OpenBSD/ports BIoYtw3www/rt distinfo Makefile, www/rt/patches patch-Makefile_in patch-sbin_rt-setup-database_in

   update to 6.0.3
VersionDeltaFile
1.39+48-1www/rt/pkg/PLIST
1.12+5-5www/rt/patches/patch-Makefile_in
1.34+2-2www/rt/distinfo
1.3+1-1www/rt/patches/patch-sbin_rt-setup-database_in
1.64+1-1www/rt/Makefile
+57-105 files

OpenBSD/ports GeKx0pSdatabases/p5-DBIx-SearchBuilder Makefile distinfo

   update to 1.85
VersionDeltaFile
1.31+3-1databases/p5-DBIx-SearchBuilder/Makefile
1.20+2-2databases/p5-DBIx-SearchBuilder/distinfo
+5-32 files

OpenBSD/ports Q2rFAl0print/hplip Makefile distinfo, print/hplip/patches patch-base_utils_py patch-Makefile_in

   Update to hplip-3.26.4.
VersionDeltaFile
1.30+1-19print/hplip/patches/patch-base_utils_py
1.79+9-9print/hplip/patches/patch-Makefile_in
1.83+12-1print/hplip/pkg/PLIST-hpijs
1.228+2-4print/hplip/Makefile
1.82+2-2print/hplip/distinfo
1.7+2-2print/hplip/patches/patch-common_utils_c
+28-373 files not shown
+32-419 files

OpenBSD/ports vdU26Wjdevel/spidermonkey140 distinfo Makefile

   Update to spidermonkey140-140.11.0.
VersionDeltaFile
1.11+2-2devel/spidermonkey140/distinfo
1.11+1-1devel/spidermonkey140/Makefile
+3-32 files

OpenBSD/ports 2UTaBjPx11/qt5/qtwebengine/patches patch-src_3rdparty_chromium_v8_src_compiler_backend_instruction-codes_h patch-src_3rdparty_chromium_third_party_blink_renderer_platform_image-encoders_image_encoder_utils_cc

   Fix build with llvm22

   Some enum need a fixed underlying type.
VersionDeltaFile
1.1+21-0x11/qt5/qtwebengine/patches/patch-src_3rdparty_chromium_v8_src_compiler_backend_instruction-codes_h
1.1+12-0x11/qt5/qtwebengine/patches/patch-src_3rdparty_chromium_third_party_blink_renderer_platform_image-encoders_image_encoder_utils_cc
1.1+12-0x11/qt5/qtwebengine/patches/patch-src_3rdparty_chromium_components_download_public_common_download_stats_h
1.1+12-0x11/qt5/qtwebengine/patches/patch-src_3rdparty_chromium_content_browser_code_cache_generated_code_cache_h
1.1+12-0x11/qt5/qtwebengine/patches/patch-src_3rdparty_chromium_net_cookies_cookie_monster_h
1.1+12-0x11/qt5/qtwebengine/patches/patch-src_3rdparty_chromium_third_party_blink_renderer_core_imagebitmap_image_bitmap_factories_cc
+81-04 files not shown
+129-010 files

OpenBSD/src HNNo9Ojusr.bin/tmux cmd-resize-pane.c server-client.c

   Pane resizing code for floating panes, mostly by Michael Grant.
VersionDeltaFile
1.54+157-18usr.bin/tmux/cmd-resize-pane.c
1.459+96-40usr.bin/tmux/server-client.c
1.1322+2-2usr.bin/tmux/tmux.h
+255-603 files

OpenBSD/ports lkl7WKDsysutils/google-cloud-sdk distinfo Makefile, sysutils/google-cloud-sdk/pkg PLIST

   Update to google-cloud-sdk-569.0.0.
VersionDeltaFile
1.421+96-77sysutils/google-cloud-sdk/pkg/PLIST
1.438+2-2sysutils/google-cloud-sdk/distinfo
1.458+1-1sysutils/google-cloud-sdk/Makefile
+99-803 files

OpenBSD/ports wqCFICOdevel/protobuf-java distinfo Makefile

   Updat to protobuf-java 4.34.2

   https://github.com/protocolbuffers/protobuf/releases/tag/v34.2
VersionDeltaFile
1.4+2-2devel/protobuf-java/distinfo
1.4+1-1devel/protobuf-java/Makefile
+3-32 files

OpenBSD/ports De7rIz0devel/py-protobuf distinfo Makefile

   Update to py-protobuf 7.34.2

   https://github.com/protocolbuffers/protobuf/releases/tag/v34.2
VersionDeltaFile
1.59+2-2devel/py-protobuf/distinfo
1.75+1-1devel/py-protobuf/Makefile
+3-32 files

