| Commits from the 2026Q2 branch |
|
FreshPorts has everything you want to know about FreeBSD software, ports, packages,
applications, whatever term you want to use.
Yesterday's Commits | Main Branch
|
|
Thursday, 28 May 2026
|
14:54 Jochen Neumeister (joneum)  Author: Matthias Andree 2026Q2
graphics/openexr*: update to 3.4.12
Changelog:
https://github.com/AcademySoftwareFoundation/openexr/releases/tag/v3.4.12
PR: 295508
Sponsored by: Netzkommune GmbH
(cherry picked from commit ef0ad05a4431882e1739ca480bef00064ad74b5c)
    d1ff322 |
14:33 Dag-Erling Smørgrav (des) 2026Q2
Mk/bsd.port.mk: Add EXTRACT_ENV
Add an EXTRACT_ENV variable which defaults to LC_ALL=C.UTF-8. We set
LC_ALL=C globally to ensure our scripts work the way we intend them to,
but this causes tar and unzip to fail to extract distfiles containing
names that cannot be expressed in ASCII. This was previously masked by
a bug in libarchive which caused tar and unzip to fail to notice that
these names were unconvertible and just pass them through unchanged.
MFH: 2026Q2
Reviewed by: bapt
Differential Revision: https://reviews.freebsd.org/D57295
(cherry picked from commit 98103f19430200b36e9adcb10ed8831ce9ffc42f)
e3ac6cd |
11:36 Yusuf Yaman (nxjoseph) Author: Mintsuki 2026Q2
- sysutils/limine 12.3.2
Modern, secure, portable, multiprotocol bootloader and boot manager
sysutils/limine: Update 12.2.0 => 12.3.2
While here, update COMMENT and pkg-descr.
Changelog:
https://github.com/Limine-Bootloader/Limine/blob/v12.3.2/ChangeLog
PR: 295658
Reported by: mintsuki@protonmail.com (maintainer)
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit 1a858c328a8eaacf32106b5f4fb887559c0e7061)
9d3a633 |
10:13 Yusuf Yaman (nxjoseph) Author: Eric Camachat 2026Q2
chinese/ibus-rime: Update 1.6.0 => 1.6.1
While here, add missing depends from stage-qa
Changelog:
https://github.com/rime/ibus-rime/blob/1.6.1/CHANGELOG.md
Commit log:
https://github.com/rime/ibus-rime/compare/1.6.0...1.6.1
PR: 295612
Reported by: Eric Camachat <eric@camachat.org> (maintainer)
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit 71ff0031321ee94450c6678dffa5abe870040a78)
daffc46 |
01:00 Jan Beich (jbeich) 2026Q2
games/veloren-weekly: update to s20260527
Changes: https://gitlab.com/veloren/veloren/-/compare/c6791e6e3c...addd09fb764
(cherry picked from commit 50aa2c1cc258dd977967f6babe3f9efd5038a269)
eebfa63 |
|
Wednesday, 27 May 2026
|
20:45 Vladimir Druzenko (vvd) Author: Thomas Morper 2026Q2
net-im/prosody: Update 13.0.5 => 13.0.6
Changelog:
https://prosody.im/doc/release/13.0.6
PR: 295652
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 24b798e3a390225c454070a196569cf98b35d0a8)
542d1ec |
12:54 Michael Osipov (michaelo) 2026Q2
sysutils/edk2: Depend on GCC at build time only
EDK2 produces self-contained binary runtime data which do not require GCC at
runtime, but only at build time.
Reviewed by: fuz
MFH: 2026Q2
Differential Revision: https://reviews.freebsd.org/D57187
(cherry picked from commit 64e6ea052e3a1b183f83867e303b289fe1eb88e1)
f0b8a9f |
11:47 Mikael Urankar (mikael) 2026Q2
- www/rt60 6.0.3
Industrial-grade ticketing system written in Perl
www/rt60: Update to 6.0.3
This release fixes the following vulnerabilities:
CVE-2026-44231
CVE-2026-41075
CVE-2026-41076
CVE-2026-41074
CVE-2026-44228
CVE-2026-6841
CVE-2026-44227
CVE-2026-44230
CVE-2026-44229
CVE-2026-41073
Changelog: https://github.com/bestpractical/rt/releases/tag/rt-6.0.3
PR: 295470
Approved by: Einar Bjarni Halldórsson (maintainer)
(cherry picked from commit ba1312cbebd82934c221d4758d838e2f10b6c4e1)
8b674e6 |
11:46 Mikael Urankar (mikael) 2026Q2
devel/p5-Time-ParseDate: Update to 2026.033
(cherry picked from commit 074974309dab80a91e11b6d01837cef9447315ea)
8a15123 |
|
Tuesday, 26 May 2026
|
21:46 Thomas Zander (riggs) 2026Q2
multimedia/mkvtoolnix: Update to upstream release 99.0
Details:
- New features and enhancements, as well as bug fixes, see:
https://mkvtoolnix.download/doc/NEWS.md
MFH: 2026Q2
(cherry picked from commit 5ee4c1c22abfb2dbea37a2eac348fe4d742460ca)
a2183bb |
18:17 Charlie Li (vishwin) 2026Q2
- lang/python310 3.10.20_2
Interpreted object-oriented programming language
- lang/python311 3.11.15_2
Interpreted object-oriented programming language
- lang/python312 3.12.13_2
Interpreted object-oriented programming language
lang/python31{0,1,2}: reroll PATCHFILES after repository growth
Each commit checksum now shows one additional character, but the
diff contents are identical.
