mail/mailpit: Update to 1.29.3 Improved ONLY_FOR_ARCHS_REASON message to better explain the supported architectures.

audio/subtui: Update to 2.10.0 Changelog: https://github.com/MattiaPun/SubTUI/releases/tag/v2.10.0

graphics/igt-gpu-tools: Fix builds since D49183

textproc/qo: Update to 0.3.1

sysutils/goaccess: Update to 1.10.1

games/widelands: update 1.2.1 → 1.3.1 PR: 293644 Tested by: thindil@laeran.pl.eu.org

games/luanti: update 5.14.0 → 5.15.1 PR: 293560 Tested by: giorgio.caculli@protonmail.com

astro/gpsprune: switch to default java version

astro/osmosis: switch to default java version

astro/josm: update 19439 → 19481 - Switch to latest supported openjdk - Simplify wrapper script, run with correct java

devel/omnilinter: update 0.7.0 → 0.7.1

games/linwarrior: deprecate

devel/cppcheck: update 2.19.1 → 2.20.0

www/awstats: Remove awdownloadcsv.pl (security vuln) Problem: awdownloadcsv.pl is vulnerable to command injection and path traversal, ref [1] and [2]. The GitHub issue [1] mentions that it is deprecated, and the readme does not list this file among the files that are (supposed to be) part of the distribution. Solution: This commit prevents awdownloadcsv.pl to be installed, thus removing the vulnerability. [1] https://github.com/eldy/AWStats/issues/276 [2] https://www.openwall.com/lists/oss-security/2026/03/08/8 While here, clean up sorting of IPV6_RUN_DEPENDS. PR: 293698 MFH: 2026Q1

x11/urxvt-perls: mark DEPRECATED The port was archived upstream (and upstream repository was renamed to https://github.com/xyb3rt/urxvt-perls: did that for completeness too). PR: 292161 Approved by: yuri (mentor) Signed-off-by: Eygene Ryabinkin <rea@FreeBSD.org>

textproc/kibana8: Fix path to executable in rc.d script PR: 284290 Approved by: blanket (fix runtime)

textproc/R-cran-highr: Update to 0.12 Add test dependencies. The port doesn't need compile so remove the build dependencies. Switch to DISTVERSION. Changelog: https://github.com/yihui/highr/releases/tag/v0.12

www/freenginx-devel: update from 1.29.5 to 1.29.6 Sponsored by: tipi.work <ChangeLog> *) Bugfix: incorrect "upstream server temporarily disabled" messages might be logged when using variables in the "proxy_pass" directive. *) Bugfix: retrying a request to the next gRPC upstream server might not work correctly. Thanks to David Carlier. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_filter_module was used. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used. *) Bugfix: in the ngx_http_uwsgi_module and ngx_http_scgi_module modules. *) Bugfix: in memory allocation error handling. </ChangeLog>

www/freenginx-devel: fix a third-party rds-csv dynamic module build Bump PORTREVISION. Sponsored by: tipi.work

graphics/ImageMagick7: Update to 7.1.2-16 Reported by: portscout!

archivers/pbzip2: Fix build on 14.4 In "stable/14" bmake was updated to version 20250707 after 1403507 and before 1403508. Check 3129c2094ecb0db5bf55c481c1a1f133ea01df76 for more info. PR: 290004 Reported by: Sebastian Oswald <sko@rostwald.de> Approved by: blanket (fix build)

net/ipxe: update g20260106 (ff6d612e) to g20260310 (013a4a93)

benchmarks/py-reframe-hpc: Update 4.9.1 => 4.9.2 Changelog: https://github.com/reframe-hpc/reframe/releases/tag/v4.9.2 - Replace "reframe_hpc" with "${PORTNAME:tl}". - Add NO_ARCH. PR: 293699

sysutils/usb_modeswitch: Update 2.6.0 => 2.6.2, data 20191128 => 20251207, take maintainership Changelogs: https://www.draisberghof.de/usb_modeswitch/ChangeLog https://www.draisberghof.de/usb_modeswitch/ChangeLogData Improve port: - Replace PORTVERSION with DISTVERSION. - Replace ".tar.bz2" with "${EXTRACT_SUFX}". - Fix warning from portlint. - Merge REINPLACE_CMD. - Split long lines in do-install. - Replace "${WRKSRC}/.." with "{WRKDIR}". PR: 293696

