OpenBSD/src a9cfUawsbin/reboot reboot.c

   fix openlog() arguments, LOG_CONS should not be or'd into facility
   from Ricardo Branco
VersionDeltaFile
1.39+3-3sbin/reboot/reboot.c
+3-31 files

OpenBSD/src cNxzNaDusr.bin/ssh ssh.1

   ssh -o doesn't support Host or Include options, they are only
   valid in the config file. bz3968 from xspielinbox
VersionDeltaFile
1.449+2-4usr.bin/ssh/ssh.1
+2-41 files

OpenBSD/src YZCexVxusr.bin/ssh ssh-keygen.c

   mention mldsa44-ed25519 in usage();
   based on GHPR695 from Loganaden Velvindron
VersionDeltaFile
1.492+2-2usr.bin/ssh/ssh-keygen.c
+2-21 files

OpenBSD/src BZP6u3Qusr.bin/tmux server-client.c

   And some other indentation.
VersionDeltaFile
1.484+12-13usr.bin/tmux/server-client.c
+12-131 files

OpenBSD/src ct7b5Dtusr.bin/tmux server-client.c

   Fix some indentation.
VersionDeltaFile
1.483+5-5usr.bin/tmux/server-client.c
+5-51 files

OpenBSD/src bRtmJBvusr.bin/tmux grid.c

   Change a malloc to calloc.
VersionDeltaFile
1.152+2-13usr.bin/tmux/grid.c
+2-131 files

OpenBSD/src n8KWL4Slib/libc/hidden string.h wchar.h, lib/libc/include namespace.h

   LLVM now emits calls to strlen(3) and wcslen(3).  Redirect those calls to
   our hidden aliases to prevent unnecessary PLT entries (like we already do
   for memmove(3), memcpy(4) and memset(3)).

   ok deraadt@
VersionDeltaFile
1.18+5-1lib/libc/include/namespace.h
1.10+2-2lib/libc/string/strlen.c
1.5+2-2lib/libc/string/wcslen.c
1.7+2-2lib/libc/hidden/string.h
1.7+2-2lib/libc/hidden/wchar.h
1.90+2-1libexec/ld.so/Makefile
+15-106 files

OpenBSD/src u5xUngAlibexec/login_ldap aldap.c, usr.bin/ldap aldap.c

   login_ldap(8)/ldap(1): fix endless loop

   Goto fail on closed socket and check for evbuffer_add(3) errors, too.

   Original bug was reported by Matthias Pitzl.

   On Tue, Jun 30, 2026 at 11:35:32AM +0200, Martijn van Duren wrote:
   > Could you also make sure other aldap.c users get the fix?

   OK martijn@
VersionDeltaFile
1.3+4-4libexec/login_ldap/aldap.c
1.11+4-4usr.bin/ldap/aldap.c
+8-82 files

OpenBSD/src viNVE6Kusr.sbin/ypldap aldap.c

   ypldap(8): fix endless loop

   Goto fail on closed socket and check for evbuffer_add(3) errors, too.

   OK martijn@
VersionDeltaFile
1.50+4-4usr.sbin/ypldap/aldap.c
+4-41 files

OpenBSD/src cBBSbWJsys/arch/arm64/dev aplns.c, sys/dev/ic nvme.c

   partially revert previous to return to 64-byte submission queue
   entries by default, only applying 128-byte entries on APPLE_NVME3
   (T2) where we know it's needed

   the previous change broke APPLE_NVME2 which advertises 128 bytes but
   needs 64

   ok dlg
VersionDeltaFile
1.129+3-7sys/dev/ic/nvme.c
1.15+7-1sys/dev/pci/nvme_pci.c
1.19+1-2sys/arch/arm64/dev/aplns.c
+11-103 files

