OpenBSD/src QmddXBLlib/libexpat Changes, lib/libexpat/lib xmlparse.c

   Update libexpat to version 2.8.1.

   Relevant for OpenBSD are security fixes #1216, other changes #1209.
   Library bump is not necessary.  CVE-2026-45186

   OK tb@
VersionDeltaFile
1.11+295-15lib/libexpat/tests/basic_tests.c
1.49+30-6lib/libexpat/lib/xmlparse.c
1.6+19-15lib/libexpat/tests/handlers.c
1.37+26-0lib/libexpat/Changes
1.8+5-5lib/libexpat/tests/minicheck.c
1.6+4-3lib/libexpat/tests/structdata.c
+379-448 files not shown
+396-5714 files

OpenBSD/src efVkuVOusr.sbin/bgpd parse.y

   getservice() needs to return the port in host byte order but
   getservbyname() returns the value in network byte order. Add some ntohs()
   for those poor little endian systems.

   OK tb@
VersionDeltaFile
1.495+2-2usr.sbin/bgpd/parse.y
+2-21 files

OpenBSD/src Pf2sKqSlib/libutil imsg-buffer.c

   ibuf_set_maxsize() need to ensure that the invariants are upheld by
   checking also that wpos and size are not bigger then the new max.

   If wpos is bigger fail hard, for size the allocation may have been used
   before and so do an explicit_bzero() to clear the extra memory out.

   OK tb@
VersionDeltaFile
1.37+11-2lib/libutil/imsg-buffer.c
+11-21 files

OpenBSD/src jZ9JsYGlib check_sym

   check_sym: do not run output commands twice

   ok guenther@
VersionDeltaFile
1.15+8-7lib/check_sym
+8-71 files

OpenBSD/src BCAukxxlib/libcrypto/md5 md5_amd64_generic.S, lib/libcrypto/sha sha1_aarch64_ce.S sha1_amd64_generic.S

   Add a guarded .note.GNU-stack section to crypto assembly files.

   Add a .note.GNU-stack section to avoid ending up with an executable stack
   on toolchains that believe we should have an executable stack by default.

   Reported by ruuda on Github.

   Discussed with tb@
VersionDeltaFile
1.3+5-1lib/libcrypto/md5/md5_amd64_generic.S
1.10+5-1lib/libcrypto/sha/sha1_aarch64_ce.S
1.8+5-1lib/libcrypto/sha/sha1_amd64_generic.S
1.9+5-1lib/libcrypto/sha/sha1_amd64_shani.S
1.11+5-1lib/libcrypto/sha/sha256_aarch64_ce.S
1.10+5-1lib/libcrypto/sha/sha256_amd64_generic.S
+30-63 files not shown
+45-99 files

OpenBSD/src e8yH0V2sys/dev/ic sti.c

   Fix buglet introduced in 1.85; from clang -Wsometimes-uninitialized via jsg@
VersionDeltaFile
1.86+17-17sys/dev/ic/sti.c
+17-171 files

OpenBSD/src FLleCQzusr.bin/compress gzopen.c zipopen.c

   Fix double-close on header-step failure

   OK job@
VersionDeltaFile
1.36+7-5usr.bin/compress/gzopen.c
1.2+4-3usr.bin/compress/zipopen.c
+11-82 files

OpenBSD/src c5x6jffdistrib/sets/lists/base mi

   sync
VersionDeltaFile
1.1183+1-1distrib/sets/lists/base/mi
+1-11 files

OpenBSD/src 1bzSGAqregress/usr.bin/ssh dropbear-kex.sh

   Dropbear recently added a -Q option; use it to query KEX if available.
VersionDeltaFile
1.5+6-4regress/usr.bin/ssh/dropbear-kex.sh
+6-41 files

OpenBSD/src CpDnI3tusr.bin/tmux screen-redraw.c tmux.h

   Make pane offsets signed, needed for floating panes.
VersionDeltaFile
1.116+41-30usr.bin/tmux/screen-redraw.c
1.1313+18-18usr.bin/tmux/tmux.h
1.47+5-5usr.bin/tmux/cmd-display-panes.c
1.183+3-3usr.bin/tmux/cmd.c
1.456+2-2usr.bin/tmux/server-client.c
+69-585 files

