OpenBSD/src kICSYojsys/net pf.c pf_ioctl.c

   start moving some global pf counters to per cpu counters.

   this moves the pfctl_status.fcounters, which includes the state
   search counter which is bumped every time the state table is searched.

   the places that get a copy of these counters now have to read the
   per cpu counters and fold them into a struct pf_status rather than
   just copy the global now.

   ok sashan@
VersionDeltaFile
1.1220+45-6sys/net/pf.c
1.427+6-27sys/net/pf_ioctl.c
1.40+5-1sys/net/pfvar_priv.h
+56-343 files

OpenBSD/src ysF5Ye7sys/arch/amd64/stand/efiboot efidev.c efidev.h

   add support for loading files (kernels) from the efi system partition.

   this means you can put the openbsd boot loader and bsd.rd on the
   efi boot partition and run the installer that way. this is a port
   of the same code i got working on arm64.

   ok jmatthew@
VersionDeltaFile
1.44+207-1sys/arch/amd64/stand/efiboot/efidev.c
1.5+14-1sys/arch/amd64/stand/efiboot/efidev.h
1.47+4-1sys/arch/amd64/stand/efiboot/conf.c
+225-33 files

OpenBSD/ports sNZMYJzlang/binaryen distinfo Makefile, lang/binaryen/patches patch-CMakeLists_txt

   Update binaryen to 125.
VersionDeltaFile
1.17+2-2lang/binaryen/distinfo
1.18+1-1lang/binaryen/Makefile
1.11+1-1lang/binaryen/patches/patch-CMakeLists_txt
+4-43 files

OpenBSD/ports SqPRIhXgraphics/p5-Image-ExifTool distinfo Makefile

   Update p5-Image-ExifTool to 13.42.
VersionDeltaFile
1.86+2-2graphics/p5-Image-ExifTool/distinfo
1.95+1-1graphics/p5-Image-ExifTool/Makefile
+3-32 files

OpenBSD/ports wPDoEZ0net Makefile

   +gblc
VersionDeltaFile
1.1442+1-0net/Makefile
+1-01 files

OpenBSD/ports QonE3bTnet/gblc Makefile distinfo, net/gblc/patches patch-src_gblv4_h patch-src_gblv4_c

   Initial revision
VersionDeltaFile
1.1+36-0net/gblc/patches/patch-src_gblv4_h
1.1+28-0net/gblc/patches/patch-src_gblv4_c
1.1+20-0net/gblc/patches/patch-src_helper_c
1.1+20-0net/gblc/Makefile
1.1+3-0net/gblc/pkg/DESCR
1.1+2-0net/gblc/distinfo
+109-08 files not shown
+110-014 files

OpenBSD/ports 3hHpg7vmultimedia Makefile

   + dms
VersionDeltaFile
1.168+1-0multimedia/Makefile
+1-01 files

OpenBSD/ports VtTrwpNmultimedia/dms distinfo Makefile, multimedia/dms/pkg DESCR dms.rc

   Initial revision
VersionDeltaFile
1.1+120-0multimedia/dms/distinfo
1.1+36-0multimedia/dms/Makefile
1.1+35-0multimedia/dms/modules.inc
1.1+17-0multimedia/dms/pkg/DESCR
1.1+14-0multimedia/dms/pkg/dms.rc
1.1+4-0multimedia/dms/pkg/PLIST
+226-06 files not shown
+226-012 files

OpenBSD/src 1sU0o9Osys/netinet6 nd6.c

   Ignore any iterator when traversing nd6 list.

   nd6_rtrequest() could crash with a NULL pointer dereference if an
   interator in nd6_list was inspected.  Skip freeing neigbor discovery
   entries and optimization in this unlikely case and try again later.

   reported by Mischa and Anton Kasimov; OK mvs@

   this is errata/7.8/011_nd6.patch.sig
VersionDeltaFile
1.303.2.1+4-1sys/netinet6/nd6.c
+4-11 files

OpenBSD/ports 9rUXp8Vinfrastructure/db user.list

   recycle _heartbeat (gone since 2016) as _dms for multimedia/dms;  OK caspar
VersionDeltaFile
1.476+2-2infrastructure/db/user.list
+2-21 files

OpenBSD/src 97H3oFisbin/unwind/libunbound/iterator iter_scrub.c, usr.sbin/unbound/iterator iter_scrub.c

   Fix incomplete mitigation of CVE-2025-11411 in unbound and unwind.
   https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff

   This extends the previous fix by also scrubbing unsolicited NS RRSets (and
   their respective address records) for YXDOMAIN and nodata non-referral answers.

   from sthen@ florian@

   this is errata/7.8/010_unbound.patch.sig
VersionDeltaFile
1.8.2.2+35-4sbin/unwind/libunbound/iterator/iter_scrub.c
1.17.2.2+35-4usr.sbin/unbound/iterator/iter_scrub.c
+70-82 files

OpenBSD/src 5PP0t60sbin/unwind/libunbound/iterator iter_scrub.c, usr.sbin/unbound/iterator iter_scrub.c

   Fix incomplete mitigation of CVE-2025-11411 in unbound and unwind.
   https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff

   This extends the previous fix by also scrubbing unsolicited NS RRSets (and
   their respective address records) for YXDOMAIN and nodata non-referral answers.

   from sthen@ florian@

   this is errata/7.7/017_unbound.patch.sig
VersionDeltaFile
1.8.4.2+35-4sbin/unwind/libunbound/iterator/iter_scrub.c
1.17.4.2+35-4usr.sbin/unbound/iterator/iter_scrub.c
+70-82 files

OpenBSD/xenocara 1kXf35Ilib/libpng pngread.c pngrtran.c

   Backport fixes from png 1.6.51.
   CVE-2025-64505 CVE-2025-64506 CVE-2025-64720 CVE-2025-65018

   from matthieu@

   this is errata/7.8/008_libpng.patch.sig
VersionDeltaFile
1.1.1.1.2.1+75-0lib/libpng/pngread.c
1.1.1.1.2.1+57-15lib/libpng/pngrtran.c
1.1.1.1.2.1+1-2lib/libpng/pngwrite.c
+133-173 files

OpenBSD/src NVEpvXYsys/dev/pci/drm drm_linux.c

   Fix drm code to avoid spurious tsleep errors leading to crashes

   __set_current_state() reimplements parts of sleep_finish() but forgot
   to clear P_SINTR.  Later another tsleep->sleep_finish() call could
   pick up the flag and erroneously return ERESTART early, leading to
   crashes in unsuspecting code using tsleep(0, INFSLP).

   Issue experienced by Piotr Isajew using iridium on 7.8 and myself
   using firefox.

   from jca; ok claudio@ mpi@ and most likely kettenis@

   this is errata/7.8/007_drm.patch.sig
VersionDeltaFile
1.126.2.1+2-2sys/dev/pci/drm/drm_linux.c
+2-21 files

OpenBSD/src A2G0QS6sys/dev/pci/drm drm_linux.c

   Fix drm code to avoid spurious tsleep errors leading to crashes

   __set_current_state() reimplements parts of sleep_finish() but forgot
   to clear P_SINTR.  Later another tsleep->sleep_finish() call could
   pick up the flag and erroneously return ERESTART early, leading to
   crashes in unsuspecting code using tsleep(0, INFSLP).

   Issue experienced by Piotr Isajew using iridium on 7.8 and myself
   using firefox.

   from jca; ok claudio@ mpi@ and most likely kettenis@

   this is errata/7.7/015_drm.patch.sig
VersionDeltaFile
1.122.4.1+2-2sys/dev/pci/drm/drm_linux.c
+2-21 files

OpenBSD/ports rOZF6Ztx11/gnome/gdm Makefile, x11/gnome/gdm/files Xsession

   add LOGIN_SETXDGENV to setusercontex(3) and pass on XDG_RUNTIME_DIR to the session
VersionDeltaFile
1.28+13-543x11/gnome/gdm/patches/patch-daemon_gdm-session-worker_c
1.7+0-6x11/gnome/gdm/files/Xsession
1.356+1-1x11/gnome/gdm/Makefile
+14-5503 files

OpenBSD/ports 2NKVZlygraphics/pecl-imagick distinfo Makefile

   update to pecl-imagick-3.8.1
VersionDeltaFile
1.14+2-2graphics/pecl-imagick/distinfo
1.57+1-2graphics/pecl-imagick/Makefile
+3-42 files

OpenBSD/ports SS0ZG3Zwww/qutebrowser distinfo Makefile

   update to qutebrowser-3.6.2
VersionDeltaFile
1.36+2-2www/qutebrowser/distinfo
1.67+1-1www/qutebrowser/Makefile
+3-32 files

