OpenBSD/src duqrh1Tlibexec/spamd spamd.c

   Fix handing of multi-line blacklist error strings in spamd.conf

   When appending the blacklist error string, spamd splits the message
   on a newline and continues the message on a new line.  There was
   a bug where the current pointer was incremented too far, which
   resulted in the message being truncated at the newline instead
   of continued.

   For very long blacklist messages (around 8K) in spamd.conf, this
   could result in heap corruption.  However, this is very unlikely
   in practice.

   OK jsg@

   Reported by and fix from Dhiraj Mishra
VersionDeltaFile
1.165+9-9libexec/spamd/spamd.c
+9-91 files

OpenBSD/xenocara 3dLySKBlib/libpng ANNOUNCE configure, lib/libpng/contrib/libtests pnggetset.c

   update to libpng 1.6.58. ok deraadt@
VersionDeltaFile
1.2+223-9lib/libpng/contrib/libtests/pnggetset.c
1.8+11-16lib/libpng/ANNOUNCE
1.9+12-12lib/libpng/configure
1.8+8-12lib/libpng/pngrtran.c
1.8+7-7lib/libpng/png.h
1.8+7-0lib/libpng/CHANGES
+268-5614 files not shown
+287-7720 files

OpenBSD/src RxsyQouusr.sbin/ntpd ntpd.c

   newer gcc is so smart to point out that settime_deadline may be used
   uninitialized. of course it is wrong. sprinkle a "= 0" to shut it up.
   pointed out by bcook, discussed with, gcc confronted by and ok claudio bcook
VersionDeltaFile
1.144+2-2usr.sbin/ntpd/ntpd.c
+2-21 files

OpenBSD/src bGMTOTZusr.sbin/ntpd ntp.c

   newer gcc thinks it's smart (do they call it AI yet?) and points out
   peercount may be used unitialized. of course it is utterly wrong.
   move peercount = 0 initialization 2 lines up to shut gcc up
   pointed out by bcook, dicussed with, gcc-checked by and ok bcook claudio
VersionDeltaFile
1.182+2-2usr.sbin/ntpd/ntp.c
+2-21 files

OpenBSD/src YWSUdS3usr.sbin/ntpd control.c

   in control_check(), rename struct sockaddr_un sun to sa - for consistency
   with control_init() just underneath, and because "sun" causes problems for
   portable on solaris
   pretty much from bcook's portable repo, but another name, ok bcook
VersionDeltaFile
1.28+6-6usr.sbin/ntpd/control.c
+6-61 files

OpenBSD/xenocara w8cAy9elib/libXpm/src parse.c data.c

   Fix Out-of-bounds read. CVE-2026-4367
   from matthieu@

   this is errata/7.7/038_libxpm.patch.sig
VersionDeltaFile
1.9.2.1+3-1lib/libXpm/src/parse.c
1.6.4.1+3-0lib/libXpm/src/data.c
+6-12 files

OpenBSD/xenocara 6UdLQdDlib/libXpm/src parse.c data.c

   Fix Out-of-bounds read. CVE-2026-4367
   from matthieu@

   this is errata/7.8/032_libxpm.patch.sig
VersionDeltaFile
1.9.10.1+3-1lib/libXpm/src/parse.c
1.6.10.1+3-0lib/libXpm/src/data.c
+6-12 files

OpenBSD/ports iNy1Khkwww/mozilla-firefox Makefile distinfo, www/mozilla-firefox/patches patch-security_nss_lib_nss_nss_h patch-security_manager_ssl_nsNSSCallbacks_cpp

   www/mozilla-firefox: MFC update to 150.0.

   see https://www.firefox.com/en-US/firefox/150.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/
VersionDeltaFile
1.1.4.6+6-4www/mozilla-firefox/patches/patch-security_nss_lib_nss_nss_h
1.651.2.20+4-1www/mozilla-firefox/Makefile
1.378.2.17+2-2www/mozilla-firefox/distinfo
1.1.6.2+1-1www/mozilla-firefox/patches/patch-security_manager_ssl_nsNSSCallbacks_cpp
+13-84 files

OpenBSD/ports u6OTGzxwww/firefox-esr distinfo Makefile

   www/firefox-esr: MFC update to 140.10.0.

   see https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/
VersionDeltaFile
1.171.2.9+2-2www/firefox-esr/distinfo
1.258.2.9+1-1www/firefox-esr/Makefile
+3-32 files

OpenBSD/ports 9PRhrOXwww/firefox-esr distinfo Makefile, www/firefox-esr-i18n distinfo Makefile.inc

   www/firefox-esr: update to 140.10.0.

