OpenBSD/ports 78172IZgames/galois Makefile distinfo, games/galois/patches patch-doc_makefile_in patch-src_makefile_in

   Update galois to 0.8.
VersionDeltaFile
1.3+27-17games/galois/patches/patch-doc_makefile_in
1.22+5-6games/galois/Makefile
1.6+8-0games/galois/pkg/PLIST
1.5+2-2games/galois/distinfo
1.3+1-1games/galois/patches/patch-src_makefile_in
+43-265 files

OpenBSD/ports YhdsMQxarchivers/unrar Makefile distinfo, archivers/unrar/patches patch-os_hpp patch-crc_cpp

   archivers/unrar: update to 7.23

   Security fixes:
   * heap overflow when reconstructing data from RAR5 recovery volumes
   * a specially crafted RAR archive could create a symbolic link pointing
     outside of the intended destination folder during extraction
VersionDeltaFile
1.22.6.1+9-19archivers/unrar/patches/patch-os_hpp
1.1.8.1+5-7archivers/unrar/patches/patch-crc_cpp
1.11.8.1+5-7archivers/unrar/patches/patch-rijndael_cpp
1.102.4.1+2-2archivers/unrar/Makefile
1.56.4.1+2-2archivers/unrar/distinfo
+23-375 files

OpenBSD/ports mGb3rn4archivers/libarchive Makefile distinfo, archivers/libarchive/patches patch-Makefile_in

   archivers/libarchive: update to 3.8.8

   Many more fixes for NULL pointer derefs, out-of-bounds accesses,
   and miscellaneous other bugs.
VersionDeltaFile
1.70.2.1+2-2archivers/libarchive/Makefile
1.50.2.1+2-2archivers/libarchive/distinfo
1.10.2.1+1-1archivers/libarchive/patches/patch-Makefile_in
+5-53 files

OpenBSD/src wUAiEv5sys/kern sysv_msg.c, sys/sys msg.h

   Make concurrent sys_msgrcv() wait until we finish message delivery. We
   left acquired message in the queue while we are sleeping in msg_copyout().
   Concurrent sys_msgrcv() could acquire and delete this message.

   Reported-by: syzbot+c80235d951da9769a00f at syzkaller.appspotmail.com
VersionDeltaFile
1.48+34-4sys/kern/sysv_msg.c
1.26+4-2sys/sys/msg.h
+38-62 files

OpenBSD/ports 94bWEIdnet/curl Makefile distinfo

   net/curl: update to 8.21.0

   Includes fixes for
   CVE-2026-8286: wrong STARTTLS connection reuse
   CVE-2026-8458: wrong reuse for different services
   CVE-2026-8924: trailing dot domain super cookie
   CVE-2026-8926: password leak with netrc and user in URL
   CVE-2026-8927: env-set cross-proxy Digest auth state leak
   CVE-2026-8932: incomplete mTLS config matching in conn reuse
   CVE-2026-9079: stale proxy password leak
   CVE-2026-9080: UAF after pause in socket callback
   CVE-2026-9545: exposing HTTP/3 early data
   CVE-2026-9546: sending old referer
   CVE-2026-10536: HTTP/2 stream-dependency tree UAF
   CVE-2026-11352: QUIC zero-length UDP datagrams busy-loop
   CVE-2026-11586: WS Auto-PONG memory exhaustion
   CVE-2026-11856: cross-origin Digest auth state leak
VersionDeltaFile
1.213.2.2+2-2net/curl/Makefile
1.145.2.2+2-2net/curl/distinfo
+4-42 files

OpenBSD/ports uIWWTTMx11/kde-applications/kitinerary/patches patch-src_lib_pdf_pdfextractoroutputdevice_cpp

   Missed to run cvs remove
VersionDeltaFile
1.2+0-0x11/kde-applications/kitinerary/patches/patch-src_lib_pdf_pdfextractoroutputdevice_cpp
+0-01 files

OpenBSD/src EQwr3WWusr.sbin/rpki-client nca.c

   nca_plan_retries: fix previous by dropping a break

   from/ok job
VersionDeltaFile
1.10+1-2usr.sbin/rpki-client/nca.c
+1-21 files

OpenBSD/src WLWfaYGusr.sbin/rpki-client main.c nca.c

   Deduplicate skiplist, shortlist, and NCA retry handling

   Introduce helpers functions for manipulating lists of strings, such as
   the FQDNs in skiplist & shortlist, and rpkiNotify URLs used for batching
   NCA retries.

