OpenBSD/ports U1SDAnFaudio/py-discid distinfo Makefile, audio/py-discid/patches patch-discid_libdiscid_py

   update to py3-discid-1.4.0
VersionDeltaFile
1.3+3-12audio/py-discid/patches/patch-discid_libdiscid_py
1.3+2-2audio/py-discid/distinfo
1.14+1-1audio/py-discid/Makefile
+6-153 files

OpenBSD/ports 0gOXdBdaudio/py-acoustid Makefile distinfo, audio/py-acoustid/patches patch-chromaprint_py

   update to py3-acoustid-1.3.1
   fix loading libchromaprint
VersionDeltaFile
1.28+7-11audio/py-acoustid/Makefile
1.1+12-0audio/py-acoustid/patches/patch-chromaprint_py
1.11+2-2audio/py-acoustid/distinfo
1.15+0-2audio/py-acoustid/pkg/PLIST
+21-154 files

OpenBSD/ports n74UxvTsecurity/openssl-ruby-tests Makefile distinfo

   Update to openssl-ruby-tests 20260418
VersionDeltaFile
1.163+2-2security/openssl-ruby-tests/Makefile
1.143+2-2security/openssl-ruby-tests/distinfo
+4-42 files

OpenBSD/ports kfu9FWWx11/gnome/foundry Makefile, x11/gnome/foundry/patches patch-plugins_fallbacks_host-sdk_plugin-host-documentation-provider_c patch-plugins_cmake_plugin-cmake-build-addin_c

   Fix paths to documentation to unbreak x11/gnome/manuals runtime.
VersionDeltaFile
1.1+16-0x11/gnome/foundry/patches/patch-plugins_fallbacks_host-sdk_plugin-host-documentation-provider_c
1.1+12-0x11/gnome/foundry/patches/patch-plugins_cmake_plugin-cmake-build-addin_c
1.3+5-0x11/gnome/foundry/Makefile
+33-03 files

OpenBSD/ports d6V0QmKx11/gnome/manuals Makefile, x11/gnome/manuals/patches patch-src_manuals-window_ui

   Hide Gtk.Button because the GNOME Software Developmen Kit on Flathub is only
   available for Linux.

   from FreeBSD
VersionDeltaFile
1.1+14-0x11/gnome/manuals/patches/patch-src_manuals-window_ui
1.4+1-1x11/gnome/manuals/Makefile
+15-12 files

OpenBSD/ports hmgwjAfaudio/py-mediafile distinfo Makefile

   update to py3-mediafile-0.16.2
VersionDeltaFile
1.8+2-2audio/py-mediafile/distinfo
1.13+1-1audio/py-mediafile/Makefile
+3-32 files

OpenBSD/ports Nuk2mSmsysutils/gemini-cli distinfo Makefile, sysutils/gemini-cli/pkg PLIST

   Update to gemini-cli-0.38.2.
VersionDeltaFile
1.19+24-24sysutils/gemini-cli/pkg/PLIST
1.20+2-2sysutils/gemini-cli/distinfo
1.22+1-1sysutils/gemini-cli/Makefile
+27-273 files

OpenBSD/ports eSvhkNSsysutils/cloud-sql-proxy distinfo Makefile

   Update to cloud-sql-proxy-2.21.3.
VersionDeltaFile
1.44+2-2sysutils/cloud-sql-proxy/distinfo
1.46+1-1sysutils/cloud-sql-proxy/Makefile
+3-32 files

OpenBSD/ports mEPead7net/netatalk3 distinfo Makefile

   Update to netatalk-4.4.2.
VersionDeltaFile
1.43+2-2net/netatalk3/distinfo
1.73+1-2net/netatalk3/Makefile
+3-42 files

OpenBSD/ports f98PBe3sysutils/awscli/v1 Makefile distinfo

   Update to awscli-1.44.81.
VersionDeltaFile
1.30+2-2sysutils/awscli/v1/Makefile
1.28+2-2sysutils/awscli/v1/distinfo
+4-42 files

OpenBSD/ports ykzRunhnet/py-boto3 distinfo Makefile

   Update to py3-boto3-1.42.91.
VersionDeltaFile
1.646+2-2net/py-boto3/distinfo
1.658+1-1net/py-boto3/Makefile
+3-32 files

OpenBSD/ports cMnCO1Onet/py-botocore distinfo Makefile, net/py-botocore/pkg PLIST

   Update to py3-botocore-1.42.91.
VersionDeltaFile
1.322+6-0net/py-botocore/pkg/PLIST
1.863+2-2net/py-botocore/distinfo
1.873+1-1net/py-botocore/Makefile
+9-33 files

OpenBSD/ports p99h2mPgraphics/openexr distinfo Makefile

   Update to OpenEXR-3.4.10.
VersionDeltaFile
1.48+2-2graphics/openexr/distinfo
1.87+1-1graphics/openexr/Makefile
+3-32 files

OpenBSD/ports zjxkrJ8print/cups distinfo Makefile, print/cups/patches patch-backend_ipp_c patch-scheduler_ipp_c

   SECURITY update to cups-2.4.17.