x11-fonts/libfontenc: update: 1.1.8 -> 1.1.9 PR: 293069 Exp-run by: antoine Approved by: x11 (maintainer, timeout >2 weeks) Sponsored by: tipi.work

www/py-django-recaptcha: Update to 4.1.0 * Switch to the PEP517 build framework. Changelog: https://github.com/django-recaptcha/django-recaptcha/releases/tag/4.1.0 PR: 291707 With hat: python

www/py-django-recaptcha: Fix stage QA issues * Fix poudriere bulk -t by partially restoring removed PKGNAMEPREFIX from fd2ba60b94f9: [...] ====> Running Q/A tests (stage-qa) Error: Package names are not unique with flavors: py311: django-recaptcha-4.1.0 py312: django-recaptcha-4.1.0 py313: django-recaptcha-4.1.0 py313t: django-recaptcha-4.1.0 py314: django-recaptcha-4.1.0 py310: django-recaptcha-4.1.0 Error: maybe use <flavor>_PKGNAMEPREFIX/SUFFIX. [...] Approved by: portmgr (build fix blanket) Fixes: fd2ba60b94f9 www/py-django-recaptcha: Update to 4.0.0

textproc/py-mkdocs-material: Update to 9.7.4 Changelog: https://github.com/squidfunk/mkdocs-material/releases/tag/9.7.4

graphics/py-sorl-thumbnail: Update to 13.0.0 Changelog: https://github.com/jazzband/sorl-thumbnail/releases/tag/13.0.0 PR: 293579 Approved by: Kevin Golding (maintainer)

devel/py-inline-snapshot: Update to 0.32.4 Changelog: https://github.com/15r10nk/inline-snapshot/releases/tag/0.32.4

devel/py-binaryornot: Update to 0.6.0 * Switch to the PEP517 build framework. * Make the port concurrent safe as it installs a script outside of Python's site-lib directory. * Update WWW to point to renamed upstream repository. * Modernize the test suite as well. Changelogs since 0.4.4: https://github.com/binaryornot/binaryornot/releases/tag/v0.5.0 https://github.com/binaryornot/binaryornot/releases/tag/v0.6.0

devel/lazygit: Update to 0.60.0 Changes: https://github.com/jesseduffield/lazygit/releases/tag/v0.60.0

www/radicale: Update to 3.6.1 Upstream switched from passlib to libpass but we don't have this in ports yet and passlib is still compatible so ignore this for the moment.

multimedia/kodi-addon-inputstream.adaptive: Update to 22.3.9

multimedia/kodi-addon-pvr.iptvsimple: Update to 22.6.4

multimedia/kodi-addon-pvr.hts: Update to 22.8.1

dns/dnscontrol: Update to 4.36.1

sysutils/zot: Update to 2.1.15

sysutils/zli: Update to 2.1.15

www/py-django-cms: Update to 5.0.6

www/tcexam: Update to 16.6.1

devel/py-ttkbootstrap: Update to 1.20.2 ChangeLog: https://github.com/israel-dryer/ttkbootstrap/releases/tag/v1.20.2 Reported by: Israel Dryer <notifications@github.com>

net-im/py-zapzap: Update to 6.3.4 ChangeLog: https://github.com/rafatosta/zapzap/releases/tag/6.3.4 Reported by: Rafael Tosta <notifications@github.com>

net-mgmt/telegraf: Upgrade to 1.38.0 Change the rc script to require login, since some custom setups would expect random services to be up and running and available for monitoring. Release notes: https://github.com/influxdata/telegraf/releases/tag/v1.38.0

www/py-fastapi: Update to 0.135.1 Enable `make test`

devel/py-pygit2: update to 1.19.1 Changes: https://github.com/libgit2/pygit2/blob/master/CHANGELOG.md

devel/py-virtualenv: Update to 21.2.0 ChangeLog: https://github.com/pypa/virtualenv/releases/tag/21.2.0 Reported by: "github-actions[bot]" <notifications@github.com>

devel/jenkins: Update to 2.554 Sponsored by: The FreeBSD Foundation

devel/py-python-discovery: Update to 1.1.2 ChangeLog: https://github.com/tox-dev/python-discovery/releases/tag/1.1.2 Reported by: Bernát Gábor <notifications@github.com>

www/forgejo-lts: Update to 11.0.11 Changelog: * https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.11.md MFH: 2026Q1

www/forgejo: Update to 14.0.3 Changelog: * https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/14.0.3.md MFH: 2026Q1

