FreeBSD/ports 7561a88devel/jenkins-lts distinfo Makefile

devel/jenkins-lts: Update to 2.555.2

Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins-lts/distinfo
+1-1devel/jenkins-lts/Makefile
+4-42 files

FreeBSD/ports 752a72edevel/jenkins distinfo Makefile

devel/jenkins: Update to 2.564

Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins/distinfo
+1-1devel/jenkins/Makefile
+4-42 files

FreeBSD/ports ff6f993mail/mailpit distinfo Makefile, mail/mailpit/files patch-package-lock.json

mail/mailpit: Update to 1.30.0

Security:       6e701ad2-4f61-11f1-af6d-10ffe07f9334
DeltaFile
+19-19mail/mailpit/files/patch-package-lock.json
+7-7mail/mailpit/distinfo
+1-2mail/mailpit/Makefile
+27-283 files

FreeBSD/src 2ebec3clibexec/nuageinit nuage.lua nuageinit, libexec/nuageinit/tests nuageinit.sh

nuageinit: fix command injection and related issues

- Add shell_escape() helper to safely escape shell arguments
- Apply shell_escape to all user-controlled values in shell commands:
  adduser (usershow, useradd, lock, primary_group, groups)
  addgroup (groupshow, groupadd, members)
  exec_change_password (usermod)
  settimezone (tzsetup root and timezone)
  install_package (pkg package names)
- Escape double quotes in hostname when writing rc.conf.d/hostname
- Add missing 'local' declaration for resolvconf_command in nameservers()
- Escape interface name in resolvconf -a command
- Change open_resolvconf_conf() from 'w' to 'a' mode to prevent
  data loss when nameservers() is called multiple times
- Clean up stale resolvconf.conf at the start of each boot
  (skip on postnet to preserve config written by first call)

Approved by:    re (cperciva)
MFC After: 1 day

    [3 lines not shown]
DeltaFile
+28-15libexec/nuageinit/nuage.lua
+15-2libexec/nuageinit/nuageinit
+3-3libexec/nuageinit/tests/nuageinit.sh
+46-203 files

FreeBSD/src 09a53a5. Makefile.inc1

Make "make update-packages" idempotent

If the user runs "make update-packages" without bumping BRANCH, then it
isn't possible to copy packages from the old location to the new one
(because the two locations are the same).  So just skip that step.

Approved by:    re (cperciva)
Sponsored by:           ConnectWise
PR:                     295085
Reviewed by:            ivy, emaste
Differential Revision:  https://reviews.freebsd.org/D56872

(cherry picked from commit bd1e789b8452a8c2f166a3b4defb95330c71dadd)
(cherry picked from commit 89a0148521aefe0a190d4b62749186c705962d32)
DeltaFile
+3-1Makefile.inc1
+3-11 files

FreeBSD/src 39fcfccsys/kern uipc_usrreq.c, sys/sys ucred.h

Fix LOCAL_PEERCRED in 32-bit compat mode

Previously the cr_pid field would be incorrectly copied to userland, due
to a size mismatch between the structure as defined in 32-bit vs 64-bit
builds.  Fix it by converting the structure before copying it to
userland.

Approved by:    re (cperciva)
PR:             294833
Sponsored by:   ConnectWise
Reviewed by:    emaste
Differential Revision: https://reviews.freebsd.org/D56675

(cherry picked from commit 1d24638d3e8875e4b99a4b5e39f4241e37221b3d)
(cherry picked from commit 3298d82ea34059354dc1ff1a60d8b7d3e495c2cd)
DeltaFile
+19-2sys/kern/uipc_usrreq.c
+11-0sys/sys/ucred.h
+30-22 files

FreeBSD/src 8c8ec2crelease/scripts pkg-stage.sh

pkg-stage.sh: Add ext2 and ntfs

Having these packages available on release media may help users who
need to sneakernet other packages (e.g. firmware) from systems running
Linux or Windows.

