OpenBSD/src 1EByWMMusr.bin/tmux layout.c

   Fix a typo (use right var), from Dane Jensen.
VersionDeltaFile
1.92+2-2usr.bin/tmux/layout.c
+2-21 files

OpenBSD/xenocara y4SHtEN. MODULES

   update
VersionDeltaFile
1.565+3-3MODULES
+3-31 files

OpenBSD/ports cWzeaJbwayland/xwayland distinfo Makefile

   Update to xwayland 24.1.13
VersionDeltaFile
1.17+2-2wayland/xwayland/distinfo
1.23+1-1wayland/xwayland/Makefile
+3-32 files

OpenBSD/xenocara Hvd9rEqlib/libXfont2/src/bitmap bitscale.c pcfread.c

   Merge fixes from upstream for following issues:
   * BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow (CVE-2026-56001)
   * PCF Font Parsing Heap Buffer Overflow (CVE-2026-56002)
   * computeProps Property Buffer Heap Buffer Overflow (CVE-2026-56003)
VersionDeltaFile
1.5+40-22lib/libXfont2/src/bitmap/bitscale.c
1.5+56-3lib/libXfont2/src/bitmap/pcfread.c
+96-252 files

OpenBSD/xenocara g6CqSlXxserver/Xi xichangecursor.c, xserver/fb fbglyph.c

   Merge fixes from upstream for Xserver issues:
   * glamor Font Atlas Heap Buffer Overflow (CVE-2026-55999)
   * GLX contextTags Use-After-Free in CommonMakeCurrent() (CVE-2026-56000)
VersionDeltaFile
1.7+27-3xserver/glamor/glamor_font.c
1.4+4-3xserver/glx/vndcmds.c
1.8+2-2xserver/fb/fbglyph.c
1.7+3-0xserver/Xi/xichangecursor.c
1.7+1-1xserver/glamor/glamor_glyphblt.c
1.13+1-1xserver/mi/miglblt.c
+38-106 files

OpenBSD/ports ZvSWvkKx11/kde-plasma Makefile

   Remove Qt5 comment, no longer valid
VersionDeltaFile
1.25+2-4x11/kde-plasma/Makefile
+2-41 files

OpenBSD/ports 7c0u1Uwmeta/kde Makefile, x11/kde-plasma Makefile

   Add union
VersionDeltaFile
1.58+3-0meta/kde/Makefile
1.24+1-0x11/kde-plasma/Makefile
+4-02 files

OpenBSD/ports QkaeULEx11/kde-plasma/union Makefile distinfo, x11/kde-plasma/union/pkg PLIST DESCR

   Import kde-plasma-union-6.7.2, ok volker

   Comment:
   Qt style supporting both QtQuick and QtWidgets

   Description:
   Union is a style engine designed to provide a unified style description
   to a set of separate output styles.

   Maintainer: Rafael Sadowski <rsadowski at openbsd.org>


VersionDeltaFile
1.1+156-0x11/kde-plasma/union/pkg/PLIST
1.1+26-0x11/kde-plasma/union/Makefile
1.1+2-0x11/kde-plasma/union/pkg/DESCR
1.1+2-0x11/kde-plasma/union/distinfo
1.1.1.1+0-0x11/kde-plasma/union/pkg/PLIST
1.1.1.1+0-0x11/kde-plasma/union/distinfo
+186-02 files not shown
+186-08 files

OpenBSD/src ExH2VGZusr.sbin/rpki-client nca.c

   rpki-client: avoid bad free in nca_hist_load()

   If the first getline() call fails with a file error, nca_hist remains
   uninitialized and will be passed to nca_hist_free() in the error path.
   Initialize nca_hist to NULL to avoid this.

   ok claudio
VersionDeltaFile
1.8+2-2usr.sbin/rpki-client/nca.c
+2-21 files

OpenBSD/ports Vszw4wKx11/kde-plasma Makefile

   Add a comment for x11/oxygen-icons
VersionDeltaFile
1.23+4-0x11/kde-plasma/Makefile
+4-01 files

OpenBSD/ports tCPxXtXx11/oxygen-icons Makefile distinfo, x11/oxygen-icons/pkg PLIST

   Update oxygen-icons to 6.27.0
VersionDeltaFile
1.2+85-114x11/oxygen-icons/pkg/PLIST
1.3+3-5x11/oxygen-icons/Makefile
1.2+2-2x11/oxygen-icons/distinfo
+90-1213 files