PR: 295595
(cherry picked from commit 4b4b105e82c91455a47ca32c79525a88a60b8616)
d81083b |
15:23 Lexi Winter (ivy) 2026Q2
textproc/source-highlight: Add --with-boost
Otherwise, it fails to find Boost.Regex when LOCALBASE is not
/usr/local.
PR: 288761
Reviewed by: arrowd
Approved by: arrowd (ports), maintainer (timeout, 9 months)
Differential Revision: https://reviews.freebsd.org/D57125
(cherry picked from commit 20ee6d87ee7a74a8a843e393ed03146736506839)
41c83aa |
05:45 Yusuf Yaman (nxjoseph) 2026Q2
editors/gobby: Update WWW and MASTER_SITES
For MASTER_SITES, releases.0x539.de redirects directly to GitHub,
so we are downloading static source archive from GitHub now.
For WWW homepage, it's no longer alive, so replace it with up-to-date one.
Reported by: repology
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit bb4abd59743ea7ffcc040330bc77c5c0f0a07962)
dad78fe |
05:24 Yusuf Yaman (nxjoseph) 2026Q2
graphics/gowall: Fix fetch
The PATCH_SITES field was wrong.
Reported by: pkg-fallout
Approved by: osa, vvd (Mentors, implicit)
Fixes: 8391f23c71e2
MFH: 2026Q2
(cherry picked from commit 460ead9aa4e23f7a58251b20b30defb80396f24d)
34731f9 |
|
Monday, 25 May 2026
|
21:21 Yusuf Yaman (nxjoseph) 2026Q2
graphics/gowall: Update 0.2.3 => 0.2.4
Changelog:
https://github.com/Achno/gowall/releases/tag/v0.2.4
Differential Revision: https://reviews.freebsd.org/D56348
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit 1dd7b2aff21362f48fc4f9cdeb12d0b5007f4d3b)
8391f23 |
19:04 Christoph Moench-Tegeder (cmt) 2026Q2
- www/firefox 151.0.2,2
Web browser based on the browser portion of Mozilla
www/firefox: update to 151.0.2 (rc1)
Release Notes (soon):
https://www.firefox.com/en-US/firefox/151.0.2/releasenotes/
(cherry picked from commit 62b655e5e2d5f37290f88a684c6cdd95bc5d6ecd)
7b56985 |
07:51 Baptiste Daroussin (bapt) 2026Q2
multimedia/jellyfin: update to 10.11.10
Release notes:
- Fix GHSA-f47c-m7gr-q92j, GHSA-jg92-mrxq-vv75, GHSA-wwwm-px48-fpvq (security)
- Fix stale UserData cache
- Fix/user manager collation
- Fix XSS in listview (jellyfin-web)
(cherry picked from commit 88ee059d8dfde92a07114891f104892f4f1fe6ec)
796f109 |
07:51 Baptiste Daroussin (bapt) 2026Q2
multimedia/jellyfin: update to 10.11.8
(cherry picked from commit fb5be169620dc37f850f5b44902ef101a376708f)
8ff6253 |
|
Sunday, 24 May 2026
|
21:46 Älven (alven) 2026Q2
- net/krakend-ce 2.13.6
High-performance, stateless, declarative, API Gateway
net/krakend-ce: Security update 2.13.5 => 2.13.6
Security CVEs - May 2026
Source: Go Security Team announcements
https://github.com/krakend/krakend-ce/pull/1094
Approved by: db@, yuri@ (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit 681bbaf14e8561d7758e61e4986969fd060b1f68)
6368c6b |
21:33 Christoph Moench-Tegeder (cmt) 2026Q2
mail/thunderbird-esr: udpate to 140.11.1 (rc1)
Release Notes (soon):
https://www.thunderbird.net/en-US/thunderbird/140.11.1esr/releasenotes/
(cherry picked from commit bbacdf7dd09de522eb24829254477e8ec404f700)
cf08ce3 |
20:28 Nuno Teixeira (eduardo) 2026Q2
- math/R-cran-NMF 0.28_1
Algorithms and Framework for Nonnegative Matrix Factorization
math/R-cran-NMF: Take maintainership
- Add tests
- Organize depends (portfmt)
MFH: 2026Q2
(cherry picked from commit 8f920179d5f461e61c44cef11dc8ddf8111a8840)
569586c |
07:49 Jochen Neumeister (joneum) Author: Matthias Andree 2026Q2
- security/putty 0.84
Secure shell and telnet client including xterm emulator
security/putty: Update to 0.84
Changelog: https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
PR: 295501
Sponsored by: Netzkommune GmbH
(cherry picked from commit 7c5dcd59e0ad4cd9050a5e5704c54fc20f4f66ec)
5df3619 |
|
Saturday, 23 May 2026
|
23:57 Vladimir Druzenko (vvd) Author: Martin Filla 2026Q2
- www/librewolf 151.0.1
Custom version of Firefox, focused on privacy, security and freedom
www/librewolf: Update 151.0.1-1 => 151.0.1-2
Commit log:
https://codeberg.org/librewolf/source/compare/151.0.1-1...151.0.1-2
PR: 295514
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 1bbf1741677fce10343e5676a42985af736bf766)
c70d358 |
16:15 Christoph Moench-Tegeder (cmt) 2026Q2
- mail/thunderbird 151.0.1
Mozilla Thunderbird is standalone mail and news that stands above
mail/thunderbird: update to 151.0.1 (rc1)
Release Notes (soon):
https://www.thunderbird.net/en-US/thunderbird/151.0.1/releasenotes/
(cherry picked from commit 402fd12f43078570c6dbfdd1d2d84f4cd18f6b42)
e0e1207 |
15:14 Jochen Neumeister (joneum) 2026Q2
www/nginx: Update to 1.30.2
Changes with nginx 1.30.2 22 May
2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with overlapping captures in
ngx_http_rewrite_module, potentially resulting in arbitrary code
execution (CVE-2026-9256).
