sysutils/logrotate: Update 3.13.0 => 3.22.0 Changelogs: https://github.com/logrotate/logrotate/releases/tag/3.14.0 https://github.com/logrotate/logrotate/releases/tag/3.15.0 https://github.com/logrotate/logrotate/releases/tag/3.15.1 https://github.com/logrotate/logrotate/releases/tag/3.16.0 https://github.com/logrotate/logrotate/releases/tag/3.17.0 https://github.com/logrotate/logrotate/releases/tag/3.18.0 https://github.com/logrotate/logrotate/releases/tag/3.18.1 https://github.com/logrotate/logrotate/releases/tag/3.19.0 https://github.com/logrotate/logrotate/releases/tag/3.20.0 https://github.com/logrotate/logrotate/releases/tag/3.20.1 https://github.com/logrotate/logrotate/releases/tag/3.21.0 https://github.com/logrotate/logrotate/releases/tag/3.22.0 Improve port: - Switch from USE_GITHUB to tarball from upstream. - Use SUB_FILES+INSTALL_DATA for logrotate.conf.sample instead of SED. - Merge MKDIRs. - Remove upstreamed patches. PR: 293024 Approved by: js@iksz.hu (maintainer, timeout 15 days)

www/elinks: Update 0.19.0 => 0.19.1 Changelog: https://github.com/rkd77/elinks/releases/tag/v0.19.1 - Switch from USE_GITHUB to tarball from upstream. - Allow use more recent lua versions. PR: 293038

graphics/openexr*: Security update to v3.4.5 and i386 fix "Patch release that fixes an incorrect size check in istream_nonparallel_read that could lead to a buffer overflow on invalid input data." Also fix i386 self-tests by adding -msse2: i386 builds require SSE2, but the upstream cmake stuff does not enable this, so use CFLAGS_i386. To prevent people seeing SIGILL crashes down late at run-time, check if the CPU is sse2-capable by querying the clang compiler from the pre-install script (pkg-plist's @preexec). Suggested by diizzy@. Other than that we could use the cpuid or the lscpu port instead, but let's for now assume everything that wants to run OpenEXR also has a working cc that is clang and has -march=native and gives us CPU details). (GCC also gives us this but will use a different output format.) While here, make failed tests verbose through ctest's environment so we can see what's up from the build log already. (We need to go through this indirection because our cmake.mk's :testing feature wants to go through the test target instead of calling ctest directly.) Changelog: https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.5 Security: 716d25a6-0fdc-11f1-bfdf-ff9355aecb00 MFH: 2026Q1

security/vuxml: Add openexr < 3.4.5 Security: 716d25a6-0fdc-11f1-bfdf-ff9355aecb00

net/cloud-init-devel: Deprecate and set expiration date to 2026-03-31 Currently unmaintained and years behind net/cloud-init Reference: https://reviews.freebsd.org/D48959

www/restinio: Fix detection of llhttp's shared library Upstream refers to it as llhttp_shared not llhttp_dynamic Reference: https://github.com/nodejs/llhttp/blob/release/v9.3.0/CMakeLists.txt#L96 Approved by: blanket (just fix it)

multimedia/mediamtx: Update to 1.16.2 Changelog: https://github.com/bluenviron/mediamtx/releases/tag/v1.16.2

databases/sqlcipher: Bump PORTREVISION after fix consumers PR: 292688

databases/sqlcipher: Fix consumers Rename installed files from *sqlite3* back to *sqlcipher*. Unbreak consumers: - finance/kmymoney - finance/skrooge - net-im/gurk-rs - net-im/qTox - net-p2p/retroshare - databases/py-sqlcipher3 While here improve port: - Use USES=localbase instead of CFLAGS+=-I${LOCALBASE}/include and LDFLAGS+=-L${LOCALBASE}/lib. - Split long lines. - Fix warnings from portclippy. - Sort CONFIGURE_ARGS and CPPFLAGS. PR: 292688 Approved by: portmgr (blanket - fix consumers) Fixes: 06c78b76ff27 (Update to 4.13.0)

net-im/nchat: update: 5.12.21 -> 5.13.17 ChangeLog: https://github.com/d99kris/nchat/compare/v5.12.21...v5.13.17 Sponsored by: tipi.work

emulators/virtualbox-ose{,-70,-71,-72,-legacy}: Improve port (non-functional) - Replace ${PREFIX}/share/applications with ${DESKTOPDIR}. - Replace "*" with . in COPYTREE_SHARE.

