OpenBSD/ports cnERO5Cdatabases/postgresql distinfo Makefile, databases/postgresql/pkg PLIST-docs

by jeremy on ⎇
   Update to PostgreSQL 18.4

   Fixes:

   * CVE-2026-6472: PostgreSQL CREATE TYPE does not check multirange schema
     CREATE privilege
   * CVE-2026-6473: PostgreSQL server undersizes allocations, via integer
     wraparound
   * CVE-2026-6474: PostgreSQL timeofday() can disclose portions of server
     memory
   * CVE-2026-6475: PostgreSQL pg_basebackup and pg_rewind can overwrite
     unrelated files of origin superuser choice
   * CVE-2026-6476: PostgreSQL pg_createsubscriber allows SQL injection via
     subscription name
   * CVE-2026-6477: PostgreSQL libpq lo_* functions let server superuser
     overwrite client stack
   * CVE-2026-6478: PostgreSQL discloses MD5-hashed passwords via covert
     timing channel
   * CVE-2026-6479: PostgreSQL SSL/GSS init causes denial of service, via

    [9 lines not shown]
VersionDeltaFile
1.110+2-2databases/postgresql/distinfo
1.319+1-1databases/postgresql/Makefile
1.123+1-0databases/postgresql/pkg/PLIST-docs
+4-33 files

OpenBSD/src PkM3djWsys/dev kstat.c

by daniel on ⎇
   repair one more prototype for a pseudo-device attach function

   ok jsg@
VersionDeltaFile
1.6+2-3sys/dev/kstat.c
+2-31 files

OpenBSD/src iI0URFHsys/net80211 ieee80211_node.c

by kirill on ⎇
   sys/net80211: fix use-after-free in ieee80211_add_ess()

   From Andrew Griffiths
VersionDeltaFile
1.216+5-3sys/net80211/ieee80211_node.c
+5-31 files

OpenBSD/src fGA3cFwsys/net80211 ieee80211_input.c

by kirill on ⎇
   sys/net80211: fix mbuf leak in ieee80211_amsdu_decap()

   From Andrew Griffiths

   OK: stsp@
VersionDeltaFile
1.262+2-1sys/net80211/ieee80211_input.c
+2-11 files

OpenBSD/src xDLX8A2sys/net80211 ieee80211_pae_input.c

by kirill on ⎇
   net80211: fix integer underflow in EAPOL-Key Data length validation

   From Andrew Griffiths

   OK: stsp@
VersionDeltaFile
1.39+3-2sys/net80211/ieee80211_pae_input.c
+3-21 files

OpenBSD/ports GmngJ3cx11/gnome/at-spi2-core distinfo Makefile

by ajacoutot on ⎇
   Update to at-spi2-core-2.60.4.
VersionDeltaFile
1.73+2-2x11/gnome/at-spi2-core/distinfo
1.100+2-2x11/gnome/at-spi2-core/Makefile
+4-42 files

OpenBSD/ports 8G5USIgnet/gupnp/av Makefile distinfo

by ajacoutot on ⎇
   Update to gupnp-av-0.14.5.
VersionDeltaFile
1.43+2-3net/gupnp/av/Makefile
1.21+2-2net/gupnp/av/distinfo
+4-52 files

OpenBSD/ports zG6abKdnet/gupnp/core Makefile distinfo

by ajacoutot on ⎇
   Update to gupnp-1.6.10.
VersionDeltaFile
1.86+2-2net/gupnp/core/Makefile
1.49+2-2net/gupnp/core/distinfo
+4-42 files

OpenBSD/ports TK0mUAux11/gnome/user-docs distinfo Makefile

by ajacoutot on ⎇
   Update to gnome-user-docs-50.2.
VersionDeltaFile
1.83+2-2x11/gnome/user-docs/distinfo
1.103+1-1x11/gnome/user-docs/Makefile
+3-32 files

OpenBSD/ports yEUYhmonet/gssdp Makefile distinfo

by ajacoutot on ⎇
   Update to gssdp-1.6.5.
VersionDeltaFile
1.61+2-2net/gssdp/Makefile
1.36+2-2net/gssdp/distinfo
+4-42 files

OpenBSD/ports YbXLciDx11/gnome/quadrapassel distinfo Makefile, x11/gnome/quadrapassel/patches patch-src_quadrapassel_vala

by ajacoutot on ⎇
   Update to quadrapassel-50.2.
VersionDeltaFile
1.9+6-6x11/gnome/quadrapassel/patches/patch-src_quadrapassel_vala
1.22+2-2x11/gnome/quadrapassel/distinfo
1.40+1-1x11/gnome/quadrapassel/Makefile
1.17+1-0x11/gnome/quadrapassel/pkg/PLIST
+10-94 files

