FreeBSD/src 238ad59lib/libpfctl libpfctl.c

libpfctl: improve error handling

If we fail to open /dev/pf don't try to close it again. That would result in
errno getting overwritten by close(), hiding potentially useful information.

MFC after:      2 weeks
Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+2-2lib/libpfctl/libpfctl.c
+2-21 files

FreeBSD/src 9562994. UPDATING, sys/kern link_elf.c link_elf_obj.c

kernel linker: Disable local sym resolution by default

In 95c20faf11a1 and ecd8245e0d77 kib introduced support to have the
kernel linker stop resolving local symbols from other files, but did
not enable it by default to avoid surprises.  Flip the default now,
before FreeBSD 16.0.

The debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals
sysctls are available to revert to the previous behaviour if necessary.

PR:             207898
Reviewed by:    bz
Relnotes:       Yes
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47742
DeltaFile
+9-0UPDATING
+1-1sys/kern/link_elf.c
+1-1sys/kern/link_elf_obj.c
+11-23 files

FreeBSD/ports 558ad9cjava/openjdk25 Makefile

java/openjdk25: Add jre_headless flavor

Add flavor to make a headless jre package, where dev tools and x11
support is removed. As requested in Bug #266059.

PR:             266059
Reviewed by:    fuz, jrm
Approved by:    fuz (Mentor), jrm
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D53707
DeltaFile
+30-20java/openjdk25/Makefile
+30-201 files

FreeBSD/ports f622129www/chromium/files patch-build_rust_allocator_lib.rs, www/iridium/files patch-build_rust_allocator_lib.rs

www/{*chromium,iridium}: unbreak with rust 1.89

PR:     291107

(cherry picked from commit 31d22775f7f2f7db043c35fe79b9270e4afc53e0)
DeltaFile
+8-2www/iridium/files/patch-build_rust_allocator_lib.rs
+8-2www/chromium/files/patch-build_rust_allocator_lib.rs
+8-2www/ungoogled-chromium/files/patch-build_rust_allocator_lib.rs
+24-63 files

FreeBSD/ports 5e2875bwww/iridium/files patch-chromecast_browser_cast__browser__main__parts.cc patch-chromecast_media_base_default__monotonic__clock.cc

www/iridium: update to 2025.11.142.3

(cherry picked from commit cc61f3e96e953d13a2a81d6e9bef934e54b1344e)
DeltaFile
+0-38www/iridium/files/patch-chromecast_browser_cast__browser__main__parts.cc
+0-20www/iridium/files/patch-chromecast_media_base_default__monotonic__clock.cc
+13-0www/iridium/files/patch-build_linux_strip__binary.gni
+0-11www/iridium/files/patch-chromecast_browser_cast__content__browser__client.cc
+0-11www/iridium/files/patch-gpu_webgpu_dawn__commit__hash.h
+0-11www/iridium/files/patch-chromecast_cast__core_runtime_browser_runtime__application__service__impl.cc
+13-915 files not shown
+26-10411 files

FreeBSD/ports 31d2277www/chromium/files patch-build_rust_allocator_lib.rs, www/iridium/files patch-build_rust_allocator_lib.rs

www/{*chromium,iridium}: unbreak with rust 1.89
DeltaFile
+8-2www/chromium/files/patch-build_rust_allocator_lib.rs
+8-2www/iridium/files/patch-build_rust_allocator_lib.rs
+8-2www/ungoogled-chromium/files/patch-build_rust_allocator_lib.rs
+24-63 files

FreeBSD/ports 7bfb0acsysutils/rundeck distinfo Makefile

sysutils/rundeck: Update to 5.17.0

ReleaseNotes:   https://docs.rundeck.com/docs/history/5_x/version-5.17.0.html
DeltaFile
+3-3sysutils/rundeck/distinfo
+2-2sysutils/rundeck/Makefile
+5-52 files

