| 100 most recent commits (all timestamps are UTC) |
|
FreshPorts has everything you want to know about FreeBSD software, ports, packages,
applications, whatever term you want to use.
Yesterday's Commits | Quarterly Branch
|
|
Sunday, 30 Nov 2025
|
21:07 Yuri Victorovich (yuri) 
- misc/tlm 1.2
Local CLI Copilot, powered by Ollama
misc/tlm: New port: Local CLI Copilot, powered by Ollama
    9f01acb
21:07 Yuri Victorovich (yuri)
databases/weaviate: update 1.34.1 → 1.34.2
ece4646 |
20:09 Christoph Moench-Tegeder (cmt)
astro/qmapshack: update to 1.19.0
Release Notes:
https://github.com/Maproom/qmapshack/releases/tag/V_1.19.0
While here, take maintainer.
9861c26 |
19:43 Jochen Neumeister (joneum)
www/serendipity: Back to pool
Sponsored by: Netzkommune GmbH
a0975d4 |
14:44 Dirk Meyer (dinoex)
mail/sendmail-devel: update to 8.18.1.16
78e0829 |
14:27 Santhosh Raju (fox)
security/wolfssl: Update to 5.8.4
Changes since 5.8.2:
To download the release bundle of wolfSSL visit the download page at
www.wolfssl.com/download/
PR stands for Pull Request, and PR references a GitHub pull request number
where the code change was added.
Vulnerabilities
* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic
implementations due to timing side channels introduced by compiler
optimizations and CPU architecture limitations, specifically with the
Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the
low memory implementations of X25519, which is now turned on as the default
for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275.
* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak
through multiple KeyShareEntry with the same group in malicious TLS 1.3
ClientHello messages. This affects users who are running wolfSSL on the
server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang
University of Science and Technology (POSTECH) for the report. Fixed in PR
9117.
* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to
PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello
that has a key share extension and the server responds with a ServerHello
that does not have a key share extension the connection would previously
continue on without using PFS. Thanks to Jaehun Lee from Pohang University
of Science and Technology (POSTECH) for the report. Fixed in PR 9112.
* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256
during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported
signature algorithm the server previously could respond as ECDSA P256 being
the accepted signature algorithm and the connection would continue with
using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and
Technology (POSTECH) for the report. Fixed in PR 9113.
* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension
parsing. Previously duplicate CKS extensions were not rejected leading to a
potential memory leak when processing a ClientHello. Thanks to Jaehun Lee
from Pohang University of Science and Technology (POSTECH) for the report.
Fixed in PR 9132.
* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in
XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to
the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS
connections, only from direct calls from an application. Thanks to Luigino
Camastra from Aisle Research for the report. Fixed in PR 9223.
* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The
server previously verified the TLS 1.3 PSK binder using a non-constant time
method which could potentially leak information about the PSK binder. Thanks
to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223.
* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest,
specifically a weaker digest, rather than those in the CertificateRequest.
Thanks to Jaehun Lee from Pohang University of Science and Technology
(POSTECH) for the report. Fixed in PR 9395
New Features
* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete
APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049)
* Initial wolfCrypt FreeBSD kernel module support (PR 9392)
* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage /
OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7
builds with AES keywrap unset. (PR 9018, 9029, 9032)
* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free
operations. (PR 9002, 9309)
* Add support for certificate_authorities extension in ClientHello and
certificate manager CA-type selection/unloading. (PR 9209, 9046)
* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha,
hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and
conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328,
9368, 9389, 9357, 9433)
* Rust: support optional heap and dev_id parameters and enable conditional
compilation based on C build options. (PR 9407, 9433)
* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware
acceleration additions. (PR 9228, 9256, 9185)
* STM32U5 added support for SAES and DHUK. (PR 9087)
* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR
9174)
Improvements / Optimizations
* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples,
libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096,
9141, 9091, 9122, 9388)
* Improved test ordering and CI test stability (random tests run order
changes, FIPS test fixes). (PR 9204, 9257)
* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and
example certificate renewals. (PR 9131, 9293, 9262, 9429)
* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add
Fetchmail and OpenVPN). (PR 9398, 9413)
* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements.
