filesystems/unionfs: Update pkg-message It is fusefs now. PR: 285529 Reported by: Sergey Kiselev <root@dc365.ru> Reported by: arrowd

finance/quantlib: Update to 1.38 Changelogs: https://github.com/lballabio/QuantLib/releases/tag/v1.33 https://github.com/lballabio/QuantLib/releases/tag/v1.34 https://github.com/lballabio/QuantLib/releases/tag/v1.35 https://github.com/lballabio/QuantLib/releases/tag/v1.36 https://github.com/lballabio/QuantLib/releases/tag/v1.37 https://github.com/lballabio/QuantLib/releases/tag/v1.38 Also make the THREAD_SAFE_OBSERVER_PATTERN a default. This option is required for Java (and CSharp) bindings to work safely, so enable it by default. PR: 285337

net/savvycan: Update to V220 Changes since v213 - Fix a variety of DBC related issues - Add Extended CAN Bus Frame to SLCAN/LAWICEL - Fixed 2 DBC file format errors - Improved graph signal editor and signal viewer message filtering - Added canlogserver CAN remote capture - Add support ListenOnly feature for Qt SerialBus plugins - Add comma check to TRC CanHacker loader - Add 3000000 baudrate mode for Lawicel device - LAWICEL CAN-FD support, CAN-FD data rate selection - Support higher time resolution CANserver format - Calculate the default row height correctly - Scripting Interface Enhancements - Do not add extra trailing newline on the decoded message texts - Update required C++ standard to C++17 - Fix FirmwareUpdater - ConnectionWindow: fix Device Console duplicates - add support for SIG_VALTYPE_ to specify floating point signals - make qmake check Qt version - signal makePrettyOutput: add a space between value and unit - Add support for reading Wireshark SocketCAN log format - Added/corrected timestamps for LAWICEL protocol - Support for ext CAN IDs in wireshark - Fix dbc handling of comments and attributes - Fix icons output dir - Fix device deselection after connecting - Add support for > 8 - FIX Issues 878 and 834 - usec overflow (using system clock) - Implemented connection save with speeds and can fd at least for - bus 0. - Corrected extended CAN ID read for IDs < 0x800 - chore: add installer script for linux - FuzzingWindow: Add buttons to set all high/low/auto - [DBC]Add support for multiple signal multiplexor values Reported by: portscout

graphics/spirv-cross: Update 1.4.309.0 => 1.4.313.0 Commit log: https://github.com/KhronosGroup/SPIRV-Cross/compare/vulkan-sdk-1.4.309.0...vulkan-sdk-1.4.313.0

science/geant4: Update to 11.3.2 ChangeLog: https://geant4.web.cern.ch/download/release-notes/notes-v11.3.2.txt PR: 286690 MFH: 2025Q2 (bugfixes)

security/libgcrypt: Update to 1.11.1

misc/freebsd-doc-*: Update to rev. 02e2f6d from FreeBSD docset Revision 02e2f6d is also 14.3-R version Approved by: doceng (implicit)

devel/newt: Update 0.52.24 => 0.52.25, set maintainership Changelog: https://pagure.io/newt/blob/master/f/CHANGES Improve port: - Replace PORTVERSION with DISTVERSION - Replace CPPFLAGS and LDFLAGS with USES=localbase:ldflags - Remove GNU_CONFIGURE_MANPREFIX - Remove MAKE_JOBS_UNSAFE - Fix {NLS,PYTHON}_USES - gettext-runtime - Fix TCL option with tcl86 (workaround) - Fix warnings from portclippy - Set MAINTAINER to Atanu Biswas <atanubiswas484@gmail.com> PR: 286432 Co-authored-by: Atanu Biswas <atanubiswas484@gmail.com> MFH: 2025Q2

databases/surrealdb: update 2.2.2 → 2.3.1 Reported by: portscout

mail/mailio: update 0.24.1 → 0.25.1 Reported by: portscout

www/youtube: update 2.10.3 → 2.10.4 Reported by: portscout

mail/cyrus-imapd312: Add new port -- Cyrus IMAP 3.12 Relnotes: https://www.cyrusimap.org/3.12/imap/download/release-notes/3.12/x/3.12.0.html

math/manifold: fix on i386 Remove -Werror on 32 bits archs: compilation failed in stl_test.cpp, caused by a format mismatch in printf.

