OpenBSD/src Ciiy4eJsys/dev softraid_crypto.c

by asou on ⎇
   Always close the device.

   ok yasuoka
VersionDeltaFile
1.147+2-4sys/dev/softraid_crypto.c
+2-41 files

OpenBSD/ports io7L54Glang/verilator Makefile distinfo, lang/verilator/patches patch-bin_verilator patch-test_regress_driver_py

by chris on ⎇
   Update to Verilator 5.044

   Correctness from sthen@

   ok sthen@
VersionDeltaFile
1.9+101-14lang/verilator/pkg/PLIST
1.1+30-0lang/verilator/patches/patch-bin_verilator
1.1+30-0lang/verilator/patches/patch-test_regress_driver_py
1.21+18-8lang/verilator/Makefile
1.8+2-2lang/verilator/distinfo
1.3+0-0lang/verilator/patches/patch-src_verilog_y
+181-244 files not shown
+181-2410 files

OpenBSD/src cXqN5kAsys/uvm uvm_meter.c uvmexp.h, usr.bin/systat uvm.c

by deraadt on ⎇
   Reuse an unused field in uvmexp, and introduce swpskip.  In the near
   future, this will count how many times pages are not sent to swap
   because the pagedaemon detects the swap system won't be able to deliver
   results (and toss the cluster of pages back)
   ok beck
VersionDeltaFile
1.13+8-8usr.bin/systat/uvm.c
1.56+3-3sys/uvm/uvm_meter.c
1.26+2-3sys/uvm/uvmexp.h
+13-143 files

OpenBSD/src RlZeT5wusr.bin/systat engine.c

by deraadt on ⎇
   The uvm display abuses the FLD subsystem with a set of empty labels,
   which results in an extra blank line. Work around this by noticing all
   the labels are empty and not doing a newline.
VersionDeltaFile
1.31+6-2usr.bin/systat/engine.c
+6-21 files

OpenBSD/ports bOArSc5lang/ghc distinfo

by gnezdo on ⎇
   Fix up distinfo size mismatch in lang/ghc (sha256 was OK)

   Noted by naddy@
VersionDeltaFile
1.83+1-1lang/ghc/distinfo
+1-11 files

OpenBSD/src 9dg8qwZusr.bin/ssh ssh-agent.c ssh.c

by jsg on ⎇
   remove duplicate includes; ok dtucker@
VersionDeltaFile
1.319+1-2usr.bin/ssh/ssh-agent.c
1.626+1-2usr.bin/ssh/ssh.c
1.37+1-2usr.bin/ssh/sshlogin.c
+3-63 files

OpenBSD/src eUSxWeRsys/dev/ic qwx.c

by jsg on ⎇
   correct bounds check on number of memory segments
   found with smatch, feedback and ok stsp@
VersionDeltaFile
1.99+2-3sys/dev/ic/qwx.c
+2-31 files

OpenBSD/src FdTMiGiusr.sbin/rpki-client rpki-asn1.h

by jsg on ⎇
   update extern for renamed variable

   EncapContentInfo_it was renamed to ContentInfo_it in ccr.c rev 1.31
   ok claudio@
VersionDeltaFile
1.13+2-2usr.sbin/rpki-client/rpki-asn1.h
+2-21 files

OpenBSD/ports BTuGds6productivity/khal Makefile distinfo, productivity/khal/patches patch-khal_ui_calendarwidget_py patch-khal_ui_editor_py

by sthen on ⎇
   update to khal-0.13.0, ok jung@
   drop jung as maintainer as he requested
VersionDeltaFile
1.11+15-2productivity/khal/pkg/PLIST
1.27+3-7productivity/khal/Makefile
1.10+2-2productivity/khal/distinfo
1.2+0-0productivity/khal/patches/patch-khal_ui_calendarwidget_py
1.2+0-0productivity/khal/patches/patch-khal_ui_editor_py
1.2+0-0productivity/khal/patches/patch-khal_ui_widgets_py
+20-116 files