*/*: Bump port revision after electron40 update (24bf3f7633de)

devel/electron40: Update to 40.8.0 Changelog: - https://github.com/electron/electron/releases/tag/v40.7.0 - https://github.com/electron/electron/releases/tag/v40.8.0 Reported by: GitHub (watch releases)

sysutils/vm-bhyve-devel: Update to latest commit The upstream's master branch will become the future 1.8.0 release so 1.7.99 is used as a temporary version. Approved by: michaelo (vm-bhyve co-maintainer) Differential Revision: https://reviews.freebsd.org/D55688

filesystems/R-cran-fs: Update to 1.6.7 Changelog: https://cran.r-project.org/web/packages/fs/news/news.html

devel/cgit: update to v1.3 Changelog: https://lists.zx2c4.com/pipermail/cgit/2026-February/004968.html Change maintainer's address, was used in submitting bugs 227304. PR: 292688

sysutils/go-ntfy: Update to 2.18.0 * Bump golang version. * Set listen-http in server.yml instead of in the rc(8) script. ChangeLog: https://github.com/binwiederhier/ntfy/releases/tag/v2.18.0 PR: 293557

www/pocket-id: Update to 2.4.0 * Bump golang version. ChangeLog: https://github.com/pocket-id/pocket-id/releases/tag/v2.4.0 PR: 293687

devel/R-cran-later: Update to 1.4.8 Changelog: https://cran.r-project.org/web/packages/later/news/news.html

deskutils/qownnotes: update QOwnNotes to version 26.3.7 Fixes: f40485c6b3d9

www/py-a2wsgi: New port Convert WSGI app to ASGI app or ASGI app to WSGI app. Pure Python. Only depend on the standard library. Compared with other converters, the advantage is that a2wsgi will not accumulate the requested content or response content in the memory, so you don't have to worry about the memory limit caused by a2wsgi. This problem exists in converters implemented by uvicorn/startlette or hypercorn.

www/py-baize: New port Powerful and exquisite WSGI/ASGI framework/toolkit. Only relies on the standard library. The minimize implementation of methods required in the Web framework. No redundant implementation means that you can freely customize functions without considering the conflict with baize's own implementation.

Mk/Uses: Remove certs.mk It was a useful shorthand for the security/ca_root_nss dependency. However, several people disagreed. Can anybody explain why libedit.mk is there? It is also a one string substitution. Same with libarchive.mk.

misc/freebsd-release-manifests: Add 14.4-RELEASE MANIFEST files Approved by: re (implicit) Sponsored by: OpenSats Initiative

textproc/kibana8: Restore build,run args for USES+=nodejs If the nodejs version is specified, then the build,run arguments are not added. PR: 289759 Approved by: blanket (fix my previous commit) Fixes: 53012cd436a9 (Update 8.11.3 => 8.19.12)

textproc/kibana8: Update 8.11.3 => 8.19.12 Changelogs (there are 59 new versions): https://www.elastic.co/guide/en/kibana/8.19/release-notes-8.11.4.html . . . https://www.elastic.co/guide/en/kibana/8.19/release-notes-8.19.12.html - Add "MASTER_SITES+=LOCAL/vvd/kibana" for those who also can't download from the official website: "403 Forbidden". - Switch to default nodejs version 24. - Improve COMMENT - correct name is "Elasticsearch" without camel-case. - Use ${NODEJS_VERSION} instead of hardcoded nodejs version. - Remove unnecessary BUILD_DEPENDS - USES+=nodejs also adds it. - Remove default args build,run form USES+=nodejs. - Update CONFLICTS. - Fix warnings from portclippy. - Replace "${INSTALL} -l rs" with "${RLN}". - Update pkg-descr. - Improve pkg-message. PR: 289759 Approved by: elastic (maintainer, timeout > 5 months) Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>

math/R-cran-terra: Update to 1.9-1 - Set TESTING_UNSAFE ChangeLog: https://cran.r-project.org/web/packages/terra/news/news.html

net/boinc-client: Use Mk/Uses/certs.mk for certs:run Approved by: db@, yuri@ (Mentors, implicit)

sysutils/appjail{,-devel}: Enable OCI option by default

net/haproxy28: update to version 2.8.19.