Thanks to Mufeed VH of Winfunc Research.
PR: 295498
Sponsored by: Netzkommune GmbH
70912bf |
11:46 Dag-Erling Smørgrav (des) 2026Q2
- lang/mit-scheme 12.1_1
MIT Scheme: includes runtime, compiler, and edwin binaries
lang/mit-scheme: Unbreak with llvm 20 and newer
PR: 295431
MFH: 2026Q2
Reviewed by: olgeni
Differential Revision: https://reviews.freebsd.org/D57191
(cherry picked from commit d4b99bae027fc28d8cb5ff884a0c1b6f6569164f)
73a7036 |
07:34 Vladimir Druzenko (vvd) Author: Martin Filla 2026Q2
- www/librewolf 151.0.1
Custom version of Firefox, focused on privacy, security and freedom
www/librewolf: Update 151.0 => 151.0.1
Release Notes:
https://www.firefox.com/en-US/firefox/151.0.1/releasenotes/
PR: 295507
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 5c219cbe19c6a18bb8050a6bea79fd3dd50d7c83)
9941e70 |
07:21 Mathieu Arnold (mat) 2026Q2
textproc/p5-XML-LibXML: update to 2.0213
Security: CVE-2026-8177
(cherry picked from commit 07486500125f010d29a87cd62b0d76313acfa586)
0740654 |
06:58 Mathieu Arnold (mat) Author: Fabian Wenk 2026Q2
net/p5-Net-CIDR-Lite: update to 0.24
PR: 295364
Security: CVE-2026-45190, CVE-2026-45191
(cherry picked from commit 074864608a00d6f87dd1316862d4404ff6e2664f)
0740653 |
00:29 Colin Percival (cperciva) 2026Q2
misc/freebsd-release-manifests: Add 15.1-RC1 MANIFEST files
Approved by: re (implicit)
Sponsored by: OpenSats Initiative
(cherry picked from commit d594d1baf332954f20f2c11cb1c1b11521236095)
522a833 |
|
Friday, 22 May 2026
|
17:14 Vladimir Druzenko (vvd) Author: Denny Page 2026Q2
net-mgmt/andwatch: Update 2.3.0 => 2.4.0
Changelog:
https://github.com/dennypage/andwatch/releases/tag/v2.4.0
PR: 295420
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit cfcfd6629ada350a0a7b9dd26e6614f8ebfdb747)
7f72ab5 |
17:14 Vladimir Druzenko (vvd) Author: Denny Page 2026Q2
net-mgmt/andwatch: Update 2.2.0 => 2.3.0
Changelog:
https://github.com/dennypage/andwatch/releases/tag/v2.3.0
PR: 294818
Sponsored by: UNIS Labs
(cherry picked from commit 4eb1378d01f24f6d958d9a3fbf931ea3ebd77131)
ee17f76 |
16:41 Vladimir Druzenko (vvd) Author: Denny Page 2026Q2
net/dpinger: Update 3.4 => 3.5
Changelog:
https://github.com/dennypage/dpinger/releases/tag/v3.5
PR: 295419
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 8a53aedbb11dce0401ecb3f13fe8f71009d3a651)
0a0b538 |
16:33 Vladimir Druzenko (vvd) Author: Denny Page 2026Q2
net/mdns-bridge: Update 2.4.0 => 2.5.0
Changelog:
https://github.com/dennypage/mdns-bridge/releases/tag/v2.5.0
PR: 295421
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 8a12e7e98f241d965afeb8dd14c553ecfed4e990)
42288b7 |
16:33 Vladimir Druzenko (vvd) Author: Denny Page 2026Q2
net/mcast-bridge: Update 1.3.0 => 1.4.0
Changelog:
https://github.com/dennypage/mcast-bridge/releases/tag/v1.4.0
PR: 295423
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 696eba72e3395402bf0a4a22b04b0ac93db5e4f9)
992b275 |
13:53 Robert Clausecker (fuz) 2026Q2
audio/radiotrope: fix build on armv7
The usual issue of time_t being 64 bits on armv7 despite it being a
32 bit platform. Refactor the time conversion code to just use i64
throughout, avoiding any type conversion issues.