OpenBSD/ports 3IC8TVKnet/p5-Net-DNS-SEC distinfo Makefile

by bluhm on ⎇
   update p5-Net-DNS-SEC to 1.27
VersionDeltaFile
1.35+4-4net/p5-Net-DNS-SEC/distinfo
1.49+1-1net/p5-Net-DNS-SEC/Makefile
+5-52 files

OpenBSD/ports bmXcI8Ysecurity/polarssl Makefile distinfo, security/polarssl/patches patch-library_timing_c patch-CMakeLists_txt

by jca on ⎇
   MFC: SECURITY update to mbedtls-2.28.10

   Update to the last release in the now unsupported 2.28 LTS branch.

   - Buffer overread in TLS stream cipher suites
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/
   - Timing side channel in private key RSA operations.
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
   - Buffer overflow in mbedtls_x509_set_extension()
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
   - Insecure handling of shared memory in PSA Crypto APIs
   https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
   - CTR_DRBG prioritized over HMAC_DRBG as the PSA DRBG
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
   - Potential authentication bypass in TLS handshake
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
   - TLS clients may unwittingly skip server authentication
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
VersionDeltaFile
1.1.16.1+16-10security/polarssl/patches/patch-library_timing_c
1.20.16.1+24-0security/polarssl/pkg/PLIST
1.50.4.1+7-8security/polarssl/Makefile
1.12.16.1+3-3security/polarssl/patches/patch-CMakeLists_txt
1.16.16.1+3-3security/polarssl/patches/patch-include_mbedtls_config_h
1.32.16.1+2-2security/polarssl/distinfo
+55-266 files

OpenBSD/ports MCjsnBJsecurity/polarssl Makefile distinfo, security/polarssl/patches patch-library_timing_c patch-include_mbedtls_config_h

by jca on ⎇
   SECURITY update to mbedtls-2.28.10

   Update to the last release in the now unsupported 2.28 LTS branch.

   - Buffer overread in TLS stream cipher suites
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2023-10-1/
   - Timing side channel in private key RSA operations.
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/
   - Buffer overflow in mbedtls_x509_set_extension()
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/
   - Insecure handling of shared memory in PSA Crypto APIs
   https://github.com/Mbed-TLS/mbedtls-docs/blob/main/security-advisories/mbedtls-security-advisory-2024-03.md
   - CTR_DRBG prioritized over HMAC_DRBG as the PSA DRBG
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-08-1/
   - Potential authentication bypass in TLS handshake
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-2/
   - TLS clients may unwittingly skip server authentication
   https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-03-1/
VersionDeltaFile
1.2+16-10security/polarssl/patches/patch-library_timing_c
1.21+24-0security/polarssl/pkg/PLIST
1.53+5-6security/polarssl/Makefile
1.17+3-3security/polarssl/patches/patch-include_mbedtls_config_h
1.13+3-3security/polarssl/patches/patch-CMakeLists_txt
1.33+2-2security/polarssl/distinfo
+53-246 files

OpenBSD/ports LwvpIbXnet/p5-Net-DNS distinfo Makefile, net/p5-Net-DNS/pkg PLIST

by bluhm on ⎇
   update p5-Net-DNS-1.54
VersionDeltaFile
1.90+4-4net/p5-Net-DNS/distinfo
1.116+1-1net/p5-Net-DNS/Makefile
1.39+2-0net/p5-Net-DNS/pkg/PLIST
+7-53 files

OpenBSD/ports KPSTI1umisc/llama.cpp Makefile distinfo

by kirill on ⎇
   misc/llama.cpp: update to b8067

   OK: volker@
VersionDeltaFile
1.16+5-3misc/llama.cpp/Makefile
1.9+2-2misc/llama.cpp/distinfo
+7-52 files

