FreeBSD/ports b2bc7a4shells/xonsh distinfo Makefile

shells/xonsh: Update to 0.23.4

- Switch back to PyPI

ChangeLog: https://github.com/xonsh/xonsh/releases/tag/0.23.4
DeltaFile
+3-3shells/xonsh/distinfo
+2-3shells/xonsh/Makefile
+5-62 files

FreeBSD/ports 93ac2e1sysutils/virt-firmware Makefile distinfo

sysutils/virt-firmware: update to 26.4

 - Update to 26.4
 - Add dependencies
DeltaFile
+4-2sysutils/virt-firmware/Makefile
+3-3sysutils/virt-firmware/distinfo
+7-52 files

FreeBSD/ports 7807b4asecurity/vuxml/vuln 2026.xml

security/vuxml: Add Mozilla vulnerability

CVE-2026-7323

NIST: NVD Base Score:   N/A

ADP:  CISA-ADP
Base Score:     7.3 HIGH
Vector:         CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
DeltaFile
+39-0security/vuxml/vuln/2026.xml
+39-01 files

FreeBSD/ports 71de1d4www/gohugo distinfo Makefile

www/gohugo: Update to 0.161.0

ChangeLog: https://github.com/gohugoio/hugo/releases/tag/v0.161.0

Bug fixes

 * langs/i18n: Fix translation lookup when using language variants
 * create: Fix non-deterministic conflict detection in hugo new content
 * commands: Fix environment isolation for configuration settings
 * Fix filename dimension identifiers (role_X, version_X) to replace mount config
 * Fix it so we never auto-fallback to page resources in other roles/versions

Improvements

 * css: Support nested hugo:vars/ imports
 * github: Update GitHub actions versions
 * hugolib: Do not render aliases if the page is not rendered
 * langs/i18n: Improve default content language fallback
 * helpers: Remove unused code

    [17 lines not shown]
DeltaFile
+5-5www/gohugo/distinfo
+1-2www/gohugo/Makefile
+6-72 files

FreeBSD/ports c866de2biology/vsearch distinfo Makefile

biology/vsearch: Update to 2.31.0

Numerous bug fixes and a few enhancements
Changes: https://github.com/torognes/vsearch/releases

Reported by:    portscout
DeltaFile
+3-3biology/vsearch/distinfo
+1-1biology/vsearch/Makefile
+4-42 files

FreeBSD/ports 68d29eaeditors/emacs-devel pkg-plist

editors/emacs-devel: Fix pkg-plist
DeltaFile
+2-0editors/emacs-devel/pkg-plist
+2-01 files

FreeBSD/src 0733afdusr.bin/lockf/tests lockf_test.sh

lockf: Test that lockf does not spin on fd

PR:             294832
MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56723
DeltaFile
+18-0usr.bin/lockf/tests/lockf_test.sh
+18-01 files

FreeBSD/src d90513eusr.bin/lockf lockf.c

lockf: Avoid spinning when operating on an fd

When operating on a file descriptor, acquire_lock() would ignore the
flags argument and always operate in non-blocking mode, resulting in
unnecessary busy-looping.

PR:             294832
MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56722
DeltaFile
+5-1usr.bin/lockf/lockf.c
+5-11 files

FreeBSD/src 0095c14usr.bin/stat stat.c

stat: Drop unused code and conditionals

We haven't pulled from upstream in over 15 years, and the codebases
have diverged so far it is unlikely that we ever will.

* Drop NetBSD and OpenBSD version control information.

* Drop support for building on non-BSD / non-POSIX platforms.

* Fix a few minor style issues.

Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56771
DeltaFile
+11-70usr.bin/stat/stat.c
+11-701 files

FreeBSD/src bc83f41sys/dev/vt vt_core.c

vt_core: don't draw the splash if a panic occurred

The shutdown splash draws over all the useful info if ddb(4) is
disabled. Don't draw the splash screen if we're rebooting because of a
panic.

