textproc/p5-PDF-Builder: update to 3.028 Release Notes: https://metacpan.org/dist/PDF-Builder/changes Work around CPAN not having files in the usual location (anymore?)

math/octave-forge-apa: Update to 1.1.1.

textproc/typst: Upgrade to 0.14.2 Changes: https://github.com/typst/typst/releases/tag/v0.14.1 https://github.com/typst/typst/releases/tag/v0.14.2 Includes fix for a memory-handling vulnerability that upstream has labelled "very hard to exploit in practice." PR: 293639 Approved by: wen (maintainer) Security: Memory-handling vulnerability

textproc/py-sphinxcontrib-mermaid: Update to 2.0.1 ChangeLog: https://github.com/mgaitan/sphinxcontrib-mermaid/blob/master/CHANGELOG.md Reported by: portscout!

devel/py-python-discovery: Update to 1.1.1 ChangeLog: https://github.com/tox-dev/python-discovery/releases/tag/1.1.1 Reported by: portscout!

textproc/bookokrat: Update to 0.3.7 ChangeLog: https://github.com/bugzmanov/bookokrat/releases/tag/v0.3.7 Reported by: "github-actions[bot]" <notifications@github.com>

devel/p5-Sys-Virt: update to 12.1.0 Sponsored by: The FreeBSD Foundation

sysutils/py-dbuild: New port: Build, test, and push FreeBSD OCI container images dbuild is a build tool for daemonless container images. It reads a project directory containing Containerfile templates and an optional .daemonless/config.yaml, then handles the full image lifecycle: build, integration test, SBOM generation, and registry push. WWW: https://daemonless.io/guides/dbuild

devel/ammonite: Update 3.0.2 => 3.0.8 Changelog: - allow compiling standard/raw sources starting with a package directive - fix wrong artifact names - support all current Scala versions - various dependency updates https://ammonite.io/#3.0.8 Replace custom do-extract with EXTRACT_* feature. PR: 293611 Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>

ports-mgmt/poudriere-dsh2dsh: Update 3.4.99.20260228 => 3.4.99.20260304 Upstream changes: - bulk -t / testport: Fix fs_violation with pkg 2.6.x - bulk: Don't try refetching on checksum failure PR: 293646

textproc/sttr: update to version 0.2.30 This updates allows to generate QR codes in a terminal session. Further improvements since version 0.2.28: - New processors for Adler32, BLAKE2b, BLAKE2s, CRC32, CrockfordBase32, and Base58. - Support for files of more than 1GB has been improved.

filesystems/fusefs-libs3: update to version 3.18.1 This version offers improved support for FreeBSD and fixes ABI issues that had been introduced in version 3.17.3.

deskutils/genius: Update to 1.0.28 - Cleanup dependencies - Remove NLS option as it isn't working properly ChangeLog: https://www.jirka.org/genius.NEWS

astro/xephem: Update to 4.3.0 ChangeLog: https://github.com/XEphem/XEphem/releases/tag/4.3.0

devel/R-cran-testit: Update to 0.17 ChangeLog: https://github.com/yihui/testit/releases/tag/v0.17

math/R-cran-lme4: Update to 2.0-1 - Set TESTING_UNSAFE ChangeLog: https://cran.r-project.org/web/packages/lme4/news.html

devel/py-cookiecutter: update to 2.7.1 Switch to pep517 build, using the pyproject default backend of setuptools. Regenerate patches for tests: replace /bin/bash with /bin/sh generally. Update RUN_DEPENDS according to pyproject.toml. Changes: https://github.com/cookiecutter/cookiecutter/blob/main/CHANGELOG/2.7.1.md Changes: https://github.com/cookiecutter/cookiecutter/blob/main/CHANGELOG/2.7.0.md Reported by: portscout, repology

net-mgmt/victoria-metrics: REQUIRE in RC script is wrong PR: 292407 Approved by: danfe (maintainer timeout)

devel/py-setproctitle: Update to 1.3.7 PR: 293235 Approved by: sbz (maintainer timeout) Changelog: https://github.com/dvarrazzo/py-setproctitle/blob/master/HISTORY.rst#version-137

x11-wm/hyprland: Update to 0.54.1 Changelog: https://github.com/hyprwm/Hyprland/releases/tag/v0.54.1 Reported by: GitHub (watch releases)

audio/waves: Update to 0.1.42 - Add a set of patches to compile mpris/notifications support ChangeLog: https://github.com/llehouerou/waves/releases/tag/v0.1.42 Reported by: portscout!

