BSD Commit Log Search

   frag6_input(): must always decrement counter when dropping fragment

   Currently frag6_input() does not decrement counter in one case:
   - it is processing fragment with offset 0 which arrives after
   the last fragment (fragment with max. offset)
   - there are more IPv6 extension headers between IPv6 header
   and IPv6 fragment header
   - re-assembled packet exceeds IPV6_MAXPACKET size limit

   if conditions above are met, then fragment gets dropped without
   decrementing counters. This commit fixes that.

   The issue was pointed out by Frank Denis.

   OK bluhm@

   wayland/mango: Update to 0.12.9
   + take MAINTAINER

   ok landry@

   audio/pulseaudio: Fix build with llvm 22. ok aja@

   net/slurm: drop pre-configure target, we dont patch the manpage so no point in running SUBST_CMD on it

   net/slurm: update to 0.4.4 from MAINTAINER Ryan Freeman

   point at a fork that includes patches/fixes,
   cf https://github.com/mattthias/slurm/pull/53

   Update to gnome-connections-50.0.

   Update to samba-4.24.2

   Changes: https://www.samba.org/samba/history/samba-4.24.2.html

   Feedback sthen@

   Test and OK Ian McWilliam (co-maintainer)

   Update to gnome-contacts-50.0.

   Update to librsvg-2.62.2.

   Update to gnome-user-docs-50.0.

   Update to hurl 8.0.1.

   correct mdoc macro ordering

   remove tab at end of line

   Insist on opening only regular files. (On OpenBSD, the directory
   case is handled by the kernel, but I want to stop other weird stuff)
   ok millert, dgl

   Update to miniflux-2.2.19

   From Igor Zornik (maintainer)

   Make __pledge_open(2) of /etc/localtime and /usr/share/zoneinfo much
   more strict.  If /etc/localtime is a symbolic link, allow one translation
   which must land cleanly in /usr/share/zoneinfo (.. is checked for) otherwise
   error with EACCES.  In /usr/share/zoneinfo, do not allow symbolic links and
   error with ELOOP.
   Alfredo Ortega observed the non-strict handling, but agrees no specific
   exploitability exists.  Changing this took almost a month with many
   discarded prototypes.
   ok beck dgl

   Fails to build on sparc64 with "initializer element is not constant"

   Move to ports-gcc on base-gcc arches to fix build on sparc64

   Fails with error "Missing case for HWY_ARCH_*"

   Mark BROKEN-sparc64

   Update to ruby-prof 2.0.4

   Update to Ruby 4.0.4

   Add a patch to remove non-ASCII characters that break the rdoc generation.

   If the main process receives an oversized passwd or group entry message from
   the ldap client process, discard it rather than overflowing the struct
   idm_req on the stack.

   Pointed out by Frank Denis
   ok claudio@

   Update broot to 1.56.4.

   Update libsixel to 1.8.7pl2.

   This provides security fixes for CVE-2026-33023, CVE-2026-33018,
   CVE-2026-33019, CVE-2026-33020, and CVE-2026-33021.

   Update syncterm to 1.8.

   Update miller to 6.18.1.

   Update feh to 3.12.2.

   Tor Browser: sync from firefox-esr: make ffmpeg a RUN_DEPENDS

   Update to openjph-0.27.3.

   Update to google-cloud-sdk-568.0.0.

   Rework the re-evaluation of a prefix if PREFIX_FLAG_FILTERED changed.

   The fix committed in rev 1.291 is not quite right. The problem is that
   prefix_evaluate() uses prefix_best() which calls prefix_eligible().
   It is wrong to alter the eligible state of a prefix while it is still
   on the rib list.

   Instead remove the prefix first, toggle the state, then readd it again.
   Even though prefix_evaluate() is called twice the code complexity is
   about the same since the 2 calls only do half the work.

   OK tb@