deskutils/rednotebook: Update 3.31 => 2.42
Old version fails with issue concerning GIRepository required version
being 2.0 and ports tree providing GIRepository version 3.0.
Since 3.39 software supports GIRepository 3.0.
Changelog:
https://github.com/jendrikseipp/rednotebook/blob/v2.42/CHANGELOG.md
- Update dependencies.
- Fix warnings from portclippy.
PR: 293744
Approved by: cth-freebsd at pm.me (maintainer, timeout 2 weeks)
Sponsored by: UNIS Labs
MFH: 2026Q1
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
(cherry picked from commit 9d8b3a01e39e6dcbd1a7c5c2972b669c1513627f)
deskutils/rednotebook: Update 3.31 => 2.42
Old version fails with issue concerning GIRepository required version
being 2.0 and ports tree providing GIRepository version 3.0.
Since 3.39 software supports GIRepository 3.0.
Changelog:
https://github.com/jendrikseipp/rednotebook/blob/v2.42/CHANGELOG.md
- Update dependencies.
- Fix warnings from portclippy.
PR: 293744
Approved by: cth-freebsd at pm.me (maintainer, timeout 2 weeks)
Sponsored by: UNIS Labs
MFH: 2026Q1
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
libclc: Update erf (#188569)
This was originally ported from rocm device libs in
c374cb76f467f01a3f60740703f995a0e1f7a89a. Merge in more
recent changes. Also enables vectorization.
ghostscript-cidfonts-ryumin: update to 10.07.0.
Match ghostscript-agpl 10.07.0.
(The option here checking seems broken, I disabled it for the build-test.)
ghostscript-agpl: update to 10.07.0.
Version 10.07.0 (2026-03-16)
Highlights in this release include:
• The 10.07.0 release is a maintenance release:
• This release addresses CVEs: TBC (Two applied for)
• The wider adoption of "C99" and later features has reached the point where
we must ease our policy on this area. The Ghostscript/GhostPDL codebase
will remain "C89" plus widely supported extensions but, as of the 10.08.0
release, our included third party libraries will will be permitted to use
"C99" and potentially later features.
• The 10.07.0 removes the non-standard operator ".tempfile", and removes the
"temp" directory from the default file permission lists. By default, such
access is now only available internally, not from "user level" PostScript
• Our efforts in code hygiene and maintainability continue.
• The usual round of bug fixes, compatibility changes, and incremental
improvements.
rpcsec_gss: Fix a stack overflow in svc_rpc_gss_validate()
svc_rpc_gss_validate() copies the input message into a stack buffer
without ensuring that the buffer is large enough. Sure enough,
oa_length may be up to 400 bytes, much larger than the provided space.
This enables an unauthenticated user to trigger an overflow and obtain
remote code execution.
Add a runtime check which verifies that the copy won't overflow.
Approved by: so
Security: FreeBSD-SA-26:08.rpcsec_gss
Security: CVE-2026-4747
Reported by: Nicholas Carlini <npc at anthropic.com>
Reviewed by: rmacklem
Fixes: a9148abd9da5d
tcp: plug an mbuf leak
When a challenge ACK should be sent via tcp_send_challenge_ack(),
but the rate limiter suppresses the sending, free the mbuf chain.
The caller of tcp_send_challenge_ack() expects this similar to the
callers of tcp_respond().
Approved by: so
Security: FreeBSD-SA-26:06.tcp
Security: CVE-2026-4247
Reviewed by: lstewart
Tested by: lstewart
Sponsored by: Netflix, Inc.
zfs: put back deferred atime update to VOP_INACTIVE
we currently push atime updates in VOP_RECLAIM and VFS_SYNC.
VFS_SYNC iterates all cached vnodes for that:
> /*
> * On NetBSD, we need to push out atime updates. Solaris does
> * this during VOP_INACTIVE, but that does not work well with the
> * BSD VFS, so we do it in batch here.
> */
it isn't ideal for systems with large vnode cache.
i'm not sure why it "does not work well with the BSD VFS" either.
maybe historical reasons which don't hold anymore?
this commit put the atime pushing logic to VOP_INACTIVE, where
it's done in solaris and freebsd. it seems working well as far as
i tested.
[7 lines not shown]
arm: fix profile support
gcc on arm has defaulted to arm/bpabi.h over arm/netbsd-elf.h since
external/gpl3/gcc/dist/gcc/config.gcc:1.70
date: 2021-06-15 09:22:23 +0100
which has meant that profiling expects __gnu_mcount_nc
This commit provides __gnu_mcount_nc and ditches non-EABI support (and
arm26 support)
png: update to 1.6.56.
Version 1.6.56 [March 25, 2026]
Fixed CVE-2026-33416 (high severity):
Use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`.
(Reported by Halil Oktay and Ryo Shimada;
fixed by Halil Oktay and Cosmin Truta.)
Fixed CVE-2026-33636 (high severity):
Out-of-bounds read/write in the palette expansion on ARM Neon.
(Reported by Taegu Ha; fixed by Taegu Ha and Cosmin Truta.)
Fixed uninitialized reads beyond `num_trans` in `trans_alpha` buffers.
(Contributed by Halil Oktay.)
Fixed stale `info_ptr->palette` after in-place gamma and background
transforms.
Fixed wrong channel indices in `png_image_read_and_map` RGB_ALPHA path.
(Contributed by Yuelin Wang.)
Fixed wrong background color in colormap read.
(Contributed by Yuelin Wang.)
Fixed dead loop in sPLT write.
[13 lines not shown]
[AArch64] Sink NOT to be fold into BIC/ORN/EON (#176194)
Undoes a negation being hoisted out of a loop, so that if can be fold
into an inverted bitwise operation in the loop.
Implements #108840 on AArch64
