OpenBSD/ports ohDZGsDx11/kde-applications/pimcommon Makefile, x11/kde-applications/pimcommon/pkg PLIST

   Unbreak build by updating plist

   Spotted by naddy
VersionDeltaFile
1.17+0-22x11/kde-applications/pimcommon/pkg/PLIST
1.32+2-1x11/kde-applications/pimcommon/Makefile
+2-232 files

OpenBSD/src jBvQJPlusr.bin/sndiod sysex.h

   sndiod: Use chars (instead of uint8_t's) for the MIDI slot name

   No behavior change
VersionDeltaFile
1.4+2-2usr.bin/sndiod/sysex.h
+2-21 files

OpenBSD/ports FNnrqKsx11/kde-plasma/aurorae Makefile

   Add missing dependency on ksvg

   spotted by naddy
VersionDeltaFile
1.7+3-1x11/kde-plasma/aurorae/Makefile
+3-11 files

OpenBSD/src A33Vk70usr.bin/sndiod dev.c

   sndiod: Fix ctl_match() when arg0 == NULL

   No behavior change as sndiod doesn't call ctl_match() with
   arg0 == NULL (yet).
VersionDeltaFile
1.128+2-2usr.bin/sndiod/dev.c
+2-21 files

OpenBSD/src yT3OP8gusr.bin/sndiod sock.c

   sndiod: Log unknown network messages to ease debugging the protocol
VersionDeltaFile
1.57+2-2usr.bin/sndiod/sock.c
+2-21 files

OpenBSD/src N0mwYIMlib/libsndio aucat.c, usr.bin/sndioctl sndioctl.c

   Minor spacing tweak
VersionDeltaFile
1.23+2-2usr.bin/sndioctl/sndioctl.c
1.80+1-2lib/libsndio/aucat.c
+3-42 files

OpenBSD/src Q6RbpC6usr.bin/tmux cmd-list-panes.c cmd-choose-tree.c

   Validate -O flags, from Dane Jensen in GitHub issue 4889.
VersionDeltaFile
1.39+8-1usr.bin/tmux/cmd-list-panes.c
1.53+8-1usr.bin/tmux/cmd-choose-tree.c
1.50+5-1usr.bin/tmux/cmd-list-windows.c
1.41+5-1usr.bin/tmux/cmd-list-buffers.c
1.42+5-1usr.bin/tmux/cmd-list-clients.c
1.72+5-1usr.bin/tmux/cmd-list-keys.c
+36-62 files not shown
+46-88 files

OpenBSD/src gxyhINyusr.bin/tmux file.c

   Fix memory leak, from Chris Lewis, reported by Huihui Huang.
VersionDeltaFile
1.18+2-1usr.bin/tmux/file.c
+2-11 files

OpenBSD/ports e9NjEPzsysutils/terraform distinfo Makefile

   Update to terraform-1.14.6.
VersionDeltaFile
1.134+2-2sysutils/terraform/distinfo
1.149+1-1sysutils/terraform/Makefile
+3-32 files

OpenBSD/ports Qj7lGP7fonts/adwaita-fonts distinfo Makefile

   Update to adwaita-fonts-50.0.
VersionDeltaFile
1.3+2-2fonts/adwaita-fonts/distinfo
1.3+1-1fonts/adwaita-fonts/Makefile
+3-32 files

OpenBSD/ports fCIHANJsysutils/amazon-ssm-agent distinfo Makefile

   Update to amazon-ssm-agent-3.3.3883.0.
VersionDeltaFile
1.164+2-2sysutils/amazon-ssm-agent/distinfo
1.178+1-1sysutils/amazon-ssm-agent/Makefile
+3-32 files

OpenBSD/ports jL5blJlproductivity/libphonenumber distinfo Makefile

   Update to libphonenumber-9.0.25.
VersionDeltaFile
1.81+2-2productivity/libphonenumber/distinfo
1.92+1-1productivity/libphonenumber/Makefile
+3-32 files

