FreeBSD/ports 5e2782fmath/octave-forge-llms Makefile, math/octave-forge-llms/files patch-fpng.cpp patch-Makefile

math/octave-forge-llms: fix build on non-x86

/usr/local/bin/mkoctfile       -march=native -O2 fig2base64.cc fpng.cpp
c++: error: unsupported option '-march=' for target 'powerpc64le-unknown-freebsd15.0'

Also use __BYTE_ORDER__ instead of __BYTE_ORDER (which is undefined).
DeltaFile
+39-0math/octave-forge-llms/files/patch-fpng.cpp
+9-0math/octave-forge-llms/files/patch-Makefile
+1-0math/octave-forge-llms/Makefile
+49-03 files

FreeBSD/ports 5c25f39print/scribus-devel distinfo pkg-plist

print/scribus-devel: update to 1.7.1

Changelog:      https://wiki.scribus.net/canvas/1.7.1_Release
DeltaFile
+3-31print/scribus-devel/distinfo
+25-6print/scribus-devel/pkg-plist
+1-18print/scribus-devel/Makefile
+29-553 files

FreeBSD/ports b31b34dgames/fheroes2 distinfo Makefile

games/fheroes2: update to 1.1.13

Changelog:      https://github.com/ihhub/fheroes2/releases/tag/1.1.13
DeltaFile
+3-3games/fheroes2/distinfo
+1-1games/fheroes2/Makefile
+4-42 files

FreeBSD/src 183513dsys/net if_ipsec.c, sys/netipsec ipsec_input.c xform_ipcomp.c

sys/netipsec: ensure sah stability during input callback processing

Citing ae: this fixes some rare panics, that are reported in
derived projects: `panic: esp_input_cb: Unexpected address family'.

Reported by:    ae
Tested by:      ae, Daniel Dubnikov <ddaniel at nvidia.com>
Reviewed by:    ae, Ariel Ehrenberg <aehrenberg at nvidia.com> (previous version)
Sponsored by:   NVidia networking
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D54325
DeltaFile
+13-4sys/netipsec/ipsec_input.c
+14-2sys/netipsec/xform_ipcomp.c
+14-2sys/netipsec/xform_ah.c
+10-2sys/net/if_ipsec.c
+8-2sys/netipsec/xform_esp.c
+5-2sys/netipsec/ipsec.h
+64-141 files not shown
+68-157 files

FreeBSD/src 3b11262lib/clang/libllvm Makefile

Remove debug crutch I accidentally left in

Fixes:          cf1eaaf41cef
MFC after:      1 week
DeltaFile
+0-1lib/clang/libllvm/Makefile
+0-11 files

FreeBSD/ports b619884security/cargo-audit distinfo Makefile.crates

security/cargo-audit: Update version 0.21.2=>0.22.0

- Add PORTSCOUT

Changelog:
https://github.com/rustsec/rustsec/releases/tag/cargo-audit%2Fv0.22.0
(cherry picked from commit bb4e5fa9960c03c4df74589a4be0d88c2f4c3df4)

PR:             291851
MFH:            2025Q4
Approved by:    portmgr blanket (runtime fix)
DeltaFile
+639-567security/cargo-audit/distinfo
+318-282security/cargo-audit/Makefile.crates
+2-2security/cargo-audit/Makefile
+959-8513 files

FreeBSD/ports 1551590sysutils/hcloud distinfo Makefile

sysutils/hcloud: Update to 1.58.0

Changelog: https://github.com/hetznercloud/cli/releases/tag/v1.58.0
DeltaFile
+5-5sysutils/hcloud/distinfo
+1-1sysutils/hcloud/Makefile
+6-62 files

FreeBSD/src cf1eaaflib/clang llvm.build.mk, lib/clang/libllvm Makefile

Reduce number of external symbols in libllvm, libclang and liblldb

In commit 2e47f35be5dc libllvm, libclang and liblldb were converted into
private shared libraries. This allowed clang, lld, lldb, and other llvm
tools to be linked against these shared libraries, which makes them
smaller and avoids duplication.