OpenBSD/src o3Ez8Wvlib/libc/sys pledge.2

   Yet another AI assisted report has triggered on the belief that
   kill(2) against 0 (for pgrp) should not be permitted by pledge "proc".
   Nothing validates this premise.  Blocking process group kills would
   break substantial amounts of software in dangeous ways, as it creates
   fragile invarient conditions.  We previously tried to block this belief
   with kern_pledge.c:1.357 by subtly adding "/pgrp" in a comment, but that
   was not effective so try adding "kill(2) may still operate on the
   process group with pid 0." to the manual page.  This is annoying
   because the pledge manual page usually describes what is blocked
   (resulting in process killing) rather than specifically listing
   what allowed.
   Discussed with Ivan Arce
VersionDeltaFile
1.86+5-3lib/libc/sys/pledge.2
+5-31 files

OpenBSD/src JaSuZmdsys/isofs/cd9660 cd9660_node.c, sys/isofs/udf udf_vnops.c

   sys: check vnode identity after vget

   Several vnode lookup paths keep a vnode pointer from a filesystem hash,
   node tree, or alias list, then call vget() after dropping or lacking the
   lookup side protection. If the vnode is recycled while vget() waits, the
   pointer can still name a valid struct vnode, but no longer the object
   found by the lookup.

   Record v_id before vget() and retry the lookup if the id changes after
   the vnode is locked. This matches the existing namecache pattern and
   turns stale vnode hits into lookup retries instead of returning the
   wrong object.

   OK: claudio@
VersionDeltaFile
1.68+13-4sys/ntfs/ntfs_vfsops.c
1.32+3-12sys/ufs/ufs/ufs_ihash.c
1.76+11-3sys/isofs/udf/udf_vnops.c
1.69+8-2sys/msdosfs/msdosfs_denode.c
1.39+7-1sys/isofs/cd9660/cd9660_node.c
1.335+7-1sys/kern/vfs_subr.c
+49-232 files not shown
+63-258 files

OpenBSD/src V1Nnygcusr.sbin/vmd proc.c vmd.c

   vmd(8): remove extraneous control socket objects.

   Vestiges of the past.

   ok hshoexer@
VersionDeltaFile
1.37+1-8usr.sbin/vmd/proc.c
1.175+1-5usr.sbin/vmd/vmd.c
1.31+1-2usr.sbin/vmd/proc.h
+3-153 files

OpenBSD/src EQRWYG2sys/kern sysv_msg.c

   Drop sleeping malloc() handling in sysctl_sysvmsg(). msginfo.msgmni is
   immutable, it can't be changed during sleep.

   ok millert kirill
VersionDeltaFile
1.46+8-15sys/kern/sysv_msg.c
+8-151 files

OpenBSD/src OucXHO5distrib/arm64/iso Makefile

   grow iso
VersionDeltaFile
1.15+2-2distrib/arm64/iso/Makefile
+2-21 files

OpenBSD/src rkObihyusr.bin/tmux tty-features.c tty-keys.c

   Add default features for Ghostty, GitHub issue 5305 from Glib Shpychka.
VersionDeltaFile
1.39+13-1usr.bin/tmux/tty-features.c
1.207+3-1usr.bin/tmux/tty-keys.c
+16-22 files

OpenBSD/src ATmvXq4usr.bin/tmux screen-write.c

   Redraw when sync stops again (accidentally turned off), from Japin Li in
   GitHub issue 5304.
VersionDeltaFile
1.278+3-1usr.bin/tmux/screen-write.c
+3-11 files

OpenBSD/src H4DPAtplib/libutil ober_read_elements.3

   ober_read_elements(3): returns NULL on error, not -1

   OK claudio@
   ok tb
VersionDeltaFile
1.6+5-3lib/libutil/ober_read_elements.3
+5-31 files

OpenBSD/src mT0sl3iusr.bin/tmux mode-tree.c

   Remove C-r from help since it does not in fact exist.
VersionDeltaFile
1.97+1-3usr.bin/tmux/mode-tree.c
+1-31 files

OpenBSD/src ccUMQ1musr.bin/ssh ssherr-libcrypto.c

   ssherr-libcrypto: avoid use of deprecated ERR_load_crypto_strings()

   Follow regress and use unchecked OPENSSL_init_crypto() because
   ERR_load_crypto_strings() has been deprecated in OpenSSL 1.1.0.
   This call can in principle fail, in which case there's a fallback
   to generic error strings.

