OpenBSD/src wUAiEv5sys/kern sysv_msg.c, sys/sys msg.h

   Make concurrent sys_msgrcv() wait until we finish message delivery. We
   left acquired message in the queue while we are sleeping in msg_copyout().
   Concurrent sys_msgrcv() could acquire and delete this message.

   Reported-by: syzbot+c80235d951da9769a00f at syzkaller.appspotmail.com
VersionDeltaFile
1.48+34-4sys/kern/sysv_msg.c
1.26+4-2sys/sys/msg.h
+38-62 files

OpenBSD/ports uIWWTTMx11/kde-applications/kitinerary/patches patch-src_lib_pdf_pdfextractoroutputdevice_cpp

   Missed to run cvs remove
VersionDeltaFile
1.2+0-0x11/kde-applications/kitinerary/patches/patch-src_lib_pdf_pdfextractoroutputdevice_cpp
+0-01 files

OpenBSD/src EQwr3WWusr.sbin/rpki-client nca.c

   nca_plan_retries: fix previous by dropping a break

   from/ok job
VersionDeltaFile
1.10+1-2usr.sbin/rpki-client/nca.c
+1-21 files

OpenBSD/src WLWfaYGusr.sbin/rpki-client main.c nca.c

   Deduplicate skiplist, shortlist, and NCA retry handling

   Introduce helpers functions for manipulating lists of strings, such as
   the FQDNs in skiplist & shortlist, and rpkiNotify URLs used for batching
   NCA retries.

   OK tb@
VersionDeltaFile
1.311+39-35usr.sbin/rpki-client/main.c
1.9+13-27usr.sbin/rpki-client/nca.c
1.288+9-5usr.sbin/rpki-client/extern.h
+61-673 files

OpenBSD/src QHgVspUsys/kern sysv_msg.c

   Restore msgrcv(2) MSG_NOERROR/E2BIG error path. Silently truncate
   message is not a good idea.

   msgrcv(2) man page has E2BIG error description, no need for update.

   ok millert
VersionDeltaFile
1.47+8-6sys/kern/sysv_msg.c
+8-61 files

OpenBSD/ports 8ChMdDEarchivers/unrar Makefile distinfo

   archivers/unrar: update to 7.23

   Security fixes:
   * heap overflow when reconstructing data from RAR5 recovery volumes
   * a specially crafted RAR archive could create a symbolic link pointing
     outside of the intended destination folder during extraction
VersionDeltaFile
1.104+2-2archivers/unrar/Makefile
1.58+2-2archivers/unrar/distinfo
+4-42 files

OpenBSD/ports 5UV0yzEx11/tellico distinfo Makefile, x11/tellico/pkg PLIST

   Update tellico to 4.2.1
VersionDeltaFile
1.41+2-2x11/tellico/distinfo
1.107+1-1x11/tellico/Makefile
1.40+0-1x11/tellico/pkg/PLIST
+3-43 files

OpenBSD/ports U7z86zpmisc/open62541 distinfo Makefile

   update open62541 to 1.3.18
VersionDeltaFile
1.16+2-2misc/open62541/distinfo
1.38+1-2misc/open62541/Makefile
+3-42 files

OpenBSD/ports RZYqcguproductivity/homebank distinfo Makefile

   Update homebank to 5.10.2
VersionDeltaFile
1.61+2-2productivity/homebank/distinfo
1.83+1-1productivity/homebank/Makefile
+3-32 files

OpenBSD/ports KhmudTqnet/ruby-grpc Makefile distinfo, net/ruby-grpc/pkg PLIST

   Update ruby-grpc to 1.82.0
VersionDeltaFile
1.11+3-2net/ruby-grpc/Makefile
1.3+4-0net/ruby-grpc/pkg/PLIST
1.9+2-2net/ruby-grpc/distinfo
+9-43 files

OpenBSD/ports y2sFZDUnet/grpc Makefile distinfo, net/grpc/patches patch-CMakeLists_txt

   Update grpc to 1.82.0
VersionDeltaFile
1.21+11-11net/grpc/Makefile
1.15+2-2net/grpc/distinfo
1.11+1-1net/grpc/patches/patch-CMakeLists_txt
+14-143 files

