OpenBSD/ports Gqn3EKqnet/libunbound distinfo Makefile

by sthen on ⎇
   update to libunbound-1.24.2, CVE-2025-11411
VersionDeltaFile
1.33.2.1+2-2net/libunbound/distinfo
1.40.2.1+1-1net/libunbound/Makefile
+3-32 files

OpenBSD/ports N2ySLZanet/libunbound distinfo Makefile

by sthen on ⎇
   update to libunbound-1.24.2, further fix for CVE-2025-11411
VersionDeltaFile
1.35+2-2net/libunbound/distinfo
1.42+1-1net/libunbound/Makefile
+3-32 files

OpenBSD/ports syzv3Xitextproc/unicode/cldr distinfo Makefile, textproc/unicode/cldr/pkg PLIST-main PLIST-annotations

by ajacoutot on ⎇
   Update to unicode-cldr-48.
VersionDeltaFile
1.7+53-0textproc/unicode/cldr/pkg/PLIST-main
1.7+2-2textproc/unicode/cldr/distinfo
1.4+4-0textproc/unicode/cldr/pkg/PLIST-annotations
1.8+1-1textproc/unicode/cldr/Makefile
+60-34 files

OpenBSD/ports IrgFnrEwww/tor-browser/browser Makefile, www/tor-browser/browser/files tor-browser

by caspar on ⎇
   Tor Browser: repair font fingerprinting defense

   I broke it during the update to 14.5 in April when I moved
   fonts.conf but forgot to update the launcher script.
VersionDeltaFile
1.1.24.1+1-1www/tor-browser/browser/files/tor-browser
1.178.2.3+1-0www/tor-browser/browser/Makefile
+2-12 files

OpenBSD/ports YZSuHxzwww/tor-browser/browser Makefile, www/tor-browser/browser/files tor-browser

by caspar on ⎇
   Tor Browser: repair font fingerprinting defense

   I broke it during the update to 14.5 in April when I moved
   fonts.conf but forgot to update the launcher script.
VersionDeltaFile
1.2+1-1www/tor-browser/browser/files/tor-browser
1.182+1-0www/tor-browser/browser/Makefile
+2-12 files

OpenBSD/ports x7uJ0xWprint/cups distinfo Makefile, print/cups/patches patch-scheduler_ipp_c patch-scheduler_auth_c

by ajacoutot on ⎇
   SECURITY update to cups-2.4.15.
   CVE-2025-61915
   CVE-2025-58436
VersionDeltaFile
1.70.2.1+2-2print/cups/distinfo
1.36.2.1+2-2print/cups/patches/patch-scheduler_ipp_c
1.17.2.1+1-1print/cups/patches/patch-scheduler_auth_c
1.26.16.1+1-1print/cups/patches/patch-test_run-stp-tests_sh
1.298.2.1+1-1print/cups/Makefile
+7-75 files

OpenBSD/src ICqWqv3sbin/unwind/libunbound/iterator iter_scrub.c

by florian on ⎇
   Sync to unbound

   --------
   Fix incomplete mitigation of CVE-2025-11411 by applying the non-test part of
   https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff

   This extends the previous fix by also scrubbing unsolicited NS RRSets (and
   their respective address records) for YXDOMAIN and nodata non-referral answers.
   --------
VersionDeltaFile
1.11+35-4sbin/unwind/libunbound/iterator/iter_scrub.c
+35-41 files

OpenBSD/src 9Ysgm8Zsbin/unwind/libunbound config.h, sbin/unwind/libunbound/iterator iter_scrub.c

by florian on ⎇
   Sync to unbound 1.24.1; heavy lifting by sthen (some time ago)
VersionDeltaFile
1.24+2,234-2,222sbin/unwind/libunbound/util/configlexer.c
1.22+12-1sbin/unwind/libunbound/util/configparser.y
1.28+3-3sbin/unwind/libunbound/config.h
1.21+4-1sbin/unwind/libunbound/util/config_file.c
1.21+3-0sbin/unwind/libunbound/util/config_file.h
1.10+1-1sbin/unwind/libunbound/iterator/iter_scrub.c
+2,257-2,2282 files not shown
+2,259-2,2288 files

OpenBSD/ports oMcSedmx11/gnome/gdm Makefile, x11/gnome/gdm/pkg gdm.rc

by ajacoutot on ⎇
   Removing /var/db/gdm/.cache/gnome-shell/ does not seem necessary anymore.
VersionDeltaFile
1.54+0-10x11/gnome/gdm/pkg/gdm.rc
1.355+1-1x11/gnome/gdm/Makefile
+1-112 files