emulators/virtualbox-ose*: Add support of "Unattended Installation of Guest OS" feature Install files required by Unattended Installation of Guest OS feature. These files were already prepared during the ports' build, so just add them to the installation. Details about this feature are here: https://www.virtualbox.org/manual/topics/create-vm.html#tk_create-vm-unattended-install Reported by: xin3qu via IRC (#freebsd-vbox @ Libera.Chat)

math/octave-forge-linear-algebra: Update to 2.2.4.

*/*: Update maintainer email to xlibre@FreeBSD.org - Add powerpc64le to x11-drivers/xlibre-xf86-video-ast port

net/asterisk22: Update 20.18.1 => 20.18.2 Security Advisories Resolved: 4 - GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection. - GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation. - GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization. - GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation. Changelog: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html PR: 293361 Approved by: Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua> Security: GHSA-85x7-54wr-vh42 Security: GHSA-rvch-3jmx-3jf3 Security: GHSA-v6hp-wh3r-cwxh Security: GHSA-xpc6-x892-v83c MFH: 2026Q1

net/asterisk22: Update 22.8.1 => 22.8.2 Security Advisories Resolved: 4 - GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT leading to potential XXE Injection. - GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources ast_debug_tools.conf from /etc/asterisk; potentially leading to privilege escalation. - GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus page echos user supplied values(cookie and query string) without sanitization. - GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init file to world writeable folder; leading to potential privilege escalation. Changelog: https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html PR: 293361 Approved by: Oleksandr Kryvulia <o.kryvulia@flex-it.com.ua> Security: GHSA-85x7-54wr-vh42 Security: GHSA-rvch-3jmx-3jf3 Security: GHSA-v6hp-wh3r-cwxh Security: GHSA-xpc6-x892-v83c MFH: 2026Q1

multimedia/minisatip: Update to 2.0.75

net-p2p/transmission{,-components}: Update 4.0.6 => 4.1.1 Update gtk flavor to gtk4 and qt flavor to qt6. Changelogs: https://github.com/transmission/transmission/releases/tag/4.1.0 https://github.com/transmission/transmission/releases/tag/4.1.1 Improve port: - Optimize Makefile for different flavors - dependencies, NO_BUILD, CMAKE_ARGS/CMAKE_ON/CMAKE_OFF, goals and etc. - Add EXTRACT_AFTER_ARGS to prevent extract unnecessary files. - Rework do-install. - Fix warnings from portclippy. PR: 292846 Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>

net/libnatpmp: Update 20230423 => 20250404 Commit log: https://github.com/miniupnp/libnatpmp/compare/724dc69...134fc89 PR: 292846

net-p2p/libutp: Update g20231123 => g20241117 Commit log: https://github.com/transmission/libutp/compare/52645d6...490874c PR: 292846

www/rubygem-gollum-lib: Update to 6.1.0 PR: 290530 Approved by: maintainer (timeout)

dns/dnscontrol: Update to 4.34.0

sysutils/podman: Allow setting ownership on auto-created socket The podman daemon auto-creates a socket on startup, along with parent directory, and is always run as root. It is often useful to have another proxy like haproxy or nginx provide more sophisticed security, and these daemons do not need root privileges. Differential Revision: https://reviews.freebsd.org/D55339 Reviewed by: arrowd Approved by: dfr

www/mod_http2: Update to 2.0.39

graphics/cloudcompare: Slightly improve port * Use ${DESKTOPDIR} instead of ${PREFIX}/share/applications. Reported by: vvd@ Approved by: db@, yuri@ (Mentors, implicit) Differential Revision: https://reviews.freebsd.org/D55434

emulators/wine-devel: Update 11.2 => 11.3 Changelog: - Bundled vkd3d upgraded to version 1.19. - Improved FIR filter in DirectSound. - More optimizations in PDB loading. - Light theme renamed to Aero for compatibility. - Various bug fixes. https://gitlab.winehq.org/wine/wine/-/releases/wine-11.3 PR: 293340