   see https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/

   ok naddy@
VersionDeltaFile
1.177+162-162www/firefox-esr-i18n/distinfo
1.180+4-4www/firefox-esr/distinfo
1.270+2-3www/firefox-esr/Makefile
1.189+1-1www/firefox-esr-i18n/Makefile.inc
+169-1704 files

OpenBSD/ports DF4cLYswww/firefox-i18n distinfo Makefile.inc, www/mozilla-firefox Makefile distinfo

   www/mozilla-firefox: update to 150.0.

   see https://www.firefox.com/en-US/firefox/150.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/

   - disable PGO again, fixes wasm crashes seen with element-web (cf #2030583)
   - will need to move to llvm 21 or patch llvm 19 to reenable PGO
   - add workaround to avoid fetching some pip wheels during configure
     (#2026497), another workaround would be to move to ./mach configure ?

   ok naddy@
VersionDeltaFile
1.384+164-164www/firefox-i18n/distinfo
1.2+4-4www/mozilla-firefox/patches/patch-widget_NativeKeyToDOMCodeName_inc
1.680+4-4www/mozilla-firefox/Makefile
1.397+2-4www/mozilla-firefox/distinfo
1.339+1-1www/firefox-i18n/Makefile.inc
+175-1775 files

OpenBSD/xenocara XmE5GG0lib/libXpm/src parse.c data.c

   Fix Out-of-bounds read. CVE-2026-4367
VersionDeltaFile
1.11+3-1lib/libXpm/src/parse.c
1.7+3-0lib/libXpm/src/data.c
+6-12 files

OpenBSD/src FCC8LIhusr.sbin/ntpd ntp_dns.c

   we use clock_gettime() here and thus shall explicitely include time.h
   from bcook's portable repo, ok bcook
VersionDeltaFile
1.37+2-1usr.sbin/ntpd/ntp_dns.c
+2-11 files

OpenBSD/ports B9odY8Vdevel/opendht Makefile

   avoid picking up doxygen during build, to avoid build failure with dpb junking
   requested by naddy
VersionDeltaFile
1.2+2-5devel/opendht/Makefile
+2-51 files

OpenBSD/src pjyDuyvsys/dev/ic qwz.c

   Enable nwid scanning by doing two things:

   1. Disable the 802.11d scanning command for now, since it causes a firmware
      error for which we currently have no solution.  This isn't a critical
      feature, and we can progress without it until we find a solution.

   2. Send the HTT software ring setup messages for the receive rings, otherwise
      the firmware never initializes its RXDMA pipeline, and delivers no frames
      to the host.  For that we did port over the
      ath12k_dp_rxdma_ring_sel_config_wcn7850() and ath12k_dp_rx_htt_setup()
      functions from the linux driver.

   Tested and ok kettenis@, kirill@
VersionDeltaFile
1.25+85-1sys/dev/ic/qwz.c
+85-11 files

OpenBSD/src RfrXUhWlibexec/tradcpp macro.c

   expand_domacro() handled a defined() with the wrong argument count via
   an error path that doesn't drain es->args

   OK jsg
VersionDeltaFile
1.5+1-0libexec/tradcpp/macro.c
+1-01 files

OpenBSD/src DFINAHJsys/net pf_if.c

   PFI_FLAG_SKIP may be lost when interface disappears and then reappears

   if 'set skip on ...' in pf.conf(5) refers to interface (or interface group)
   which is yet to be created in system, then all is good.

   However if the interface (or interface group) exists in system at the time
   when pf.conf(5) is being loaded to pf(4) the effect of skip flag might get
   lost. The scenario for tap0 interface goes as follows:

   tap0 (and tap interface) exist in system and is known to pf(4), meaning
   'pfctl -sI' reports tap0 and tap.

   pf.conf with 'set skip on tap' is loaded. The pf(4) sets the flag on
   `kif` instance without obtaining a reference to keep it in table
   until skip flag (PFI_FLAG_SKIP) is reset.

   tap0 interface is removed from system (ifconfig tap0 destroy),
   the tap0 is removed from system and also corresponding kif instance
   is removed from pf(4). kif is forgotten together with flag settings. If tap0

    [13 lines not shown]
VersionDeltaFile
1.113+16-2sys/net/pf_if.c
+16-21 files

OpenBSD/src eycBTRfregress/lib/libcrypto/pkcs7 pkcs7test.c

   pkcs7test: factor main into a helper so we can add some unit tests easily
VersionDeltaFile
1.6+13-3regress/lib/libcrypto/pkcs7/pkcs7test.c
+13-31 files

OpenBSD/ports aviuzeNsysutils/rclone distinfo Makefile

   Update to rclone-1.73.5

   CVE-2026-41176
   rc: add AuthRequired to options/set to prevent auth bypass
   rc: snapshot NoAuth at startup to prevent runtime auth bypass

