OpenBSD/src JpywGgFdistrib/sets/lists/base mi

   sync libevent major bump
VersionDeltaFile
1.1188+1-1distrib/sets/lists/base/mi
+1-11 files

OpenBSD/src l5309MQregress/lib/libevent event_regress.c

   Delete tests for code that has been removed in base libevent.
VersionDeltaFile
1.2+0-252regress/lib/libevent/event_regress.c
+0-2521 files

OpenBSD/src BNfZAnDlib/libevent event.h Makefile

   Do not ship evtag functions in base libevent.

   Upstream libevent 2.1.13-stable contains several security fixes.
   Our reduced libevent 1.4.15-stable does not contain the affected
   code.  The functions in event_tagging.c are only used by evrpc which
   we have removed from libevent.  As the attack vectors for the
   upstream fixes go through evrpc to evtag, better remove this dead
   code and do not export it in our libevent.  Major library bump
   needed.

   OK dlg@ claudio@ sthen@
VersionDeltaFile
1.32+1-52lib/libevent/event.h
1.44+2-2lib/libevent/Makefile
1.11+2-2lib/libevent/shlib_version
1.11+1-1lib/libevent/event_tagging.c
+6-574 files

OpenBSD/src pXgkmP7usr.sbin/rpki-client ccr.c

   der_len needs to be int so that the error check around i2d_X509_PUBKEY()
   works. Only positive der_len values make it to base64_encode() where it
   is promoted to size_t which is fine.

   OK tb@
VersionDeltaFile
1.41+2-2usr.sbin/rpki-client/ccr.c
+2-21 files

OpenBSD/src 1nK6734usr.sbin/rpki-client filemode.c

   Add missing spl_free() in the proc_parser_file() spaghetti

   OK tb@
VersionDeltaFile
1.85+2-1usr.sbin/rpki-client/filemode.c
+2-11 files

OpenBSD/src N2N0wDyusr.sbin/rpki-client ccr.c

   ccr: use uint32_t and %u for AS numbers

   ok claudio
VersionDeltaFile
1.40+15-15usr.sbin/rpki-client/ccr.c
+15-151 files

OpenBSD/src 2IEHwepusr.sbin/rpki-client tak.c

   Tak files should use RTYPE_TAK not RTYPE_SPL.

   OK tb@
VersionDeltaFile
1.32+2-2usr.sbin/rpki-client/tak.c
+2-21 files

OpenBSD/src UphZKvlusr.sbin/rpki-client output-json.c print.c

   ASnum are unsigned 32bit values. Use %u to print them not %d.

   Also use json_do_uint() just to be consistent. The json encoder operates
   with 64bit values so it does not matter there as much as it does for printf.

   With and OK tb@
VersionDeltaFile
1.61+6-6usr.sbin/rpki-client/output-json.c
1.79+6-6usr.sbin/rpki-client/print.c
1.36+2-2usr.sbin/rpki-client/output-bgpd.c
1.27+2-2usr.sbin/rpki-client/output-bird.c
+16-164 files

OpenBSD/src TTVDPpCusr.bin/tmux tmux.1 key-bindings.c

   Fix . and ; bindings, reported by tb.
VersionDeltaFile
1.1127+2-5usr.bin/tmux/tmux.1
1.186+3-3usr.bin/tmux/key-bindings.c
+5-82 files

OpenBSD/src liGAeqRsys/arch/arm64/arm64 machdep.c, sys/arch/arm64/include cpu.h

   Implement the machdep.led_blink sysctl on arm64 and riscv64 and add support
   for it to gpioleds(4).  Enable gpioleds(4) on riscv64.
VersionDeltaFile
1.100+62-1sys/arch/arm64/arm64/machdep.c
1.45+62-1sys/arch/riscv64/riscv64/machdep.c
1.5+37-5sys/dev/fdt/gpioleds.c
1.28+12-2sys/arch/riscv64/include/cpu.h
1.56+12-2sys/arch/arm64/include/cpu.h
1.65+2-1sys/arch/riscv64/conf/GENERIC
+187-126 files