Approved by:    re (cperciva)
Suggested by:   vladlen, ziaee
MFC after:      3 days

(cherry picked from commit 6881fd278d80ac63b4d511fc130a79ff16d1bb48)
(cherry picked from commit 01d5910b8766671afdbd9e274fd62b397aca9e1a)
DeltaFile
+2-0release/scripts/pkg-stage.sh
+2-01 files

FreeBSD/src 5457f05release/tools oci-image-static.conf

release/tools: use same pkg settings in containers as in /etc/pkg/FreeBSD.conf

Instructions in /etc/pkg/FreeBSD.conf and elsewhere recommend putting
changes in /usr/local/etc/pkg/repos/FreeBSD.conf so bring OCI containers
into line as well.

Reviewed by:    dfr, ivy
Differential Revision:  https://reviews.freebsd.org/D54090

Approved by:    re (cperciva)
MFC after:      5 days
Sponsored by:   SkunkWerks, GmbH

(cherry picked from commit c73ae67348998a0056145e88debbea9ff6860c4f)
(cherry picked from commit d889f6c466d4cec73c34bc71093d08b25e321071)
DeltaFile
+1-5release/tools/oci-image-static.conf
+1-51 files

FreeBSD/src 8484cb4sys/fs/fdescfs fdesc_vnops.c

fdescfs: do not change vnode type on VOP_GETATTR()

Approved by:    re (cperciva)
PR:     294768

(cherry picked from commit fbecfc4aa028964f972a0457809aa041d415f61b)
(cherry picked from commit 5af938fb03d004ef97621f4c9319446f2fb8f77c)
DeltaFile
+0-1sys/fs/fdescfs/fdesc_vnops.c
+0-11 files

FreeBSD/src cb7880b. UPDATING, usr.sbin/bsdinstall bsdinstall.8

bsdinstall: do pkgbase installations with the "script" command

"bsdinstall script" will now do a pkgbase installation by default.  The
system components to install can be specified in the COMPONENTS
variable, and have the same names as those used in the interactive
installer.  bsdinstall will still do a legacy distset installation if
DISTRIBUTIONS is defined in the installerconfig file.

Approved by:    re (cperciva)
PR:             290375
Sponsored by:   ConnectWise
Reviewed by:    ziaee, ivy, jduran
Differential Revision: https://reviews.freebsd.org/D56717

(cherry picked from commit dc14ae4217a0babb1240f813b642edc2d7b955a6)
(cherry picked from commit 1f5869130f6ebd299e65a627eff23a8c3d360afb)
DeltaFile
+42-31usr.sbin/bsdinstall/scripts/script
+35-10usr.sbin/bsdinstall/bsdinstall.8
+14-1usr.sbin/bsdinstall/scripts/pkgbase.in
+5-0UPDATING
+96-424 files

FreeBSD/src 628c42ausr.sbin/bsdinstall bsdinstall.8

bsdinstall.8: Document DISTRIBUTIONS defaults correctly

Some targets override the default value of DISTRIBUTIONS.
Document that in the manual page.

Approved by:    re (cperciva)
Reported by:    Nia Alarie <nia at NetBSD.org>
Reviewed by:    jlduran
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56528

(cherry picked from commit 4029e765436ff1633139c1afe1bc25185a0f4ef1)
(cherry picked from commit f4678f7613538c63567e2e44cd5aceaee4b4a383)
DeltaFile
+22-2usr.sbin/bsdinstall/bsdinstall.8
+22-21 files

FreeBSD/src 684cb0dkrb5/include autoconf.h, krb5/util/build-tools krb5-config.sh Makefile

krb5: Adjust additional version strings

Approved by:    re (cperciva)
Fixes:          736e411a737b

(cherry picked from commit c64ee36e5d09ecee4ce4951047014c8461734fb5)
(cherry picked from commit e3fc367366319466dd91fe0217a06c0655e35a8a)
DeltaFile
+2-2krb5/include/autoconf.h
+1-1krb5/util/build-tools/krb5-config.sh
+1-0krb5/util/build-tools/Makefile
+4-33 files

