OpenBSD/src n8wxLz7sys/arch/amd64/amd64 ucode.c, sys/arch/i386/i386 ucode.c

   Intel now documents a minimum runtime update revision in the microcode
   header.  This is intended to help decide whether to do an update after
   userspace is already running.  As we only do updates early in boot just
   update the struct.

   https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/secure-coding/minimum-runtime-ucode-update-revision.html
VersionDeltaFile
1.11+4-2sys/arch/amd64/amd64/ucode.c
1.8+4-2sys/arch/i386/i386/ucode.c
+8-42 files

OpenBSD/src zUmn3Lyregress/usr.bin/ssh test-exec.sh

   give ssh-agent more time to start in tests; requested in GHPR602
VersionDeltaFile
1.135+2-2regress/usr.bin/ssh/test-exec.sh
+2-21 files

OpenBSD/src 1pc1WO1regress/usr.bin/ssh test-exec.sh

   When testing PKCS11, explicitly allow the module path in ssh-agent.

   Allows testing of PKCS11 modules outside system directories.

   From Morgan Jones via GHPR602
VersionDeltaFile
1.134+4-1regress/usr.bin/ssh/test-exec.sh
+4-11 files

OpenBSD/src KU0vtnlusr.bin/ssh ssh-add.c

   When loading FIDO2 resident keys, set the comment to the FIDO
   application string. This matches the behaviour of ssh-keygen -K

   From Arian van Putten via GHPR608
VersionDeltaFile
1.184+3-3usr.bin/ssh/ssh-add.c
+3-31 files

OpenBSD/src XQNt2jrsys/net if_aggr.c if_trunk.c, sys/netinet if_ether.h

   move aggr/trunk input processing into ether_input.

   previously it replaced the ifp->if_input function pointer on ethernet
   interfaces, which is always ether_input, to intercept packets. this
   makes it work the same as bridges (bridge/veb/tpmr) for intercepting
   and filtering packets now.

   this makes it (more) possible to call ether_input without netlock
   (which serialised the modification/use of if_input), and makes it
   possible for ethernet interfaces with custom if_input functions
   that eventually call ether_input to work as trunk/aggr ports.
VersionDeltaFile
1.51+137-78sys/net/if_aggr.c
1.158+53-25sys/net/if_trunk.c
1.305+42-32sys/net/if_ethersubr.c
1.55+31-32sys/net/if_veb.c
1.39+16-16sys/net/if_tpmr.c
1.98+11-11sys/netinet/if_ether.h
+290-1942 files not shown
+295-1988 files

OpenBSD/src tMtOinZsys/arch/amd64/amd64 ucode.c, sys/arch/i386/i386 ucode.c

   Some AMD microcode now has a minimum version for updating with an MSR.
   AMD-SB-7033 claims a protection fault will be generated if not at that
   level.

   The microcode containers can now also have multiple microcode patches
   for a given family-model-stepping combination.  One with a minimum version,
   and one without.

   Handle multiple patches and check minimum version using part of the
   container header.  Limit this check to family 19h and above.  The header
   is not publically documented and this part seems to have another use on
   earlier CPU families.
VersionDeltaFile
1.10+30-13sys/arch/amd64/amd64/ucode.c
1.7+30-13sys/arch/i386/i386/ucode.c
+60-262 files

OpenBSD/ports bb0RH27devel/py-libcst distinfo crates.inc

   update py-libcst to 1.8.6 for Python 3.14 support

   ok kn@
VersionDeltaFile
1.2+86-118devel/py-libcst/distinfo
1.2+42-58devel/py-libcst/crates.inc
1.4+1-2devel/py-libcst/Makefile
+129-1783 files

OpenBSD/xenocara ulgGKKu. 3RDPARTY

   update
VersionDeltaFile
1.452+4-43RDPARTY
+4-41 files

OpenBSD/xenocara ECjdU9Qlib/libpng pngerror.c pngrtran.c, lib/libpng/contrib/libtests pngvalid.c

   Update to png 1.6.51. fixes  CVE-2025-64505, CVE-2025-64506,
   CVE-2025-64720 and CVE-2025-65018. ok jca@
VersionDeltaFile
1.2+8-133lib/libpng/contrib/libtests/pngvalid.c
1.2+7-131lib/libpng/pngerror.c
1.2+74-40lib/libpng/pngrtran.c
1.2+75-0lib/libpng/pngread.c
1.2+37-34lib/libpng/png.5
1.2+31-16lib/libpng/ANNOUNCE
+232-35433 files not shown
+435-54339 files

