BSD Commit Log Search

   update to keeperrl 1.3

   Use LOGIN_SETXDGENV in login(1)

   Makes XDG_TUNTIME_DIR usable from text consoles.
   "makes sense to me" landry@, ok matthieu@ robert@

   update to fheroes2 1.1.12

   Update to gnome-control-center-49.2.1.

   Update to libproxy-0.5.12.

   Add missing GZIP_STATIC flag to SRVFLAG_BITS macro

   GZIP_STATIC flag at position \33 was missing from the debug string.

   Also correct the truncated PATH_REWRITE/NO_PATH_REWRITE flag names.
   The PATH_REWRITE and NO_PATH_REWRITE flag names were truncated to
   PATH and NO_PATH in the SRVFLAG_BITS string definition.

   OK kirill@ deraadt@

   Fix incomplete mitigation of CVE-2025-11411 by applying the non-test part of
   https://nlnetlabs.nl/downloads/unbound/patch_CVE-2025-11411_2_wtests.diff

   This extends the previous fix by also scrubbing unsolicited NS RRSets (and
   their respective address records) for YXDOMAIN and nodata non-referral answers.

   replace c-client's hand-rolled certificate checker with code to use
   SSL_set1_host based on debian's 1006_openssl1.1_autoverify.patch

   found with asterisk's imap voicemail code, which was whining about
   a letsencrypt certificate generated with 'profile tlsserver' (these
   don't include CN).

   help/ok tb@

   update to 21.1.6

   update to 0.72.1

   Add license and rcs header.

   ok tb

   Hook up wayland/cagebreak

   ok matthieu@

   Initial revision

   Update mattermost 11.1.0 -> 11.1.1
   Changelog: https://docs.mattermost.com/product-overview/mattermost-v11-changelog.html

   vmd(8): Use 32-bit direct kernel launch for both amd64 and i386

   When bootet by /boot (or EFI boot loaders) both amd64 and i386
   kernel start in a 32-bit mode.

   When launching kernel directly (vmctl start -b <path>) vmd(8)
   configures a flat 64-bit register set as default register set.  The
   GDT provides a 32-bit flat code segment.

   For the i386 kernel the default register set is reconfigured to
   32-bit legacy mode; paging is enabled and uses 4 Mb pages.  This
   is different to i386 being bootet by /boot.  /boot launches the
   i386 kernel with paging disabled.

   The amd64 kernel uses the default register set, i.e. long mode is
   enabled in EFER.  However, it uses the 32-bit code segment of the
   GDT.  Thus ther kernel is effectively running in 32-bit compatibility
   mode.


    [15 lines not shown]

   Don't use libatomic.

   Update to cargo-insta 1.44.2

   https://github.com/mitsuhiko/insta/releases/tag/1.44.2

   Update to d-spy-49.2.

   Update to libnice-0.1.23.

   Implement appl_sysuptime() in favour of smi_getticks().
   appl_sysuptime() uses CLOCK_MONOTONIC instead of gettimeofday(), works
   on a per context basis as per RFC2741, and puts it in a sane namespace.

   Makes sense to tb@
   OK jmatthew@

   tweak make "magic variables" handling

   The idea is that it's shorter to special-case ${@D} and the likes
   (two characters variables ending in D or F) instead of having a weird
   idx encoding.

   Cons:
   - this yields an extra "ext" parameter to classify_var
   Pros:
   - the weird index encoding vanishes
   - no need for special treatment if we add more similar variables.
   - drastically reduces the size of the switch (and the modulo shrinks from
   82 to 36)
   - code will recognize constructs like ${?D} and ${?F}, which puts us in
   line with FreeBSD and NetBSD bmake, and also with gnu make.

   from espie

   geo/pdal: update to 2.9.3.

   see https://github.com/PDAL/PDAL/releases/tag/2.9.3

   databases/pgbouncer: update to 1.25.0.

   see https://www.pgbouncer.org/changelog.html#pgbouncer-125x
   maintainer timeout

   security/rnp: MFC security update to 0.18.1.

   - see https://github.com/rnpgp/rnp/releases/tag/v0.18.1
   - fixes CVE-2025-13470, CVE-2025-13402

   security/rnp: security update to 0.18.1

   - see https://github.com/rnpgp/rnp/releases/tag/v0.18.1
   - fixes CVE-2025-13470, CVE-2025-13402

   wayland/swayimg: update to 4.6.

   openssl cms: switch to ASN1_STRING_get0_data()

   The deprecated ASN1_STRING_data() will be removed in a future release.
   This is one small step towards that.

   ok kenjiro

   openssl pkcs12: stop reaching into ASN1_STRING

   Buy a t: rename hex_prin() to hex_print() and accept an ASN1_STRING so that
   we only need to use accessors once. Also avoid a printf %s NULL.

   ok kenjiro

   openssl ca: mechanical change to stop reaching into ASN1_STRING

   ok kenjiro

   openssl asn1pars: don't reach into ASN1_STRING

   ok kenjiro