MFC after:      3 days
DeltaFile
+3-0sys/dev/vt/vt_core.c
+3-01 files

FreeBSD/ports 97b1639mail/bsfilter Makefile

mail/bsfilter: Fix run depends error on ruby 3.4 and/or later

PR:             294965
Approved by:    hrs (mentor, blanket)
DeltaFile
+10-1mail/bsfilter/Makefile
+10-11 files

FreeBSD/src c40b652contrib/netbsd-tests/lib/libc/sys t_mmap.c

netbsd-tests: Fix the mmap_truncate_signal test

Add a volatile qualifier in the loop which triggers SIGBUS, as otherwise
the compiler is smart enough to elide it, replacing it with a check for
page != 0.

MFC after:      1 week

(cherry picked from commit e3b8e55e710bf355f371d798aa943281007a7ea9)
DeltaFile
+1-1contrib/netbsd-tests/lib/libc/sys/t_mmap.c
+1-11 files

FreeBSD/src 0cf4e7atests/sys/netpfil/ipfw lookup.sh fwd.sh

tests/ipfw: Make tests run more reliably in parallel

- Don't use /dev/null as the pidfile for inetd, that doesn't work
  properly.  Create a pidfile in the per-test scratch directory.
- Use atf_check to validate results from setup commands.

MFC after:      1 week

(cherry picked from commit bea17411473bc58608badd425c223ee59d40a465)
DeltaFile
+8-9tests/sys/netpfil/ipfw/lookup.sh
+7-7tests/sys/netpfil/ipfw/fwd.sh
+15-162 files

FreeBSD/src 66c04dcsys/vm vm_swapout.c

vm_swapout: Remove a special case from vm_swapout_map_deactivate_pages()

John points out that this probably should have been removed in commit
472888018ce, which removed a special case where we'd set desired=0 if
the target process has P_INMEM clear.  It's not obvious to me that the
desired=0 case can't arise by setting an RSS limit to 0, but I'm not
sure why we'd try to go the extra mile in that case anyway.

Reported by:    jhb
Reviewed by:    kib
MFC after:      2 weeks
Fixes:          472888018ce1 ("proc: Remove kernel stack swapping support, part 6")
Differential Revision:  https://reviews.freebsd.org/D56140

(cherry picked from commit b6b0afefec4739923897d984448704ce34a21e6b)
DeltaFile
+0-13sys/vm/vm_swapout.c
+0-131 files

FreeBSD/src 9e8d7d8tests/sys/netinet socket_afinet.c

tests/socket_afinet: Fix the bind_connected_port test

The test verifies that a socket can bind to a local address assigned by
connect(2) to a different socket.  It was however trying to bind to the
wrong address, and the check of the result was inverted, so this went
unnoticed.  It also needs to set SO_REUSEADDR for this to succeed.

Reported by:    glebius
MFC after:      1 week

(cherry picked from commit d3d0466cae546254c50c80cf3e0c060bbbbba53c)
DeltaFile
+7-7tests/sys/netinet/socket_afinet.c
+7-71 files

FreeBSD/src d82d5bbsys/tools kernel-gdb.py

gdb: Print a stack trace if a python command raises an error

MFC after:      1 week

(cherry picked from commit 9899c8da0c19e66bedf37dd914e13880089877e2)
DeltaFile
+2-0sys/tools/kernel-gdb.py
+2-01 files

FreeBSD/src 10567c8sys/fs/nullfs null_vnops.c, sys/kern vfs_inotify.c

nullfs: Clear inotify flags during reclaim

The inotify flags are copied from the lower vnode into the nullfs vnode
so that the INOTIFY() macro will invoke VOP_INOTIFY on the nullfs vnode;
this is then bypassed to the lower vnode.  However, when a nullfs vnode
is reclaimed we should clear these flags, as the vnode is now doomed and
no longer forwards VOPs to the lower vnode.

Add regression tests.  Remove a test in vn_inotify_revoke() which is no
longer needed after this change.

