devel/godot: Improve port - Refresh patch patch-platform__methods.py - Correct the patch name patch-thirdparty_linuxbsd__headers_udev_libudev.h - Remove unused dependency from multimedia/libvpx. - Enable opengl3 support. - Explicit enable use_sowrap - dynamically load system libraries. - Explicit enable dynamically load dbus if installed. PR: 288408 Tested by: Sure Beae <sure@disroot.org> Approved by: Shane <FreeBSD@ShaneWare.Biz> (maintainer, timeout 6 months)

security/openvpn-auth-oauth2: Update to 1.27.0 Release notes: https://github.com/jkroepke/openvpn-auth-oauth2/releases/tag/v1.27.0 PR: 293139

net-mgmt/unifi10: Update to 10.1.84 Release notes: https://community.ui.com/releases/r/network/10.1.84

mail/spamd: Drop maintainership

textproc/lexilla: Deprecate PR: 290319 Reported by: Naram Qashat <cyberbotx@cyberbotx.com>

x11-toolkits/scintilla: Deprecate PR: 290319 Reported by: Naram Qashat <cyberbotx@cyberbotx.com>

editors/scite: Update to 5.5.8 PR: 290319

graphics/graphviz: update to 14.1.2 Fix false positive with bsd.sanity.mk

security/vuxml: add info about PostgreSQL vulnerabilities

security/vuxml: Add mongodb[78] vulnerabilities * CVE-2026-1847 * CVE-2026-1849 * CVE-2026-1850 * CVE-2026-25610 * CVE-2026-25613

x11-toolkits/granite7: update to 7.8.0 PR: 293097

databases/postgresql*-*: Update to latest version The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 18.2, 17.8, 16.12, 15.16, and 14.21. This release fixes 5 security vulnerabilities and over 65 bugs reported over the last several months. Release notes: https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/ https://www.postgresql.org/docs/release/ Security: CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory Remove postgresql13* since it is now EoL.

net/haproxy30: update to version 3.0.16.

net/haproxy: update to version 3.2.12.

net/haproxy33: update to version 3.3.3

games/openbve: update OpenBVE to version 1.12.0.1 Reported by: portscout

finance/R-cran-AER: Update to 1.2.16

databases/R-cran-dtplyr: Update to 1.3.3 PR: 293115 Reported by: Einar Bjarni Halldórsson <einar@isnic.is>(maintainer)

finance/R-cran-timeDate: Update to 4052.112

www/dooble: Update 2025.11.25 => 2026.02.09 Changelog: https://github.com/textbrowser/dooble/releases/tag/2026.02.09 PR: 293098

devel/py-setuptools-scm: update to 9.2.2 Changelog: https://setuptools-scm.readthedocs.io/en/v9.2.2/changelog/ Reported by: ngie PR: 286779 exp-run by: antoine Tested by: John Hein Differential Revision: https://reviews.freebsd.org/D52368

sysutils/gomi: Update to 1.6.2 ChangeLog: https://github.com/babarot/gomi/releases/tag/v1.6.2

games/bluemoon: Update to 2.14 ChangeLog: https://gitlab.com/esr/bluemoon/-/blob/master/NEWS.adoc

deskutils/treesheets: Update to 2981 ChangeLog: https://github.com/aardappel/treesheets/compare/2942...2981

devel/vera++: unbreak build with recent Boost With hat: office/Boost

editors/libreoffice: update to 26.2.0 release (+) We’re pleased to announce the release of LibreOffice 26.2, the newest version of the free and open source office suite What’s New in LibreOffice 26.2 * Markdown import and export features. * Improved performance and responsiveness across the suite, making large documents open, edit, and save more smoothly. * Enhanced compatibility with documents created in proprietary and open core office software, reducing formatting issues and surprises. * Refined user interface behavior for a cleaner, more consistent experience. * Expanded support for open standards, reinforcing long-term access to documents. * Hundreds of bug fixes and stability improvements contributed by the global LibreOffice community. Announce: https://blog.documentfoundation.org/blog/2026/02/04/libreoffice-26-2-is-here/ Release notes: https://wiki.documentfoundation.org/ReleaseNotes/26.2 Changelog: https://wiki.documentfoundation.org/Releases/26.2.0/Beta1 \ https://wiki.documentfoundation.org/Releases/26.2.0/RC1 \ https://wiki.documentfoundation.org/Releases/26.2.0/RC2 \ https://wiki.documentfoundation.org/Releases/26.2.0/RC3

