devel/libvirt: enable BHYVE option on arm64
Currently, the BHYVE option is available only if "/usr/sbin/bhyveload"
is present. However, bhyveload(8) is not present on arm64.
To make the BHYVE option available on arm64 too, update
the condition to check for the "/usr/sbin/bhyve" path instead.
Sponsored by: The FreeBSD Foundation
security/openssl40: Add new OpenSSL ECH capable port
* This is ALPHA level software, for testing only
* Adds Encrypted Client Hello feature
* Removes SSLv3
mail/postfix: Update to 3.11.1
This update brings some possibly breaking changes:
- Postfix 3.11.0:
- TLS
- smtp_tls_security_level now defaults to "may" when Postfix is built with
TLS support and compatibility_level >= 3.11
- RFC 8689 REQUIRETLS support added: requires strong authentication
(DANE/STS) from all servers in the forward path that announce REQUIRETLS
- TLS logging now includes desired vs. actual security level enforcement
status and REQUIRETLS policy enforcement details
- New smtp_tls_enforce_sts_mx_patterns parameter (default: yes) ensures
MX hostname matching for MTA-STS
- OpenSSL 3.5+ changes the tls_eecdh_auto_curves default to avoid
protocol ossification (post-quantum cryptography prep)
- Other
[14 lines not shown]
databases/postgresql*-*: Update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.2, 17.8, 16.12, 15.16,
and 14.21. This release fixes 5 security vulnerabilities and over 65
bugs reported over the last several months.
Release notes:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/https://www.postgresql.org/docs/release/
Security:
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code
CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Remove postgresql13* since it is now EoL.
[2 lines not shown]
sysutils/rubygem-bundler-audit: Add new port
bundler-audit provides patch-level verification for Bundled Ruby
applications by auditing Gemfile.lock against a database of known
vulnerabilities.
Also add rubygem-bundle-audit as a wrapper gem that depends on
rubygem-bundler-audit, for developers who reference "bundle-audit"
instead of "bundler-audit".