OpenBSD/src nXb2GvQetc/etc.amd64 login.conf, etc/etc.arm64 login.conf

by tb on ⎇
   bump datasize of the build user to 2.5G on 64-bit arches

   The tight limit of 2176M for other 64-bit architectures was not enough for
   sparc64. On 64-bit systems we can afford to be a bit more generous.
   login.conf merges are always a bit fiddly.

   ok jca sthen
VersionDeltaFile
1.29+3-3etc/etc.amd64/login.conf
1.21+3-3etc/etc.arm64/login.conf
1.12+3-3etc/etc.powerpc64/login.conf
1.26+3-3etc/etc.sparc64/login.conf
+12-124 files

OpenBSD/src z8bcoQketc/etc.riscv64 login.conf

by tb on ⎇
   llvm-tblgen with llvm22 on riscv64 requires 3072M

   from jca
VersionDeltaFile
1.12+3-3etc/etc.riscv64/login.conf
+3-31 files

OpenBSD/ports LyKmEBGnet/haproxy distinfo Makefile

by lucas on ⎇
   MFC: net/haproxy: update to 3.2.19

   Changes:
   https://www.haproxy.org/download/3.2/src/CHANGELOG

   from Mark Patruck
VersionDeltaFile
1.93.2.1+2-2net/haproxy/distinfo
1.134.2.1+1-1net/haproxy/Makefile
+3-32 files

OpenBSD/ports IN6Jhiodevel/kf6/kcalendarcore Makefile

by rsadowski on ⎇
   Add a bunch of new py-* build depends

   As Pyside is a dependency, additional Python components such as build, wheel
   and setuptools are required to compile it

   Spotted by aja, naddy, thanks! (It took me a while to figure it out)
VersionDeltaFile
1.8+4-1devel/kf6/kcalendarcore/Makefile
+4-11 files

OpenBSD/ports V7eeaJinet/prosody distinfo Makefile, net/prosody/patches patch-util_prosodyctl_lua patch-util-src_pposix_c

by lucas on ⎇
   MFC: net/prosody: update to 13.0.5

   Changes:
   https://blog.prosody.im/prosody-13.0.5-released/

   Proded by lissine ellini.org, thanks!
VersionDeltaFile
1.9.6.1+2-2net/prosody/patches/patch-util_prosodyctl_lua
1.34.2.1+2-2net/prosody/distinfo
1.4.6.1+2-2net/prosody/patches/patch-util-src_pposix_c
1.3.2.1+1-1net/prosody/patches/patch-util_startup_lua
1.82.2.1+1-1net/prosody/Makefile
+8-85 files

OpenBSD/ports GqxJZxknet/prosody distinfo Makefile, net/prosody/patches patch-util-src_pposix_c patch-util_prosodyctl_lua

by lucas on ⎇
   net/prosody: update to 13.0.5

   Changes:
   https://blog.prosody.im/prosody-13.0.5-released/

   Proded by lissine ellini.org, thanks!
VersionDeltaFile
1.35+2-2net/prosody/distinfo
1.5+2-2net/prosody/patches/patch-util-src_pposix_c
1.10+2-2net/prosody/patches/patch-util_prosodyctl_lua
1.83+1-1net/prosody/Makefile
1.4+1-1net/prosody/patches/patch-util_startup_lua
+8-85 files

OpenBSD/ports Nfvl1TKnet/telemt distinfo Makefile

by kn on ⎇
   update to telemt 3.4.12
VersionDeltaFile
1.6+4-4net/telemt/distinfo
1.7+1-1net/telemt/Makefile
1.6+1-1net/telemt/crates.inc
+6-63 files

OpenBSD/src BCe2TLnsys/dev/fdt qciic_fdt.c

by mglocker on ⎇
   Fix missing 'compatible' string NUL termination in case the compatible
   string is => 32 bytes, which caused an out-of-bounds read later on in
   the code path:

   - Mimic apliic(4), which uses malloc instead of a fix-width array for
   the compatible string.
   - Also set 'ia_namelen', which should enable parsing of a secondary
   compatible string, if it exists.

   ok jca@
VersionDeltaFile
1.4+18-12sys/dev/fdt/qciic_fdt.c
+18-121 files

OpenBSD/ports fUBYRQ2net/filezilla/patches patch-src_putty_sshaes_c

by bket on ⎇
   net/filezilla - unbreak building with nettle >=4

   It would not build, so no need for a REVISION bump.
VersionDeltaFile
1.1+37-0net/filezilla/patches/patch-src_putty_sshaes_c
+37-01 files

