OpenBSD/src ew5hqFSusr.bin/tmux server-client.c tmux.1

   Add StatusDefault binding for the mouse on any otherwise unassigned
   parts of the status line, from Avi Halachmi.
VersionDeltaFile
1.274+71-19usr.bin/tmux/server-client.c
1.632+12-12usr.bin/tmux/tmux.1
1.877+3-1usr.bin/tmux/tmux.h
+86-323 files

OpenBSD/src VJrVAC4sys/arch/amd64/amd64 pctr.c ipifuncs.c, sys/arch/amd64/include pctr.h intrdefs.h

   Fix pctr(4) issues with MP and suspend:
    - use an IPI to notify other CPUs toi update CR4 and the MSRs
    - use the cpu(4) resume callback to restore the pctr(4) settings after
      suspend/hibernate

   ok kettenis@ deraadt@

OpenBSD/src M2iKHGbsys/arch/amd64/amd64 intr.c, sys/arch/amd64/include intrdefs.h

   X86_IPI_NAMES's only use was #if 0'ed out; delete both

   ok kettenis@ deraadt@

OpenBSD/src nAVjMM6share/man/man8 ssl.8

   update the example key size; from randy hartman
   ok tedu sobrado deraadt
VersionDeltaFile
1.67+3-3share/man/man8/ssl.8
+3-31 files

OpenBSD/src zH21n5Iregress/lib/libssl/tlsext tlsexttest.c

   Update regress following sigalgs changes.
VersionDeltaFile
1.29+1-17regress/lib/libssl/tlsext/tlsexttest.c
+1-171 files

OpenBSD/src bOy15Pvlib/libssl ssl_cert.c ssl_sigalgs.c

   Strip out all of the pkey to sigalg and sigalg to pkey linkages.

   These are no longer used now that we defer signature algorithm selection.

   ok beck@

OpenBSD/src xJVQZOmlib/libssl t1_lib.c ssl_locl.h

   tls1_process_sigalgs() is no longer needed.

   ok beck@
VersionDeltaFile
1.154+1-55lib/libssl/t1_lib.c
1.243+1-2lib/libssl/ssl_locl.h
+2-572 files

OpenBSD/ports 1S7Rx2Mastro/stellarium Makefile distinfo, astro/stellarium/pkg PLIST

   Update to stellarium-0.19.0.

OpenBSD/src 3lF1rDDlib/libssl ssl_sigalgs.c ssl_clnt.c

   Defer sigalgs selection until the certificate is known.

   Previously the signature algorithm was selected when the TLS extension was
   parsed (or the client received a certificate request), however the actual
   certificate to be used is not known at this stage. This leads to various
   problems, including the selection of a signature algorithm that cannot be
   used with the certificate key size (as found by jeremy@ via ruby regress).

   Instead, store the signature algorithms list and only select a signature
   algorithm when we're ready to do signature generation.

   Joint work with beck@.

OpenBSD/src my9rpmqlib/libssl ssl_rsa.c

   Rework ssl_ctx_use_certificate_chain_bio() to use the CERT_PKEY chain.

   This means that any additional CA certificates end up on the per
   certificate chain, rather than the single/shared extra_certs.

   Also simplify this code and in particular, avoid setting the return value
   to indicate success until we've actually succeeded.

   ok beck@ tb@
VersionDeltaFile
1.31+26-46lib/libssl/ssl_rsa.c
+26-461 files

OpenBSD/src 3aNu04Ulib/libssl ssl_lib.c ssl_locl.h

   Remove ssl_get_server_send_cert() which is now unused.

   ok beck@ tb@
VersionDeltaFile
1.202+1-12lib/libssl/ssl_lib.c
1.241+1-2lib/libssl/ssl_locl.h
+2-142 files

OpenBSD/src 4t3chXAlib/libssl ssl_both.c ssl_srvr.c

   Rework ssl3_output_cert_chain() to take a CERT_PKEY and consider chains.

   We will now include the certificates in the chain in the certificate list,
   or use the existing extra_certs if present. Failing that we fall back to
   the automatic chain building if not disabled.

   This also simplifies the code significantly.

   ok beck@ tb@

OpenBSD/src vdGKg4Vlib/libssl ssl_cert.c ssl_locl.h

   Add a chain member to CERT_PKEY and provide functions for manipulating it.

