OpenBSD/src 4lJlu2Tsys/net pf.c

   in the "pf: key search" debug message, add the direction. interface *and*
   dir make debugging much easier than the if alone.
VersionDeltaFile
1.1078+3-2sys/net/pf.c
+3-21 files

OpenBSD/ports iwZFxSpdevel/silc-toolkit Makefile, net/silc-client Makefile

   disable asm on i386 for use with lld, requested by brad (maintainer)

OpenBSD/ports f5Is5Xswww Makefile

   + py-mastodon.py
   + py-mastodon.py,python3
VersionDeltaFile
1.882+3-1www/Makefile
+3-11 files

OpenBSD/ports NVGc9W3www/py-mastodon.py Makefile distinfo, www/py-mastodon.py/pkg PLIST DESCR

   Initial revision

OpenBSD/ports 6t9TUU8sysutils/dtb Makefile distinfo, sysutils/dtb/patches patch-arch_arm_boot_dts_omap4_dtsi patch-arch_arm_boot_dts_omap4460_dtsi

   update dtb to linux 4.19

   revert omap4 ti-sysc changes to unbreak pandaboard

OpenBSD/ports 1rj6Facmail/mozilla-thunderbird Makefile

   set --disable-debug-symbols on i386, with this repeated builds are okay,
   without it's hit and miss
VersionDeltaFile
1.278+2-2mail/mozilla-thunderbird/Makefile
+2-21 files

OpenBSD/src ngdNphJusr.bin/tmux cmd-choose-tree.c cmd-display-panes.c

   Add [template] to display-panes and choose-{buffer,client,tree} usage

   OK nicm

OpenBSD/ports rvsq7uusecurity/openssl/1.1 Makefile

   mark BROKEN-i386 for now (undefined reference to `__guard_local'), not sure
   what's going on yet..
VersionDeltaFile
1.3+3-1security/openssl/1.1/Makefile
+3-11 files

OpenBSD/ports 3ahOv1usysutils/u-boot Makefile distinfo, sysutils/u-boot/patches patch-lib_efi_loader_efi_boottime_c

   update to U-Boot 2018.11

   Revert a patch to stop cleaning caches before booting armv7 efi payloads
   to unbreak booting kernels on OpenBSD/armv7.

OpenBSD/ports VIGF5Hisecurity/pecl-libsodium distinfo Makefile

   update to pecl-libsodium-2.0.14

   2.0.14       - Some Base64-encoded values couldn't be decoded when using unpadded 
variants. This has been fixed.
   2.0.13       - Security fix: sodium_pad() used to read extra memory when given an empty 
string

OpenBSD/ports nq6vK8Hmail/mozilla-thunderbird Makefile distinfo, mail/thunderbird-i18n distinfo Makefile.inc

OpenBSD/ports 7iuT7YIgraphics/ffmpeg Makefile, graphics/ffmpeg/patches patch-libavcodec_aacenc_h patch-libavcodec_aacenc_c

   Actually revert extended channel layouts using PCEs (missed in previous).

   from Brad (maintainer)

OpenBSD/src Jm6u4CJlib/libcrypto/ec ecp_smpl.c

   Port OpenSSL commit 99540ec79491f59ed8b46b4edf130e17dc907f52 -- mitigation
   for a timing vullnerability in ECDSA signature generation (CVE-2018-0735).

   Note that the blinding that we introduced back in June for ECDSA and DSA
   should mitigate this and related issues. This simply adds an additional
   layer of protection.

   discussed with jsing
VersionDeltaFile
1.29+4-4lib/libcrypto/ec/ecp_smpl.c
+4-41 files

OpenBSD/src nsXLt5Dsbin/pfctl parse.y

   scrub opts dont set tos, so remove it from the scrub_opts struct

   ok deraadt@
VersionDeltaFile
1.688+1-2sbin/pfctl/parse.y
+1-21 files

OpenBSD/src L4MsKFqlibexec/getty main.c pathnames.h

   Theodore Wynnychenko discovered the gettytab "lo=path" feature didn't work
   anymore with unveil wired to /usr/bin/login.  So let's parse gettytab a bit
   earlier to learn which login path to unveil. Later in the loop gettytab is
   re-parsed, if the login changes re-exec getty to reach the unveil from the top.
   ok millert, also discussed with mestre
VersionDeltaFile
1.50+24-9libexec/getty/main.c
1.4+2-1libexec/getty/pathnames.h
+26-102 files

OpenBSD/src 3wbR3cNsys/net if_gre.c

   the variable holding the ip tos should be called tos, not ttl.

