OpenBSD/src n33vN1ssys/nfs nfs_vnops.c nfs_var.h

   change nfs_ioctl() from a macro with enoioctl() to a proper function
   this was the only use of enoioctl()
   ok claudio@
VersionDeltaFile
1.210+8-1sys/nfs/nfs_vnops.c
1.67+1-3sys/nfs/nfs_var.h
+9-42 files

OpenBSD/ports BlRZ4yinet/librenms Makefile distinfo, net/librenms/patches patch-app_ConfigRepository_php patch-LibreNMS___init___py

   MFC update to librenms-26.4.0
VersionDeltaFile
1.212.2.2+23-17net/librenms/Makefile
1.144.2.2+4-4net/librenms/distinfo
1.2.2.2+3-3net/librenms/patches/patch-app_ConfigRepository_php
1.3.2.1+2-2net/librenms/patches/patch-LibreNMS___init___py
1.3.2.2+1-1net/librenms/patches/patch-resources_definitions_config_definitions_json
1.19.2.1+0-0net/librenms/pkg/README
+33-277 files not shown
+33-2713 files

OpenBSD/ports KYj9wgbnet/librenms distinfo Makefile, net/librenms/pkg PLIST-main PLIST-doc

   update to librenms-26.4.0, ok naddy

   includes fix for cross-site scripting in alert template list, and adds
   missing escaping for a few cli commands etc

   https://github.com/librenms/librenms/releases/tag/26.4.0
VersionDeltaFile
1.2+563-278net/librenms/pkg/PLIST-main
1.152+4-4net/librenms/distinfo
1.2+7-0net/librenms/pkg/PLIST-doc
1.223+3-1net/librenms/Makefile
+577-2834 files

OpenBSD/src ZvKzNh9regress/lib/libcrypto/wycheproof wycheproof.go

   wycheproof: skip BLS test vectors to prepare for update
VersionDeltaFile
1.202+3-1regress/lib/libcrypto/wycheproof/wycheproof.go
+3-11 files

OpenBSD/src RzBXIQtsys/arch/octeon/dev if_cnmac.c

   sys/cnmac: support SoftLRO

   This work based on previous work of Janne Johansson

   OK: visa@
VersionDeltaFile
1.87+27-2sys/arch/octeon/dev/if_cnmac.c
+27-21 files

OpenBSD/ports Mo3fJJFaudio/csound Makefile

   disable pipewire

   ok naddy@
VersionDeltaFile
1.6+1-0audio/csound/Makefile
+1-01 files

OpenBSD/src UigZNv0share/man/man4 openprom.4

   Mention powerpc64 and riscv64 support
VersionDeltaFile
1.3+8-4share/man/man4/openprom.4
+8-41 files

OpenBSD/src NC7HMFkshare/man/man4 iic.4

   Mention smtiic(4)
VersionDeltaFile
1.136+5-2share/man/man4/iic.4
+5-21 files

OpenBSD/src DbOsQ6Gshare/man/man4 gpio.4

   Mention sfgpio(4) and smtgpio(4)
VersionDeltaFile
1.30+4-2share/man/man4/gpio.4
+4-21 files

OpenBSD/src 4GOlCRDsys/arch/octeon/dev octpcie.c

   sys/octeon: fix PCIe config tag layout

   Octeon PCIe config-space MMIO uses a 12-bit register field; function,
   device, and bus begin at bits 12, 15, and 20.

   octpcie_make_tag() and octpcie_decompose_tag() used the conventional PCI
   tag layout instead, so config accesses to non-zero device or function
   numbers used the wrong MMIO offset.

   On SRX300 this breaks enumeration of the second Broadcom switch function
   at 0:0:1, which reads back garbage until the tag layout is corrected.

   OK: kettenis@, visa@
VersionDeltaFile
1.3+5-5sys/arch/octeon/dev/octpcie.c
+5-51 files

OpenBSD/src 73BzYuUsys/netinet tcp_input.c

   A packet with a FIN flag needs to act as a barrier in tcp_flush_queue.

   Once a FIN packet is received all following data should simply be
   discarded.  tcp_input handels this FIN but for that tcp_reass() needs
   to properly return TH_FIN when a FIN is processed in tcp_flush_queue.
   This reassembly was not quite correct. Unexpected data directly following
   the FIN packet was also reassembled and the FIN was actually lost.

   The failure to return TH_FIN caused the regression in the previous fix.
   tcp_input() passes some FIN packets through reassembly even though they
   are in sequence and the queue is empty.

   tcp_flush_queue() needs to treat packets with TH_FIN set as a barrier
   and stop reassembly after processing this last packet. This ensures that
   tcp_reass() returns TH_FIN to tcp_input which then changes the state of
   the session. It also ensures that only data up to the FIN packet are
   passed to userland.