OpenBSD/ports fsWh0Ejdevel/msp430/binutils/pkg DESCR, devel/xtensa-esp32-elf/binutils Makefile

   codespell fixes
VersionDeltaFile
1.2+1-1devel/msp430/binutils/pkg/DESCR
1.11+1-1devel/xtensa-esp32-elf/binutils/Makefile
1.2+1-1devel/xtensa-esp32-elf/binutils/pkg/DESCR
1.6+1-1devel/xtensa-esp32s2-elf/binutils/Makefile
1.2+1-1devel/xtensa-esp32s2-elf/binutils/pkg/DESCR
1.6+1-1devel/xtensa-esp32s3-elf/binutils/Makefile
+6-618 files not shown
+24-2024 files

OpenBSD/ports 1K53mm8devel/p5-Devel-Leak-Object/pkg DESCR, devel/p5-ExtUtils-CChecker/pkg DESCR

   fix DESCR issues found by codespell. some wider rewording in a few cases
   where the file was incomprehensible.
VersionDeltaFile
1.2+5-5net/p5-POE-Component-Jabber/pkg/DESCR
1.3+3-4net/p5-Socket6/pkg/DESCR
1.2+3-3net/p5-Net-Frame/pkg/DESCR
1.2+3-3devel/p5-Devel-Leak-Object/pkg/DESCR
1.2+2-2net/p5-Net-Inspect/pkg/DESCR
1.2+2-2devel/p5-ExtUtils-CChecker/pkg/DESCR
+18-1972 files not shown
+91-7678 files

OpenBSD/src wM0RwaSusr.sbin/rpki-client repo.c

   Don't remove other elements in a RB_FOREACH_SAFE walk since that is not safe.

   repo_move_valid() walks the tree with RB_FOREACH_SAFE() but it also calls
   RB_REMOVE() via filepath_put() on an other element in a case where a
   conflict is resolved. This results in a use-after-free if that element is
   the next one in the tree (nfp). Instead of removing the present
   conflicting node (ofp), replace the contents of it, free fp and swap fp
   with ofp.

   With and OK tb@
VersionDeltaFile
1.90+16-12usr.sbin/rpki-client/repo.c
+16-121 files

OpenBSD/src GI4Xkgcusr.sbin/rpki-client repo.c

   Remove no longer needed cast for the free argument.

   From tb@
VersionDeltaFile
1.89+2-2usr.sbin/rpki-client/repo.c
+2-21 files

OpenBSD/ports U6k8yqpdevel/py-bencode/pkg DESCR, devel/py-suds Makefile

   fix issues found by codespell
VersionDeltaFile
1.2+3-3devel/py-suds/pkg/DESCR
1.2+2-2devel/py-bencode/pkg/DESCR
1.15+1-1devel/py-suds/Makefile
1.4+1-1textproc/py-patiencediff/pkg/DESCR
1.28+1-1textproc/py-stemmer/Makefile
1.2+1-1textproc/py-stemmer/pkg/DESCR
+9-928 files not shown
+37-2734 files

OpenBSD/ports C1odT60graphics/p5-Imager distinfo Makefile

   update p5-Imager to 1.033
   CVE-2026-14454
VersionDeltaFile
1.21+2-2graphics/p5-Imager/distinfo
1.57+1-1graphics/p5-Imager/Makefile
+3-32 files

OpenBSD/ports Bf1UnSFdevel/kf5/kfilemetadata Makefile, devel/kf5/kfilemetadata/pkg DESCR-main

   codespell fixes
VersionDeltaFile
1.2+1-1devel/kf5/kfilemetadata/pkg/DESCR-main
1.10+1-1mail/notmuch/Makefile
1.2+1-1mail/notmuch/pkg/DESCR-main
1.2+1-1net/libmaxminddb/pkg/DESCR-main
1.2+1-1telephony/kamailio/pkg/DESCR-main
1.28+1-1devel/kf5/kfilemetadata/Makefile
+6-66 files not shown
+12-912 files

OpenBSD/ports t1VflN3mail/postfix/stable35 distinfo Makefile

   MFC update to postfix-3.5.26
VersionDeltaFile
1.4.10.2+2-2mail/postfix/stable35/distinfo
1.11.2.2+1-2mail/postfix/stable35/Makefile
+3-42 files

OpenBSD/ports rcQZLYumail/postfix/stable distinfo Makefile

   MFC update to postfix-3.11.5
VersionDeltaFile
1.164.2.3+2-2mail/postfix/stable/distinfo
1.281.2.4+1-1mail/postfix/stable/Makefile
+3-32 files

OpenBSD/ports zVRwbLfmail/postfix/stable35 distinfo Makefile

   update to postfix-3.5.26, ok brad
VersionDeltaFile
1.6+2-2mail/postfix/stable35/distinfo
1.13+1-2mail/postfix/stable35/Makefile
+3-42 files

