OpenBSD/ports 6bCQvHAtextproc Makefile

   +chroma-syntax-highlighter
VersionDeltaFile
1.867+1-0textproc/Makefile
+1-01 files

OpenBSD/ports EqjuOq7textproc/chroma-syntax-highlighter Makefile distinfo, textproc/chroma-syntax-highlighter/pkg DESCR PLIST

   Initial revision
VersionDeltaFile
1.1+47-0textproc/chroma-syntax-highlighter/Makefile
1.1+5-0textproc/chroma-syntax-highlighter/pkg/DESCR
1.1+2-0textproc/chroma-syntax-highlighter/distinfo
1.1+1-0textproc/chroma-syntax-highlighter/pkg/PLIST
1.1.1.1+0-0textproc/chroma-syntax-highlighter/distinfo
1.1.1.1+0-0textproc/chroma-syntax-highlighter/Makefile
+55-02 files not shown
+55-08 files

OpenBSD/src 4rTTxcTusr.bin/tmux window-panes.c tmux.1

   Convert display-panes away from an overlay and into a mode. This is
   another step on the road of getting rid of overlays altogether (they are
   full of special cases; popups and menus are to go also eventually). We
   lose some of the styling of borders but gain the ability to run
   display-panes in another pane (perhaps not hugely useful but one never
   knows). The -b flag goes away as no longer useful.
VersionDeltaFile
1.1+1,067-0usr.bin/tmux/window-panes.c
1.1140+59-31usr.bin/tmux/tmux.1
1.237+44-35usr.bin/tmux/options-table.c
1.95+43-33usr.bin/tmux/layout.c
1.362+23-8usr.bin/tmux/window.c
1.58+19-2usr.bin/tmux/cmd-choose-tree.c
+1,255-10916 files not shown
+1,335-15122 files

OpenBSD/ports qj9I2wRsysutils/msitools Makefile

   drop RDEP on gobject-introspection, actually only needed as a BDEP
   (message says "Run-time dependency" but aja@ points me at this being done
   automatically by meson gnome.generate_gir).
VersionDeltaFile
1.3+1-2sysutils/msitools/Makefile
+1-21 files

OpenBSD/ports HbGT1oOdatabases/redis/bsd Makefile

   add MODTCL_VERSION=8.6 to redis/bsd, stu@ is planning to change the
   default to 9 and tests in this version of redis have "package require
   tcl 8.5" (which is >=8.5, <9).

   redis/main tests fail in the same way with Tcl 9 as they do with 8.5
   and 8.6.
VersionDeltaFile
1.2+3-0databases/redis/bsd/Makefile
+3-01 files

OpenBSD/src 0zZ8u5hlib/libskey skeysubr.c

   Use SHA1Final() in libskey.

   S/KEY requires hash output in little endian form, while SHA-1 produces big
   endian output. Rather than using SHA1Pad() and then reaching into the SHA-1
   state directly, use SHA1Final() and then convert to little endian using
   be32toh/htole32.

   ok claudio@ millert@ tb@
VersionDeltaFile
1.37+11-13lib/libskey/skeysubr.c
+11-131 files

OpenBSD/src VjUAsoBusr.sbin/nsd nsec3.c xfrd-catalog-zones.c, usr.sbin/nsd/doc ChangeLog RELNOTES

   merge NSD 4.15.0
VersionDeltaFile
1.3+338-417usr.sbin/nsd/simdzone/configure
1.31+167-39usr.sbin/nsd/nsec3.c
1.23+111-0usr.sbin/nsd/doc/ChangeLog
1.5+90-8usr.sbin/nsd/xfrd-catalog-zones.c
1.26+72-9usr.sbin/nsd/difffile.c
1.21+75-0usr.sbin/nsd/doc/RELNOTES
+853-47328 files not shown
+1,170-56834 files

OpenBSD/src fShA4Ncusr.sbin/nsd metrics.c nsec3.c, usr.sbin/nsd/doc ChangeLog RELNOTES

   import NSD 4.15.0, ok florian
VersionDeltaFile
1.1.1.3+194-157usr.sbin/nsd/metrics.c
1.1.1.16+167-39usr.sbin/nsd/nsec3.c
1.1.1.8+111-0usr.sbin/nsd/doc/ChangeLog
1.1.1.4+90-8usr.sbin/nsd/xfrd-catalog-zones.c
1.1.1.25+72-9usr.sbin/nsd/difffile.c
1.1.1.8+75-0usr.sbin/nsd/doc/RELNOTES
+709-21336 files not shown
+1,093-32442 files

