build: provide a FORTIFY_SOURCE.<src file> override
For native files we can do more minimal fixes to avoid this large of a
hammer, but for third party files it may not be worth the effort to try
and patch them. NetBSD has the original _FORTIFY_SOURCE implementation
that ours is based on, for instance, but tests sourced from there can't
do an __ssp_real(foo) without being certain that `foo` actually has a
fortified definition.
This change does always define _FORTIFY_SOURCE as a result, so gate it
on CFLAGS not already containing _FORTIFY_SOURCE definitions.
This re-applies c46a0b59071614, but without re-defining _FORTIFY_SOURCE
needlessly.
PR: 294881
Reviewed by: markj, sjg (both previous version)
Differential Revision: https://reviews.freebsd.org/D57356
x11/mate-session-manager: switch to GitHub release asset
Minor versions of 1.28.x are no longer published to the MATE mirror
and are only available on GitHub. Switch MASTER_SITES to the GitHub
release asset URL. Move PORTSCOUT after USE_* variables.
security/vuxml: fix NGINX entry again
That's what happens when you're not focused.
Edit the entry again, since it's for nginx-devel
Sponsored by: Netzkommune GmbH
java/sigar: remove run_depends
this port is only used as a library
the final application decides what JDK is used
by removing RUN_DEPENDS we prevent installing an unused extra openjdk
Approved-by: no maintainer
databases/mongodb70: 7.0.35
Release notes:
https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.35---june-9--2026
- gen-config.sh is move to scripts/gen-config.sh
- Patch added to circumvent these errors:
src/mongo/util/net/openssl_init.cpp:247:51: error: no member named 'opensslPrimaryDRBGReseedMaxRequests' in namespace 'mongo::crypto'
src/mongo/util/net/openssl_init.cpp:249:45: error: no member named 'opensslPrimaryDRBGReseedMaxTime' in namespace 'mongo::crypto'
- disabled PATCH_FILE for python3.12, didn't apply
- other patches just got a refresh
Security: CVE-2026-9740
Security: CVE-2026-9741
Security: CVE-2026-9746
Security: CVE-2026-9747
Security: CVE-2026-9748
Security: CVE-2026-9749
Security: CVE-2026-9750
[3 lines not shown]
iflib: Fix mbufs leaked by 0 len packets emitted from the if driver
Some interface drivers, notably bnxt, can insert 0 length packets onto
their receive queues when certain conditions are met, such as discarding
packets in the case of bnxt.
When this packet gets processed by assemble_segments(), The solitary
mbuf on the queue that composes it consist of a single zero length
fragment. The loop in assemble_segments() doesn't seem to expect
that a 0 length fragment can exist in the iri_frags list without a
non-zero length header preceding it. In this situation, without filter
intervention rxd_frag_to_sd() returns a pointer to the corresponding
mbuf in the rxq, where it is matched as a zero-length fragment and
immediately discarded without freeing as mh has not yet been assigned.
This change corrects this behavior by falling through the mh == NULL
case and freeing m on the condition that it is not NULL before
continuing the loop.
[3 lines not shown]
