FreeBSD/ports 45cfc61security/vuxml/vuln 2026.xml

security/vuxml: Document dns/powerdns-recursor vulnerabilities

PR:             296313
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+51-0security/vuxml/vuln/2026.xml
+51-01 files

FreeBSD/ports 7a952b2dns/powerdns-recursor Makefile distinfo

dns/powerdns-recursor: Security update 5.4.2 => 5.4.3

Port changes:
- Add NOD option for upstream new feature support
- Set C++17 standard
- Use '+=' instead of '=' for DISTFILES to reduce portlint warnings

Changelog:
https://doc.powerdns.com/recursor/changelog/5.4.html#change-5.4.3
Security Advisory:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html

PR:             296313
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2
Security:       CVE-2026-3361
Security:       CVE-2026-40012
Security:       CVE-2026-42005

    [7 lines not shown]
DeltaFile
+8-6dns/powerdns-recursor/Makefile
+3-3dns/powerdns-recursor/distinfo
+11-92 files

FreeBSD/ports 4da1db6dns/powerdns-recursor distinfo Makefile

dns/powerdns-recursor: Update to 5.4.2

Changelog: https://doc.powerdns.com/recursor/changelog/5.4.html#change-5.4.2

PR:             295881
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    Ralf van der Enden <tremere at cainites.net> (maintainer)

(cherry picked from commit 1364a0ca4113da56399c94a9b6adc5ac6fd5545e)
DeltaFile
+5-5dns/powerdns-recursor/distinfo
+2-1dns/powerdns-recursor/Makefile
+1-1dns/powerdns-recursor/Makefile.crates
+8-73 files

FreeBSD/ports 82534efdns/powerdns-recursor Makefile distinfo

dns/powerdns-recursor: Security update 5.4.2 => 5.4.3

Port changes:
- Add NOD option for upstream new feature support
- Set C++17 standard
- Use '+=' instead of '=' for DISTFILES to reduce portlint warnings

Changelog:
https://doc.powerdns.com/recursor/changelog/5.4.html#change-5.4.3
Security Advisory:
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-08.html

PR:             296313
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2
Security:       CVE-2026-3361
Security:       CVE-2026-40012
Security:       CVE-2026-42005

    [5 lines not shown]
DeltaFile
+8-6dns/powerdns-recursor/Makefile
+3-3dns/powerdns-recursor/distinfo
+11-92 files

FreeBSD/ports 5ecd0a6www/authelia Makefile, www/authelia/files authelia.in

www/authelia: enable secret mode to fetch secrets from files

Authelia provides the functionality using go templates so screts must
not be part of the config file, but can be read from external files.

That makes handling of keys more more convinient, like:
```
identity_providers:
  oidc:
    jwks:
      - key: {{ secret "/usr/local/etc/authelia/private_ecdsa.pem" | mindent 10 "|" | msquote }}
      - key: {{ secret "/usr/local/etc/authelia/private_rsa.pem" | mindent 10 "|" | msquote }}
```

Authelia must be started for this with the template filter which that commit
adds.

PR:             295354
Approved by:    yuri (maintainer, timeout)
DeltaFile
+1-1www/authelia/Makefile
+1-1www/authelia/files/authelia.in
+2-22 files

FreeBSD/ports e22ea14dns/dnsdist distinfo Makefile

dns/dnsdist: Security update 2.0.6 => 2.0.7

While here, pet portfmt.

Changelog:
https://www.dnsdist.org/changelog.html#change-2.0.7
Security Advisory:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

PR:             296314
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2
Security:       CVE-2026-40011
Security:       CVE-2026-42004
Security:       CVE-2026-42005
Security:       CVE-2026-40208
Security:       CVE-2026-40209
Security:       CVE-2026-40210

    [3 lines not shown]
DeltaFile
+3-3dns/dnsdist/distinfo
+3-2dns/dnsdist/Makefile
+6-52 files

FreeBSD/ports 5a459b7dns/dnsdist distinfo Makefile

dns/dnsdist: update to v2.0.6

PR:     295515
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    tremere at cainites.net (maintainer)

(cherry picked from commit 9df447a2af2400984d1f068c7d3bed36da348e55)
DeltaFile
+3-3dns/dnsdist/distinfo
+1-1dns/dnsdist/Makefile
+4-42 files

FreeBSD/ports 248c4f9dns/dnsdist Makefile distinfo

dns/dnsdist: Security update 2.0.6 => 2.0.7

While here, pet portfmt.

