OpenBSD/ports 4gbKcEhnet/icinga/web2 Makefile, net/icinga/web2/patches patch-library_Icinga_Application_Modules_Manager_php

   When enabling a module in web2, make sure we turn an absolute path to a
   relative path, so that enabled modules always work from within our php-fpm
   chroot and from icingacli, no mather if the module is enabled via icingacli
   or the web interface.

   OK sthen@

OpenBSD/src OnXNJbBusr.bin/ssh ssh-keygen.c ssh-keygen.1

   allow auto-incrementing certificate serial number for certs signed
   in a single commandline.
VersionDeltaFile
1.326+12-5usr.bin/ssh/ssh-keygen.c
1.156+7-1usr.bin/ssh/ssh-keygen.1
+19-62 files

OpenBSD/src BuLpMdyregress/lib/libssl/handshake handshake_table.c Makefile

   Add a regression test that builds up the handshake state table
   from graph information and cross-checks it against the state
   table in tls13_handshake.c.

   with help from jsing

OpenBSD/src crEE4hilib/libssl tls13_handshake.c

   Remove static from handshakes[][] so it is visible from regress/

   ok bcook
VersionDeltaFile
1.20+2-2lib/libssl/tls13_handshake.c
+2-21 files

OpenBSD/src 3QvqYwkusr.bin/ssh ssh-keygen.c

   move a bunch of global flag variables to main(); make the rest static
VersionDeltaFile
1.325+82-94usr.bin/ssh/ssh-keygen.c
+82-941 files

OpenBSD/ports VGuHbyOsysutils/toad Makefile distinfo, sysutils/toad/pkg PLIST

   Update to toad-1.7 to unbreak.

OpenBSD/ports rYw3g7Tdevel/quirks Makefile, devel/quirks/files Quirks.pm

   Brind toad back, it was rewritten with support for pkexec.

OpenBSD/ports qsJ62iPdevel/glib2 Makefile, devel/glib2/patches patch-gio_gunixmount_c

   sysutils/toad is coming back, teach glib to use pkexec(1).

OpenBSD/src AAMRnJgusr.sbin/ldpd parse.y

   factor out parsing of ldp router ids by making it part of the grammar

   this way we do the inet_aton and bad address check in one place,
   and just reuse it in the router-id, neighbor, and pseudowire bits.

   ok claudio@
VersionDeltaFile
1.69+26-42usr.sbin/ldpd/parse.y
+26-421 files

OpenBSD/src zfqlakHusr.sbin/ldpd parse.y pfkey.c

   rework how tcp md5 signatures are configured.

   previously ldpd only allowed tcp md5 to be configured against a
   neighbor (by ldp router id), but other vendors supported configuring
   tcp md5sig by prefix as well as neighbor. this reworks the config
   so auth is maintained globally as a list of prefixes that you do
   and do not want to do tcp md5sig auth with.

   the config statements look more like what is in bgpd.conf now too.

   an example of the new config for interoperating with my baby cisco
   test network:

   on ios:

        mpls ldp password required for MPLS
        mpls ldp password option 1 for MPLS key-chain LDPAUTH

        key chain LDPAUTH
         key 1
          key-string secret

        interface Loopback0
         ip address 192.168.0.0 255.255.255.255
        end

    [16 lines not shown]

OpenBSD/src 4jH7o4pusr.bin/ssh ssh-pkcs11-helper.c

   switch mainloop from select(2) to poll(2); ok deraadt@
VersionDeltaFile
1.17+19-22usr.bin/ssh/ssh-pkcs11-helper.c
+19-221 files

OpenBSD/ports 4Poueghnet/samba Makefile, net/samba/patches patch-source3_wscript_build

   Work around lld-7.0.1 strictness wrt version scripts

   It's not clear to me whether lld rightfully complains here:

   ld: error: duplicate symbol 'pdb_search_init' in version script

   Work around the error for now (tm) to unlock samba and consumers in the
   llvm-7.0.1 test bulk builds.

OpenBSD/ports 9MHyCT1security/gopass Makefile distinfo, security/gopass/patches patch-pkg_protect_protect_openbsd_go

   Bump gopass to 1.8.4

   OK rsadowski

OpenBSD/ports CdFLkeAsysutils/restic Makefile distinfo, sysutils/restic/pkg PLIST

   Bump restic to 0.9.4

   OK rsadowski

OpenBSD/ports i3mZ0I7shells/fish Makefile distinfo, shells/fish/patches patch-share_completions_pfctl_fish patch-share_completions_pkg_add_fish

   Bump fish to 3.0.0. All the patches are now upstream.