FreeBSD/ports cc61f3ewww/iridium/files patch-chromecast_browser_cast__browser__main__parts.cc patch-chromecast_media_base_default__monotonic__clock.cc

www/iridium: update to 2025.11.142.3
DeltaFile
+0-38www/iridium/files/patch-chromecast_browser_cast__browser__main__parts.cc
+0-20www/iridium/files/patch-chromecast_media_base_default__monotonic__clock.cc
+13-0www/iridium/files/patch-build_linux_strip__binary.gni
+0-11www/iridium/files/patch-gpu_webgpu_dawn__commit__hash.h
+0-11www/iridium/files/patch-chromecast_cast__core_runtime_browser_runtime__application__service__impl.cc
+0-11www/iridium/files/patch-chromecast_browser_cast__content__browser__client.cc
+13-915 files not shown
+26-10411 files

FreeBSD/ports 65b6513x11-toolkits/pangolin distinfo Makefile, x11-toolkits/pangolin/files fix-build-with-clang.patch

x11-toolkits/pangolin: update to 0.9.4

Update to a version which supports both ffmpeg 6 and 8.
While here incorporate an upstream patch to fix build with clang.

PR:     289703
DeltaFile
+35-0x11-toolkits/pangolin/files/fix-build-with-clang.patch
+3-3x11-toolkits/pangolin/distinfo
+3-2x11-toolkits/pangolin/Makefile
+41-53 files

FreeBSD/ports fea7734security/wazuh-manager pkg-plist Makefile

security/wazuh-manager: Unbreak build

PR:             290782
Approved by:    portmgr (blanket)
DeltaFile
+2-2security/wazuh-manager/pkg-plist
+1-0security/wazuh-manager/Makefile
+3-22 files

FreeBSD/ports e70f390multimedia/mplayer/files patch-ffmpeg-8

multimedia/mplayer(mencoder): fix memcoder build with ffmpeg8

This also fixes mplayer if built without VDPAU

PR:     289505
DeltaFile
+219-0multimedia/mplayer/files/patch-ffmpeg-8
+219-01 files

FreeBSD/ports b419989www/piwigo pkg-plist distinfo

www/piwigo: Update tp 16.0.0.
DeltaFile
+256-224www/piwigo/pkg-plist
+3-3www/piwigo/distinfo
+1-1www/piwigo/Makefile
+260-2283 files

FreeBSD/ports 748926anet-p2p/libtorrent distinfo pkg-plist, net-p2p/rtorrent distinfo Makefile

net-p2p/{lib,r}torrent: Update to 0.16.4

ChangeLog:      https://github.com/rakshasa/rtorrent/releases/tag/v0.16.4
MFH:            2025Q4 (bugfixes)
(cherry picked from commit f8bd5bcdee8cc865a0e48455eceb92b9c2b1cb51)
DeltaFile
+3-3net-p2p/rtorrent/distinfo
+3-3net-p2p/libtorrent/distinfo
+2-2net-p2p/libtorrent/pkg-plist
+1-1net-p2p/libtorrent/Makefile
+1-1net-p2p/rtorrent/Makefile
+10-105 files

FreeBSD/ports f8bd5bcnet-p2p/libtorrent distinfo pkg-plist, net-p2p/rtorrent distinfo Makefile

net-p2p/{lib,r}torrent: Update to 0.16.4

ChangeLog:      https://github.com/rakshasa/rtorrent/releases/tag/v0.16.4
MFH:            2025Q4 (bugfixes)
DeltaFile
+3-3net-p2p/rtorrent/distinfo
+3-3net-p2p/libtorrent/distinfo
+2-2net-p2p/libtorrent/pkg-plist
+1-1net-p2p/libtorrent/Makefile
+1-1net-p2p/rtorrent/Makefile
+10-105 files

FreeBSD/ports 70bd00fwww/freenginx-devel Makefile, www/freenginx-devel/files extra-patch-nginx-thumbextractor-module-config

www/freenginx-devel: don't link thumbextractor module with libpostproc

libpostproc has been removed from newer ffmpeg and it not needed
with ffmpeg6 either.

Bump PORTREVISION.

