OpenBSD/ports vqohJV5net/yggdrasil-go distinfo modules.inc

by kn on ⎇
   update to yggdrasil 0.5.14
VersionDeltaFile
1.12+90-94net/yggdrasil-go/distinfo
1.7+30-32net/yggdrasil-go/modules.inc
1.21+1-1net/yggdrasil-go/Makefile
+121-1273 files

OpenBSD/ports ZajpmB8sysutils/patchelf Makefile distinfo, sysutils/patchelf/patches patch-src_patchelf_cc

by kn on ⎇
   update to patchelf 0.19.0
VersionDeltaFile
1.25+4-3sysutils/patchelf/Makefile
1.12+2-2sysutils/patchelf/distinfo
1.2+0-0sysutils/patchelf/patches/patch-src_patchelf_cc
+6-53 files

OpenBSD/ports OMnPgxZnet/ngtcp2 Makefile distinfo

by tb on ⎇
   Update to ngtcp2 1.24.0

   https://github.com/ngtcp2/ngtcp2/releases/tag/v1.24.0
VersionDeltaFile
1.41+3-3net/ngtcp2/Makefile
1.39+2-2net/ngtcp2/distinfo
+5-52 files

OpenBSD/ports QiVpSWSx11/gnome/eog distinfo Makefile

by ajacoutot on ⎇
   Update to eog-50.2.
VersionDeltaFile
1.102+2-2x11/gnome/eog/distinfo
1.202+1-1x11/gnome/eog/Makefile
+3-32 files

OpenBSD/ports 1r2Z3EPwww/nghttp3 Makefile distinfo

by tb on ⎇
   Update to nghttp3 1.17.0

   https://github.com/ngtcp2/nghttp3/releases/tag/v1.17.0
VersionDeltaFile
1.29+2-2www/nghttp3/Makefile
1.25+2-2www/nghttp3/distinfo
+4-42 files

OpenBSD/ports aTnVo2mmisc/openhab-addons/4 distinfo, misc/openhab-addons/5 distinfo

by sebastia on ⎇
   update openhab and openhab addons to 4.3.11 or 5.1.4 respectively
   From MAINTAINER Chaz Kettleson, 5.x version also tested by me,

   While there, add a blurb about how to preserve shell history to README

   Feedback and OK sthen@
VersionDeltaFile
1.6+20-0misc/openhab/pkg/README
1.5+2-2misc/openhab-addons/5/distinfo
1.3+2-2misc/openhab-addons/4/distinfo
1.3+2-2misc/openhab/4/distinfo
1.5+2-2misc/openhab/5/distinfo
1.7+1-2misc/openhab/5/Makefile
+29-103 files not shown
+32-149 files

OpenBSD/ports 17o4rwagames/rocksndiamonds distinfo Makefile

by benoit on ⎇
   Update to rocksndiamonds-4.4.2.3.
VersionDeltaFile
1.63+2-2games/rocksndiamonds/distinfo
1.81+1-1games/rocksndiamonds/Makefile
+3-32 files

OpenBSD/ports 8tPd8enmultimedia/shotcut distinfo Makefile

by rsadowski on ⎇
   Update shotcut to 26.6.25

   From Josh Grosse (maintainer)
VersionDeltaFile
1.21+2-2multimedia/shotcut/distinfo
1.28+2-2multimedia/shotcut/Makefile
+4-42 files

OpenBSD/src Y6le0QAsbin/iked proc.c, usr.sbin/httpd proc.c

by rsadowski on ⎇
   restrict IMSG_CTL_PROCFD to parent and check process id/instance

   IMSG_CTL_PROCFD messages contain a destination process id and instance
   number that were used to index internal arrays before being checked.
   A child sending bad imsgs could cause out-of-bounds reads or
   writes.

   Check for a missing fd, a bad process id, or an out-of-range instance
   before any array is indexed.  Also reject IMSG_CTL_PROCFD that does not
   come from the parent.

   from Andrew Griffiths, diff by martijn@ and myself, ok martijn@
VersionDeltaFile
1.57+15-7usr.sbin/relayd/proc.c
1.41+14-7usr.sbin/snmpd/proc.c
1.54+14-7usr.sbin/httpd/proc.c
1.52+14-7sbin/iked/proc.c
+57-284 files

OpenBSD/src LEdIrS5usr.sbin/httpd httpd.conf.5 httpd.h

by rsadowski on ⎇
   Switch the default TLS cipher set from "compat" to "secure"

   The "secure" keyword only allows TLSv1.3 and the TLSv1.2 AEAD ciphers
   that have forward secrecy (ECDHE/DHE).  See tls_config_set_ciphers(3)
   for details.  This is stricter than "HIGH:!aNULL" and drops older
   ciphers without AEAD or forward secrecy.