OpenBSD/ports ZUX3laKdevel/protobuf distinfo Makefile

   Update to protobuf-cpp 6.34.2

   https://github.com/protocolbuffers/protobuf/releases/tag/v34.2
VersionDeltaFile
1.68+2-2devel/protobuf/distinfo
1.107+1-1devel/protobuf/Makefile
+3-32 files

OpenBSD/src qUCIkOklib/libagentx ax.c, usr.sbin/snmpd ax.c

   Implement a better fix. The previous fix allowed to overflow in a
   different spot. This would still only lead to a crash, and would only be
   reachable by arbitrary users if the admin enabled the agentx socket, and
   set custom permissions.

   OK deraadt@, mvs@
VersionDeltaFile
1.9+6-9usr.sbin/snmpd/ax.c
1.13+6-9lib/libagentx/ax.c
+12-182 files

OpenBSD/ports 7RlCD53x11/motif Makefile, x11/motif/patches patch-lib_Xm_EditresCom_c

   motif: switch from unsigned long * to CARD64 * to prepare for llvm22

   matthieu agrees with the approach
VersionDeltaFile
1.1+12-0x11/motif/patches/patch-lib_Xm_EditresCom_c
1.13+1-1x11/motif/Makefile
+13-12 files

OpenBSD/ports yuZ3T79graphics/GraphicsMagick Makefile distinfo, graphics/GraphicsMagick/patches patch-configure

   Update to GraphicsMagick 1.3.47 to fix build with llvm22, ok Brad

   http://www.graphicsmagick.org/NEWS.html#may-13-2026
VersionDeltaFile
1.79+4-5graphics/GraphicsMagick/Makefile
1.37+2-2graphics/GraphicsMagick/distinfo
1.26+2-2graphics/GraphicsMagick/patches/patch-configure
1.32+3-0graphics/GraphicsMagick/pkg/PLIST
+11-94 files

OpenBSD/src iyyVaDbusr.bin/ssh sshd_config.5 ssh_config.5

   mention that compression could potentially leak information about session
   contents (cf. the CRIME attack on TLS) if a connection allows attacker-
   controlled traffic over it alongside trused traffic. This might occur
   in some forwarding scenarios.

   with deraadt@
VersionDeltaFile
1.398+9-2usr.bin/ssh/sshd_config.5
1.424+9-2usr.bin/ssh/ssh_config.5
+18-42 files

OpenBSD/src wJGiFVZusr.bin/ssh sftp-server.8

   mention usefulness of request type allow/denylisting for servers
   accepting untrusted clients
VersionDeltaFile
1.32+13-2usr.bin/ssh/sftp-server.8
+13-21 files

OpenBSD/src rUiyE8alib/libc/sys open.2

   document EACESS if __pledge_open() in /usr/share/zoneinfo terminates
   on a non-regular file
   ok dgl
VersionDeltaFile
1.62+7-1lib/libc/sys/open.2
+7-11 files

OpenBSD/src P230JeHsys/kern vfs_lookup.c

   only allow __pledge_open(2) to open regular files in the /usr/share/zoneinfo
   directory.  other file types return EACCES.
   ok dgl
VersionDeltaFile
1.93+6-1sys/kern/vfs_lookup.c
+6-11 files

OpenBSD/ports 7aDToYFnet/curl Makefile distinfo, net/curl/patches patch-m4_curl-compilers_m4

   net/curl: update to 8.20.0

   Includes fixes for
   CVE-2026-4873: connection reuse ignores TLS requirement
   CVE-2026-5545: wrong reuse of HTTP Negotiate connection
   CVE-2026-5773: wrong reuse of SMB connection
   CVE-2026-6253: proxy credentials leak over redirect-to proxy
   CVE-2026-6276: stale custom cookie host causes cookie leak
   CVE-2026-6429: netrc credential leak with reused proxy connection
   CVE-2026-7168: cross-proxy Digest auth state leak
VersionDeltaFile
1.213.2.1+4-2net/curl/Makefile
1.14.2.1+2-2net/curl/patches/patch-m4_curl-compilers_m4
1.145.2.1+2-2net/curl/distinfo
1.89.2.1+3-0net/curl/pkg/PLIST
+11-64 files

OpenBSD/ports 9VPtR2Wcomms/lrzsz Makefile, comms/lrzsz/patches patch-src_tcp_c

   lrsz: fix incompatible pointer types (socklen_t * vs size_t *) for llvm22
VersionDeltaFile
1.1+21-0comms/lrzsz/patches/patch-src_tcp_c
1.33+1-1comms/lrzsz/Makefile
+22-12 files