FreeBSD/src 3ee9a0fkrb5 Makefile.inc

krb5: Adjust version to 1.22.2

Approved by:    re (cperciva)
Fixes:          736e411a737b
(cherry picked from commit 8f46ba065143d9d89968a20b23844287d54c04a2)
(cherry picked from commit ea93554de436e84d27200d12f3a3b6dc1670fac9)
DeltaFile
+1-1krb5/Makefile.inc
+1-11 files

FreeBSD/src 92eeed8crypto/krb5/src/lib/gssapi/spnego negoex_util.c

krb5: Fix two NegoEx parsing vulnerabilities

Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:

 In parse_nego_message(), check the result of the second call to
 vector_base() before dereferencing it.  In parse_message(), check for
 a short header_len to prevent an integer underflow when calculating
 the remaining message length.

 Reported by Cem Onat Karagun.

 CVE-2026-40355:

 In MIT krb5 release 1.18 and later, if an application calls
 gss_accept_sec_context() on a system with a NegoEx mechanism
 registered in /etc/gss/mech, an unauthenticated remote attacker can
 trigger a null pointer dereference, causing the process to terminate.


    [13 lines not shown]
DeltaFile
+6-1crypto/krb5/src/lib/gssapi/spnego/negoex_util.c
+6-11 files

FreeBSD/src 3de8ca6crypto/krb5 README, crypto/krb5/src configure patchlevel.h

krb5: import MIT 1.22.2

Merge commit '90c687295e2d62f9411fc5b571f5af4e8ee187a7'

Approved by:    re (cperciva)

(cherry picked from commit 736e411a737b9f57c1303e6d15c5afd4f63af0d3)
(cherry picked from commit 919b10729753336ef16338295c61ebd085348fb9)
DeltaFile
+14-23crypto/krb5/src/lib/krb5/ccache/cc_mslsa.c
+23-1crypto/krb5/README
+10-10crypto/krb5/src/configure
+8-0crypto/krb5/src/lib/krb5/ccache/cc_file.c
+3-3crypto/krb5/src/patchlevel.h
+2-2crypto/krb5/src/man/kpasswd.man
+60-3934 files not shown
+120-9740 files

FreeBSD/src 2574974crypto/openssh libcrux_mlkem768_sha3.h ChangeLog

OpenSSH: Update to 10.3p1

Full release notes are available at
https://www.openssh.com/txt/release-10.3

Selected highlights from the release notes:

 * ssh(1), sshd(8): remove bug compatibility for implementations
   that don't support rekeying. If such an implementation tries to
   interoperate with OpenSSH, it will now eventually fail when the
   transport needs rekeying.

 * ssh(1), sshd(8): support IANA-assigned codepoints for SSH agent
   forwarding, as per draft-ietf-sshm-ssh-agent. Support for the new
   names is advertised via the EXT_INFO message. If a server offers
   support for the new names, then they are used preferentially.

 * ssh(1): add a ~I escape option that shows information about the
   current SSH connection.

    [10 lines not shown]
DeltaFile
+7,257-7,843crypto/openssh/libcrux_mlkem768_sha3.h
+2,871-1,684crypto/openssh/ChangeLog
+585-426crypto/openssh/moduli
+222-213crypto/openssh/channels.c
+172-173crypto/openssh/.depend
+253-51crypto/openssh/packet.c
+11,360-10,390241 files not shown
+15,884-12,698247 files

FreeBSD/src 01d5910release/scripts pkg-stage.sh

pkg-stage.sh: Add ext2 and ntfs

Having these packages available on release media may help users who
need to sneakernet other packages (e.g. firmware) from systems running
Linux or Windows.

