BSD Commit Log Search

mtr-graph(mtr085): update to 0.85.247

halloy: Add reference to CVE-2026-32733 and CVE-2026-32810

kibana: Add reference to CVE-2025-68389 and CVE-2026-26940

aws-lc: Add reference to CVE-2026-4428

   sys/vnode.h: clarify filesystem internal flags a bit

   comment only

libresprite: add a patch for working around pthread issues

Still needs ctype fixes

chromium: update to 146.0.7680.153

   doc: Updated www/nghttp2-tools to 1.68.1

   nghttp2-tools: update to 1.68.1.

   Same as nghttp2

   doc: Updated www/nghttp2 to 1.68.1

   nghttp2: update to 1.68.1.

   CVE-2026-27135: Denial of service: Assertion failure due to the missing state validation

   doc: Updated security/py-asn1 to 0.6.3

   py-asn1: update to 0.6.3.

   Security fix release.

   Revision 0.6.3, released 16-03-2026
   ---------------------------------------

   - CVE-2026-30922 (GHSA-jr27-m4p2-rc6r): Added nesting depth
     limit to ASN.1 decoder to prevent stack overflow from deeply
     nested structures (thanks for reporting, romanticpragmatism)
   - Fixed OverflowError from oversized BER length field
     [issue #54](https://github.com/pyasn1/pyasn1/issues/54)
     [pr #100](https://github.com/pyasn1/pyasn1/pull/100)
   - Fixed DeprecationWarning stacklevel for deprecated attributes
     [issue #86](https://github.com/pyasn1/pyasn1/issues/86)
     [pr #101](https://github.com/pyasn1/pyasn1/pull/101)
   - Fixed asDateTime incorrect fractional seconds parsing
     [issue #81](https://github.com/pyasn1/pyasn1/issues/81)
     [pr #102](https://github.com/pyasn1/pyasn1/pull/102)

   doc: Updated security/py-OpenSSL to 26.0.0

   py-OpenSSL: update to 26.0.0.

   Security fix release.

   26.0.0 (2026-03-15)
   -------------------

   Backward-incompatible changes:
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

   - Dropped support for Python 3.7.
   - The minimum ``cryptography`` version is now 46.0.0.

   Deprecations:
   ^^^^^^^^^^^^^

   Changes:
   ^^^^^^^^


    [4 lines not shown]

aml: finalize

   upclient: Fix accidental part of previous commit.

   upclient: Various fixes for recent gcc.

   wireguard-tools: Needs socket lib on SunOS

   tcpslice: Fix implicit decl of exit(3)

   tspc: Fix implicit function decls

   poptop: Fixes for recent GCC

   sipcalc: Fix implicit decl of bzero(3)

   p5-IO-Interface: Fix on SunOS w/ recent gcc

   ser: Recent GCC no longer likes implicit int.

   sdig: Fix build with recent GCC

   - Wrong number of arguments to function. This is problematic on all
     systems with GCC 14 or newer.
   - Incorrect header for bzero. This is problematic on non-BSD systems.

   sys_mincore: stop locking potentially huge amount of user memory

   the current implementation performs uvm_vslock() on the
   user-specified amount of memory. it isn't safe in general.
   some might even consider it as a security issue.

   this commit fixes it by splitting the user-specified range into
   small ones which a temporary kernel buffer can cover. it's ok to
   report potentially stale values as the mincore() api is inherently
   racy in the first place.

   while we still ought to invent a proper "lock user memory for
   direct i/o" infrastructue, in this particular use case, it isn't
   necessary or appropriate.

   zfs: fix case insensitive / utf-8 normalized file names (cont.)

   this was intented to be a part of an earlier commit.
   ("zfs: fix case insensitive / utf-8 normalized file names")

   for some reasons, it seems i unintentionally dropped this hunk
   when porting the commit from git to cvs.

   libXfont no longer need fno-stack-protector for m68k(sf).

   This has been fixed by recent changes to gcc.

   doc: Updated pkgtools/lintpkgsrc to 2026.03.21