   - CVE-2026-27447: The scheduler treated local user and group names as case-insensitive.
   - CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory.
   - CVE-2026-34980: The scheduler did not filter control characters from option values.
   - CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string.
   - CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface.
   - CVE-2026-39314: Fixed the range check for job password strings.
   - CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
   - CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
VersionDeltaFile
1.29.2.1+2-2print/cups/patches/patch-backend_ipp_c
1.36.2.2+2-2print/cups/patches/patch-scheduler_ipp_c
1.70.2.3+2-2print/cups/distinfo
1.298.2.4+1-1print/cups/Makefile
+7-74 files

OpenBSD/ports w39BJ0iprint/cups distinfo Makefile, print/cups/patches patch-backend_ipp_c patch-scheduler_ipp_c

   SECURITY update to cups-2.4.17.

   - CVE-2026-27447: The scheduler treated local user and group names as case-insensitive.
   - CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory.
   - CVE-2026-34980: The scheduler did not filter control characters from option values.
   - CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string.
   - CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface.
   - CVE-2026-39314: Fixed the range check for job password strings.
   - CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
   - CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
VersionDeltaFile
1.73+2-2print/cups/distinfo
1.30+2-2print/cups/patches/patch-backend_ipp_c
1.38+2-2print/cups/patches/patch-scheduler_ipp_c
1.302+1-1print/cups/Makefile
+7-74 files

OpenBSD/ports DHlViipsysutils/moor distinfo Makefile

   sysutils/moor: Update to 2.12.1

   From Maintainer Lydia Sobot, thanks
VersionDeltaFile
1.5+2-2sysutils/moor/distinfo
1.5+1-1sysutils/moor/Makefile
+3-32 files

OpenBSD/ports OVyWO55games/nudoku Makefile distinfo, games/nudoku/pkg PLIST

   Update nudoku to 8.0.0.
VersionDeltaFile
1.12+2-2games/nudoku/Makefile
1.9+2-2games/nudoku/distinfo
1.6+2-0games/nudoku/pkg/PLIST
+6-43 files

OpenBSD/ports ChU0G2seditors/kakoune distinfo Makefile, editors/kakoune/patches patch-Makefile

   Update kakoune to latest release 2026.04.12. Based on diff from Lydia
   Sobot ( chilledfrogs () disroot ! org ) who also takes maintainer -
   thanks!

   I added missing make update-patches and make update-plist.
VersionDeltaFile
1.10+12-0editors/kakoune/pkg/PLIST
1.11+2-2editors/kakoune/distinfo
1.3+2-2editors/kakoune/patches/patch-Makefile
1.15+2-2editors/kakoune/Makefile
+18-64 files

OpenBSD/src AlHT2nVusr.sbin/vmd vionet.c virtio.h

   Fix vmd(8) vionet reset race leading to broken networking.

   A driver reset races with the device asynchronously notifying tx
   and rx threads. The current design finishes the reset after the
   threads pause and acknowledge the reset. This can clobber device
   state because a driver doesn't need to wait before reconfiguring
   the device. End result is device thinks it's in a blank slate while
   driver thinks device is configured and device refuses to pass packets
   thinking the driver isn't ready.

   This removes that async reset design and ack message from the
   threads. Reset occurs immediately while emulating the write to the
   register. A generation counter is used to signal to tx and rx
   threads that a reset occurred between they time they finished
   processing virtqueues and the time they grabbed the write lock to
   change interrupt state on the device so they can safely skip
   raising irq lines.

   Original bug reports by mbuhl@ and stsp@.

    [4 lines not shown]
VersionDeltaFile
1.30+55-64usr.sbin/vmd/vionet.c
1.63+2-1usr.sbin/vmd/virtio.h
1.147+1-2usr.sbin/vmd/vmd.h
+58-673 files

OpenBSD/ports Cg0Et4xdevel/py-filebytes/patches patch-setup_py

   pick up upstream commit fixing with newer python
VersionDeltaFile
1.1+33-0devel/py-filebytes/patches/patch-setup_py
+33-01 files

OpenBSD/src REP6Udhlibexec/ftpd ftpd.c

   Avoid potential undefined behavior on write error while sending data.
   From Dhiraj Mishra
   OK deraadt@ tb@
VersionDeltaFile
1.236+6-5libexec/ftpd/ftpd.c
+6-51 files