OpenBSD/ports 3MBJDUCsysutils/py-mitogen distinfo Makefile

   update to py3-mitogen-0.3.34
VersionDeltaFile
1.16+2-2sysutils/py-mitogen/distinfo
1.20+1-1sysutils/py-mitogen/Makefile
+3-32 files

OpenBSD/ports 3ouqPHEdevel/ccache distinfo Makefile

   update to ccache-4.12.2
VersionDeltaFile
1.75+2-2devel/ccache/distinfo
1.105+1-1devel/ccache/Makefile
+3-32 files

OpenBSD/ports HFtf5j3sysutils/borgmatic distinfo Makefile

   update to borgmatic-2.0.12
VersionDeltaFile
1.80+2-2sysutils/borgmatic/distinfo
1.99+1-1sysutils/borgmatic/Makefile
+3-32 files

OpenBSD/ports wHM0ASzdevel/py-hatchling distinfo Makefile

   update to py3-hatchling-1.28.0
VersionDeltaFile
1.24+2-2devel/py-hatchling/distinfo
1.33+1-1devel/py-hatchling/Makefile
+3-32 files

OpenBSD/ports dZ4EsPvdevel/py-types-psutil distinfo Makefile, devel/py-types-psutil/pkg PLIST

   update to py3-types-psutil-7.1.3.20251128
VersionDeltaFile
1.9+2-2devel/py-types-psutil/distinfo
1.4+3-1devel/py-types-psutil/pkg/PLIST
1.11+1-1devel/py-types-psutil/Makefile
+6-43 files

OpenBSD/ports CzjDhMjtextproc/py-mdown-extensions distinfo Makefile

   update to py3-mdown-extensions-10.17.2
VersionDeltaFile
1.8+2-2textproc/py-mdown-extensions/distinfo
1.9+1-1textproc/py-mdown-extensions/Makefile
+3-32 files

OpenBSD/ports fL5TIu4www/fcgi distinfo Makefile

   update to fcgi-2.4.7, CVE-2025-23016
VersionDeltaFile
1.8.2.1+2-2www/fcgi/distinfo
1.41.2.1+1-2www/fcgi/Makefile
+3-42 files

OpenBSD/ports fumW1aywww/fcgi distinfo Makefile

   update to fcgi-2.4.7, CVE-2025-23016, fixes integer overflow (and
   resultant heap-based buffer overflow) via crafted nameLen or valueLen
   values in data to the IPC socket, in fcgiapp.c:ReadParams()
VersionDeltaFile
1.9+2-2www/fcgi/distinfo
1.42+1-2www/fcgi/Makefile
+3-42 files

OpenBSD/ports k3CYux3astro/py-sgp4 Makefile

   actually previous COMPILER setting was ok, so revert to that, if
   COMPILER is set _before_ bsd.port.mk is included, COMPILER_LANGS is set
   to c c++, and 3/python.port.mk doesn't override it.
VersionDeltaFile
1.14+1-1astro/py-sgp4/Makefile
+1-11 files

OpenBSD/ports 3NlphO0astro/py-sgp4 Makefile distinfo

   update to py3-sgp4-2.25
   add "COMPILER_LANGS=c c++" as recent lang/3/python.port.mk dropped c++
VersionDeltaFile
1.13+2-3astro/py-sgp4/Makefile
1.6+2-2astro/py-sgp4/distinfo
+4-52 files

OpenBSD/ports fp78UHishells/bash distinfo Makefile

   shells/bash: update to 5.3 patchlevel 8
VersionDeltaFile
1.88+10-0shells/bash/distinfo
1.144+2-2shells/bash/Makefile
+12-22 files

OpenBSD/src ZFmTelUusr.sbin/httpd server_http.c parse.y

   Add "no banner" option to suppress Server header

   Introduces a global and per-server "[no] banner" directive that prevents httpd
   from sending the Server HTTP response header and removes server identification
   from error documents. The SERVER_SOFTWARE CGI environment variable remains set
   as required by RFC 3875.

   Diff by Lloyd (thanks), ok kirill@
VersionDeltaFile
1.156+37-10usr.sbin/httpd/server_http.c
1.130+26-2usr.sbin/httpd/parse.y
1.128+25-2usr.sbin/httpd/httpd.conf.5
1.98+8-4usr.sbin/httpd/server_fcgi.c
1.167+3-2usr.sbin/httpd/httpd.h
1.67+3-1usr.sbin/httpd/config.c
+102-216 files