OpenBSD/ports n2aD3jagraphics/png distinfo Makefile

   Update to png 1.6.51. fixes  CVE-2025-64505, CVE-2025-64506,
   CVE-2025-64720 and CVE-2025-65018. ok jca@
VersionDeltaFile
1.73+2-2graphics/png/distinfo
1.144+1-1graphics/png/Makefile
+3-32 files

OpenBSD/xenocara qAkFdkVdistrib/sets/lists/xbase mi

   sync
VersionDeltaFile
1.160+5-0distrib/sets/lists/xbase/mi
+5-01 files

OpenBSD/xenocara VaIjkoslib/fontconfig/conf.d 35-lang-normalize.conf Makefile

   Install new configuration files, missed in 2.17.1 update.
   Noticed by Tim van der Molden.
   While here also remove generated README during make clean.
VersionDeltaFile
1.1+1,289-0lib/fontconfig/conf.d/35-lang-normalize.conf
1.20+12-6lib/fontconfig/conf.d/Makefile
+1,301-62 files

OpenBSD/src vnYLeRousr.sbin/vmd virtio.c

   Fix vmd(8) segfault during vmmci timeout firing.

   Need to pass a pointer to the vmmci device. The timeout handler calls
   vm_shutdown() so this SIGSEGV exit wasn't being noticed until I attached
   to the vm process with gdb.
VersionDeltaFile
1.129+2-2usr.sbin/vmd/virtio.c
+2-21 files

OpenBSD/ports QZ4wExwgeo/gpsbabel Makefile, geo/gpsbabel/patches patch-guibabel

   Use MODTCL_WISH_ADJ; drop a patch.

   MODTK_VERSION=8.6

   ok sthen@
VersionDeltaFile
1.44+6-1geo/gpsbabel/Makefile
1.4+0-0geo/gpsbabel/patches/patch-guibabel
+6-12 files

OpenBSD/ports 5O1avQJx11/x11vnc Makefile, x11/x11vnc/patches patch-src_gui_c

   Avoid substituting MODTK_VERSION.
   Use a new SUBST_VAR; yields a slightly nicer patch.

   MODTK_VERSION=8.6

   ok sthen@
VersionDeltaFile
1.59+8-0x11/x11vnc/Makefile
1.3+1-1x11/x11vnc/patches/patch-src_gui_c
+9-12 files

OpenBSD/src yAcILTqsys/arch/m88k/include mmu.h

   Remove macros which have outlived their usefulness.
VersionDeltaFile
1.18+1-5sys/arch/m88k/include/mmu.h
+1-51 files

OpenBSD/ports gQoeCDkmisc/openhab Makefile, misc/openhab-addons/5 Makefile distinfo

   add openhab/openhab-addons 5.0.2, from maintainer Chaz Kettleson
VersionDeltaFile
1.1+1,465-0misc/openhab/5/pkg/PLIST
1.1+6-0misc/openhab-addons/5/pkg/PLIST
1.1+4-0misc/openhab/5/Makefile
1.1+3-0misc/openhab-addons/5/Makefile
1.1+2-0misc/openhab-addons/5/distinfo
1.14+1-1misc/openhab/Makefile
+1,481-12 files not shown
+1,484-28 files

OpenBSD/ports zlJv5KInet/icinga/core2 Makefile, net/icinga/core2/patches patch-lib_base_utility_cpp

   we have pthread_set_name_np
VersionDeltaFile
1.5+18-25net/icinga/core2/patches/patch-lib_base_utility_cpp
1.152+1-0net/icinga/core2/Makefile
+19-252 files

OpenBSD/ports 2mzMRIusysutils/tkdvd Makefile, sysutils/tkdvd/patches patch-TkDVD_sh patch-install_tcl

   Use MODTCL_TCLSH_ADJ and MODTCL_WISH_ADJ;
   drop one patch, shorten another.
   Tidy port. Take maintainer.