net/haproxy26: update to version 2.6.24

net/haproxy24: update to version 2.4.31.

net/haproxy30: update to version 3.0.18.

net/haproxy33: update to version 3.3.5.

net/haproxy: update to version 3.2.14.

www/nextcloud-news: Update to 28.0.0

mail/nextcloud-mail: Update to 5.7.2

filesystems/xfuse: 0.6.0 The main new feature is support for XFS's Large Extent Counts feature. https://github.com/KhaledEmaraDev/xfuse/blob/main/CHANGELOG.md#060---2026-03-09 Sponsored by: ConnectWise

databases/mroonga: Ignore with mysql 8.4 PR: 291336 Reported by: exp-run Sponsored by: Netzkommune GmbH

databases/libgda5-mysql: Ignore with mysql 8.4 PR: 291336 Reported by: exp-run Sponsored by: Netzkommune GmbH

www/*nginx*: Update 3-party modul passenger Update third-party modul passenger to 6.1.2 PR: 292546 Sponsored by: Netzkommune GmbH

www/firefox: update to 148.0.2 (rc1) Release Notes (soon): https://www.firefox.com/en-US/firefox/148.0.2/releasenotes/

lang/perl5.42: update to 5.42.1

benchmarks/clpeak: update to 1.1.6 Changes: https://github.com/krrishnarraj/clpeak/releases/tag/1.1.6 Reported by: GitHub (watch releases)

x11/swaylock: update to 1.8.5 Changes: https://github.com/swaywm/swaylock/releases/tag/v1.8.5 Reported by: GitHub (watch releases)

x11/xfce4-terminal: Update to 1.2.0

graphics/ristretto: Update to 0.14.0

security/courier-authlib: Switch to LIB_DEPENDS for module dependencies PR: 293399

mail/courier-imap: Clean up a and modernize Makefile - Use bsd.port.options.mk instead of pre/post mk - Apply portlint and portclippy suggestions PR: 293399

cad/xyce: Add USES=certs:test

net/rubygem-octokit-gitlab: Change RUN_DEPENDS from rubygem-sawyer to rubygem-sawyer-gitlab - Bump PORTREVISION for dependency change

www/rubygem-sawyer: Change RUN_DEPENDS from rubygem-faraday1 to rubygem-faraday - Bump PORTREVISION for dependency change

www/rubygem-roda: Update to 3.101.0 Changes: https://github.com/jeremyevans/roda/blob/master/CHANGELOG https://roda.jeremyevans.net/rdoc/files/CHANGELOG.html

textproc/rubygem-ox: Update WWW

sysutils/rubygem-sys-uname: Update to 1.5.0 Changes: https://github.com/djberg96/sys-uname/blob/main/CHANGES.md

sysutils/rubygem-rubyipmi: Update to 0.13.0 Changes: https://github.com/logicminds/rubyipmi/blob/main/CHANGELOG.md Security: CVE-2026-0980

sysutils/rubygem-ohai18: Update RUN_DEPENDS - Change RUN_DEPENDS from rubygem-chef-config to rubygem-chef-config18 - Change RUN_DEPENDS from rubygem-chef-utils to rubygem-chef-utils18 - Bump PORTREVISION for dependency change

sysutils/rubygem-hammer_cli_foreman: Update to 3.18.0 Changes: https://github.com/theforeman/hammer-cli-foreman/releases

sysutils/rubygem-hammer_cli: Update to 3.18.0 Changes: https://github.com/theforeman/hammer-cli/releases

net/rubygem-octokit4: Change RUN_DEPENDS from rubygem-faraday1 to rubygem-faraday - Bump PORTREVISION for dependency change