Changelog:
https://www.dnsdist.org/changelog.html#change-2.0.7
Security Advisory:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

PR:             296314
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2
Security:       CVE-2026-40011
Security:       CVE-2026-42004
Security:       CVE-2026-42005
Security:       CVE-2026-40208
Security:       CVE-2026-40209
Security:       CVE-2026-40210
Security:       CVE-2026-40211
DeltaFile
+4-3dns/dnsdist/Makefile
+3-3dns/dnsdist/distinfo
+7-62 files

FreeBSD/ports 0e4ab96archivers/plakar distinfo Makefile

archivers/plakar: update to 1.1.3

Changes:        https://github.com/PlakarKorp/plakar/releases
PR:             296059
Approved by:    maintainer (timeout)
DeltaFile
+5-5archivers/plakar/distinfo
+1-2archivers/plakar/Makefile
+6-72 files

FreeBSD/ports c15f12fsecurity/vuxml/vuln 2026.xml

security/vuxml: Document dns/dnsdist vulnerabilities

PR:             296314
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+49-0security/vuxml/vuln/2026.xml
+49-01 files

FreeBSD/ports 5e6522fsysutils/gitlab-registry distinfo Makefile

sysutils/gitlab-registry: update to 4.40.2

Changes:        https://gitlab.com/gitlab-org/container-registry/-/releases
DeltaFile
+5-5sysutils/gitlab-registry/distinfo
+1-2sysutils/gitlab-registry/Makefile
+6-72 files

FreeBSD/ports d316c31www/evcc distinfo Makefile

www/evcc: update to 0.310.1

Changes:        https://github.com/evcc-io/evcc/releases
DeltaFile
+7-7www/evcc/distinfo
+2-2www/evcc/Makefile
+9-92 files

FreeBSD/ports 581fecbsecurity/boringssl Makefile

security/boringssl: update CONFLICTS

Bump PORTREVISION.

Sponsored by:   tipi.work
DeltaFile
+2-2security/boringssl/Makefile
+2-21 files

FreeBSD/ports 3bd11ebsecurity/py-python-nss Makefile

security/py-python-nss: Fix build with Python 3.12

src/py_nspr_error.c:189:23: error: too few arguments provided to function-like macro invocation
  189 |         va_start(vargs);
      |                       ^
/usr/include/sys/_stdarg.h:41:9: note: macro 'va_start' defined here
   41 | #define va_start(ap, last)      __builtin_va_start((ap), (last))
      |         ^

Reported by:    pkg-fallout
DeltaFile
+2-0security/py-python-nss/Makefile
+2-01 files

FreeBSD/ports 19a726cwww/tt-rss pkg-plist distinfo

www/tt-rss: Update g20260501 => g20260622

Commit log:
https://github.com/tt-rss/tt-rss/compare/f88091ccc0f3d...87b42eb3db253

PR:             296359
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+61-0www/tt-rss/pkg-plist
+3-3www/tt-rss/distinfo
+2-3www/tt-rss/Makefile
+66-63 files

FreeBSD/ports ffddbdfsecurity/vuxml/vuln 2026.xml

security/vuxml: Add gstreamer1* < 1.28.4
DeltaFile
+76-0security/vuxml/vuln/2026.xml
+76-01 files

FreeBSD/ports e8ed805multimedia/gstreamer1 Makefile, multimedia/gstreamer1-plugins-bad/files patch-git_f3b6692 patch-git_6c14677

GStreamer1: Update to 1.28.4

Backport several security fixes from not-yet-released 1.28.5.

Add a `create-vuxml` target to multimedia/gstreamer1 to automagically
create a VuXML entry for new GStreamer releases. The backing script
can be used standalone for cases when more fine tuning is needed.