PR:             289067
Sponsored by:   tipi.work
DeltaFile
+1-1www/freenginx-devel/Makefile
+1-1www/freenginx-devel/files/extra-patch-nginx-thumbextractor-module-config
+2-22 files

FreeBSD/ports 710df32misc/crush distinfo Makefile

misc/crush: Update to 0.18.6

Changelog: https://github.com/charmbracelet/crush/releases/tag/v0.18.6

Reported by:    GitHub (watch releases)
DeltaFile
+5-5misc/crush/distinfo
+1-1misc/crush/Makefile
+6-62 files

FreeBSD/ports 6a07ea8multimedia/x265 Makefile

multimedia/x265: fix build on powerpc*

A couple of fixes:
1. Altivec code also uses VSX, so it should be enabled by default only
on powerpc64le. Additionaly ENABLE_ALTIVEC needs to be specified along
with CPU_POWER8.
2. Altivec code is 64-bit only, so the option should be removed on
powerpc altogether. On powerpc64 it should stay non-default.
3. Altivec code works only with 8 bits and causes build issues
elsewhere.
DeltaFile
+14-10multimedia/x265/Makefile
+14-101 files

FreeBSD/ports 95a50a4misc/codex distinfo, misc/codex/files patch-codex-rs_process-hardening_src_lib.rs patch-codex-rs_core_Cargo.toml

misc/codex: misc/codex: Update to 0.63.0

While here, remove unnecessary local patches, which have been made
unnecessary by the GitHub PR
6680 (https://github.com/openai/codex/pull/6680).

Changelog:
- https://github.com/openai/codex/releases/tag/rust-v0.59.0
- https://github.com/openai/codex/releases/tag/rust-v0.60.1
- https://github.com/openai/codex/releases/tag/rust-v0.61.0
- https://github.com/openai/codex/releases/tag/rust-v0.63.0

Reported by:    GitHub (watch releases)
DeltaFile
+0-70misc/codex/files/patch-codex-rs_process-hardening_src_lib.rs
+11-9misc/codex/distinfo
+0-13misc/codex/files/patch-codex-rs_core_Cargo.toml
+0-13misc/codex/files/patch-codex-rs_rmcp-client_Cargo.toml
+0-12misc/codex/files/patch-codex-rs_keyring-store_Cargo.toml
+0-12misc/codex/files/patch-codex-rs_core_tests_suite_shell__serialization.rs
+11-1294 files not shown
+21-14910 files

FreeBSD/ports 72b1b23www/nginx/files extra-patch-nginx-thumbextractor-module-config

www/nginx: do not link to libpostproc for thumbextractor module

libpostproc has been removed from newer ffmpeg and it not needed
with ffmpeg6 either

PR:     289067
DeltaFile
+1-1www/nginx/files/extra-patch-nginx-thumbextractor-module-config
+1-11 files

FreeBSD/ports 96016c3www/orangehrm distinfo Makefile

www/orangehrm: Update to 5.8
DeltaFile
+3-3www/orangehrm/distinfo
+1-1www/orangehrm/Makefile
+4-42 files

FreeBSD/ports 571fcc5multimedia/libopenshot Makefile, multimedia/libopenshot/files patch-src_FFmpegWriter.cpp

multimedia/libopenshot: fix build with ffmpeg8

PR:     289065
DeltaFile
+14-4multimedia/libopenshot/files/patch-src_FFmpegWriter.cpp
+1-1multimedia/libopenshot/Makefile
+15-52 files

FreeBSD/ports 4bca969devel/py-stevedore distinfo Makefile

devel/py-stevedore: Update to 5.6.0

Release changes:        https://docs.openstack.org/stevedore/latest/user/history.html#id1
Reported by:    portscout!
DeltaFile
+3-3devel/py-stevedore/distinfo
+2-2devel/py-stevedore/Makefile
+5-52 files

FreeBSD/src 870a7a9sys/netpfil/pf pf_lb.c, tests/sys/netpfil/pf nat.sh

pf: fix udp_mapping cleanup

If we fail to obtain a new source port (pf_get_sport()) while we've
created a udp_mapping (for 'endpoint independent nat') we must free the
udp_mapping in pf_get_sport(). Otherwise the calling function will call
pf_udp_mapping_release(). This will then attempt to remove the udp_mapping from
a list it's not in, and crash.