benchmarks/hipercontracer: Update 2.1.10 => 2.1.11 Changelog: https://github.com/dreibh/hipercontracer/blob/hipercontracer-2.1.11/ChangeLog Commit log: https://github.com/dreibh/hipercontracer/compare/hipercontracer-2.1.10...hipercontracer-2.1.11 PR: 293603

security/p5-IO-Socket-SSL: Update 2.095 => 2.098 ChangeLog: https://metacpan.org/release/SULLR/IO-Socket-SSL-2.098/source/Changes - fix WWW field PR: 293629

devel/p5-Workflow: Update 2.06 => 2.09 ChangeLog: https://metacpan.org/release/JONASBN/Workflow-2.09/source/Changes.md - fix WWW field - fix *_DEPENDS syntax PR: 293627

devel/p5-Validation-Class: Update 7.900057 => 7.900059 ChangeLog: https://metacpan.org/release/CKRAS/Validation-Class-7.900059/source/Changes - fix MASTER_SITE_SUBDIR - add LICENSE_FILE - fix *_DEPENDS syntax - lower case "yes" in NO_ARCH PR: 293626

devel/p5-Log-Log4perl-Layout-JSON: Improve port - correct WWW field - correct *_DEPENDS syntax PR: 293623

devel/p5-DateTime-TimeZone: Update 2.65 => 2.67 ChangeLog: https://metacpan.org/release/DROLSKY/DateTime-TimeZone-2.67/source/Changes - correct *_DEPENDS syntax PR: 293622

www/*nginx: Switch nginx-vod-module to maintained fork The original Kaltura nginx-vod-module repository is no longer actively maintained and has been incompatible with FFmpeg 8 due to removed legacy API calls. Switch to the actively maintained fork: https://github.com/diogoazevedos/nginx-vod-module This restores compatibility with newer FFmpeg versions. Reported by: Jim Terhune via ML Sponsored by: Netzkommune GmbH

devel/jujutsu: update to version 0.39.0 For the complete list of changes see: https://github.com/jj-vcs/jj/releases/tag/v0.39.0

cad/freecad-devel: Use vtk9/Makefile.version Follow vtk9 by using vtk9/Makefile.version While there update to 2026.03.07

www/py-google-api-python-client: Update to 2.192.0 ChangeLog: https://github.com/googleapis/google-api-python-client/releases/tag/v2.192.0 Reported by: "release-please[bot]" <notifications@github.com>

sysutils/treemd: Update to 0.5.9 ChangeLog: https://github.com/Epistates/treemd/releases/tag/v0.5.9 Reported by: "github-actions[bot]" <notifications@github.com>

www/linux-freetube: Update to 0.23.14.b ChangeLog: https://github.com/FreeTubeApp/FreeTube/releases/tag/v0.23.14-beta Reported by: efb4f5ff-1298-471a-8973-3d47447115dc <notifications@github.com>

databases/sabiql: Update to 1.7.0 ChangeLog: https://github.com/riii111/sabiql/releases/tag/v1.7.0 Reported by: riii111 <notifications@github.com>

www/nextcloud-forms: Update to 5.2.5

GStreamer1: Update to 1.28.1 multimedia/gstreamer1-plugins-rust: Update to 0.15.1 Changes: https://gstreamer.freedesktop.org/releases/1.28/#1.28.1 Security: 791d4b29-19fb-11f1-87cc-e73692421fef

security/vuxml: Add GStreamer1 < 1.28.1 https://gstreamer.freedesktop.org/security/

textproc/groff: Clean and improve the port * Define directory layout directly via MAKE_ARGS instead of working around predefined defaults via post-install stances. Approved by: db@, yuri@ (Mentors, implicit) Differential Revision: https://reviews.freebsd.org/D55637

devel/p5-Dist-Build: Modern perl module builder Dist::Build is a new perl module builder - with Build.PL as a starting point. Dist::Build comes from the author of Module::Build and of Module::Build::Tiny. This new port is needed as a dependency for ver.0.030 of the existing port security/p5-Crypt-Argon2. PR: 293592

math/{,py-}faiss: update 1.14.0 → 1.14.1 Reported by: portscout

graphics/pencil2d: update 0.7.0 → 0.7.1 Reported by: portscout

devel/xbyak: update 7.35 → 7.35.2 Reported by: portscout

devel/lace: update 2.0.2 → 2.2.1 Reported by: portscout

devel/py-uv-build: update 0.10.6 → 0.10.9

devel/{,py-}uv: update 0.10.6 → 0.10.9 Reported by: portscout

devel/fnm: update 1.38.1 → 1.39.0 Reported by: portscout

science/{,py-}phonopy: update 2.48.0 → 3.0.1 Reported by: portscout

sysutils/mise: update 2026.2.22 → 2026.3.3 Reported by: portscout

x11-toolkits/py-superqt: update 0.7.6 → 0.8.0 Reported by: portscout

textproc/rubygem-nokogiri: bump for libxml update

security/trivy: update to 0.69.3 Changes: https://github.com/aquasecurity/trivy/releases/tag/v0.69.3