Changes:
https://gstreamer.freedesktop.org/releases/1.28/#1.28.4

Security:       4e82a0e6-6801-42c6-8fb6-91b6b275a9e1
DeltaFile
+370-0multimedia/gstreamer1/files/generate-vuxml-entry.py
+237-0multimedia/gstreamer1-plugins-bad/files/patch-git_f3b6692
+101-0multimedia/gstreamer1-plugins-bad/files/patch-git_6c14677
+77-0multimedia/gstreamer1-plugins-bad/files/patch-git_3833dd7
+39-1multimedia/gstreamer1/Makefile
+37-0multimedia/gstreamer1-plugins-bad/files/patch-git_eec42c2
+861-19 files not shown
+920-2915 files

FreeBSD/ports 4d0808emisc/crush pkg-message Makefile, misc/crush/files extra-patch-disable-command-blocking

misc/crush: Add option to support for disabling dangerous command blocking

By default, crush blocks the execution of potentially dangerous
commands (like known hazardous system commands or package
installations).

This change adds an option to support for disabling the dangerous
command blocking, which would be convenient if one operates in a
safe environment or needs to run those commands.

PR:             296282
Reported by:    Victor Igumnov <victoriggy at gmail.com>
Pull Request:   https://github.com/freebsd/freebsd-ports/pull/547
DeltaFile
+120-0misc/crush/files/extra-patch-disable-command-blocking
+17-0misc/crush/pkg-message
+9-3misc/crush/Makefile
+146-33 files

FreeBSD/ports 437a33dsysutils/stackit distinfo Makefile

sysutils/stackit: Update 0.64.0 => 0.65.0

Changelog:
https://github.com/stackitcloud/stackit-cli/releases/tag/v0.65.0

PR:             296369
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+5-5sysutils/stackit/distinfo
+1-1sysutils/stackit/Makefile
+6-62 files

FreeBSD/ports 0dcc7fcsysutils/tarbsd-builder distinfo Makefile

sysutils/tarbsd-builder: Update 26.06.08 => 26.06.28

Changelog:
https://github.com/pavetheway91/tarbsd/releases/tag/26.06.28
Commit log:
https://github.com/pavetheway91/tarbsd/compare/26.06.08...26.06.28

PR:             296355
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+3-3sysutils/tarbsd-builder/distinfo
+1-1sysutils/tarbsd-builder/Makefile
+4-42 files

FreeBSD/ports 1f5c068japanese/fcitx5-hazkey pkg-plist Makefile, japanese/fcitx5-hazkey/files patch-hazkey-server_Sources_hazkey-server_socketManager.swift patch-hazkey-server_build__swift.cmake

japanese/fcitx5-hazkey: Add port: Hazkey input method for fcitx5

Japanese input method for fcitx5, powered by azooKey engine.

asooKey engine is a kana-kanji conversion module written in Swift,
supporting neural kana-kanji conversion and other cool features.

WWW: https://hazkey.hiira.dev/
DeltaFile
+3,424-0japanese/fcitx5-hazkey/pkg-plist
+66-0japanese/fcitx5-hazkey/Makefile
+14-0japanese/fcitx5-hazkey/files/patch-hazkey-server_Sources_hazkey-server_socketManager.swift
+11-0japanese/fcitx5-hazkey/distinfo
+11-0japanese/fcitx5-hazkey/files/patch-hazkey-server_build__swift.cmake
+11-0japanese/fcitx5-hazkey/files/patch-hazkey-server_CMakeLists.txt
+3,537-02 files not shown
+3,542-08 files

FreeBSD/ports 66ec11blang/elixir-devel pkg-plist distinfo

lang/elixir-devel: Update to 1.20.2

Generate the documentation packing list dynamically in post-stage: ex_doc
emits content-hashed asset filenames that change on every release.
DeltaFile
+0-669lang/elixir-devel/pkg-plist
+5-5lang/elixir-devel/distinfo
+6-1lang/elixir-devel/Makefile
+11-6753 files

FreeBSD/ports a968cdedevel/sbt distinfo Makefile

devel/sbt: update to 2.0.1 release.
DeltaFile
+3-3devel/sbt/distinfo
+1-1devel/sbt/Makefile
+4-42 files

