BSD Commit Log Search

   openssl crl: make verify failure result in "app" failure

   Found by Frank Denis

   openssl ecparam: make EC_GROUP_check() failure result in "app" failure

   Found by Frank Denis

   openssl s_client: avoid two out of bounds writes

   A NUL termination after an unchecked BIO_read() call in XMSS mode could
   lead to a write one byte before the start of sbuf or one past its end.
   Add an error check to avoid the former and read one byte less to avoid the
   latter.

   Found by Frank Denis

   lang/node: Update to 24.15.0

   Tor Browser: update to 15.0.13

   don't bother with linux-specific armv7 cpu acceleration detection

   fixes build on armv7, doesn't affect other arches

   Simplify previous by shifting the rcpi value first then use a common mask.
   Also set ic_max_rssi = 0 since this driver will uses DBm reporting.

   Implement RSSI reporting for mwx(4).

   Diff provided by Benjamin Lee McQueen (mcq at disroot.org)

   Update to meson-1.11.1.

   libssl: record extension lengths in ClientHello hashing

   The ClientHello hash is intended to ensure that the second CH after an HRR
   only makes the allowed changes to the TLS extensiosn by recording message
   type followed by the raw extension data if it must remain unchanged.
   This makes it possible (in principle) that part of free form extension
   data is confused with type (and length) information of a subsequent
   extension.

   Recording the length after the type prevents such a confusion and fixes
   the framing of the extensions.

   Found by Frank Denis

   ok jsing

   ssl_lib: trade two extra empty lines for a missing one

   unifdef call into removed sparc-only tctrl(4)

   dnscontrol: move homepage after the GH org moved

   This port is also lagging behind quite a bit...

   PKCS#12: fix erroneous error check in PKCS12_newpass()

   This is an error I introduced in a refactoring two years ago in r1.20.
   This means that nothing uses this...

   From Frank Denis via logan

   update to offlineimap-8.0.2

   remove unneeded ufs/ffs/fs.h includes

   added for BBSIZE and SBSIZE which are no longer used

   update to py3-trove-classifiers-2026.5.7.17

   update to py3-tz-2026.2

   Use uint32_t instead of SHA_LONG in the SHA-256 code.

   This is more readable and we already have a compile time assert that they
   are the same size.

   ok tb@

   Use W rather than X for the SHA-256 message schedule.

   This more closely matches the SHA-256 specification in FIPS 180-4.

   ok tb@

   Use consistent variable names in the sha256 code.

   Use 'ctx' rather than 'c' for the SHA256_CTX and use data/len rather
   than d/n.

   ok kenjiro@ tb@

   Use crypto_add_u32dw_u64() to increment SHA-256 message bit counter.

   ok kenjiro@ tb@

   Correct argument type for SHA context.

   These are SHA_CTX not SHA256_CTX.

   Correct argument type in comments.

   Add new dependency on devel/kf6/kirigami

   Update to awscli-1.45.6.

   Update to py3-boto3-1.43.6.

   Update to py3-s3transfer-0.17.0.

   Update to py3-botocore-1.43.6.

   Update to cups-pdf-3.0.3.