OpenBSD/ports K370JE2x11/py-superqt distinfo Makefile

   update py-superqt to 0.8.1
VersionDeltaFile
1.5+2-2x11/py-superqt/distinfo
1.7+1-1x11/py-superqt/Makefile
+3-32 files

OpenBSD/ports N6Jto2jdevel/ipython distinfo Makefile

   update ipython to 9.12.0
VersionDeltaFile
1.57+2-2devel/ipython/distinfo
1.103+1-1devel/ipython/Makefile
+3-32 files

OpenBSD/src GVnWRrGlib/libcrypto/md5 md5_amd64_generic.S, lib/libcrypto/sha sha1_amd64_generic.S sha1_amd64_shani.S

   Include crypto_assembly.h instead of manually ensuring _CET_ENDBR exists.

   ok kenjiro@ tb@
VersionDeltaFile
1.2+2-6lib/libcrypto/md5/md5_amd64_generic.S
1.5+2-6lib/libcrypto/sha/sha1_amd64_generic.S
1.4+2-6lib/libcrypto/sha/sha1_amd64_shani.S
1.6+2-6lib/libcrypto/sha/sha256_amd64_generic.S
1.4+2-6lib/libcrypto/sha/sha256_amd64_shani.S
1.4+2-6lib/libcrypto/sha/sha512_amd64_generic.S
+12-366 files

OpenBSD/src JSqHMZ9lib/libcrypto crypto_assembly.h

   Provide a crypto_assembly.h internal header.

   This will contain defines and macros that we need for assembly code,
   without polluting other headers that are primarily used for C code.

   For now, this just unconditionally provides _CET_ENDBR on amd64.

   ok kenjiro@ tb@
VersionDeltaFile
1.1+30-0lib/libcrypto/crypto_assembly.h
+30-01 files

OpenBSD/ports t8rJBgYdevel/p5-Test-Unit distinfo Makefile

   Update to p5-Test-Unit-0.30.
VersionDeltaFile
1.6+2-2devel/p5-Test-Unit/distinfo
1.16+1-1devel/p5-Test-Unit/Makefile
+3-32 files

OpenBSD/ports BAtY2fKdevel/p5-Locale-Codes distinfo Makefile

   Update to p5-Locale-Codes-3.88.
VersionDeltaFile
1.17+2-2devel/p5-Locale-Codes/distinfo
1.19+1-1devel/p5-Locale-Codes/Makefile
+3-32 files

OpenBSD/ports WHRY9vGdatabases/duckdb distinfo Makefile, databases/duckdb/pkg PLIST

   Update to duckdb-1.5.1.
VersionDeltaFile
1.5+2-2databases/duckdb/distinfo
1.5+2-2databases/duckdb/Makefile
1.4+2-0databases/duckdb/pkg/PLIST
+6-43 files

OpenBSD/ports U5is0Jnx11/tigervnc Makefile, x11/tigervnc/patches patch-unix_xserver_hw_vnc_vncHooks_c patch-unix_x0vncserver_Image_cxx

   backport upstream fixes from 1.16.2
VersionDeltaFile
1.1+29-0x11/tigervnc/patches/patch-unix_xserver_hw_vnc_vncHooks_c
1.1+23-0x11/tigervnc/patches/patch-unix_x0vncserver_Image_cxx
1.32+1-1x11/tigervnc/Makefile
+53-13 files

OpenBSD/ports All4xUxdatabases/freetds distinfo Makefile

   update to freetds-1.5.15
VersionDeltaFile
1.110+2-2databases/freetds/distinfo
1.176+1-1databases/freetds/Makefile
+3-32 files

OpenBSD/ports JO3rGJ1converters/libiconv Makefile distinfo, converters/libiconv/patches patch-src_Makefile_in patch-libcharset_lib_localcharset_c

   update to libiconv-1.19, from Brad (maintainer)
VersionDeltaFile
1.9+4-4converters/libiconv/patches/patch-src_Makefile_in
1.56+2-2converters/libiconv/Makefile
1.13+2-2converters/libiconv/distinfo
1.8+1-1converters/libiconv/patches/patch-libcharset_lib_localcharset_c
1.6+0-0converters/libiconv/patches/patch-lib_relocatable_c
+9-95 files

OpenBSD/src hIObrY5lib/libtls tls_ocsp.c

   libtls: const workarounds for X509_NAME in OCSP for OpenSSL 4

   The API to look up a cert by subject or issuer name clearly only needs to
   do name comparisons in a collection of certs so should by all means take a
   const X509_NAME * as an argument. However, this isn't all that easy to do
   and hence it's only in OpenSSL 4 that this obvious step was reached.

