OpenBSD/ports jCYbogKarchivers/xz Makefile, archivers/xz/patches patch-src_liblzma_common_stream_decoder_mt_c

by naddy on ⎇
   archivers/xz: security fix for CVE-2025-31115

   The multithreaded .xz decoder in liblzma has a bug where invalid input
   can at least result in a crash.

   reported by jca@
VersionDeltaFile
1.51.2.1+1-0archivers/xz/Makefile
1.1.2.1+0-0archivers/xz/patches/patch-src_liblzma_common_stream_decoder_mt_c
+1-02 files

OpenBSD/ports COMaucparchivers/libarchive distinfo Makefile

by naddy on ⎇
   archivers/libarchive: update to 3.7.9

   Fixes confusion between the size of the extracted file and the size
   of the contents in the tar archive when GNU sparse entrie are
   involved.
VersionDeltaFile
1.40.2.4+2-2archivers/libarchive/distinfo
1.60.2.4+1-1archivers/libarchive/Makefile
+3-32 files

OpenBSD/ports 8nZtPckdevel/cmake/patches patch-Source_cmCurl_cxx

by sthen on ⎇
   add upstream cmake patch for curl break in (undocumented) api
   https://github.com/Kitware/CMake/commit/1b0c92a3a1b782ff3e1c4499b6ab8db614d45bcd
   https://github.com/curl/curl/pull/16482

   diff from jca (i added a comment to the patch), ok tb (implicit ok sthen ;)
VersionDeltaFile
1.1+24-0devel/cmake/patches/patch-Source_cmCurl_cxx
+24-01 files

OpenBSD/ports gxZ4gz8net/dnscrypt-proxy distinfo Makefile

by namn on ⎇
   update net/dnscrypt-proxy 2.1.8


   changelog:
   https://github.com/DNSCrypt/dnscrypt-proxy/releases/tag/2.1.8

   from Igor Zornik <mocheryl AT mocheryl DOT org>. thanks!
   ok sthen@
VersionDeltaFile
1.39+2-2net/dnscrypt-proxy/distinfo
1.70+1-1net/dnscrypt-proxy/Makefile
+3-32 files

OpenBSD/ports E144N6Gnet/prosody distinfo Makefile, net/prosody/patches patch-core_certmanager_lua

by lucas on ⎇
   net/prosody: update to 13.0.1

   Bug fixes, in particular regarding TLS behaviour. Full notes at
   https://blog.prosody.im/prosody-13.0.1-released/ .

   ok sthen tb
VersionDeltaFile
1.32+2-2net/prosody/distinfo
1.80+1-1net/prosody/Makefile
1.9+1-1net/prosody/patches/patch-core_certmanager_lua
+4-43 files

OpenBSD/ports 4mkwTCQwww/kiwix/kiwix-tools Makefile distinfo

by bentley on ⎇
   Unbreak kiwix-tools by updating to a prerelease commit.

   ok sthen@
VersionDeltaFile
1.5+13-4www/kiwix/kiwix-tools/Makefile
1.4+2-2www/kiwix/kiwix-tools/distinfo
+15-62 files

OpenBSD/ports XQk9gazwww/pm2 distinfo Makefile, www/pm2/pkg PLIST

by aisha on ⎇
   update to 6.0.5
VersionDeltaFile
1.3+62-144www/pm2/pkg/PLIST
1.2+4-4www/pm2/distinfo
1.3+1-3www/pm2/Makefile
+67-1513 files

OpenBSD/ports u7Y1wTewww/freshrss distinfo Makefile, www/freshrss/pkg PLIST

by aisha on ⎇
   update to 1.26.1
VersionDeltaFile
1.8+111-48www/freshrss/pkg/PLIST
1.9+2-2www/freshrss/distinfo
1.13+1-1www/freshrss/Makefile
+114-513 files

OpenBSD/ports Px0uDQUnet/jitsi/meet distinfo Makefile, net/jitsi/meet/pkg PLIST

by aisha on ⎇
   update to 2.0.10133
VersionDeltaFile
1.6+4-2net/jitsi/meet/pkg/PLIST
1.6+2-2net/jitsi/meet/distinfo
1.8+1-1net/jitsi/meet/Makefile
+7-53 files