OpenBSD/ports NDYYOlftextproc/libxslt Makefile distinfo, textproc/libxslt/patches patch-libxslt_transformInternals_h patch-libxslt_transform_c

by ajacoutot on ⎇
   Update to libxslt-1.1.44.
VersionDeltaFile
1.114+6-4textproc/libxslt/Makefile
1.46+2-2textproc/libxslt/distinfo
1.36+1-0textproc/libxslt/pkg/PLIST
1.2+0-0textproc/libxslt/patches/patch-libxslt_transformInternals_h
1.3+0-0textproc/libxslt/patches/patch-libxslt_transform_c
1.2+0-0textproc/libxslt/patches/patch-libxslt_variables_c
+9-62 files not shown
+9-68 files

OpenBSD/ports kJCjOwaprint/cups distinfo Makefile, print/cups/patches patch-scheduler_ipp_c patch-scheduler_auth_c

by ajacoutot on ⎇
   SECURITY update ot cups-2.4.15.
   CVE-2025-61915
   CVE-2025-58436
VersionDeltaFile
1.71+2-2print/cups/distinfo
1.37+2-2print/cups/patches/patch-scheduler_ipp_c
1.299+1-1print/cups/Makefile
1.18+1-1print/cups/patches/patch-scheduler_auth_c
1.27+1-1print/cups/patches/patch-test_run-stp-tests_sh
+7-75 files

OpenBSD/ports ihIr03Kx11/cde Makefile

by claudio on ⎇
   Thus uses C++11 so use ports-gcc to build this on sparc64
   OK aja
VersionDeltaFile
1.21+3-0x11/cde/Makefile
+3-01 files

OpenBSD/ports vU4kUc2devel/py-gobject3 Makefile

by claudio on ⎇
   Drop explicit inclusion of gcc4 module and with that COMPILER and
   COMPILER_LANG can also be dropped. This is still using ports-gcc
   on gcc4 archs via lang/python.
   OK aja
VersionDeltaFile
1.101+0-7devel/py-gobject3/Makefile
+0-71 files

OpenBSD/src ghgoH3Elib/libcrypto/cms cms_smime.c

by tb on ⎇
   Clean up confusing logic in CMS_EncryptedData_encrypt()

   This makes it easier to read and more in line with other code in
   libcrypto. Also add a missing error check for the CMS_set_detached()
   call.

   ok jsing kenjiro
VersionDeltaFile
1.31+20-15lib/libcrypto/cms/cms_smime.c
+20-151 files

OpenBSD/src NptO551lib/libcrypto/x509 x509_cpols.c

by tb on ⎇
   Fix double free in certificate policies configuration

   In nref_nos(), nnums must not be freed on error because in the caller it
   is not->noticeref->noticenos and hangs off the POLICYQUALINFO qual which
   is freed as part of POLICYQUALINFO_free() in the error path.

   ok jsing kenjiro
VersionDeltaFile
1.20+7-12lib/libcrypto/x509/x509_cpols.c
+7-121 files

OpenBSD/src 4esIFXQsys/netinet6 nd6.c

by bluhm on ⎇
   Ignore any iterator when traversing nd6 list.

   nd6_rtrequest() could crash with a NULL pointer dereference if an
   interator in nd6_list was inspected.  Skip freeing neigbor discovery
   entries and optimization in this unlikely case and try again later.

   reported by Mischa and Anton Kasimov; OK mvs@
VersionDeltaFile
1.305+4-1sys/netinet6/nd6.c
+4-11 files

OpenBSD/ports 0c14y1px11/cde Makefile distinfo

by ajacoutot on ⎇
   Update to cde-2.5.3.
VersionDeltaFile
1.20+4-4x11/cde/Makefile
1.3+2-2x11/cde/distinfo
+6-62 files

OpenBSD/src NgnFcyUsys/arch/riscv64/riscv64 machdep.c

by kettenis on ⎇
   If there is no /memory node in the device tree, use the EFI memory map to
   determine physmem.

   ok jca@
VersionDeltaFile
1.42+20-16sys/arch/riscv64/riscv64/machdep.c
+20-161 files

OpenBSD/ports sKYO8Jzgames/keeperrl Makefile distinfo, games/keeperrl/pkg PLIST

by thfr on ⎇
   update to keeperrl 1.3
VersionDeltaFile
1.8+3-3games/keeperrl/Makefile
1.3+4-0games/keeperrl/pkg/PLIST
1.6+2-2games/keeperrl/distinfo
+9-53 files