OpenBSD/ports IyMSDEksysutils/grafana distinfo Makefile, sysutils/grafana/patches patch-conf_sample_ini

   sysutils/grafana: update to 13.1.0
VersionDeltaFile
1.49+1,938-1,494sysutils/grafana/pkg/PLIST
1.49+4-4sysutils/grafana/distinfo
1.30+1-1sysutils/grafana/patches/patch-conf_sample_ini
1.66+1-1sysutils/grafana/Makefile
+1,944-1,5004 files

OpenBSD/ports w0IDeGcarchivers/libzip Makefile

   error: wrong number of arguments specified for 'deprecated' attribute

   Move to ports-gcc on base-gcc arches to fix the build on sparc64
VersionDeltaFile
1.34+4-0archivers/libzip/Makefile
+4-01 files

OpenBSD/ports USCT38kgames/godot/pack3 Makefile distinfo, games/godot/pack3/patches patch-SConstruct patch-drivers_unix_os_unix_cpp

   update godot/pack3 to godot 4.7; godotsteam gdextension needs to be disabled as it doesn't build; a known upstream issue
VersionDeltaFile
1.5+8-5games/godot/pack3/Makefile
1.3+2-2games/godot/pack3/patches/patch-SConstruct
1.2+2-2games/godot/pack3/patches/patch-drivers_unix_os_unix_cpp
1.2+2-2games/godot/pack3/patches/patch-platform_linuxbsd_detect_py
1.3+2-2games/godot/pack3/patches/patch-platform_linuxbsd_x11_display_server_x11_cpp
1.4+2-2games/godot/pack3/distinfo
+18-156 files not shown
+26-2312 files

OpenBSD/ports oHGaAOharchivers/libarchive distinfo Makefile, archivers/libarchive/patches patch-Makefile_in

   archivers/libarchive: update to 3.8.8

   Many more fixes for NULL pointer derefs, out-of-bounds accesses,
   and miscellaneous other bugs.
VersionDeltaFile
1.51+2-2archivers/libarchive/distinfo
1.71+2-2archivers/libarchive/Makefile
1.11+1-1archivers/libarchive/patches/patch-Makefile_in
+5-53 files

OpenBSD/src KF3X4abusr.sbin/rpki-client cert.c

   In cert_ca_sia() use the right notify string in error message.
   At that point cert->notify has not yet been set.

   OK tb@
VersionDeltaFile
1.242+2-2usr.sbin/rpki-client/cert.c
+2-21 files

OpenBSD/src rVvLGFJsys/dev/pci if_ice.c

   ice(4): set link state to full duplex as all other nics

   tested by bluhm@

   try it stsp@
   ok bluhm@
VersionDeltaFile
1.70+2-2sys/dev/pci/if_ice.c
+2-21 files

OpenBSD/ports VJr2t9Vmultimedia/mkvtoolnix distinfo Makefile, multimedia/mkvtoolnix/patches patch-Rakefile patch-src_mkvtoolnix-gui_jobs_program_runner_cpp

   Update mkvtoolnix to 100.0
VersionDeltaFile
1.24+5-40multimedia/mkvtoolnix/pkg/PLIST
1.82+2-2multimedia/mkvtoolnix/distinfo
1.24+2-2multimedia/mkvtoolnix/patches/patch-Rakefile
1.7+1-1multimedia/mkvtoolnix/patches/patch-src_mkvtoolnix-gui_jobs_program_runner_cpp
1.153+1-1multimedia/mkvtoolnix/Makefile
+11-465 files

OpenBSD/ports zE9GnNynet/weechat Makefile distinfo

   Update weechat to 4.9.3
VersionDeltaFile
1.113+1-3net/weechat/Makefile
1.70+2-2net/weechat/distinfo
+3-52 files

OpenBSD/src DO2I85Ssys/dev/acpi dsdt.c amltypes.h

   Avoid potential out-of-bounds access while parsing AML byte stream
   opcodes.  Found by gnezdo@ using KASAN.

   ok gnezdo@
VersionDeltaFile
1.280+31-9sys/dev/acpi/dsdt.c
1.53+2-3sys/dev/acpi/amltypes.h
+33-122 files