math/e-antic: upgrade to 2.1.0 Release notes at https://github.com/flatsurf/e-antic/releases/tag/2.1.0

devel/ittapi: upgrade to v3.26.1 and drop maintainership

textproc/saxon-he: upgrade to 12.6

graphics/cimg: upgrade tp v.3.5.4 Also reactivate libboard.

security/apkid: upgrade to v3.0.0 Release notes at https://github.com/rednaga/APKiD/releases/tag/v3.0.0

x11/foot: update to 1.22.3 Changes: https://codeberg.org/dnkl/foot/releases/tag/1.22.3 Reported by: upstream (via mail)

graphics/satty: update to 0.18.0 Changes: https://github.com/gabm/Satty/releases/tag/v0.18.0 Reported by: GitHub (watch releases)

x11-wm/hyprland: update to 0.49.0 Changes: https://github.com/hyprwm/Hyprland/releases/tag/v0.49.0 Reported by: GitHub (watch releases)

net/asterisk22: Update 22.3.0 → 22.4.0 ChangeLog: https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.4.0.html Fix loading pjsip modules on CURRENT PR: 285736 Sponsored by: FLEX-IT LLC MFH: 2025Q2

filesystems/hammer2: Update 1.2.8 => 1.2.9 Changelog: - Sync with DragonFly - Sync with hammer2-fuse - Fix zlib panic - Minor fixes - Misc updates https://github.com/kusumi/freebsd_hammer2/blob/v1.2.9/CHANGES PR: 286687 MFH: 2025Q2

multimedia/py-subliminal: Update to 2.3.2 ChangeLog: https://github.com/Diaoul/subliminal/releases/tag/2.3.2 MFH: 2025Q2 (bugfixes)

security/snort3: Update version 3.7.3.0=>3.7.4.0 Changelog: https://github.com/snort3/snort3/releases/tag/3.7.4.0

lang/php84: Update version 8.4.6=>8.4.7 Changelog: https://www.php.net/ChangeLog-8.php#8.4.7

lang/php83: Update version 8.3.20=>8.3.21 Changelog: https://www.php.net/ChangeLog-8.php#8.3.21

devel/libspice-server: Update version 0.15.2=>0.16.0 Changelog: https://gitlab.freedesktop.org/spice/spice/-/tags/v0.16.0

devel/please: Update version 17.16.0=>17.17.0 Changelog: https://github.com/thought-machine/please/releases/tag/v17.17.0

security/go-tuf: Update version 2.0.2=>2.1.0 Changelog: https://github.com/theupdateframework/go-tuf/releases/tag/v2.1.0

devel/cirrus-cli: Update version 0.130.2=>0.131.0 Changelog: https://github.com/cirruslabs/cirrus-cli/releases/tag/v0.131.0

databases/pspg: Update version 5.8.7=>5.8.8 Changelog: https://github.com/okbob/pspg/releases/tag/5.8.8

security/sslproxy: Update version 0.9.7=>0.9.8 Changelog: https://github.com/sonertari/SSLproxy/releases/tag/v0.9.8

lang/ruby32: Mark DEPRECATED and set EXPIRATION_DATE Default version of Ruby has changed to 3.3. And Ruby 3.2 series has already switch to security fix only phase with the release of 3.2.8. So mark DEPRECATED to encourage user to migrate to newer version, History shows that upstream has released the last version of each series after the planed EoL date. So set EXPIRATION_DATE to 2026-04-30, one month after the day. Approved by: self (with hat of ruby)

Mk/bsd.default-versions.mk: Change default version of Ruby to 3.3 With the release of 3.2.8 Ruby 3.2 series switched to security fix only phase and will be reach its EoL on March 2026. So change defult version of Ruby to 3.3. Following changes are made to pass exp-run. * Fix build of audio/rubygem-ruby-shout by adding '--with-cflags="-Wno-error=int-conversion"' to CONFIGURE_ARGS. * Build of devel/rubygem-mmap2 fails with Ruby 3.3 and later because of internal API change of Ruby. So mark BROKEN with them. * devel/rubygem-xdg7, sysutils/vagrant and www/redmine51 don't support Ruby 3.3 and later. So mark BROKEN with them. * misc/sdformat and textproc/ruby-rdtool are already marked BROKEN with Ruby 3.2 and build with all other Ruby versions also fails with same error. So mark just BROKEN. * Fix plist error of sysutils/puppet8. * Fix RUN_DEPENDS of textproc/quarto. PR: 286217 Approved by: self (with hat of ruby) Exp-run by: antoine

