Add missing memcpy calls for auth_key_in / out in merge_auth_conf()
This was broken when refactoring the code for RTR and only affects
manual IPSec setups which are very uncommon.
OK tb@
Error handling the double reallocarray in ch_table_resize() is tricky.
In case of a realloc failure for the meta tables the ch_tables arrays
was already successfully reallocated. Doing the free(tables) in the error
path results in a use-after-free scenario and instead on error ch_tables
just needs to be updated to this new table. Since the ch_level is not
adjusted the next time, reallocarray will be called on a memory block
that is already big enough which is a NOP and so this is safe.
Further cleanup will follow.
OK tb@
bump -python; lang/python is added to MODULES after bsd.port.arch.mk is
inckuded, so it's unable to take full effect and _MODPY_SYSTEM_VERSION
is not reflected in PKG_ARGS.
avoid validating bad cipher or mac lists in config files / commandline
arguments as valid.
Identified by SUSE and reported by Camila Camargo de Matos
ok deraadt@ tb@
fix hard-to-reach NULL deref during pubkey auth
To hit this, the user must be using a PEM style private key with no
corresponding .pub key adjacent to it.
rpki-client: fix incomplete strncmp() check
The directory path in rp->repouri doesn't end in a '/' itself, so check
that the uri containing an unused file points at something below it.
Pointed out by Frank Denis
ok claudio job
update to cassette 0.2.2
Upstream moved from gitlab.gnome.org to altlinux.space, the latter using
forgejo with tarball generation disabled for tags and releases, i.e.
there is no way to fetch sources from such repos unless developers upload
static release assets.
The author kindly did that upon my request; new releases should come
with more conventional tarballs so our DISTFILES and WRKDIST goo can go.
Fix bad sizes in certain graceful restart imsgs.
The move to use more u_int for aid also changed the imsgs
IMSG_SESSION_STALE, IMSG_SESSION_NOGRACE, IMSG_SESSION_FLUSH, and
IMSG_SESSION_RESTARTED. The problem was that not all senders were
adjusted.
OK tb@
Update libexpat to version 2.8.1.
Relevant for OpenBSD are security fixes #1216, other changes #1209.
Library bump is not necessary. CVE-2026-45186
OK tb@
Update to 8.6.18.
Tcl/Tk 8.6.18 Release Announcement
May 11, 2026
The Tcl Core Team is pleased to announce the 8.6.18 releases of the Tcl
dynamic language and the Tk toolkit. We intend these to be the final
releases of Tcl 8.6 and Tk 8.6. Both Tcl and Tk have successor major
release sequences in active supported development. As of this release
date, users of Tcl and Tk are encouraged to move to Tcl 9.0.3 and Tk 9.0.3.
With development of Tcl/Tk 8.6 at an end, we are no longer soliciting
bug reports and patches for these lines of development. Please only
report issues that are believed so severe in nature that they would
justify re-opening a closed development sequence.
https://sourceforge.net/projects/tcl/files/Tcl/8.6.18/tcltk-release-notes-8.6.18.txt
Update to 8.6.18.
Tcl/Tk 8.6.18 Release Announcement
May 11, 2026
The Tcl Core Team is pleased to announce the 8.6.18 releases of the Tcl
dynamic language and the Tk toolkit. We intend these to be the final
releases of Tcl 8.6 and Tk 8.6. Both Tcl and Tk have successor major
release sequences in active supported development. As of this release
date, users of Tcl and Tk are encouraged to move to Tcl 9.0.3 and Tk 9.0.3.
With development of Tcl/Tk 8.6 at an end, we are no longer soliciting
bug reports and patches for these lines of development. Please only
report issues that are believed so severe in nature that they would
justify re-opening a closed development sequence.
https://sourceforge.net/projects/tcl/files/Tcl/8.6.18/tcltk-release-notes-8.6.18.txt