OpenBSD/ports V0cCwIksysutils/msitools Makefile

   BDEP and RDEP on devel/gobject-introspection and bump
   move SHARED_LIBS to a more normal location in the Makefile
VersionDeltaFile
1.2+6-3sysutils/msitools/Makefile
+6-31 files

OpenBSD/ports 1Lh9Euwwww/py-starlette distinfo Makefile

   update py-starlette to 1.3.1
VersionDeltaFile
1.4+2-2www/py-starlette/distinfo
1.5+2-1www/py-starlette/Makefile
+4-32 files

OpenBSD/ports 6pQ0G3igeo Makefile

   +pmtiles
VersionDeltaFile
1.106+1-0geo/Makefile
+1-01 files

OpenBSD/ports ftbRY43geo/pmtiles distinfo modules.inc, geo/pmtiles/pkg DESCR PLIST

   import ports/geo/pmtiles, ok landry

   PMTiles is a single-file archive format for tiled data. A PMTiles
   archive can be self-hosted, or hosted on a commodity storage platform
   such as S3, and enables low-cost, zero-maintenance map applications
   that are free of a custom tile backend or third party provider.

   This package provides the pmtiles CLI command, which works with local
   tilesets on disk, or remotely (e.g. with archives on cloud storage, even
   in private buckets). File operations include displaying basic information,
   extracting an archive containing just your chosen zoom levels and/or area
   from a larger file (e.g. those at https://maps.protomaps.com/builds/),
   merging disjoint files together, uploading to cloud storage, etc.

   Some applications (like MapLibre GL JS) are able to use pmtiles files
   directly (fetching sections via HTTP Range requests); some others want
   a server providing an industry-standard "ZXY" API to fetch rendered
   tiles: pmtiles can provide this over HTTP.
VersionDeltaFile
1.1+3,962-0geo/pmtiles/distinfo
1.1+1,298-0geo/pmtiles/modules.inc
1.1+28-0geo/pmtiles/Makefile
1.1+16-0geo/pmtiles/pkg/DESCR
1.1+1-0geo/pmtiles/pkg/PLIST
1.1.1.1+0-0geo/pmtiles/modules.inc
+5,305-04 files not shown
+5,305-010 files

OpenBSD/ports JhUKctFdatabases/libhiredis Makefile, databases/p5-Redis Makefile

   fix TDEP paths using redis, pointed out by tb@
VersionDeltaFile
1.13+1-1databases/libhiredis/Makefile
1.52+1-1databases/py-redis/Makefile
1.26+1-1databases/p5-Redis/Makefile
+3-33 files

OpenBSD/src 4uo3gd2regress/lib/libcrypto/x509 constraints.c

   Improve name constraints URI host regress.
VersionDeltaFile
1.21+56-11regress/lib/libcrypto/x509/constraints.c
+56-111 files

OpenBSD/src sEo4Zzclib/libcrypto/x509 x509_constraints.c

   Fix X.509 constraints URI host parsing.

   An authority in a URI is only terminated by a slash, question mark or hash,
   however the current code also included colons. This allows a specically
   crafted userinfo to bypass name constraints host checks. Additionally, IPv6
   literals may only be specified when enclosed with square brackets, which is
   not enforced.

   Rewrite parts of the host and IP parsing code to be more strict, fixing
   both of these issues in the process.

   Thanks to Jack Lloyd for reporting the userinfo bypass.

   ok tb@
VersionDeltaFile
1.34+72-29lib/libcrypto/x509/x509_constraints.c
+72-291 files

OpenBSD/ports AIDSis4mail/rspamd Makefile, net/ntopng Makefile

   bump for redis dir move
VersionDeltaFile
1.163+5-2mail/rspamd/Makefile
1.41+2-2net/ntopng/Makefile
+7-42 files

OpenBSD/ports u1lLeYFdatabases/redis Makefile Makefile.inc, databases/redis/bsd/patches patch-redis_conf patch-src_Makefile

   rearrange databases/redis into databases/redis/bsd (currently still 6.2.22)
   and databases/redis/main (8.x; AGPL and other restrictive licenses).