   This means that there is no way around casting for older code. One could
   cast the return value of X509_get_issuer_name() or the argument passed to
   the two lookups by subject. jsing slightly prefers the second approach,
   so this is what we do here.

   ok djm jsing kenjiro
VersionDeltaFile
1.27+5-4lib/libtls/tls_ocsp.c
+5-41 files

OpenBSD/ports iI4Lshtnet/icinga/icingadb distinfo Makefile, net/icinga/icingadb/patches patch-cmd_icingadb_openbsd_go patch-cmd_icingadb_main_go

   update to icingadb-1.5.1, from Alvar Penning (maintainer)
VersionDeltaFile
1.1+87-0net/icinga/icingadb/patches/patch-cmd_icingadb_openbsd_go
1.6+18-18net/icinga/icingadb/distinfo
1.1+21-0net/icinga/icingadb/patches/patch-cmd_icingadb_main_go
1.6+7-4net/icinga/icingadb/Makefile
1.6+4-4net/icinga/icingadb/modules.inc
+137-265 files

OpenBSD/src uTH9Jerlib/libtls tls_conninfo.c tls_verify.c

   libtls: simple cases of const for X509_NAME *

   After the const sprinkling in OpenSSL 1.1, X509_get_{issuer,subject}_name()
   still returned a non-const pointer for unclear reasons. In OpenSSL 4,
   the return value also grew a const qualifier, so move the two "name" in
   tls_conninfo.c and the "subject_name" in tls_verify.c to const. They are
   only used for further processing by already const correct functions (at
   least as far as X509_NAME is concerned).

   ok djm jsing kenjiro
VersionDeltaFile
1.29+3-3lib/libtls/tls_conninfo.c
1.33+3-3lib/libtls/tls_verify.c
+6-62 files

OpenBSD/ports MrFAZbUdevel/codex distinfo, devel/codex/patches patch-codex-rs_core_src_tools_spec_rs patch-codex-rs_Cargo_toml

   devel/codex: update to 0.117.0
VersionDeltaFile
1.12+56-20devel/codex/distinfo
1.1+66-0devel/codex/patches/patch-codex-rs_core_src_tools_spec_rs
1.10+44-4devel/codex/patches/patch-codex-rs_Cargo_toml
1.5+33-14devel/codex/patches/patch-codex-rs_arg0_src_lib_rs
1.1+43-0devel/codex/patches/patch-codex-rs_core_src_codex_rs
1.1+40-0devel/codex/patches/patch-codex-rs_core_src_tools_router_rs
+282-3814 files not shown
+437-5320 files

OpenBSD/ports VIshGhsarchivers/zpaqfranz distinfo Makefile

   archivers/zpaqfranz: update to 64.7

   From maintainer tux0r
VersionDeltaFile
1.39+2-2archivers/zpaqfranz/distinfo
1.42+1-1archivers/zpaqfranz/Makefile
+3-32 files

OpenBSD/ports QlRKs8xwww/webkitgtk4 distinfo Makefile

   Update to webkitgtk{41,60}-2.52.1.
VersionDeltaFile
1.144+2-2www/webkitgtk4/distinfo
1.255+1-1www/webkitgtk4/Makefile
+3-32 files

OpenBSD/ports u906H9Isysutils/awscli/v1 Makefile distinfo, sysutils/awscli/v1/pkg PLIST

   Update to awscli-1.44.68.
VersionDeltaFile
1.27+2-2sysutils/awscli/v1/Makefile
1.25+2-2sysutils/awscli/v1/distinfo
1.11+1-0sysutils/awscli/v1/pkg/PLIST
+5-43 files

OpenBSD/ports XHYVdsEnet/py-boto3 distinfo Makefile

   Update to py3-boto3-1.42.78.
VersionDeltaFile
1.643+2-2net/py-boto3/distinfo
1.655+1-1net/py-boto3/Makefile
+3-32 files

