OpenBSD/src RDZv4uPusr.bin/tmux tty-features.c

   Add overline for ghostty also, GitHub issue 5309.
VersionDeltaFile
1.40+2-1usr.bin/tmux/tty-features.c
+2-11 files

OpenBSD/ports FoyYX1Rmail/mozilla-thunderbird distinfo Makefile, mail/thunderbird-i18n distinfo Makefile.inc

   mail/mozilla-thunderbird: update to 140.12.1.

   see https://www.thunderbird.net/en-US/thunderbird/140.12.1esr/releasenotes/
VersionDeltaFile
1.302+132-132mail/thunderbird-i18n/distinfo
1.319+2-2mail/mozilla-thunderbird/distinfo
1.276+1-1mail/thunderbird-i18n/Makefile.inc
1.533+1-1mail/mozilla-thunderbird/Makefile
+136-1364 files

OpenBSD/ports Sjvp5wgnet/wstunnel distinfo crates.inc, net/wstunnel/patches patch-wstunnel-cli_src_main_rs patch-Cargo_lock

   Update to wstunnel-10.6.1

   Changes:
   https://github.com/erebe/wstunnel/releases/tag/v10.6.0
   https://github.com/erebe/wstunnel/releases/tag/v10.6.1

   From Christoph Liebender <christoph AT liebender DOT dev> (MAINTAINER)
VersionDeltaFile
1.12+176-204net/wstunnel/distinfo
1.12+87-101net/wstunnel/crates.inc
1.2+4-4net/wstunnel/patches/patch-wstunnel-cli_src_main_rs
1.6+2-2net/wstunnel/patches/patch-Cargo_lock
1.12+1-1net/wstunnel/Makefile
1.4+1-1net/wstunnel/patches/patch-wstunnel-cli_Cargo_toml
+271-3136 files

OpenBSD/ports 4HQxOq6sysutils/fastfetch Makefile distinfo

   Update fastfetch to 2.65.2
VersionDeltaFile
1.16+2-3sysutils/fastfetch/Makefile
1.16+2-2sysutils/fastfetch/distinfo
+4-52 files

OpenBSD/src 705aXkMusr.bin/ssh ssh-keygen.1

   more missing mldsa44-ed25519, based on GHPR696 from
   Loganaden Velvindron
VersionDeltaFile
1.238+10-6usr.bin/ssh/ssh-keygen.1
+10-61 files

OpenBSD/src xQSnZw5usr.bin/ssh clientloop.c

   whitespace
VersionDeltaFile
1.425+2-2usr.bin/ssh/clientloop.c
+2-21 files

OpenBSD/src Ysv2WeEusr.bin/ssh clientloop.c

   simplify SIGINFO output: remove list of active channels (too verbose)
   and just display destination and connection duration; requested deraadt@
VersionDeltaFile
1.424+8-2usr.bin/ssh/clientloop.c
+8-21 files

OpenBSD/src SjxayKsusr.bin/ssh ssh_config.5

   Tighten up the introduction a little:

   Mention Match as a conditional directive (previously it only
   mentioned Host)

   Try to use consistent language in the introduction to refer to
   configuration directives (previously it used "parameters" and
   "keywords" interchangeably).

   Mention that comments may appear at the end of the line too, and that
   whitespace at the beginning/end of lines is not significant.
VersionDeltaFile
1.426+22-17usr.bin/ssh/ssh_config.5
+22-171 files

OpenBSD/src ajxpd1eusr.bin/ssh sftp-server.c

   Move negative-FD checks to before first use.  CID 909998, ok djm@
VersionDeltaFile
1.156+7-2usr.bin/ssh/sftp-server.c
+7-21 files

OpenBSD/src a9cfUawsbin/reboot reboot.c

   fix openlog() arguments, LOG_CONS should not be or'd into facility
   from Ricardo Branco
VersionDeltaFile
1.39+3-3sbin/reboot/reboot.c
+3-31 files

OpenBSD/src cNxzNaDusr.bin/ssh ssh.1

   ssh -o doesn't support Host or Include options, they are only
   valid in the config file. bz3968 from xspielinbox
VersionDeltaFile
1.449+2-4usr.bin/ssh/ssh.1
+2-41 files

OpenBSD/src YZCexVxusr.bin/ssh ssh-keygen.c

   mention mldsa44-ed25519 in usage();
   based on GHPR695 from Loganaden Velvindron
VersionDeltaFile
1.492+2-2usr.bin/ssh/ssh-keygen.c
+2-21 files

OpenBSD/ports KHHovnuarchivers/zpaqfranz distinfo Makefile

   Update zpaqfranz to 64.8.

