BSD Commit Log Search

math/octave-forge-llms: fix build on non-x86

/usr/local/bin/mkoctfile       -march=native -O2 fig2base64.cc fpng.cpp
c++: error: unsupported option '-march=' for target 'powerpc64le-unknown-freebsd15.0'

Also use __BYTE_ORDER__ instead of __BYTE_ORDER (which is undefined).

print/scribus-devel: update to 1.7.1

Changelog:      https://wiki.scribus.net/canvas/1.7.1_Release

games/fheroes2: update to 1.1.13

Changelog:      https://github.com/ihhub/fheroes2/releases/tag/1.1.13

sys/netipsec: ensure sah stability during input callback processing

Citing ae: this fixes some rare panics, that are reported in
derived projects: `panic: esp_input_cb: Unexpected address family'.

Reported by:    ae
Tested by:      ae, Daniel Dubnikov <ddaniel at nvidia.com>
Reviewed by:    ae, Ariel Ehrenberg <aehrenberg at nvidia.com> (previous version)
Sponsored by:   NVidia networking
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54325

Remove debug crutch I accidentally left in

Fixes:          cf1eaaf41cef
MFC after:      1 week

security/cargo-audit: Update version 0.21.2=>0.22.0

- Add PORTSCOUT

Changelog:
https://github.com/rustsec/rustsec/releases/tag/cargo-audit%2Fv0.22.0
(cherry picked from commit bb4e5fa9960c03c4df74589a4be0d88c2f4c3df4)

PR:             291851
MFH:            2025Q4
Approved by:    portmgr blanket (runtime fix)

sysutils/hcloud: Update to 1.58.0

Changelog: https://github.com/hetznercloud/cli/releases/tag/v1.58.0

Reduce number of external symbols in libllvm, libclang and liblldb

In commit 2e47f35be5dc libllvm, libclang and liblldb were converted into
private shared libraries. This allowed clang, lld, lldb, and other llvm
tools to be linked against these shared libraries, which makes them
smaller and avoids duplication.

However, upstream builds the shared libraries using several visibility
options, which reduces the number of external symbols, and makes the
libraries a bit smaller.

On my test machine:
* libprivatellvm.so goes from 75643 to 34706 symbols (~54% reduction)
* libprivateclang.so goes from 53250 to 33531 symbols (~37% reduction)
* libprivatelldb.so goes from 27242 to 18798 symbols (~31% reduction)

Note: to get the full benefit, a clean build is required. Incremental
builds should still work, but I didn't want to force a full rebuild on
everybody.

    [2 lines not shown]

security/vuxml: Add mongodb{78}0 vulnerability

 * CVE-2025-14847

security/sudo-rs: Update to 0.2.11

PR:             291794
Changes:        https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.11

deskutils/fet: Update to 7.6.1

Changelog: https://lalescu.ro/liviu/fet/news.html

textproc/logseq: Bump port revision after electron38 update (8e0af09fe55a)

devel/electron38: Update to 38.7.2

While here:
- switch to use USE_ELECTRON features of electron.mk for specifying
  node package manager, pre-fetching necessary node modules, and
  extracting the node modules into appropriate directories
- use USES=display for starting/stopping display server on testing
- specify TEST_ENV instead of listing env vars in test target

Changelog: https://github.com/electron/electron/releases/tag/v38.7.2

devel/pecl-swoole: update to 6.1.5.

security/dropbear: update to 2025.89

Changelog:
- Security: Avoid privilege escalation via unix stream forwarding in Dropbear
  server. Other programs on a system may authenticate unix sockets via
  SO_PEERCRED, which would be root user for Dropbear forwarded connections,
  allowing root privilege escalation.
  Reported by Turistu, and thanks for advice on the fix.
  This is tracked as CVE-2025-14282, and affects 2024.84 to 2025.88.

  It is fixed by dropping privileges of the dropbear process after
  authentication. Unix stream sockets are now disallowed when a
  forced command is used, either with authorized_key restrictions or
  "dropbear -c command".