OpenBSD/ports eMGti0pmisc/magicpoint Makefile, misc/magicpoint/patches patch-draw_c

   magicpoint: passing int * to size_t * makes llvm22 unhappy
VersionDeltaFile
1.4+14-20misc/magicpoint/patches/patch-draw_c
1.71+1-0misc/magicpoint/Makefile
+15-202 files

OpenBSD/ports eqbnu7gcomms/x3270 Makefile, comms/x3270/patches patch-macros_c

   comms/x3270: fix -Wincompatible-pointer-types (socklen_t vs size_t)
VersionDeltaFile
1.1+14-0comms/x3270/patches/patch-macros_c
1.18+1-1comms/x3270/Makefile
+15-12 files

OpenBSD/src ADzWxhRusr.sbin/iscsid vscsi.c

   In the vscsi_callback() handle ISCSI_SCSI_STAT_CHCK_COND more carefully.

   Especially the embedded sense data needs to be extracted respecting the
   real buffer length. Make sure at least 2 bytes are availabe for the lenght
   and also check that the resulting len is not bigger then the buffer
   itself.

   Reported by Frank Denis
   OK deraadt@
VersionDeltaFile
1.19+6-3usr.sbin/iscsid/vscsi.c
+6-31 files

OpenBSD/ports wVPbrxPnet/upterm distinfo modules.inc

   Update to upterm 0.24.0.
VersionDeltaFile
1.4+266-170net/upterm/distinfo
1.4+100-53net/upterm/modules.inc
1.4+1-1net/upterm/Makefile
+367-2243 files

OpenBSD/ports dqG0qplsysutils/unbound_exporter distinfo modules.inc

   Update to unbound_exporter 0.6.0.
VersionDeltaFile
1.3+50-42sysutils/unbound_exporter/distinfo
1.3+15-13sysutils/unbound_exporter/modules.inc
1.3+1-1sysutils/unbound_exporter/Makefile
+66-563 files

OpenBSD/ports 2EZCqGXwww/ungoogled-chromium distinfo Makefile, www/ungoogled-chromium/patches patch-content_browser_renderer_host_render_process_host_impl_cc patch-content_public_common_content_features_cc

   update to 148.0.7778.178
VersionDeltaFile
1.149+6-6www/ungoogled-chromium/distinfo
1.47+3-3www/ungoogled-chromium/patches/patch-content_browser_renderer_host_render_process_host_impl_cc
1.44+2-2www/ungoogled-chromium/patches/patch-content_public_common_content_features_cc
1.231+1-2www/ungoogled-chromium/Makefile
+12-134 files

OpenBSD/ports lefVYCvnet/tor distinfo Makefile

   Update to tor 0.4.9.8

   ok sthen@
VersionDeltaFile
1.143.2.1+2-2net/tor/distinfo
1.178.2.1+1-1net/tor/Makefile
+3-32 files

OpenBSD/src JP4fusRusr.sbin/bgpd rde_rib.c

   Also copy aspa_state and aspa_generation in path_copy() this way
   the linked db copy of the path gets the right ASPA cache data.

   OK tb@
VersionDeltaFile
1.295+4-1usr.sbin/bgpd/rde_rib.c
+4-11 files

OpenBSD/ports cpZnoFCmultimedia/libheif Makefile distinfo, multimedia/libheif/pkg PLIST

   multimedia/libheif: Update to 1.22.0

   From Brad, thanks
VersionDeltaFile
1.24+3-3multimedia/libheif/Makefile
1.16+2-2multimedia/libheif/distinfo
1.11+2-0multimedia/libheif/pkg/PLIST
+7-53 files

OpenBSD/ports 0fMawaHwww/nextcloud/33 distinfo Makefile, www/nextcloud/33/pkg PLIST

   Update nextcloud to 33.0.3
VersionDeltaFile
1.3+755-1,093www/nextcloud/33/pkg/PLIST
1.3+2-2www/nextcloud/33/distinfo
1.3+1-1www/nextcloud/33/Makefile
+758-1,0963 files

OpenBSD/ports 7ISFpK5www/nextcloud/32 distinfo Makefile, www/nextcloud/32/pkg PLIST

   Update nextcloud to 32.0.9
VersionDeltaFile
1.8+517-1,050www/nextcloud/32/pkg/PLIST
1.8+2-2www/nextcloud/32/distinfo
1.10+1-1www/nextcloud/32/Makefile
+520-1,0533 files