libtls: const workarounds for X509_NAME in OCSP for OpenSSL 4
The API to look up a cert by subject or issuer name clearly only needs to
do name comparisons in a collection of certs so should by all means take a
const X509_NAME * as an argument. However, this isn't all that easy to do
and hence it's only in OpenSSL 4 that this obvious step was reached.
This means that there is no way around casting for older code. One could
cast the return value of X509_get_issuer_name() or the argument passed to
the two lookups by subject. jsing slightly prefers the second approach,
so this is what we do here.
ok djm jsing kenjiro
libtls: simple cases of const for X509_NAME *
After the const sprinkling in OpenSSL 1.1, X509_get_{issuer,subject}_name()
still returned a non-const pointer for unclear reasons. In OpenSSL 4,
the return value also grew a const qualifier, so move the two "name" in
tls_conninfo.c and the "subject_name" in tls_verify.c to const. They are
only used for further processing by already const correct functions (at
least as far as X509_NAME is concerned).
ok djm jsing kenjiro
graphics/dcmtk: Add unversioned link to DATADIR
share/dcmtk-x.y.z -> share/dcmtk
Prevents dependent ports and other tools that require access to DCMTK
dictionaries from breaking every time the dcmtk version changes.
PR: 293668
Approved by: (blanket, prevent consumer breakage)
graphics/dcmtk: Add unversioned link to DATADIR
share/dcmtk-x.y.z -> share/dcmtk
Prevents dependent ports and other tools that require access to DCMTK
dictionaries from breaking every time the dcmtk version changes.
PR: 293668
Approved by: (blanket, prevent consumer breakage)
lint: do not warn about lossy cast from floating to integer
The check is intended to catch unintentional loss of accuracy. Having an
explicit cast in the code makes the intention clear enough.
net/lldpd: update to 1.0.21
1.0.21 [2026-03-14 22:17:53 +0100]:
- [25e90db27404] release: 1.0.21 (Vincent Bernat)
- [8bee83920123] doc: be clearer about how to install on macOS (Vincent Bernat)
- [18d8f3ef03ac] build: add a few more Docker platforms (Vincent Bernat)
- [aa1bb6253375] build: fix hardcoded ghcr.io path (Vincent Bernat)
- [479afbb6240d] daemon/priv: factor out check of authorized paths (Vincent Bernat)
- [4c5dccc97efc] doc: fix libtool invocation (Vincent Bernat)
- [5facaf317d4a] daemon: do not fallback to ioctl for wireless (Vincent Bernat)
- [6093ce4b65bb] daemon: use /sys/class/net/.../wireless to check wireless interface (Vincent Bernat)
- [753b81e060d3] daemon: only keep one privileged op to remove both socket and lock (Vincent Bernat)
- [66d67e5d145b] daemon: fix arbitrary file deletion in the privileged process (Vincent Bernat)
- [747113fa7ed1] client: fix compilation warning about unterminated strings (Vincent Bernat)
- [bf772f3193a0] doc: add NEWS entry for latest commit (Vincent Bernat)
- [375c60c1ffe7] interfaces: use ethtool link mode bits for accurate MAU type selection (#771) (Ciro Iriarte)
- [dcb62ae78e89] daemon: fix path traversal vulnerability in asroot_iface_description_os() (Vincent Bernat)
- [5e144270fde7] daemon: fix path traversal vulnerability in asroot_open() (Vincent Bernat)
[68 lines not shown]
java/openjdk: Fix pkgsuffix for jre builds
java/openjdk25 and openjdk26 would use the same pkgsuffix when building
the jre FLAVOR, making the package names clash.
Reported by: Antoine Brodin <antoine at freebsd.org>
Reviewed by: fuz
Approved by: fuz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56123
java/openjdk: Fix pkgsuffix for jre builds
java/openjdk25 and openjdk26 would use the same pkgsuffix when building
the jre FLAVOR, making the package names clash.
Reported by: Antoine Brodin <antoine at freebsd.org>
Reviewed by: fuz
Approved by: fuz
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56123
ocaml-dune: update to 3.22.0.
3.22.0 (2026-03-18)
-------------------
### Fixed
- `Dyn.to_string` now uses a smarter way to convert floats. This ensures that
floats are printed with enough precision to round-trip and are valid OCaml
lexemes. (#12982, fixes #12980, @Alizter)
- Fix `dune install --prefix` failing with relative paths outside the workspace
like `../foo` (#12993, fixes #12241, @benodiwal)
- Place the default trace file inside the build directory at the
workspace root, rather than relative to the current directory.
(#13735, @vouillon)
- Fixed interpreting relative paths in `%{bin:..}` and `%{bin-available:..}`.
[195 lines not shown]
[MLIR][Vector] Fix crash in foldDenseElementsAttrDestInsertOp on poison index (#188508)
When a dynamic index of -1 (the kPoisonIndex sentinel) was folded into
the static position of a vector.insert op,
foldDenseElementsAttrDestInsertOp would proceed to call
calculateInsertPosition, which returned -1. The subsequent iterator
arithmetic (allValues.begin() + (-1)) was undefined behaviour, causing
an assertion in DenseElementsAttr::get.
Fix by bailing out early in foldDenseElementsAttrDestInsertOp when any
static position equals kPoisonIndex, consistent with how
InsertChainFullyInitialized already guards this case.
Fixes #188404
Assisted-by: Claude Code
devel/R-cran-tinytest: Update to 1.4.3
- Update WWW to the official CRAN page, as it provides more comprehensive
documentation and metadata than the GitHub repository.
ChangeLog: https://cran.r-project.org/web/packages/tinytest/NEWS
devel/R-cran-tinytest: Update to 1.4.3
- Update WWW to the official CRAN page, as it provides more comprehensive
documentation and metadata than the GitHub repository.
ChangeLog: https://cran.r-project.org/web/packages/tinytest/NEWS