OpenBSD/src BnSIwcoetc/examples login_ldap.conf

   - fix syntax in example login_ldap.conf file, it had :\ on a line
   presumably when converted from getcap in the ports version

   - switch to a more unix-y sample filter, and add a commented-out example
   for ActiveDirectory

   based on a diff from Chaz Kettleson which was ok with tweaks by claudio@,
   and incorporating feedback from Andrew Daugherity
VersionDeltaFile
1.2+6-3etc/examples/login_ldap.conf
+6-31 files

OpenBSD/src FTEEAO3usr.bin/tmux key-bindings.c menu.c

   Add C-b g , and C-b g . for move and resize menus, also add to pane menu
   (and fix to make them work).
VersionDeltaFile
1.185+30-1usr.bin/tmux/key-bindings.c
1.68+16-3usr.bin/tmux/menu.c
1.51+9-1usr.bin/tmux/cmd-display-menu.c
1.1126+5-2usr.bin/tmux/tmux.1
1.1393+4-1usr.bin/tmux/tmux.h
+64-85 files

OpenBSD/src xkBCNzhusr.bin/tmux layout.c tmux.h

   Add a layout_geometry container struct, from Dane Jensen.
VersionDeltaFile
1.91+138-138usr.bin/tmux/layout.c
1.1392+21-22usr.bin/tmux/tmux.h
1.66+20-20usr.bin/tmux/cmd-resize-pane.c
1.36+20-20usr.bin/tmux/layout-custom.c
1.68+18-16usr.bin/tmux/cmd-join-pane.c
1.38+9-9usr.bin/tmux/layout-set.c
+226-2253 files not shown
+243-2449 files

OpenBSD/src M2d1M79usr.bin/tmux key-bindings.c window.c

   Set initial scrollbar state, from Michael Grant.
VersionDeltaFile
1.184+2-2usr.bin/tmux/key-bindings.c
1.357+3-1usr.bin/tmux/window.c
+5-32 files

OpenBSD/src 5wfF932usr.bin/tmux key-bindings.c tmux.1

   Restore { and } to swap-pane and for floating panes and use a separate
   key table accessed by g (short for "gove and/or gesize") for floating
   panes. So "C-b g Up" moves the pane to top-centre, "C-b g M-Up" moves
   and resizes it. This means we not only do not lose the surprisingly
   popular { and } bindings, but we can have more than four keys for moving
   and resizing panes.
VersionDeltaFile
1.183+22-5usr.bin/tmux/key-bindings.c
1.1125+8-8usr.bin/tmux/tmux.1
+30-132 files

OpenBSD/src o5k1buHsys/net pipex.c

   don't assume an ipv4 header is always 20 bytes.

   as reported by SecBuddyF, Tencent KeenLab:

   > OpenBSD's pipex PPTP GRE packet handling uses a fixed GRE/IP header
   > length check before later reading the GRE header at an offset derived
   > from the actual IPv4 header length.
   >
   > When IPv4 options are present, the dynamic IPv4 header length can
   > be larger than 20 bytes. A short GRE packet can therefore pass the
   > fixed 28-byte PIPEX_IPGRE_HDRLEN check while still being too short
   > for the later m_copydata(m0, hlen, sizeof(gre), &gre) read.
   >
   > This can trigger:
   >
   >   panic: m_copydata: null mbuf
   >
   > The issue is remotely triggerable when GRE and pipex are enabled
   > and inbound IPv4 GRE packets with IP options are allowed to reach

    [8 lines not shown]
VersionDeltaFile
1.163+26-8sys/net/pipex.c
+26-81 files

OpenBSD/src A9xxEr9usr.bin/ssh authfile.c

   prefer fstat to stat when it's trivial to do so
VersionDeltaFile
1.152+2-2usr.bin/ssh/authfile.c
+2-21 files