   main/ unlinked for now, due to tests failing (every time, but usually in
   different places) with "Executing test client: couldn't open socket:
   address already in use."
VersionDeltaFile
1.1+115-0databases/redis/bsd/patches/patch-redis_conf
1.1+115-0databases/redis/main/patches/patch-redis_conf
1.147+4-63databases/redis/Makefile
1.1+52-0databases/redis/Makefile.inc
1.1+40-0databases/redis/bsd/patches/patch-src_Makefile
1.1+40-0databases/redis/main/patches/patch-src_Makefile
+366-6337 files not shown
+729-6343 files

OpenBSD/ports B9j9kMQwww/py-fastapi Makefile distinfo, www/py-fastapi/pkg PLIST

   update py-fastapi to 0.139.0
VersionDeltaFile
1.3+28-3www/py-fastapi/pkg/PLIST
1.6+9-7www/py-fastapi/Makefile
1.3+2-2www/py-fastapi/distinfo
+39-123 files

OpenBSD/ports j91FNNGgeo/qgis Makefile, geo/qgis/patches patch-python_PyQt6_core_auto_generated_symbology_qgscategorizedsymbolrenderer_sip_in

   geo/qgis: drop patch from https://github.com/qgis/QGIS/issues/66686

   not needed anymore with devel/py-sip 6.15.3.
VersionDeltaFile
1.233+1-1geo/qgis/Makefile
1.2+0-0geo/qgis/patches/patch-python_PyQt6_core_auto_generated_symbology_qgscategorizedsymbolrenderer_sip_in
+1-12 files

OpenBSD/ports n5X2aQFdevel/py-sip distinfo Makefile, devel/py-sip/pkg PLIST

   devel/py-sip: update to 6.15.3

   see https://github.com/Python-SIP/sip/blob/6.15.3/docs/releases.md
   https://github.com/Python-SIP/sip/blob/6.15.2/docs/releases.md
   https://github.com/Python-SIP/sip/blob/6.15.1/docs/releases.md
   and https://github.com/Python-SIP/sip/blob/6.15.0/docs/releases.md

   tested in a bulk build and ok tb@
VersionDeltaFile
1.25+65-0devel/py-sip/pkg/PLIST
1.31+2-2devel/py-sip/distinfo
1.72+1-1devel/py-sip/Makefile
+68-33 files

OpenBSD/ports ZAiihz2graphics/tiff Makefile distinfo, graphics/tiff/patches patch-libtiff_CMakeLists_txt patch-libtiff_tif_luv_c

   graphics/tiff: update to 4.7.2.

   see https://gitlab.com/libtiff/libtiff/-/releases/v4.7.2

   tested in a bulk build by and ok tb@
VersionDeltaFile
1.37+9-4graphics/tiff/pkg/PLIST
1.4+3-3graphics/tiff/patches/patch-libtiff_CMakeLists_txt
1.114+2-3graphics/tiff/Makefile
1.33+2-2graphics/tiff/distinfo
1.15+1-1graphics/tiff/patches/patch-libtiff_tif_luv_c
1.4+0-0graphics/tiff/patches/patch-libtiff_tif_dirwrite_c
+17-133 files not shown
+17-139 files

OpenBSD/src xtmsHXsusr.bin/tmux cmd-split-window.c tmux.1

   Typos and doc fixes, from Ben Boeckel.
VersionDeltaFile
1.144+5-5usr.bin/tmux/cmd-split-window.c
1.1139+8-1usr.bin/tmux/tmux.1
1.404+4-4usr.bin/tmux/format.c
1.420+4-4usr.bin/tmux/window-copy.c
+21-144 files

OpenBSD/src LjKr2Zzsys/sys proc.h

   oops, no the bit is available
VersionDeltaFile
1.399+1-0sys/sys/proc.h
+1-01 files

OpenBSD/src XVPgMbgsys/sys proc.h

   0x08000000 is P_SUSPSIG, so also defining PS_avail0 to the same position
   is misleading
VersionDeltaFile
1.398+1-2sys/sys/proc.h
+1-21 files

OpenBSD/ports HlUMqTOwww/mozilla-firefox distinfo Makefile

   www/mozilla-firefox: MFC update to 152.0.6.