OpenBSD/ports p5Yyi8hdevel/libggml Makefile distinfo, devel/libggml/patches patch-CMakeLists_txt patch-src_ggml-backend-reg_cpp

by kirill on ⎇
   devel/libggml: update to 0.9.7

   OK: volker@
VersionDeltaFile
1.8+3-4devel/libggml/Makefile
1.6+2-2devel/libggml/distinfo
1.3+1-1devel/libggml/patches/patch-CMakeLists_txt
1.4+1-1devel/libggml/patches/patch-src_ggml-backend-reg_cpp
+7-84 files

OpenBSD/ports PEIKf6Oarchivers/zpaqfranz distinfo Makefile

by kirill on ⎇
   Update zpaqfranz to 64.5

   From maintainer tux0r, thanks!
VersionDeltaFile
1.37+2-2archivers/zpaqfranz/distinfo
1.40+1-1archivers/zpaqfranz/Makefile
+3-32 files

OpenBSD/ports cWwykoitextproc/pastel distinfo crates.inc

by volker on ⎇
   textproc/pastel: Update to 0.12.0
VersionDeltaFile
1.4+16-22textproc/pastel/distinfo
1.4+7-10textproc/pastel/crates.inc
1.5+1-1textproc/pastel/Makefile
+24-333 files

OpenBSD/ports 6g101ivtextproc/hexyl distinfo crates.inc

by volker on ⎇
   textproc/hexyl: Update to 0.17.0
VersionDeltaFile
1.6+6-6textproc/hexyl/distinfo
1.5+2-2textproc/hexyl/crates.inc
1.7+1-2textproc/hexyl/Makefile
+9-103 files

OpenBSD/ports cPRhwJBx11/kde-applications/audiocd-kio Makefile, x11/kde-applications/audiocd-kio/pkg PLIST

by ajacoutot on ⎇
   Regen PLIST to unbreak.
VersionDeltaFile
1.25+14-13x11/kde-applications/audiocd-kio/pkg/PLIST
1.26+1-0x11/kde-applications/audiocd-kio/Makefile
+15-132 files

OpenBSD/ports wl9wfUrmath/kst Makefile

by ajacoutot on ⎇
   Move MODCMAKE_POLICY_VERSION_OVERRIDE where it belongs.
VersionDeltaFile
1.47+3-5math/kst/Makefile
+3-51 files

OpenBSD/ports zGTFrWssecurity/nss distinfo Makefile

by landry on ⎇
   security/nss: update to 3.120.1

   Bug 2009552 - avoid integer overflow in platform-independent ghash
VersionDeltaFile
1.167+2-2security/nss/distinfo
1.208+1-1security/nss/Makefile
+3-32 files

OpenBSD/ports lvLy66Zwayland/wf-recorder distinfo Makefile, wayland/wf-recorder/patches patch-src_main_cpp patch-src_frame-writer_cpp

by tobhe on ⎇
   wayland/wf-recorder: update to 0.6.0

   see https://github.com/ammen99/wf-recorder/releases/tag/v0.6.0
VersionDeltaFile
1.2+0-28wayland/wf-recorder/patches/patch-src_main_cpp
1.2+4-0wayland/wf-recorder/pkg/PLIST
1.2+2-2wayland/wf-recorder/distinfo
1.4+1-1wayland/wf-recorder/Makefile
1.2+0-0wayland/wf-recorder/patches/patch-src_frame-writer_cpp
+7-315 files

OpenBSD/ports JysLx9Mdevel/visualvm Makefile, devel/visualvm/pkg PLIST

by kirill on ⎇
   devel/visualvm: remove deployed with precompiled rubbish

   noticed by ian@
VersionDeltaFile
1.5+0-45devel/visualvm/pkg/PLIST
1.6+2-0devel/visualvm/Makefile
+2-452 files

OpenBSD/ports Q2mjcJUsysutils Makefile

by ajacoutot on ⎇
   +gemini-cli
VersionDeltaFile
1.774+1-0sysutils/Makefile
+1-01 files