Approved by: portmgr (build fix blanket)
MFH: 2026Q2
(cherry picked from commit 0c9905d54dedcf8763df802a01beb2ea3d4ac4a0)
73efa69 |
12:12 Po-Chuan Hsieh (sunpoet) 2026Q2
lang/ruby40: Update to 4.0.5
- Remove USE_LOCALE workaround [1]
Changes: https://github.com/ruby/ruby/releases
https://github.com/ruby/ruby/blob/master/NEWS.md
https://www.ruby-lang.org/en/news/2026/05/20/ruby-4-0-5-released/
Security: CVE-2026-46727
Reference: https://bugs.ruby-lang.org/issues/22065 [1]
(cherry picked from commit 276529287f4dc5b0812fbd0ff978c7be40ca01b9)
c046ba1 |
11:20 Mikael Urankar (mikael) Author: Jaap Aarts 2026Q2
- net-im/signal-cli 0.14.1,1
Command-line and D-Bus interface for Signal and libsignal-service-java
net-im/signal-cli: Update to 0.14.1
PR: 293378
(cherry picked from commit 5c38531b4b8a236d79b5f980e8e27f90d9382a34)
eac0ddc |
11:20 Mikael Urankar (mikael) Author: Jaap Aarts 2026Q2
net-im/libsignal: Update to 0.87.5
PR: 293378
(cherry picked from commit bb40db9f457e7bce816f907a0dcba55d329772dd)
db54434 |
07:21 Po-Chuan Hsieh (sunpoet) 2026Q2
- lang/ruby40 4.0.4,1
Object-oriented interpreted scripting language
lang/ruby40: Update to 4.0.5
- Remove USE_LOCALE workaround [1]
Changes: https://github.com/ruby/ruby/releases
https://github.com/ruby/ruby/blob/master/NEWS.md
https://www.ruby-lang.org/en/news/2026/05/20/ruby-4-0-5-released/
Security: CVE-2026-46727
Reference: https://bugs.ruby-lang.org/issues/22065 [1]
(cherry picked from commit ca2f7feeb9400074a0337d54b97329f635f1d4b2)
2092106 |
07:21 Po-Chuan Hsieh (sunpoet) 2026Q2
lang/ruby40: Update to 4.0.4
Changes: https://github.com/ruby/ruby/releases
https://github.com/ruby/ruby/blob/master/NEWS.md
https://www.ruby-lang.org/en/news/2026/05/11/ruby-4-0-4-released/
(cherry picked from commit 81ce8cb5b0cb97f34653f15f622398ef55771d86)
920dd17 |
07:21 Po-Chuan Hsieh (sunpoet) 2026Q2
lang/ruby40: Update to 4.0.3
Changes: https://github.com/ruby/ruby/releases
https://github.com/ruby/ruby/blob/master/NEWS.md
https://www.ruby-lang.org/en/news/2026/04/21/ruby-4-0-3-released/
(cherry picked from commit a5a7f09dcf62b516c9df70818b2346268cb1dcba)
ea1049c |
05:47 Po-Chuan Hsieh (sunpoet) 2026Q2
lang/ruby40: Update to 4.0.2
Changes: https://github.com/ruby/ruby/releases
https://github.com/ruby/ruby/blob/master/NEWS.md
https://www.ruby-lang.org/en/news/2026/03/16/ruby-4-0-2-released/
(cherry picked from commit 3beed56b8ee160b87c32b87598820a94f30a853e)
df39da3 |
00:23 Ashish SHUKLA (ashish) 2026Q2
security/tailscale: Update to 1.98.3
MFH: 2026Q2
(cherry picked from commit dad24dc5362f78a860065f14ca41276161491da1)
6299553 |
|
Thursday, 21 May 2026
|
18:43 Po-Chuan Hsieh (sunpoet) 2026Q2
science/libaec: Update to 1.1.7
Changes: https://github.com/Deutsches-Klimarechenzentrum/libaec/releases
https://github.com/Deutsches-Klimarechenzentrum/libaec/blob/master/CHANGELOG.md
(cherry picked from commit 8838fc816ee42e0f5baa780903eec2fe62ff2648)
0eb3a21 |
18:43 Po-Chuan Hsieh (sunpoet) 2026Q2
science/libaec: Update to 1.1.6
- Update MASTER_SITES
- Update WWW
Changes: https://github.com/Deutsches-Klimarechenzentrum/libaec/releases
https://github.com/Deutsches-Klimarechenzentrum/libaec/blob/master/CHANGELOG.md
(cherry picked from commit 997a5a919a7218a4d8064a2fa1e027dd1cca8878)
eafe57e |
18:43 Po-Chuan Hsieh (sunpoet) 2026Q2
devel/opentelemetry-cpp: Update to 1.27.0
Changes: https://github.com/open-telemetry/opentelemetry-cpp/releases
(cherry picked from commit a02c1349eac7dfd1f9e7ee9bfe7b515094614a3b)
3263b4f |
18:43 Po-Chuan Hsieh (sunpoet) 2026Q2