devel/liborcus: update to 0.21.0 release (+) Release notes: https://gitlab.com/orcus/orcus/-/releases/0.21.0

math/labplot: bump after devel/liborcus upgrade

math/glm: update to 1.0.3 release (+) While here, adopt port Release notes: https://github.com/g-truc/glm/releases/tag/1.0.3 Approved by: amdmi3

devel/py-setuptools-scm8: switch two consumers - print/py-glyphsets: setuptools_scm>=8.1.0,<8.2 - sysutils/py-ansible-runner: setuptools-scm[toml]>=6.2, <=8.1.0 PR: 286779

devel/py-setuptools-scm8: update to 8.1.0 Changelog: https://setuptools-scm.readthedocs.io/en/latest/changelog/#v810

devel/py-setuptools-scm8: copy from devel/py-setuptools-scm PR: 286779

databases/mongodb80: harden the port to external CONFIGURE_ARGS CONFIGURE_ARGS is directly connected to CONFIGURE_SCRIPT and the script only accepts 2 parameters. Exit 1 on incorrect number of parameters. And don't allow to += on CONFIGURE_ARGS. Not bumping PORTREVISION, no content change intended. NB: This is the same change as 380338c53b75ef594b1faccc59bc111546809f31 for mongodb70. PR: 291951

misc/hwdata: Update to 0.404 Reported by: portscout!

lang/cling: Update to 1.3

www/chromium: update to 145.0.7632.45

www/gitlab: clean up no functional change, so do not bump portrevision.

databases/mongodb70: 7.0.30 Announcement: https://www.mongodb.com/community/forums/t/mongodb-7-0-30-is-released/335673?u=r_k Changelog: https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.30---feb-10--2026

sysutils/upower: Update to 1.91.1 PR: 293095

security/wazuh-manager: Comment CCACHE entries

security/wazuh-*: Update to 4.14.3 - Fallback to 0 when elapsed-times is a non-numeric value - Fix getPorts function issues on all versions of FreeBSD - Update entry about java version into wazuh-indexer/pkg-message file - Use a modified version of Python async inotify module to work on FreeBSD (https://github.com/alonsobsd/asyncinotify) - Define USE=inotify when INOTIFY option is selected ChangeLog at: https://documentation.wazuh.com/current/release-notes/release-4-14-3.html

textproc/opensearch219: Update JAVA_VERSION to 21 - Bump PORTREVISION

sysutils/cardano-cli: Update to 10.15.0.0 Reported by: portscout!

net-p2p/cardano-node: Update to 10.5.4

x11/hyprpicker: Update to 0.4.6 While here: - remove custom do-install target, which is no longer necessary - sort variables to make portclippy happy https://github.com/hyprwm/hyprpicker/releases/tag/v0.4.6 Reported by: GitHub (watch releases)

GStreamer1: Update to 1.28.0 The y4menc (previously from good) and y4mdec (previously from bad) plugins have been consolidated into y4m (now from good). The vaapi component (multimedia/gstreamer1-vaapi) is no longer supplied by upstream and will be removed after 2026Q1. This has been superseded by the va plugin from 'bad', which we don't have and is rather Linux-heavy, but no ports seem to use this anyways. Remove from makesum-all target and adjust to be static 1.26.10 (last available) version. Add svtav1 component to gstreamer.mk after f96400339bd6. [1] multimedia/gstreamer1-plugins-svt-hevc has been marked DEPRECATED since multimedia/svt-hevc is marked DEPRECATED and will be removed after 2026Q1. [1] This port does not seem to be used anywhere in the ports tree. Note for local patching: meson_options.txt was renamed by upstream to meson.options across the board [2] and this change adapts to that. Changes: https://gstreamer.freedesktop.org/releases/1.28/ [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/128710caab3e7521384c4c82df031702f1728af8 PR: 292706 [1] Reported by: jbeich [1]