ports-mgmt/poudriere-dsh2dsh: Update 3.4.99.20260216 => 3.4.99.20260219 Upstream changes: - testport: Fix deleting existing packages (regression from Sep 2025) - testport: Default to not forcing TRYBROKEN; require -T. - destroyfs: Cleanup tmpfs mountpoints. (such as image cleanup) - bulk shlib tracking: Don't consider base libprivate*.so as missing. - bulk shlib tracking: Remove the 'misses all libraries' case; always print a specific library that is missing. PR: 293337

www/go-anubis: update to 1.25.0 - https://github.com/TecharoHQ/anubis/releases/tag/v1.25.0 PR: 293006 PR: 293365 Sponsored by: SkunkWerks, GmbH

graphics/cloudcompare: Pet portclippy(1) and portfmt(1) * Pet portclippy(1) and portfmt(1) Approved by: db@, yuri@ (Mentors, implicit)

databases/pg_auto_failover-devel: new port: PG extension for automated failover and HA WWW: https://pg-auto-failover.readthedocs.io PR: 292994

databases/pg_auto_failover: new port: PG extension for automated failover and HA WWW: https://pg-auto-failover.readthedocs.io PR: 292990

graphics/feh: Update to 3.11.3 Release Notes: https://feh.finalrewind.org/archive/3.11.3/ Sponsored by: The FreeBSD Foundation

multimedia/lives: Improve port - Fix build with FFMPEG option, but mark it BROKEN: "Crashes at runtime if the FFMPEG option is enabled". - Replace PORTVERSION with DISTVERSION. - Merge gettext-runtime and gettext-tools to gettext in USES. - Split long OPTIONS_DEFINE. - Remove NLS from OPTIONS_DEFINE - NLS is enabled by default by ports framework. - Remove NLS_USES=gettext-tools - gettext already in USES. - Refresh patch-jack1.

security/pcsc-tools: Update to 1.7.4

multimedia/emby-server: fix fetch PR: 293369

graphics/cloudcompare: Update 2.12.4 => 2.13.2, take maintainership * Add WWW for source code repository. * Static tarball is available, but not used, as GH_TUPLE is needed for bundled external libraries and 3-rd party plugins. * GL is needed for the main application, not for the plugins only. * Build PLUGIN_IO_QPDAL unconditionally, just like other plugins. * Supply *.desktop with *.png files from the previous version, as upstream doesn't ship them anymore. Fix post-install accordingly. * Fix plugin path detection actually enabling plugins autoloading. * Improve COMMENT and pkg-descr Reviewed by: arrowd@ Approved by: db@, yuri@ (Mentors, implicit) Differential Revision: https://reviews.freebsd.org/D55434

audio/noson-app: Update to 5.6.15

audio/noson: Update to 2.12.23

www/ikiwiki: update to 3.20260201

sysutils/rsyslog8: update to 8.2602.0 Changes: https://github.com/rsyslog/rsyslog/blob/v8.2602.0/ChangeLog Reported by: repology

databases/py-sqlmodel: Update to 0.0.37 Changelog: https://github.com/fastapi/sqlmodel/blob/0.0.37/docs/release-notes.md Reported by: portscout

x11/hyprshutdown: Add port: Graceful shutdown utility for Hyprland A graceful shutdown/logout utility for Hyprland, which prevents apps from crashing / dying unexpectedly. Notes: - hyprshutdown does not shut down the system, it only shuts down Hyprland. - hyprshutdown does not work with anything other than Hyprland, as it relies on Hyprland IPC. WWW: https://github.com/hyprwm/hyprshutdown

sysutils/gkrellm2: Update to 2.5.1

sysutils/httm: Update version 0.48.2=>0.48.3 Changelog: https://github.com/kimono-koans/httm/releases/tag/0.48.3

security/cosign: Update version 2.6.2=>3.0.0 Changelog: https://github.com/sigstore/cosign/releases/tag/v3.0.0

irc/bip: Return to pool

net-mgmt/bgpq4: Update version 1.12=>1.13 Changelog: https://github.com/bgp/bgpq4/releases/tag/1.13

www/py-gunicorn: Update version 25.0.3=>25.1.0 Changelog: https://github.com/benoitc/gunicorn/releases/tag/25.1.0