devel/opentelemetry-cpp: Update to 1.26.0
Changes: https://github.com/open-telemetry/opentelemetry-cpp/releases
(cherry picked from commit d16edd172a7c1c99fc442458a01b927821681641)
d66ff23 |
18:00 Christoph Moench-Tegeder (cmt) 2026Q2
- www/firefox 151.0.1,2
Web browser based on the browser portion of Mozilla
www/firefox: update to 151.0.1
Release Notes:
https://www.firefox.com/en-US/firefox/151.0.1/releasenotes/
(cherry picked from commit e92636d5b1b7ad1e36e87e63ec8a81b2784e0adb)
0da986b |
13:21 Robert Nagy (rnagy) 2026Q2
www/iridium: update to 2026.05.148.2
3b5cb962 |
13:18 Robert Nagy (rnagy) 2026Q2
www/ungoogled-chromium: update to 148.0.7778.178
Security: https://vuxml.freebsd.org/freebsd/da4d7162-4aa3-11f1-b189-a8a1599412c6.html
afda8f1 |
13:16 Robert Nagy (rnagy) 2026Q2
- www/chromium 148.0.7778.178
Google web browser based on WebKit
www/chromium: update to 148.0.7778.178
Security: https://vuxml.freebsd.org/freebsd/da4d7162-4aa3-11f1-b189-a8a1599412c6.html
fd3758e |
11:10 Mikael Urankar (mikael) 2026Q2
- www/rt50 5.0.10
Industrial-grade ticketing system written in Perl
www/rt50: Update to 5.0.10
This release fixes the following vulnerabilities:
CVE-2026-44231
CVE-2026-41075
CVE-2026-41076
CVE-2026-6841
CVE-2026-44227
CVE-2026-44230
CVE-2026-44229
CVE-2026-41073
Changelog: https://github.com/bestpractical/rt/releases/tag/rt-5.0.10
(cherry picked from commit c9eb2148d0e97027d1cf79f79c33f416641c5924)
ee5ab1d |
10:20 Rodrigo Osorio (rodrigo) 2026Q2
- net/rsync 3.4.3
Network file distribution/synchronization utility
net/rsync: update 3.4.2 -> 3.4.3
Changelog: https://download.samba.org/pub/rsync/NEWS#3.4.3
In addition to the six CVE fixes, this release adds defence-in-depth
hardening on several adjacent paths.
Other changes:
- Fixed a regression introduced by the 3.4.0 secure_relative_open() CVE fix
- secure_relative_open() now uses openat2(O_RESOLVE_BENEATH) on FreeBSD 13+
Security: CVE-2026-29518
Security: CVE-2026-43617
Security: CVE-2026-43618
Security: CVE-2026-43619
Security: CVE-2026-43620
Security: CVE-2026-45232
(cherry picked from commit f4f3b3e9632f321d690ba950e9baa79dabad7275)
04a1b01 |
09:29 Rodrigo Osorio (rodrigo) 2026Q2
net/rsync: update 3.4.1 -> 3.4.2
Changelog: https://download.samba.org/pub/rsync/NEWS#3.4.2
Major changes:
- Fixed a signed integer overflow in the PROXY protocol v2 header parser
- Fixed an invalid access to the files array
- Reject negative token values in the compressed-stream token decoder
- Fixed the element count passed to the xattr qsort()
- Fixed a buffer underflow in clean_fname()
- Fixed an uninitialized mul_one in the AVX2 get_checksum1 path (undefined
behaviour)
- Fixed an uninitialized buf1 on the first call to get_checksum2() in the
MD4 path
- Zero all new memory from internal allocations
- Removed support for the unmaintained rsync-patches archive
Port changes:
- Remove File system flags support (--fileflags)
PR: 295044
Reported by: Sven Siegmund <sven.siegmund@gmail.com>
(cherry picked from commit 3f345476b5ca39b55f3d9f2223072da96783475d)
ec67ef4 |
09:26 Rodrigo Osorio (rodrigo) 2026Q2
net/rsync: revert to single package without Python dependency
Restore the previous setup with a single net/rsync package that includes
the rrsync script but does not depend on Python.
Users who require the rrsync script must install Python separately,
as indicated in the install message.
Bump PORTREVISION
This reverts commit fc42790ae011acedf0195c7d31b1cf63b8c02155.
This reverts commit f02bc3be718072b75bd291f81f66b7f15865f535.