deskutils/py-paperless-ngx: Fix custom webui endpoint This brings back paperless_webui_listen_address and paperless_webui_listen_port, which were turned into noops by accident during the update. PR: 286533 Reported by: mfechner

sysutils/kops: Update to 1.32.0 Changelog: https://github.com/kubernetes/kops/releases/tag/v1.32.0

science/netcdf: Fix pkg-plist Fix "Error: Missing: hdf5/lib/plugin/lib__nch5szip.so" when option SZIP is off. PR: 286610 Reported by: Miroslav Lachman <000.fbsd@quip.cz> Approved by: portmgr blanket

sysutils/py-google-compute-engine: revive port This reverts commit 5a7ff5102154b08055c37868810192a9dca8044b and uses www/py-boto3 instead of the removed devel/py-boto, and releng-gce@ assumes maintainership. This is meant to be a temporary measure as we are exploring alternatives for GCE support. MFH: 2025Q2

security/hockeypuck: Update to 2.2.3 Use PLIST_FILES and Makefile.modules. Submitter takes maintainership. PR: 259176

security/sudo-rs: Update to 0.2.6 ChangeLog: https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6 PR: 286636 Approved by: submitter is maintainer

www/newsraft: Update to 0.30 Remove unneeded yajl dependency. Use utf8 test environment. Changelog: https://codeberg.org/newsraft/newsraft/releases/tag/newsraft-0.30

devel/wasmer: Update to 6.0.0 Changelog: https://github.com/wasmerio/wasmer/blob/main/CHANGELOG.md#600---24042025 PR: 286578 Approved by: submitter is maintainer

www/py-django51: Update to 5.1.9

www/py-django42: Update to 4.2.21

www/py-django52: Update to 5.2.1

sysutils/desktop-installer: Update to 1.1.1 Minor fixes and enhancements Changes: https://github.com/outpaddling/desktop-installer/releases

sysutils/auto-admin: Update to 0.8.3 Minor fixes and enhancements Changes: https://github.com/outpaddling/auto-admin/releases

www/fcgi: Update 2.4.0 => 2.4.6 (fix CVE-2025-23016), improve port Commit log: https://github.com/FastCGI-Archives/fcgi2/compare/2.4.0...2.4.6 Changelogs: https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.1 https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.1.1 https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.2 https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.3 https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.4 https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.5 https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.6 Improve port: - Replace PORTVERSION with DISTVERSION. - Update WWW - old is down. - Switch upstream to GitHub. - Add USES+=pathfix for install *.pc files in correct path. - Fix warnings from portclippy - order of lines in Makefile. - Remove MAKE_JOBS_UNSAFE=yes - obsoleted. - Make run COPYTREE_SHARE docs only if DOCS option is ON. - Remove upstreamed and obsoleted patches. - Fix order in plist. PR: 286589 Approved by: John von Essen <john@essenz.com> (maintainer, timeout - last activity 2019) Security: CVE-2025-23016 Co-authored-by: Christos Chatzaras <chris@cretaforce.gr> MFH: 2025Q2

misc/py-polars: update 1.9.0 → 1.29.0

databases/postgresql??-*: Update to latest version PostgreSQL 17.5, 16.9, 15.13, 14.18, and 13.21 Released! The PostgreSQL Global Development Group has released an update to all supported versions of PostgreSQL, including 17.5, 16.9, 15.13, 14.18, and 13.21. This release fixes 1 security vulnerability and over 60 bugs reported over the last several months. Security: 78b8e808-2c45-11f0-9a65-6cc21735f730 Release notes: https://www.postgresql.org/about/news/postgresql-175-169-1513-1418-and-1321-released-3072/

security/vuxml: Add information about PostgreSQL overflow issue

security/vuls: Update to 0.31.1 Release notes: https://github.com/future-architect/vuls/releases/tag/v0.31.1

math/R: Update to 4.5.0 Release announcement: https://hypatia.math.ethz.ch/pipermail/r-announce/2025//000710.html Sponsored by: The FreeBSD Foundation