However, upstream builds the shared libraries using several visibility
options, which reduces the number of external symbols, and makes the
libraries a bit smaller.

On my test machine:
* libprivatellvm.so goes from 75643 to 34706 symbols (~54% reduction)
* libprivateclang.so goes from 53250 to 33531 symbols (~37% reduction)
* libprivatelldb.so goes from 27242 to 18798 symbols (~31% reduction)

Note: to get the full benefit, a clean build is required. Incremental
builds should still work, but I didn't want to force a full rebuild on
everybody.

    [2 lines not shown]
DeltaFile
+12-0lib/clang/libllvm/Makefile
+1-0lib/clang/llvm.build.mk
+13-02 files

FreeBSD/ports b587cd0security/vuxml/vuln 2025.xml

security/vuxml: Add mongodb{78}0 vulnerability

 * CVE-2025-14847
DeltaFile
+32-0security/vuxml/vuln/2025.xml
+32-01 files

FreeBSD/ports 0fbce46security/sudo-rs distinfo Makefile.crates

security/sudo-rs: Update to 0.2.11

PR:             291794
Changes:        https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.11
DeltaFile
+5-13security/sudo-rs/distinfo
+2-6security/sudo-rs/Makefile.crates
+1-2security/sudo-rs/Makefile
+8-213 files

FreeBSD/ports f308076deskutils/fet distinfo Makefile

deskutils/fet: Update to 7.6.1

Changelog: https://lalescu.ro/liviu/fet/news.html
DeltaFile
+3-3deskutils/fet/distinfo
+1-1deskutils/fet/Makefile
+4-42 files

FreeBSD/ports 6ca6271textproc/logseq Makefile

textproc/logseq: Bump port revision after electron38 update (8e0af09fe55a)
DeltaFile
+1-0textproc/logseq/Makefile
+1-01 files

FreeBSD/ports 8e0af09devel/electron38 Makefile, devel/electron38/files yarn.lock package.json

devel/electron38: Update to 38.7.2

While here:
- switch to use USE_ELECTRON features of electron.mk for specifying
  node package manager, pre-fetching necessary node modules, and
  extracting the node modules into appropriate directories
- use USES=display for starting/stopping display server on testing
- specify TEST_ENV instead of listing env vars in test target

Changelog: https://github.com/electron/electron/releases/tag/v38.7.2
DeltaFile
+14,465-0devel/electron38/files/packagejsons/yarn.lock
+0-8,279devel/electron38/files/yarn.lock
+942-0devel/electron38/files/packagejsons/.yarn/releases/yarn-4.11.0.cjs
+147-0devel/electron38/files/packagejsons/package.json
+0-138devel/electron38/files/package.json
+14-44devel/electron38/Makefile
+15,568-8,46111 files not shown
+15,693-8,47117 files

FreeBSD/ports 4df7fd5devel/pecl-swoole distinfo Makefile

devel/pecl-swoole: update to 6.1.5.
DeltaFile
+3-3devel/pecl-swoole/distinfo
+1-1devel/pecl-swoole/Makefile
+4-42 files

FreeBSD/ports 84ed9d8security/dropbear distinfo Makefile

security/dropbear: update to 2025.89

Changelog:
- Security: Avoid privilege escalation via unix stream forwarding in Dropbear
  server. Other programs on a system may authenticate unix sockets via
  SO_PEERCRED, which would be root user for Dropbear forwarded connections,
  allowing root privilege escalation.
  Reported by Turistu, and thanks for advice on the fix.
  This is tracked as CVE-2025-14282, and affects 2024.84 to 2025.88.

  It is fixed by dropping privileges of the dropbear process after
  authentication. Unix stream sockets are now disallowed when a
  forced command is used, either with authorized_key restrictions or
  "dropbear -c command".