OpenBSD/ports XzG4vkImail/postfix/stable distinfo Makefile

   update to postfix-3.11.5, ok brad
VersionDeltaFile
1.167+2-2mail/postfix/stable/distinfo
1.285+1-1mail/postfix/stable/Makefile
+3-32 files

OpenBSD/ports xpvO5UNwww/chromium distinfo Makefile, www/chromium/patches patch-chrome_browser_download_chrome_download_manager_delegate_cc patch-services_device_hid_hid_service_freebsd_cc

   update to 150.0.7871.100
VersionDeltaFile
1.481+4-4www/chromium/distinfo
1.96+3-3www/chromium/patches/patch-chrome_browser_download_chrome_download_manager_delegate_cc
1.7+1-2www/chromium/patches/patch-services_device_hid_hid_service_freebsd_cc
1.916+2-1www/chromium/Makefile
+10-104 files

OpenBSD/ports LKdZsFDtextproc/p5-String-Util distinfo Makefile

   update p5-String-Util to 1.36
   CVE-2026-14895
VersionDeltaFile
1.3+2-2textproc/p5-String-Util/distinfo
1.3+2-1textproc/p5-String-Util/Makefile
+4-32 files

OpenBSD/ports RKECpvlaudio/cuetools/pkg DESCR, benchmarks/fs_mark Makefile

   fix some issues in DESCR found by codespell
VersionDeltaFile
1.4+11-12comms/py-dmr_utils3/Makefile
1.2+8-7benchmarks/librespeed-cli/Makefile
1.40+6-6databases/py-puppetdb/Makefile
1.2+3-3audio/cuetools/pkg/DESCR
1.8+4-1benchmarks/fs_mark/Makefile
1.2+2-2comms/py-dmr_utils3/pkg/DESCR
+34-3134 files not shown
+75-6240 files

OpenBSD/ports 28GxhUSdevel/codex distinfo crates.inc, devel/codex/patches patch-codex-rs_Cargo_toml patch-codex-rs_core_src_config_mod_rs

   devel/codex: update to 0.143.0
VersionDeltaFile
1.34+16-14devel/codex/distinfo
1.23+7-6devel/codex/crates.inc
1.29+4-4devel/codex/patches/patch-codex-rs_Cargo_toml
1.31+1-1devel/codex/patches/patch-codex-rs_core_src_config_mod_rs
1.34+1-1devel/codex/Makefile
+29-265 files

OpenBSD/ports bNL8dzoeditors/vim-classic Makefile distinfo, editors/vim-classic/patches patch-runtime_filetype_vim patch-src_configure_ac

   update vim-classic to newer commit
VersionDeltaFile
1.8+69-0editors/vim-classic/pkg/PLIST
1.16+6-5editors/vim-classic/Makefile
1.11+2-2editors/vim-classic/distinfo
1.5+2-2editors/vim-classic/patches/patch-runtime_filetype_vim
1.7+1-1editors/vim-classic/patches/patch-src_configure_ac
+80-105 files

OpenBSD/src hSfS28Pusr.sbin/rpki-client main.c

   Rework the special case for CRL files when it comes to the entity_queue.

   CRL are not accounted in the entity_queue, they are loaded together with
   MFT files and passed back together as well. Instead of increasing
   entity_queue skip the entity_queue decrease at the end of the function
   for CRL files. This way goto done cases will account CRLs correctly as well.

   OK tb@
VersionDeltaFile
1.310+4-3usr.sbin/rpki-client/main.c
+4-31 files

OpenBSD/src OMy3tPcusr.bin/tmux regsub.c

   Fix regsub with anchor at start of pattern, GitHub issue 5341.
VersionDeltaFile
1.10+10-7usr.bin/tmux/regsub.c
+10-71 files

OpenBSD/src 8HGVIhbsbin/iked radius.c

   iked: Store RADIUS-assigned IPv6 address in the IPv6 slot

   The IPv6 branch of iked_radius_config() stored the address in the
   IPv4 slot sa_rad_addr and tagged it AF_INET.  Use sa_rad_addr6 and
   AF_INET6 instead.  Also exempt IKEV2_CFG_INTERNAL_IP6_ADDRESS from
   the "use config rather than radius" check, as already done for IPv4.

   ok yasuoka@
VersionDeltaFile
1.16+5-4sbin/iked/radius.c
+5-41 files