OpenBSD/src Gc6HoHMsys/nfs nfs_vnops.c

   in nfs_writerpc() error from server would leak an mbuf

   reported by Andrew Griffiths of Calif
   initial diff from deraadt@ ok miod@
VersionDeltaFile
1.215+5-2sys/nfs/nfs_vnops.c
+5-21 files

OpenBSD/src iO1OEkEsys/nfs nfs_serv.c

   cleanup when nfsm_srvmtofh1() errors in nfsrv_rename()

   corrects vnode references and namei_pool leak
   reported by Andrew Griffiths of Calif
   initial diff from deraadt@ ok miod@
VersionDeltaFile
1.150+5-4sys/nfs/nfs_serv.c
+5-41 files

OpenBSD/src SywFQkkusr.bin/tmux cmd-join-pane.c

   move-pane needs -D.
VersionDeltaFile
1.66+2-2usr.bin/tmux/cmd-join-pane.c
+2-21 files

OpenBSD/src ToGTjuKusr.bin/tmux format.c

   Revert previous, it is not the right change.
VersionDeltaFile
1.392+3-12usr.bin/tmux/format.c
+3-121 files

OpenBSD/src yEwpV0Vusr.bin/tmux format.c

   Disable time expansion if expanding an inner format or more %s are
   needed.
VersionDeltaFile
1.391+12-3usr.bin/tmux/format.c
+12-31 files

OpenBSD/src 9CiKWvxusr.sbin/httpd httpd.h proc.c

   Remove support for control socket. There's no httpctl, and no known plans
   to implement it.

   OK rsadowski@, kirill@
VersionDeltaFile
1.176+1-39usr.sbin/httpd/httpd.h
1.55+1-20usr.sbin/httpd/proc.c
1.80+1-9usr.sbin/httpd/httpd.c
1.33+2-2usr.sbin/httpd/Makefile
1.23+1-1usr.sbin/httpd/control.c
+6-715 files

OpenBSD/src pNKPQwgusr.sbin/relayd proc.c relayd.c

   Similar to a recent commit in vmd, remove ps_rcsocks from proc.s, which is
   unused.

   OK rsadowski@, kirill@
VersionDeltaFile
1.58+1-8usr.sbin/relayd/proc.c
1.203+1-2usr.sbin/relayd/relayd.c
1.289+1-2usr.sbin/relayd/relayd.h
+3-123 files

OpenBSD/src GOEIFzTusr.bin/tmux layout-set.c layout.c

   Change layout sets to build the layout using the new mechanics, from
   Dane Jensen.
VersionDeltaFile
1.37+151-173usr.bin/tmux/layout-set.c
1.84+23-16usr.bin/tmux/layout.c
1.355+4-4usr.bin/tmux/window.c
1.35+4-4usr.bin/tmux/layout-custom.c
1.1385+4-3usr.bin/tmux/tmux.h
1.43+2-2usr.bin/tmux/spawn.c
+188-2026 files

OpenBSD/src EX3Q7qWusr.bin/tmux screen-write.c tmux.h

   Instead of fully redrawing the pane when sync ends, only redraw lines
   that have been changed.
VersionDeltaFile
1.280+136-52usr.bin/tmux/screen-write.c
1.1384+5-1usr.bin/tmux/tmux.h
1.148+3-1usr.bin/tmux/screen-redraw.c
1.354+2-1usr.bin/tmux/window.c
+146-554 files

OpenBSD/src iEp5ePvusr.bin/tmux colour.c format.c

   Add a couple of format c/f and c/b to emit colours.
VersionDeltaFile
1.34+53-1usr.bin/tmux/colour.c
1.390+33-8usr.bin/tmux/format.c
1.1114+7-1usr.bin/tmux/tmux.1
1.78+2-2usr.bin/tmux/cmd-list-keys.c
1.1383+2-1usr.bin/tmux/tmux.h
+97-135 files

OpenBSD/src h365cGZusr.sbin/rpki-client nca.c extern.h

   Use macro instead of hardcoding the name of the file containing NCA history

   OK tb@
VersionDeltaFile
1.7+8-8usr.sbin/rpki-client/nca.c
1.287+3-1usr.sbin/rpki-client/extern.h
1.88+2-2usr.sbin/rpki-client/repo.c
+13-113 files

OpenBSD/src e9FnDSbusr.sbin/bgpd rde_peer.c rde_decide.c

   Pass peer to rde_enqueue_updates() to enqueue updates on.