PR:             292495
Reviewed by:    kib
Reported by:    Jed Laundry <jlaundry at jlaundry.com>
Fixes:          f1f230439fa4 ("vfs: Initial revision of inotify")
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56639

(cherry picked from commit a02d794f5acd12ba3cf1de5c204a8dd56af47edd)
DeltaFile
+112-0tests/sys/kern/inotify_test.c
+12-0sys/fs/nullfs/null_vnops.c
+0-4sys/kern/vfs_inotify.c
+124-43 files

FreeBSD/src 8988b4dtests/sys/posixshm posixshm_test.c

tests/posixshm: Check for hardware support in largepage_pkru

MFC after:      3 days
Fixes:          ca87c0b8e396 ("pkru: Fix handling of 1GB largepage mappings")

(cherry picked from commit 75c66218401c00f4728d5312e2b933b8d3aefde1)
DeltaFile
+10-0tests/sys/posixshm/posixshm_test.c
+10-01 files

FreeBSD/src 6e01ed2sys/net/route route_tables.c

routing: Use a better error number in sysctl_fibs()

ENOTCAPABLE is for capsicum and its use here is inappropriate.  In
particular, note that syscallret() treats this value specially.

Reviewed by:    glebius, pouria, zlei
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56481

(cherry picked from commit 8de0fc10a1c2d65bdb39eff862266ab1f87902c8)
DeltaFile
+1-1sys/net/route/route_tables.c
+1-11 files

FreeBSD/src 49dbebdsys/kern kern_clocksource.c

epoch: Don't idle CPUs when there's pending epoch work

The epoch(9) subsystem implements per-CPU queues of object destructors
which get invoked once it is safe to do so.  These queues are polled via
hardclock().

When a CPU is about to go idle, we reduce the hardclock frequency to 1Hz
by default, to avoid unneeded wakeups.  This means that if there is any
garbage in these destructor queues, it won't be cleared for at least 1s
(and possibly longer) even if it would otherwise be safe to do so.

epoch_drain_callbacks() is used in some places to provide a barrier,
ensuring that all garbage present in the destructor queues is cleaned up
before returning.  It's implemented by adding a fake destructor in the
queues and blocking until it gets run on all CPUs.  The above-described
phenomenon means that it can take a long time for these calls to return,
even (especially) when some CPUs are idle.  This causes long delays when
destroying VNET jails, for instance, as epoch_drain_callbacks() is
invoked each time a network interface is destroyed.

    [13 lines not shown]
DeltaFile
+2-1sys/kern/kern_clocksource.c
+2-11 files

FreeBSD/src 3e7157fsys/netinet in_mcast.c

in_mcast: Avoid calling sysctl_wire_old_buffer() in an epoch section

Wiring a virtual address range may require the thread to sleep, and this
is not permitted in an epoch section.

MFC after:      1 week

(cherry picked from commit c1b514c88c76a4de906775d47b06388e62ab6845)
DeltaFile
+5-7sys/netinet/in_mcast.c
+5-71 files

FreeBSD/src 1071c88sys/net/route route_tables.c

routing: Initialize V_rt_numfibs earlier during boot

V_rt_numfibs can be set at compile time (with the ROUTETABLES kernel
config option) or boot time (with the net.fibs tunable).
vnet_rtables_init(), running during SI_PROTO_DOMAIN, was checking the
tunable and updating V_rt_numfibs accordingly, but that means that
earlier SYSINITs, such as vnet_mroute_init(), see the compile-time value
for V_rt_numfibs before it gets corrected in vnet_rtables_init().

Fix this by initializing V_rt_numfibs earlier, so that SYSINITs are less
likely to use the wrong value.

Add a comment describing the weird, preexisting semantic of resetting
rt_numfibs to 1 in VNET jails.

PR:             294510
Reviewed by:    glebius, zlei, pouria
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56473

    [2 lines not shown]
DeltaFile
+16-8sys/net/route/route_tables.c
+16-81 files

FreeBSD/src e314721lib/libsys/x86 pkru.3

pkru.3: Remove a qualifier

Now that i386 kernels are deprecated, we don't really need to mention
this limitation.  It's also a bit dated since PKRU is supported with
5-level paging as well.