OpenBSD/src uu2Yw7fusr.bin/ssh auth2-gss.c

   unused variables
VersionDeltaFile
1.42+1-3usr.bin/ssh/auth2-gss.c
+1-31 files

OpenBSD/src RxAXLAEusr.bin/ssh servconf.c servconf.h

   fix GSSAPI option names, that I somehow screwed up while refactoring
   servconf.c bz3974 patch from Colin Watson
VersionDeltaFile
1.451+9-9usr.bin/ssh/servconf.c
1.179+9-9usr.bin/ssh/servconf.h
+18-182 files

OpenBSD/src S2wrnPpgnu/usr.bin/perl/cpan/Socket Socket.pm Socket.xs, gnu/usr.bin/perl/cpan/Socket/t sockaddr.t

   Update Socket to 2.041

   CVE-2026-12087:
    Socket versions before 2.041 for Perl have an out-of-bounds heap read

   From security.metacpan.org
VersionDeltaFile
1.8+77-26gnu/usr.bin/perl/cpan/Socket/Socket.pm
1.8+70-33gnu/usr.bin/perl/cpan/Socket/Socket.xs
1.2+71-6gnu/usr.bin/perl/cpan/Socket/t/sockaddr.t
+218-653 files

OpenBSD/src 8ndBGEPusr.bin/tmux layout.c options.c

   Could of minor tidy ups.
VersionDeltaFile
1.90+2-6usr.bin/tmux/layout.c
1.89+2-2usr.bin/tmux/options.c
+4-82 files

OpenBSD/src a1bjMfmusr.bin/tmux screen-write.c

   When sync is enabled, we need to mark the whole scroll region dirty if
   there has been any scrolling. GitHub issue 5330.
VersionDeltaFile
1.282+5-1usr.bin/tmux/screen-write.c
+5-11 files

OpenBSD/src Onn9QJRusr.bin/tmux window-customize.c cmd-set-option.c

   Add a key to change an array key in customize mode.
VersionDeltaFile
1.30+87-2usr.bin/tmux/window-customize.c
1.144+3-3usr.bin/tmux/cmd-set-option.c
1.401+3-1usr.bin/tmux/format.c
1.88+2-2usr.bin/tmux/options.c
+95-84 files

OpenBSD/src 6GQA27eusr.bin/tmux options.c window-customize.c

   Change array item keys to be strings instead of numbers which are
   painful to work with.
VersionDeltaFile
1.87+161-46usr.bin/tmux/options.c
1.29+57-49usr.bin/tmux/window-customize.c
1.72+19-17usr.bin/tmux/cmd-show-options.c
1.400+17-16usr.bin/tmux/format.c
1.143+18-13usr.bin/tmux/cmd-set-option.c
1.1391+15-13usr.bin/tmux/tmux.h
+287-1545 files not shown
+314-18011 files

OpenBSD/src fovRhD0sbin/iked vroute.c

   iked: Wrong data structure zeroized

   The parameter int mask was confused with the local variable struct
   sockaddr_in mask4.  bzero(3) was applied to mask instead of mask4.

   ok markus@
VersionDeltaFile
1.22+2-2sbin/iked/vroute.c
+2-21 files

OpenBSD/src 07jJDJqusr.bin/tmux monitor.c

   NOJOBS is a flag, use correct argument.
VersionDeltaFile
1.4+2-2usr.bin/tmux/monitor.c
+2-21 files

OpenBSD/src Bf7GxsBusr.bin/tmux mode-tree.c

   Check for width/height 0, based on change from Uzair Aftab.
VersionDeltaFile
1.99+6-4usr.bin/tmux/mode-tree.c
+6-41 files

OpenBSD/src cycVeniusr.bin/tmux layout.c

   Do not create zero size panes, from Uzair Aftab.
VersionDeltaFile
1.89+3-2usr.bin/tmux/layout.c
+3-21 files

OpenBSD/src v0JKT8Xusr.bin/tmux monitor.c

   Do not allow jobs in monitor formats.
VersionDeltaFile
1.3+18-6usr.bin/tmux/monitor.c
+18-61 files

OpenBSD/src TAgqaIZusr.bin/tmux layout.c

   Unzoom before creating a floating pane (for now).
VersionDeltaFile
1.88+2-1usr.bin/tmux/layout.c
+2-11 files