   Changes here: https://github.com/fish-shell/fish-shell/releases/tag/3.0.0

   OK rsadowski

OpenBSD/src MzT4Blrlib/libcrypto Makefile, lib/libssl Makefile

   No need to include <bsd.prog.mk> here.

   ok bcook
VersionDeltaFile
1.54+1-2lib/libssl/Makefile
1.32+1-2lib/libcrypto/Makefile
+2-42 files

OpenBSD/src vYMc8oPsys/kern vfs_syscalls.c

   futimens(2), futimes(2), utimensat(2), utimes(2): Validate input at copyin

   Currently we validate time input for all four of these syscalls in the
   workhorse function dovutimens().  This is bad because both futimes(2)
   and utimes(2) have input as timevals that need to be converted to
   timespecs.  This multiplication can overflow to create a "valid"
   input, e.g. if tv_usec is equal to 2^61 (invalid value) on a platform
   with 64-bit longs, the resulting tv_nsec is equal to zero (valid value).

   This is also a bit wasteful.  We aquire a vnode and do other work
   under KERNEL_LOCK only to release the vnode when the time input is
   invalid.

   So, duplicate a bit of code to validate the time inputs before we do
   any conversions or real VFS work.

   probably still ok tedu@ deraadt@
VersionDeltaFile
1.313+25-15sys/kern/vfs_syscalls.c
+25-151 files

OpenBSD/src Yb2nHvTusr.bin/ssh kexgen.c kexgexc.c

   pass most arguments to the KEX hash functions as sshbuf rather
   than pointer+length; ok markus@

OpenBSD/ports aaSb0Y1devel/apr-util Makefile

   Unbreak after major lib bump in devel/apr.
VersionDeltaFile
1.54+3-3devel/apr-util/Makefile
+3-31 files

OpenBSD/src EcUTQBcsys/sys exec_elf.h

   add some definitions used by elftoolchain's libelf
   ok guenther@
VersionDeltaFile
1.83+15-1sys/sys/exec_elf.h
+15-11 files

OpenBSD/ports 3BIgCbUsysutils/awscli Makefile distinfo

   Update to awscli-1.16.93.
VersionDeltaFile
1.358+3-3sysutils/awscli/Makefile
1.354+2-2sysutils/awscli/distinfo
+5-52 files

OpenBSD/ports M4Agdj2net/py-botocore Makefile distinfo

   Update to py-botocore-1.12.83.
VersionDeltaFile
1.352+2-2net/py-botocore/Makefile
1.351+2-2net/py-botocore/distinfo
+4-42 files

OpenBSD/ports BSM1Ljmnet/py-boto3 Makefile distinfo

   Update to py-boto3-1.9.83.
VersionDeltaFile
1.136+2-2net/py-boto3/Makefile
1.135+2-2net/py-boto3/distinfo
+4-42 files

OpenBSD/ports f1deqQtnet/gnaughty Makefile

   pre-configure -> do-gen.
VersionDeltaFile
1.49+2-2net/gnaughty/Makefile
+2-21 files

OpenBSD/ports Os4qBQLeditors/beaver Makefile

   Remove BDEP on devel/gettext-tools and textproc/intltool and use the
   textproc/intltool MODULE instead...
VersionDeltaFile
1.36+4-4editors/beaver/Makefile
+4-41 files

OpenBSD/src J3C4jJJusr.bin/ssh ssh-agent.c

   backoff reading messages from active connections when the input buffer
   is too full to read one, or if the output buffer is too full to enqueue
   a response; feedback & ok dtucker@
VersionDeltaFile
1.233+18-4usr.bin/ssh/ssh-agent.c
+18-41 files

OpenBSD/src dkxCgMwsys/nfs krpc_subr.c

   The kernel interpreted bogus lengths in RPC calls during NFS boot.
   A malicious rpc.bootparamd could corrupt memory, but the kernel has
   to trust the local network anyway in a diskless environment.  Now
   in case of an RPC error, the kernel will stop booting with a specific
   panic.
   OK claudio@ beck@
VersionDeltaFile
1.36+31-8sys/nfs/krpc_subr.c
+31-81 files

OpenBSD/ports BpyL7vOnet/dhcpcd Makefile distinfo, net/dhcpcd/patches patch-src_dhcpcd_c patch-src_if-bsd_c

   update to dhcpcd-7.1.0

OpenBSD/ports vQlqGiddevel/libcoap Makefile

   tidier with AUTOCONF_ENV
VersionDeltaFile
1.4+2-3devel/libcoap/Makefile
+2-31 files

OpenBSD/ports 99Mx3kXx11/xfce4/xfce4-battery Makefile distinfo

   Update to xfce4-battery 1.1.2

OpenBSD/ports KDvf5tUx11/xfce4/exo Makefile distinfo

   Update to exo 0.12.4
VersionDeltaFile
1.62+3-3x11/xfce4/exo/Makefile
1.19+2-2x11/xfce4/exo/distinfo
+5-52 files

OpenBSD/ports 8Owo8RBx11/xfce4/xfce4-whiskermenu Makefile distinfo

   Update to xfce4-whiskermenu 2.3.1

OpenBSD/src 3nzKIe7bin/mt mt.c

   Add file # and block # to the information "mt status" shows.

