contain a single byte). Pull the CCS part out into a separate function, simplifying the code. By definition, when sending a CCS message the MTU will already be set appropriately. ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: bluhm@cvs.openbsd.org 2026/04/29 12:07:41 Modified files: lib/libexpat : Changes lib/libexpat/lib: internal.h xmlparse.c Log message: Backport fixes from libexpat version 2.8.0. Relevant for OpenBSD are security fixes #47 #1183. Library bump is not necessary. CVE-2026-41080 OK tb@ CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2026/04/29 16:22:10 Modified files: usr.bin/ssh : scp.c Log message: fiddle with mask after umask call and not before; avoids fortify warnings on android. bz3954 CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/29 22:33:06 Modified files: sys/dev/pci/drm/i915: i915_driver.c Log message: disable GuC submission for Raptor Lake-S volker@ reports it fails to init on a desktop machine with a i9-14900K CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/30 05:06:29 Modified files: usr.sbin/bgpctl: Makefile Added files: usr.sbin/bgpctl: log.c Log message: bgpctl: add log.c for bgpctl This provides log_{warn{,x},info,debug}() and fatal{,x}() implementations that wrap the err.h API. They are API compatile with bgpd's log.h and will help undo some contortions where we had to put log calls into weird spots because of code sharing between bgpd and bgpctl. ok claudio CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/30 07:52:59 Modified files: usr.sbin/bgpd : log.c log.h Log message: Unexport vlog() from log.c nothing uses it outside of log.c. OK henning@ CVSROOT: /cvs Module name: www Changes by: naddy@cvs.openbsd.org 2026/04/30 08:12:02 Modified files: . : 79.html Log message: 10079 sparc64 packages 9507 powerpc64 packages CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/04/30 08:44:10 Modified files: mail/exim : Tag: OPENBSD_7_8 Makefile distinfo mail/exim/patches: Tag: OPENBSD_7_8 patch-Local_Makefile mail/exim/pkg : Tag: OPENBSD_7_8 MESSAGE-main Added files: mail/exim/patches: Tag: OPENBSD_7_8 patch-src_tlscert-openssl_c Log message: update to exim-4.99.2 in 7.8-stable (at this point in the release cycle -stable ports updates are mostly not possible as they'll interfere with updates to 7.9, however this has been removed in -current so that doesn't apply here). this brings recent cve fixes, plus other older ones from 4.99.1 that didn't get into -stable yet. also update MESSAGE to warn about removal in 7.9. ok phessler renaud CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/30 09:20:15 Modified files: usr.sbin/bgpd : rde_filter.c Log message: In rde_filter_free() release the referenc to the rde_filterset by calling rde_filterset_unref() for every rule. OK tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/04/30 09:38:52 Modified files: lib/libssl : d1_both.c Log message: Refactor dtls1_do_write_handshake_message(). If the call to dtls1_write_bytes() fails, handle the potential MTU update and return/continue, which allows for the remainder to be moved out of an else statement. ok kenjiro@ tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/30 09:48:13 Modified files: usr.sbin/bgpd : logmsg.c Log message: Convert logit() to either log_warnx() or log_info() depending on the log level. OK sthen@ tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/30 09:51:07 Modified files: usr.sbin/bgpd : rde.h rde_attr.c Log message: Add a bit of const to attr_writebuf(), aspath_get() and aspath_deflate(). OK tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/04/30 12:22:59 Modified files: usr.sbin/bgpd : rtr_proto.c Log message: In the rtr_reader_callback() make sure that the PDU length is not only smaller than RTR_MAX_PDU_SIZE but also larger than sizeof(struct rtr_header). Passing a too small value will trigger a fatal error later on which is not great. Also switch the type of len to size_t, there is no need for a signed value here. OK tb@ CVSROOT: /cvs Module name: src Changes by: anton@cvs.openbsd.org 2026/04/30 22:54:56 Modified files: regress/usr.sbin/bgpd/unittests: rde_community_test.c Log message: Cope with recent const corrections. CVSROOT: /cvs Module name: www Changes by: kmos@cvs.openbsd.org 2026/05/01 00:05:47 Modified files: . : plus.html Log message: Changes for February 2026 Done with pamela@ CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/01 01:53:05 Removed files: mail/exim/patches: Tag: OPENBSD_7_8 patch-src_dane-openssl_c patch-src_lookups_spf_c patch-src_osfunctions_h patch-src_spf_h patch-src_tls-openssl_c Log message: missed cvs rm CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/01 03:34:05 Modified files: usr.bin/tmux : format.c Log message: Check time inside repeat (R:) loop as well. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/01 03:44:42 Modified files: usr.bin/tmux : cmd-copy-mode.c options-table.c screen.c tmux.1 tmux.h window-copy.c Log message: Add support for line numbers in copy mode. A new copy-mode-line-numbers option has the following modes: off, default (tmux's normal line numbering where 0 is the top visible line), absolute (first line in history is 1), relative (relative to the cursor) and hybrid (current line is absolute, others relative). Also adds copy-mode-line-number-style and copy-mode-current-line-number-style to set the style of the line numbers. When copy mode is entered with the mouse, line numbers stay off. From Leo Henon in GitHub issue 5025. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/01 03:59:42 Modified files: usr.bin/tmux : control.c Log message: Do not leak cached last result from control subs, from Aaron Campbell in GitHub issue 5047. CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/01 05:22:24 Modified files: usr.sbin/rpki-client: Makefile extern.h Added files: usr.sbin/rpki-client: asn1_bit_string.c Log message: rpki-client: add compat for BIT STRING accessors ASN.1 bit strings are DER encoded by zero-padding the bit string at the end to a length divisible by eight. The number of padding bits ("unused bits"), a number between 0 and 7, is stored in the first value octet, the remainder of the value octets are formed by the zero-padded bit string. Since asn1_string_st is opaque in OpenSSL 4, there need to be accessors for length and unused bits, which is what is added here. The getter assumes the ASN1_STRING_FLAG_BITS_LEFT flag is set on a bit string, which is always the case for deserialized bit strings. I prefer not to elaborate on the madness hiding here at this point in time... LibreSSL will likely add these accessors to libcrypto in the ongoing cycle, but we will need this compat code for OpenSSL and older LibreSSL anyway. The code is not yet used in rpki-client. The conversions will be committed soon. ok claudio job CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/01 05:23:57 Modified files: regress/usr.sbin/rpki-client: Makefile.inc regress/usr.sbin/rpki-client/openssl: Makefile regress/usr.sbin/rpki-client/openssl/build: Makefile Log message: rpki-client: add asn1_bit_string.c to TEST_COMMON. Prepare its use. CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/01 05:25:21 Modified files: lib/libc/gen : opendir.3 Log message: correct history, dirfd() did not appear until tahoe CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/01 05:56:41 Modified files: usr.bin/tmux : mode-tree.c Log message: Add some checks on line size to avoid underflow, from san65384 at gmail dot com in GitHub issue 4955. CVSROOT: /cvs Module name: src Changes by: miod@cvs.openbsd.org 2026/05/01 14:03:58 Modified files: sys/arch/hppa/dev: sti_sgc.c sys/dev/ic : sti.c stireg.h stivar.h sys/dev/pci : sti_pci.c Log message: More work to handle devices which don't have a copy of the STI ROM available through one of the regular BARs, and have a shared decoder for BAR and ROM. Such devices can't have their BAR accessed when the ROM is mapped. In this case, we make a memory copy of the ROM contents and point the STI routines to it, without leaving the ROM mapped. This ought to be able to make the FireGL-UX work, but unfortunately it still hangs the PCI bus when accessing the frame buffer memory at low addresses. A good side effect of these changes, though, is that we no longer keep a bus_space mapping on the PCI ROM after initial ROM grovelling. On systems where the PDC firmware maps all PCI ROM at the same address (since only one may be active at any time), this lets multiple STI PCI devices attach and operate correctly, rather than only one attaching and the others complaining being unable to map the ROM, with errno being EAGAIN. CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/01 16:58:08 Modified files: . : 79.html Log message: add changes CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/01 17:41:00 Modified files: . : 79.html Log message: more updates CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/01 19:00:40 Modified files: . : 79.html Log message: spelling CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/01 21:05:31 Modified files: lib/libc/gen : getdiskbyname.3 Log message: correct history, getdiskbyname() appeared in 4.2BSD CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/01 21:20:45 Modified files: lib/libc/gen : getfsent.3 Log message: correct history; endfsent(), getfsfile(), getfsspec(), and setfsent() appeared in 4BSD CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/02 03:25:48 Modified files: usr.sbin/rpki-client: cert.c Log message: rpki-client: rename INR extension handlers These are the only two extension handlers having an sbgp_ prefix. Rename them to cert_ipaddrblocks() and cert_asids() for consistency. ok job (part of a larger diff) CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/02 04:28:20 Modified files: usr.sbin/rpki-client: cert.c Log message: rpki-client: remove variable indentation in sbgp_* functions requested by job CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/02 04:35:18 Modified files: usr.sbin/rpki-client: cert.c ip.c Log message: rpki-client: move RFC 3779 IP address parsing from cert.c to ip.c ok job CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/02 04:36:21 Modified files: usr.sbin/rpki-client: as.c cert.c Log message: rpki-client: move RFC 3779 AS number parsing from cert.c to as.c ok job CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2026/05/02 07:08:36 Modified files: usr.sbin/acme-client: json.c netproc.c Log message: Prevent memory leaks from json_getstr. json_getstr returns the result of strdup (or NULL) to the caller so the caller has to free the memory. While here, setting order->finalize to NULL once is enough. From Jan Schreiber (jes AT posteo.de), with input from tb. OK tb (some time ago) CVSROOT: /cvs Module name: www Changes by: visa@cvs.openbsd.org 2026/05/02 07:52:27 Modified files: . : 79.html Log message: 9309 mips64 packages CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/05/02 08:09:17 Modified files: sys/arch/riscv64/include: cpu.h elf.h sys/arch/riscv64/riscv64: autoconf.c cpu.c Log message: Improve CPU identification and hwcap for riscv64. On riscv64 we currently only expose a fixed hwcap value (G + C) and do not actually report any of what the CPUs provide via extensions. This means that userland cannot detect and make use of additional instructions that exist. Rework cpu_identify() so that we build hwcap/hwcap2, then use this to select the correct functions/support to use if we're on the primary CPU (rather than doing this for every CPU). Check that the secondary CPUs have the same features as the primary CPU (although this is coming from the DTB and not the actual hardware). Finally report available extensions via hwcap/hwcap2 so that we can make use of these instructions in userland. ok kettenis@ jca@ CVSROOT: /cvs Module name: ports Changes by: phessler@cvs.openbsd.org 2026/05/02 08:24:16 Modified files: lang/gcc/15/patches: patch-libgcc_config_arm_unwind-arm_h Log message: gcc-15 failed to build on arm(v7) because it didn't know what a bool was in an MD specific file. Add the header, so gcc-15 builds again. Does not affect any other architecture. OK pascal@ OK for -release naddy@ sthen@ CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/02 12:19:54 Modified files: . : 79.html Log message: more changes CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/02 13:52:02 Modified files: . : 79.html Log message: up to March CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/02 14:00:22 Modified files: . : 79.html Log message: add signify keys for this release CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/02 14:41:22 Modified files: . : 79.html Log message: up to March 4th CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/02 15:00:10 Modified files: . : 79.html Log message: some cleanup CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/02 17:07:41 Modified files: . : 79.html Log message: spelling CVSROOT: /cvs Module name: www Changes by: dtucker@cvs.openbsd.org 2026/05/02 17:28:02 Modified files: . : 79.html Log message: Initial pass at OpenSSH 10.3 changes. Could still use a bit of polish. CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/02 17:34:49 Modified files: . : 79.html Log message: correct man links CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/02 17:50:55 Modified files: . : 79.html Log message: correct html comment declarations CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/02 18:20:39 Modified files: . : 79.html Log message: mention drm version CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/03 03:50:36 Modified files: . : 79.html Log message: a few more pieces CVSROOT: /cvs Module name: www Changes by: stsp@cvs.openbsd.org 2026/05/03 04:12:53 Modified files: . : 79.html Log message: tweak wireless sections; ok benno@ CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/03 05:28:04 Modified files: . : 79.html Log message: prioritze -> prioritize CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/03 06:48:57 Modified files: www/mozilla-firefox: Tag: OPENBSD_7_8 Makefile Added files: www/mozilla-firefox/patches: Tag: OPENBSD_7_8 patch-third_party_rust_neqo-crypto__cargo-checksum_json patch-third_party_rust_neqo-crypto_min_version_txt Log message: www/mozilla-firefox: unbreak runtime by adding forgotten patches bourasz at proton noticed that at runtime neqo-crypto complained about the nss version - i forgot to cvs add the patches reverting the runtime requirement, but in my testing everything was fine with the version we had in 7.8. note: since 150.0p0 in 7.8-stable will be ahead of 150.0 that'll ship with 7.9-release, after updating to 7.9 if the 7.8 binaries dont work, one might need to reinstall firefox via pkg_add -r firefox. or wait for 7.9-stable packages to ship 150.0.1 or 150.0.2... sorry, shit happens when i get to juggle with too many chainsaws. CVSROOT: /cvs Module name: src Changes by: stsp@cvs.openbsd.org 2026/05/03 07:10:46 Modified files: sys/arch/amd64/stand/boot: conf.c sys/arch/amd64/stand/efiboot: conf.c diskprobe.c sys/arch/amd64/stand/libsa: diskprobe.c sys/arch/i386/stand/boot: conf.c sys/arch/i386/stand/libsa: diskprobe.c Log message: Avoid setting boothowto flags based on information read through a NULL pointer + an offset into the diskinfo structure. Fixes boot from RAID 1C softraid volumes where the kernel could be tricked into believing it is booting to unhibernate the machine, skipping devices such as network interfaces, which would then be missing in the running system once booted. Debugged together with jtt@ when several of our gothub.org servers lost their network interfaces after reinstallation with RAID 1C. ok kettenis@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/03 08:55:43 Modified files: usr.bin/tmux : format.c Log message: Free working stuff when R formats fail. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/03 08:57:09 Modified files: usr.bin/tmux : window.c Log message: Do not check for NULL after dereferencing, from alexarama at yahoo dot com in GitHub issue 5051. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/03 09:01:21 Modified files: usr.bin/tmux : control.c Log message: Fix control client hang on exit after toggling no-output, GitHub issue 5049 from Aaron Campbell. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/03 09:02:48 Modified files: usr.bin/tmux : options-table.c tmux.1 window-tree.c Log message: Allow the indicator in tree mode to be customized by two new options: tree-mode-preview-format and tree-mode-preview-style. CVSROOT: /cvs Module name: src Changes by: florian@cvs.openbsd.org 2026/05/03 09:49:09 Modified files: sbin/dhcp6leased: engine.c Log message: Prevent unsigned underflow leading to a crash. An IA_PD option contains one or more nested dhcp options. We first need to make sure that the length field of the option header does not point outside of the encapsulating option, which we did. When we then parse the nested options we need to make sure that nested option header length field is large enough for the nested option, not that the encapsulating option length is large enough for the encapsulated option. Otherwise opt_hdr.len - 2 can underflow, which strvisx(3) interprets as a size_t, i.e. a very large number, leading to a crash once we hit a guard. Underflow pointed out by an AI tool (sorry, don't know which one) in a somewhat convoluted way. It also provided an reproducer for the issue which was more helpful. AI reports triaged by millert. While here fix the same bug in the DHO_IA_PREFIX case and prevent a memory leak. OK tb CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/03 12:06:15 Modified files: regress/lib/libcrypto/certs: README Log message: cert regress: update README for tests 14a and 14b. CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/03 13:24:34 Modified files: . : 79.html Log message: more changes from MArch CVSROOT: /cvs Module name: www Changes by: matthieu@cvs.openbsd.org 2026/05/03 13:29:18 Modified files: . : 79.html Log message: Mention XDG_RUNTIME_DIR addition. CVSROOT: /cvs Module name: www Changes by: krw@cvs.openbsd.org 2026/05/03 14:46:42 Modified files: . : 79.html Log message: Emphasize 7.9 is preparing for, not implementing, support of up to 52 partitions. CVSROOT: /cvs Module name: www Changes by: benno@cvs.openbsd.org 2026/05/03 16:23:01 Modified files: . : 79.html Log message: some more entries CVSROOT: /cvs Module name: src Changes by: daniel@cvs.openbsd.org 2026/05/03 17:06:15 Modified files: usr.bin/awk : awk.1 Log message: awk(1): the flush function was added to POSIX.1-2024 Remove this function from the list of POSIX extensions. ok millert@ CVSROOT: /cvs Module name: www Changes by: jsg@cvs.openbsd.org 2026/05/03 17:42:44 Modified files: . : 79.html Log message: Inreased -> Increased CVSROOT: /cvs Module name: www Changes by: dtucker@cvs.openbsd.org 2026/05/03 22:47:11 Modified files: openssh : specs.html Log message: Add draft-josefsson-sshsig-format to supported specs; ok djm@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 01:33:22 Modified files: sys/dev/fdt : rkpmic.c Log message: The RK806 can be connected over I2C as well. ok dlg@, patrick@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 01:35:53 Modified files: sys/dev/fdt : rkcomphy.c Log message: Add RK3576 support. ok jmatthew@, dlg@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 02:00:27 Modified files: sys/dev/fdt : rkclock.c rkclock_clocks.h Log message: Add support for OTP related and temparature sensor related clocks and resets for the RK3576. ok patrick@, dlg@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 02:02:05 Modified files: sys/dev/fdt : files.fdt Added files: sys/dev/fdt : rkotp.c Log message: Add rkotp(4), a driver for reading the OTP fuses on Rockchip SoCs. ok patrick@, dlg@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 02:02:42 Modified files: sys/arch/arm64/conf: GENERIC Log message: Enable rkotp(4). CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 02:04:21 Modified files: sys/dev/fdt : rktemp.c Log message: Add RK3576 support. ok patrick@, dlg@ CVSROOT: /cvs Module name: src Changes by: dtucker@cvs.openbsd.org 2026/05/04 04:57:24 Modified files: regress/usr.bin/ssh: kbdint.sh Log message: Fix skip message. CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 06:52:57 Modified files: sys/dev/fdt : rkvop.c Log message: Also support DRM_FORMAT_XRGB8888; this gets rid of some warnings. ok jsg@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 07:49:07 Modified files: regress/lib/libcrypto/x509: callback.c verify.c Log message: verify regress: allow setting verify depth and callback This is pretty ugly and probably the the vct should be handed down to the verify_cert*() functions, but this works and doesn't make these tests any uglier than they already are. The callback regress was modified with a least effort approach. CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 07:52:39 Modified files: regress/lib/libcrypto/x509: callback.c verify.c Log message: libcrypto: extend verify and callback regress Add three more test variants for scenario 2a: 1) verify that a chain of length 3 validates with depth 2. 2) verify that a chain of length 3 fails to validate with depth 1. 