   Reported by Xint Code
   OK sashan@
VersionDeltaFile
1.468+2-2sys/netinet/tcp_input.c
+2-21 files

OpenBSD/src VadSK19sys/kern subr_xxx.c, sys/sys systm.h

   the enosys() stub has not been used for decades
   ok jsg jca
VersionDeltaFile
1.19+1-13sys/kern/subr_xxx.c
1.178+1-2sys/sys/systm.h
+2-152 files

OpenBSD/src L9aleXiusr.sbin/rad frontend.c

   Fix PREF64 option corruption if DNSSL is also set

   On octeon (but not amd64) setting both a NAT64 prefix and a search domain
   causes the former ICMPv6 option to be corrupted due to how it is added last
   in the Router Advertisement packet, following too much zero padding.

   Bytes after the DNSSL option are zeroed up the next 8-byte boundary to
   align options inside the packet.

   Instead of checking alignment of the pointer address somewhere inside the
   packet buffer that lives on the stack, which is thus architecture specific,
   use their offset, i.e. see how many bytes were already written, in order to
   zero-fill what is left between last search domain and next 8-byte boundary.

   This makes RAs byte-identical between octeon and amd64 and prevents rad(8)
   from sending the kind of invalid packets that clients like slaacd(8) and
   gelatod(8) (from ports) need 029_v6daemons for.

   OK florian
VersionDeltaFile
1.58+2-2usr.sbin/rad/frontend.c
+2-21 files

OpenBSD/src AnYdFoPdistrib/sets/lists/comp md.loongson

   sync
VersionDeltaFile
1.56+0-2distrib/sets/lists/comp/md.loongson
+0-21 files

OpenBSD/xenocara SLyFevo. MODULES 3RDPARTY

   update
VersionDeltaFile
1.557+10-10MODULES
1.463+3-33RDPARTY
+13-132 files

OpenBSD/src duqrh1Tlibexec/spamd spamd.c

   Fix handing of multi-line blacklist error strings in spamd.conf

   When appending the blacklist error string, spamd splits the message
   on a newline and continues the message on a new line.  There was
   a bug where the current pointer was incremented too far, which
   resulted in the message being truncated at the newline instead
   of continued.

   For very long blacklist messages (around 8K) in spamd.conf, this
   could result in heap corruption.  However, this is very unlikely
   in practice.

   OK jsg@

   Reported by and fix from Dhiraj Mishra
VersionDeltaFile
1.165+9-9libexec/spamd/spamd.c
+9-91 files

OpenBSD/xenocara 3dLySKBlib/libpng ANNOUNCE configure, lib/libpng/contrib/libtests pnggetset.c

   update to libpng 1.6.58. ok deraadt@
VersionDeltaFile
1.2+223-9lib/libpng/contrib/libtests/pnggetset.c
1.8+11-16lib/libpng/ANNOUNCE
1.9+12-12lib/libpng/configure
1.8+8-12lib/libpng/pngrtran.c
1.8+7-7lib/libpng/png.h
1.8+7-0lib/libpng/CHANGES
+268-5614 files not shown
+287-7720 files

OpenBSD/src RxsyQouusr.sbin/ntpd ntpd.c

   newer gcc is so smart to point out that settime_deadline may be used
   uninitialized. of course it is wrong. sprinkle a "= 0" to shut it up.
   pointed out by bcook, discussed with, gcc confronted by and ok claudio bcook
VersionDeltaFile
1.144+2-2usr.sbin/ntpd/ntpd.c
+2-21 files

OpenBSD/src bGMTOTZusr.sbin/ntpd ntp.c

   newer gcc thinks it's smart (do they call it AI yet?) and points out
   peercount may be used unitialized. of course it is utterly wrong.
   move peercount = 0 initialization 2 lines up to shut gcc up
   pointed out by bcook, dicussed with, gcc-checked by and ok bcook claudio
VersionDeltaFile
1.182+2-2usr.sbin/ntpd/ntp.c
+2-21 files

OpenBSD/src YWSUdS3usr.sbin/ntpd control.c

   in control_check(), rename struct sockaddr_un sun to sa - for consistency
   with control_init() just underneath, and because "sun" causes problems for
   portable on solaris
   pretty much from bcook's portable repo, but another name, ok bcook
VersionDeltaFile
1.28+6-6usr.sbin/ntpd/control.c
+6-61 files

OpenBSD/xenocara w8cAy9elib/libXpm/src parse.c data.c

   Fix Out-of-bounds read. CVE-2026-4367
   from matthieu@

   this is errata/7.7/038_libxpm.patch.sig
VersionDeltaFile
1.9.2.1+3-1lib/libXpm/src/parse.c
1.6.4.1+3-0lib/libXpm/src/data.c
+6-12 files