   no functional change.
VersionDeltaFile
1.139+3-3sys/net/if_gre.c
+3-31 files

OpenBSD/src nVoRp0Nsys/net if_gif.c, sys/netinet ip_ecn.c ip_ipip.c

   provide ip_tos_patch() for setting ip_tos and patching the ipv4 cksum.

   previously the gif code would patch the tos field and not recalc
   the cksum, which would cause ip input code to drop the packet due
   to a cksum failure. the ipip code patched ip_tos and unconditionally
   recalculated the cksum, making it correct, but also wiping out any
   errors that may have been present before the recalculation. updating
   the cksum rather than replacing it lets cksum failures still fire.

   ip_tos_patch() is provided in the ecn code since it's because of ecn
   propagation that we need to update the tos field. internally it
   works like pf_patch_8 and pf_cksum_fixup, but since pf is optional
   it rolls its own code. procter may fix that in the future...

   ok claudio@

OpenBSD/ports msfi7pfsecurity Makefile

   +softhsm2
VersionDeltaFile
1.523+2-1security/Makefile
+2-11 files

OpenBSD/ports BRnRn0Ssecurity/softhsm2 Makefile, security/softhsm2/patches patch-src_lib_crypto_OSSLCryptoFactory_cpp patch-configure

   Import softhsm2 2.5.0, developement of SoftHSM crypto store
   ok sthen@

OpenBSD/src vAH01zgsbin/ifconfig ifconfig.c

   Warn on deprecated 'vlan' and 'vlandev' option usage

   These were superseeded by 'vnetid' and 'parent' in june 2017 and will be
   removed in the future.

   "Looks right" deraadt, OK benno
VersionDeltaFile
1.383+7-1sbin/ifconfig/ifconfig.c
+7-11 files

OpenBSD/ports NEKwHcEaudio/jack Makefile, databases/mdbtools Makefile

   bump ports known/suspected to be affected by issue with libedit/libreadline
   and termcap on lld arches.

OpenBSD/src AyzEeVWgnu/lib/libreadline Makefile, lib/libcurses shlib_version

   Record an inter-library dependency on libcurses in libedit and libreadline,
   avoiding runtime failures on architectures using ld.lld. Also add a note to
   libcurses shlib_version reminding about bumps (as done with libcrypto/libssl).

   Thanks guenther@ for suggestions of tests involving library bumps and jca@
   for doing these tests and hint about DPADD.

   Looks good kettenis@, ok jca@

OpenBSD/ports DjoIz0Dgraphics/gdcm Makefile distinfo, graphics/gdcm/patches patch-CMakeLists_txt

   update to gdcm-2.8.8

OpenBSD/ports Svh5T2lsysutils/py-croniter Makefile distinfo, sysutils/py-croniter/patches patch-docs_CHANGES_rst

   update to py-croniter-0.3.26

OpenBSD/ports rRhKWEFwww/libsass Makefile distinfo

   update to libsass-3.5.5
VersionDeltaFile
1.5+2-3www/libsass/Makefile
1.3+2-2www/libsass/distinfo
+4-52 files

OpenBSD/ports f0JVIfbgraphics/birdfont Makefile distinfo

   update to birdfont-2.24.0

OpenBSD/ports kbn2RUdsysutils/virt-what Makefile distinfo, sysutils/virt-what/patches patch-virt-what_in

   update to virt-what-1.19

OpenBSD/xenocara zkrAMf9app/cwm menu.c

   Stop asking for events (NoEventMask) from menu window once done with
   the menu (we don't destroy it, only unmap).
VersionDeltaFile
1.106+2-1app/cwm/menu.c
+2-11 files

OpenBSD/ports AsY51j1net/gupnp/av Makefile distinfo, net/gupnp/av/patches patch-tests_Makefile_in

   update to gupnp-av-0.12.11

OpenBSD/ports Y84IgKrsecurity/suricata-update Makefile distinfo

   update to suricata-update-1.0.0

OpenBSD/ports gvWllqInet/minio/server Makefile distinfo

   update to minio-0.20181106

OpenBSD/ports d8hK2dTnet/minio/client Makefile distinfo

   update to minioc-0.20181106

OpenBSD/ports PnVMyIflang/elixir Makefile distinfo

   update to elixir-1.7.4
VersionDeltaFile
1.42+2-2lang/elixir/Makefile
1.36+2-2lang/elixir/distinfo
+4-42 files