   OK tb@
VersionDeltaFile
1.311+39-35usr.sbin/rpki-client/main.c
1.9+13-27usr.sbin/rpki-client/nca.c
1.288+9-5usr.sbin/rpki-client/extern.h
+61-673 files

OpenBSD/src QHgVspUsys/kern sysv_msg.c

   Restore msgrcv(2) MSG_NOERROR/E2BIG error path. Silently truncate
   message is not a good idea.

   msgrcv(2) man page has E2BIG error description, no need for update.

   ok millert
VersionDeltaFile
1.47+8-6sys/kern/sysv_msg.c
+8-61 files

OpenBSD/ports 8ChMdDEarchivers/unrar Makefile distinfo

   archivers/unrar: update to 7.23

   Security fixes:
   * heap overflow when reconstructing data from RAR5 recovery volumes
   * a specially crafted RAR archive could create a symbolic link pointing
     outside of the intended destination folder during extraction
VersionDeltaFile
1.104+2-2archivers/unrar/Makefile
1.58+2-2archivers/unrar/distinfo
+4-42 files

OpenBSD/ports 5UV0yzEx11/tellico distinfo Makefile, x11/tellico/pkg PLIST

   Update tellico to 4.2.1
VersionDeltaFile
1.41+2-2x11/tellico/distinfo
1.107+1-1x11/tellico/Makefile
1.40+0-1x11/tellico/pkg/PLIST
+3-43 files

OpenBSD/ports U7z86zpmisc/open62541 distinfo Makefile

   update open62541 to 1.3.18
VersionDeltaFile
1.16+2-2misc/open62541/distinfo
1.38+1-2misc/open62541/Makefile
+3-42 files

OpenBSD/ports RZYqcguproductivity/homebank distinfo Makefile

   Update homebank to 5.10.2
VersionDeltaFile
1.61+2-2productivity/homebank/distinfo
1.83+1-1productivity/homebank/Makefile
+3-32 files

OpenBSD/ports KhmudTqnet/ruby-grpc Makefile distinfo, net/ruby-grpc/pkg PLIST

   Update ruby-grpc to 1.82.0
VersionDeltaFile
1.11+3-2net/ruby-grpc/Makefile
1.3+4-0net/ruby-grpc/pkg/PLIST
1.9+2-2net/ruby-grpc/distinfo
+9-43 files

OpenBSD/ports y2sFZDUnet/grpc Makefile distinfo, net/grpc/patches patch-CMakeLists_txt

   Update grpc to 1.82.0
VersionDeltaFile
1.21+11-11net/grpc/Makefile
1.15+2-2net/grpc/distinfo
1.11+1-1net/grpc/patches/patch-CMakeLists_txt
+14-143 files

OpenBSD/ports fsWh0Ejdevel/msp430/binutils/pkg DESCR, devel/xtensa-esp32-elf/binutils Makefile

   codespell fixes
VersionDeltaFile
1.2+1-1devel/msp430/binutils/pkg/DESCR
1.11+1-1devel/xtensa-esp32-elf/binutils/Makefile
1.2+1-1devel/xtensa-esp32-elf/binutils/pkg/DESCR
1.6+1-1devel/xtensa-esp32s2-elf/binutils/Makefile
1.2+1-1devel/xtensa-esp32s2-elf/binutils/pkg/DESCR
1.6+1-1devel/xtensa-esp32s3-elf/binutils/Makefile
+6-618 files not shown
+24-2024 files

OpenBSD/ports 1K53mm8devel/p5-Devel-Leak-Object/pkg DESCR, devel/p5-ExtUtils-CChecker/pkg DESCR

   fix DESCR issues found by codespell. some wider rewording in a few cases
   where the file was incomprehensible.
VersionDeltaFile
1.2+5-5net/p5-POE-Component-Jabber/pkg/DESCR
1.3+3-4net/p5-Socket6/pkg/DESCR
1.2+3-3net/p5-Net-Frame/pkg/DESCR
1.2+3-3devel/p5-Devel-Leak-Object/pkg/DESCR
1.2+2-2net/p5-Net-Inspect/pkg/DESCR
1.2+2-2devel/p5-ExtUtils-CChecker/pkg/DESCR
+18-1972 files not shown
+91-7678 files

OpenBSD/src wM0RwaSusr.sbin/rpki-client repo.c

   Don't remove other elements in a RB_FOREACH_SAFE walk since that is not safe.

   repo_move_valid() walks the tree with RB_FOREACH_SAFE() but it also calls
   RB_REMOVE() via filepath_put() on an other element in a case where a
   conflict is resolved. This results in a use-after-free if that element is
   the next one in the tree (nfp). Instead of removing the present
   conflicting node (ofp), replace the contents of it, free fp and swap fp
   with ofp.

   With and OK tb@
VersionDeltaFile
1.90+16-12usr.sbin/rpki-client/repo.c
+16-121 files

OpenBSD/src GI4Xkgcusr.sbin/rpki-client repo.c

   Remove no longer needed cast for the free argument.