3) verify that a chain of length 3 validates with depth 1 if we allow the callback to override the depth. Variant 3) fails in -current and reproduces a scenario reported by kirill. Also add two test variants for the scenarios in 14: 4): run the chain of length 32 with a yolo callback returning 1 5): run the chain of length 33 with a yolo callback returning 1 Test 5) fails because we currently bail out at the wrong depth. The verify callback should allow overriding the failure and will then hit the bounds check added in x509_verify.c r1.74 to avoid an overwrite. Reuse the existing test cases 2a and 14a/14b for this and add an optional vct->desc that uniquely identifies the test case. incorporates various feedback from jsing CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 07:55:20 Modified files: lib/libcrypto/x509: x509_verify.c Log message: verifier: re-enable the callback override for depth kirill reported that his nginx reverse proxy setup stopped working with x509_verify.c r1.74 and r1.75. It turns out that nginx relies on a verify callback that always returns 1. In revision 1.74 we removed the possibility of the verify_cb() to override X509_V_ERR_CERT_CHAIN_TOO_LONG, which is what breaks the config in kirill's setup since it used to use the nginx default of setting the depth to 1. Re-enable this to make the new scenario "2a with depth 1 and depth callback" pass. As shown by the other new test scenario "14b with yolo calback" with a "just say yes" cb, the guard added in r1.74 still prevents the overwrite. This makes kirill's reproducer work as verified by kirill and myself. It was also tested by kirill in the real life setup. discussed with beck ok jsing kenjiro CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 08:00:34 Modified files: regress/lib/libcrypto/certs: README Log message: certs/README: fix previous: 14b should fail to verify CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 10:08:57 Modified files: sys/dev/pci/drm: drm_bridge.c sys/dev/pci/drm/include/drm: drm_bridge.h Log message: Unstub select_bus_fmt_recursive(). This fixes output on the HDMI port on my firefly-rk3399. ok jsg@ CVSROOT: /cvs Module name: www Changes by: volker@cvs.openbsd.org 2026/05/04 11:03:57 Modified files: . : 79.html Log message: Mention Wayland 1.24.0 and compositors CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/05/04 11:05:59 Modified files: sys/nfs : nfs_serv.c Log message: Add checks for invalid dir count and max size for readdir/readdirplus. A zero count or max size value is now rejected early instead of relying on VOP_GETATTR to return an error. Also verify that the max size after rounding up to a multiple of DIRBLKSIZ is positive. A negative value would turn into a large allocation, causing the malloc() to fail. From an LLM bug report. With help from miod@ and kirill@. CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2026/05/04 11:34:57 Modified files: usr.sbin/rpki-client: print.c Log message: When printing a CCR's ManifestState, sort the entries by AKI Sorting this particular listing by AKI (instead of by hash of the Manifest object) makes diffs between CCRs much more readable. With & OK tb@ CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2026/05/04 11:39:35 Modified files: usr.sbin/rpki-client: ccr.c Log message: Explicitly check mostRecentUpdate on otherwise empty ManifestState OK tb@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 13:11:01 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: wycheproof: go fmt CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 13:15:45 Modified files: regress/lib/libcrypto/wycheproof: wycheproof.go Log message: wycheproof.go: simplfiy for loop CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 13:44:29 Modified files: share/man/man4 : Makefile Added files: share/man/man4 : rkotp.4 Log message: rkotp(4) CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 14:18:42 Modified files: sys/arch/arm64/arm64: locore.S Log message: When running in VHE host mode, HCR_EL2.TGE must be set, as otherwise a bunch of problems occur: - EL0 is guest EL0, not host, and the kernel will catch fire on the first ERET to EL0 - EL1 TLB invalidations target the guest, and not the host Make sure that HCR_EL2.TGE is set, instead of relying on firmware to have set it (when booting with UEFI, only the first CPU is correctly configured). From Marc Zyngier CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 14:21:02 Modified files: sys/arch/arm64/arm64: locore.S Log message: Handle HCR_EL2.E2H RES1 behaviour An implementation is allowed to make HCR_EL2.E2H RES1, which means that the CPU behaves as if this bit was 1, even if it reads as 0 or can be written with 0. While the architecture advertises this via ID_AA64MMFR4_EL1.E2H0, hypervisors cannot always expose this to a guest if the hardware doesn't implemtn FEAT_FGT. Instead, detect the effects of HCR_EL2.E2H being RES1 by checking for the aliasing property between accessors targetting the same register (FAR_ELx in this case). This gives a reliable litmus test for CPUs that are stuck in VHE mode. From Marc Zyngier CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/04 14:43:42 Modified files: sys/arch/arm64/dev: agtimer.c sys/arch/arm64/include: armreg.h Log message: Pick the correct interrupt for the virtual timer if we're running in EL2. Based on a diff from Marc Zyngier. ok jsg@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/04 14:44:36 Modified files: lib/libcrypto/mlkem: mlkem_internal.c Log message: mlkem: also zero the failure_key from logan https://github.com/libressl/openbsd/pull/154 CVSROOT: /cvs Module name: src Changes by: kenjiro@cvs.openbsd.org 2026/05/04 21:32:46 Modified files: usr.bin/openssl: speed.c Log message: openssl: centralize speed benchmark timer handling The speed benchmark currently arms alarm() from print_message() and pkey_print_message(), making the output helpers also control benchmark lifetime. This hidden coupling makes the code harder to maintain and led to missing alarm cleanup on Windows, as reported in #1245. Move alarm setup and run-state initialization into speed-specific timer helpers so benchmark timing is controlled explicitly at the start and stop points. ok tb joshua CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2026/05/04 23:34:27 Modified files: usr.bin/ssh : channels.h Log message: classify dynamic-tcpip channels as bulk, not interactive; bz3958, ok markus@ CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2026/05/05 00:21:14 Modified files: usr.bin/ssh : channels.h Log message: unbreak; spotted by Darren's test army CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 02:26:50 Modified files: usr.sbin/bgpd : rde_rib.c Log message: Re-evaluate prefixes if just PREFIX_FLAG_FILTERED changed With the introduction of 'rde rib Loc-RIB include filtered' it is possible that prefixes change from filtered to unfiltered state during a filter reload. In that case prefix_update() takes a shortcut path since no other attributes change and that path is missing a call to prefix_evaluate(). Add the missing prefix_evaluate() call in this codepath so that prefixes are correctly redistributed in that case. OK tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 02:37:45 Modified files: usr.sbin/bgpd : rde_attr.c Log message: Prevent overflow of the uint8_t length value in attr_optadd. bin_of_attrs() jumps from 240 to 256 elements but the length of the others attributes array is limited to a uint8_t type and overflows. Switch type of the local length value to int and make sure that the maximum length of UCHAR_MAX is not exceeded. OK tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 03:12:04 Modified files: usr.sbin/bgpd : util.c bgpd.h Log message: Limit all from of ASPATH attributes to 750 elements Having super long ASPATH attributes can lead to various issues including attribute length overflows. Especially the transformation of 2-byte ASPATH attributes to 4-byte ones can trigger overflows. Because of this limit the number and therefor the maximum size of an ASPATH. Our default config has a limit of 100 elements on paths. That limit is already much larger then what is seen in the DFZ (max ~20). The limit of 750 is again much larger and is really just a safeguard. OK tb@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 03:12:41 Modified files: usr.sbin/bgpd : version.h Log message: Bump version to 9.2 CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2026/05/05 03:23:06 Modified files: sbin/iked : ikev2.c Log message: check address size; from markus via millert CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/05 03:29:16 Modified files: usr.sbin/rpki-client: ccr.c Log message: rpki-client: convert ccr.c to ASN1_BIT_STRING_set1() This becomes slightly simpler and more correct with this change. In particular, this now makes sure that the unused bits are set to 0 as required by the DER. ok claudio job CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/05 03:33:15 Modified files: usr.sbin/rpki-client: ip.c mft.c Log message: rpki-client: convert ip.c and mft.c to ASN1_BIT_STRING_get_length() This isn't the greatest of APIs, but we're going to be stuck with it since better APIs depend on libcrypto not doing the implicit truncation nonsense, which only OpenSSL 4 and BoringSSL dropped by now. Some of the error checks become now unreachable. This will be cleaned up another time. ok claudio job CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/05 04:23:06 Modified files: sys/dev/pci/drm/include/linux: xarray.h Log message: add parentheses around use of a macro argument CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/05 04:23:27 Modified files: sys/dev/fdt : rkclock.c rkclock_clocks.h rkrng.c Log message: Add RK3576 support. ok dlg@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 05:40:02 Modified files: usr.sbin/ldpd : address.c Log message: Ensure that alt_len includes at least the size of alt.family member to ensure that the parser is not going off the rails. OK renato@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 05:42:56 Modified files: usr.sbin/ldpd : labelmapping.c Log message: Unlike all other TLV encodings in ldp the sub-tlv includes the header size in its length. Therefore check that the size is at least that of the header. OK renato@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 05:44:27 Modified files: usr.sbin/ldpd : notification.c Log message: Fix minimal length check for notification status messages. Found while reviewing all the length checks in ldpd. OK renato@ CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2026/05/05 05:46:18 Modified files: usr.sbin/eigrpd: packet.c Log message: In eigrp the TLV encoding includes the header length in the length encoding. So check that the minimal length is at least that of the TLV header. OK renato@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/05 06:02:12 Modified files: usr.bin/tmux : control.c Log message: Discard queued data and clear offsets when turning pane off to prevent later read of data that has been removed. From Aaron Campbell in GitHub issue 5054. CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/05 06:06:52 Modified files: usr.bin/tmux : screen.c Log message: Add missing flags to screen_mode_to_string and do not write before before if any are missed, second bit from qingliu at alauda dot io. CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/05 06:28:59 Modified files: sys/kern : kern_time.c Log message: Use the correct struct itemerval when recording the old value for ktrace. This fixes a potential information leak from an uninitializes stack variable. Found by Frank