(PR 8902, 9055)
* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family
digest selection) and improved crypto-only build cases. (PR 9070, 9252,
9271, 9100, 9194)
* AES & HW offload improvements including AES-CTR support in PKCS11 driver
and AES ECB offload sizing fix. (PR 9277, 9364)
* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR
8987, 9225, 9264)
* Renesas FSP / RA examples updated and security-module TLS context
improvements. (PR 9047, 9010, 9158, 9150)
* Broad configure/CMake/Autotools workflow improvements (Apple options
tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037,
9167, 9161, 9264)
* New assembly introspection / performance helpers for RISC-V and PPC32;
benchmarking enhancements (cycle counts). (PR 9101, 9317)
* Update to SGX build for using assembly optimizations. (PR 8463, 9138)
* Testing with Fil-C compiler version to 0.674 (PR 9396)
* Refactors and compressing of small stack code (PR 9153)
Bug Fixes
* Removed the test feature using popen when defining the macro
WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with
having the macro HAVE_HTTP_CLIENT set. There was the potential for
vulnerable behavior with the use of popen when the API
wolfSSL_BIO_new_connect() was called with this specific build. This exact
build configuration is only intended for testing with QEMU and is not
enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the
report. (PR 9038)
* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw
public key import when using the API Ed25519ImportPublic.This was a broken
API with the C# wrapper that would crash on use. Thanks to Luigino Camastra
from Aisle Research for the bug report. (PR 9291)
* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis
driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324)
* TLS 1.2/DTLS improvements: client message order checks, DTLS
cookie/exchange and replay protections, better DTLS early-data handling. (PR
9387, 9253, 9205, 9367)
* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints,
restore inner server name for ECH, retrying cert candidate chains. (PR 8890,
9234, 8692)
* Sniffer robustness: fix infinite recursion, better handling of OOO appData
and partial overlaps, and improved retransmission detection. (PR 9051, 9106,
9140, 9094)
* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and
FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067,
9111, 9121)
* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import
correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439)
* Avoid uninitialized-variable and GCC warnings; several fixes for
undefined-shift/overflow issues. (PR 9020, 9372, 9195)
* Memory & leak fixes in X509 verification and various struct sizing fixes
for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036 )
* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when
WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031,
9263)
bc229e6 |
14:21 Hiroki Tagato (tagattie)
- misc/crush 0.19.3
Glamourous AI coding agent for your favourite terminal
misc/crush: Update to 0.19.3
Changelog: https://github.com/charmbracelet/crush/releases/tag/v0.19.3
Reported by: GitHub (watch releases)
efb1081 |
14:06 Hiroki Tagato (tagattie)
misc/py-huggingface-hub: Update to 1.1.6
Changelog: https://github.com/huggingface/huggingface_hub/releases/tag/v1.1.6
Reported by: portscout
8182bd3 |
13:28 Hiroki Tagato (tagattie)
- x11-wm/hyprland 0.52.1
Dynamic tiling Wayland compositor that doesn't sacrifice on its looks
x11-wm/hyprland: Update to 0.52.1
Changelog:
- https://github.com/hyprwm/Hyprland/releases/tag/v0.52.0
- https://github.com/hyprwm/Hyprland/releases/tag/v0.52.1
Reported by: GitHub (watch releases)
f728901 |
13:18 Wen Heping (wen)
devel/py-rich-toolkit: Update to 0.17.0
1e4b6e3 |
13:16 Wen Heping (wen)
www/py-asgiref: Update to 3.11.0
cff4476 |
13:09 Matthias Fechner (mfechner)
devel/gitaly: fix build on i386
I provided that patch upstream here:
https://gitlab.com/gitlab-org/gitaly/-/merge_requests/8309
646e363 |
12:55 Wen Heping (wen)
- www/py-litestar 2.18.0
Production-ready, highly performant, extensible ASGI API Framework
www/py-litestar: Add new port
Litestar is a powerful, flexible yet opinionated ASGI framework, focused on
building APIs. It offers high-performance data validation, dependency injection,
first-class ORM integration, authorization primitives, a rich plugin API,
middleware, and much more that's needed to get applications up and running.