PR: 286073
(cherry picked from commit b350a4db575c9bea83ec5d7028066aa7bf91a9bb)
d1bc05a |
07:34 Mikael Urankar (mikael) 2026Q2
databases/p5-DBIx-SearchBuilder: Update to 1.85
(cherry picked from commit 860193b8cab8521e88100c4a40b6c43eed96e1c6)
7b1c031 |
|
Wednesday, 20 May 2026
|
21:58 Jan Beich (jbeich) 2026Q2
x11/xwayland-satellite: install man page after 06d0f75724e2
Obtained from: OpenBSD Ports
(cherry picked from commit c053663b583bd4ed5d1e92da7327ae3176b47742)
530483d |
21:58 Jan Beich (jbeich) 2026Q2
games/veloren-weekly: update to s20260520
Changes: https://gitlab.com/veloren/veloren/-/compare/50376dc2e4...c6791e6e3c
(cherry picked from commit a5d5f4eb64b7cd0b05561e29eb2c8d9e3140aa4c)
33d1877 |
20:02 Max Brazhnikov (makc) 2026Q2
- net-im/kaidan 0.15.0_2
User-friendly XMPP client for every device
net-im/kaidan: add missing runtime dependency
PR: 295455
Reported by: Sarah Quartz the BSD gal
(cherry picked from commit 8b3dacee2b74759652d8ba11c186cdf5551b1820)
7a4d1a7 |
19:56 Vladimir Druzenko (vvd) Author: Martin Filla 2026Q2
- www/librewolf 151.0
Custom version of Firefox, focused on privacy, security and freedom
www/librewolf: Update 150.0.3-1 => 151.0-1
Release Notes:
https://www.firefox.com/en-US/firefox/151.0/releasenotes/
PR: 295437
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 39a96cc33eeb61fcaeb53819d1b70e1e0693c613)
c5fd5d5 |
19:16 Nuno Teixeira (eduardo) 2026Q2
- x11-wm/cwm 7.9
Minimalistic window manager for X11 based on evilwm
x11-wm/cwm: Update to 7.9
ChangeLog:
2026-05-19: Tenth public release 7.9 of portable cwm.
Changes made between OpenBSD 7.6 and 7.7:
* Grab the pointer against the root window instead of the client we're
attempting to move and/or resize; prevents XNextEvent() from
blocking on a client that might have been moved to a Withdrawn
state.
Changes made between OpenBSD 7.7 and 7.8:
* Add cwmrc(5) window-snap-center function.
Changes made between OpenBSD 7.8 and 7.9:
* Have cwm(1) handle Meta release as a separate mod key.
MFH: 2026Q2
(cherry picked from commit 21a6c2722772c4996c6ed5026a7584b4ea0296f9)
84f15ff |
17:57 Jochen Neumeister (joneum) 2026Q2
databases/mysql84-{server|client}: Update to 8.4.9
Bugs Fixed
Fixed an issue relating to Information Schema privileges. (Bug
The SQL parser consumed a large amount of memory when parsing very
large queries with many large IN clauses.
As of this release, the SQL parser's memory management has been
improved. (Bug #105004, Bug #33390851)
Changelog: https://dev.mysql.com/doc/relnotes/mysql/8.4/en/news-8-4-9.html
Sponsored by: Netzkommune GmbH
(cherry picked from commit 1b42326479db2f9e9d7fd318fda10af1c038145e)
2996aa1 |
17:57 Jochen Neumeister (joneum) 2026Q2
databases/mysql80-{client, server}: Update to 8.0.46
Bugs Fixed
Fixed an issue relating to Information Schema privileges. (Bug
The SQL parser consumed a large amount of memory when parsing very
large queries with many large IN clauses.
As of this release, the SQL parser's memory management has been
improved. (Bug #105004, Bug #33390851)
Changelog: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-46.html
Sponsored by: Netzkommune GmbH
(cherry picked from commit cac58f6a5f7b6a2a2f0ba5ee17a996ac2ab3baac)
3b1b613 |
17:18 Bernard Spil (brnrd) 2026Q2
databases/mariadb106-server: Security update to 10.6.26
Security: 31b7e7bc-5358-11f1-8b62-8447094a420f
MFH: 2026Q2
(cherry picked from commit c53bbf39677aa95395a9720d6795ccc1ded60739)
9fee574 |
17:18 Bernard Spil (brnrd) 2026Q2
databases/mariadb1011-server: Security update to 10.11.17
Security: 31b7e7bc-5358-11f1-8b62-8447094a420f
MFH: 2026Q2
(cherry picked from commit af2290dd7c4551abca5b5eeef672afd172cf3793)
be7f31f |
17:17 Bernard Spil (brnrd) 2026Q2
databases/mariadb114-server: Security update to 11.4.11
Security: 31b7e7bc-5358-11f1-8b62-8447094a420f
MFH: 2026Q2
(cherry picked from commit d8de7ad67a1ae4e28687597e941548c27fab6a07)
d745465 |
17:17 Bernard Spil (brnrd) 2026Q2
databases/mariadb118-server: Security update to 11.8.7
Security: 31b7e7bc-5358-11f1-8b62-8447094a420f
MFH: 2026Q2
(cherry picked from commit fc62e84a1328f9f8ca7f7e55852af8a4b0152fd4)
60c4874 |
16:03 Mathieu Arnold (mat) 2026Q2
- dns/bind-tools 9.20.23
Command line tools from BIND: delv, dig, host, nslookup...