OpenBSD/src jt18uDQusr.bin/tmux window.c layout-custom.c

by nicm on ⎇
   Do not crash when freeing layout cell, reported by Jere Viikari.
VersionDeltaFile
1.322+3-5usr.bin/tmux/window.c
1.30+2-3usr.bin/tmux/layout-custom.c
1.58+4-1usr.bin/tmux/layout.c
1.120+2-2usr.bin/tmux/screen-redraw.c
+11-114 files

OpenBSD/ports 4A0upZjdevel/quirks/files Quirks.pm, x11 Makefile

by matthieu on ⎇
   Remove x11/XawMu, an Athena Widgets clone which is not maintained
   anymore, breaks with llvm22  and is not used in the ports tree.
   ok jca@
VersionDeltaFile
1.1805+2-1devel/quirks/files/Quirks.pm
1.800+0-1x11/Makefile
1.21+0-0x11/XawMu/Makefile
1.5+0-0x11/XawMu/distinfo
1.3+0-0x11/XawMu/patches/patch-X11_XawM_List_c
1.3+0-0x11/XawMu/patches/patch-X11_XawM_MultiSink_c
+2-24 files not shown
+2-210 files

OpenBSD/ports t4dFlNUx11/kde-applications/minuet Makefile

by rsadowski on ⎇
   Add build/run dependency devel/kf6/qqc2-desktop-style


   Spotted by aja
VersionDeltaFile
1.19+5-3x11/kde-applications/minuet/Makefile
+5-31 files

OpenBSD/ports kdRIZ2Cgraphics/krita Makefile

by rsadowski on ⎇
   Add missing build dependency on devel/xsimd

   By aja
VersionDeltaFile
1.92+1-0graphics/krita/Makefile
+1-01 files

OpenBSD/ports o0StSMdx11/kde-applications Makefile, x11/kde-applications/kf6-libkcompactdisc/patches patch-CMakeLists_txt patch-src_wmlib_include_wm_config_h

by rsadowski on ⎇
   Remove kf6-libkcompactdisc
VersionDeltaFile
1.109+0-1x11/kde-applications/Makefile
1.3+0-0x11/kde-applications/kf6-libkcompactdisc/patches/patch-CMakeLists_txt
1.2+0-0x11/kde-applications/kf6-libkcompactdisc/patches/patch-src_wmlib_include_wm_config_h
1.2+0-0x11/kde-applications/kf6-libkcompactdisc/patches/patch-src_wmlib_plat_openbsd_c
1.2+0-0x11/kde-applications/kf6-libkcompactdisc/pkg/DESCR
1.4+0-0x11/kde-applications/kf6-libkcompactdisc/pkg/PLIST
+0-13 files not shown
+0-19 files

OpenBSD/ports mQT4UCrdevel/quirks Makefile, devel/quirks/files Quirks.pm

by rsadowski on ⎇
   Add kf6-libkcompactdisc removal
VersionDeltaFile
1.1804+2-1devel/quirks/files/Quirks.pm
1.1792+1-1devel/quirks/Makefile
+3-22 files

OpenBSD/src PLAXEXIsys/nfs nfs_debug.c

by kirill on ⎇
   sys/nfs_debug: fixed a typo which brokes show nfsreq /f

   OK: deraadt@
VersionDeltaFile
1.8+2-2sys/nfs/nfs_debug.c
+2-21 files

OpenBSD/ports 1kaJ2ehnet/magic-wormhole distinfo Makefile, net/magic-wormhole/pkg PLIST

by kn on ⎇
   update to magic-wormhole 0.24.0
VersionDeltaFile
1.16+8-8net/magic-wormhole/pkg/PLIST
1.13+2-2net/magic-wormhole/distinfo
1.25+1-1net/magic-wormhole/Makefile
+11-113 files

OpenBSD/ports fmH3N90devel/microsoft-gsl Makefile distinfo

by kn on ⎇
   update to microsoft-gsl 4.2.2
VersionDeltaFile
1.14+3-6devel/microsoft-gsl/Makefile
1.7+2-2devel/microsoft-gsl/distinfo
+5-82 files

OpenBSD/ports e0YlYiKarchivers/py-zipstream-ng Makefile distinfo, archivers/py-zipstream-ng/pkg PLIST

by kn on ⎇
   update to py-zipstream-ng 1.9.2
VersionDeltaFile
1.8+2-3archivers/py-zipstream-ng/Makefile
1.4+2-2archivers/py-zipstream-ng/distinfo
1.6+0-4archivers/py-zipstream-ng/pkg/PLIST
+4-93 files