Denis using the Swival Security Scanner. ok deraadt@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/05 06:56:12 Modified files: regress/lib/libcrypto/wycheproof: Makefile Log message: wycheproof: add regress target to ensure proper go formatting CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2026/05/05 07:00:00 Modified files: sys/kern : kern_pledge.c Log message: Frank Denis using the Swival Security Scanner concludes that kill(0,sig) should not be allowed because of a source code comment. Actually, kill of the default pgid 0 MUST be allowed or large amounts of userland software won't work. What pledge prevents is playing with other process groups (ie. -pid where pid is not 0) which require permission from the "proc" pledge. Killing the default pgrp 0 is a common way for privsep (and other) software to tear itself down it's process trees, for cases where a pipe read of 0 doesn't work. The current behaviour is intentional, and the proposed diff was not considered nor tested for consequences. Change the comment very subtly to see which AI/human collaboration fails next. CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/05 07:01:42 Modified files: usr.bin/rdistd : server.c Log message: correct bounds test found with smatch, ok tb@ deraadt@ CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/05 07:18:46 Modified files: usr.bin/tmux : screen.c tmux.h Log message: Do not sanitize title when popping it from stack, also add a limit to number of pushed titles. CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2026/05/05 08:01:56 Modified files: sys/kern : vfs_syscalls.c Log message: When I added UF_PLEDGEOPEN in the sys_fchflags() chunk I mistakenly used the wrong vnode operation. spotted by Frank Denis using the Swival Security Scanner ok claudio CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/05 18:07:46 Modified files: usr.bin/pkgconf/libpkgconf: config.h Log message: define HAVE_DECL_REALLOCARRAY to use libc reallocarray() ok millert@ tb@ CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/05/05 20:54:35 Modified files: lib/libc/stdio : open_wmemstream.c Log message: Size is the number of wide characters, not the number of bytes. The correct amount of memory was allocated but the stored size did not match the allocation due to being multiplied by sizeof(wchar_t). Spotted by Frank Denis using the Swival Security Scanner OK deraadt@ CVSROOT: /cvs Module name: www Changes by: kmos@cvs.openbsd.org 2026/05/05 21:41:28 Modified files: . : plus.html Log message: Changes for March 2026 and the first few days of April Kill some trailing whitespace Done with pamela@ CVSROOT: /cvs Module name: www Changes by: tb@cvs.openbsd.org 2026/05/05 23:36:31 Modified files: . : 79.html Log message: ruby 3.3.11, not 3.3.1; from robert klein CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/06 02:07:05 Modified files: libexec/ld.so/sparc64: rtld_machine.c Log message: Add missing bounds check for the relocation flags table. Found by Frank Denis using the Swival Security Scanner. ok guenther@, jsg@ CVSROOT: /cvs Module name: src Changes by: schwarze@cvs.openbsd.org 2026/05/06 02:26:16 Modified files: usr.bin/mandoc : main.c Log message: Fix a regression in rev. 1.269 reported by anton@. Due to unveil(2), mansearch() can no longer change back to the initial working directory. But check_xr() calls mansearch(), so the main program needs to change back if -T lint or -W style is requested, such that these work even when multiple relative file names are given on the command line. CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/05/06 03:05:48 Modified files: libexec/ld.so : library.c library_mquery.c Log message: Add checks to make sure that the ELF header and program header fit into the data we read from the on-disk shared library. These checks should only fail for malformed shared libraries, but failing to load a shared library is better than crashing the program because of an out-of-bounds access. Issue found by Frank Denis using the Swival Security Scanner. ok guenther@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/06 05:36:13 Modified files: sys/netinet : ip_output.c Log message: fix build with ENCDEBUG defined, broken by rev 1.409 from Jan Schreiber CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/05/06 06:07:19 Modified files: usr.bin/rsync : sender.c Log message: callloc -> calloc from Jan Schreiber CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/05/06 06:47:03 Modified files: devel/llvm/22 : Makefile distinfo devel/llvm/22/patches: patch-clang_tools_clang-shlib_CMakeLists_txt patch-lld_ELF_RelocScan_h patch-lld_ELF_Relocations_cpp patch-llvm_lib_Target_AArch64_AArch64AsmPrinter_cpp patch-llvm_lib_Transforms_Scalar_LoopIdiomRecognize_cpp patch-llvm_tools_llvm-shlib_CMakeLists_txt Added files: devel/llvm/22/patches: patch-libcxx_include_deque patch-lld_ELF_Relocations_h Log message: update to 22.1.5; sync patches while here CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/05/06 06:47:26 Modified files: devel/llvm : Makefile.inc Log message: add a helper target to create tarballs for merging in base CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/05/06 06:48:05 Modified files: editors/libreoffice: Makefile distinfo editors/libreoffice/patches: patch-configure Removed files: editors/libreoffice/patches: patch-sdext_source_pdfimport_xpdfwrapper_pdfioutdev_gpl_cxx patch-sdext_source_pdfimport_xpdfwrapper_pdfioutdev_gpl_hxx Log message: update to 26.2.3.2 CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/05/06 06:48:55 Modified files: www/chromium : Makefile distinfo www/chromium/patches: patch-chrome_browser_background_glic_glic_status_icon_cc patch-chrome_browser_renderer_context_menu_render_view_context_menu_cc patch-components_user_education_views_help_bubble_view_cc patch-components_user_education_views_help_bubble_view_h patch-content_common_features_cc patch-content_common_features_h patch-gpu_command_buffer_service_shared_image_shared_image_factory_cc patch-gpu_command_buffer_service_shared_image_shared_image_manager_cc patch-gpu_ipc_service_gpu_init_cc patch-v8_src_execution_isolate_cc Log message: update to 147.0.7727.137 CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/05/06 06:49:45 Modified files: www/ungoogled-chromium: Makefile distinfo www/ungoogled-chromium/patches: patch-chrome_browser_background_glic_glic_status_icon_cc patch-chrome_browser_renderer_context_menu_render_view_context_menu_cc patch-components_user_education_views_help_bubble_view_cc patch-components_user_education_views_help_bubble_view_h patch-content_common_features_cc patch-content_common_features_h patch-gpu_command_buffer_service_shared_image_shared_image_factory_cc patch-gpu_command_buffer_service_shared_image_shared_image_manager_cc patch-gpu_ipc_service_gpu_init_cc patch-v8_src_execution_isolate_cc Log message: update to 147.0.7727.137 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 06:53:07 Modified files: www/nginx : Makefile distinfo www/nginx/patches: patch-conf_nginx_conf patch-man_nginx_8 Log message: www/nginx: update to 1.30, ok robert@ (MAINTAINER) see https://nginx.org/en/CHANGES-1.30 notable changes: keepalive enabled by default in upstream definitions, and proxy_http_version now defaults to 1.1. CVSROOT: /cvs Module name: ports Changes by: tb@cvs.openbsd.org 2026/05/06 06:53:52 Modified files: www/seamonkey : Makefile Added files: www/seamonkey/patches: patch-third_party_rust_encoding_rs_src_x_user_defined_rs Log message: seamonkey: fix build with rust 1.95 ok landry (maintainer) CVSROOT: /cvs Module name: src Changes by: deraadt@cvs.openbsd.org 2026/05/06 06:54:27 Modified files: bin/chmod : chmod.c Log message: High Severity end-of-line whitespace found by GrepTechnologies AI ok guenther mlarkin CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 06:55:08 Modified files: geo/gdal : Makefile distinfo Removed files: geo/gdal/patches: patch-frmts_pdf_CMakeLists_txt patch-frmts_pdf_pdfobject_cpp Log message: geo/gdal: update to 3.12.4. add hidden dep on math/muparser while here, it is a recommended dependency for mathematical expressions in vrt files CVSROOT: /cvs Module name: ports Changes by: tb@cvs.openbsd.org 2026/05/06 06:55:32 Modified files: www/seamonkey : Makefile www/seamonkey/patches: patch-third_party_python_virtualenv_virtualenv_seed_wheels_embed___init___py Added files: www/seamonkey/patches: patch-python_mozbuild_mozbuild_frontend_reader_py Log message: seamonkey: fix build with python 3.14 clues from sthen, ok landry (maintainer) CVSROOT: /cvs Module name: ports Changes by: robert@cvs.openbsd.org 2026/05/06 06:55:50 Modified files: net/zabbix : Makefile distinfo Log message: update to 7.0.26 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 06:57:56 Modified files: geo/mapcache : Makefile distinfo Log message: geo/mapcache: update to 1.16.0. see https://mapserver.org/development/changelog/mapcache/changelog-1-16.html#changelog-mapcache-1-16 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 06:58:18 Modified files: sysutils/upower: Makefile distinfo sysutils/upower/pkg: PLIST Log message: sysutils/upower: update to 1.91.2 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:00:50 Modified files: print/scribus : Makefile distinfo print/scribus/pkg: PLIST Removed files: print/scribus/patches: patch-scribus_plugins_import_pdf_importpdf_cpp patch-scribus_plugins_import_pdf_pdftextrecognition_cpp patch-scribus_plugins_import_pdf_slaoutput_cpp patch-scribus_plugins_import_pdf_slaoutput_h Log message: print/scribus: update to 1.7.3 see https://wiki.scribus.net/canvas/1.7.3_Release CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:01:20 Modified files: wayland/gtk-layer-shell: Makefile distinfo Log message: wayland/gtk-layer-shell: update to 0.10.1 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:02:44 Modified files: wayland/labwc : Makefile distinfo Log message: wayland/labwc: update to 0.9.7. see https://github.com/labwc/labwc/releases/tag/0.9.5 https://github.com/labwc/labwc/releases/tag/0.9.6 and https://github.com/labwc/labwc/releases/tag/0.9.7 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:03:19 Modified files: wayland/swaylock: Makefile distinfo Log message: wayland/swaylock: update to 1.8.5 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:04:23 Modified files: wayland/swayimg: Makefile distinfo wayland/swayimg/patches: patch-meson_build wayland/swayimg/pkg: PLIST Log message: wayland/swayimg: update to 5.2. adds luajit dependency, config changed to lua see https://github.com/artemsen/swayimg/releases/tag/v5.0 https://github.com/artemsen/swayimg/releases/tag/v5.1 and https://github.com/artemsen/swayimg/releases/tag/v5.2 CVSROOT: /cvs Module name: ports Changes by: tb@cvs.openbsd.org 2026/05/06 07:05:07 Modified files: security/py-cryptography: Makefile crates.inc distinfo security/py-cryptography/pkg: PLIST Removed files: security/py-cryptography/patches: patch-pyproject_toml