OpenBSD/ports KCNWQm4net/jitsi/prosody-plugins Makefile distinfo, net/jitsi/prosody-plugins/pkg PLIST

by aisha on ⎇
   update to 2.0.10133
VersionDeltaFile
1.6+2-2net/jitsi/prosody-plugins/Makefile
1.5+2-2net/jitsi/prosody-plugins/distinfo
1.4+1-2net/jitsi/prosody-plugins/pkg/PLIST
+5-63 files

OpenBSD/ports TZT0q5gnet/jitsi/videobridge distinfo Makefile

by aisha on ⎇
   update to 2.0.10133
VersionDeltaFile
1.6+4-4net/jitsi/videobridge/distinfo
1.10+2-2net/jitsi/videobridge/Makefile
+6-62 files

OpenBSD/ports VoROi23net/jitsi/jicofo distinfo Makefile

by aisha on ⎇
   update to 2.0.10133
VersionDeltaFile
1.6+2-2net/jitsi/jicofo/distinfo
1.9+1-1net/jitsi/jicofo/Makefile
+3-32 files

OpenBSD/ports LQxsiqhx11/mruby-zest Makefile

by phessler on ⎇
   armv7: build frozen for over 12 hours
VersionDeltaFile
1.6+2-0x11/mruby-zest/Makefile
+2-01 files

OpenBSD/ports p5zHJhZwww/webkitgtk4 distinfo Makefile, www/webkitgtk4/patches patch-Source_WTF_wtf_PlatformCPU_h patch-Source_cmake_OptionsCommon_cmake

by ajacoutot on ⎇
   Update to webkitgtk{40,41,60}-2.48.1.

   ok naddy@
VersionDeltaFile
1.130+2-2www/webkitgtk4/distinfo
1.6+1-1www/webkitgtk4/patches/patch-Source_WTF_wtf_PlatformCPU_h
1.26+1-1www/webkitgtk4/patches/patch-Source_cmake_OptionsCommon_cmake
1.18+1-1www/webkitgtk4/patches/patch-Source_cmake_WebKitCompilerFlags_cmake
1.14+1-1www/webkitgtk4/patches/patch-Source_JavaScriptCore_offlineasm_arm64_rb
1.234+1-1www/webkitgtk4/Makefile
+7-76 files

OpenBSD/ports y04qCL6archivers/xz Makefile, archivers/xz/patches patch-src_liblzma_common_stream_decoder_mt_c

by naddy on ⎇
   archivers/xz: security fix for CVE-2025-31115

   The multithreaded .xz decoder in liblzma has a bug where invalid input
   can at least result in a crash.

   reported by jca@
VersionDeltaFile
1.1+186-0archivers/xz/patches/patch-src_liblzma_common_stream_decoder_mt_c
1.54+1-0archivers/xz/Makefile
+187-02 files

OpenBSD/ports CWIEE03net/curl Makefile distinfo, net/curl/pkg PLIST

by naddy on ⎇
   net/curl: update to 8.13.0

   Changes:
   * curl: add write-out variable 'tls_earlydata'
   * curl: make --url support a file with URLs
   * IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags
   * lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
   * OpenSSL/quictls: add support for TLSv1.3 early data
   * var: add a '64dec' function that can base64 decode a string

   Committed now to minimize the difference for the inevitable security
   updates during the lifetime of OpenBSD 7.7-stable.
VersionDeltaFile
1.205+2-2net/curl/Makefile
1.138+2-2net/curl/distinfo
1.86+1-0net/curl/pkg/PLIST
+5-43 files