OpenBSD/xenocara 6UdLQdDlib/libXpm/src parse.c data.c

   Fix Out-of-bounds read. CVE-2026-4367
   from matthieu@

   this is errata/7.8/032_libxpm.patch.sig
VersionDeltaFile
1.9.10.1+3-1lib/libXpm/src/parse.c
1.6.10.1+3-0lib/libXpm/src/data.c
+6-12 files

OpenBSD/ports iNy1Khkwww/mozilla-firefox Makefile distinfo, www/mozilla-firefox/patches patch-security_nss_lib_nss_nss_h patch-security_manager_ssl_nsNSSCallbacks_cpp

   www/mozilla-firefox: MFC update to 150.0.

   see https://www.firefox.com/en-US/firefox/150.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/
VersionDeltaFile
1.1.4.6+6-4www/mozilla-firefox/patches/patch-security_nss_lib_nss_nss_h
1.651.2.20+4-1www/mozilla-firefox/Makefile
1.378.2.17+2-2www/mozilla-firefox/distinfo
1.1.6.2+1-1www/mozilla-firefox/patches/patch-security_manager_ssl_nsNSSCallbacks_cpp
+13-84 files

OpenBSD/ports u6OTGzxwww/firefox-esr distinfo Makefile

   www/firefox-esr: MFC update to 140.10.0.

   see https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/
VersionDeltaFile
1.171.2.9+2-2www/firefox-esr/distinfo
1.258.2.9+1-1www/firefox-esr/Makefile
+3-32 files

OpenBSD/ports 9PRhrOXwww/firefox-esr distinfo Makefile, www/firefox-esr-i18n distinfo Makefile.inc

   www/firefox-esr: update to 140.10.0.

   see https://www.firefox.com/en-US/firefox/140.10.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-32/

   ok naddy@
VersionDeltaFile
1.177+162-162www/firefox-esr-i18n/distinfo
1.180+4-4www/firefox-esr/distinfo
1.270+2-3www/firefox-esr/Makefile
1.189+1-1www/firefox-esr-i18n/Makefile.inc
+169-1704 files

OpenBSD/ports DF4cLYswww/firefox-i18n distinfo Makefile.inc, www/mozilla-firefox Makefile distinfo

   www/mozilla-firefox: update to 150.0.

   see https://www.firefox.com/en-US/firefox/150.0/releasenotes/
   fixes https://www.mozilla.org/en-US/security/advisories/mfsa2026-30/

   - disable PGO again, fixes wasm crashes seen with element-web (cf #2030583)
   - will need to move to llvm 21 or patch llvm 19 to reenable PGO
   - add workaround to avoid fetching some pip wheels during configure
     (#2026497), another workaround would be to move to ./mach configure ?

   ok naddy@
VersionDeltaFile
1.384+164-164www/firefox-i18n/distinfo
1.2+4-4www/mozilla-firefox/patches/patch-widget_NativeKeyToDOMCodeName_inc
1.680+4-4www/mozilla-firefox/Makefile
1.397+2-4www/mozilla-firefox/distinfo
1.339+1-1www/firefox-i18n/Makefile.inc
+175-1775 files

OpenBSD/xenocara XmE5GG0lib/libXpm/src parse.c data.c

   Fix Out-of-bounds read. CVE-2026-4367
VersionDeltaFile
1.11+3-1lib/libXpm/src/parse.c
1.7+3-0lib/libXpm/src/data.c
+6-12 files

OpenBSD/src FCC8LIhusr.sbin/ntpd ntp_dns.c

   we use clock_gettime() here and thus shall explicitely include time.h
   from bcook's portable repo, ok bcook
VersionDeltaFile
1.37+2-1usr.sbin/ntpd/ntp_dns.c
+2-11 files

OpenBSD/ports B9odY8Vdevel/opendht Makefile

   avoid picking up doxygen during build, to avoid build failure with dpb junking
   requested by naddy
VersionDeltaFile
1.2+2-5devel/opendht/Makefile
+2-51 files

OpenBSD/src pjyDuyvsys/dev/ic qwz.c

   Enable nwid scanning by doing two things:

   1. Disable the 802.11d scanning command for now, since it causes a firmware
      error for which we currently have no solution.  This isn't a critical
      feature, and we can progress without it until we find a solution.

   2. Send the HTT software ring setup messages for the receive rings, otherwise
      the firmware never initializes its RXDMA pipeline, and delivers no frames
      to the host.  For that we did port over the
      ath12k_dp_rxdma_ring_sel_config_wcn7850() and ath12k_dp_rx_htt_setup()
      functions from the linux driver.

   Tested and ok kettenis@, kirill@
VersionDeltaFile
1.25+85-1sys/dev/ic/qwz.c
+85-11 files