OpenBSD/ports vkZ9AD5databases/postgresql distinfo Makefile, databases/postgresql/pkg PLIST-docs

   Update to PostgreSQL 18.3

   Fixes:

   CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory

   CVE-2026-2004: PostgreSQL intarray missing validation of type of input
   to selectivity estimator executes arbitrary code

   CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes
   arbitrary code

   CVE-2026-2006: PostgreSQL missing validation of multibyte character
   length executes arbitrary code

   CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern
   onto server memory

   OK landry@
VersionDeltaFile
1.109+2-2databases/postgresql/distinfo
1.318+1-2databases/postgresql/Makefile
1.122+2-0databases/postgresql/pkg/PLIST-docs
+5-43 files

OpenBSD/src 11RbsOPsys/dev/pci if_ix.c

   ix(4) and ixv(4) can handle 64 bit DMA transfers.

   prodded by Brad Smith; tested by Hrvoje Popovski; OK kettenis@
VersionDeltaFile
1.223+9-9sys/dev/pci/if_ix.c
+9-91 files

OpenBSD/ports dpxsFFldevel/py-icalendar-searcher Makefile distinfo, devel/py-icalendar-searcher/pkg PLIST

   update to py3-icalendar-searcher-1.0.5
VersionDeltaFile
1.2+2-10devel/py-icalendar-searcher/Makefile
1.2+2-2devel/py-icalendar-searcher/distinfo
1.2+3-0devel/py-icalendar-searcher/pkg/PLIST
+7-123 files

OpenBSD/src dD9nIMvsys/dev/acpi acpidmar.c

   Reserve the first MB of the DVA address space because qwx(4) doesn't
   succeed in doing DMA when the DVA is 0x1000 and PCI-PCI bridges may not
   forward address in part of that first MB as well.

   ok chris@
VersionDeltaFile
1.11+12-2sys/dev/acpi/acpidmar.c
+12-21 files

OpenBSD/src e9zQnduusr.sbin/httpd server_http.c

   Error out  on presence of Content-Length and Transfer-Encoding headers
   for GET, HEAD and other methods that should have no body.

   Ignoring the Content-Length header makes httpd vulnerable to
   HTTP request smuggling. A crafted GET request may embed an extra
   HTTP request which could bypass a proxy or WAF but then is handled
   by httpd.

   Remove the special case for TRACE and CONNECT in the Content-Length
   handling. Move those checks into the method switch at the end of the
   header parsing phase and by that also cover more methods including
   GET and HEAD. If either header is present simply abort the connection,
   nobody should send extra data along GET and HEAD requests.

   Add an an explicit HTTP_METHOD_TRACE case above the default case
   to indicated that we deliberately don't handle TRACE requests.

   This security vulnerability was found by Nicola Staller of SySS GmbH.

   With and OK rsadowski@ previous version also OK florian@
VersionDeltaFile
1.159+15-11usr.sbin/httpd/server_http.c
+15-111 files

OpenBSD/ports hXLeUhkdevel/py-virtualenv distinfo Makefile, devel/py-virtualenv/pkg PLIST

   update to py3-virtualenv-21.0.0
VersionDeltaFile
1.60+5-11devel/py-virtualenv/pkg/PLIST
1.58+2-2devel/py-virtualenv/distinfo
1.89+1-1devel/py-virtualenv/Makefile
+8-143 files

OpenBSD/src eCK9N4nsys/dev/ic re.c

   Fix checking of of RL_FLAG_PCIE and accidental clobbering of sc->rl_flags

   confirmed by sthen and kettenis@ "please apply that fix"
VersionDeltaFile
1.222+2-2sys/dev/ic/re.c
+2-21 files