Log message: Update to py-cryptography 47.0.0 https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst#4700---2026-04-24 (I am aware that 48.0.0 was released two days ago) CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:05:39 Modified files: www/dillo : Makefile distinfo www/dillo/pkg : PLIST Log message: www/dillo: update to 3.3.0 see https://dillo-browser.org/release/3.3.0/ CVSROOT: /cvs Module name: ports Changes by: tb@cvs.openbsd.org 2026/05/06 07:05:41 Modified files: security/py-cryptography_vectors: Makefile distinfo security/py-cryptography_vectors/patches: patch-pyproject_toml security/py-cryptography_vectors/pkg: PLIST Log message: Update py-cryptography_vectors to 47.0.0 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:06:37 Modified files: devel/highway : Makefile distinfo devel/highway/patches: patch-CMakeLists_txt devel/highway/pkg: PLIST Log message: devel/highway: update to 1.4.0. see https://github.com/google/highway/releases/tag/1.3.0 and https://github.com/google/highway/releases/tag/1.4.0 CVSROOT: /cvs Module name: ports Changes by: tb@cvs.openbsd.org 2026/05/06 07:07:46 Modified files: security/py-openssl: Makefile distinfo Log message: Update py-openssl to 26.1.0 https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst#2610-2026-04-24 (like pyca/cryptography, 26.2.0 has been out for two days) CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:07:58 Modified files: databases/arrow/cpp: Makefile distinfo databases/arrow/cpp/patches: patch-cpp_src_arrow_util_thread_pool_test_cc databases/arrow/cpp/pkg: PLIST Removed files: databases/arrow/cpp/patches: patch-cpp_src_arrow_CMakeLists_txt Log message: databases/arrow/cpp: update to 24.0.0 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:09:22 Modified files: games/dustrac : Makefile distinfo games/dustrac/pkg: PLIST Added files: games/dustrac/patches: patch-src_game_MiniCore_src_Core_mcworld_cc patch-src_game_MiniCore_src_Physics_mcimpulsegenerator_cc Removed files: games/dustrac/patches: patch-CMakeLists_txt patch-src_game_MiniCore_Graphics_MCGLEW Log message: games/dustrac: update to 2.2.0 (finally!) CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:10:30 Modified files: math/muparser : Makefile distinfo math/muparser/pkg: PLIST Log message: math/muparser: update to 2.3.5 CVSROOT: /cvs Module name: ports Changes by: tb@cvs.openbsd.org 2026/05/06 07:10:58 Modified files: textproc/check-jsonschema: Makefile distinfo Log message: Update check-jsonschema to 0.37.2 https://github.com/python-jsonschema/check-jsonschema/releases/tag/0.37.2 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:13:02 Modified files: geo/qgis : Makefile distinfo geo/qgis/pkg : PLIST Log message: geo/qgis: update to 4.0.2 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:16:09 Modified files: geo/py-fiona : Makefile Log message: geo/py-fiona: fixup deps, from Marco van Hulten with tweaks from sthen attrs and certifi were missing, munch and six arent needed anymore. CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:17:43 Modified files: graphics/blend2d: Makefile distinfo graphics/blend2d/pkg: PLIST Log message: graphics/blend2d: update to 0.21.2 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:18:51 Modified files: print/pdf4qt : Makefile distinfo print/pdf4qt/patches: patch-CMakeLists_txt patch-Pdf4QtLaunchPad_launchdialog_cpp Log message: print/pdf4qt: update to 1.5.3.1 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:20:40 Modified files: databases/sqlcipher: Makefile distinfo databases/sqlcipher/patches: patch-autosetup_sqlite-config_tcl Log message: update to sqlcipher-4.15.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:20:44 Modified files: devel/py-build : Makefile distinfo Log message: update to py3-build-1.5.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:20:47 Modified files: devel/py-cachetools: Makefile distinfo devel/py-cachetools/pkg: PLIST Log message: update to py3-cachetools-7.1.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:20:52 Modified files: devel/py-certifi: Makefile distinfo Log message: update to py3-certifi-2026.4.22 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:20:56 Modified files: devel/py-comm : Makefile distinfo Log message: update to py3-comm-0.2.3 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:01 Modified files: devel/py-inline-snapshot: Makefile distinfo Log message: update to py3-inline-snapshot-0.32.7 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:21:02 Modified files: geo/pygeoapi : Makefile distinfo geo/pygeoapi/pkg: PLIST Log message: geo/pygeoapi: update to 0.23.4. 0.23.3 fixes the following security issues: https://github.com/geopython/pygeoapi/security/advisories/GHSA-f6pr-83pg-ghh6 https://github.com/geopython/pygeoapi/security/advisories/GHSA-jgvc-94c8-3chc 0.23.0 adds support for OGC API pub/sub, so add py-paho-mqtt as an RDEP see https://github.com/geopython/pygeoapi/releases/tag/0.23.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:06 Modified files: devel/py-pathspec: Makefile distinfo Log message: update to py3-pathspec-1.1.1 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:10 Modified files: devel/py-poetry-core: Makefile distinfo devel/py-poetry-core/pkg: PLIST Log message: update to py3-poetry-core-2.4.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:13 Modified files: devel/py-trove-classifiers: Makefile distinfo Log message: update to py3-trove-classifiers-2026.4.28.13 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:16 Modified files: devel/py-tzdata: Makefile distinfo Log message: update to py3-tzdata-2026.2 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:19 Modified files: mail/mutt : Makefile distinfo Log message: update to mutt-2.3.2 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:22 Modified files: mail/neomutt : Makefile distinfo Log message: update to neomutt-20260504 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:25 Modified files: mail/pflogsumm : Makefile distinfo Log message: update to pflogsumm-1.2.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:34 Modified files: net/dhcpcd : Makefile distinfo Log message: update to dhcpcd-10.3.2 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:39 Modified files: net/nfdump : Makefile distinfo net/nfdump/patches: patch-src_libnfdump_Makefile_am patch-src_libnffile_Makefile_am net/nfdump/pkg : PLIST Removed files: net/nfdump/patches: patch-configure_ac Log message: update to nfdump-1.7.8 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:43 Modified files: net/py-idna : Makefile distinfo Log message: update to py3-idna-3.13 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:47 Modified files: net/radcli : Makefile distinfo net/radcli/patches: patch-lib_util_h net/radcli/pkg : PLIST Log message: update to radcli-1.5.1 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:51 Modified files: net/rsync : Makefile distinfo net/rsync/patches: patch-rsync_1 patch-rsyncd_conf_5 Log message: update to rsync-3.4.2 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:54 Modified files: security/py-google-auth: Makefile distinfo security/py-google-auth/pkg: PLIST Log message: update to py3-google-auth-2.50.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:21:58 Modified files: sysutils/py-packaging: Makefile distinfo sysutils/py-packaging/pkg: PLIST Log message: update to py3-packaging-26.2 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:22:02 Modified files: sysutils/py-xxhash: Makefile distinfo Log message: update to py3-xxhash-3.7.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:22:05 Modified files: www/libmicrohttpd: Makefile distinfo Removed files: www/libmicrohttpd/patches: patch-src_include_microhttpd_h Log message: update to libmicrohttpd-1.0.5 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:22:09 Modified files: www/llhttp : Makefile distinfo www/llhttp/pkg : PLIST Log message: update to llhttp-9.4.1 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:22:12 Modified files: www/nghttp2 : Makefile distinfo Log message: update to nghttp2-1.69.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:22:15 Modified files: www/py-werkzeug: Makefile distinfo Log message: update to py3-werkzeug-3.1.8 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:22:48 Modified files: devel/py-pip : Makefile distinfo devel/py-pip/pkg: PLIST Added files: devel/py-pip/patches: patch-src_pip__vendor_urllib3___init___py Log message: update to py3-pip-26.1.1 patch away obnoxious warning from bundled urllib 2.x CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:23:37 Modified files: news/tin : Makefile distinfo news/tin/patches: patch-src_Makefile_in patch-src_parsdate_y news/tin/pkg : PLIST Removed files: news/tin/patches: patch-configure_in Log message: update to tin-2.6.5 also enable libtls support as requested by Lennart Jablonka CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:24:49 Modified files: astro/kosmorro : Makefile distinfo Log message: update to kosmorro-1.0.2, plus dep fix CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:25:07 Modified files: www/tomcat/v11 : Makefile distinfo www/tomcat/v11/pkg: PLIST-examples Log message: update to tomcat-11.0.22 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:26:09 Modified files: www/sogo : Makefile distinfo www/sope : Makefile distinfo Log message: www/sogo (& www/sope): security update to 5.12.7 see https://www.sogo.nu/news/2026/sogo-v5127-released.html, https://www.sogo.nu/news/2026/sogo-v5126-released.html and https://www.sogo.nu/news/2026/sogo-v5125-released.html reminder: sogo 5 is now in maintainance-only more CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:27:45 Modified files: devel/cargo : cargo.port.mk Log message: devel/cargo/cargo.port.mk: improve libsqlite3-sys system lib support Bring libsqlite3-sys in line with how we handle similar crates like libz-sys or zstd-sys. OK semarie@ CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:28:06 Modified files: www/vaultwarden-web: Makefile distinfo www/vaultwarden-web/pkg: PLIST Log message: Update to vaultwarden-web-2026.4.1 Changes: https://github.com/dani-garcia/bw_web_builds/releases/tag/v2026.3.1 https://github.com/dani-garcia/bw_web_builds/releases/tag/v2026.4.1 CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:28:28 Modified files: security/vaultwarden: Makefile crates.inc distinfo Added files: security/vaultwarden/patches: patch-modcargo-crates_webauthn-attestation-ca-0_5_5_build_rs patch-modcargo-crates_webauthn-rs-core-0_5_5_build_rs patch-modcargo-crates_webauthn-rs-core-0_5_5_src_crypto_rs patch-modcargo-crates_webauthn-rs-core-0_5_5_src_interface_rs patch-modcargo-crates_webauthn-rs-core-0_5_5_src_internals_rs Removed files: security/vaultwarden/patches: patch-modcargo-crates_webauthn-attestation-ca-0_5_4_build_rs patch-modcargo-crates_webauthn-rs-core-0_5_4_build_rs patch-modcargo-crates_webauthn-rs-core-0_5_4_src_crypto_rs