OpenBSD/ports vm25hu8net/py-botocore distinfo Makefile, net/py-botocore/pkg PLIST

   Update to py3-botocore-1.42.78.
VersionDeltaFile
1.319+7-0net/py-botocore/pkg/PLIST
1.860+2-2net/py-botocore/distinfo
1.870+1-1net/py-botocore/Makefile
+10-33 files

OpenBSD/src dqBqidjregress/sys/kern/pledge/open open.c Makefile

   Test that __pledge_open can bypass unveil.
VersionDeltaFile
1.2+11-3regress/sys/kern/pledge/open/open.c
1.2+5-1regress/sys/kern/pledge/open/Makefile
+16-42 files

OpenBSD/ports yPUq8tlsysutils/amazon-ssm-agent distinfo Makefile

   Update to amazon-ssm-agent-3.3.4121.0.
VersionDeltaFile
1.166+2-2sysutils/amazon-ssm-agent/distinfo
1.180+1-1sysutils/amazon-ssm-agent/Makefile
+3-32 files

OpenBSD/ports PEw2rBidevel/libspectrum Makefile distinfo

   Update to libspectrum-1.6.0.
VersionDeltaFile
1.43+2-3devel/libspectrum/Makefile
1.23+2-2devel/libspectrum/distinfo
+4-52 files

OpenBSD/ports aknoy4Kdevel/p5-IO-Tty Makefile, devel/p5-IO-Tty/patches patch-Tty_xs

   Unbreak p5-IO-Tty compilation on GCC, spotted by kmos@, thanks !
VersionDeltaFile
1.7+11-14devel/p5-IO-Tty/patches/patch-Tty_xs
1.34+2-1devel/p5-IO-Tty/Makefile
+13-152 files

OpenBSD/src svsPpnYusr.bin/ssh channels.c

   ensure c->local_window doesn't underflow during updates;
   similar to checks performed elsewhere. From Renaud Allard
VersionDeltaFile
1.458+5-2usr.bin/ssh/channels.c
+5-21 files

OpenBSD/src TQttVmHusr.bin/ssh sshbuf-misc.c

   fix base16 parsing; currently unused. From Renaud Allard
VersionDeltaFile
1.23+2-2usr.bin/ssh/sshbuf-misc.c
+2-21 files

OpenBSD/src ciB6F3iusr.bin/ssh sshd_config.5

   mention that RevokedKeys is read by the server at each
   authentication time and should only ever be replaced
   atomically.
VersionDeltaFile
1.397+7-2usr.bin/ssh/sshd_config.5
+7-21 files

OpenBSD/src GFHSR4Jusr.bin/ssh monitor.c

   fix potential hang if /etc/moduli doesn't contain the requested
   DH group values; from 77c9ca, ok dtucker@, markus@
VersionDeltaFile
1.255+1-2usr.bin/ssh/monitor.c
+1-21 files

OpenBSD/src Vu0aW4Rlib/libc/sys open.2

   improve explanation of when it __pledge_open works
VersionDeltaFile
1.55+6-3lib/libc/sys/open.2
+6-31 files

OpenBSD/ports 6Hw57hIlang/ruby/3.3 distinfo Makefile, lang/ruby/3.3/patches patch-template_Makefile_in patch-configure

   Update to Ruby 3.3.11

   Fixes CVE-2026-27820: Buffer overflow vulnerability in Zlib::GzipReader

   One patch merged upstream.
VersionDeltaFile
1.11+9-8lang/ruby/3.3/pkg/PLIST-main
1.8+0-8lang/ruby/3.3/pkg/PLIST-ri_docs
1.3+2-2lang/ruby/3.3/patches/patch-template_Makefile_in
1.12+2-2lang/ruby/3.3/distinfo
1.22+1-2lang/ruby/3.3/Makefile
1.9+1-1lang/ruby/3.3/patches/patch-configure
+15-232 files not shown
+16-248 files

OpenBSD/ports SWLH7Pndevel/binutils Makefile

   Drop maintainership.
VersionDeltaFile
1.27+1-3devel/binutils/Makefile
+1-31 files