  In previous affected releases running with "dropbear -j" (will also disable
  TCP fowarding) or building with localoptions.h/distrooptions.h
  "#define DROPBEAR_SVR_LOCALSTREAMFWD 0" is a mitigation.


    [38 lines not shown]
DeltaFile
+3-3security/dropbear/distinfo
+1-1security/dropbear/Makefile
+4-42 files

FreeBSD/ports c0bbe08sysutils/fastfetch distinfo Makefile

sysutils/fastfetch: update to 2.56.1

Changelog:      https://github.com/fastfetch-cli/fastfetch/releases/tag/2.56.1
DeltaFile
+3-3sysutils/fastfetch/distinfo
+1-1sysutils/fastfetch/Makefile
+4-42 files

FreeBSD/ports 343db6bsysutils/py-overlord distinfo Makefile

sysutils/py-overlord: Update 0.22.0

ChangeLog: https://github.com/DtxdF/overlord/releases/tag/v0.22.0
DeltaFile
+3-3sysutils/py-overlord/distinfo
+1-1sysutils/py-overlord/Makefile
+4-42 files

FreeBSD/ports 53486bbsysutils/py-director distinfo Makefile

sysutils/py-director: Update to 0.16.0

ChangeLog: https://github.com/DtxdF/director/releases/tag/v0.16.0
DeltaFile
+3-3sysutils/py-director/distinfo
+1-1sysutils/py-director/Makefile
+4-42 files

FreeBSD/ports 3261dd1sysutils/appjail-devel distinfo Makefile

sysutils/appjail-devel: Update to 4.7.0.20251222

ChangeLog:
https://github.com/DtxdF/AppJail/commits/83f350cd4b635d9a582e229ea3d796a95b96fe03/
DeltaFile
+3-3sysutils/appjail-devel/distinfo
+2-2sysutils/appjail-devel/Makefile
+5-52 files

FreeBSD/ports 4ab61e5sysutils/appjail distinfo Makefile

sysutils/appjail: Update to 4.7.0

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v4.7.0
DeltaFile
+3-3sysutils/appjail/distinfo
+1-1sysutils/appjail/Makefile
+4-42 files

FreeBSD/ports a14670bx11/py-xdot Makefile distinfo

x11/py-xdot: Update 1.2 => 1.6, take maintainership

Commit log:
https://github.com/jrfonseca/xdot.py/compare/1.2...1.6

- Add GitHub to WWW.
- Add LICENSE_FILE.
- Fix warning from portclippy.

PR:     291847
DeltaFile
+6-5x11/py-xdot/Makefile
+3-3x11/py-xdot/distinfo
+9-82 files

FreeBSD/src c8282c0usr.bin/grep zgrep.sh, usr.bin/grep/tests grep_freebsd_test.sh

Fix zgrep(1) wrapper regression, add test

@bdrewery reported D48873 broke "bzgrep -q '1 2' /var/log/messages.0.bz2"
The mistake was in using $* instead of "$@" (I suspect $* is never right).

Reported by:    bdrewery
Reviewed by:    markj
Approved by:    markj
Fixes:          1070477cc8b7 ("Fix remaining zgrep(1) wrapper script regressions")
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54217

(cherry picked from commit 80726c2257e9d6d79341aac65ba22987f53619bc)
DeltaFile
+10-0usr.bin/grep/tests/grep_freebsd_test.sh
+1-1usr.bin/grep/zgrep.sh
+11-12 files

FreeBSD/src 4706a2bcontrib/netbsd-tests/usr.bin/grep t_grep.sh, usr.bin/grep zgrep.sh

Fix remaining zgrep(1) wrapper script regressions

Summary:
Fix short flags without whitespace, e.g:

    zgrep -wefoo test

Fix multiple -e flags:

    zgrep -e foo -e xxx test

Previously only the last pattern would be used.

Clean up possible leading blank in ${grep_args}.