OpenBSD/src 9ZFgCqOsys/dev/ic qwx.c

   Use M_WAITOK and BUS_DMA_WAITOK instead of M_NOWAIT and BUS_DMA_NOWAIT in
   places where we're allowed to sleep.  Hopefully this fixes the

   qwx0: failed to init DP: 12

   issue that some of us occasionally experience.

   ok stsp@
VersionDeltaFile
1.127+24-37sys/dev/ic/qwx.c
+24-371 files

OpenBSD/ports PHhGIvFsysutils/fzf distinfo Makefile

   sysutils/fzf: Update to 0.74.0

   From Maintainer Laurent Cheylus, thanks
VersionDeltaFile
1.52+2-2sysutils/fzf/distinfo
1.61+1-1sysutils/fzf/Makefile
+3-32 files

OpenBSD/src 8E3sBrgsys/uvm uvm_pager.c uvm_pdaemon.c

   Allocate the psegs that are reserved for the pagedeamon only if no other
   psegs are available.  Let the pagedeamon only start a new swap cluster
   if there are still at least two reserved slots available.  This goes a
   long way towards guaranteeing that we have the resources to actually
   write out the swap cluster once it is filled.  This is important since
   the code that drops a cluster may need to acquire an rwlock, which means
   the pagedaemon could sleep.  This is undesirable and may even lead to
   deadlocks.

   Note that there still is a possibility that we may fail to allocate a buf
   from the bufpool, which would lead us to the same undesirable path.  So
   far I've not been able to hit that case.

   ok claudio@
VersionDeltaFile
1.98+30-4sys/uvm/uvm_pager.c
1.159+6-4sys/uvm/uvm_pdaemon.c
1.35+2-1sys/uvm/uvm_pager.h
+38-93 files

OpenBSD/src JpywGgFdistrib/sets/lists/base mi

   sync libevent major bump
VersionDeltaFile
1.1188+1-1distrib/sets/lists/base/mi
+1-11 files

OpenBSD/ports 7OQpbJPdevel/libeventextra Makefile, devel/libeventextra/files Makefile

   Add evtag functions to libeventextra.

   In base libevent event_tagging.c has been removed.  Bring it back
   into libeventextra which contains the features missing in base.
   This avoids undefined references when building benchmarks/httperf.

   OK sthen@
VersionDeltaFile
1.13+2-2devel/libeventextra/Makefile
1.3+1-1devel/libeventextra/files/Makefile
1.6+1-1devel/libeventextra/pkg/PLIST
+4-43 files

OpenBSD/src l5309MQregress/lib/libevent event_regress.c

   Delete tests for code that has been removed in base libevent.
VersionDeltaFile
1.2+0-252regress/lib/libevent/event_regress.c
+0-2521 files

OpenBSD/src BNfZAnDlib/libevent event.h Makefile

   Do not ship evtag functions in base libevent.

   Upstream libevent 2.1.13-stable contains several security fixes.
   Our reduced libevent 1.4.15-stable does not contain the affected
   code.  The functions in event_tagging.c are only used by evrpc which
   we have removed from libevent.  As the attack vectors for the
   upstream fixes go through evrpc to evtag, better remove this dead
   code and do not export it in our libevent.  Major library bump
   needed.

   OK dlg@ claudio@ sthen@
VersionDeltaFile
1.32+1-52lib/libevent/event.h
1.44+2-2lib/libevent/Makefile
1.11+2-2lib/libevent/shlib_version
1.11+1-1lib/libevent/event_tagging.c
+6-574 files

OpenBSD/ports d816QU9misc/p5-OPCUA-Open62541 distinfo Makefile

   update p5-OPCUA-Open62541 to 2.10
VersionDeltaFile
1.43+2-2misc/p5-OPCUA-Open62541/distinfo
1.46+1-1misc/p5-OPCUA-Open62541/Makefile
+3-32 files

OpenBSD/ports DHkHLAdcomms/fldigi Makefile

   update SITES/HOMEPAGE
VersionDeltaFile
1.37+5-3comms/fldigi/Makefile
+5-31 files

OpenBSD/ports XdjGrQLwayland/wlr-randr Makefile distinfo

   wayland/wlr-randr: update to 0.5.0

   see https://gitlab.freedesktop.org/emersion/wlr-randr/-/releases/v0.5.0

   from Laurent Cheylus, thanks !
VersionDeltaFile
1.2+6-4wayland/wlr-randr/Makefile
1.2+2-2wayland/wlr-randr/distinfo
+8-62 files