CVSROOT: /cvs Module name: www Changes by: bcook@cvs.openbsd.org 2026/04/18 19:43:10 Modified files: libressl : index.html releases.html Log message: LibreSSL 4.3.1 CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/19 03:36:56 Modified files: sys/dev/ic : com.c Log message: Get rid of the COM_CONSOLE ifdef maze. This was introduced for sparc which is no longer with us. ok jsg@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/19 03:59:22 Modified files: sys/arch/amd64/amd64: autoconf.c bus_dma.c sys/arch/amd64/include: bus.h Log message: Extend the SEV bounce buffer implementation to make it usable for bouncing memory that isn't DMA reachable. ok deraadt@ CVSROOT: /cvs Module name: src Changes by: kettenis@cvs.openbsd.org 2026/04/19 13:29:53 Modified files: sys/arch/arm64/stand/efiboot: efiboot.c Log message: Terminate SMBIOS vendor/product matching at first match. ok jsg@, tobhe@, deraadt@ CVSROOT: /cvs Module name: ports Changes by: matthieu@cvs.openbsd.org 2026/04/19 13:38:52 Modified files: graphics/png : Makefile distinfo Log message: Update to png 1.6.58. ok deraadt@, naddy@. Fixes a regression introduced in 1.6.56 xenocara will be updated after unlock as it's not affected. CVSROOT: /cvs Module name: ports Changes by: matthieu@cvs.openbsd.org 2026/04/19 13:43:31 Modified files: graphics/png : Tag: OPENBSD_7_8 Makefile distinfo Log message: Update to png 1.6.58. ok deraadt@, naddy@. Fixes a regression introduced in 1.6.56 CVSROOT: /cvs Module name: src Changes by: millert@cvs.openbsd.org 2026/04/19 13:54:02 Modified files: libexec/login_chpass: Makefile Log message: login_chpass: No longer need to install this setuid root When the YP code was removed login_chpass became wrapper that just execs login_lchpass. OK deraadt@ CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/04/19 14:18:57 Modified files: shells/elvish : Makefile distinfo modules.inc shells/elvish/pkg: PLIST Log message: shells/elvish: Update to 0.21.0 The current version in ports is broken/non-functional. approved by naddy@ CVSROOT: /cvs Module name: ports Changes by: bcook@cvs.openbsd.org 2026/04/19 14:37:52 Modified files: sysutils/btop : Makefile Added files: sysutils/btop/patches: patch-src_openbsd_btop_collect.cpp Log message: Patch btop to report active CPU usage correctly from upstream https://github.com/aristocratos/btop/pull/1587 This also allows building on spark64 with gcc 15. CVSROOT: /cvs Module name: src Changes by: djm@cvs.openbsd.org 2026/04/19 17:37:22 Modified files: usr.bin/ssh : clientloop.c Log message: correctly set extended type for client-side channels. Fixes interactive vs bulk IPQoS for client->server traffic. ok job@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/19 18:18:21 Modified files: sys/conf : newvers.sh Log message: 7.9-current ok deraadt@ CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/19 19:25:12 Modified files: sys/dev/pci/drm/i915/gt: intel_engine_heartbeat.c Log message: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat From Sebastian Brzezinka 2af8b200cae3fdd0e917ecc2753b28bb40c876c1 in linux-6.18.y/6.18.23 4c71fd099513bfa8acab529b626e1f0097b76061 in mainline linux CVSROOT: /cvs Module name: src Changes by: jsg@cvs.openbsd.org 2026/04/19 19:27:42 Modified files: sys/dev/pci/drm/i915/display: intel_psr.c Log message: drm/i915/psr: Do not use pipe_src as borders for SU area From Jouni Hogander de9aa7e89b98157d2650f25691e40711b8404151 in linux-6.18.y/6.18.23 75519f5df2a9b23f7bf305e12dc9a6e3e65c24b7 in mainline linux CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/19 22:26:12 Modified files: lib/libcrypto/ec: ec_pmeth.c Log message: ec_pmeth: fix 20yo comment: *outlen -> *keylen CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/19 22:35:00 Modified files: lib/libtls : tls_keypair.c Log message: tls_keypair: add missing from bcook kenjiro CVSROOT: /cvs Module name: ports Changes by: ajacoutot@cvs.openbsd.org 2026/04/20 00:34:11 Modified files: x11/gtk+4 : Makefile distinfo Log message: Update to gtk+4-4.22.3. ok naddy@ CVSROOT: /cvs Module name: src Changes by: job@cvs.openbsd.org 2026/04/20 01:43:52 Modified files: usr.bin/ssh : channels.c Log message: Clarify comment on what setting extended types for channels does OK djm@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 02:14:29 Modified files: lib/libcrypto/mlkem: mlkem_internal.h Log message: mlkem: use instead of "mlkem.h" patch from portable CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 02:44:48 Modified files: usr.bin/vi/cl : cl_funcs.c usr.bin/vi/common: recover.c usr.bin/vi/ex : ex_append.c ex_bang.c ex_global.c usr.bin/vi/vi : vs_split.c Log message: vi: avoid set but not used warnings From Walter Alejandro Iglesias ok claudio CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 04:30:02 Modified files: usr.bin/vi/cl : cl_funcs.c cl_read.c cl_screen.c usr.bin/vi/common: cut.c delete.c exf.c gs.h key.c line.c main.c mark.c mem.h msg.c options.c seq.c usr.bin/vi/ex : ex.h ex_argv.c ex_cmd.c ex_filter.c ex_global.c ex_init.c ex_join.c ex_read.c ex_script.c ex_subst.c ex_tag.c ex_txt.c ex_util.c usr.bin/vi/vi : v_cmd.c v_delete.c v_ex.c v_screen.c v_search.c v_txt.c v_yank.c vi.c vs_msg.c vs_smap.c vs_split.c Log message: vi: whitespace fixes Zap trailing whitespace, remove spaces before tabs, and expand 8 spaces to tabs. Prompted by a diff by Walter Alejandro Iglesias CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 05:37:18 Modified files: usr.bin/vi/common: screen.c Log message: vi: fix indent by trailing extra space from Walter Alejandro Iglesias CVSROOT: /cvs Module name: ports Changes by: landry@cvs.openbsd.org 2026/04/20 10:46:15 Modified files: geo/mapserver : Makefile distinfo Log message: geo/mapserver: security update to 8.6.2. see https://mapserver.org/development/changelog/changelog-8-6.html#changelog-8-6 fixes https://github.com/MapServer/MapServer/security/advisories/GHSA-4g9f-ph64-hg2x ok naddy@ CVSROOT: /cvs Module name: ports Changes by: kn@cvs.openbsd.org 2026/04/20 12:16:56 Modified files: net/gelatod : Makefile distinfo Log message: update to gelatod-1.7; same fix as 029_v6daemons; OK naddy CVSROOT: /cvs Module name: ports Changes by: volker@cvs.openbsd.org 2026/04/20 13:07:42 Modified files: graphics/lcms2 : Makefile distinfo Log message: graphics/lcms2: Update to 2.19rc2 Fixes several issues, for reference see https://marc.info/?l=oss-security&m=177646929211758&w=2 pointed out by and ok tb@, ok naddy@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/20 15:18:37 Modified files: sys/arch/octeon/dev: octeon_intr.c Log message: sys/octeon: accept linux,phandle for IRQs SRX300 firmware DT describes the CIU root and several CIB interrupt controllers with linux,phandle, but omits phandle. octeon_intr_register() consumed only the latter; the controllers therefore never entered the interrupt controller registry, and every later interrupt-parent lookup for CIB, AHCI, and xHCI failed. Thus, dev/ofw/fdt lookup code already treats phandle and linux,phandle as equivalent; so the Octeon interrupt layer should do the same when registering interrupt controllers. OK: kettenis@, visa@ CVSROOT: /cvs Module name: src Changes by: kirill@cvs.openbsd.org 2026/04/20 15:20:38 Modified files: sys/arch/octeon/dev: cn30xxuart.c Log message: sys/octeon: preserve bootloader console baud The SRX300 console runs at 9600 baud under U-Boot; OpenBSD forced 115200 during console handoff, which garbled output immediately after early memory setup and made a live kernel look dead. Here, I read the programmed UART divisor instead and derive comconsrate from it, so the kernel