devel/api-linter: Update version 1.72.0=>2.0.0 Changelog: https://github.com/googleapis/api-linter/releases/tag/v2.0.0

textproc/groonga: Update version 15.1.7=>15.1.8 Changelog: https://groonga.org/docs/news/15.html#release-15-1-8

java/wildfly: Update version 39.0.0=>39.0.1 Changelog: https://github.com/wildfly/wildfly/releases/tag/39.0.1.Final

www/miniserve: Update version 0.32.0=>0.33.0 Changelog: https://github.com/svenstaro/miniserve/releases/tag/v0.33.0

textproc/py-ucl: Update version 0.9.3=>0.9.4 Changelog: https://github.com/vstakhov/libucl/releases/tag/0.9.4

textproc/libucl: Update version 0.9.3=>0.9.4 Changelog: https://github.com/vstakhov/libucl/releases/tag/0.9.4

textproc/fzf: Update version 0.67.0=>0.68.0 Changelog: https://github.com/junegunn/fzf/releases/tag/v0.68.0

sysutils/hexyl: Update version 0.16.0=>0.17.0 Changelog: https://github.com/sharkdp/hexyl/releases/tag/v0.17.0

sysutils/consul: Update version 1.22.3=>1.22.4 Changelog: https://github.com/hashicorp/consul/releases/tag/v1.22.4

security/sops: Update version 3.11.0=>3.12.0 Changelog: https://github.com/getsops/sops/releases/tag/v3.12.0

net-im/py-slack-sdk: Update version 3.40.0=>3.40.1 Changelog: https://github.com/slackapi/python-slack-sdk/releases/tag/v3.40.1

net/google-cloud-sdk: Update version 556.0.0=>557.0.0

devel/py-pipdeptree: Update version 2.30.0=>2.31.0 Changelog: https://github.com/tox-dev/pipdeptree/releases/tag/2.31.0

devel/grpc-gateway: Update version 2.27.8=>2.28.0 Changelog: https://github.com/grpc-ecosystem/grpc-gateway/releases/tag/v2.28.0

devel/cirrus-cli: Update version 0.161.6=>0.162.0 Changelog: https://github.com/cirruslabs/cirrus-cli/releases/tag/v0.162.0

databases/redis: Update version 8.4.1=>8.6.0 Changelog: https://github.com/redis/redis/releases/tag/8.6.0

databases/pspg: Update version 5.8.15=>5.8.16 Changelog: https://github.com/okbob/pspg/releases/tag/5.8.16

databases/freetds-devel: Update version 1.5.250=>1.5.251

databases/freetds: Update version 1.5.11=>1.5.12

devel/py-stevedore: Update to 5.7.0 Reported by: portscout!

comms/py-meshcore: update to 2.2.14

x11-themes/kf6-qqc2-desktop-style: backport upstream patch KDE bug: https://bugs.kde.org/516151

devel/py-numba: Update to 0.64.0 Release notes: https://numba.readthedocs.io/en/stable/release/0.64.0-notes.html

devel/clazy: Update to 1.17 Changes: https://invent.kde.org/sdk/clazy/-/blob/v1.17/Changelog

editors/vscode: Update to 1.109.5 Changelog: https://code.visualstudio.com/updates/v1_109 Reported by: GitHub (watch releases)

math/octave: Update to 11.1.0. - Bump portrevision of dependent ports.

misc/freebsd-release-manifests: Add 14.4-BETA3 MANIFEST files Approved by: re (implicit) Sponsored by: OpenSats Initiative

graphics/glfw: Register the required dependencies

editors/zed: Update to 0.224.11 Changelog: - https://github.com/zed-industries/zed/releases/tag/v0.224.7 - https://github.com/zed-industries/zed/releases/tag/v0.224.8 - https://github.com/zed-industries/zed/releases/tag/v0.224.9 - https://github.com/zed-industries/zed/releases/tag/v0.224.10 - https://github.com/zed-industries/zed/releases/tag/v0.224.11 Reported by: GitHub (watch releases)

multimedia/ab-av1: update to 0.11.0 Changes: https://github.com/alexheretic/ab-av1/releases/tag/v0.11.0 Reported by: GitHub (watch releases)