OpenBSD/ports iV9JAGHsysutils/gemini-cli Makefile distinfo, sysutils/gemini-cli/pkg PLIST DESCR

by ajacoutot on ⎇🏷
   Initial revision
VersionDeltaFile
1.1+29,699-0sysutils/gemini-cli/pkg/PLIST
1.1+70-0sysutils/gemini-cli/Makefile
1.1+9-0sysutils/gemini-cli/pkg/DESCR
1.1+2-0sysutils/gemini-cli/distinfo
1.1.1.1+0-0sysutils/gemini-cli/pkg/PLIST
1.1.1.1+0-0sysutils/gemini-cli/distinfo
+29,780-02 files not shown
+29,780-08 files

OpenBSD/src ZAZ3NiRsys/arch/amd64/amd64 trap.c

by hshoexer on ⎇
   Handle VMMCALL in vctrap()

   When SEV guest userland issues a vmmcall instruction, a #VC exception
   with code SVM_VMEXIT_VMMCALL will be raised in the guest kernel.
   For now we do not allow vmmcalls from guest userland, thus terminate
   the userland process with SIGILL.

   This is similar to the non-SEV case.

   ok mlarkin@
VersionDeltaFile
1.117+9-1sys/arch/amd64/amd64/trap.c
+9-11 files

OpenBSD/src WqdEGxnsys/arch/amd64/amd64 vmm_machdep.c

by hshoexer on ⎇
   vmm(4): Ignore VMGEXIT request and inject #UD

   SEV guest userland processes are allowed to issue the vmgexit
   instruction.  However, guest userland has no access to the GHCB.

   VMEXITs with exit reason SVM_VMEXIT_VMGEXIT initiated by the guest
   kernel will always provide a valid GHCB request.

   Moreover, as the guest kernel makes sure, that the GHCB contains
   no request when guest userland is running, a rouge guest userland
   process can only force repeated VMEXITs with an empty GHCB.

   Therefore, in vmm(4)'s vmgexit handler inject #UD when the exit
   reason is not updated with data from the GHCB and stays on
   SVM_VMEXIT_VMGEXIT.

   ok mlarkin@
VersionDeltaFile
1.72+4-1sys/arch/amd64/amd64/vmm_machdep.c
+4-11 files

OpenBSD/src JrRbDu1sys/arch/amd64/amd64 ghcb.c vmm_machdep.c, sys/arch/amd64/include ghcb.h

by hshoexer on ⎇
   vmm(4): Check for and allow empty GHCB; only clear valid bitmap

   The GHCB valid bitmap indicates wether the GHCB contains a request
   or not.  When no bits are set, ignore the GHCB and do not sync with
   vCPU state.

   To clear/invalidate the GHCB just zero out the valid bitmap instead
   of the full GHCB.

   ok mlarkin@
VersionDeltaFile
1.8+19-3sys/arch/amd64/amd64/ghcb.c
1.71+3-1sys/arch/amd64/amd64/vmm_machdep.c
1.7+2-1sys/arch/amd64/include/ghcb.h
+24-53 files

OpenBSD/ports riVWv9jmail/mozilla-thunderbird distinfo Makefile

by landry on ⎇
   mail/mozilla-thunderbird: MFC security update to 140.7.2.

   see https://www.thunderbird.net/en-US/thunderbird/140.7.2esr/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
   CVE-2026-2447: Heap buffer overflow in libvpx
VersionDeltaFile
1.301.2.6+2-2mail/mozilla-thunderbird/distinfo
1.513.2.6+1-1mail/mozilla-thunderbird/Makefile
+3-32 files

OpenBSD/ports CkrktfQwww/mozilla-firefox distinfo Makefile

by landry on ⎇
   www/mozilla-firefox: security update to 147.0.4

   see https://www.firefox.com/en-US/firefox/147.0.4/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-10/
   CVE-2026-2447: Heap buffer overflow in libvpx
VersionDeltaFile
1.378.2.12+2-2www/mozilla-firefox/distinfo
1.651.2.14+1-1www/mozilla-firefox/Makefile
+3-32 files