   From maintainer tux0r, thanks!
VersionDeltaFile
1.40+2-2archivers/zpaqfranz/distinfo
1.43+1-1archivers/zpaqfranz/Makefile
+3-32 files

OpenBSD/src BZP6u3Qusr.bin/tmux server-client.c

   And some other indentation.
VersionDeltaFile
1.484+12-13usr.bin/tmux/server-client.c
+12-131 files

OpenBSD/src ct7b5Dtusr.bin/tmux server-client.c

   Fix some indentation.
VersionDeltaFile
1.483+5-5usr.bin/tmux/server-client.c
+5-51 files

OpenBSD/ports 6uIWjwParchivers/makeself distinfo Makefile, archivers/makeself/patches patch-makeself_sh

   archivers/makeself: update to 2.7.1

   Update diff from Andrew Kloet
VersionDeltaFile
1.11+2-2archivers/makeself/distinfo
1.5+1-1archivers/makeself/patches/patch-makeself_sh
1.24+1-1archivers/makeself/Makefile
+4-43 files

OpenBSD/ports HG4lh3mgraphics/cxx-rust-cssparser Makefile

   Add missing dependency on devel/kf6/extra-cmake-modules

   Spotted by naddy
VersionDeltaFile
1.2+3-1graphics/cxx-rust-cssparser/Makefile
+3-11 files

OpenBSD/src bRtmJBvusr.bin/tmux grid.c

   Change a malloc to calloc.
VersionDeltaFile
1.152+2-13usr.bin/tmux/grid.c
+2-131 files

OpenBSD/src n8KWL4Slib/libc/hidden string.h wchar.h, lib/libc/include namespace.h

   LLVM now emits calls to strlen(3) and wcslen(3).  Redirect those calls to
   our hidden aliases to prevent unnecessary PLT entries (like we already do
   for memmove(3), memcpy(4) and memset(3)).

   ok deraadt@
VersionDeltaFile
1.18+5-1lib/libc/include/namespace.h
1.10+2-2lib/libc/string/strlen.c
1.5+2-2lib/libc/string/wcslen.c
1.7+2-2lib/libc/hidden/string.h
1.7+2-2lib/libc/hidden/wchar.h
1.90+2-1libexec/ld.so/Makefile
+15-106 files

OpenBSD/ports KXv4guUtextproc/simdutf Makefile distinfo, textproc/simdutf/pkg PFRAG.tools

   textproc/simdutf: Update to 9.0.0

   additional tests and feedback from tb, thanks
VersionDeltaFile
1.8+3-3textproc/simdutf/Makefile
1.7+2-2textproc/simdutf/distinfo
1.2+4-0textproc/simdutf/pkg/PFRAG.tools
+9-53 files

OpenBSD/src u5xUngAlibexec/login_ldap aldap.c, usr.bin/ldap aldap.c

   login_ldap(8)/ldap(1): fix endless loop

   Goto fail on closed socket and check for evbuffer_add(3) errors, too.

   Original bug was reported by Matthias Pitzl.

   On Tue, Jun 30, 2026 at 11:35:32AM +0200, Martijn van Duren wrote:
   > Could you also make sure other aldap.c users get the fix?