OpenBSD/ports MlzlyuXsecurity Makefile

   +dirb
VersionDeltaFile
1.522+2-1security/Makefile
+2-11 files

OpenBSD/ports VnvSO8Asecurity/dirb Makefile distinfo, security/dirb/patches patch-src_utils_c

   Initial revision

OpenBSD/ports NZUjUkCsysutils/beats/filebeat Makefile distinfo, sysutils/beats/heartbeat Makefile distinfo

   update beats to 6.4.3

   ok pvk@

OpenBSD/src mH4NKtLsys/kern subr_extent.c

   Revert previous, it breaks regress.
VersionDeltaFile
1.60+3-3sys/kern/subr_extent.c
+3-31 files

OpenBSD/src polb4szsys/kern subr_extent.c

   Userland malloc(3) & free(3) take only one argument.
VersionDeltaFile
1.59+3-3sys/kern/subr_extent.c
+3-31 files

OpenBSD/src d6Zy1salib/libssl ssl_lib.c

   Fix wrong sizeof argument by using 'uint16_t *', with minor nit from tb@,
   instead of 'uint16_t'

   Found with llvm's static analyzer, noticed that it was also already reported in
   Coverity CID 155890 and to ensure this was correct also inspected OpenSSL's
   equivalent code.

   OK tb@ and jsing@
VersionDeltaFile
1.194+2-2lib/libssl/ssl_lib.c
+2-21 files

OpenBSD/src FDOf9Z8usr.sbin/bgpd config.c

   Plug memory leak in host()'s error code path

   OK claudio@
VersionDeltaFile
1.78+2-1usr.sbin/bgpd/config.c
+2-11 files

OpenBSD/src l6zx2wqsys/dev/usb usb.c

   free(9) sizes for configuration descriptors, missed in previous.
VersionDeltaFile
1.121+3-3sys/dev/usb/usb.c
+3-31 files

OpenBSD/src gMJmSGVsys/net bridgectl.c if_bridge.c

   Batch copyout(9)s in preparation for finer locking.

   Tested by Hrvoje Popovski, inputs and ok visa@
VersionDeltaFile
1.12+67-63sys/net/bridgectl.c
1.313+10-20sys/net/if_bridge.c
+77-832 files

OpenBSD/ports GP5mHV4devel/quirks Makefile, devel/quirks/files Quirks.pm

   Register ansible 2.7.1 as it solves a security issue.
VersionDeltaFile
1.645+2-2devel/quirks/Makefile
1.659+2-1devel/quirks/files/Quirks.pm
+4-32 files

OpenBSD/src SQR5IXksys/dev/usb ugen.c usb_subr.c

   free(9) sizes for configuration descriptors.

   ok tedu@, visa@
VersionDeltaFile
1.99+10-11sys/dev/usb/ugen.c
1.140+3-3sys/dev/usb/usb_subr.c
+13-142 files

OpenBSD/src OUh1qTAbin/mv mv.1

   mv imitates, but no longer uses, cp and rm to cross filesystems.
VersionDeltaFile
1.34+3-3bin/mv/mv.1
+3-31 files

OpenBSD/ports o0tirzJnet/knot Makefile distinfo

   Update to knot-2.7.4

   Release notes: https://www.knot-dns.cz/2018-11-13-version-274.html
VersionDeltaFile
1.36+2-3net/knot/Makefile
1.17+2-2net/knot/distinfo
+4-52 files

OpenBSD/src rM4pB1Dusr.bin/join join.c

   Remove slurpit definition. Leftover from earlier cleanup by otto@.
VersionDeltaFile
1.32+1-2usr.bin/join/join.c
+1-21 files

OpenBSD/ports RizTGjKlang/ghc Makefile

   -fno-pie produces text relocations on i386 and must be combined with
   -Wl,-znotext for lld
VersionDeltaFile
1.160+2-2lang/ghc/Makefile
+2-21 files

OpenBSD/src fGgLFnKusr.sbin/bgpd rde_filter.c bgpd.h

   Remove an unneeded union wrapping the skipsteps pointer.
   OK phessler@
VersionDeltaFile
1.113+5-5usr.sbin/bgpd/rde_filter.c
1.354+2-7usr.sbin/bgpd/bgpd.h
+7-122 files

OpenBSD/ports n6UtSH8sysutils/ansible Makefile distinfo, sysutils/ansible/patches patch-lib_ansible_plugins_action_reboot_py

   Update to ansible-2.7.1

   Similar diff from Edward Lopez-Acosta, ok jasper@ (maintainer)