9ed20a2
12:17 Bernard Spil (brnrd)
- irc/weechat 4.8.0
Lightweight and user friendly ncurses based IRC client
irc/weechat: Update to 4.8.0
ea2ae5f |
11:55 Kai Knoblich (kai)
www/py-django-tree-queries: Update to 0.23.0
Changelog:
https://github.com/feincms/django-tree-queries/blob/0.23/CHANGELOG.rst
b9b0c68 |
11:55 Kai Knoblich (kai)
textproc/py-pymdown-extensions: Update to 10.17.2
Changelog:
https://github.com/facelessuser/pymdown-extensions/releases/tag/10.17.2
88e0b6c |
11:55 Kai Knoblich (kai)
textproc/py-packageurl-python: Update to 0.17.6
Changelog:
https://github.com/package-url/packageurl-python/releases/tag/v0.17.6
4d21cb6 |
11:55 Kai Knoblich (kai)
devel/py-python-subunit: Update to 1.4.5
Changelog:
https://github.com/testing-cabal/subunit/blob/1.4.5/NEWS
34a3ee3 |
11:55 Kai Knoblich (kai)
devel/py-oslotest: Update to 6.0.0
* Switch to the PEP517 build framework.
* Hook up test suite.
Changelog since 4.4.1:
https://github.com/openstack/oslotest/compare/4.4.1...6.0.0
09ce5b9 |
11:54 Hiroki Tagato (tagattie)
x11/libxkbcommon: Update to 1.13.0
Changelog:
https://github.com/xkbcommon/libxkbcommon/blob/xkbcommon-1.13.0/NEWS.md
PR: 290996
Approved by: x11 (maintainer, timeout >2 weeks)
90d358a |
11:23 Piotr Kubaj (pkubaj)
lang/rust-bootstrap: enable on aarch64
Builds fine for all flavors.
0d557b0 |
11:22 Piotr Kubaj (pkubaj)
devel/freebsd-sysroot: bump to 13.5-RELEASE
The last update for 13-STABLE, next one will be to 14.3-RELEASE.
Reviewed by: mikael
Differential Revision: https://reviews.freebsd.org/D53943
463fdce |
10:52 Yuri Victorovich (yuri)
- devel/subprocess.h g20240720
Single header process launching solution for C and C++
devel/subprocess.h: New port: Single header process launching solution for C and
C++
50cf99c
10:52 Yuri Victorovich (yuri)
- misc/claude-code 2.0.55
Agentic coding tool from Anthropic that lives in your terminal
misc/claude-code: update 2.0.54 → 2.0.55
892cdc4 |
10:52 Yuri Victorovich (yuri)
- www/authelia 4.39.15
Single sign-on multi-factor portal for web apps
www/authelia: update 4.39.14 → 4.39.15
5525590 |
10:52 Yuri Victorovich (yuri)
- misc/libsolv 0.7.35
Package dependency solver using a satisfiability algorithm
misc/libsolv: update 0.7.31 → 0.7.35
5974f8b |
10:52 Yuri Victorovich (yuri)
- audio/dexed 1.0.1
DX7 FM multi plaform/multi format plugin
audio/dexed: update 0.9.9 → 1.0.1
3def393 |
10:52 Yuri Victorovich (yuri)
- security/libxcrypt 4.5.2
Extended crypt library for descrypt, md5crypt, bcrypt, and others
security/libxcrypt: update 4.5.1 → 4.5.2
41d9b4e |
10:52 Yuri Victorovich (yuri)
multimedia/libwebm: update 1.0.0.31 → 1.0.0.32
a6dda55 |
10:52 Yuri Victorovich (yuri)
- math/lis 2.1.10
Library of Iterative Solvers for linear systems
math/lis: update 2.1.8 → 2.1.10
f211259 |
10:52 Yuri Victorovich (yuri)
- multimedia/lms 3.72.1
Lightweight Music Server to access music using a web interface
multimedia/lms: update 3.72.0 → 3.72.1
9ab2f8e |
10:52 Yuri Victorovich (yuri)
benchmarks/inferno: update 0.12.3 → 0.12.4
a55e2a1 |
10:52 Yuri Victorovich (yuri)
math/hmat-oss: update 1.11.0 → 1.11.1
fb933b1 |
10:52 Yuri Victorovich (yuri)
- audio/wasabi 1.0.4
Fast and memory efficient Black MIDI player
audio/wasabi: update 0.1.4-3 → 1.0.4
3d6ff92 |
07:54 Roman Bogorodskiy (novel)
www/qutebrowser: update to 3.6.2
8199c72 |
07:51 Stephen Montgomery-Smith (stephen)
math/octave-forge-statistics: Update to 1.8.0.