   OK martijn@
VersionDeltaFile
1.3+4-4libexec/login_ldap/aldap.c
1.11+4-4usr.bin/ldap/aldap.c
+8-82 files

OpenBSD/ports vUFCdELlang/node distinfo Makefile, lang/node/patches patch-common_gypi patch-include_node_common_gypi

   lang/node: Update to 24.18.0

   Fixes (by way of 24.17.0):
   CVE-2026-48618 tls: normalize hostname for server identity checks
   CVE-2026-48933 crypto: guard WebCrypto cipher output length
   CVE-2026-48615 lib,test: redact proxy credentials in tunnel errors
   CVE-2026-48619 http2: cap originSet size to prevent unbounded memory growth
   CVE-2026-48928 tls: fix case-sensitive SNI context matching
   CVE-2026-48930 dns,net: reject hostnames with embedded NUL bytes
   CVE-2026-48934 tls: bind reusable sessions to authenticated host
   CVE-2026-48937 deps: fix integration issues with the latest nghttp2
   CVE-2026-48617 permission: handle process.chdir on writereport
   CVE-2026-48931 http: fix response queue poisoning in http.Agent
   CVE-2026-48935 permission: disable FileHandle utimes with permission model
VersionDeltaFile
1.72+213-11lang/node/pkg/PLIST
1.41+4-4lang/node/patches/patch-common_gypi
1.15+4-4lang/node/patches/patch-include_node_common_gypi
1.99+4-4lang/node/distinfo
1.169+1-2lang/node/Makefile
1.15+1-1lang/node/patches/patch-configure_py
+227-262 files not shown
+229-288 files

OpenBSD/src viNVE6Kusr.sbin/ypldap aldap.c

   ypldap(8): fix endless loop

   Goto fail on closed socket and check for evbuffer_add(3) errors, too.

   OK martijn@
VersionDeltaFile
1.50+4-4usr.sbin/ypldap/aldap.c
+4-41 files

OpenBSD/ports XA7ns7Dx11/oxygen-icons Makefile

   Add missing build dependency on devel/kf6/extra-cmake-modules

   Spotted by aja
VersionDeltaFile
1.2+2-3x11/oxygen-icons/Makefile
+2-31 files

OpenBSD/ports gahR1D2cad/libspnav Makefile

   libspnav: set NO_TEST=yes
VersionDeltaFile
1.2+2-0cad/libspnav/Makefile
+2-01 files

OpenBSD/ports Z1MSxaxdevel/esbuild distinfo Makefile

   devel/esbuild: Update to 0.28.1

   From Maintainer Igor Zornik, thanks
VersionDeltaFile
1.20+2-2devel/esbuild/distinfo
1.21+1-1devel/esbuild/Makefile
+3-32 files

OpenBSD/ports kZRMPAJlang/elixir distinfo Makefile

   lang/elixir: Update to 1.20.2
VersionDeltaFile
1.77+2-2lang/elixir/distinfo
1.90+1-1lang/elixir/Makefile
+3-32 files

OpenBSD/ports X5A52rCsysutils/moor distinfo Makefile

   sysutils/moor: Update to 2.15.1

   From Maintainer Lydia Sobot, thanks
VersionDeltaFile
1.10+2-2sysutils/moor/distinfo
1.10+1-1sysutils/moor/Makefile
+3-32 files

OpenBSD/src cBBSbWJsys/arch/arm64/dev aplns.c, sys/dev/ic nvme.c

   partially revert previous to return to 64-byte submission queue
   entries by default, only applying 128-byte entries on APPLE_NVME3
   (T2) where we know it's needed

   the previous change broke APPLE_NVME2 which advertises 128 bytes but
   needs 64

   ok dlg
VersionDeltaFile
1.129+3-7sys/dev/ic/nvme.c
1.15+7-1sys/dev/pci/nvme_pci.c
1.19+1-2sys/arch/arm64/dev/aplns.c
+11-103 files

OpenBSD/src o3Ez8Wvlib/libc/sys pledge.2

   Yet another AI assisted report has triggered on the belief that
   kill(2) against 0 (for pgrp) should not be permitted by pledge "proc".
   Nothing validates this premise.  Blocking process group kills would
   break substantial amounts of software in dangeous ways, as it creates
   fragile invarient conditions.  We previously tried to block this belief
   with kern_pledge.c:1.357 by subtly adding "/pgrp" in a comment, but that
   was not effective so try adding "kill(2) may still operate on the
   process group with pid 0." to the manual page.  This is annoying
   because the pledge manual page usually describes what is blocked
   (resulting in process killing) rather than specifically listing
   what allowed.
   Discussed with Ivan Arce
VersionDeltaFile
1.86+5-3lib/libc/sys/pledge.2
+5-31 files