www/R-cran-shiny: Update to 1.13.0 - Update to 1.13.0 - Change LICENSE from GPLv3 to MIT Reported by: portscout

security/wazuh-agent: fix build on powerpc64* / riscv64 Fixes: b1f52980fe0a34ccaa674408c92869aec9aac4fe Pointy hat: acm@

security/zeek: Do not remove state.db on pkg remove Klemens Nanni reported that "pkg upgrade zeek" was breaking zeekctl in a cluster installation. Testing showed this was also true for standalone. The pkg-message already advises the user that they may need to manually remove state.db. Reported by: Klemens Nanni

textproc/miller: Update to 6.17.0

net/remmina: Update to 1.4.43 ChangeLog: https://gitlab.com/Remmina/Remmina/-/releases/v1.4.43 * Add minimal macOS build support * Revert "Added kerberos-config plug" * [REM-3489] Fix issue preventing SPICE plugin from being loaded * [REM-3490] Do not calculate monitor shift if using freerdp_settings_set_monitor_def_array_sorted

www/obhttpd: Deprecate and set expiration date to 2026-03-31 Depends on bundled version of LibreSSL which is unsupported upstream

*/*: Return ports to pool As requested by maintainer and thanks for your contributions PR: 293335

security/openvpn: Fix detection of native inotify on FreeBSD 15 This fixes build when ASYNC_PUSH option is enabled Fixed upstream in commit 38243844f225517fa1d288517db9a34a33c5ad13 Reference: https://github.com/OpenVPN/openvpn/commit/38243844f225517fa1d288517db9a34a33c5ad13 PR: 293176 Reported by: Ivo Karabojkov Approved by: mandree@ (via Matrix)

dns/dnsmasq: Backport upstream commit to fix PXEBOOT regression Reference: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=84415a87be571a6da82c910c1b87b194e5f54727 MFH: 2026Q1

sysutils/yazi: Update to 26.1.22 - Add a patch (files/patch-yazi-fs_src_provider_local_casefold.rs) to fix the compilation which would otherwise fail with the following error: error[E0432]: unresolved imports `libc::F_GETPATH`, `libc::O_SYMLINK` --> yazi-fs/src/provider/local/casefold.rs:164:13 | 164 | use libc::{F_GETPATH, O_RDONLY, O_SYMLINK, PATH_MAX}; | ^^^^^^^^^ ^^^^^^^^^ no `O_SYMLINK` in the root | | | no `F_GETPATH` in the root ChangeLog: https://github.com/sxyazi/yazi/blob/main/CHANGELOG.md#v26122 Reported by: "github-actions[bot]" <notifications@github.com>

x11-toolkits/py-wxpython: restore part of pyproject.toml patch PR: 293326

security/nss: update to 3.121 Release Notes: https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_121.html

emulators/wine-mono-devel: Update to version 11.0.0

textproc/R-cran-readr: Update to 2.2.0 Reported by: portscout

devel/R-cran-future.apply: Update to 1.20.2 - Use only RUN_DEPENDS as port doesn't compile - Add missing test dependency ChangeLog: https://cran.r-project.org/web/packages/future.apply/index.html

games/punchy: respect MAKE_JOBS_NUMBER Pass -j<n> from Cargo to Ninja. NUM_JOBS is part of default variables. https://doc.rust-lang.org/cargo/reference/environment-variables.html PR: 293314 Reported by: fuz Obtained from: upstream

security/sssd2: Pass a correct path to realmd

textproc/bookokrat: Update to 0.3.6 ChangeLog: https://github.com/bugzmanov/bookokrat/releases/tag/v0.3.6 Reported by: "github-actions[bot]" <notifications@github.com>

databases/rainfrog: Update to 0.3.17 ChangeLog: https://github.com/achristmascarl/rainfrog/releases/tag/v0.3.17 Reported by: "github-actions[bot]" <notifications@github.com>

print/lout: Update to 3.43.3

databases/timescaledb: Update to 2.25.1

net-im/teams: Update to 2.7.7 Changelog: - https://github.com/IsmaelMartinez/teams-for-linux/releases/tag/v2.7.6 - https://github.com/IsmaelMartinez/teams-for-linux/releases/tag/v2.7.7 Reported by: portscout