devel/p5-TimeDate: Update to 2.34 Changelog: https://metacpan.org/changes/distribution/TimeDate PR: 293624 Reported by: Sergei Vyshenski <svysh.fbsd@gmail.com> (maintainer)

databases/vchord: New port Extension for vector similarity search PR: 293187

databases/cargo-pgrx: New port Framework for developing PostgreSQL extensions in Rust PR: 293134

editors/dz6: Update to 0.5.1 ChangeLog: https://github.com/mentebinaria/dz6/releases/tag/v0.5.1

net/keycloak: Update 26.5.4 => 26.5.5 Release Notes: https://www.keycloak.org/2026/03/keycloak-2655-released PR: 293618 Security: CVE-2026-3047 Security: CVE-2026-3009 Security: CVE-2026-2603 Security: CVE-2026-2092 MFH: 2026Q1

misc/sff: Update 1.2 => 1.3 Changelog: https://codeberg.org/sylphenix/sff/src/tag/1.3/CHANGELOG.md PR: 293617

security/crowdsec{,-blocklist-mirror,-firewall-bouncer}: Transfer maintainership PR: 293616

devel/stdman: Update to 2024.07.05

mail/thunderbird: update to 148.0.1 (rc1) Release Notes: https://www.thunderbird.net/en-US/thunderbird/148.0.1/releasenotes/

sysutils/storcli: Update 7.3503 => 7.3603 PR: 293539

sysutils/py-hcloud: update to 2.17.0 Changes: https://github.com/hetznercloud/hcloud-python/blob/v2.17.0/CHANGELOG.md Reported by: portscout, repology

audio/spiralsynthmodular: Fix "undefined symbol" errors at runtime * Behavior * - At runtime, for each synth plugin, we got: dlerror() output: /usr/local/lib/SpiralPlugins/AmpPlugin.so: Undefined symbol "_ZN10SpiralInfo6LOCALEE" * Why * - It seems this comes from the way newer compiler manage static properties. (SSM is 25yo). - This error has already been reported long times ago on Linux distro. * Fix * - A way to fix it without rewriting the wheel is to inline static properties in the header. While here improve port: - Add LICENSE. - Register dependiencies. - Replace CPPFLAGS and LIBS with USES=localbase. - Parametrize version in WRKSRC. - Remove unnecessary REINPLACE_CMD in SpiralSound/Plugins/LADSPAPlugin/Makefile.in. - Merge STRIP_CMD. PR: 293552 MFH: 2026Q1

mail/thunderbird-esr: update to 140.8.1 (rc1) Release Notes: https://www.thunderbird.net/en-US/thunderbird/140.8.1esr/releasenotes/

mail/davmail: Update 6.1.0 => 6.5.1 Release Notes: https://sourceforge.net/p/davmail/code/HEAD/tree/tags/6.5.1/RELEASE-NOTES.md Improve port: - Reordered Makefile variables per portclippy. - Parametrize davmail with PORTNAME. - Replace PORTVERSION with DISTVERSION. PR: 293568 Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>

print/R-cran-textshaping: Update to 1.0.5 ChangeLog: https://github.com/r-lib/textshaping/releases/tag/v1.0.5 PR: 293614

graphics/R-cran-ragg: Update to 1.5.1 ChangeLog: https://github.com/r-lib/ragg/releases/tag/v1.5.1 PR: 293613

devel/R-cran-systemfonts: Update to 1.3.2 Add xorg-fonts-truetype to TEST_DEPENDS since tests need some fonts installed to function ChangeLog: https://github.com/r-lib/systemfonts/releases/tag/v1.3.2 PR: 293612

graphics/glaxnimate: Update to 0.6.0 and pass the port to kde@ Release notes: https://glaxnimate.org/news/releases/0.6.0 Approved by: yuri@ via private mail

cad/iverilog: Update to 13.0

textproc/xml2rfc: Update to 3.32.0 See https://github.com/ietf-tools/xml2rfc/releases/tag/v3.32.0 for a list of changes in this release.

sysutils/dutree: update to 0.2.18

cad/freecad-devel: Update to 2026.03.06

cad/kicad-devel: Update to 2026.03.05

math/octave-forge-statistics: Update to 1.8.2.