- dns/bind9-devel 9.21.22
BIND DNS suite with updated DNSSEC and DNS64
dns/bind9-devel: update to 9.21.22
Changes: https://downloads.isc.org/isc/bind9/9.21.22/doc/arm/html/notes.html#notes-for-bind-9-21-22
Security: CVE-2026-3592, CVE-2026-3039, CVE-2026-5946,
CVE-2026-5950, CVE-2026-5947, CVE-2026-3593
(cherry picked from commit 074766800a3726261e66db0e93b668fc8f93514a)
0740613 |
16:03 Mathieu Arnold (mat) 2026Q2
- dns/bind-tools 9.20.23
Command line tools from BIND: delv, dig, host, nslookup...
- dns/bind920 9.20.23
BIND DNS suite with updated DNSSEC and DNS64
dns/bind920: update to 9.20.23
Changes: https://downloads.isc.org/isc/bind9/9.20.23/doc/arm/html/notes.html#notes-for-bind-9-20-23
Security: CVE-2026-3592, CVE-2026-3039, CVE-2026-5946,
CVE-2026-5950, CVE-2026-5947, CVE-2026-3593
(cherry picked from commit 074766706898a05719a5132d2f64ffbd7ff06fdc)
0740612 |
16:02 Mathieu Arnold (mat) 2026Q2
- dns/bind918 9.18.49
BIND DNS suite with updated DNSSEC and DNS64
dns/bind918: update to 9.18.49
Changes: https://downloads.isc.org/isc/bind9/9.18.49/doc/arm/html/notes.html#notes-for-bind-9-18-49
Security: CVE-2026-3592, CVE-2026-3039, CVE-2026-5946, CVE-2026-5950
(cherry picked from commit 07476660ecf8d62b8a3cb8db23990bb742f6e4bc)
0740611 |
14:53 Vladimir Druzenko (vvd) Author: Martin Filla 2026Q2
www/waterfox: Update 6.6.12 => 6.6.13
Release Notes:
https://www.waterfox.com/releases/6.6.13/
PR: 295436
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit ca8fb53dcf4d3969a62d4d2f71ff6c2f3f39551d)
2c23682 |
14:34 R. Christian McDonald (rcm) Author: Herbert J. Skuhra 2026Q2
- dns/unbound 1.25.1
Validating, recursive, and caching DNS resolver
dns/unbound: Update 1.25.0 => 1.25.1
News:
https://www.nlnetlabs.nl/news/2026/May/20/unbound-1.25.1-released/
PR: 295442
Reported by: Herbert J. Skuhra <herbert@gojira.at>
Approved by: Jaap Akkerhuis <jaap@NLnetLabs.nl> (maintainer)
MFH: 2026Q2
Security: CVE-2026-33278
Security: CVE-2026-42944
Security: CVE-2026-42959
Security: CVE-2026-32792
Security: CVE-2026-40622
Security: CVE-2026-41292
Security: CVE-2026-42534
Security: CVE-2026-42923
Security: CVE-2026-42960
Security: CVE-2026-44390
Security: CVE-2026-44608
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 310af4aec441f3ff8be7532650e443a8214ee634)
2fa25fb |
08:41 Vanilla I. Shu (vanilla) 2026Q2
databases/pgactive: Fix building with latest postgresql18-server.
(cherry picked from commit dfb9590e725eb32a3b90ce2b57fb5e11cfc71c1f)
a31f5fd |
08:15 Palle Girgensohn (girgen) 2026Q2
databases/postgresql??-*: Upgrade to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.4, 17.10, 16.14, 15.18,
and 14.23. This release fixes 11 security vulnerabilities and over 60
bugs reported over the last several months.
Release notes: https://www.postgresql.org/docs/release/
PostgreSQL 14 EOL Notice
PostgreSQL 14 will stop receiving fixes on November 12, 2026. If you are
running PostgreSQL 14 in a production environment, we suggest that you
make plans to upgrade to a newer, supported version of PostgreSQL.
Please see our versioning policy for more information.
Security: 7185ecc9-4fb7-11f1-bc50-6cc21735f730
CVE-2026-6472, CVE-2026-6473, CVE-2026-6474,
CVE-2026-6475, CVE-2026-6476, CVE-2026-6477,
CVE-2026-6478, CVE-2026-6479, CVE-2026-6575,
CVE-2026-6637, CVE-2026-6638.