OpenBSD/ports q42qsWClang/rust distinfo Makefile, lang/rust/patches patch-vendor_libgit2-sys_build_rs patch-compiler_rustc_session_src_options_rs

by semarie on ⎇
   update lang/rust to 1.86.0

   Announce: https://blog.rust-lang.org/2025/04/03/Rust-1.86.0.html
   Release notes: https://doc.rust-lang.org/stable/releases.html#version-1860-2025-04-03
VersionDeltaFile
1.18+280-263lang/rust/pkg/PLIST-src
1.54+16-4lang/rust/pkg/PLIST-main
1.149+8-8lang/rust/distinfo
1.229+5-7lang/rust/Makefile
1.10+5-5lang/rust/patches/patch-vendor_libgit2-sys_build_rs
1.19+4-4lang/rust/patches/patch-compiler_rustc_session_src_options_rs
+318-2913 files not shown
+324-2979 files

OpenBSD/ports RmVyPIltelephony/kamailio Makefile

by phessler on ⎇
   seen on armv7: Unsupported compiler (cc:clang)
VersionDeltaFile
1.59+2-0telephony/kamailio/Makefile
+2-01 files

OpenBSD/ports bTjLO0Nwww/anubis distinfo Makefile

by sthen on ⎇
   update to anubis-1.15.1

   only change is a fix for: "due to an incorrect logic change in a refactor.
   This allows an attacker to mint a valid access token by passing any SHA-256
   hash instead of one that matches the proof-of-work test"
VersionDeltaFile
1.3+2-2www/anubis/distinfo
1.3+1-1www/anubis/Makefile
+3-32 files

OpenBSD/ports MA13gzRnet/openvpn distinfo Makefile, net/openvpn/patches patch-src_openvpn_route_c patch-include_Makefile_in

by jca on ⎇
   MFC: SECURITY update to openvpn-2.6.14

   CVE-2025-2704: fix possible ASSERT() on OpenVPN servers
   using --tls-crypt-v2 Security scope
VersionDeltaFile
1.21.4.1+2-2net/openvpn/patches/patch-src_openvpn_route_c
1.65.2.1+2-2net/openvpn/distinfo
1.20.2.1+1-1net/openvpn/patches/patch-include_Makefile_in
1.25.2.1+1-1net/openvpn/patches/patch-src_openvpn_tun_c
1.129.2.1+1-1net/openvpn/Makefile
1.36.2.1+1-1net/openvpn/patches/patch-configure
+8-86 files

OpenBSD/ports lHuZiIunet/openvpn distinfo Makefile, net/openvpn/patches patch-configure patch-include_Makefile_in

by jca on ⎇
   SECURITY update to openvpn-2.6.14

   CVE-2025-2704: fix possible ASSERT() on OpenVPN servers
   using --tls-crypt-v2 Security scope
VersionDeltaFile
1.67+2-2net/openvpn/distinfo
1.133+1-1net/openvpn/Makefile
1.38+1-1net/openvpn/patches/patch-configure
1.22+1-1net/openvpn/patches/patch-include_Makefile_in
+5-54 files

OpenBSD/ports Hx96mcQgeo/gdal Makefile

by landry on ⎇
   geo/gdal: make sure geo/sfcgal is not picked it found at configure time

   i'll enable it post-release when updating to 3.10.3.
VersionDeltaFile
1.153+1-0geo/gdal/Makefile
+1-01 files

OpenBSD/ports r2sNzaPgraphics/gimp/snapshot distinfo Makefile, graphics/gimp/snapshot/patches patch-meson_build patch-tools_in-build-gimp_sh

by landry on ⎇
   graphics/gimp/snapshot: update to 3.0.2.

   see https://www.gimp.org/news/2025/03/16/gimp-3-0-released/
   and https://www.gimp.org/news/2025/03/23/gimp-3-0-2-released/

   better ship that in 7.7 than an rc3.
VersionDeltaFile
1.12+8-0graphics/gimp/snapshot/pkg/PLIST
1.8+2-2graphics/gimp/snapshot/distinfo
1.10+2-2graphics/gimp/snapshot/patches/patch-meson_build
1.32+1-2graphics/gimp/snapshot/Makefile
1.2+1-1graphics/gimp/snapshot/patches/patch-tools_in-build-gimp_sh
+14-75 files