  In previous affected releases running with "dropbear -j" (will also disable
  TCP fowarding) or building with localoptions.h/distrooptions.h
  "#define DROPBEAR_SVR_LOCALSTREAMFWD 0" is a mitigation.


    [38 lines not shown]

sysutils/fastfetch: update to 2.56.1

Changelog:      https://github.com/fastfetch-cli/fastfetch/releases/tag/2.56.1

sysutils/py-overlord: Update 0.22.0

ChangeLog: https://github.com/DtxdF/overlord/releases/tag/v0.22.0

sysutils/py-director: Update to 0.16.0

ChangeLog: https://github.com/DtxdF/director/releases/tag/v0.16.0

sysutils/appjail-devel: Update to 4.7.0.20251222

ChangeLog:
https://github.com/DtxdF/AppJail/commits/83f350cd4b635d9a582e229ea3d796a95b96fe03/

sysutils/appjail: Update to 4.7.0

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v4.7.0

x11/py-xdot: Update 1.2 => 1.6, take maintainership

Commit log:
https://github.com/jrfonseca/xdot.py/compare/1.2...1.6

- Add GitHub to WWW.
- Add LICENSE_FILE.
- Fix warning from portclippy.

PR:     291847

Fix zgrep(1) wrapper regression, add test

@bdrewery reported D48873 broke "bzgrep -q '1 2' /var/log/messages.0.bz2"
The mistake was in using $* instead of "$@" (I suspect $* is never right).

Reported by:    bdrewery
Reviewed by:    markj
Approved by:    markj
Fixes:          1070477cc8b7 ("Fix remaining zgrep(1) wrapper script regressions")
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54217

(cherry picked from commit 80726c2257e9d6d79341aac65ba22987f53619bc)

Fix remaining zgrep(1) wrapper script regressions

Summary:
Fix short flags without whitespace, e.g:

    zgrep -wefoo test

Fix multiple -e flags:

    zgrep -e foo -e xxx test

Previously only the last pattern would be used.

Clean up possible leading blank in ${grep_args}.

Update comment: 2.51 -> 2.6.0

Add a test case for the last known zgrep wrapper issue: recursion
(-r) not implemented.

    [6 lines not shown]

libpcap: fix resource leaks and set error messages

In finddevs_bpf() close the BPF device descriptor and free the device list
buffer before returning.

For ioctl() and malloc() errors, use pcapint_fmt_errmsg_for_errno() to
generate an error message.

Fix some comments.

(cherry picked from commit 6870404f35da32d63a0a8789edb010842dd6b208)

ng_ether: refactor to use interface EVENTHANDLER(9)s

if_tuntap: use ifnet_rename_event instead of ifnet_arrival_event

net: add ifnet_rename_event EVENTHANDLER(9) for interface renaming

and don't trigger ifnet_arrival_event and ifnet_departure_event for a
rename, as the interface isn't being detached from any protocol.  The
consumers of the arrival/departure events are divided into a few
categories:
- which indeed need to do the same actions as if interface was fully
  detached and attached: routing socket and netlink notifications to
  userland and the Linux sysfs.  All addressed by this commit.
- which build their logic based on an interface name, but should actually
  update their database on rename: packet filters.  This commit leaves
  them with the old behavior - emulate full detach & attach, but this
  should be improved.
- which shouldn't do anything on rename, not touched by the commit.
- ng_ether and if_tuntap, that are special and will be addressed by
  separate commits.

net: on interface detach purge multicast addresses after protocols

We first want to give a chance to all owners of multicast addresses to
free them and only then run through the list of remaining ones.  It might
be that no addresses remain there normally, but this needs to be analyzed
deeper.  For now restore the sequence that was before 0d469d23715d to fix
a possible use after free.

Fixes:  0d469d23715d690b863787ebfa51529e1f6a9092

ipfw: fix bpf tap point lookup

The trick I blindly used works for pointers to structs, but not for rule
numbers that can differ only by 1.

PR:     291854
Fixes:  3daae1ac1d82ecdcd855101bab5206e914b12350

pf: make eventhandler_tag's static

No functional change.