463,339 commits found in 93 milliseconds
OpenBSD /ports BIoYtw3 — www/rt distinfo Makefile, www/rt/patches patch-Makefile_in patch-sbin_rt-setup-database_in update to 6.0.3
update to 1.85
OpenBSD /ports Q2rFAl0 — print/hplip Makefile distinfo, print/hplip/patches patch-base_utils_py patch-Makefile_in Update to hplip-3.26.4.
Update to spidermonkey140-140.11.0.
OpenBSD /ports 2UTaBjP — x11/qt5/qtwebengine/patches patch-src_3rdparty_chromium_v8_src_compiler_backend_instruction-codes_h patch-src_3rdparty_chromium_third_party_blink_renderer_platform_image-encoders_image_encoder_utils_cc Fix build with llvm22
Some enum need a fixed underlying type.
Pane resizing code for floating panes, mostly by Michael Grant.
OpenBSD /ports lkl7WKD — sysutils/google-cloud-sdk distinfo Makefile, sysutils/google-cloud-sdk/pkg PLIST Update to google-cloud-sdk-569.0.0.
Updat to protobuf-java 4.34.2
https://github.com/protocolbuffers/protobuf/releases/tag/v34.2
Update to py-protobuf 7.34.2
https://github.com/protocolbuffers/protobuf/releases/tag/v34.2
Update to protobuf-cpp 6.34.2
https://github.com/protocolbuffers/protobuf/releases/tag/v34.2
Implement a better fix. The previous fix allowed to overflow in a
different spot. This would still only lead to a crash, and would only be
reachable by arbitrary users if the admin enabled the agentx socket, and
set custom permissions.
OK deraadt@, mvs@
motif: switch from unsigned long * to CARD64 * to prepare for llvm22
matthieu agrees with the approach
OpenBSD /ports yuZ3T79 — graphics/GraphicsMagick Makefile distinfo, graphics/GraphicsMagick/patches patch-configure Update to GraphicsMagick 1.3.47 to fix build with llvm22, ok Brad
http://www.graphicsmagick.org/NEWS.html#may-13-2026
mention that compression could potentially leak information about session
contents (cf. the CRIME attack on TLS) if a connection allows attacker-
controlled traffic over it alongside trused traffic. This might occur
in some forwarding scenarios.
with deraadt@
mention usefulness of request type allow/denylisting for servers
accepting untrusted clients
document EACESS if __pledge_open() in /usr/share/zoneinfo terminates
on a non-regular file
ok dgl
only allow __pledge_open(2) to open regular files in the /usr/share/zoneinfo
directory. other file types return EACCES.
ok dgl
OpenBSD /ports 7aDToYF — net/curl Makefile distinfo, net/curl/patches patch-m4_curl-compilers_m4 net/curl: update to 8.20.0
Includes fixes for
CVE-2026-4873 : connection reuse ignores TLS requirement
CVE-2026-5545 : wrong reuse of HTTP Negotiate connection
CVE-2026-5773 : wrong reuse of SMB connection
CVE-2026-6253 : proxy credentials leak over redirect-to proxy
CVE-2026-6276 : stale custom cookie host causes cookie leak
CVE-2026-6429 : netrc credential leak with reused proxy connection
CVE-2026-7168 : cross-proxy Digest auth state leak
lrsz: fix incompatible pointer types (socklen_t * vs size_t *) for llvm22
magicpoint: passing int * to size_t * makes llvm22 unhappy
comms/x3270: fix -Wincompatible-pointer-types (socklen_t vs size_t)
In the vscsi_callback() handle ISCSI_SCSI_STAT_CHCK_COND more carefully.
Especially the embedded sense data needs to be extracted respecting the
real buffer length. Make sure at least 2 bytes are availabe for the lenght
and also check that the resulting len is not bigger then the buffer
itself.
Reported by Frank Denis
OK deraadt@
Update to upterm 0.24.0.
Update to unbound_exporter 0.6.0.
OpenBSD /ports 2EZCqGX — www/ungoogled-chromium distinfo Makefile, www/ungoogled-chromium/patches patch-content_browser_renderer_host_render_process_host_impl_cc patch-content_public_common_content_features_cc update to 148.0.7778.178
Update to tor 0.4.9.8
ok sthen@
Also copy aspa_state and aspa_generation in path_copy() this way
the linked db copy of the path gets the right ASPA cache data.
OK tb@
multimedia/libheif: Update to 1.22.0
From Brad, thanks
Update nextcloud to 33.0.3
Update nextcloud to 32.0.9