Update comment: 2.51 -> 2.6.0

Add a test case for the last known zgrep wrapper issue: recursion
(-r) not implemented.

    [6 lines not shown]
DeltaFile
+45-7usr.bin/grep/zgrep.sh
+20-4contrib/netbsd-tests/usr.bin/grep/t_grep.sh
+65-112 files

FreeBSD/src 88b0463contrib/libpcap pcap-bpf.c

libpcap: fix resource leaks and set error messages

In finddevs_bpf() close the BPF device descriptor and free the device list
buffer before returning.

For ioctl() and malloc() errors, use pcapint_fmt_errmsg_for_errno() to
generate an error message.

Fix some comments.

(cherry picked from commit 6870404f35da32d63a0a8789edb010842dd6b208)
DeltaFile
+37-7contrib/libpcap/pcap-bpf.c
+37-71 files

FreeBSD/src 0bd0c32sys/net if_ethersubr.c if.c, sys/netgraph ng_ether.c

ng_ether: refactor to use interface EVENTHANDLER(9)s
DeltaFile
+64-77sys/netgraph/ng_ether.c
+0-32sys/net/if_ethersubr.c
+0-5sys/net/if.c
+0-4sys/net/ethernet.h
+0-2sys/net/if_bridge.c
+64-1205 files

FreeBSD/src b275907sys/net if_tuntap.c

if_tuntap: use ifnet_rename_event instead of ifnet_arrival_event
DeltaFile
+6-12sys/net/if_tuntap.c
+6-121 files

FreeBSD/src 349fcf0sys/compat/linsysfs linsysfs_net.c, sys/net rtsock.c if_var.h

net: add ifnet_rename_event EVENTHANDLER(9) for interface renaming

and don't trigger ifnet_arrival_event and ifnet_departure_event for a
rename, as the interface isn't being detached from any protocol.  The
consumers of the arrival/departure events are divided into a few
categories:
- which indeed need to do the same actions as if interface was fully
  detached and attached: routing socket and netlink notifications to
  userland and the Linux sysfs.  All addressed by this commit.
- which build their logic based on an interface name, but should actually
  update their database on rename: packet filters.  This commit leaves
  them with the old behavior - emulate full detach & attach, but this
  should be improved.
- which shouldn't do anything on rename, not touched by the commit.
- ng_ether and if_tuntap, that are special and will be addressed by
  separate commits.
DeltaFile
+31-18sys/netpfil/ipfw/ip_fw_iface.c
+25-11sys/netlink/route/iface.c
+19-9sys/net/rtsock.c
+14-1sys/compat/linsysfs/linsysfs_net.c
+12-0sys/netpfil/pf/pf_if.c
+8-3sys/net/if_var.h
+109-422 files not shown
+118-458 files

FreeBSD/src 77939d6sys/net if.c

net: on interface detach purge multicast addresses after protocols

We first want to give a chance to all owners of multicast addresses to
free them and only then run through the list of remaining ones.  It might
be that no addresses remain there normally, but this needs to be analyzed
deeper.  For now restore the sequence that was before 0d469d23715d to fix
a possible use after free.

Fixes:  0d469d23715d690b863787ebfa51529e1f6a9092
DeltaFile
+1-2sys/net/if.c
+1-21 files

FreeBSD/src 129e15dsys/netpfil/ipfw ip_fw_bpf.c

ipfw: fix bpf tap point lookup

The trick I blindly used works for pointers to structs, but not for rule
numbers that can differ only by 1.

PR:     291854
Fixes:  3daae1ac1d82ecdcd855101bab5206e914b12350
DeltaFile
+2-2sys/netpfil/ipfw/ip_fw_bpf.c
+2-21 files

FreeBSD/src e3d6cf8sys/netpfil/pf pf_if.c

pf: make eventhandler_tag's static

No functional change.
DeltaFile
+6-6sys/netpfil/pf/pf_if.c
+6-61 files