BSD Commit Log Search

   update p5-Crypt-PBKDF2 to 0.261630
   CVE-2026-9641 CVE-2026-9638 CVE-2017-20240
   OK maintainer Wen Heping

   Fix various errors in redrawing:

   - Fix the active pane colour when only two panes and scrollbars enabled.

   - Clip left and right scrollbars the same for floating panes.

   - Do not subtract scrollbar width twice when working out width of status
     line.

   - Check if a character is inside a visible range correctly (do not
     include the next position outside the range).

   Skip floating panes when working out the top or bottom cell. Fixes
   missing bottom status pane status line when floating panes exist.

   Add a helper to get pane-border-status for a window for some other
   changes to come.

   Take account of borders when resizing floating panes.

   hook up sdrpp

   Initial revision

   Remove outdated kf5 dependency

   Correct secondary key share handling for HelloRetryRequests.

   With the introduction of a secondary key share, we fail to ensure that the
   HelloRetryRequest does not specify the group that was used for the
   secondary key share. We also fail to free the secondary key share early in
   this case, meaning that it lingers in memory until the SSL is reset or
   freed. Fix both of these issues.

   ok tb@

   Improve TLSv1.3 server handling of no shared groups.

   While we currently correctly handle the no-shared-group case, it currently
   fails late when we try to create the key share. Improve detection and
   handling so that we fail sooner and send an alert to the client when
   processing client key shares.

   While here rename preferred_group_found to shared_group_found - we look for
   the client preferred group, but any group that we select will always be in
   the client list (even if it's the last one).

   Reported by the tlspuffin team.

   ok tb@

   Send illegal parameter alerts for various HelloRetryRequest violations.

   Be more RFC compliant and send illegal parameter alerts when the client
   receives a HelloRetryRequest that requests a group that we did not offer
   or a group that we sent a key share for in the ClientHello. These were
   annotated as missing, but not previously implemented.

   Prompted by a report from the tlspuffin team.

   ok tb@

   shells/atuin: update to 18.16.1

   Improve renegotation regress.

   Include coverage of Renegotiation Indication and legacy connection
   handling.

   Mop up SSL_CTX_set_options(3).

   SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS is now a no-op, tidy up
   SSL_OP_LEGACY_SERVER_CONNECT and reflect the current state of SSL_OP_ALL
   Delete the entire "SECURE RENEGOTIATION" section that contained ancient
   ramblings.

   ok beck@ tb@

   Remove SSL_OP_LEGACY_SERVER_CONNECT from default options.

   Remove SSL_OP_LEGACY_SERVER_CONNECT from the default SSL options and the
   SSL_OP_ALL define. This means that we will now refuse to connect to a
   TLSv1.2 server if it does not support the Renegotiation Indication (RI)
   extension. This prevents a class of attacks against TLS clients that are
   talking to TLSv1.2-only servers that permit client initiated renegotiation.

   Raised by Lucca Hirschi et al from Inria.

   ok beck@ tb@

   editors/jmigpin-editor: update to 3.13

   www/dufs: remove unexpected output from crates.inc

   pointed by espie@

   no build changes

   cargo-module.5: document more variables

   From Andrew Kloet andrew kloet.net

   Update to rocksndiamonds-4.4.2.1.

   devel/sbt: update to 1.12.12

   Update tig to 2.6.1.

   update to xsettingsd-1.0.4

   update to yle-dl-20260520, from Timo Myyra (maintainer)

   update to 26.2.4.2

   lang/gcc/16: added i386 bootstrap; updated plist for i386

   Remove oxygen Qt5/KDE5 support

   Remove USE_WXNEEDED, qtwebengine is no longer used

   Fix typo and remove min mlt version

   Typo spotted by espie@, thanks

   Add README to build in-house providers.

   Drop maintainer, I have moved to opentofu.