(cherry picked from commit 1b9564eb704b8b3e275974c20b02c8cf928fc4d8)
a99e293 |
01:18 Vladimir Druzenko (vvd) Author: Matthias Wolf 2026Q2
net/keycloak: Update 26.6.1 => 26.6.2 (fix 18 CVEs)
Release Notes:
https://www.keycloak.org/2026/05/keycloak-2662-released
PR: 295416
Security: CVE-2026-33871
Security: CVE-2026-33870
Security: CVE-2026-4628
Security: CVE-2026-37980
Security: CVE-2026-5588
Security: CVE-2026-6856
Security: CVE‐2026‐0636
Security: CVE‐2026‐3505
Security: CVE‐2026‐5598
Security: CVE-2026-7307
Security: CVE-2026-7504
Security: CVE-2026-7571
Security: CVE-2026-7507
Security: CVE-2026-37982
Security: CVE-2026-37979
Security: CVE-2026-37978
Security: CVE-2026-4630
Security: CVE-2026-37981
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit 0e9163c2c55563a013aa97d3086a7f7bbf16e88f)
3d2bece |
|
Tuesday, 19 May 2026
|
22:46 Tiago Gasiba (tiga) 2026Q2
sysutils/boxrun: New port: sandboxed execution of programs
* Initial commit (version 0.3.0)
MFH: 2026Q2
(cherry picked from commit 097d516cae1fe1baccaacc25e4d2ebe45f831f4d)
901bda9 |
19:31 Jochen Neumeister (joneum) 2026Q2
www/nginx-devel: Update to 1.31.0
Changes with nginx 1.31.0 13 May
2026
*) Security: when using the "proxy_set_body" directive, an attacker
might inject data in the proxied request to an HTTP/2 backend
(CVE-2026-42926).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_rewrite_module, potentially resulting in arbitrary code
execution (CVE-2026-42945).
Thanks to Leo Lin.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially crafted response by
ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an
attacker
to cause a disclosure of worker process memory or segmentation
fault
in a worker process (CVE-2026-42946).
Thanks to Leo Lin.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding
from
UTF-8 via the "charset_map" directive, allowing an attacker to
cause
a limited disclosure of worker proccess memory or segmentation
fault
in a worker process (CVE-2026-42934).
Thanks to David Carlier.
*) Security: when using HTTP/3, processing of connection migration
might
cause new QUIC streams to receive a new client address before
validation, allowing an attacker to cause address spoofing
(CVE-2026-40460).
Thanks to Rodrigo Laneth.
*) Security: use-after-free might occur during DNS server response
processing if the "ssl_ocsp" directive was used, allowing an
attacker
to cause worker process memory corruption or segmentation fault
in a
worker process (CVE-2026-40701).
Thanks to Leo Lin.
*) Change: now nginx rejects HTTP/2 and HTTP/3 requests with the
"Connection", "Proxy-Connection", "Keep-Alive",
"Transfer-Encoding",
"Upgrade" header lines, and "TE" with any value other than
"trailers".
*) Change: the ngx_http_dav_module now rejects a COPY or MOVE
requests
when the source and destination resources are the same or have a
parent-child collection relationship.
*) Change: the logging level of the "invalid alert" and "record
layer
failure" SSL errors, and of the "SSL alert number N" for any
alert
numbers has been lowered from "crit" to "info".
*) Change: now the "sticky" module can be disabled with the
--without-http_upstream_sticky_module configure option; the
--without-http_upstream_sticky configure option is deprecated.
*) Feature: the ngx_http_tunnel_module; support for authenticating
to
proxies in the "auth_basic", "satisfy", and "auth_delay"
directives.
*) Feature: the "least_time" directive inside the "upstream" block.
*) Feature: the "proxy_ssl_alpn" directive in the stream module.
*) Bugfix: connections with HTTP/2 backends might not be cached when
using the "proxy_set_body" or "proxy_pass_request_body"
directives.
*) Bugfix: proxied HTTP/0.9, SCGI, or uWSGI responses might be
transferred incorrectly if the first line was not fully read.
Sponsored by: Netzkommune GmbH
59f5418 |
07:48 Vladimir Druzenko (vvd) Author: Matt Kempe 2026Q2
textproc/md4c: Update 0.5.2.20240225 => 0.5.3, take maintainership
Changelog:
https://github.com/mity/md4c/blob/release-0.5.3/CHANGELOG.md
Commit log:
https://github.com/mity/md4c/compare/481fbfb...release-0.5.3
PR: 294864
Approved by: Henrik Rosenke <rosenke@dssgmbh.de> (former maintainer, via
xing.com profile)
Sponsored by: UNIS Labs
MFH: 2026Q2
(cherry picked from commit c3be68827f9804f6769c6b11a09ccef7f65e5ec9)
2b5be5e |
07:00 Don Lewis (truckman) Author: Dima Panov 2026Q2
databases/libgda5*: multiple fixes (+)
fix build with MySQL 8.4+
fix libgda-xlst API change
fix error with redefine bool
Obtaned from: Gentoo
(cherry picked from commit 7616a31774e1b1bb960558c0460d53217f6dc1e2)
80a13ec |
As an Amazon Associate I earn from qualifying purchases.