   Note that this is not the full chain, as the leaf certificate currently
   remains in the x509 member of CERT_PKEY. Unfortunately we've got to
   contend with the fact that some OpenSSL *_chain_* APIs exclude the leaf
   certificate while others include it...

   ok beck@ tb@
VersionDeltaFile
1.73+66-2lib/libssl/ssl_cert.c
1.239+8-1lib/libssl/ssl_locl.h
+74-32 files

OpenBSD/src m5ppehhusr.bin/ssh ssh-keygen.c

   Expand comment to document rationale for default key sizes.
   "seems worthwhile" deraadt.
VersionDeltaFile
1.329+9-2usr.bin/ssh/ssh-keygen.c
+9-21 files

OpenBSD/ports Dm6eFdOnet/dnsdist Makefile distinfo, net/dnsdist/patches patch-configure_ac patch-build-aux_gen-version

   Update to 1.3.3; take maintainership; ok sthen@

OpenBSD/ports oxgqXchmisc/shared-mime-info Makefile, misc/shared-mime-info/patches patch-update-mime-database_c

   unveil mime_path's parent directory with the 'r' permission to allow
   stat(1) on it and then also unveil paths configured in XDG_DATA_DIRS
   the same way so that the check_in_path_xdg_data() function can do its
   job
   after everything is done, call unveil(NULL, NULL) to disallow further
   calls to unveil

   ok ajacoutot@

OpenBSD/src C1tbh1Eusr.bin/ssh ssh-keygen.c

   Increase the default RSA key size to 3072 bits.  Based on the estimates
   from NIST Special Publication 800-57, 3k bits provides security equivalent
   to 128 bits which is the smallest symmetric cipher we enable by default.
   ok markus@ deraadt@
VersionDeltaFile
1.328+6-3usr.bin/ssh/ssh-keygen.c
+6-31 files

OpenBSD/src HZfHX6Lusr.sbin/vipw vipw.c

   unveiling _PATH_MASTERPASSWD_LOCK requires an "r" permission
   as well in order to be able to do stat(1) on the lock file

   ok deraadt@
VersionDeltaFile
1.23+2-2usr.sbin/vipw/vipw.c
+2-21 files

OpenBSD/src ofg9siRdistrib/sets/lists/base mi

   sync
VersionDeltaFile
1.943+1-0distrib/sets/lists/base/mi
+1-01 files

OpenBSD/src c41YPY9etc/signify openbsd-66-syspatch.pub

   add syspatch signify key for 6.6

OpenBSD/ports dQ4kHRunet/dhcpcd Makefile, net/dhcpcd/patches patch-src_script_c patch-src_if-options_c

   oh, last pkg-readme change needs a fix from upstream

OpenBSD/ports 3de9iB7net/dhcpcd Makefile, net/dhcpcd/pkg README

   use 'script ""' instead of 'script /usr/bin/true' in sample config
VersionDeltaFile
1.47+2-2net/dhcpcd/Makefile
1.9+2-2net/dhcpcd/pkg/README
+4-42 files

OpenBSD/ports K766HLEdevel/py-babel Makefile, devel/py-construct Makefile

   Convert devel/py-test consumers to new MODPY_PYTEST

   lang/python/python.port.mk revision 1.102 and 1.103 added
   MODPY_TEST_LOCALE and MODPY_PYTEST respectively, nicely wrapping up the
   usual pytest dance.

   This removes hand-rolled do-tests from all 70 ports by setting
   MODPY_PYTEST=Yes and MODPY_TEST_LOCALE as well as HOME=${WRKDIR} to TESTENV
   as needed.

   From Kurt Mosiejczuk <kurt at cranky dot work>, thanks!
   OK sthen

OpenBSD/src xQQUgRousr.bin/tmux tmux.1

   Fix columns of cursor_character format in list.
VersionDeltaFile
1.631+2-2usr.bin/tmux/tmux.1
+2-21 files

OpenBSD/src hL9P1vysys/arch/amd64/amd64 efifb.c

   Revert back to using previous values for EFIFB_WIDTH and EFIFB_HEIGHT,
   as raising them expose an issue which breaks inteldrm on large screen
   resolutions.

   Reported by chris@, and by Lucas Raab on bugs@. Thanks!
VersionDeltaFile
1.22+3-3sys/arch/amd64/amd64/efifb.c
+3-31 files

OpenBSD/ports Ii5zjFFwww/webkitgtk4 Makefile, www/webkitgtk4/patches patch-Source_WTF_wtf_CheckedArithmetic_h patch-Source_WebCore_contentextensions_NFAToDFA_cpp

   webkitgtk4: unbreak on powerpc

   - Fix some parts of the code that doesn't consider that char may be
     unsigned by default (powerpc, arm).
   - powerpc: use address relaxing and long calls.  Also avoid building
     code that generates the __mulodi4 symbol with ports-clang on this
     arch.  It fixes several linking errors. (Thanks to bcallah@ for
     his many hints!)

   OK jca@

OpenBSD/ports BekfRzIdevel/dtc Makefile, devel/dtc/patches patch-libfdt_version_lds

   Add missing functions to version script so they're exported in the
   shared library.

   from upstream via Brad

OpenBSD/ports 6vTUnzslang/mono Makefile, lang/mono/patches patch-mcs_class_System_System_Platform_cs patch-mcs_class_System_System_Net_NetworkInformation_NetworkInterface_cs

   fix mono's DNS lookup by using MacOsNetworkInterfaceAPI like FreeBSD does, fixes GitHub 
issue #8168, ok robert@ (maintainer)

OpenBSD/ports U9fSvFkdevel/avr/gcc Makefile, devel/avr/gcc/pkg PLIST

   Remove leftover conflict marker (with riscv-elf-gcc)

   Spotted by ajacoutot@
VersionDeltaFile
1.32+2-2devel/avr/gcc/Makefile
1.9+1-2devel/avr/gcc/pkg/PLIST
+3-42 files

OpenBSD/ports rw0PUVunet/onionshare Makefile distinfo, net/onionshare/pkg PLIST-main PLIST-gui

   Update to onionshare-2.0.

