llvm: Don't install /usr/bin/{gcov,objdump} twice
Commit c4f08d46c7f7 moved the symlinks for the LLVM binutils from LLVM
itself to the toolchain (usr.bin/clang/toolchain), but did not remove
the links for /usr/bin/gcov and /usr/bin/objdump from the llvm version,
meaning we installed them twice, once in the clang package and once in
the toolchain package.
Remove the links from the llvm version and move the MLINKs to toolchain,
which is where the other MLINKs dwell.
While here, fix toolchain to use the correct build option for llvm-cov,
MK_LLVM_COV.
Fixes: c4f08d46c7f7 ("llvm-*: Move all LLVM_BINUTILS symlinks to toolchain package")
Reported by: jrm
Reviewed by: jrm, dim, emaste
Sponsored by: https://www.patreon.com/bsdivy
Differential Revision: https://reviews.freebsd.org/D56788
emulators/Ymir: Update 0.3.0 => 0.3.1
* Upstream removed the Ymir_INCLUDE_PACKAGING build option, so the port
removes it from CMAKE_OFF.
* Ymir documents all dependencies in its "About" window. This also
includes the vendored miniz from the vendored libchdr dependency and
requires the version constant from miniz.h. This library is currently
not available as a port and the Ymir port unbundles libchdr in the
first place, which is also configured to use the system-provided libz
instead of miniz.
Therefore remove all miniz references to unbreak the build.
Changelog:
https://github.com/StrikerX3/Ymir/releases/tag/v0.3.1
PR: 294992
Sponsored by: UNIS Labs
vis.3: Try to better describe VIS_SAFE
The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.
While here, fix some markup nits.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56716
sysutils/mixer: Retire port
There is /etc/rc.d/mixer already, and does the same thing.
PR: 294661
Sponsored by: The FreeBSD Foundation
Approved by: mwm at mired.org (maintainer timeout, 2 weeks), diizzy
krb5: Fix two NegoEx parsing vulnerabilities
Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:
In parse_nego_message(), check the result of the second call to
vector_base() before dereferencing it. In parse_message(), check for
a short header_len to prevent an integer underflow when calculating
the remaining message length.
Reported by Cem Onat Karagun.
CVE-2026-40355:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a null pointer dereference, causing the process to terminate.
[10 lines not shown]