security/kanidm: Update to 1.8.6 ChangeLog: https://github.com/kanidm/kanidm/releases/tag/v1.8.6

multimedia/hyprpwcenter: Update to 0.1.2 Changelog: https://github.com/hyprwm/hyprpwcenter/releases/tag/v0.1.2 Reported by: GitHub (watch releases)

x11-fm/nautilus: bump PORTREVISION Bump PORTREVISION for net/libcloudproviders shared library version change.

net/libcloudproviders: update to 0.4.0 Update to 0.4.0 0.4.0 ----- * Add dependencies to the pkg-config file (Sam Wedgwood) * Replace gtk-doc with gi-docgen * Require meson 1.9.0 * Plug tiny memory leaks and reduce memory footprint of the library Fix LICENSE Add patch because we currently have meson 1.7.0 (no regression because by default documentation is not build) Add USE_LDCONFIG=yes (truckman) PR: 292342

devel/libuv: Update to 1.52.0 Changes: https://github.com/libuv/libuv/releases/tag/v1.52.0

x11/py-nwg-displays: Update to 0.3.28 While here, add NO_ARCH=yes. The port does not install any architecture-specific files. Changelog: https://github.com/nwg-piotr/nwg-displays/releases/tag/v0.3.28 Reported by: GitHub (watch releases)

shells/carapace: Update to 1.6.2 Changelog: https://github.com/carapace-sh/carapace-bin/releases/tag/v1.6.2 Reported by: GitHub (watch releases)

graphics/cairomm11: update to 1.19.0 Update to 1.19.0 1.19.0 (unstable) 2025-10-10 * Add Path iterator (Jonathon Jongsma, Kjell Ahlstedt) Issue #2 * Add XCB device and XCB surface APIs * Add Xlib device API * Surface: Add create_similar_image(), supports_mime_type(), map_to_image(), class MappedImageSurface. * Add mesh pattern API (Povilas Kanapickas, Kjell Ahlstedt) Issue #8 Examples: * Add path-iter/path-iter.cc (Jonathon Jongsma, Kjell Ahlstedt) Issue #2 * Add surfaces/mapped-surface.cc (Kjell Ahlstedt) Documentation: * Fix outdated FSF mailing address in COPYING (Benjamin A. Beasley) Merge request !29 * Change license info. Lesser GPL 2.1 instead of Library GPL 2 (Kjell Ahlstedt) * Meson: Use SPDX expression for license (Benjamin Gilbert) Merge request !33 * Make Doxygen show API that exists only if Cairo has been built with FC support and Script support (Kjell Ahlstedt) Meson build: * Don't fail if warning_level=everything (Daniel Boles, Kjell Ahlstedt) Merge request gtkmm!87 * Require meson >= 0.62.0. Use Meson's pkgconfig module instead of using the *.pc.in templates. (Kjell Ahlstedt) * Detect cl-like compilers (Julia DeMille) Merge request !30 * Stop warning from probing for features (Julia DeMille) Merge request !31 * Require normal find for cairo when subproject (Julia DeMille) Merge request !32 * Better detection of MSVC-like compilers (Kjell Ahlstedt) Issue #32 * Use the Python installation that Meson uses. See merge request glibmm!67. (Kjell Ahlstedt) Meson and Autotools build: * Add .pc files for cairomm-fc, cairomm-script and cairomm-xcb (Kjell Ahlstedt) Fix dependencies for test target Fix LICENSE. (truckman) Pet portlint. (truckman) PR: 292046

x11/zenity4: update to 4.2.1 Zenity 4.2.1 Bugfix release for Zenity 4.2.x. Changes and fixes since 4.2.0: - colview: Activation handler on checklists should use selection model (Logan Rathbone) (#111) PR: 292045