   Release notes:
   https://github.com/micahflee/onionshare/releases/tag/v2.0

   ok bcallah@

OpenBSD/ports dFvApEFx11/textsuggest Makefile, x11/textsuggest/files textsuggest-server.desktop

   Add a .desktop file for textsuggest-server.
   Makes it easy to set it up as a startup-application in Gnome.
   ok jca@

OpenBSD/ports jZkT7T5devel Makefile

   +cudd
VersionDeltaFile
1.1831+2-1devel/Makefile
+2-11 files

OpenBSD/ports qmgt2zSdevel/cudd Makefile distinfo, devel/cudd/patches patch-Makefile_in

   Import cudd-3.0.0.

   CUDD (Colorado University Decision Diagram) is a package written in C
   for the manipulation of decision diagrams.  It supports binary decision
   diagrams (BDDs), algebraic decision diagrams (ADDs), and Zero-Suppressed
   BDDs (ZDDs).

   From Alessandro De Laurenzis; thanks!

   ok sthen@

OpenBSD/src gTltquwusr.bin/tmux server-client.c

   Ignore mouse on status line which are not part of a range, GitHub issue 1649.
VersionDeltaFile
1.273+10-10usr.bin/tmux/server-client.c
+10-101 files

OpenBSD/ports ym9Mdx0devel/glib2 Makefile, devel/glib2/patches patch-gio_gdbusprivate_c

   Update my glib2 use-after-free patch to a version which passes
   upstream's regression tests.
   ok ajacoutot@

OpenBSD/ports pgquyllx11/gnome/shell Makefile, x11/gnome/shell/patches patch-src_main_c

   Disable a broken signal handler in gnome-shell which leads to core dumps.
   ok ajacoutot@

OpenBSD/ports wSgVmGographics/GraphicsMagick Makefile distinfo, graphics/GraphicsMagick/patches patch-configure

   Update to GraphicsMagick-1.3.31.

   from Brad (maintainer)

OpenBSD/ports vEwVDLpdevel/dtc Makefile distinfo, devel/dtc/patches patch-Makefile

   Update to dtc-1.5.0.

   from Brad

OpenBSD/ports nDvQRxcdevel/quirks Makefile, devel/quirks/files Quirks.pm

   apertium-sv-da -> apertium-swe-dan

OpenBSD/ports zPWBhT1textproc/apertium-dicts/arg-cat Makefile, textproc/apertium-dicts/cat-srd Makefile

   Bump after apertium-cat update.

OpenBSD/ports fTI2Omvtextproc/apertium-dicts/fra-cat Makefile distinfo

   Update to apertium-fra-cat-1.6.0.

OpenBSD/ports dXCVRaatextproc/apertium-dicts/cat Makefile distinfo

   Update to apertium-cat-2.7.0.

OpenBSD/ports I7uxUp0textproc/apertium-dicts/fra Makefile distinfo

   Update to apertium-fra-1.6.0.

OpenBSD/ports nSOToOXtextproc/apertium-dicts Makefile

   + new dicts
VersionDeltaFile
1.6+9-1textproc/apertium-dicts/Makefile
+9-11 files

OpenBSD/ports kMrx70Dtextproc/apertium-dicts/swe-nor Makefile distinfo, textproc/apertium-dicts/swe-nor/pkg PLIST DESCR

   Initial revision

OpenBSD/ports H1Fi6Xutextproc/apertium-dicts/swe-dan Makefile distinfo, textproc/apertium-dicts/swe-dan/pkg PLIST DESCR

   Import apertium-swe-dan-0.8.0, Swedish/Danish dictionary for Apertium.

   ok sthen@

OpenBSD/ports myIBB3Ktextproc/apertium-dicts/pol-szl Makefile distinfo, textproc/apertium-dicts/pol-szl/pkg PLIST DESCR

   Import apertium-pol-szl-0.2.0, Polish/Silesian dictionary for Apertium.

   ok sthen@

OpenBSD/ports NGLpGCatextproc/apertium-dicts/oci-fra Makefile distinfo, textproc/apertium-dicts/oci-fra/pkg PLIST DESCR

   Import apertium-oci-fra-0.2.0, Occitan/French dictionary for Apertium.

   ok sthen@

OpenBSD/ports kN5CnAPtextproc/apertium-dicts/swe Makefile distinfo, textproc/apertium-dicts/swe/pkg PLIST DESCR

   Initial revision

OpenBSD/ports 7s75LWmtextproc/apertium-dicts/pol Makefile distinfo, textproc/apertium-dicts/pol/pkg PLIST DESCR

   Import apertium-pol-0.1.1, Polish dictionary for Apertium.

   ok sthen@