BSD Commit Log Search

   mention that RevokedKeys is read by the server at each
   authentication time and should only ever be replaced
   atomically.

   fix potential hang if /etc/moduli doesn't contain the requested
   DH group values; from 77c9ca, ok dtucker@, markus@

   improve explanation of when it __pledge_open works

   Update to Ruby 3.3.11

   Fixes CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader

   One patch merged upstream.

   Drop maintainership.

   wcwidth(3): fix return value for L'\0'

   wcwidth(3) doesn't return the correct result for the NUL wide character.
   Fix this by special casing the check for this value.

   Interestingly our man page documents this special case explicitly, but it
   looks like the function was broken in rev 1.2 from 2011 when support for
   non-printable characters was added.

   Flagged by Sortix os-test.

   ok stsp@

   catgets(3): set errno when a message isn't found as per POSIX.

   The same change was made by NetBSD in rev 1.13 in 1998.

   Flagged by Sortix os-test.

   ok guenther@

   rpki-client regress: initial plumbing to make this work with OpenSSL 4.0

   rpki-client regress: drop unused EOPENSSL_PATH

   rpki-client regress: drop another hardcoded eopenssl35

   Fix unveil in NFS daemon.

   With process accouting, nfsd(8) complains about unveil(2) violations.
   It happens during daemon(3) in the child process.  Instead of
   unveiling / and /dev/null, move unveil(2) after daemon(3).

   OK deraadt@

   openssl/3.5: install a symlink eopenssl -> eopenssl35 for the binary

   The various openssl ports must not conflict since we need simultaneous
   installs of all the branches for interop testing. Therefore only one branch
   can have such a symlink, and this must obviously be our default OpenSSL.

   Prompted by a request by Otto Cooper who wanted this for OpenSSL 3.6.
   OpenSSL 3.6 will likely be replaced with OpenSSL 4.0 soon since there
   is nothing particularly interesting in 3.6 anyway. Our default OpenSSL
   will stay on the OpenSSL 3.5 LTS branch until the worst breakage in
   OpenSSL 4.0 will have been sorted out by the various downstreams. Going
   by past experiences and the massive breakage I'm aware of we're unlikely
   to switch LTS branches before 4.1 is out.

   discussed with/ok sthen

   rpki-client regress: avoid hardcoding eopenssl35

   libretls: const correctness fixes for OpenSSL 4

   Remove OpenSSL version information from COMMENT and DESCR.

   Update broot to 1.56.2.

   Remove myself.

   SECURITY update to tor 0.4.8.23.

   ok sthen@

   remove USE_NOBTCFI-aarch64 again, libffi is mended thanks to kettenis@

   libffi: MFC fix for aarch64 bti (this chunk was not part of the upstream
   commit d93c0be8a0f11)

   update to vim-9.2.260

   update open62541 to 1.3.17

   after a report from 'K r' on bugs that the manual page section rfc868 '-o'
   option has incorrect dates, let's recognize that this is no longer a good
   way to get time information and only the ntp interface is needed.
   ok sthen florian henning

   update to 3.6

   Update to packer-1.15.1.

   Add back the missing bti c in the closure trampoline that seems to have
   been lost in the update to libffi-3.4.6.

   ok kn@, tb@, sthen@

   add unifi 9.0.118, ubiquiti still seem to care about the 9.0 branch as
   a standalone thing (10.x pushes users towards "unifi os" container based
   setup by removing backup functionality in newer versions)

   this has a fix for the recently(ish) announced path traversal issue

   (you can't downgrade from 10.x to 9.x, you'll need to install from a fresh
   db if you want this)

   adjust DESCR

   add dirs to PLIST so that add/delete of the non-gui version doesn't leave
   empty dirs around, noticed by lucas@

   x11/xfce4/xfdesktop: update to 4.20.2.

   see https://gitlab.xfce.org/xfce/xfdesktop/-/tags/xfdesktop-4.20.2

   Make pthread_mutex_destroy() not error out for mutexes that were initalized
   with PTHREAD_MUTEX_INITIALIZER but not used.

   Unify handling of mutexp == NULL in both version of pthread_mutex_destroy()
   and ensure that *mutexp == NULL is not considered an error.

   Problem found by tb@ with rpki-client.
   OK kettenis@ tb@