BSD Commit Log Search

   Update shotcut to 26.6.25

   From Josh Grosse (maintainer)

   restrict IMSG_CTL_PROCFD to parent and check process id/instance

   IMSG_CTL_PROCFD messages contain a destination process id and instance
   number that were used to index internal arrays before being checked.
   A child sending bad imsgs could cause out-of-bounds reads or
   writes.

   Check for a missing fd, a bad process id, or an out-of-range instance
   before any array is indexed.  Also reject IMSG_CTL_PROCFD that does not
   come from the parent.

   from Andrew Griffiths, diff by martijn@ and myself, ok martijn@

   Switch the default TLS cipher set from "compat" to "secure"

   The "secure" keyword only allows TLSv1.3 and the TLSv1.2 AEAD ciphers
   that have forward secrecy (ECDHE/DHE).  See tls_config_set_ciphers(3)
   for details.  This is stricter than "HIGH:!aNULL" and drops older
   ciphers without AEAD or forward secrecy.

   Also update the ciphers text in httpd.conf.5 with the clearer wording
   from smtpd.conf.5.

   Old peers that need these older ciphers may no longer connect.

   idea from Mischa, ok kirill@ ok tb@

   Switch the default TLS cipher set from "HIGH:!aNULL" to "secure"

   The "secure" keyword only allows TLSv1.3 and the TLSv1.2 AEAD ciphers
   that have forward secrecy (ECDHE/DHE).  See tls_config_set_ciphers(3)
   for details.  This is stricter than "HIGH:!aNULL" and drops older
   ciphers without AEAD or forward secrecy.

   Also update the ciphers text in relayd.conf.5 with the clearer wording
   from smtpd.conf.5.

   Old peers that need these older ciphers may no longer connect.

   idea from Mischa, ok kirill@ ok tb@

   Remove duplicate entries

   update vegastrike to 0.9.1

   ok pascal@ (MAINTAINER)

   Do not load IGMP analyser to unbreak service startup

   8.2.0 gained support for this protocol, but our package cannot use it
   due to lack of Spicy.

   Reported by Jean-Philippe L.

   Revert the -fno-omit-frame-pointer change (including the clang only
   -mno-omit-leaf-frame-pointer). Committed by accident.
   Noticed because of commit from miod@

   Update font-awesome to 7.3.0

   Remove LD, CXX and C flags that are no longer required

   Remove CXX flag that is no longer required

   Remove LD, CXX and C flags that are no longer required

   Remove LD, CXX and C flags that are no longer required

   Remove LD, CXX and C flags that are no longer required

   Remove LD, CXX and C flags that are no longer required

   update xmlwf to expat 2.8.2

   Update libexpat to version 2.8.2.

   Relevant for OpenBSD are security fixes #1246 #1267 #1272 #1229
   #1232 #1249 #1251 #1255 #1262 #565 #1278, other changes #1283 #565
   #1220 #1221 #1222 #1224 #1226 #1228 #1230 #1238 #1239 #1240 #1241
   #1242 #1243 #1243 #1247 #1248 #1256 #1258 #1261 #1275.
   Library bump is not necessary.
   CVE-2026-50219 CVE-2026-56131 CVE-2026-56132 CVE-2026-56403
   CVE-2026-56404 CVE-2026-56405 CVE-2026-56406 CVE-2026-56407
   CVE-2026-56408 CVE-2026-56409 CVE-2026-56410 CVE-2026-56411
   CVE-2026-56412

   OK tb@

   Trivial check for freeaddrinfo(NULL)

   Ansify usage()

   While here drop pointless declaration for main()

   Add build/run dependency on QML devel/kf6/kdeclarative

   Spotted by naddy

   K&R -> ANSI

   Revert rev 1.68 as it breaks resolution of literal IP addresses

   Reported by matthieu@

   sysutils/colorls: sync with OpenBSD 7.9

   security/badkeys: update to 0.0.19

   Add missing builld dependency

   Spotted by naddy

   audio/ncspot: update to 1.3.4

   security: hook blake3 up to the build

   security/blake3: import blake3

   ok sthen@

   update to py3-numpy-2.5.0, ok tb

   missing BDEP on boost, found by tb@