OpenBSD/ports LbZZrxhgraphics/djvulibre Makefile, graphics/djvulibre/patches patch-libdjvu_MMRDecoder_cpp

   graphics/djuvlibre: include patch to fix CVE-2025-53367

   From Nick Permyakov, thanks

   ok tb@
VersionDeltaFile
1.1+25-0graphics/djvulibre/patches/patch-libdjvu_MMRDecoder_cpp
1.54+1-1graphics/djvulibre/Makefile
+26-12 files

OpenBSD/src tGFYYzvsys/arch/riscv64/stand/efiboot efiboot.c conf.c

   Attempt to load the right device tree from the riscv64-specmit-dtb
   firmware package on SpacemiT K1 boards.  The only viable way to do this
   seems to be basing this on the "model" property of the root node of
   the device tree provided by the device.  This is still a bit of a guess
   since the Milk-V Jupiter advertises itself as "spacemit k1-x evb board"
   and the Banana Pi BPI-F3 seems to say it is a "spacemit k1-x deb1 board".

   ok jca@
VersionDeltaFile
1.14+44-2sys/arch/riscv64/stand/efiboot/efiboot.c
1.6+2-2sys/arch/riscv64/stand/efiboot/conf.c
+46-42 files

OpenBSD/src Ckmknd0sys/arch/i386/conf RAMDISK

   If you use the floppy, fw_update for some drivers will not work, you will
   have to figure out the names of the missing firmwares and request them
   manually.

   The pci strings in the kernel have become too large, and I'm being told I
   may not shorten them.
VersionDeltaFile
1.205+2-2sys/arch/i386/conf/RAMDISK
+2-21 files

OpenBSD/src 8tWMEywsys/arch/amd64/conf RAMDISK

   If you use the floppy, fw_update for some drivers will not work, you will
   have to figure out the names of the missing firmwares and request them
   manually.

   The pci strings in the kernel have become too large, and I'm being told I
   may not shorten them.
VersionDeltaFile
1.90+2-2sys/arch/amd64/conf/RAMDISK
+2-21 files

OpenBSD/src mQnjuf2sys/net rtsock.c

   route_output() can not use the info struct late in its function
   since the rtm struct that populated it was freed around the
   rtm_report() call. In that case access to info.rti_info[RTAX_DST]
   is a use-after-free.  Cache the address family before handling the
   route message so that the route_input call can use this value instead.

   Report from Bruce Dang of Calif.io
   OK deraadt@
VersionDeltaFile
1.391+6-3sys/net/rtsock.c
+6-31 files

OpenBSD/src DRnhoQTusr.bin/mandoc main.c

   oops, fix a one-byte mishap in the previous commit
VersionDeltaFile
1.270+2-2usr.bin/mandoc/main.c
+2-21 files

OpenBSD/src TZo2qLKusr.bin/mandoc main.c

   Refine unveil(2) usage.

   * Process man.conf(5) early before unveil(2) because it needs realpath(3).
   * Rather than unveiling the whole file system for reading and execution,
   only reveal the manpaths actually needed for reading, and /usr/share/locale/
   if needed, and only reveal the pager binary for execution.
   * Only reveal the whole file system for reading if input file names
   are listed individually on the command line.
   * Rather than unveiling /tmp unconditionally, only do so when it is
   actually needed for the pager.
   * When -O outfilename or -O tagfilename is specified, rather than
   unveiling the current working directory for writing, only unveil
   the specific filenames needed.

   Using some feedback from deraadt@, in particular reducing the number
   of vnodes that are held, and avoiding use of the "unveil" pledge(2).
VersionDeltaFile
1.269+212-105usr.bin/mandoc/main.c
+212-1051 files

OpenBSD/ports rSOupvgsecurity/gopass Makefile, security/gopass/patches patch-main_go

   add missing pledge, 'unix' needed for "gopass age agent"
   https://github.com/gopasspw/gopass/commit/d9b731ce1e1590539516828a44cf02daba759801
VersionDeltaFile
1.8+13-29security/gopass/patches/patch-main_go
1.44+1-0security/gopass/Makefile
+14-292 files

OpenBSD/src xTcc3nDusr.bin/mandoc manpath.c manconf.h

   Prepare for refining unveil(2) usage by providing a function manpath_unveil()
   that makes the manpath directories accessible.  Soon to be used by man(1),
   spropos(1), and makewhatis(8).
VersionDeltaFile
1.33+45-5usr.bin/mandoc/manpath.c
1.10+5-2usr.bin/mandoc/manconf.h
1.226+3-1usr.bin/mandoc/mandoc.h
1.20+3-1usr.bin/mandoc/mandoc_msg.c
+56-94 files