net/openrsync: Update 0.0.20200401 => 0.0.20250127 (latest commit) Commit log: https://github.com/kristapsdz/openrsync/compare/8b61216...a257c0f Improve port: - split long lines, - reduce number of run ${REINPLACE_CMD} from 12 to 4, - add strip binary (warning from poudriere testport). PR: 285938 Approved by: Timothy Beyer <beyert@cs.ucr.edu> (maintainer) Co-authored-by: Herbert J. Skuhra <herbert@gojira.at>

devel/py-aiorpcX: Update to 0.25.0

sysutils/data-prepper: Update 2.10.2 => 2.11.0 Changelogs: https://github.com/opensearch-project/data-prepper/releases/tag/2.10.3 https://github.com/opensearch-project/data-prepper/releases/tag/2.11.0 - Fix rc script. - Fix pkg-message. - Add NO_ARCH=yes. - Fix warnings from portlint and poudriere. PR: 286652 Security: CVE-2024-49767 Security: CVE-2024-49766 Security: CVE-2025-30065 MFH: 2025Q2

sysutils/monit: Update 5.35.1 => 5.35.2 Changelog: https://mmonit.com/monit/changes/#5.35.2 PR: 286672 MFH: 2025Q2

*/geoserver*: Update to 2.27.0 Changelog: https://geoserver.org/announcements/vulnerability/2025/04/04/geoserver-2-27-0-released.html

devel/spice-protocol: update to 0.14.5

lang/solidity: update to 0.8.30 release.

mail/py-pymilter: patch some incorrect version number references Looks like upstream's attempt to release version 1.0.6 didn't quite go all the way. There are other refences to 1.0.5 still in the source tarball, but those aren't involved in building the pkg, so ignored. Reported by: Herbert J Shukra

devel/etcd34: Update to 3.4.37 - The port needs to be built differently now. This update is heavily based on devel/etcd35's Makefile. - Assume maintainership PR: 272068 Reported by: Yonas Yanfa <yonas.yanfa@gmail.com>

sysutils/syslog-ng: Update to 4.8.2 Fix CVE-2024-47619 possible not in a default configuration. Fix other problems relating to S3 destination reliability. Security: CVE-2024-47619 (not in default configuration) https://www.cve.org/CVERecord?id=CVE-2024-47619 Sumbitted by: Peter Czanik (CzP) <peter.czanik@oneidentity.com> Balabit (a OneIdentity company) / syslog-ng upstream MFH: 2025Q2

devel/etcd33: Deprecate https://etcd.io/docs/v3.3/ PR: 286671

devel/etcd32: Deprecate https://etcd.io/docs/v3.2/ PR: 286671

devel/etcd31: Deprecate https://etcd.io/docs/v3.1/ PR: 286671

security/boringssl: update to the recent snapshot

misc/hwdata: Update to 0.395 Reported by: portscout!

KDE: Update KDE Gear to 25.04.1 Announcement: https://kde.org/announcements/gear/25.04.1/

KDE: Update KDE Plasma to 6.3.5 Announcement: https://kde.org/announcements/plasma/6/6.3.5/

sysutils/debootstrap: switch the port from using gnugrep to pcregrep Dependency on GNU grep had been originally added to avoid a pathological corner case in BSD grep, where it's about two orders of magnitude slower than GNU grep. As it occurs with one particular pattern type, it could instead be solved by depending on pcregrep rather than gnugrep. Submitter prefers this solution because pcregrep is already required by other programs and does not have potential conflicts with the BSD grep from the base. PR: 255525, 263279

mail/py-dkimpy-milter,mail/py-spf-engine: chase rename of mail/py-pymilter Update RUN_DEPENDS for dependents of mail/py-pymilter

mail/py-pymilter: update to 1.0.6, add options, rename Take maintainership. Move port from mail/py-milter to mail/py-pymilter to match the name of the PyPI package being ported. Update to version 1.0.6 Use ${PORTSDIR}/mail/sendmail/bsd.milter.mk for consistency with most other milter ports. Add options to force selection between the mail/libmilter port and the libmilter.so bundled with the base FreeBSD-sendmail package. Prefer the mail/libmilter port on general principles: given that all major MTA software supports the milter interface, it should be possible to install milters from pkg(8) without forcing the FreeBSD-sendmail to be installed. Changes: https://github.com/sdgathman/pymilter/compare/pymilter-1.0.5...pymilter-1.0.6 Approved by: Gerhard Schmidt (former maintainer) PR: 286630