Actually free the udp_mapping in all failure cases. While here sprinkle in a few
more assertions to ensure we don't forget leak udp_mappings and add a test case
to provoke this problem.

Reviewed by:    thj
MFC after:      1 week
See also:       https://redmine.pfsense.org/issues/16517
Sponsored by:   Rubicon Communications, LLC ("Netgate")
Differential Revision:  https://reviews.freebsd.org/D53737

(cherry picked from commit c12013f5bb3819e64499f02ecd199a635003c7ce)
DeltaFile
+30-0tests/sys/netpfil/pf/nat.sh
+22-7sys/netpfil/pf/pf_lb.c
+52-72 files

FreeBSD/src 7799b57sys/net if_ovpn.c

if_ovpn: use IFT_TUNNEL

IFT_ENC has special behaviour in pf we don't desire, and this also ensures that
for all interface types there is N:1:1 correspondence between if_type:dlt:header len.

Requested by:   glebius
MFC after:      1 week

(cherry picked from commit ff9f76a206c80c263050816735d537a151ee2999)
DeltaFile
+1-1sys/net/if_ovpn.c
+1-11 files

FreeBSD/src 58eacc8sys/net if_ovpn.c

if_ovpn: use IFT_TUNNEL

IFT_ENC has special behaviour in pf we don't desire, and this also ensures that
for all interface types there is N:1:1 correspondence between if_type:dlt:header len.

Requested by:   glebius
MFC after:      1 week

(cherry picked from commit ff9f76a206c80c263050816735d537a151ee2999)
DeltaFile
+1-1sys/net/if_ovpn.c
+1-11 files

FreeBSD/ports 2c85d0cdatabases/py-aiosql distinfo Makefile, databases/py-aiosql/files patch-pyproject.toml

databases/py-aiosql: Update to 14.0

Release changes:        https://github.com/nackjicholson/aiosql/releases/tag/14.0
Reported by:    portscout!
DeltaFile
+4-4databases/py-aiosql/files/patch-pyproject.toml
+3-3databases/py-aiosql/distinfo
+1-1databases/py-aiosql/Makefile
+8-83 files

FreeBSD/ports 009d7eedevel/pcre2 Makefile

devel/pcre2: Build static libraries by default, required by qemu-user-static

Reported by:    imp
DeltaFile
+2-0devel/pcre2/Makefile
+2-01 files

FreeBSD/ports 5f6502anet-im/linux-discord distinfo Makefile

net-im/linux-discord: Update to 0.0.116
DeltaFile
+3-3net-im/linux-discord/distinfo
+1-1net-im/linux-discord/Makefile
+4-42 files

FreeBSD/src 64ee9c1sys/dev/e1000 if_em.c

em(4): fix capability bounds needed to access checksum context.

Ensure the offp capability bounds cover entire struct with checksum fields.

This is needed for CHERI systems to avoid bounds violation trap, as
otherwise offp allowed to dereference 4 bytes of csum_flags field only
so bzero failed.

Tested on ARM Morello.

Reviewed by:    kbowling
Discussed with: jrtc27
Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53903
DeltaFile
+1-1sys/dev/e1000/if_em.c
+1-11 files

FreeBSD/ports 4d78ee2multimedia/av1an distinfo Makefile.crates, multimedia/av1an/files patch-ffmpeg7-unsigned-char patch-ffmpeg

multimedia/av1an: update to 0.5.0

This release fixes the build with ffmpeg 6 and 8
Chase upstream change to rust-av

PR:     289061
DeltaFile
+423-393multimedia/av1an/distinfo
+211-196multimedia/av1an/Makefile.crates
+0-55multimedia/av1an/files/patch-ffmpeg7-unsigned-char
+0-40multimedia/av1an/files/patch-ffmpeg
+5-10multimedia/av1an/Makefile
+639-6945 files