   Also update the ciphers text in httpd.conf.5 with the clearer wording
   from smtpd.conf.5.

   Old peers that need these older ciphers may no longer connect.

   idea from Mischa, ok kirill@ ok tb@
VersionDeltaFile
1.134+9-8usr.sbin/httpd/httpd.conf.5
1.175+2-2usr.sbin/httpd/httpd.h
+11-102 files

OpenBSD/src XyrIA9xusr.sbin/relayd relayd.conf.5 relayd.h

by rsadowski on ⎇
   Switch the default TLS cipher set from "HIGH:!aNULL" to "secure"

   The "secure" keyword only allows TLSv1.3 and the TLSv1.2 AEAD ciphers
   that have forward secrecy (ECDHE/DHE).  See tls_config_set_ciphers(3)
   for details.  This is stricter than "HIGH:!aNULL" and drops older
   ciphers without AEAD or forward secrecy.

   Also update the ciphers text in relayd.conf.5 with the clearer wording
   from smtpd.conf.5.

   Old peers that need these older ciphers may no longer connect.

   idea from Mischa, ok kirill@ ok tb@
VersionDeltaFile
1.219+10-9usr.sbin/relayd/relayd.conf.5
1.288+2-2usr.sbin/relayd/relayd.h
+12-112 files

OpenBSD/ports l0627LTx11/kde-plasma Makefile

by rsadowski on ⎇
   Remove duplicate entries
VersionDeltaFile
1.22+0-3x11/kde-plasma/Makefile
+0-31 files

OpenBSD/ports z7wI0Orgames/vegastrike/engine Makefile, games/vegastrike/engine/patches patch-CMakeLists_txt patch-src_cmd_unit_generic_cpp

by daniel on ⎇
   update vegastrike to 0.9.1

   ok pascal@ (MAINTAINER)
VersionDeltaFile
1.2+37-45games/vegastrike/engine/patches/patch-CMakeLists_txt
1.5+2-29games/vegastrike/engine/patches/patch-src_cmd_unit_generic_cpp
1.4+14-14games/vegastrike/engine/patches/patch-src_cmd_collide_map_h
1.2+14-10games/vegastrike/utcs/pkg/PLIST
1.22+12-9games/vegastrike/engine/Makefile
1.4+6-15games/vegastrike/engine/patches/patch-src_cmd_basecomputer_cpp
+85-12213 files not shown
+125-13919 files

OpenBSD/ports sn4Uj3Bnet/bro Makefile, net/bro/patches patch-scripts_base_packet-protocols___load___zeek

by kn on ⎇
   Do not load IGMP analyser to unbreak service startup

   8.2.0 gained support for this protocol, but our package cannot use it
   due to lack of Spicy.

   Reported by Jean-Philippe L.
VersionDeltaFile
1.1+13-0net/bro/patches/patch-scripts_base_packet-protocols___load___zeek
1.166+1-0net/bro/Makefile
+14-02 files

OpenBSD/src JKUgLTIusr.sbin/bgpd Makefile

by claudio on ⎇
   Revert the -fno-omit-frame-pointer change (including the clang only
   -mno-omit-leaf-frame-pointer). Committed by accident.
   Noticed because of commit from miod@
VersionDeltaFile
1.49+1-5usr.sbin/bgpd/Makefile
+1-51 files

OpenBSD/ports T8AEfrRfonts/font-awesome distinfo Makefile

by rsadowski on ⎇
   Update font-awesome to 7.3.0
VersionDeltaFile
1.46+4-4fonts/font-awesome/distinfo
1.51+1-2fonts/font-awesome/Makefile
+5-62 files

OpenBSD/ports vGS2UaPx11/kde-plasma/kdeplasma-addons Makefile

by rsadowski on ⎇
   Remove LD, CXX and C flags that are no longer required
VersionDeltaFile
1.24+1-5x11/kde-plasma/kdeplasma-addons/Makefile
+1-51 files

OpenBSD/ports 2lzIczCx11/kde-plasma/plasma-activities-stats Makefile

by rsadowski on ⎇
   Remove CXX flag that is no longer required
VersionDeltaFile
1.4+1-3x11/kde-plasma/plasma-activities-stats/Makefile
+1-31 files

OpenBSD/ports YXBCK1jx11/kde-plasma/plasma-desktop Makefile

by rsadowski on ⎇
   Remove LD, CXX and C flags that are no longer required
VersionDeltaFile
1.37+1-5x11/kde-plasma/plasma-desktop/Makefile
+1-51 files