   This allows withdraws to be queued on the peer that caused them and not
   on peerself. Also only enqueue a rib entry once and try to keep FIFO
   order. Before every call to rde_enqueue_updates() would requeue the
   rib entry at the end of the list. Doing this requeue could delay updates
   for long time.  Further optimisation may need to happen here.

   OK tb@
VersionDeltaFile
1.77+31-38usr.sbin/bgpd/rde_peer.c
1.109+15-6usr.sbin/bgpd/rde_decide.c
1.355+3-3usr.sbin/bgpd/rde.h
1.301+3-3usr.sbin/bgpd/rde_rib.c
1.708+2-2usr.sbin/bgpd/rde.c
+54-525 files

OpenBSD/src shfAF8qusr.bin/tmux screen-write.c

   Do not draw to tty if PANE_REDRAW has been set since it is just going to
   be replaced.
VersionDeltaFile
1.279+36-22usr.bin/tmux/screen-write.c
+36-221 files

OpenBSD/src RDZv4uPusr.bin/tmux tty-features.c

   Add overline for ghostty also, GitHub issue 5309.
VersionDeltaFile
1.40+2-1usr.bin/tmux/tty-features.c
+2-11 files

OpenBSD/src 705aXkMusr.bin/ssh ssh-keygen.1

   more missing mldsa44-ed25519, based on GHPR696 from
   Loganaden Velvindron
VersionDeltaFile
1.238+10-6usr.bin/ssh/ssh-keygen.1
+10-61 files

OpenBSD/src xQSnZw5usr.bin/ssh clientloop.c

   whitespace
VersionDeltaFile
1.425+2-2usr.bin/ssh/clientloop.c
+2-21 files

OpenBSD/src Ysv2WeEusr.bin/ssh clientloop.c

   simplify SIGINFO output: remove list of active channels (too verbose)
   and just display destination and connection duration; requested deraadt@
VersionDeltaFile
1.424+8-2usr.bin/ssh/clientloop.c
+8-21 files

OpenBSD/src SjxayKsusr.bin/ssh ssh_config.5

   Tighten up the introduction a little:

   Mention Match as a conditional directive (previously it only
   mentioned Host)

   Try to use consistent language in the introduction to refer to
   configuration directives (previously it used "parameters" and
   "keywords" interchangeably).

   Mention that comments may appear at the end of the line too, and that
   whitespace at the beginning/end of lines is not significant.
VersionDeltaFile
1.426+22-17usr.bin/ssh/ssh_config.5
+22-171 files

OpenBSD/src ajxpd1eusr.bin/ssh sftp-server.c

   Move negative-FD checks to before first use.  CID 909998, ok djm@
VersionDeltaFile
1.156+7-2usr.bin/ssh/sftp-server.c
+7-21 files

OpenBSD/src a9cfUawsbin/reboot reboot.c

   fix openlog() arguments, LOG_CONS should not be or'd into facility
   from Ricardo Branco
VersionDeltaFile
1.39+3-3sbin/reboot/reboot.c
+3-31 files

OpenBSD/src cNxzNaDusr.bin/ssh ssh.1

   ssh -o doesn't support Host or Include options, they are only
   valid in the config file. bz3968 from xspielinbox
VersionDeltaFile
1.449+2-4usr.bin/ssh/ssh.1
+2-41 files