   diff from Oscar Endre Edvardsen via misc@ a long time ago.

   ok sthen@ dlg@
VersionDeltaFile
1.40+3-1bin/mt/mt.c
+3-11 files

OpenBSD/src 0pLhpWKusr.bin/ssh ssh-keygen.c

   add -m to usage(); reminded by jmc@
VersionDeltaFile
1.324+4-3usr.bin/ssh/ssh-keygen.c
+4-31 files

OpenBSD/src BOBSSSgsys/kern vfs_syscalls.c

   namei can return a null dvp on success. check this before access.
   ok beck

   Reported-by: syzbot+cc59412ed8429450a1ae at syzkaller.appspotmail.com
VersionDeltaFile
1.312+4-3sys/kern/vfs_syscalls.c
+4-31 files

OpenBSD/ports OSpTl2Xgeo/py-cligj Makefile distinfo, geo/py-cligj/pkg PLIST

   Update to py-cligj 0.5.0

OpenBSD/ports otLV8a4games/pysol Makefile distinfo, games/pysol/patches patch-pysollib_pysolrandom_py patch-pysollib_mfxutil_py

   Update to pysol 2.4.0.

   Maintainer timeout.

OpenBSD/xenocara 261CRCtapp/video video.c

   Pledge video(1):

   * video -q needs 'stdio rpath wpath video' (needs O_RDWR on the device)
   * video -i needs 'stdio rpath' (rpath for X11 error/locale access)
   * other modes (ie display frames via X11, or output frames to file with
    -o/-O) need 'stdio rpath video' since we open output file/video device
   before calling pledge(2).

   with help from semarie@, nits from matthieu@
   ok deraadt@
VersionDeltaFile
1.27+10-0app/video/video.c
+10-01 files

OpenBSD/ports 7SmLxx5lang/vala Makefile distinfo

   update to vala-0.42.5
VersionDeltaFile
1.116+2-2lang/vala/Makefile
1.85+2-2lang/vala/distinfo
+4-42 files

OpenBSD/ports U15YIQXdevel/guilib Makefile

   Trust c++(1) to create a library that can also be used with C code, and
   don't try to manually add C++ support libraries.  Fixes build with llvm7.
VersionDeltaFile
1.45+2-4devel/guilib/Makefile
+2-41 files

OpenBSD/ports jzMSX6Ydevel/guilib Makefile, devel/guilib/patches patch-Makefile_am patch-Makefile_in

   Revert previous.  If C++ code has been linked with c++(1) into a library,
   it should be possible to link that library to C code with cc(1).

OpenBSD/ports XACahC3devel/guilib Makefile, devel/guilib/patches patch-Makefile_am patch-Makefile_in

   Add dummy C++ sources that don't need to exist.  This forces the
   C++ linker to be chosen, which is required when linking C code
   against a C++ library.

OpenBSD/src uLQvbRrsys/dev/usb if_urndis.c

   Do not leak received mbufs if the NDIS appended a zero-byte padding.

   from aalm@
VersionDeltaFile
1.69+10-8sys/dev/usb/if_urndis.c
+10-81 files

OpenBSD/ports nq5PtQgdatabases/gnats Makefile, databases/gnats/patches patch-libiberty_functions_def

   fix some more prototypes to allow building with llvm7

OpenBSD/ports OBr73OMdatabases/sqlports Makefile, databases/sqlports/files Inserter.pm

   use "chained joins" to create canonical_depends with the Sql.pm framework

   kill a bit of code.

   adjust is now the only request "not in the mold", so just create it when
   needed (so, late enough)

   Add index creation (directly in create_schema), for now used for
   canonical.

OpenBSD/src Dnhniadsbin/dump optr.c

   Don't use dangerous idiom for qsort comparison function; ok deraadt@
VersionDeltaFile
1.40+3-2sbin/dump/optr.c
+3-21 files

OpenBSD/ports fz8jKVOeditors/beaver Makefile

   add missing BDEP on intltool, reported by naddy@ - thanks!
VersionDeltaFile
1.35+3-2editors/beaver/Makefile
+3-21 files

OpenBSD/ports IeT7rWrinfrastructure/bin pkg_subst

   more precise error message as suggested by Kurt Mosiejczuk.

   Thanks!
VersionDeltaFile
1.8+2-2infrastructure/bin/pkg_subst
+2-21 files

OpenBSD/src V3CVLzGsys/dev/usb usb_subr.c

   Remove unused variable.
VersionDeltaFile
1.147+2-3sys/dev/usb/usb_subr.c
+2-31 files

OpenBSD/ports VsbwQdodevel/apr Makefile

   bump library major, disabling the memory pool debugging option results
   in some symbols being removed
VersionDeltaFile
1.44+3-2devel/apr/Makefile
+3-21 files