OpenBSD/ports IeYEMCMx11/kde-plasma/kwayland Makefile

by rsadowski on ⎇
   Remove LD, CXX and C flags that are no longer required
VersionDeltaFile
1.10+1-4x11/kde-plasma/kwayland/Makefile
+1-41 files

OpenBSD/ports 03P59jEx11/kde-plasma/plasma-sdk Makefile

by rsadowski on ⎇
   Remove LD, CXX and C flags that are no longer required
VersionDeltaFile
1.14+1-5x11/kde-plasma/plasma-sdk/Makefile
+1-51 files

OpenBSD/ports xPfKoBzx11/kde-plasma/plasma-workspace Makefile

by rsadowski on ⎇
   Remove LD, CXX and C flags that are no longer required
VersionDeltaFile
1.42+1-5x11/kde-plasma/plasma-workspace/Makefile
+1-51 files

OpenBSD/ports 4cbx2nhtextproc/xmlwf distinfo Makefile

by bluhm on ⎇
   update xmlwf to expat 2.8.2
VersionDeltaFile
1.16+4-4textproc/xmlwf/distinfo
1.24+1-1textproc/xmlwf/Makefile
+5-52 files

OpenBSD/src sf5tCDvlib/libexpat Changes, lib/libexpat/lib xmlparse.c memory_sanitizer.h

by bluhm on ⎇
   Update libexpat to version 2.8.2.

   Relevant for OpenBSD are security fixes #1246 #1267 #1272 #1229
   #1232 #1249 #1251 #1255 #1262 #565 #1278, other changes #1283 #565
   #1220 #1221 #1222 #1224 #1226 #1228 #1230 #1238 #1239 #1240 #1241
   #1242 #1243 #1243 #1247 #1248 #1256 #1258 #1261 #1275.
   Library bump is not necessary.
   CVE-2026-50219 CVE-2026-56131 CVE-2026-56132 CVE-2026-56403
   CVE-2026-56404 CVE-2026-56405 CVE-2026-56406 CVE-2026-56407
   CVE-2026-56408 CVE-2026-56409 CVE-2026-56410 CVE-2026-56411
   CVE-2026-56412

   OK tb@
VersionDeltaFile
1.50+658-548lib/libexpat/lib/xmlparse.c
1.38+90-2lib/libexpat/Changes
1.7+51-2lib/libexpat/tests/handlers.c
1.1+51-0lib/libexpat/lib/memory_sanitizer.h
1.1+49-0lib/libexpat/lib/fallthrough.h
1.12+38-10lib/libexpat/tests/basic_tests.c
+937-56214 files not shown
+1,083-61020 files

OpenBSD/src QMxsjN6regress/lib/libc Makefile, regress/lib/libc/freeaddrinfo freeaddrinfo.c Makefile

by jca on ⎇
   Trivial check for freeaddrinfo(NULL)
VersionDeltaFile
1.1+22-0regress/lib/libc/freeaddrinfo/freeaddrinfo.c
1.1+5-0regress/lib/libc/freeaddrinfo/Makefile
1.64+2-2regress/lib/libc/Makefile
+29-23 files

OpenBSD/src gD88VL4regress/lib/libc/getaddrinfo gaitest.c

by jca on ⎇
   Ansify usage()

   While here drop pointless declaration for main()
VersionDeltaFile
1.9+2-3regress/lib/libc/getaddrinfo/gaitest.c
+2-31 files

OpenBSD/ports X3cbZfSx11/kde-plasma/print-manager Makefile

by rsadowski on ⎇
   Add build/run dependency on QML devel/kf6/kdeclarative

   Spotted by naddy
VersionDeltaFile
1.10+5-2x11/kde-plasma/print-manager/Makefile
+5-21 files

OpenBSD/src X4Hdxusregress/lib/libc/getaddrinfo gaitest.c

by jca on ⎇
   K&R -> ANSI
VersionDeltaFile
1.8+3-9regress/lib/libc/getaddrinfo/gaitest.c
+3-91 files

OpenBSD/src Q6odCKLlib/libc/asr getaddrinfo_async.c

by jca on ⎇
   Revert rev 1.68 as it breaks resolution of literal IP addresses

   Reported by matthieu@
VersionDeltaFile
1.70+9-10lib/libc/asr/getaddrinfo_async.c
+9-101 files

OpenBSD/ports yZ4zHqgsysutils/colorls distinfo Makefile

by naddy on ⎇
   sysutils/colorls: sync with OpenBSD 7.9
VersionDeltaFile
1.29+2-2sysutils/colorls/distinfo
1.48+1-1sysutils/colorls/Makefile
+3-32 files