fix sun2 build with MKDEBUG=yes, and MKLINT=yes:
- libgcc_eh_g.a, libgcc_s_g.a need to be marked as pic only builds
- llibipsec.ln libipsec_g.a need to be marked as ipsec only builds
- libnpf_g.a needs to be marked as npf only build
Re-factor the virt68k mm_md_physacc() into mm_md_physacc_regular(),
which is a common implementation that uses phys_seg_list[] to verify
the offset is in regular physical memory.
Add a mm_md_physacc() alias to mm_md_physacc_regular(), which makes it
the standard implementation for m68k platforms. If a platform wishes
to provide additional access beyond what phys_seg_list[] describes
(hp300 and x68k fall into this category), they merely need to provide
a mm_md_physacc() that adds their own filtering in addition to what
mm_md_physacc_regular() provides.
Remove several copies of mm_md_physacc() which were obviously just blind
copies of the hp300 version and incorrect for the platforms that copied
it (the hp300 has an oddball memory layout).
Import xz-5.8.3 (previous was 5.2.4)
5.8.3 (2026-03-31)
* liblzma:
- Fix a buffer overflow in lzma_index_append(): If
lzma_index_decoder() was used to decode an Index that
contained no Records, the resulting lzma_index was left in
a state where where a subsequent lzma_index_append() would
allocate too little memory, and a buffer overflow would occur.
The lzma_index functions are rarely used by applications
directly. In the few applications that do use these functions,
the combination of function calls required to trigger this bug
are unlikely to exist, because there typically is no reason to
append Records to a decoded lzma_index. Thus, it's likely that
this bug cannot be triggered in any real-world application.
[37 lines not shown]
Import OpenSSH-10.3 (previous was 10.2)
OpenSSH 10.3 was released on 2026-04-02. It is available from the
mirrors listed at https://www.openssh.com/.
OpenSSH is a 100% complete SSH protocol 2.0 implementation and
includes sftp client and server support.
Once again, we would like to thank the OpenSSH community for their
continued support of the project, especially those who contributed
code or patches, reported bugs, tested snapshots or donated to the
project. More information on donations may be found at:
https://www.openssh.com/donations.html
Potentially-incompatible changes
--------------------------------
* ssh(1), sshd(8): remove bug compatibility for implementations
that don't support rekeying. If such an implementation tries to
interoperate with OpenSSH, it will now eventually fail when the
[288 lines not shown]
Import OpenSSL-3.5.6 (previous was 3.5.5)
### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
* Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
Severity: Moderate
Issue summary: Applications using RSASVE key encapsulation to establish
a secret encryption key can send contents of an uninitialized memory buffer
to a malicious peer.
Impact summary: The uninitialized buffer might contain sensitive data
from the previous execution of the application process which leads
to sensitive data leakage to an attacker.
Reported by: Simo Sorce (Red Hat).
([CVE-2026-31790])
[126 lines not shown]
Fix https://sourceware.org/bugzilla/show_bug.cgi?id=34033
- Deprecate loc_ntoa because it does not specify the size of the destination
buffer and replace it with loc_ntoa1
- Replace sprintf(3) with snprintf(3), checking for string overflow.
This removes all sprintf(3) uses in libc, except in compat/net/compat_ns_ntoa.c
Thanks to phone@ for reviewing and Florian Weimer for notifying us.
bsd.own.mk: sort various lists and expressions
Sort various lists of variables.
(Manually) sort various .if expressions on platform name.
Should be no functional change, but easier to cross-check mk.conf(5).