Suggested by:   vladlen, ziaee
MFC after:      3 days

(cherry picked from commit 6881fd278d80ac63b4d511fc130a79ff16d1bb48)
DeltaFile
+2-0release/scripts/pkg-stage.sh
+2-01 files

FreeBSD/ports c46096fsecurity/vuxml/vuln 2026.xml

security/vuxml: Add postgreql??-* vulnerabilities

* CVE-2026-6472
* CVE-2026-6473
* CVE-2026-6474
* CVE-2026-6475
* CVE-2026-6476
* CVE-2026-6477
* CVE-2026-6478
* CVE-2026-6479
* CVE-2026-6575
* CVE-2026-6637
* CVE-2026-6638
DeltaFile
+177-0security/vuxml/vuln/2026.xml
+177-01 files

FreeBSD/ports 1b9564edatabases/postgresql14-server distinfo, databases/postgresql15-server distinfo

databases/postgresql??-*: Upgrade to latest version

The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.4, 17.10, 16.14, 15.18,
and 14.23. This release fixes 11 security vulnerabilities and over 60
bugs reported over the last several months.

Release notes:  https://www.postgresql.org/docs/release/

PostgreSQL 14 EOL Notice

PostgreSQL 14 will stop receiving fixes on November 12, 2026. If you are
running PostgreSQL 14 in a production environment, we suggest that you
make plans to upgrade to a newer, supported version of PostgreSQL.
Please see our versioning policy for more information.

Security:       7185ecc9-4fb7-11f1-bc50-6cc21735f730
                CVE-2026-6472, CVE-2026-6473, CVE-2026-6474,
                CVE-2026-6475, CVE-2026-6476, CVE-2026-6477,

    [2 lines not shown]
DeltaFile
+3-3databases/postgresql15-server/distinfo
+3-3databases/postgresql14-server/distinfo
+3-3databases/postgresql16-server/distinfo
+3-3databases/postgresql17-server/distinfo
+3-3databases/postgresql18-server/distinfo
+1-1databases/postgresql18-server/Makefile
+16-164 files not shown
+20-2010 files

FreeBSD/ports 3dac59emultimedia/zoneminder/files patch-src_zm__signal.cpp

multimedia/zoneminder: Fix build on aarch64 and armv*

PR:             295090
Reviewed by:    fuz
Sponsored by:   UNIS Labs
DeltaFile
+20-0multimedia/zoneminder/files/patch-src_zm__signal.cpp
+20-01 files

FreeBSD/ports a7ce159sysutils/RyzenAdj distinfo Makefile, sysutils/RyzenAdj/files patch-CMakeLists.txt

sysutils/RyzenAdj: Update 0.17.0 => 0.19.0

Changelog:
https://github.com/FlyGoat/RyzenAdj/releases/tag/v0.19.0

PR:             295285
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit 1d5630179a051c8ed4f70d15b4ead2c00b0f0b78)
DeltaFile
+20-0sysutils/RyzenAdj/files/patch-CMakeLists.txt
+3-3sysutils/RyzenAdj/distinfo
+2-2sysutils/RyzenAdj/Makefile
+25-53 files

FreeBSD/ports 1d56301sysutils/RyzenAdj distinfo Makefile, sysutils/RyzenAdj/files patch-CMakeLists.txt

sysutils/RyzenAdj: Update 0.17.0 => 0.19.0

Changelog:
https://github.com/FlyGoat/RyzenAdj/releases/tag/v0.19.0

PR:             295285
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+20-0sysutils/RyzenAdj/files/patch-CMakeLists.txt
+3-3sysutils/RyzenAdj/distinfo
+2-2sysutils/RyzenAdj/Makefile
+25-53 files

FreeBSD/ports fa8d4eenet/spoofdpi distinfo Makefile, net/spoofdpi/files modules.txt

net/spoofdpi: Update 1.5.1 => 1.5.2

Changelog:
https://github.com/xvzc/spoofdpi/releases/tag/v1.5.2

Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+21-21net/spoofdpi/distinfo
+14-13net/spoofdpi/files/modules.txt
+11-12net/spoofdpi/Makefile
+46-463 files

FreeBSD/ports 7c9c7aatextproc/moor distinfo Makefile

textproc/moor: Update 2.13.1 => 2.13.2

Changelog:
https://github.com/walles/moor/releases/tag/v2.13.2

Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+5-5textproc/moor/distinfo
+1-1textproc/moor/Makefile
+6-62 files

FreeBSD/ports 2997a24sysutils Makefile

sysutils/storcli2: New port: SAS4 MegaRAID FreeBSD StorCLI2

Command Line Interface for the MegaRAID SAS4 family of RAID controllers,
used to configure and manage connected storage devices.