   From tb@
VersionDeltaFile
1.89+2-2usr.sbin/rpki-client/repo.c
+2-21 files

OpenBSD/ports U6k8yqpdevel/py-bencode/pkg DESCR, devel/py-suds Makefile

   fix issues found by codespell
VersionDeltaFile
1.2+3-3devel/py-suds/pkg/DESCR
1.2+2-2devel/py-bencode/pkg/DESCR
1.15+1-1devel/py-suds/Makefile
1.4+1-1textproc/py-patiencediff/pkg/DESCR
1.28+1-1textproc/py-stemmer/Makefile
1.2+1-1textproc/py-stemmer/pkg/DESCR
+9-928 files not shown
+37-2734 files

OpenBSD/ports C1odT60graphics/p5-Imager distinfo Makefile

   update p5-Imager to 1.033
   CVE-2026-14454
VersionDeltaFile
1.21+2-2graphics/p5-Imager/distinfo
1.57+1-1graphics/p5-Imager/Makefile
+3-32 files

OpenBSD/ports Bf1UnSFdevel/kf5/kfilemetadata Makefile, devel/kf5/kfilemetadata/pkg DESCR-main

   codespell fixes
VersionDeltaFile
1.2+1-1devel/kf5/kfilemetadata/pkg/DESCR-main
1.10+1-1mail/notmuch/Makefile
1.2+1-1mail/notmuch/pkg/DESCR-main
1.2+1-1net/libmaxminddb/pkg/DESCR-main
1.2+1-1telephony/kamailio/pkg/DESCR-main
1.28+1-1devel/kf5/kfilemetadata/Makefile
+6-66 files not shown
+12-912 files

OpenBSD/ports t1VflN3mail/postfix/stable35 distinfo Makefile

   MFC update to postfix-3.5.26
VersionDeltaFile
1.4.10.2+2-2mail/postfix/stable35/distinfo
1.11.2.2+1-2mail/postfix/stable35/Makefile
+3-42 files

OpenBSD/ports rcQZLYumail/postfix/stable distinfo Makefile

   MFC update to postfix-3.11.5
VersionDeltaFile
1.164.2.3+2-2mail/postfix/stable/distinfo
1.281.2.4+1-1mail/postfix/stable/Makefile
+3-32 files

OpenBSD/ports zVRwbLfmail/postfix/stable35 distinfo Makefile

   update to postfix-3.5.26, ok brad
VersionDeltaFile
1.6+2-2mail/postfix/stable35/distinfo
1.13+1-2mail/postfix/stable35/Makefile
+3-42 files

OpenBSD/ports XzG4vkImail/postfix/stable distinfo Makefile

   update to postfix-3.11.5, ok brad
VersionDeltaFile
1.167+2-2mail/postfix/stable/distinfo
1.285+1-1mail/postfix/stable/Makefile
+3-32 files

OpenBSD/ports xpvO5UNwww/chromium distinfo Makefile, www/chromium/patches patch-chrome_browser_download_chrome_download_manager_delegate_cc patch-services_device_hid_hid_service_freebsd_cc

   update to 150.0.7871.100
VersionDeltaFile
1.481+4-4www/chromium/distinfo
1.96+3-3www/chromium/patches/patch-chrome_browser_download_chrome_download_manager_delegate_cc
1.7+1-2www/chromium/patches/patch-services_device_hid_hid_service_freebsd_cc
1.916+2-1www/chromium/Makefile
+10-104 files

OpenBSD/ports LKdZsFDtextproc/p5-String-Util distinfo Makefile

   update p5-String-Util to 1.36
   CVE-2026-14895
VersionDeltaFile
1.3+2-2textproc/p5-String-Util/distinfo
1.3+2-1textproc/p5-String-Util/Makefile
+4-32 files

OpenBSD/ports RKECpvlaudio/cuetools/pkg DESCR, benchmarks/fs_mark Makefile

   fix some issues in DESCR found by codespell
VersionDeltaFile
1.4+11-12comms/py-dmr_utils3/Makefile
1.2+8-7benchmarks/librespeed-cli/Makefile
1.40+6-6databases/py-puppetdb/Makefile
1.2+3-3audio/cuetools/pkg/DESCR
1.8+4-1benchmarks/fs_mark/Makefile
1.2+2-2comms/py-dmr_utils3/pkg/DESCR
+34-3134 files not shown
+75-6240 files

OpenBSD/ports 28GxhUSdevel/codex distinfo crates.inc, devel/codex/patches patch-codex-rs_Cargo_toml patch-codex-rs_core_src_config_mod_rs

   devel/codex: update to 0.143.0
VersionDeltaFile
1.34+16-14devel/codex/distinfo
1.23+7-6devel/codex/crates.inc
1.29+4-4devel/codex/patches/patch-codex-rs_Cargo_toml
1.31+1-1devel/codex/patches/patch-codex-rs_core_src_config_mod_rs
1.34+1-1devel/codex/Makefile
+29-265 files