7254c22 |
07:38 Po-Chuan Hsieh (sunpoet)
devel/opentelemetry-cpp: Revert 4030b7d57c68fda7bad3230379790065dbb1ed39
libc4core.so is an indirect dependency brought by devel/rapidyaml.
Since it is not a direct dependency, it should not be added to LIB_DEPENDS.
305d477 |
07:18 Po-Chuan Hsieh (sunpoet)
UPDATING: Document node{22,24,25} changes
www/node{22,24,25} now requires databases/sqlite3 with SESSION enabled.
1ca84c7 |
07:17 Po-Chuan Hsieh (sunpoet)
Mk/Uses/python.mk: Update CYTHON3_DEPENDS
- Cosmetic change
3a890f6 |
07:16 Po-Chuan Hsieh (sunpoet)
- devel/py-pytokens 0.3.0
Fast, spec compliant Python 3.14+ tokenizer that runs on older Pythons
devel/py-pytokens: Add py-pytokens 0.3.0
pytokens provides a fast, spec compliant Python 3.14+ tokenizer that runs on
older Pythons.
c543b0e
05:58 Matthias Fechner (mfechner)
www/rubygem-typhoeus-gitlab: fix build error
caused by regression from 9816a72d0e47bc436744e060d0eff483eb1678ce
===> Installing existing package
/packages/All/rubygem-faraday-typhoeus-gitlab-1.1.0_1.pkg
[143amd64-gitlab-job-02] Installing rubygem-faraday-typhoeus-gitlab-1.1.0_1...
[143amd64-gitlab-job-02] `-- Installing rubygem-typhoeus-gitlab-1.4.1...
[143amd64-gitlab-job-02] | `-- Installing rubygem-ethon-0.18.0...
[143amd64-gitlab-job-02] | | `-- Installing rubygem-logger-1.7.0...
pkg-static: rubygem-logger-1.7.0 conflicts with rubygem-logger-gitlab-1.7.0
(installs files into the same place). Problematic file:
/usr/local/lib/ruby/gems/3.3/specifications/logger-1.7.0.gemspec
299b415 |
05:50 Matthias Fechner (mfechner)
devel/opentelemetry-cpp: fix build error
Added devel/c4core as a lib dependency:
====> Running Q/A tests (stage-qa)
Error: /usr/local/lib/libopentelemetry_configuration.so.1.24.0 is linked to
/usr/local/lib/libc4core.so.0.2.6 from devel/c4core but it is not declared as a
dependency
Warning: you need LIB_DEPENDS+=libc4core.so:devel/c4core
Warning: you might not need LIB_DEPENDS on libcurl.so
Warning: you might not need LIB_DEPENDS on libgtest.so
*** Error code 1
Approved by: just-fix-it
4030b7d |
05:36 Matthias Fechner (mfechner)
deskutils/stirling-pdf: update to 2.0.2
Changes: https://github.com/Stirling-Tools/Stirling-PDF/releases/tag/v2.0.2
f0fc00c |
04:19 Cy Schubert (cy)
x11/cde-devel: Update to the latest cdesktopenv-code commit
Update to the latest cdedesktop-code commit proxied through my GH accoun
16bd691 |
03:44 Cy Schubert (cy)
- x11/cde 2.5.3
Common Desktop Environment
x11/cde: Update to 2.5.3
190b450 |
03:19 Wen Heping (wen)
- devel/py-polyfactory 3.1.0
Mock data generation factories
devel/py-polyfactory: Add new port
Polyfactory is a simple and powerful mock data generation library,
based around type hints and supporting dataclasses, typed-dicts,
pydantic models, msgspec structs and more.
dc3e228
02:54 Yuri Victorovich (yuri)
- net/wstunnel 10.5.1
Traffic tunnel over Websocket or HTTP2 to bypass firewalls/DPI
net/wstunnel: update 10.5.0 → 10.5.1
8b72e9e |
02:54 Yuri Victorovich (yuri)
databases/weaviate: update 1.34.0 → 1.34.1
753c8cc |
02:54 Yuri Victorovich (yuri)
- sysutils/systeroid 0.4.6
More powerful alternative to sysctl(8) with a terminal user interface
sysutils/systeroid: update 0.4.5 → 0.4.6
30a81f4 | |
02:54 Yuri Victorovich (yuri) | | | | | |
|
As an Amazon Associate I earn from qualifying purchases.
