security/openvpn-devel: upgrade to commit 64fae9d829
this brings in the upstream development work that has happened over
the last two months, plus two CVE fixes:
- fix race condition in TLS handshake that could lead to leaking of
packet data from a previous handshake under specific circumstances
(CVE-2026-40215)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai at tencent.com))
- fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key (CVE-2026-35058)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai at tencent.com)
and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))
besides this, most of the commits are code maintenance - modernizing
code, adjusting OpenSSL APIs used to be 4.0 compatible, adding more
[8 lines not shown]
security/openvpn-devel: Update 2.7_rc6 -> post-2.7 commit 38243844
OpenVPN 2.7.0 has been released and will show up as "security/openvpn"
soon.
This port skips 2.7.0 release and continues to track development versions,
which will focus on code cleanup / refactoring for the next few months.
Use this opportunity to bring option and dependency handling more in
line with main port
- X509ALTUSERNAME is gone (always-on now in upstream source)
- ASYNC_PUSH added, with freebsd-version dependent handling of
libinotify dependency (see PR 293176)
- UNITTEST added, with libcmocka dependency if unit tests are desired
(cherry picked from commit da00fa0ed292ff71ea1eeaa6902f70d53de9d512)
pkgconf: determine the default paths dynamically
This automatically computes the correct PKG_CONFIG_PATH with LOCALBASE
from the environment (when set) or from the "user.localbase" sysctl, in
this order.
Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57246
nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools
Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted. The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created. The EINVAL failure leaves these new files
messed up (mode == 0).
This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.
If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.
PR: 296066
(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools
Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted. The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created. The EINVAL failure leaves these new files
messed up (mode == 0).
This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.
If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.
PR: 296066
(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
graphics/nvidia-drm-*-kmod*: Fix GPF in some configs
Fix General Protection Fault in __nv_drm_gem_nvkms_handle_vma_fault,
lkpi_vmf_insert_pnf_prot_locked, vm_page_busy_acquire in specific
configurations, notably KDE on Wayland.
PR: 296195
Reported by: keivan at motavalli.me
Reviewed by: ashafer
Tested by: keivan at motavalli.me
Differential Revision: https://reviews.freebsd.org/D57989
Co-authored by: ashafer at FreeBSD.org
sysutils/ezjail: Update 3.4.2 => 3.4.3
Changelog:
- Install man pages to $DEST/share/man, not $DEST/man.
- Make distribution now needs to be called from /usr/src, not
/usr/src/etc.
- Fix tyop: snapshot => snapshots.
- Incorporate fixes from port: provide shutdown script.
- for freebsdup-update -b, --currently-running now is mandatory.
- Fix superfluous asteriks in multiplication.
- Fix man page typos.
- Typo fixes.
- Incorporate Makefile patch from port.
Improve port:
- Replace PORTVERSION with DISTVERSION.
- Add LICENSE block.
- Sort plist.
[3 lines not shown]
www/angie-module-vod: New upstream, update to 1.8.1
This patch changes the port to the new upstream repo, since the
original one the angie documentation still refers to in some places
has been abandoned since 2024.
BEFORE UPDATING:
Carefully read the changelogs at
https://github.com/dio-az/nginx-vod-module/releases,
especially regarding these BREAKING CHANGES in v1.0.0:
- Drop support for HDS and MSS
- Improve compliance with DASH specification
- Use last audio track assuming higher bitrate
PR: 296274
Sponsored by: UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH: 2026Q2
(cherry picked from commit d746fb717c68cbb45d1e4032f81cdf6b8a6f168b)