OpenBSD/src c6nPYARusr.bin/login login.c

by jca on ⎇
   Use LOGIN_SETXDGENV in login(1)

   Makes XDG_TUNTIME_DIR usable from text consoles.
   "makes sense to me" landry@, ok matthieu@ robert@
VersionDeltaFile
1.75+2-2usr.bin/login/login.c
+2-21 files

OpenBSD/ports ni1LreJgames/fheroes2 distinfo Makefile, games/fheroes2/pkg PLIST

by thfr on ⎇
   update to fheroes2 1.1.12
VersionDeltaFile
1.10+3-2games/fheroes2/pkg/PLIST
1.23+2-2games/fheroes2/distinfo
1.26+1-1games/fheroes2/Makefile
+6-53 files

OpenBSD/ports VQfgFzEx11/gnome/control-center distinfo Makefile

by ajacoutot on ⎇
   Update to gnome-control-center-49.2.1.
VersionDeltaFile
1.75+2-2x11/gnome/control-center/distinfo
1.138+1-1x11/gnome/control-center/Makefile
+3-32 files

OpenBSD/ports cH1ryIRnet/libproxy distinfo Makefile, net/libproxy/patches patch-src_libproxy_meson_build

by ajacoutot on ⎇
   Update to libproxy-0.5.12.
VersionDeltaFile
1.26+2-2net/libproxy/distinfo
1.97+1-1net/libproxy/Makefile
1.4+1-1net/libproxy/patches/patch-src_libproxy_meson_build
1.5+1-0net/libproxy/pkg/PLIST
+5-44 files

OpenBSD/src BgnK91wusr.sbin/httpd httpd.h

by rsadowski on ⎇
   Add missing GZIP_STATIC flag to SRVFLAG_BITS macro

   GZIP_STATIC flag at position \33 was missing from the debug string.

   Also correct the truncated PATH_REWRITE/NO_PATH_REWRITE flag names.
   The PATH_REWRITE and NO_PATH_REWRITE flag names were truncated to
   PATH and NO_PATH in the SRVFLAG_BITS string definition.

   OK kirill@ deraadt@
VersionDeltaFile
1.166+4-3usr.sbin/httpd/httpd.h
+4-31 files

OpenBSD/src OZSn6EFusr.sbin/unbound/iterator iter_scrub.c

by sthen on ⎇
   Fix incomplete mitigation of CVE-2025-11411 by applying the non-test part of
   https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff

   This extends the previous fix by also scrubbing unsolicited NS RRSets (and
   their respective address records) for YXDOMAIN and nodata non-referral answers.
VersionDeltaFile
1.20+35-4usr.sbin/unbound/iterator/iter_scrub.c
+35-41 files

OpenBSD/ports DMS1sVUmail/alpine Makefile, mail/alpine/patches patch-imap_src_osdep_unix_ssl_unix_c

by sthen on ⎇
   replace c-client's hand-rolled certificate checker with code to use
   SSL_set1_host based on debian's 1006_openssl1.1_autoverify.patch

   found with asterisk's imap voicemail code, which was whining about
   a letsencrypt certificate generated with 'profile tlsserver' (these
   don't include CN).

   help/ok tb@
VersionDeltaFile
1.8+45-18mail/alpine/patches/patch-imap_src_osdep_unix_ssl_unix_c
1.66+1-1mail/alpine/Makefile
+46-192 files

OpenBSD/ports aaO6cHPdevel/llvm/21 distinfo Makefile

by robert on ⎇
   update to 21.1.6
VersionDeltaFile
1.7+2-2devel/llvm/21/distinfo
1.12+1-1devel/llvm/21/Makefile
+3-32 files

OpenBSD/ports 6ss502udevel/rust-bindgen distinfo Makefile

by robert on ⎇
   update to 0.72.1
VersionDeltaFile
1.3+2-2devel/rust-bindgen/distinfo
1.4+1-1devel/rust-bindgen/Makefile
+3-32 files

OpenBSD/src pRkez35regress/sys/arch/amd64/seves_mmio seves_mmio.c

by hshoexer on ⎇
   Add license and rcs header.

   ok tb
VersionDeltaFile
1.2+18-0regress/sys/arch/amd64/seves_mmio/seves_mmio.c
+18-01 files

OpenBSD/ports fxjrK3fwayland Makefile

by jca on ⎇
   Hook up wayland/cagebreak

   ok matthieu@
VersionDeltaFile
1.27+1-0wayland/Makefile
+1-01 files