   see https://www.firefox.com/en-US/firefox/152.0.6/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/
VersionDeltaFile
1.397.2.11+2-2www/mozilla-firefox/distinfo
1.680.2.13+1-1www/mozilla-firefox/Makefile
+3-32 files

OpenBSD/ports sybZfeowww/firefox-i18n distinfo Makefile.inc, www/mozilla-firefox distinfo Makefile

   www/mozilla-firefox: update to 152.0.6.

   see https://www.firefox.com/en-US/firefox/152.0.6/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-67/
VersionDeltaFile
1.398+164-164www/firefox-i18n/distinfo
1.412+4-4www/mozilla-firefox/distinfo
1.698+2-2www/mozilla-firefox/Makefile
1.353+1-1www/firefox-i18n/Makefile.inc
+171-1714 files

OpenBSD/src yETK8tdsys/crypto cryptosoft.c, sys/netinet ipsec_input.c ip_ah.c

   Handle allocation failure and track correct mbuf length in IPComp.
   In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
   not checked.  The mbuf chain could be too short, but the expected
   length is returned as result.  Then ipcomp_input() will not set
   m->m_pkthdr.len to the actual length of the mbuf chain.  This only
   affects decompression, other cases do not need additional memory
   for enlarging.
   from bluhm@; OK deraadt@

   IPComp decompression must not overflow mbuf cluster.
   Check after decompressing an IPComp packet, that the content fits
   into a mbuf cluster.  m_copyback() assumes that it can allocate a
   single mbuf cluster to enlarge the mbuf chain.  That means the
   decompressed data must not exceed MAXMCLBYTES.  Prevent panic:
   m_clget: request for 67948 byte cluster.
   from bluhm@; reported by Homura Akemi, SecBuddyF, Tencent KeenLab; OK mvs@

   IPsec AH must contain replay counter.
   Before reading the replay counter from packet header in ah_input(),

    [10 lines not shown]
VersionDeltaFile
1.91.18.1+18-5sys/crypto/cryptosoft.c
1.222.2.1+9-1sys/netinet/ipsec_input.c
1.179.2.1+5-1sys/netinet/ip_ah.c
+32-73 files

OpenBSD/src AKlsqpHsys/crypto cryptosoft.c, sys/netinet ipsec_input.c ip_ah.c

   Handle allocation failure and track correct mbuf length in IPComp.
   In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
   not checked.  The mbuf chain could be too short, but the expected
   length is returned as result.  Then ipcomp_input() will not set
   m->m_pkthdr.len to the actual length of the mbuf chain.  This only
   affects decompression, other cases do not need additional memory
   for enlarging.
   from bluhm@; OK deraadt@

   IPComp decompression must not overflow mbuf cluster.
   Check after decompressing an IPComp packet, that the content fits
   into a mbuf cluster.  m_copyback() assumes that it can allocate a
   single mbuf cluster to enlarge the mbuf chain.  That means the
   decompressed data must not exceed MAXMCLBYTES.  Prevent panic:
   m_clget: request for 67948 byte cluster.
   from bluhm@; reported by Homura Akemi, SecBuddyF, Tencent KeenLab; OK mvs@

   IPsec AH must contain replay counter.
   Before reading the replay counter from packet header in ah_input(),

    [10 lines not shown]
VersionDeltaFile
1.91.14.1+18-5sys/crypto/cryptosoft.c
1.221.2.1+9-1sys/netinet/ipsec_input.c
1.178.2.1+5-1sys/netinet/ip_ah.c
+32-73 files

OpenBSD/src Ao3YdNesys/dev/ic qwx.c

   run qwx_init() code under splnet()
VersionDeltaFile
1.137+13-4sys/dev/ic/qwx.c
+13-41 files

OpenBSD/src kRUU6jnregress/usr.sbin/bgpd/integrationtests as0.sh exabgp.as0.test2.in

   Run monitor exabgp session on new IP 10.12.57.5.

   10.12.57.2 is used in test1 and since exabgp retries immediatly the
   idleHoldTime of that peer goes up quickly and blocks further connects.
   Before this worked since bgpd sent the notification and the error count
   was not increased and with this immediate retries were possible.
VersionDeltaFile
1.3+3-1regress/usr.sbin/bgpd/integrationtests/as0.sh
1.3+2-2regress/usr.sbin/bgpd/integrationtests/exabgp.as0.test2.in
+5-32 files