FreeBSD/ports c083609textproc/py-bracex distinfo Makefile

textproc/py-bracex: update to 2.7

Changes:        https://github.com/facelessuser/bracex/releases/tag/2.7-fixed
Reported by:    repology, portscout
DeltaFile
+3-3textproc/py-bracex/distinfo
+1-1textproc/py-bracex/Makefile
+4-42 files

FreeBSD/ports 18ac8a4lang/swift6 pkg-plist Makefile, lang/swift6/files patch-swift-crypto patch-swift-corelibs-foundation_CoreFoundation_RunLoop.subproj_CFRunLoop.c

lang/swift6: Add port: Powerful, flexible, multiplatform programming language (Version 6)

Swift is the only language that scales from embedded devices and
kernels to apps and cloud infrastructure. It's simple, and
expressive, with incredible performance and safety. And it has
unmatched interoperability with C and C++.

It's the combination of approachability, speed, safety, and all of
Swift's strengths that make it so unique.

WWW: https://www.swift.org/

PR:             296000
Differential Revision:  https://reviews.freebsd.org/D57541
DeltaFile
+2,513-946lang/swift6/pkg-plist
+0-686lang/swift6/files/patch-swift-crypto
+259-85lang/swift6/Makefile
+0-324lang/swift6/files/patch-swift-corelibs-foundation_CoreFoundation_RunLoop.subproj_CFRunLoop.c
+95-57lang/swift6/distinfo
+0-141lang/swift6/files/patch-swift-corelibs-libdispatch_src_event_event__kevent.c
+2,867-2,23999 files not shown
+3,017-3,852105 files

FreeBSD/ports f70ea84lang/swift6 pkg-plist Makefile, lang/swift6/files patch-swift-crypto patch-swift-corelibs-foundation_CoreFoundation_RunLoop.subproj_CFRunLoop.c

lang/swift6: Repocopy from lang/swift510

PR:             296000
DeltaFile
+946-0lang/swift6/pkg-plist
+686-0lang/swift6/files/patch-swift-crypto
+324-0lang/swift6/files/patch-swift-corelibs-foundation_CoreFoundation_RunLoop.subproj_CFRunLoop.c
+141-0lang/swift6/files/patch-swift-corelibs-libdispatch_src_event_event__kevent.c
+108-0lang/swift6/Makefile
+106-0lang/swift6/files/patch-swift-corelibs-libdispatch_src_event_workqueue.c
+2,311-089 files not shown
+4,158-095 files

FreeBSD/ports 90688dadeskutils/skim distinfo Makefile

deskutils/skim: update 4.9.0 → 4.10.0
DeltaFile
+15-9deskutils/skim/distinfo
+7-4deskutils/skim/Makefile
+22-132 files

FreeBSD/ports 2382910misc Makefile, misc/py-mlflow-skinny Makefile distinfo

misc/py-mlflow-skinny: New port: Lightweight MLflow package with minimal dependencies
DeltaFile
+57-0misc/py-mlflow-skinny/Makefile
+5-0misc/py-mlflow-skinny/distinfo
+3-0misc/py-mlflow-skinny/pkg-descr
+1-0misc/Makefile
+66-04 files

FreeBSD/ports b353c63devel Makefile, devel/py-databricks-sdk Makefile distinfo

devel/py-databricks-sdk: New port: Databricks SDK for Python
DeltaFile
+28-0devel/py-databricks-sdk/Makefile
+3-0devel/py-databricks-sdk/distinfo
+2-0devel/py-databricks-sdk/pkg-descr
+1-0devel/Makefile
+34-04 files

FreeBSD/ports c0e5c52misc Makefile, misc/py-mlflow-tracing Makefile distinfo

misc/py-mlflow-tracing: New port: MLflow Tracing SDK
DeltaFile
+32-0misc/py-mlflow-tracing/Makefile
+3-0misc/py-mlflow-tracing/distinfo
+2-0misc/py-mlflow-tracing/pkg-descr
+1-0misc/Makefile
+38-04 files