Use LIBname_VERSION with library('libname', name_prefix: '')
We patch meson to use the LIBname_VERSION variables coming from
SHARED_LIBS in the ports tree. Teach our patch about name_prefix, so
porters can stop patching meson.build to remove name_prefix: ''.
Longer explanation is in
https://marc.info/?l=openbsd-ports&m=176290899309221&w=2
ok ajacoutot@ (maintainer)
ok kirill@
update ipython to 9.7.0
Rename the package from ipython3 to ipython. Tweak the Makefile as
suggested by sthen@ by symlinking MODPY_BIN to WRKDIR/bin/python which lets
us drop a patch.
Fix regress for recent pflow template addition
Note this does not add new tests for the NAT template but does fix existing tests
which fail after the addition
ok anton@
Move the adj-rib-out related code out of rde_rib.c into its own file.
rde_adjout.c will contain all the logic for handling the adj-rib-out
also adjust the function names to be prefix_adjout_xyz to make it clear
what they cover. Some function need to be exported now but over time
this will go away since the adj-rib-out code will be mostly rewritten.
OK deraadt@ tb@
When MAXPARTITIONS is cranked to 52 there are some places
where the value must remain 16. e.g. MD/Vendor labels that
must fit inside a DEV_BSIZE buf, parsing the contents of a
DEV_BSIZE buf as a disklabel and translations to/from
MD/Vendor labels and OpenBSD labels.
Replace MAXPARTITIONS with MAXPARTITIONS16 in the most
obvious of these places.
ok deraadt@
rpki-client: add wrappers for x509_valid_name()
Currently the same function is used for subjects and issuers and it
requires the caller to pass in a string clarifying what is being
checked. Add two wrappers for issuer and subject which matches the
required logic better independently of whether we ever support
UTF8String in subjects of BGPsec router certs or not.
ok claudio job
MFC: SECURITY update to openvpn-2.6.16
Fixes CVE-2025-13086
|Fix memcmp check for the hmac verification in the 3way handshake.
|This bug renders the HMAC based protection against state exhaustion on
|receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
Full changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.16/Changes.rst
SECURITY update to openvpn-2.6.16
Fixes CVE-2025-13086
|Fix memcmp check for the hmac verification in the 3way handshake.
|This bug renders the HMAC based protection against state exhaustion on
|receiving spoofed TLS handshake packets in the OpenVPN server inefficient.
Full changelog:
https://github.com/OpenVPN/openvpn/blob/v2.6.16/Changes.rst
merge textproc/libxml,-python (py3-libxml) into textproc/libxml; there's no
direct equivalent any more (py3-lxml is the suggested replacement but it's
not a drop-in) and having the old package lying around causes an issue for
updates.
drop @pkgpath textproc/libxml; this was copied from PLIST-main but is the
default for a package built from ports/textproc/libxml without multipackages
anyway. update path is ok with just this; it was present directly in
PLIST-main so there's a valid update path. (that is ok because libxml
went from single- to multi-packages and back again; had it started as
multi-packages in the first place there would have been no @pkgpath in
PLIST-main - had that been the case, we'd need @pkgpath textproc,-main).
ok aja landry
