BSD Commit Log Search

security/vuxml: add FreeBSD SAs issued on 2026-06-09

FreeBSD-SA-26:25.thr affects all supported releases
FreeBSD-SA-26:26.ktls affects all supported releases
FreeBSD-SA-26:27.sound affects all supported releases
FreeBSD-SA-26:28.capsicum affects all supported releases
FreeBSD-SA-26:29.ip6_multicast affects all supported releases
FreeBSD-SA-26:30.linux affects all supported releases
FreeBSD-SA-26:31.arm64 affects all supported releases
FreeBSD-SA-26:32.elf affects all supported releases
FreeBSD-SA-26:33.unbound affects all supported releases
FreeBSD-SA-26:34.vt affects all supported releases
FreeBSD-SA-26:35.openssl affects all supported releases
FreeBSD-SA-26:36.ldns affects all supported releases

compat32 wait4/6(2): only copy out when there is a pid to report

PR:     295965
Reported and tested by: mandree
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57513

GCE: Apply public-image label on GCE images

Update the GCE image creation process to automatically apply the
'public-image=true' label when publishing new images. This aligns
with standard labeling expectations for images hosted in public
projects.

MFC after:      3 days

databases/py-redisvl: Update to 0.20.0

Changelog: https://github.com/redis/redis-vl-python/releases/tag/v0.20.0

Reported by:    Repology

misc/crush: Update to 0.76.0

Changelog: https://github.com/charmbracelet/crush/releases/tag/v0.76.0

Reported by:    GitHub (watch releases)

Add errata affecting 14.3R, 14.4R and 15.0R

FreeBSD-EN-26:14.syslogd affects 15.0R
FreeBSD-EN-26:15.openssl affects all supported releases

Add security advisories affecting 14.3R, 14.4R and 15.0R

FreeBSD-SA-26:25.thr affects all supported releases
FreeBSD-SA-26:26.ktls affects all supported releases
FreeBSD-SA-26:27.sound affects all supported releases
FreeBSD-SA-26:28.capsicum affects all supported releases
FreeBSD-SA-26:29.ip6_multicast affects all supported releases
FreeBSD-SA-26:30.linux affects all supported releases
FreeBSD-SA-26:31.arm64 affects all supported releases
FreeBSD-SA-26:32.elf affects all supported releases
FreeBSD-SA-26:33.unbound affects all supported releases
FreeBSD-SA-26:34.vt affects all supported releases
FreeBSD-SA-26:35.openssl affects all supported releases
FreeBSD-SA-26:36.ldns affects all supported releases

linux: Add TCP_INFO support

Implement the getsockopt for TCP_INFO by mapping FreeBSD's version to
what Linux expects.

MFC after:      1 month
Relnotes:       yes
Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D55882

loader.efi: Search boot device before foreign ZFS pools

When `boot_policy` is `RELAXED`, `find_currdev()` tried ZFS pools on every
disk before searching the boot ESP and sibling partitions. Booting install
media from USB could therefore select an installed ZFS root on internal
storage instead of the intended memstick UFS image.

Extract the boot-device partition walk into `try_boot_device_partitions()`
and run it before relaxed foreign-pool probing. The ZFS search order is
preserved; pools on the boot device are tried first, followed by pools on
other devices when `boot_policy` is `RELAXED` and the boot device yields
no bootable root.

Signed-off-by: Faraz Vahedi <kfv at kfv.io>
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2239

net-im/deltachat-desktop: Update to 2.52.0

net/deltachat-rpc-server: Update to 2.52.0

website: Clean up template text that snuck in.

Pointy-hat:     gordon
Approved by:    so

jail: Don't double-free the current prison in kern_jail_set/get

Reported by:    Yuxiang Yang, et al <yangyx22 at mails.tsinghua.edu.cn>
Discussed with: markj
MFC after:      3 days

www/element-web: Update to 1.12.21

Approved by:    maintainer (implicit, version bump, as per PR 258262)

Add EN-26:14, EN-26:15, and SA-26:25 through SA-26:36.

Approved by:    so

security/vuxml: Document Elixir vulnerabilities

- CVE-2026-49762, GHSA-w2h8-8x3g-278p

References:
https://github.com/elixir-lang/elixir/releases/tag/v1.20.1

Sponsored by:    SkunkWerks, GmbH

lang/elixir-devel: Update to 1.20.1

Avoid incorrect UFS1 timestamp corrections when system clock fails at boot.

Git 1111a44301da - main - Defer the January 19, 2038 date limit in
UFS1 file systems to February 7, 2106 - did so by changing the UFS1
32-bit signed timestamps to unsigned. With this change, time stamps
from before January 1, 1970 went from being negative numbers to
large positive numbers implying times in the future. When such a
time stamp is encountered when an inode is read into memory or when
it is encountered by fsck, its timestamp is replaced with the
kernel's current time.

Andre Albsmeier reported that he had a machine reboot after a power
failure and the battery that maintained its real-time clock had
died. The result was that the system booted with the time set to
five years earlier (absent a real-time clock value, the boot ROM
used the time that the boot ROM had last been updated). The net
result was that fsck reset the time stamps of all files newer than
five years old to the five year old time.


    [31 lines not shown]

misc/ollama: update 0.30.6 → 0.30.7

devel/py-asteval: update 1.0.5 → 1.0.8

misc/py-langsmith: update 0.8.9 → 0.8.11

misc/py-safetensors: update 0.7.0 → 0.8.0

math/py-pyodesys: update 0.14.5 → 0.14.7

www/py-python-fasthtml: update 0.14.0 → 0.14.2

textproc/py-pyphen: update 0.17.0 → 0.17.2

www/firefox-esr: update to 140.12.0 (rc1)

Release Notes (soon):
  https://www.firefox.com/en-US/firefox/140.12.0/releasenotes/

(cherry picked from commit 4f8c417e08ded9d6ce398e96c0131123ac44831c)

www/firefox-esr: update to 140.12.0 (rc1)

Release Notes (soon):
  https://www.firefox.com/en-US/firefox/140.12.0/releasenotes/

reap_kill_subtree_once: when proctree_lock is dropped, reaper might change

Recalculate it to iterate over the right set of processes.

Prevent reaper' struct proc reuse by holding the tree ref on it.
Since our reference is taken under the proctree lock and we know that
the process is reaper, it cannot go away.  The process hold count
(p_lock) cannot be used there because p_lock intent is prevent exit, but
reaper owns its reap-children until reaped itself, i.e. even a zombie
reaper is still on duty.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57492

proc: add tree ref count

Owning the reference prevents reuse of the struct proc.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57492

connectat(2): do not enable EMPTYPATH for AT_FDCWD

This restores existing error code for connect(2) over unix domain socket
when the empty string is specified as socket address.

Reported by:    eduardo
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57509