www/tinyauth: Update to 5.0.4
* Cache vendor stuff.
* Add GO_TARGET.
* Extract frontend and vendor in post-extract instead of pre-build.
* Improve pkg-message to deploy a quick demo.
* Add pkg-message about breaking-changes starting with version 5.0.0.
* Add tinyauth_chdir parameter in rc(8) script.
* Improve format of help options in rc(8) script.
ChangeLog:
https://github.com/steveiliop56/tinyauth/compare/v4.0.1...v5.0.4
Reported by: ronald at klop.ws (email)
net/gnu-radius: Fix the build
The build was failing for two reasons:
1. When devel/readline was installed (e.g. as a dependency of
editors/emacs), its newer interface caused:
readline.c:147:51: error: expected expression
147 | rl_attempted_completion_function = (CPPFunction *) completion_fp;
| ^
readline.c:147:38: error: use of undeclared identifier 'CPPFunction'
147 | rl_attempted_completion_function = (CPPFunction *) completion_fp;
| ^
Patch radius's lib/readline.c to use the modern rl_completion_func_t
type.
2. The elisp files were not being installed, causing a staging error.
Fix this by installing the elisp in a post-install-EMACS-on target.
[2 lines not shown]
net/seda: does not compile with jdk25 and deprecate
Error with jdk25:
[javac] /wrkdirs/usr/ports/net/seda/work/seda-release-20020712/seda/src/seda/sandStorm/internal/ATTIC/AggTPSThreadManager.java:124: error: cannot find symbol
[javac] tg.stop();
[javac] ^
[javac] symbol: method stop()
[javac] location: variable tg of type ThreadGroup
Note that the original author of the SEDA framework already
doubted some parts of it in a blog from 2010.
https://matt-welsh.blogspot.com/2010/07/retrospective-on-seda.html
PR: 293559
Approved-by: no maintainer
www/nginx-devel: Update to 1.29.7
Changes with nginx 1.29.7 24 Mar
2026
*) Security: a buffer overflow might occur while handling a COPY or
MOVE
request in a location with "alias", allowing an attacker to
modify
the source or destination path outside of the document root
(CVE-2026-27654).
Thanks to Calif.io in collaboration with Claude and Anthropic
Research.
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module on 32-bit platforms might cause a worker
process
crash, or might have potential other impact (CVE-2026-27784).
Thanks to Prabhav Srinath (sprabhav7).
[80 lines not shown]
misc/github-copilot-cli: Add script and binary flavors
script flavor (default): existing behavior with all npm dependencies
binary flavor (-bin): C launcher binary with all JS and Node.js
embedded in the binary, requires only node at runtime
(no Node.js, no npm packages, no native modules)
Node.js SEA (Single Executable Application) cannot be used because
postject_find_resource() has no FreeBSD code path. The binary flavor
instead uses a C launcher that embeds all copilot JS files as a gzip-
compressed tar archive, extracts to ~/.cache/github-copilot-cli/v<ver>/
on first run, and executes them with the system node.
www/nginx: Update to 1.28.3
Changes with nginx 1.28.3 24 Mar
2026
*) Security: a buffer overflow might occur while handling a COPY or
MOVE
request in a location with "alias", allowing an attacker to
modify
the source or destination path outside of the document root
(CVE-2026-27654).
Thanks to Calif.io in collaboration with Claude and Anthropic
Research.
*) Security: processing of a specially crafted mp4 file by the
ngx_http_mp4_module on 32-bit platforms might cause a worker
process
crash, or might have potential other impact (CVE-2026-27784).
Thanks to Prabhav Srinath (sprabhav7).
[40 lines not shown]
ftp/curl: Fix build on FreeBSD 13
- Update OPTIONS_DEFAULT:
- Change from OPENSSL to OPENSSL
- Remove LIBSSH2 and TLS_SRP (depends on OPENSSL)
ftp/curl uses OpenSSL by default. However, curl 8.18.0 drops OpenSSL 1.x support
which is used in FreeBSD 13 base system. Therefore, we change the defaults to
wolfSSL instead. This commit can be reverted after FreeBSD 13 EoL (expected Apr
30, 2026).