editors/zed: Update to 0.226.4 Changelog: - https://github.com/zed-industries/zed/releases/tag/v0.225.12 - https://github.com/zed-industries/zed/releases/tag/v0.225.13 - https://github.com/zed-industries/zed/releases/tag/v0.226.4 Reported by: GitHub (watch releases)

www/reproxy: update the port to version 1.5.0 Reported by: portscout

lang/gcc16-devel: Update to 16.0.1.s20260301

lang/gcc15-devel: Update to 15.2.1.s20260228

lang/gcc14-devel: Update to 14.3.1.s20260227

lang/gcc13-devel: Update to 13.4.1.s20260226

security/crowdsec-firewall-bouncer: Udpate 0.0.32 => 0.0.34 Changelogs: https://github.com/crowdsecurity/cs-firewall-bouncer/releases/tag/v0.0.33 https://github.com/crowdsecurity/cs-firewall-bouncer/releases/tag/v0.0.34 PR: 293581 Approved by: marco <marco@crowdsec.net> (maintainer)

sysutils/android-file-transfer: flavorize, enable Qt6 gui convert CLI, FUSE, and QT6 options to flavors PR: 293122 Approved by: maintainer timeout

x11-wm/plasma6-kwin: fix build on old stable PR: 293605 Reported by: Martin Birgmeier

security/strongswan: Update 6.0.3 => 6.0.4 Changelog: https://github.com/strongswan/strongswan/releases/tag/6.0.4 PR: 293003 Approved by: strongswan@Nanoteq.com (maintainer, timeout > 3 weeks) MFH: 2026Q1

sysutils/nmrpflash: update to versíon 0.9.27

deskutils/qownnotes: the port had been updated to version 26.3.3 Reduce vertical space to help Makefile maintainability by merging sporadic use of helpers and two per-flavor conditionals into one; drop needless default flavor assignment.

net-p2p/py-tremc: Update 0.9.5 => 0.9.6 Approved by: db@, yuri@ (Mentors, implicit)

devel/glab: update to 1.89.0 Changes: https://gitlab.com/gitlab-org/cli/-/releases/v1.89.0

www/caddy: Update to 2.11.2 Changes: Caddy 2.11.2 contains numerous bug fixes and enhancements! I know that's a lame summary but it's really all over the place. Highlights: - Reverse proxy got a lot of love with certain edge cases related to PROXY protocol, health check port, and closing body on retries. Dynamic upstreams are now tracked which enables passive health checking. - Performance improvements for metrics. - New tls_resolvers global option to control DNS resolvers for all sites when using the ACME DNS challenge. - Log rolling now supports zstd compression; deprecated roll_gzip, which will be removed in the future. Use roll_compression instead. - Refined logging and some error messages. - Fixed a bug in rewrite handler that could cause some URIs to not be rewritten when URI path is an escaped form of target path. Thanks to @MaherAzzouzi for the report. Security fixes: This release fixes two CVEs. - @NucleiAv reported a bug in the forward_auth directive that could permit identity injection and potential privilege escalation. (HIGH, GHSA-7r4p-vjf4-qxv4) - @sammiee5311 reported that vars_regexp double-expanded placeholders, allowing some unusual configs to reveal secrets. (MODERATE, GHSA-m2w3-8f23-hxxf) In addition: - Our documentation has been updated to note that file system case sensitivity may affect the behavior of the hide option of the file_server handler. Thank you to everyone who contributed, and for our ongoing sponsorships that make this development possible! Security: https://github.com/caddyserver/caddy/security/advisories/GHSA-7r4p-vjf4-gxv4 https://github.com/caddyserver/caddy/security/advisories/GHSA-m2w3-8f23-hxxf

various: Bump ports for Go 1.25.8

lang/go125: Update to 1.25.8 Changes: go1.25.8 (released 2026-03-05) includes security fixes to the html/template, net/url, and os packages, as well as bug fixes to the go command, the compiler, and the os package. See the Go 1.25.8 milestone on our issue tracker for details.

various: Bump ports for Go 1.26.1

lang/go126: Update to 1.26.1 Changes: go1.26.1 (released 2026-03-05) includes security fixes to the crypto/x509, html/template, net/url, and os packages, as well as bug fixes to the go command, the go fix command, the compiler, and the os and reflect packages. See the Go 1.26.1 milestone on our issue tracker for details.

databases/R-cran-RMySQL: Update to 0.11.2 Reported by: portscout

shells/yash: update to 2.61

audio/subtui: Update to 2.8.1 Changelog: https://github.com/MattiaPun/SubTUI/releases/tag/v2.8.1

math/octave-forge-datatypes: Update to 1.2.0.

x11/xdotool: Update to 4.20260303.1 ChangeLog: https://github.com/jordansissel/xdotool/releases/tag/v4.20260303.1

devel/aws-crt-cpp: Update to 0.37.4 ChangeLog: https://github.com/awslabs/aws-crt-cpp/releases/tag/v0.37.4