   MODTK_VERSION=8.6


   ok sthen@
VersionDeltaFile
1.20+10-8sysutils/tkdvd/Makefile
1.6+3-10sysutils/tkdvd/patches/patch-TkDVD_sh
1.5+0-0sysutils/tkdvd/patches/patch-install_tcl
+13-183 files

OpenBSD/ports 4GlFPOdlang/erlang/28 Makefile distinfo, lang/erlang/28/pkg PLIST-main

   lang/erlang/28: Update to 28.2
VersionDeltaFile
1.8+8-8lang/erlang/28/Makefile
1.4+8-0lang/erlang/28/pkg/PLIST-main
1.7+4-4lang/erlang/28/distinfo
+20-123 files

OpenBSD/ports 4SJVjMsnet/rabbitmq Makefile distinfo, net/rabbitmq/pkg PLIST

   net/rabbitmq: Update to 4.2.1
VersionDeltaFile
1.38+84-39net/rabbitmq/pkg/PLIST
1.82+9-9net/rabbitmq/Makefile
1.36+2-2net/rabbitmq/distinfo
+95-503 files

OpenBSD/ports FWxsscItextproc/simdutf Makefile distinfo

   textproc/simdutf: Update to 7.7.0
VersionDeltaFile
1.2+2-2textproc/simdutf/Makefile
1.2+2-2textproc/simdutf/distinfo
+4-42 files

OpenBSD/ports PFZwn8Htextproc/csvlens distinfo crates.inc

   textproc/csvlens: Update to 0.14.0
VersionDeltaFile
1.6+288-276textproc/csvlens/distinfo
1.5+143-137textproc/csvlens/crates.inc
1.7+1-1textproc/csvlens/Makefile
+432-4143 files

OpenBSD/ports pHBvTO4shells/fish/main distinfo crates.inc, shells/fish/main/patches patch-src_common_rs

   shells/fish/main: Update to 4.2.1

   From Florian Viehweger (Maintainer), thanks
VersionDeltaFile
1.7+130-94shells/fish/main/distinfo
1.4+64-46shells/fish/main/crates.inc
1.5+11-3shells/fish/main/pkg/PLIST
1.8+1-2shells/fish/main/Makefile
1.3+0-0shells/fish/main/patches/patch-src_common_rs
+206-1455 files

OpenBSD/ports DXNYcGMwayland/greetd/patches patch-greetd_src_terminal_ioctl_rs

   Fix double work in patch comment
VersionDeltaFile
1.2+1-1wayland/greetd/patches/patch-greetd_src_terminal_ioctl_rs
+1-11 files

OpenBSD/ports ftXPHGpwayland/greetd Makefile, wayland/greetd/patches patch-greetd_src_terminal_ioctl_rs patch-greetd_src_terminal_mod_rs

   Repair greetd controlling terminal handling

   Use TIOCSCTTY from libc crate, which actually knows about OpenBSD. Then
   use it to implement term_tiocsctty. This lets agreety and other child
   sessions run with a proper controlling terminal.

   ok landry@
VersionDeltaFile
1.1+24-0wayland/greetd/patches/patch-greetd_src_terminal_ioctl_rs
1.2+0-13wayland/greetd/patches/patch-greetd_src_terminal_mod_rs
1.4+1-1wayland/greetd/Makefile
+25-143 files

OpenBSD/ports XeUQyvOwww/py-quixote Makefile distinfo, www/py-quixote/pkg PLIST

   py3-quixote: update to 3.7 to fix with py313
VersionDeltaFile
1.26+3-4www/py-quixote/Makefile
1.7+2-2www/py-quixote/distinfo
1.11+3-0www/py-quixote/pkg/PLIST
+8-63 files

OpenBSD/src bLTAl29sys/arch/amd64/amd64 locore0.S machdep.c

   relocate ghcb in machdep.c

   ghcb_vaddr is not used in locore0.S, no need to do this in assembler.

   From Sebastian Sturm

   ok hshoexer
VersionDeltaFile
1.33+1-10sys/arch/amd64/amd64/locore0.S
1.306+3-2sys/arch/amd64/amd64/machdep.c
+4-122 files

OpenBSD/ports iVJOaI1databases/postgresql-previous Makefile

   add BDEP on bison
VersionDeltaFile
1.31+4-2databases/postgresql-previous/Makefile
+4-21 files

OpenBSD/src YCoOOSQsbin/pfctl pfctl_parser.c

   ifa_load() in pfctl_parser.c may attempt to read beyond the buffer.

   The current ifa_load() is not paranoid enough when it deals with
   information which comes from kernel. The function just ignores
   sa_len member in socket address returned getifaddrs().

   The issue has been reported by anton@. The idea for fix here comes
   fromy claudio@.

   OK @claudio, @deraadt
VersionDeltaFile
1.354+9-5sbin/pfctl/pfctl_parser.c
+9-51 files