OpenBSD/src EVVkeGeusr.bin/tmux server-client.c

   Turn off the "is this a paste" guessing if the terminal supports bracket
   pasting instead, GitHub issue 5031.
VersionDeltaFile
1.455+3-1usr.bin/tmux/server-client.c
+3-11 files

OpenBSD/src 1LJk6fNusr.bin/tmux window.c utf8-combined.c

   Check FIONREAD for all panes not just piped panes, fixes issues with
   tests, GitHub issue 4807.
VersionDeltaFile
1.317+5-7usr.bin/tmux/window.c
1.9+2-2usr.bin/tmux/utf8-combined.c
1.71+2-2usr.bin/tmux/utf8.c
+9-113 files

OpenBSD/src yeINCPusys/net pf_lb.c

   revert last
   KASSERT(x != 0) to prevent division by zero just after doesn't help anything,
   division by 0 blows up nicely by itself with a very clear message.
   excessive comments and things like useless KASSERTs just make it much harder
   to follow the actual code. ok sashan
VersionDeltaFile
1.78+1-9sys/net/pf_lb.c
+1-91 files

OpenBSD/src IwkmSyeusr.bin/tmux screen-redraw.c

   Fix infinite loop due to underflow when redrawing scrollbar, from Pavel
   Lavrukhin in GitHub issue 4932.
VersionDeltaFile
1.115+9-3usr.bin/tmux/screen-redraw.c
+9-31 files

OpenBSD/src TFnF6Rousr.bin/tmux control.c

   Fix control mode teardown ordering for queued pane output, GitHub issue
   5064 from Aaron Campbell.
VersionDeltaFile
1.57+2-2usr.bin/tmux/control.c
+2-21 files

OpenBSD/src DKZnLV0usr.sbin/bgpd parse.y bgpd.h

   Introduce MAX_ADDPATH_COUNT (set to 100) and use this as the maximum
   for the add-path send plus and max arguments.

   OK tb@
VersionDeltaFile
1.494+5-5usr.sbin/bgpd/parse.y
1.542+2-1usr.sbin/bgpd/bgpd.h
+7-62 files

OpenBSD/src aCZANqCsys/dev/i2c ad741x.c

   make sure the command is set to config when writing config register bits

   prompted by a -Wuninitialized-const-pointer warning from clang 21
   ok deraadt@
VersionDeltaFile
1.16+4-1sys/dev/i2c/ad741x.c
+4-11 files

OpenBSD/src UxboQKosys/net80211 ieee80211_node.c

   Fix signed overflow in ieee80211_40mhz_valid_secondary_below().
   The secondary_chan variable should be uint8_t instead of int8_t,
   matching ieee80211_40mhz_valid_secondary_above().

   ok phessler@ stsp@
VersionDeltaFile
1.215+2-2sys/net80211/ieee80211_node.c
+2-21 files

OpenBSD/src XndTTh4lib/libexpat Changes, lib/libexpat/doc reference.html

   Update libexpat to version 2.8.0

   Relevant for OpenBSD are other changes #1201 #1189 #1203 #1204 #1194
   #1202 #1187 #1192 #1171 #1170.  Minor library bump is necessary as
   XML_SetHashSalt16Bytes() has been added.  Security fixes have been
   backported in previous commit.