devel/libsigc++30: update to 3.8.0 Update to 3.8.0 3.8.0 (stable) 2025-10-26 This release and future releases will not store tarballs at download.gnome.org/sources/. Only modules with source code at gitlab.gnome.org/GNOME/ can store tarballs there now. Tarballs of libsigcplusplus are now stored only at github.com/libsigcplusplus/libsigcplusplus/releases/. * slot, signal: static_assert not using R,T... syntax (Daniel Boles) Issue #86, pull request #100 * scoped_connection: Remove [[nodiscard]] (Kjell Ahlstedt) Issue #102 (Vadym) * Add signal_connect(): Helper functions to ease connecting functions or methods to signals (Rémi Hérilier) Issue #104, #108, pull request #107 * Simplify ambiguity removal when compiling with MSVC (Rémi Hérilier) Pull request #110 Documentation: * README.md: Add info about building the documentation (Kjell Ahlstedt) Issue #101 (raphael10-collab) * Don't link to removed parts of gnome.org (Kjell Ahlstedt) * Remove obsolete FSF (Free Software Foundation) address (Tom spot Callaway) Pull request libxmlplusplus#72 * Clarify download locations. Releases will not be stored at download.gnome.org/sources/. (Kjell Ahlstedt) Build: * Meson build: Don't fail if warning_level=everything (Daniel Boles, Kjell Ahlstedt) Merge request gtkmm!87 * Meson build: Add the build-manual option (Kjell Ahlstedt) * Meson build: Require meson >= 0.62.0. Use Meson's pkgconfig module instead of using the *.pc.in templates. (Kjell Ahlstedt) * Meson build: Detect cl-like compilers. Don't check MSVC version for non-MSVC cl (Julia DeMille) Pull requst #109 * CMake build: Change minimum required cmake version from 3.2 to 3.10 (Alexander Drozdov) Issue #112 * Meson build: build-pdf: Prevent infinite loop in dblatex (Philippe Baril Lecavalier) Pull request #113 * Meson build: Better detection of MSVC-like compilers (Kjell Ahlstedt) * Meson build: Use the Python installation that Meson uses. See merge request glibmm!67 (Kjell Ahlstedt) Fix LICENSE Adjust MASTER_SITES (tarballs are now hosted on github.com) PR: 291783

math/R-cran-dplyr: Update to 1.2.0 PR: 293114 Reported by: Einar Bjarni Halldórsson <einar@isnic.is>

games/veloren-weekly: update to s20260211 Changes: https://gitlab.com/veloren/veloren/-/compare/fd6760d062...d82a4a6cf1

graphics/mesa-devel: update to 26.0.b.1031 Changes: https://gitlab.freedesktop.org/mesa/mesa/-/compare/124d550a943...b651fd90d2d

emulators/rpcs3: update to 0.0.39.18770 Changes: https://github.com/RPCS3/rpcs3/compare/ebf9374ccd...7cfe96a1d1

graphics/libplacebo: update to 7.360.0 Changes: https://code.videolan.org/videolan/libplacebo/-/tags/v7.360.0 Reported by: GitHub (watch releases)

graphics/libjxl: update to 0.11.2 Changes: https://github.com/libjxl/libjxl/releases/tag/v0.11.2 Reported by: GitHub (watch releases) Security: CVE-2025-12474 CVE-2026-1837

multimedia/svt-av1-hdr: update to 4.0.1 Changes: https://github.com/juliobbv-p/svt-av1-hdr/compare/v3.1.3...v4.0.1 Reported by: portscout

multimedia/svt-av1: drop unused patch after 4b390bd6db0a Part of incomplete/abandoned attempt to provide PGO option.

x11/wl-mirror: update to 0.18.5 Changes: https://github.com/Ferdi265/wl-mirror/releases/tag/v0.18.5 Reported by: GitHub (watch releases)

net/mosquitto: Update to 2.1.2 Building with the ports version of libwebsockets is no longer broken. Changes since 2.1.1: - Forbid running with `persistence true` and with a persistence plugin at the same time. - Build fixes for OpenBSD. - Fix static/shared linking of libwebsockets under cmake.