patch-modcargo-crates_webauthn-rs-core-0_5_4_src_interface_rs patch-modcargo-crates_webauthn-rs-core-0_5_4_src_internals_rs Log message: Security update to vaultwarden-1.36.0 Contains security fixes for: - SSO Login CSRF - User/Organization Enumeration - SSO existing-user binding - SSRF via Icon Endpoint - Some crate's updated and other minor security enhancements Changes: https://github.com/dani-garcia/vaultwarden/releases/tag/1.35.8 https://github.com/dani-garcia/vaultwarden/releases/tag/1.36.0 Port now dynamically links against SQLite3. CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:28:49 Modified files: net/wstunnel : Makefile crates.inc distinfo net/wstunnel/patches: patch-Cargo_lock patch-wstunnel-cli_Cargo_toml Log message: Update to wstunnel-10.5.4 Changes: https://github.com/erebe/wstunnel/releases/tag/v10.5.2 https://github.com/erebe/wstunnel/releases/tag/v10.5.3 https://github.com/erebe/wstunnel/releases/tag/v10.5.4 From Christoph Liebender (MAINTAINER) CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:28:54 Modified files: geo/osrm-backend: Makefile distinfo geo/osrm-backend/patches: patch-src_extractor_edge_based_graph_factory_cpp patch-src_extractor_extractor_cpp patch-src_guidance_guidance_processing_cpp patch-src_partitioner_recursive_bisection_cpp geo/osrm-backend/pkg: PLIST Added files: geo/osrm-backend/patches: patch-src_tools_io-benchmark_cpp Removed files: geo/osrm-backend/patches: patch-include_server_connection_hpp patch-include_server_server_hpp patch-src_engine_plugins_tile_cpp patch-third_party_sol2_include_sol_sol_hpp Log message: geo/osrm-backend: update to 26.4.1. @comment the io-benchmark binary, codepaths are #ifdef linux builds with an upcoming boost update tb@ is working on CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:29:16 Modified files: sysutils/rustic: Makefile sysutils/rustic/patches: patch-modcargo-crates_canonical-path-2_0_2_src_lib_rs Log message: sysutils/bupstash: workaround missing current_exe() on OpenBSD Since env::current_exe() is a no-op on OpenBSD, implement a workaround that resolves the executable path via argv[0] and a PATH search. Bump REVISION. Prodded and tested by Laurence Tratt CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:29:30 Modified files: textproc/pymarkdownlnt: Makefile distinfo textproc/pymarkdownlnt/pkg: PLIST Log message: update to pymarkdownlnt-0.9.37 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:29:35 Modified files: textproc/py-mistune: Makefile distinfo Log message: update to py3-mistune-3.2.1 CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:29:35 Modified files: sysutils/bupstash: Makefile sysutils/bupstash/pkg: DESCR Log message: sysutils/bupstash: warn about upstream status in DESCR Add a warning to DESCR that the tool is unmaintained and may be removed in the future. Bump REVISION. Prodded by Laurence Tratt CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/05/06 07:30:26 Modified files: libexec/ld.so/arm: rtld_machine.c Log message: Add missing bounds check for the relocation flags table. ok kettenis@ CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:31:01 Modified files: x11/lxqt : Makefile.inc x11/lxqt/about : Makefile distinfo x11/lxqt/about/pkg: PLIST x11/lxqt/build-tools2: distinfo x11/lxqt/build-tools2/pkg: PLIST x11/lxqt/config: distinfo x11/lxqt/config/pkg: PLIST x11/lxqt/globalkeys: distinfo x11/lxqt/globalkeys/pkg: PLIST x11/lxqt/libdbusmenu: Makefile distinfo x11/lxqt/libfm-qt: Makefile distinfo x11/lxqt/libfm-qt/pkg: PLIST x11/lxqt/liblxqt: Makefile distinfo x11/lxqt/liblxqt/pkg: PLIST x11/lxqt/libqtxdg: Makefile distinfo x11/lxqt/libqtxdg/patches: patch-src_qtxdg_xdgdirs_cpp patch-src_xdgiconloader_xdgiconloader_cpp patch-test_tst_xdgdirs_cpp x11/lxqt/lximage-qt: distinfo x11/lxqt/lximage-qt/pkg: PLIST x11/lxqt/menu-data: distinfo x11/lxqt/menu-data/pkg: PLIST x11/lxqt/notificationd: distinfo x11/lxqt/notificationd/pkg: PLIST x11/lxqt/obconf-qt: Makefile distinfo x11/lxqt/obconf-qt/pkg: PLIST x11/lxqt/openssh-askpass: distinfo x11/lxqt/openssh-askpass/pkg: PLIST x11/lxqt/panel : Makefile distinfo x11/lxqt/panel/patches: patch-plugin-mainmenu_lxqtmainmenuconfiguration_cpp x11/lxqt/panel/pkg: PLIST x11/lxqt/pavucontrol-qt: distinfo x11/lxqt/pavucontrol-qt/pkg: PLIST x11/lxqt/pcmanfm-qt: distinfo x11/lxqt/pcmanfm-qt/patches: patch-pcmanfm_tabpage_cpp x11/lxqt/pcmanfm-qt/pkg: PLIST x11/lxqt/policykit: distinfo x11/lxqt/policykit/pkg: PLIST x11/lxqt/powermanagement: distinfo x11/lxqt/powermanagement/pkg: PLIST x11/lxqt/qterminal: distinfo x11/lxqt/qterminal/pkg: PLIST x11/lxqt/qtermwidget: distinfo x11/lxqt/qtermwidget/pkg: PLIST x11/lxqt/qtplugin: Makefile distinfo x11/lxqt/qtxdg-tools: Makefile distinfo x11/lxqt/runner: distinfo x11/lxqt/runner/patches: patch-CMakeLists_txt x11/lxqt/runner/pkg: PLIST x11/lxqt/screengrab: Makefile distinfo x11/lxqt/screengrab/pkg: PLIST x11/lxqt/session: distinfo x11/lxqt/session/patches: patch-lxqt-config-session_sessionconfigwindow_cpp patch-lxqt-session_src_wmselectdialog_cpp x11/lxqt/session/pkg: PLIST x11/lxqt/sudo : distinfo x11/lxqt/sudo/pkg: PLIST x11/lxqt/themes: distinfo x11/lxqt/themes/pkg: PLIST Removed files: x11/lxqt/config/patches: patch-lxqt-config-monitor_monitorsettingsdialog_cpp patch-lxqt-config-monitor_monitorwidget_cpp x11/lxqt/libfm-qt/patches: patch-CMakeLists_txt patch-src_CMakeLists_txt x11/lxqt/libqtxdg/patches: patch-CMakeLists_txt patch-src_qtxdg_CMakeLists_txt patch-src_xdgiconloader_CMakeLists_txt patch-src_xdgiconloader_plugin_CMakeLists_txt x11/lxqt/panel/patches: patch-CMakeLists_txt x11/lxqt/qtplugin/patches: patch-CMakeLists_txt patch-src_CMakeLists_txt x11/lxqt/screengrab/patches: patch-CMakeLists_txt Log message: x11/lxqt: update to 2.4.0. see https://lxqt-project.org/release/2026/04/20/release-lxqt-2-4-0/ CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:31:37 Modified files: news/py-sabctools: Makefile distinfo news/py-sabctools/patches: patch-setup_py Log message: Update to py-sabctools-9.4.0 Changes: https://github.com/sabnzbd/sabctools/compare/v8.2.6...v9.4.0 CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:31:49 Modified files: news/sabnzbd : Makefile distinfo news/sabnzbd/pkg: PLIST Log message: Update to sabnzbd-5.0.1 Changes: https://github.com/sabnzbd/sabnzbd/releases/tag/5.0.0 https://github.com/sabnzbd/sabnzbd/releases/tag/5.0.1 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:31:52 Modified files: meta/lxqt : Makefile Log message: meta/lxqt: bump to 2.4.0 CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:32:39 Modified files: net/unison : Makefile distinfo Log message: Update to unison-2.54.0 Changes: https://github.com/bcpierce00/unison/releases/tag/v2.54.0 CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/05/06 07:33:09 Modified files: sysutils/rclone: Makefile distinfo Log message: Update to rclone-1.74.0 Changes: https://rclone.org/changelog/#v1-74-0-2026-05-01 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:33:26 Modified files: textproc/py-pyaml: Makefile distinfo Log message: update to py3-pyaml-26.2.1 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:33:29 Modified files: sysutils/py-mitogen: Makefile distinfo Log message: update to py3-mitogen-0.3.47 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:35:22 Modified files: sysutils/py-pipx: Makefile distinfo Log message: update to py3-pipx-1.11.2 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:36:13 Modified files: net/py-curl : Makefile distinfo net/py-curl/pkg: PLIST Log message: update to py3-curl-7.46.0 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:38:57 Log message: Import fonts/marelle 1.004. The Marelle font is specifically designed for teaching cursive writing in primary school. see https://marelle.forge.apps.education.fr/ for samples requested by miod@ ok ajacoutot@ Status: Vendor Tag: landry Release Tags: landry_20260506 N ports/fonts/marelle/Makefile N ports/fonts/marelle/distinfo N ports/fonts/marelle/pkg/PLIST-web N ports/fonts/marelle/pkg/DESCR-web N ports/fonts/marelle/pkg/PLIST-main N ports/fonts/marelle/pkg/DESCR-main No conflicts created by this import CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:39:44 Modified files: fonts : Makefile Log message: fonts/Makefile: +marell CVSROOT: /cvs Module name: src Changes by: nicm@cvs.openbsd.org 2026/05/06 07:43:38 Modified files: usr.bin/tmux : format.c Log message: Add time limit to a couple of other loops. CVSROOT: /cvs Module name: ports Changes by: naddy@cvs.openbsd.org 2026/05/06 07:47:26 Modified files: telephony/siproxd: Makefile distinfo telephony/siproxd/patches: patch-doc_siproxd_conf_example patch-src_Makefile_in patch-src_siproxd_c telephony/siproxd/pkg: PLIST Added files: telephony/siproxd/patches: patch-src_auth_c Removed files: telephony/siproxd/patches: patch-src_rtpproxy_c Log message: telephony/siproxd: update to 0.8.4 Changes: - many string handling fixes New plugins: - plugin_regex_body CVSROOT: /cvs Module name: ports Changes by: naddy@cvs.openbsd.org 2026/05/06 07:49:17 Modified files: graphics/netpbm: Makefile distinfo Added files: graphics/netpbm/patches: patch-test_pampick-roundtrip_test Removed files: graphics/netpbm/patches: patch-test_pbmtext-utf8_test patch-test_pnmpad-color_test Log message: graphics/netpbm: update to 11.14.00 Numerous bug fixes. CVSROOT: /cvs Module name: ports Changes by: naddy@cvs.openbsd.org 2026/05/06 07:51:27 Modified files: audio/mpg123 : Makefile distinfo Log message: audio/mpg123: maintenance update to 1.33.5 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:52:46 Modified files: lang/wasi-libc : Makefile distinfo lang/wasi-libc/patches: patch-Makefile lang/wasi-libc/pkg: PLIST Log message: lang/wasi-libc: update to sdk 29 don't update to latest (32) as it switched to cmake in the meantime, more work needed. CVSROOT: /cvs Module name: ports Changes by: naddy@cvs.openbsd.org 2026/05/06 07:52:52 Modified files: net/curl : Makefile distinfo net/curl/patches: patch-m4_curl-compilers_m4 net/curl/pkg : PLIST Log message: net/curl: update to 8.20.0 Changes: * drop support for SMB Includes fixes for CVE-2026-4873: connection reuse ignores TLS requirement CVE-2026-5545: wrong reuse of HTTP Negotiate connection CVE-2026-5773: wrong reuse of SMB connection CVE-2026-6253: proxy credentials leak over redirect-to proxy CVE-2026-6276: stale custom cookie host causes cookie leak CVE-2026-6429: netrc credential leak with reused proxy connection CVE-2026-7168: cross-proxy Digest auth state leak CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 07:55:02 Modified files: lang/wasi-sdk : Makefile.inc lang/wasi-sdk/compiler-rt: Makefile distinfo lang/wasi-sdk/libcxx: Makefile distinfo lang/wasi-sdk/libcxx/pkg: PLIST Log message: lang/wasi-sdk: update to build from llvm 21.1.8 went through several mozilla builds with llvm 19, and allows to build firefox with llvm 21. first step on updating to llvm 22.. CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 