   OK tb@
VersionDeltaFile
1.48+62-162lib/libexpat/lib/xmlparse.c
1.30+51-6lib/libexpat/doc/reference.html
1.36+50-0lib/libexpat/Changes
1.1+43-0lib/libexpat/lib/random_arc4random_buf.c
1.1+39-0lib/libexpat/lib/random_arc4random_buf.h
1.10+26-0lib/libexpat/tests/basic_tests.c
+271-16827 files not shown
+308-19533 files

OpenBSD/src 9v2a2Causr.sbin/httpd httpd.h httpd.c

   usr.sbin/httpd: widen server flags to 64-bit integers

   OK job@
VersionDeltaFile
1.171+36-36usr.sbin/httpd/httpd.h
1.78+8-5usr.sbin/httpd/httpd.c
1.71+2-2usr.sbin/httpd/config.c
1.133+2-2usr.sbin/httpd/parse.y
+48-454 files

OpenBSD/src B3ufJMiusr.sbin/bgpd session.c

   In merge_peers() also set local_bgpid for cloned peers, not only regular
   peers and templates.

   OK tb@
VersionDeltaFile
1.535+3-1usr.sbin/bgpd/session.c
+3-11 files

OpenBSD/src krBTPCXsys/dev/pci pcidevs_data.h pcidevs.h

   regen
VersionDeltaFile
1.2122+5-1sys/dev/pci/pcidevs_data.h
1.2127+2-1sys/dev/pci/pcidevs.h
+7-22 files

OpenBSD/src cmjZuy2sys/dev/pci pcidevs

   Add RK3576.
VersionDeltaFile
1.2134+2-1sys/dev/pci/pcidevs
+2-11 files

OpenBSD/src qnKuokEshare/man/man9 bus_dma.9

   Add CONTEXT section that documents when it is safe to call each bus_dma
   API function.

   ok dlg@, deraadt@
VersionDeltaFile
1.38+21-6share/man/man9/bus_dma.9
+21-61 files

OpenBSD/src nmR74kqusr.sbin/bgpd rtr.c

   Impose the same MAX_ASPA_SPAS_COUNT limit onto the merged APSA sets that
   are sent to the RDE.

   The merged ASPA table could in theory become so big that the imsg framework
   fails. So limit the merged ASPA set to the same MAX_ASPA_SPAS_COUNT as
   the aspa-set { } in the main config and the RTR ASPA PDUs.

   Log a warning when a ASPA entry is skipped because of this limit.
   There is nothing persisted so the warning will be repeated whenever there
   is an update. Since it is highly unlikly that such an big ASPA will ever
   exists this is good enough for now.

   OK tb@
VersionDeltaFile
1.35+15-6usr.sbin/bgpd/rtr.c
+15-61 files

OpenBSD/src fSEpTHZusr.sbin/bgpd parse.y

   In merge_aspa_set() do the MAX_ASPA_SPAS_COUNT check the same way it is
   done in the rest of the code and by doing so fix a harmless off by one
   error.

   OK tb@
VersionDeltaFile
1.493+2-2usr.sbin/bgpd/parse.y
+2-21 files

OpenBSD/src LzBdRxilib/libc/sys open.2

   For clarity, improve the __pledge_open documentation
VersionDeltaFile
1.59+7-6lib/libc/sys/open.2
+7-61 files

OpenBSD/src EKfU4a2sys/dev/pci/drm/include/linux llist.h

   switch loop condition from pointer to integer arithmetic

   Otherwise LLVM 22 creates an infinite loop.
   ok jsg@
VersionDeltaFile
1.4+2-2sys/dev/pci/drm/include/linux/llist.h
+2-21 files

OpenBSD/src FFxjpcnusr.sbin/bgpd bitmap.c

   Track the number of elements in the array instead of the highest possible bit.

   The bitmap code tracked the maximum number of bits allowed but that could
   trigger an overflow in BITMAP_ROUNDUP() for very big bitmaps.
   Move the max from tracking bits to tracking the number of elements in the
   array covering the bitmap.

   Add extra casts in BITMAP_SETPTR() and BITMAP_GETPTR() to stop 32bit archs
   warning about a pointer to int case of different size.

   OK tb@
VersionDeltaFile
1.4+31-34usr.sbin/bgpd/bitmap.c
+31-341 files

OpenBSD/src jb0jMrHsys/arch/riscv64/dev if_smte.c

   Improve error checking of received packets.

   ok jca@
VersionDeltaFile
1.2+21-7sys/arch/riscv64/dev/if_smte.c
+21-71 files