From: Renaud Allard <renaud@allard.it>
Subject: [security] net/sniproxy 0.9.17
To: ports <ports@openbsd.org>
Date: Fri, 19 Dec 2025 10:29:20 +0100

Hello,

Here is a short diff to net/sniproxy 0.9.17.

This solves a security issue found by continous fuzzing.
An attacker (or fuzzer) could craft a message with generation = 
UINT32_MAX, causing up to 4 billion loop iterations before the function 
returns. This triggered the fuzzer's timeout detection.

This probably doesn't need a backport to -stable as -stable is using a 
version which doesn't use this crypto.

Best Regards
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/sniproxy/Makefile,v
diff -u -p -r1.13 Makefile
--- Makefile	16 Dec 2025 13:56:27 -0000	1.13
+++ Makefile	19 Dec 2025 09:25:38 -0000
@@ -2,7 +2,7 @@ COMMENT =	name-based proxying of HTTPS w
 
 GH_ACCOUNT =	renaudallard
 GH_PROJECT =	sniproxy
-GH_TAGNAME =	0.9.16
+GH_TAGNAME =	0.9.17
 
 CATEGORIES =	net
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/sniproxy/distinfo,v
diff -u -p -r1.9 distinfo
--- distinfo	16 Dec 2025 13:56:27 -0000	1.9
+++ distinfo	19 Dec 2025 09:25:38 -0000
@@ -1,2 +1,2 @@
-SHA256 (sniproxy-0.9.16.tar.gz) = 6FHywjIHDwbA7jkpxibhEqLSqcCs9JPCMNTPFaUFi6I=
-SIZE (sniproxy-0.9.16.tar.gz) = 366744
+SHA256 (sniproxy-0.9.17.tar.gz) = 7IfhFQMVW07L2G0mrf34bQmtT4hFQxqDY8Yp3oh5s8g=
+SIZE (sniproxy-0.9.17.tar.gz) = 367381