www/gitlab: update to 17.11.2 Changes: https://gitlab.com/gitlab-org/gitlab/-/raw/master/CHANGELOG.md?ref_type=heads

devel/rubygem-graphql: security related update to 2.4.17 Fixes CVE-2025-27407 Changes: https://github.com/rmosolgo/graphql-ruby/blob/master/CHANGELOG.md

net/haproxy28: update to version 2.8.15

net/haproxy26: update to version 2.6.22

net/haproxy24: update to version 2.4.29

wine-devel: Include wine.1 man pages in all builds Originally [1] these were only available for 32-bit builds, which changed since. PR: 204227 [1]

deskutils/zim: update to 0.76.3

net/haproxy: update to version 3.0.10

emulators/fbsd-duckstation: Fix build on arm64

multimedia/uxplay: Update to 1.72

security/dropbear: update to 2025.88 Changelog: - Security: Don't allow dbclient hostname arguments to be interpreted by the shell. dbclient hostname arguments with a comma (for multihop) would be passed to the shell which could result in running arbitrary shell commands locally. That could be a security issue in situations where dbclient is passed untrusted hostname arguments. Now the multihop command is executed directly, no shell is involved. Thanks to Marcin Nowak for the report, tracked as CVE-2025-47203 - Fix compatibility for htole64 and htole32, regression in 2025.87 Patch from Peter Fichtner to work with old GCC versions, and patch from Matt Robinson to check different header files. - Fix building on older compilers or libc that don't support static_assert(). Regression in 2025.87 - Support ~R in the client to force a key re-exchange. - Improve strict KEX handling. Dropbear previously would allow other packets at the end of key exchange prior to receiving the remote peer's NEWKEYS message, which should be forbidden by strict KEX. Reported by Fabian Bäumer.

www/ungoogled-chromium: update to 136.0.7103.92 Security: https://vuxml.freebsd.org/freebsd/db221414-2b0d-11f0-8cb5-a8a1599412c6.html

*/geoserver*: Update to 2.26.2 Changelog: https://geoserver.org/announcements/vulnerability/2025/01/27/geoserver-2-26-2-released.html

graphics/geoserver-mysql-plugin: Transfer maintainership Taking over maintainership as discussed with bofh@ on IRC. Big "Thanks!" to bofh@ for his efforts on the port. Approved by: bofh (maintainer)

www/iridium: update to 2025.05.136.1

science/afni: Update to 25.1.08

security/snowflake-tor: fix typo in snowflake-broker rc script PR: 286632 Reported by: polyduekes % proton.me Sponsored by: TorBSD Diversity Project, TDP Sponsored by: The Tor Project

www/gohugo: Update to 0.147.2 ChangeLog: https://github.com/gohugoio/hugo/releases/tag/v0.147.2 * Fix handling of "outputs" from content adapter pages * tpl: Fix case issue in templates.Exists * config: Add some more merge tests

net/py-GeoIP2: Fix build Reported by: pkg-fallout

x11/qterminal: Update to 2.2.1 ChangeLog at: https://lxqt-project.org/release/2025/05/05/point-release-qterminal/ With hat: lxqt

accessibility/speech-dispatcher: Update to 0.12.1 https://github.com/brailcom/speechd/releases/tag/0.12.1

multimedia/vlc: Chase net/liveMedia shlib bump

net/liveMedia: Update to 2025.04.24 Use the stock config.linux-with-shared-libraries profile with minimal patching instead of shipping our own config.freebsd-fixed profile. The two profiles are almost identical, but we haven't exactly been keeping up with the shared library number changes over the years. http://www.live555.com/liveMedia/public/changelog.txt

misc/flag-icons: supply three flag decoration flavors - Add 16px height missing from the initial check-in - Factor out common shell code into simple() function and feed it with specifics; rounded() is special as it does more complicated image transformations

devel/ruby-build: Update to 20250507 Changes: https://github.com/rbenv/ruby-build/releases/tag/v20250507

www/hiawatha: Update to 11.7 Pass maintainership to submitter PR: 286029 Reported by: Chris Petrik <cpetrik@proton.me> Approved by: maintainer(timeout, > 20 days)