OpenBSD/src YZCexVxusr.bin/ssh ssh-keygen.c

   mention mldsa44-ed25519 in usage();
   based on GHPR695 from Loganaden Velvindron
VersionDeltaFile
1.492+2-2usr.bin/ssh/ssh-keygen.c
+2-21 files

OpenBSD/src BZP6u3Qusr.bin/tmux server-client.c

   And some other indentation.
VersionDeltaFile
1.484+12-13usr.bin/tmux/server-client.c
+12-131 files

OpenBSD/src ct7b5Dtusr.bin/tmux server-client.c

   Fix some indentation.
VersionDeltaFile
1.483+5-5usr.bin/tmux/server-client.c
+5-51 files

OpenBSD/src bRtmJBvusr.bin/tmux grid.c

   Change a malloc to calloc.
VersionDeltaFile
1.152+2-13usr.bin/tmux/grid.c
+2-131 files

OpenBSD/src n8KWL4Slib/libc/hidden string.h wchar.h, lib/libc/include namespace.h

   LLVM now emits calls to strlen(3) and wcslen(3).  Redirect those calls to
   our hidden aliases to prevent unnecessary PLT entries (like we already do
   for memmove(3), memcpy(4) and memset(3)).

   ok deraadt@
VersionDeltaFile
1.18+5-1lib/libc/include/namespace.h
1.10+2-2lib/libc/string/strlen.c
1.5+2-2lib/libc/string/wcslen.c
1.7+2-2lib/libc/hidden/string.h
1.7+2-2lib/libc/hidden/wchar.h
1.90+2-1libexec/ld.so/Makefile
+15-106 files

OpenBSD/src u5xUngAlibexec/login_ldap aldap.c, usr.bin/ldap aldap.c

   login_ldap(8)/ldap(1): fix endless loop

   Goto fail on closed socket and check for evbuffer_add(3) errors, too.

   Original bug was reported by Matthias Pitzl.

   On Tue, Jun 30, 2026 at 11:35:32AM +0200, Martijn van Duren wrote:
   > Could you also make sure other aldap.c users get the fix?

   OK martijn@
VersionDeltaFile
1.3+4-4libexec/login_ldap/aldap.c
1.11+4-4usr.bin/ldap/aldap.c
+8-82 files

OpenBSD/src viNVE6Kusr.sbin/ypldap aldap.c

   ypldap(8): fix endless loop

   Goto fail on closed socket and check for evbuffer_add(3) errors, too.

   OK martijn@
VersionDeltaFile
1.50+4-4usr.sbin/ypldap/aldap.c
+4-41 files

OpenBSD/src cBBSbWJsys/arch/arm64/dev aplns.c, sys/dev/ic nvme.c

   partially revert previous to return to 64-byte submission queue
   entries by default, only applying 128-byte entries on APPLE_NVME3
   (T2) where we know it's needed

   the previous change broke APPLE_NVME2 which advertises 128 bytes but
   needs 64

   ok dlg
VersionDeltaFile
1.129+3-7sys/dev/ic/nvme.c
1.15+7-1sys/dev/pci/nvme_pci.c
1.19+1-2sys/arch/arm64/dev/aplns.c
+11-103 files

OpenBSD/src o3Ez8Wvlib/libc/sys pledge.2

   Yet another AI assisted report has triggered on the belief that
   kill(2) against 0 (for pgrp) should not be permitted by pledge "proc".
   Nothing validates this premise.  Blocking process group kills would
   break substantial amounts of software in dangeous ways, as it creates
   fragile invarient conditions.  We previously tried to block this belief
   with kern_pledge.c:1.357 by subtly adding "/pgrp" in a comment, but that
   was not effective so try adding "kill(2) may still operate on the
   process group with pid 0." to the manual page.  This is annoying
   because the pledge manual page usually describes what is blocked
   (resulting in process killing) rather than specifically listing
   what allowed.
   Discussed with Ivan Arce
VersionDeltaFile
1.86+5-3lib/libc/sys/pledge.2
+5-31 files