preserves the bootloader console configuration. OK: visa@ CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:35:08 Modified files: distrib/notes/riscv64: prep Log message: Move hw-specific parts at the end of this file CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:38:55 Modified files: distrib/notes/riscv64: prep Log message: Document specifics for spacemit K1-based boards Orange Pi RV2, BananaPi F3, and Milk-V Jupiter Requested by deraadt CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:43:39 Modified files: distrib/notes/riscv64: prep Log message: Add post-install hints for boards without distro_bootcmd (like BPi F3/Jupiter) The default bootcmd is useless on these boards, so suggest some simple default boot command. CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:47:00 Modified files: distrib/notes/riscv64: hardware Log message: Mention some Spacemit K1 boards that kettenis added support for BananaPi F3, Orange Pi RV2, and Milk-V Jupiter CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 15:51:22 Modified files: distrib/notes/riscv64: prep Log message: Better wording and typo fix for the Spacemit K1 boards CVSROOT: /cvs Module name: src Changes by: jca@cvs.openbsd.org 2026/04/20 16:20:07 Modified files: distrib/notes/riscv64: prep Log message: Remove the bootcmd hint for now On this jupiter box, U-Boot's bootcmd can't be interrupted on the serial console by pressing any key, Ctrl+C or ESC, even though the official docs say it should be possible by pressing any key. sigh CVSROOT: /cvs Module name: ports Changes by: bket@cvs.openbsd.org 2026/04/20 21:20:14 Modified files: sysutils/rclone: Makefile distinfo Log message: Update to rclone-1.73.5 CVE-2026-41176 rc: add AuthRequired to options/set to prevent auth bypass rc: snapshot NoAuth at startup to prevent runtime auth bypass CVE-2026-41179 operations: add AuthRequired to operations/fsinfo to prevent backend creation Changelog: https://rclone.org/changelog/#v1-73-5-2026-04-19 OK sthen@ CVSROOT: /cvs Module name: src Changes by: tb@cvs.openbsd.org 2026/04/20 23:18:35 Modified files: regress/lib/libcrypto/pkcs7: pkcs7test.c Log message: pkcs7test: factor main into a helper so we can add some unit tests easily CVSROOT: /cvs Module name: src Changes by: sashan@cvs.openbsd.org 2026/04/21 00:38:28 Modified files: sys/net : pf_if.c Log message: PFI_FLAG_SKIP may be lost when interface disappears and then reappears if 'set skip on ...' in pf.conf(5) refers to interface (or interface group) which is yet to be created in system, then all is good. However if the interface (or interface group) exists in system at the time when pf.conf(5) is being loaded to pf(4) the effect of skip flag might get lost. The scenario for tap0 interface goes as follows: tap0 (and tap interface) exist in system and is known to pf(4), meaning 'pfctl -sI' reports tap0 and tap. pf.conf with 'set skip on tap' is loaded. The pf(4) sets the flag on `kif` instance without obtaining a reference to keep it in table until skip flag (PFI_FLAG_SKIP) is reset. tap0 interface is removed from system (ifconfig tap0 destroy), the tap0 is removed from system and also corresponding kif instance is removed from pf(4). kif is forgotten together with flag settings. If tap0 happens to be the last tap interface, then tap interface group (including its kif) is also removed from system (and pf(4)). Now tap0 is going to be re-created by running 'ifconfig tap0 up'. The corresponding kif instances (kif instance for tap0 interface and tap interface group) are inserted to interface table in pf(4) with default interface flags, loosing 'set skip on tap...' setting found in pf.conf. To workaround this one has to reload pf.conf so interface flags are set again. The issue has been noticed and kindly reported by Atanas Vladimirov OK bluhm@