math/suitesparse-graphblas: upgrade to 10.3.1

math/primecount: upgrade to v8.2 Release notes at https://github.com/kimwalisch/primecount/releases/tag/v8.2

math/suitesparse[-config]: upgrade to v7.12.2 Release notes at https://github.com/DrTimothyAldenDavis/SuiteSparse/releases/tag/v7.12.2

lang/lfortran: upgrade to v0.60.0 Release notes at https://github.com/lfortran/lfortran/releases/tag/v0.60.0

textproc/ibus-typing-booster: upgrade to 2.30.3 Release notes at https://github.com/mike-fabian/ibus-typing-booster/releases/tag/2.30.3

math/gp2c: upgrade to 0.0.14pl1 Changelog at https://pari.math.u-bordeaux.fr/pub/pari/GP2C/gp2c-0.0.14pl1.changelog

math/octave-forge-sqlite: Update to 0.1.3.

emulators/dolphin-emu: Update to 2512 Release notes: https://fr.dolphin-emu.org/blog/2025/12/22/dolphin-progress-report-release-2512/

textproc/enchant2: unbreak build WITH=ZEMBEREK (+) Reported by: bulk -t

archivers/par2cmdline-turbo: Update to 1.4.0 Also, switch PLIST_FILES to pkg-plist.

audio/noctavox: Add new port NoctaVox is a lightweight, plug and play, TUI music player for local music. Features: - Gapless playback with queue support - Multi-format audio (mp3, m4a, wav, flac, ogg, opus) - Live library reloading - Custom themeing with hot reload - Vim-like keybindings - Waveform and oscilloscope visualization - Playlist management https://github.com/Jaxx497/NoctaVox

sysutils/elephant: Update to 2.19.2 Changelog: https://github.com/abenz1267/elephant/releases/tag/v2.19.2 Reported by: GitHub (watch releases)

multimedia/uxplay: Update to 1.73.2

audio/ft2-clone: Update to 2.04

www/SNIP: Update 1.1.1 => 1.1.2 Changelog: - Added PHP 8.4 compatibility. - Fixed broken QR images on PHP 8+. https://github.com/MercanoGlobal/SNIP/releases/tag/v1.1.2 While here remove unnecessary dir from MKDIR - COPYTREE_SHARE create it. PR: 293119

math/GiNaC: Update to 1.8.10.

various: Bump ports for Go default 1.24->1.25

www/pocket-id: Update to 2.2.0 ChangeLog: https://github.com/pocket-id/pocket-id/compare/v1.16.0...v2.2.0

editors/fresh: Update to 0.2.3

www/remark42: Set Go version to a range remark42 builds, tests, and (superficially) runs when build with go1.26. Mark the Go version as a minimum, not a pin.

sysutils/opentofu: Set Go version to a range tofu builds, tests, and (superficially) runs when built with go1.26. Mark the Go version as a minimum, not a pin.

lang/go124: Deprecate (expiry: one month from today)

math/nlopt: Fix build by removing unneeded patch After [1], files/CMakeLists.txt is not necessary any more. Fix build by removing this file. [1] https://github.com/stevengj/nlopt/commit/a5426ead8d8478c46201c21860e789e47f15c5a3 MFH: 2026Q1

security/vaultwarden: Update to 1.35.3

textproc/mdbook: Transfer maintainership to self Approved by: eduardo (private email) MFH: 2026Q1

net-mgmt/collectd5: Fix python hardcoded version PR: 293090

lang/go126: Add go 1.26 From https://go.dev/doc/go1.26: The latest Go release, version 1.26, arrives in February 2026, six months after Go 1.25. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. There are exciting updates in this new Go minor: - New Green Tea-based garbage collector that cuts GC overhead by an observed 10-40%. - cgo runtime overhead reduced by an observed 30%. - `go fix` has been rewritten as is now Go's official modernizer. In particular, it includes all of `go vet`'s heuristics, making it possible to fix the things that the latter identifies. - Heap base address is now randomized. - pprof can now (experimentally) identify leaked goroutines. - New crypto/hpke package includes support for quantum-vulnerable and post-quantum hybrid KEMs.