OpenBSD/src pqceev0sbin/unwind parse.y

   enable forced resolvers that aren't in a preference block

   allows a config such as:

       preference { autoconf }
       forwarder { 127.0.0.1 port 5300 }
       force forwarder { local }

   also fix a typo while i'm here

   ok florian
VersionDeltaFile
1.32+3-2sbin/unwind/parse.y
+3-21 files

OpenBSD/ports Q3M0RePwww/anubis distinfo Makefile

   update to anubis-1.25.0
VersionDeltaFile
1.17+2-2www/anubis/distinfo
1.19+1-1www/anubis/Makefile
+3-32 files

OpenBSD/ports kbxi5sZnet/libmaxminddb distinfo Makefile

   update to libmaxminddb0.13.2 (no real change for us)
VersionDeltaFile
1.63+2-2net/libmaxminddb/distinfo
1.77+1-1net/libmaxminddb/Makefile
+3-32 files

OpenBSD/ports Cuqwhh4devel/gdb Makefile, devel/gdb/pkg README PLIST

   Add hints regarding colors etc used by default in recent GDB releases

   so that we can just answer "check the readme" when asked about it. :)
VersionDeltaFile
1.1+15-0devel/gdb/pkg/README
1.102+1-0devel/gdb/Makefile
1.33+1-0devel/gdb/pkg/PLIST
+17-03 files

OpenBSD/ports mSj2qcsdatabases/postgresql Makefile distinfo, databases/postgresql/pkg PLIST-docs

   databases/postgresql: update -stable from 17.7 to 17.9

   fixes CVE-2026-2003, CVE-2026-2004, CVE-2026-2005 & CVE-2026-2006
   see https://www.postgresql.org/docs/release/17.8/
   and https://www.postgresql.org/docs/release/17.9/
   discussed with jeremy@ (MAINTAINER)
VersionDeltaFile
1.311.2.2+2-3databases/postgresql/Makefile
1.106.2.2+2-2databases/postgresql/distinfo
1.119.2.2+2-0databases/postgresql/pkg/PLIST-docs
+6-53 files

OpenBSD/src cKjhDWmregress/sys/uvm/mmap_hint mmap_hint.c

   regress/mmap: Test hints in VM-area edge cases

   Test mmap(2) with hint above VM_MAXUSER_ADDRESS without MAP_FIXED.
   This tests uvm_map.c,v 1.355.

   Also test the lower boundary below PAGE_SIZE.

   ok kettenis@
VersionDeltaFile
1.7+13-2regress/sys/uvm/mmap_hint/mmap_hint.c
+13-21 files

OpenBSD/ports 9e77iimemulators/mame distinfo Makefile, emulators/mame/patches patch-scripts_genie_lua

   Update mame to 0.286.
VersionDeltaFile
1.78+2-2emulators/mame/distinfo
1.100+1-1emulators/mame/Makefile
1.31+1-1emulators/mame/patches/patch-scripts_genie_lua
+4-43 files

OpenBSD/ports j4vDb9Fgeo/gpxsee distinfo Makefile, geo/gpxsee/pkg PLIST

   geo/gpxsee: update to 15.11
VersionDeltaFile
1.46+2-2geo/gpxsee/distinfo
1.48+1-1geo/gpxsee/Makefile
1.14+2-0geo/gpxsee/pkg/PLIST
+5-33 files

OpenBSD/ports N0eDWolmail/p5-MIME-tools distinfo Makefile

   bugfix update to 5.516
VersionDeltaFile
1.20+2-2mail/p5-MIME-tools/distinfo
1.44+2-1mail/p5-MIME-tools/Makefile
+4-32 files

OpenBSD/src jGT51xGusr.bin/tmux input.c

   Do not free buffer after adding to paste (since it now owns it).
VersionDeltaFile
1.253+1-2usr.bin/tmux/input.c
+1-21 files

OpenBSD/ports 2EPqJEsx11/kde kde.port.mk

   Add missing version bump to 6.6.1
VersionDeltaFile
1.83+1-1x11/kde/kde.port.mk
+1-11 files