   There is still use of OpenSSL 3.x-deprecated API in here. That's
   a problem for someone else to solve.

   ok djm
VersionDeltaFile
1.2+2-2usr.bin/ssh/ssherr-libcrypto.c
+2-21 files

OpenBSD/src xyyW0Qhusr.bin/units units.lib

   change Venezuelan Bolivar ISO 4217 code from VEF to VES

   VES was used for the 2018 redenomination.  VED was used as part of the 2021
   redenomination process.  VES remains the official code after the 2021
   redenomination according to ISO 4217 amendment number 170.
VersionDeltaFile
1.149+2-2usr.bin/units/units.lib
+2-21 files

OpenBSD/src vvUTsPSusr.bin/ssh sftp.c

   another ruser_name/ruser_group vs attrib_to_stat() ordering
   screwup. Coverity CID 910530 via dtucker@
VersionDeltaFile
1.257+3-3usr.bin/ssh/sftp.c
+3-31 files

OpenBSD/src ckRzXrHusr.bin/ssh sftp.c

   set FD_CLOEXEC on the fds between sftp and its ssh process,
   avoids risk of subcommands that write on odd fds breaking the
   connection. GHPR693 from Manuel Einfalt;
   feedback deraadt@ ok dtucker@
VersionDeltaFile
1.256+3-1usr.bin/ssh/sftp.c
+3-11 files

OpenBSD/src jL5konzusr.bin/ssh packet.c

   check key and IV length received in privsep state transfer
   exactly match the expected sizes for the selected cipher;
   partially redundant to similar checks in cipher_init(), but
   nice to be more exact.

   GHPR from jmestwa-coder; ok dtucker@
VersionDeltaFile
1.339+6-1usr.bin/ssh/packet.c
+6-11 files

OpenBSD/src cXmqTNcusr.bin/ssh sftp.c

   revert bits that weren't ready for commit yet
VersionDeltaFile
1.255+3-5usr.bin/ssh/sftp.c
+3-51 files

OpenBSD/src kDbjyTKusr.bin/ssh sftp.c

   Move user/group name lookup to correct place; coverity CID 910530
   via dtucker@
VersionDeltaFile
1.254+6-4usr.bin/ssh/sftp.c
+6-41 files

OpenBSD/src n5jO0CAusr.sbin/dhcpd options.c dhcpd.h

   create_priority_list: fix the priority_len bounds check
   OK job@
VersionDeltaFile
1.38+9-9usr.sbin/dhcpd/options.c
1.74+8-6usr.sbin/dhcpd/dhcpd.h
+17-152 files

OpenBSD/src EhK7Z8qsys/dev/acpi acpidmar.c

   Use pre-allocated extent region descriptors to prevent bus_dmamap_load(9)
   failures on a dmamap that was created with the BUS_DMA_ALLOCNOW flag.

   ok chris@, hshoexer@
VersionDeltaFile
1.16+33-37sys/dev/acpi/acpidmar.c
+33-371 files

OpenBSD/src 0WQVHhKusr.bin/tmux window.c server-client.c

   Cache scrollbar options in window to avoid a slow lookup when working
   out visible ranges.
VersionDeltaFile
1.353+20-33usr.bin/tmux/window.c
1.482+22-28usr.bin/tmux/server-client.c
1.83+8-12usr.bin/tmux/layout.c
1.147+5-10usr.bin/tmux/screen-redraw.c
1.65+6-8usr.bin/tmux/cmd-resize-pane.c
1.1382+8-5usr.bin/tmux/tmux.h
+69-962 files not shown
+81-1038 files

OpenBSD/src 8TJOxEUusr.bin/tmux tmux.c input.c

   Allow :. in names again, forbidding them is overly pernickety. Only
   forbid invalid UTF-8 and #(.
VersionDeltaFile
1.221+4-18usr.bin/tmux/tmux.c
1.263+7-9usr.bin/tmux/input.c
1.151+7-7usr.bin/tmux/cmd-new-session.c
1.1381+4-10usr.bin/tmux/tmux.h
1.105+3-9usr.bin/tmux/screen.c
1.70+4-4usr.bin/tmux/cmd-break-pane.c
+29-576 files not shown
+47-7512 files