   CVE-2026-41179
   operations: add AuthRequired to operations/fsinfo to prevent backend
   creation

   Changelog: https://rclone.org/changelog/#v1-73-5-2026-04-19

   OK sthen@
VersionDeltaFile
1.64+4-4sysutils/rclone/distinfo
1.74+1-1sysutils/rclone/Makefile
+5-52 files

OpenBSD/src 2Jt23D4distrib/notes/riscv64 prep

   Remove the bootcmd hint for now

   On this jupiter box, U-Boot's bootcmd can't be interrupted on the serial
   console by pressing any key, Ctrl+C or ESC, even though the official
   docs say it should be possible by pressing any key.

   sigh
VersionDeltaFile
1.11+1-8distrib/notes/riscv64/prep
+1-81 files

OpenBSD/src T3SRD7Mdistrib/notes/riscv64 prep

   Better wording and typo fix for the Spacemit K1 boards
VersionDeltaFile
1.10+5-6distrib/notes/riscv64/prep
+5-61 files

OpenBSD/src 3tls1sIdistrib/notes/riscv64 hardware

   Mention some Spacemit K1 boards that kettenis added support for

   BananaPi F3, Orange Pi RV2, and Milk-V Jupiter
VersionDeltaFile
1.5+4-1distrib/notes/riscv64/hardware
+4-11 files

OpenBSD/src 7BRWOLKdistrib/notes/riscv64 prep

   Add post-install hints for boards without distro_bootcmd (like BPi F3/Jupiter)

   The default bootcmd is useless on these boards, so suggest some simple
   default boot command.
VersionDeltaFile
1.9+7-0distrib/notes/riscv64/prep
+7-01 files

OpenBSD/src Ax5vXUOdistrib/notes/riscv64 prep

   Document specifics for spacemit K1-based boards

   Orange Pi RV2, BananaPi F3, and Milk-V Jupiter
   Requested by deraadt
VersionDeltaFile
1.8+15-0distrib/notes/riscv64/prep
+15-01 files

OpenBSD/src wRBwZJkdistrib/notes/riscv64 prep

   Move hw-specific parts at the end of this file
VersionDeltaFile
1.7+12-13distrib/notes/riscv64/prep
+12-131 files

OpenBSD/src f8ckbbZsys/arch/octeon/dev cn30xxuart.c

   sys/octeon: preserve bootloader console baud

   The SRX300 console runs at 9600 baud under U-Boot; OpenBSD forced 115200
   during console handoff, which garbled output immediately after early
   memory setup and made a live kernel look dead.

   Here, I read the programmed UART divisor instead and derive comconsrate
   from it, so the kernel preserves the bootloader console configuration.

   OK: visa@
VersionDeltaFile
1.14+24-8sys/arch/octeon/dev/cn30xxuart.c
+24-81 files

OpenBSD/src CEOXBMMsys/arch/octeon/dev octeon_intr.c

   sys/octeon: accept linux,phandle for IRQs

   SRX300 firmware DT describes the CIU root and several CIB interrupt
   controllers with linux,phandle, but omits phandle.

   octeon_intr_register() consumed only the latter; the controllers
   therefore never entered the interrupt controller registry, and every
   later interrupt-parent lookup for CIB, AHCI, and xHCI failed.

   Thus, dev/ofw/fdt lookup code already treats phandle and linux,phandle
   as equivalent; so the Octeon interrupt layer should do the same when
   registering interrupt controllers.

   OK: kettenis@, visa@
VersionDeltaFile
1.26+3-1sys/arch/octeon/dev/octeon_intr.c
+3-11 files

OpenBSD/ports P8tI8U4graphics/lcms2 Makefile distinfo

   graphics/lcms2: Update to 2.19rc2

   Fixes several issues, for reference see
   https://marc.info/?l=oss-security&m=177646929211758&w=2

   pointed out by and ok tb@, ok naddy@
VersionDeltaFile
1.29+6-3graphics/lcms2/Makefile
1.15+2-2graphics/lcms2/distinfo
+8-52 files

OpenBSD/ports XvX9o9Hnet/gelatod distinfo Makefile

   update to gelatod-1.7;  same fix as 029_v6daemons;  OK naddy
VersionDeltaFile
1.6+2-2net/gelatod/distinfo
1.12+1-1net/gelatod/Makefile
+3-32 files

OpenBSD/ports TZauOB1geo/mapserver distinfo Makefile

   geo/mapserver: security update to 8.6.2.

   see https://mapserver.org/development/changelog/changelog-8-6.html#changelog-8-6
   fixes https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x

   ok naddy@
VersionDeltaFile
1.44+2-2geo/mapserver/distinfo
1.111+1-1geo/mapserver/Makefile
+3-32 files