07:56:45 Modified files: textproc/py-ujson: Makefile distinfo Log message: update to py3-ujson-5.12.1 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:05:55 Modified files: lang/php/8.2 : Makefile distinfo Log message: update to php-8.2.31 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:06:24 Modified files: lang/php/8.3 : Makefile distinfo Log message: update to php-8.3.31 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:06:43 Modified files: lang/php/8.4 : Makefile distinfo lang/php/8.4/patches: patch-ext_openssl_openssl_c Log message: update to php-8.4.21 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:07:42 Modified files: editors/vim-classic: Makefile distinfo editors/vim-classic/patches: patch-runtime_filetype_vim patch-runtime_syntax_make_vim patch-src_configure_ac editors/vim-classic/pkg: PLIST Log message: update vim-classic to newer checkout CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:08:38 Modified files: devel/py-test : Makefile distinfo Log message: update to py3-test-9.0.3 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 08:10:25 ports/telephony/linphone/pkg Update of /cvs/ports/telephony/linphone/pkg In directory cvs.openbsd.org:/tmp/cvs-serv86159/pkg Log Message: Directory /cvs/ports/telephony/linphone/pkg added to the repository CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 08:10:25 ports/telephony/linphone/patches Update of /cvs/ports/telephony/linphone/patches In directory cvs.openbsd.org:/tmp/cvs-serv86159/patches Log Message: Directory /cvs/ports/telephony/linphone/patches added to the repository CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:11:27 Modified files: net/icinga/icingadb: Makefile net/icinga/icingadb/pkg: README Log message: tweak pkg-readme CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:12:17 Modified files: net/icinga/icinga-php-library: Makefile distinfo net/icinga/icinga-php-library/pkg: PLIST Log message: update to icinga-php-library-0.19.2, from Alvar Penning CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:15:44 Modified files: net/icinga/core2: Makefile distinfo net/icinga/core2/patches: patch-itl_plugins-contrib_d_web_conf net/icinga/core2/pkg: PLIST-main README-main Added files: net/icinga/core2/pkg: MESSAGE-mysql MESSAGE-pgsql Removed files: net/icinga/core2/patches: patch-lib_base_library_cpp patch-lib_base_utility_cpp Log message: update to icinga2-2.16.0, mostly from Alvar Penning, some tweaks from me license moves from GPLv2+ with openssl exemption to GPLv3+ CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:15:48 Modified files: sysutils/f3 : Makefile distinfo sysutils/f3/patches: patch-Makefile Added files: sysutils/f3/patches: patch-src_f3read_c patch-src_f3write_c Removed files: sysutils/f3/patches: patch-f3read_c patch-f3write_c Log message: update to f3-10.0, from Alexander Klimov, + regen patches CVSROOT: /cvs Module name: ports Changes by: naddy@cvs.openbsd.org 2026/05/06 08:20:53 Modified files: telephony/libosip2: Makefile Log message: telephony/libosip2: provide debug packages CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:39:44 Modified files: databases/sqlite3: Makefile distinfo databases/sqlite3/pkg: PLIST Added files: databases/sqlite3/patches: patch-autosetup_sqlite-config_tcl Removed files: databases/sqlite3/patches: patch-main_mk Log message: update to sqlite3-3.53.1 there was some reorg in the build and the patch to reenable the DQS (mis)feature is now done in a different place. I'm going to drop that patch (i.e. go back to upstream defaults); sqlports is fixed now and there shouldn't be much else using it - but will do that as a commit on top. CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:42:20 Modified files: databases/sqlite3: Makefile Removed files: databases/sqlite3/patches: patch-autosetup_sqlite-config_tcl Log message: stop patching to reenable DQS in the sqlite3 shell by default, i.e. move to the behaviour upstream changed to in 3.41.0 (2023). see https://sqlite.org/quirks.html#dblquote (and comments in the removed patch) for more info CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:42:27 Modified files: lang/php/8.5 : Makefile distinfo Log message: update to php-8.5.6 CVSROOT: /cvs Module name: ports Changes by: rsadowski@cvs.openbsd.org 2026/05/06 08:42:30 Log message: Import accounts-qml-module-0.7, ok volker@ Comment: QML bindings for libaccounts-qt and libsignon-qt Description: This QML module provides an API to manage the user's online accounts and get their authentication data. It's a tiny wrapper around the Qt-based APIs of libaccounts-qt and libsignon-qt. It is part of the accounts-sso project. Maintainer: Rafael Sadowski WWW: https://accounts-sso.gitlab.io/ Status: Vendor Tag: rsadowski Release Tags: rsadowski_20260506 N ports/net/accounts-qml-module/Makefile N ports/net/accounts-qml-module/distinfo N ports/net/accounts-qml-module/pkg/DESCR N ports/net/accounts-qml-module/pkg/PLIST No conflicts created by this import CVSROOT: /cvs Module name: ports Changes by: rsadowski@cvs.openbsd.org 2026/05/06 08:45:43 Modified files: net : Makefile Log message: +accounts-qml-module CVSROOT: /cvs Module name: ports Changes by: fcambus@cvs.openbsd.org 2026/05/06 08:48:01 Modified files: net/dbip : Makefile.inc net/dbip/asn : distinfo net/dbip/city : distinfo net/dbip/country: distinfo Log message: Update dbip to 2026.05. CVSROOT: /cvs Module name: ports Changes by: rsadowski@cvs.openbsd.org 2026/05/06 08:48:09 Log message: Import xsimd-14.2.0, ok volker@ Comment: C++ wrappers for SIMD intrinsics Description: C++ wrappers for SIMD intrinsics and parallelized, optimized mathematical functions (SSE, AVX, AVX512, NEON, SVE, WebAssembly, VSX, RISC-V)) Maintainer: The OpenBSD ports mailing-list WWW: https://github.com/xtensor-stack/xsimd Status: Vendor Tag: rsadowski Release Tags: rsadowski_20260506 N ports/devel/xsimd/Makefile N ports/devel/xsimd/distinfo N ports/devel/xsimd/pkg/PLIST N ports/devel/xsimd/pkg/DESCR No conflicts created by this import CVSROOT: /cvs Module name: ports Changes by: fcambus@cvs.openbsd.org 2026/05/06 08:49:52 Modified files: misc/ytree : Makefile distinfo Log message: Update ytree to 2.12. CVSROOT: /cvs Module name: ports Changes by: fcambus@cvs.openbsd.org 2026/05/06 08:51:13 Modified files: graphics/oxipng: Makefile crates.inc distinfo Log message: Update oxipng to 10.1.1. CVSROOT: /cvs Module name: ports Changes by: giovanni@cvs.openbsd.org 2026/05/06 08:54:13 Modified files: www/apache-httpd: Makefile distinfo www/apache-httpd/patches: patch-docs_man_htpasswd_1 patch-docs_man_httpd_8 www/apache-httpd/pkg: PLIST Log message: update to 2.4.67 fixes CVE-2026-23918, CVE-2026-24072, CVE-2026-28780, CVE-2026-29168, CVE-2026-29169, CVE-2026-33006, CVE-2026-33007, CVE-2026-33523, CVE-2026-33857, CVE-2026-34032 and CVE-2026-34059 CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/05/06 08:54:46 Modified files: misc/hwdata : Makefile distinfo Log message: Update to hwdata-0.407. CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 08:54:49 Modified files: net/wireshark : Makefile distinfo Log message: update to wireshark-4.6.5 CVSROOT: /cvs Module name: ports Changes by: rsadowski@cvs.openbsd.org 2026/05/06 08:55:52 Modified files: x11/kde-plasma/plasma-desktop: Makefile x11/kde-plasma/powerdevil: Makefile Log message: Remove odd knighttime dependency CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/05/06 08:58:22 Modified files: print/cups : Makefile distinfo Log message: Update to cups-2.4.19. CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/05/06 08:59:43 Modified files: mail/sendmail : Makefile distinfo mail/sendmail/pkg: PLIST-main Log message: Update to sendmail-8.19.0.1. CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/05/06 09:02:51 Modified files: lib/libssl : tls_key_share.c Log message: Avoid use of uninitialised decode_error variable. Pull initialisation of decode_error and invalid_key up to tls_key_share_{client,server}_peer_public(), which are the entry points for the key share code. The entry point was previously tls_key_share_peer_public(), however with the introduction of MLKEM this was split into separate client and server functions, without the initialisation being included. Also initialise decode_error and invalid_params on entry to tls_key_share_peer_params(). Code that reaches tls_key_share_client_peer_public_mlkem768x25519() could previously result in code branching based on decode_error, which is uninitialised stack based memory. Thanks to Guido Vranken of Aisle Research for reporting this issue. With and ok tb@ CVSROOT: /cvs Module name: src Changes by: jsing@cvs.openbsd.org 2026/05/06 09:06:35 Modified files: lib/libssl : d1_both.c dtls_local.h Log message: Get rid of struct dtls1_retransmit_state. In order to retransmit DTLS messages we potentially need to use the record protection from a previous epoch. However, DTLS currently also saves and restores the session, which is unnecessary - all of the record protection and keys are handled in the TLS record layer. Remove the rather useless dtls1_retransmit_state struct and just keep the epoch - keeping pointers hanging around to sessions is pretty nasty and unnecessary. ok kenjiro@ tb@ CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/05/06 09:17:04 Modified files: devel/harfbuzz : Makefile distinfo Log message: Update to harfbuzz-14.2.0. CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 09:29:20 Modified files: telephony/linphone: Makefile Added files: telephony/linphone/patches: patch-Linphone_CMakeLists_txt patch-Linphone_tool_native_DesktopTools_hpp patch-cmake_install_install_cmake patch-external_linphone-sdk_bctoolbox_include_bctoolbox_port_h patch-external_linphone-sdk_bctoolbox_src_crypto_mbedtls_cc patch-external_linphone-sdk_bctoolbox_src_utils_port_c patch-external_linphone-sdk_belle-sip_src_belle_sip_resolver_c patch-external_linphone-sdk_belle-sip_src_channel_c patch-external_linphone-sdk_belle-sip_src_dns_dns_c patch-external_linphone-sdk_belle-sip_src_transports_udp_listeningpoint_c patch-external_linphone-sdk_bzrtp_src_zidCache_c patch-external_linphone-sdk_cmake_Options_cmake patch-external_linphone-sdk_liblinphone_CMakeLists_txt patch-external_linphone-sdk_liblinphone_coreapi_linphonecore_c patch-external_linphone-sdk_liblinphone_src_CMakeLists_txt patch-external_linphone-sdk_liblinphone_src_core_paths_paths-linux_cpp patch-external_linphone-sdk_liblinphone_src_core_paths_paths_cpp patch-external_linphone-sdk_liblinphone_src_ldap_ldap-contact-provider_cpp patch-external_linphone-sdk_mediastreamer2_CMakeLists_txt patch-external_linphone-sdk_mediastreamer2_cmake_FindAom_cmake patch-external_linphone-sdk_mediastreamer2_cmake_FindDav1d_cmake patch-external_linphone-sdk_mediastreamer2_cmake_FindGSM_cmake patch-external_linphone-sdk_mediastreamer2_cmake_FindV4L_cmake patch-external_linphone-sdk_mediastreamer2_include_mediastreamer2_allfilters_h