Reviewed by:    alc, kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56415

(cherry picked from commit fe6bf738aaeb3d5fd74aabfcbf01eba827df6594)
DeltaFile
+0-3lib/libsys/x86/pkru.3
+0-31 files

FreeBSD/src 59aa556lib/libsys/x86 pkru.3

pkru.3: Note that the kernel may not respect PKRU protections

There are cases where the kernel will be able to access memory covered
by a PKRU key which nomially prohibits accesses.  I believe regular
copyin()/copyout() are subject to the contents of PKRU, but memory
accesses via uiomove_fromphys() will not be.  This can arise when
performing fault I/O, for instance.  I didn't test, but I suspect AIO is
another case.

Update the man page to acknowledge this.

Reviewed by:    alc, kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56416

(cherry picked from commit fa77fecb0e06ec697e3d7a9ed899e568f1d2090c)
DeltaFile
+10-7lib/libsys/x86/pkru.3
+10-71 files

FreeBSD/src 43b1de5sys/kern uipc_socket.c

so_splice: Fix the KTLS check for the sink socket in so_splice()

Reviewed by:    gallatin
Reported by:    Claude Sonnet 4.6
Fixes:          1000cc4a0d39 ("so_splice: Disallow splicing with KTLS-enabled sockets")
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56385

(cherry picked from commit d88a159da42a75dbd46ea4f6f9c8059975dab5e8)
DeltaFile
+1-1sys/kern/uipc_socket.c
+1-11 files

FreeBSD/src ae6c116tests/sys/netinet socket_afinet.c

tests/socket_afinet: Remove a conditional skip

The test runs without any unexpected results when mac_portacl is loaded.

PR:             238781
MFC after:      1 week

(cherry picked from commit 9f6041fb579106aa6fa358071a14eddabd581998)
DeltaFile
+0-3tests/sys/netinet/socket_afinet.c
+0-31 files

FreeBSD/src 793be11sys/geom geom_event.c

geom: Make g_waitidle() wait for orphaned providers

This is motivated by the following race in the ZFS zvol code.

When a zvol is created, we create a GEOM-backed zvol, which results in a
/dev/zvol/<zvol path> device file, created by GEOM::dev.  If volmode=dev
is specified, zvol_set_volmode_impl() will wither the GEOM, then create
a device file with the same name.  This sometimes fails because
g_wither_geom() is asynchronous, so we end up trying to create a device
file while the old one still exists.  I want to fix this by adding a
g_waitidle() call to zvol_os_remove_minor().

g_waitidle() is not sufficient: GEOM::dev does not destroy the device
until g_dev_orphan() is called.  (In fact the device destruction is
asynchronous too, but the delist_dev() call is sufficient to address
this race.)  So, I propose modifying g_waitidle() to block until
orphaned providers are processed.

PR:             258766

    [5 lines not shown]
DeltaFile
+1-1sys/geom/geom_event.c
+1-11 files

FreeBSD/ports f324263www/lubelogger pkg-plist Makefile, www/lubelogger/files lubelogger.in patch-nuget.config

www/lubelogger: Add new port

PR:             290719
Co-authored-by: Gleb Popov <arrowd at FreeBSD.org>
DeltaFile
+655-0www/lubelogger/pkg-plist
+69-0www/lubelogger/Makefile
+36-0www/lubelogger/files/lubelogger.in
+31-0www/lubelogger/distinfo
+17-0www/lubelogger/nuget.mk
+12-0www/lubelogger/files/patch-nuget.config
+820-04 files not shown
+832-210 files

FreeBSD/ports 2daff32emulators/86Box distinfo Makefile

emulators/86Box: Fix building after the x11/xorgproto update

PR:             293585
Fixes:  18550fa4f69c140eb8fb138024bcfefaf896bcdf
DeltaFile
+3-1emulators/86Box/distinfo
+3-0emulators/86Box/Makefile
+6-12 files

FreeBSD/ports 265bcebdevel/libnjs distinfo, lang/njs distinfo

*/*: update NGINX JavaScript to 0.9.8

Changelog: https://nginx.org/en/docs/njs/changes.html

Sponsored by:   Netzkommune GmbH
DeltaFile
+3-3www/nginx/distinfo
+3-3devel/libnjs/distinfo
+3-3lang/njs/distinfo
+3-3www/freenginx/distinfo
+3-3www/nginx-devel/distinfo
+1-1www/freenginx/Makefile.extmod
+16-168 files not shown
+24-2414 files