OpenBSD/ports lztAqiWsecurity/libdigidocpp Makefile

by kn on ⎇
   drop obsolete build dependency on devel/xsd

   in last update to 4.1.0 upstream switched to libxml and xmlsec,
   back then I forgot to remove the line from our Makefile.
VersionDeltaFile
1.28+0-1security/libdigidocpp/Makefile
+0-11 files

OpenBSD/ports f0Q5151security/spiped distinfo Makefile

by jturner on ⎇
   Update spiped to 1.6.4

   Fixes a bug which can cause spiped to abort of a RST package arrives
   from one side of a pipe at the same time as a FIN packet arrives from
   the other end.
VersionDeltaFile
1.12+2-2security/spiped/distinfo
1.22+1-1security/spiped/Makefile
+3-32 files

OpenBSD/ports MCNwWelx11/xfce4/terminal Makefile

by naddy on ⎇
   x11/xfce4/terminal: correct dependency for local xsl file

   ok landry@
VersionDeltaFile
1.94+1-1x11/xfce4/terminal/Makefile
+1-11 files

OpenBSD/ports Cics8Jpwww/webkitgtk4 Makefile, www/webkitgtk4/patches patch-Source_WTF_wtf_PlatformEnable_h

by jca on ⎇
   Forcefully disable web assembly on riscv64, fixes the failure seen in 2.48.0

   ok ajacoutot@ (maintainer)
VersionDeltaFile
1.14+11-1www/webkitgtk4/patches/patch-Source_WTF_wtf_PlatformEnable_h
1.233+1-1www/webkitgtk4/Makefile
+12-22 files

OpenBSD/ports nzj6Dqesysutils/py-ansible-libssh Makefile distinfo, sysutils/py-ansible-libssh/pkg PLIST

by sthen on ⎇
   update py3-ansible-libssh to a git checkout baa2ab830d4 fixing issues
   including:

   - Copying >2048M file with scp.put results in the remote file becoming
   0 bytes and pylibssh fails with an exception

   - Intermittent SIGSEGV on consecutive ssh_channel.exec_command() invocations

   - When sftp.get requires reading two chunks, the last chunk overwrites
   earlier ones

   from Mikolaj Kucharski
   "I don't have comments" maintainer
VersionDeltaFile
1.3+12-6sysutils/py-ansible-libssh/pkg/PLIST
1.4+5-4sysutils/py-ansible-libssh/Makefile
1.2+2-2sysutils/py-ansible-libssh/distinfo
+19-123 files

OpenBSD/ports Zn6epdUdevel/py-typer Makefile

by tb on ⎇
   py3-typer: fix TDEP after shells/fish surgery

   pkglocatedb breakage reported by kevlo,
   tested by kevlo, looks sane to sthen
VersionDeltaFile
1.9+8-1devel/py-typer/Makefile
+8-11 files

OpenBSD/ports OfIS7wJdevel/got Makefile, devel/got/patches patch-lib_repository_c patch-gotd_session_write_c

by stsp on ⎇
   cherrypick a bunch of bug fixes from upstream got.git into devel/got

   The got.git repository contains several new features which are not ready
   to be released. However, some bugs were fixed and pulling these fixes
   into the devel/got port for the upcoming OpenBSD release seems desirable.

   - make got clone/fetch work against Git servers which do not speak English
   - got/gotwebd: fix use-after-free in match_packed_object()
   - gotd: add a missing malloc failure check to repo_write process
   - gotd: close file descriptors passed to gotd_imsg_compose_event() on failure
   - gotd: stop processing more messages upon error in gotd repo_write process
VersionDeltaFile
1.3+45-10devel/got/patches/patch-lib_repository_c
1.1+39-0devel/got/patches/patch-gotd_session_write_c
1.1+29-0devel/got/patches/patch-gotd_repo_write_c
1.1+23-0devel/got/patches/patch-libexec_got-fetch-pack_got-fetch-pack_c
1.1+20-0devel/got/patches/patch-gotd_session_read_c
1.128+1-0devel/got/Makefile
+157-106 files