patch-external_linphone-sdk_mediastreamer2_mediastreamer-config_h_cmake patch-external_linphone-sdk_mediastreamer2_src_CMakeLists_txt patch-external_linphone-sdk_mediastreamer2_src_audiofilters_gsm_c patch-external_linphone-sdk_mediastreamer2_src_audiofilters_sndio_c patch-external_linphone-sdk_mediastreamer2_src_utils_dsptools_c patch-external_linphone-sdk_mediastreamer2_src_videofilters_msv4l2_c patch-external_linphone-sdk_mediastreamer2_src_voip_msvoip_c telephony/linphone/pkg: DESCR PLIST Removed files: telephony/linphone: Makefile.inc telephony/linphone/bctoolbox: Makefile distinfo telephony/linphone/bctoolbox/patches: patch-CMakeLists_txt patch-cmake_BCToolboxCMakeUtils_cmake patch-include_bctoolbox_port_h patch-src_CMakeLists_txt patch-src_crypto_mbedtls_cc patch-src_utils_port_c patch-tester_encrypted_vfs_cc patch-tester_port_c telephony/linphone/bctoolbox/pkg: DESCR PLIST telephony/linphone/bcunit: Makefile distinfo telephony/linphone/bcunit/pkg: DESCR PLIST telephony/linphone/belcard: Makefile distinfo telephony/linphone/belcard/pkg: DESCR PLIST telephony/linphone/belle-sip: Makefile distinfo telephony/linphone/belle-sip/pkg: DESCR PLIST telephony/linphone/belr: Makefile distinfo telephony/linphone/belr/pkg: DESCR PLIST telephony/linphone/bzrtp: Makefile distinfo telephony/linphone/bzrtp/patches: patch-src_zidCache_c telephony/linphone/bzrtp/pkg: DESCR PLIST telephony/linphone/liblinphone: Makefile distinfo telephony/linphone/liblinphone/patches: patch-CMakeLists_txt patch-console_linphonec_c patch-coreapi_linphonecore_c patch-src_CMakeLists_txt patch-src_c-wrapper_api_c-call-log_cpp patch-src_core_paths_paths-linux_cpp patch-src_core_paths_paths_cpp patch-src_nat_ice-service_cpp telephony/linphone/liblinphone/pkg: DESCR PLIST telephony/linphone/linphone-desktop: Makefile distinfo telephony/linphone/linphone-desktop/patches: patch-CMakeLists_txt patch-linphone-app_CMakeLists_txt patch-linphone-app_build_CMakeLists_txt patch-linphone-app_cmake_FindBCToolbox_cmake patch-linphone-app_cmake_FindBelcard_cmake patch-linphone-app_cmake_FindLibLinphone_cmake patch-linphone-app_cmake_FindLinphoneCxx_cmake patch-linphone-app_cmake_FindMediastreamer2_cmake patch-linphone-app_cmake_builder_additional_steps_cmake patch-linphone-app_cmake_builder_linphone_package_CMakeLists_txt patch-linphone-app_src_app_App_cpp patch-linphone-app_src_app_App_hpp patch-linphone-app_src_components_call_CallModel_cpp patch-linphone-app_src_components_other_clipboard_Clipboard_cpp patch-linphone-app_src_components_other_desktop-tools_DesktopTools_hpp patch-linphone-app_src_components_other_spell-checker_SpellChecker_hpp patch-linphone-app_src_config_h_cmake patch-linphone-app_ui_views_App_Main_Assistant_AssistantHome_qml telephony/linphone/linphone-desktop/pkg: DESCR PLIST telephony/linphone/mediastreamer2: Makefile distinfo telephony/linphone/mediastreamer2/patches: patch-CMakeLists_txt patch-cmake_FindGSM_cmake patch-cmake_FindV4L_cmake patch-include_mediastreamer2_allfilters_h patch-mediastreamer-config_h_cmake patch-src_CMakeLists_txt patch-src_audiofilters_gsm_c patch-src_audiofilters_sndio_c patch-src_base_msfactory_c patch-src_utils_dsptools_c patch-src_utils_ffmpeg-priv_c patch-src_utils_ffmpeg-priv_h patch-src_utils_jpgloader-ffmpeg_c patch-src_videofilters_ffmpegjpegwriter_c patch-src_videofilters_h264dec_cpp patch-src_videofilters_msv4l2_c patch-src_videofilters_videodec_c patch-src_videofilters_videoenc_c patch-src_voip_msvoip_c telephony/linphone/mediastreamer2/pkg: DESCR PLIST telephony/linphone/ortp: Makefile distinfo telephony/linphone/ortp/pkg: DESCR PLIST Log message: telephony/linphone: major update to 6.1.2 upstream stopped releasing distinct versions of all libraries and with the 6 branch they're all developped in git submodules of linphone-sdk project (and even inside the project with the next branch) so get rid of all the subports and use DIST_TUPLE. reapply relevant patches here and there, migrate to QT6 - still manages to connect to a sip account, and i can call my cellphone. other features pending more testing... CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 09:39:55 Modified files: devel/codex : Makefile crates.inc distinfo devel/codex/patches: patch-codex-rs_Cargo_toml patch-codex-rs_arg0_src_lib_rs patch-codex-rs_core_src_agent_role_rs patch-codex-rs_core_src_config_mod_rs patch-codex-rs_core_src_tools_handlers_multi_agents_common_rs devel/codex/pkg: PLIST Log message: devel/codex: update to 0.128.0 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 09:40:15 Modified files: devel/esbuild : Makefile distinfo Log message: devel/esbuild: Update to 0.28.0 From Maintainer Igor Zornik, thanks CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 09:40:50 Modified files: devel/intellij : Makefile distinfo devel/intellij/pkg: PLIST Log message: devel/intellij: update to 2026.1.1 CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 09:41:23 Modified files: devel/pycharm : Makefile distinfo devel/pycharm/pkg: PLIST Log message: devel/pycharm: update to 2026.1.1 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 09:43:42 Modified files: x11/alacritty : Makefile crates.inc distinfo x11/alacritty/pkg: PLIST Log message: x11/alacritty: Update to 0.17.0 From Maintainer Eric Auge, thanks ok lraab@ CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 09:45:47 Modified files: net/lagrange : Makefile distinfo Log message: net/lagrange: Update to 1.20.4 From Maintainer Florian Viehweger, thanks CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 09:47:08 Modified files: devel/sbt : Makefile distinfo Log message: devel/sbt: update to 1.12.11 CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 09:48:35 Modified files: fonts/nerd-fonts: Makefile.inc fonts/nerd-fonts/codenewroman: distinfo fonts/nerd-fonts/dejavusansmono: distinfo fonts/nerd-fonts/fantasquesansmono: distinfo fonts/nerd-fonts/intelonemono: distinfo fonts/nerd-fonts/noto: distinfo fonts/nerd-fonts/profont: distinfo fonts/nerd-fonts/symbolsonly: distinfo fonts/nerd-fonts/terminus: distinfo fonts/nerd-fonts/ubuntu: distinfo fonts/nerd-fonts/ubuntu-mono: distinfo Log message: fonts/nerd-fonts: update to 3.4.0 CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 09:51:18 Modified files: www/p5-Apache-Session: Makefile Log message: fix license marker, has been Perl since 2007 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 09:52:42 Modified files: lang/erlang : erlang.port.mk lang/erlang/26 : Makefile distinfo lang/erlang/27 : Makefile distinfo lang/erlang/28 : Makefile distinfo Log message: lang/erlang: Update to 26.2.5.20, 27.3.4.11 and 28.5 While here, fix a trailing whitespace in erlang.port.mk CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 09:55:37 Modified files: lang/gleam : Makefile crates.inc distinfo lang/gleam/patches: patch-compiler-core_src_error_rs Log message: lang/gleam: Update to 1.16.0 CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 09:55:39 Modified files: fonts/openmoji : Makefile distinfo Log message: fonts/openmoji: update to 17.0.0 Changes: https://github.com/hfg-gmuend/openmoji/releases/tag/17.0.0 CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/05/06 09:58:19 Modified files: devel/libgsf : Makefile distinfo Log message: Update to libgsf-1.14.58. CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 10:02:57 Modified files: editors/vim : Makefile distinfo editors/vim/patches: patch-runtime_autoload_tar_vim patch-runtime_syntax_make_vim editors/vim/pkg: PLIST Log message: update to vim-9.2.447 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:03:42 Modified files: shells/nushell : Makefile crates.inc distinfo shells/nushell/patches: patch-tests_repl_test_config_path_rs Log message: shells/nushell: Update to 0.112.2 + enable MCP feature. What could possibly go wrong? CVSROOT: /cvs Module name: www Changes by: tj@cvs.openbsd.org 2026/05/06 10:04:24 Modified files: . : 79.html Log message: bit of cleanup CVSROOT: /cvs Module name: ports Changes by: kirill@cvs.openbsd.org 2026/05/06 10:07:21 Modified files: security/acme.sh: Makefile distinfo security/acme.sh/pkg: PLIST Log message: security/acme.sh: update to 3.1.3 CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/05/06 10:10:25 Modified files: mail/mozilla-thunderbird: Makefile distinfo mail/thunderbird-i18n: Makefile.inc distinfo Log message: mail/mozilla-thunderbird: update to 140.10.1. see https://www.thunderbird.net/en-US/thunderbird/140.10.1esr/releasenotes/ fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-39/ CVSROOT: /cvs Module name: ports Changes by: sthen@cvs.openbsd.org 2026/05/06 10:11:19 Modified files: math/gnumeric : Makefile Log message: s/python3.13/${MODPY_WANTLIB}/ CVSROOT: /cvs Module name: ports Changes by: caspar@cvs.openbsd.org 2026/05/06 10:18:48 Modified files: meta/tor-browser: Makefile www/tor-browser: Makefile.inc www/tor-browser/browser: Makefile distinfo www/tor-browser/noscript: Makefile distinfo Log message: Tor Browser: update to 15.0.11 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:21:34 Modified files: graphics/stable-diffusion.cpp: Makefile distinfo graphics/stable-diffusion.cpp/patches: patch-CMakeLists_txt patch-ggml_CMakeLists_txt patch-ggml_src_ggml-backend-reg_cpp graphics/stable-diffusion.cpp/pkg: PLIST Log message: graphics/stable-diffusion.cpp: Update to 0.0.587 CVSROOT: /cvs Module name: ports Changes by: caspar@cvs.openbsd.org 2026/05/06 10:22:35 Modified files: devel/sccache : Makefile crates.inc distinfo devel/sccache/pkg: PLIST Log message: devel/sccache: update to 0.15.0 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:24:53 Modified files: net/rabbitmq : Makefile distinfo net/rabbitmq/patches: patch-Makefile net/rabbitmq/pkg: PLIST Log message: net/rabbitmq: Update to 4.3.0 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:26:34 Modified files: graphics/pixelorama: Makefile distinfo Log message: graphics/pixelorama: Update to 1.1.10 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:33:04 Modified files: wayland/wl-clipboard: Makefile distinfo Log message: wayland/wl-clipboard: Update to 2.3.0 + switch to using DIST_TUPLE CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:37:54 Modified files: devel/difftastic: Makefile crates.inc distinfo Log message: devel/difftastic: Update to 0.69.0 CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:40:28 Modified files: devel/gn : Makefile distinfo Log message: devel/gn: Update to snapshot from 2025-12-14 Needed to build lang/deno 2.7.x CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 10:48:00 Modified files: devel/capnproto: Makefile distinfo Log message: devel/capnproto: Update to 1.4.0 CVSROOT: /cvs Module name: src Changes by: sthen@cvs.openbsd.org 2026/05/06 10:51:30 Modified files: distrib/sets/lists/man: mi Log message: sync CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/05/06 11:03:46 Added files: shells/nushell/patches: patch-Cargo_toml Log message: shells/nushell: Add missing patch