The StorCLI2 tool supports the following controllers:
 * MegaRAID 9600 Family eHBA Adapters
 * MegaRAID 9620 Family eHBA Adapters
 * MegaRAID 9660 Family RAID Adapters
 * MegaRAID 9670 Family RAID Adapters

https://techdocs.broadcom.com/us/en/storage-and-ethernet-connectivity/enterprise-storage-solutions/megaraid8-tri-mode-software/1-0/StorCLI_MR8_Intro.html

PR:             293540
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
DeltaFile
+1-0sysutils/Makefile
+1-01 files

FreeBSD/ports fa513a9sysutils/storcli2 Makefile distinfo

sysutils/storcli2: New port: SAS4 MegaRAID FreeBSD StorCLI2

Command Line Interface for the MegaRAID SAS4 family of RAID controllers,
used to configure and manage connected storage devices.

The StorCLI2 tool supports the following controllers:
 * MegaRAID 9600 Family eHBA Adapters
 * MegaRAID 9620 Family eHBA Adapters
 * MegaRAID 9660 Family RAID Adapters
 * MegaRAID 9670 Family RAID Adapters

https://techdocs.broadcom.com/us/en/storage-and-ethernet-connectivity/enterprise-storage-solutions/megaraid8-tri-mode-software/1-0/StorCLI_MR8_Intro.html

PR:             293540
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
DeltaFile
+12-12sysutils/storcli2/Makefile
+3-3sysutils/storcli2/distinfo
+15-152 files

FreeBSD/ports 8449abdsysutils/storcli2 Makefile distinfo

sysutils/storcli2: Repocopy from sysutils/storcli

PR:             293540
Sponsored by:   UNIS Labs
DeltaFile
+57-0sysutils/storcli2/Makefile
+3-0sysutils/storcli2/distinfo
+2-0sysutils/storcli2/pkg-descr
+62-03 files

FreeBSD/ports bc71934emulators/pcsx2/files patch-3rdparty-fmt-include-fmt-format.h

emulators/pcsx2: Fix build on -CURRENT
DeltaFile
+10-0emulators/pcsx2/files/patch-3rdparty-fmt-include-fmt-format.h
+10-01 files

FreeBSD/src fb4e789sys/cam cam_ccb.h, sys/dev/nvme nvme_sim.c

Revert "nvme: Only attach to storage NVMe devices"

This reverts commit 0a19464bf7afa35ce2aa7649152bc3a7629faa98. It's
incorrect for ahci attachments. Reverting to merge to stable/15
to merge to releng/15.1 for the release.

Sponsored by:           Netflix
DeltaFile
+1-8sys/dev/nvme/nvme_sim.c
+1-1sys/cam/cam_ccb.h
+2-92 files

FreeBSD/doc 469aa41documentation/content/en/books/handbook/boot _index.adoc

boot: Replace occurrences of qualified name with full path

In many parts of this chapter the use of "qualified name" and
"unqualified name" was used to refer to a full path to a file (or just
the filename). This terminology is used more in networking terms (i.e.
fully qualified hostname) and is strange to use when referring to files
and directories in a filesystem. It leads to confusion for the reader,
which is why I replaced it throughout the chapter with the more commonly
used term "full path" where appropriate.

While here, remove some whitespaces at the end of sentences.

PR:     292300
DeltaFile
+11-6documentation/content/en/books/handbook/boot/_index.adoc
+11-61 files