www/angie: Update 1.11.2 => 1.11.3 (fix CVE-2026-1642, possible MITM attack)
Security: An attacker in a man-in-the-middle (MITM) position before a
proxied server using TLS, given conditions beyond the attacker's
control, could inject plaintext data into the response before the TLS
handshake begins (CVE-2026-1642); the fix was ported from nginx 1.29.5.
Changelog:
https://en.angie.software/angie/docs/oss_changes/#angie-1-11-3
- Bump PORTREVISION in www/angie-module-*.
- Fix using of ANGIE_PORTREVISION in RUN_DEPENDS for modules.
- Replace INSTALL_MAN with INSTALL_DATA for documentation.
- Unroll "for" loops with 1-2 items - simplify Makefile and call
"INSTALL_*" 1 time instead of several.
PR: 293034
Security: CVE-2026-1642
MFH: 2026Q1
(cherry picked from commit 8622849d0c2ee6d2e534f2bd12d8c6d603799f12)
www/angie*: Bump PORTREVISION after www/angie update
pkg does not honor RUN_DEPENDS versions, hence it fails to re-install
module packages after updates to www/angie. The only workaround is
bumping PORTREVISION for *all* modules.
PR: 292648
(cherry picked from commit 8d40b7a5a4a168f1594633d1a747f089e572b66a)
www/angie-module-jwt: update 3.4.3 => 3.4.4
No actual changes/updates to the code, but we keep the module version
up-to-date anyways.
Changes:
- Add GutHub Sponsors username to FUNDING.yml
- docs: add pre-buildt Ubuntu/Debian package installation instructions
- Update README.md
- Update nginx to 1.28.1-alpine3.23 (docker)
https://github.com/max-lt/nginx-jwt-module/compare/v3.4.3...v3.4.4
PR: 292925
(cherry picked from commit b1e5a37450ef8a349a2ab758e2ff2423e9c90d9c)
www/angie: Update 1.11.2 => 1.11.3 (fix CVE-2026-1642, possible MITM attack)
Security: An attacker in a man-in-the-middle (MITM) position before a
proxied server using TLS, given conditions beyond the attacker's
control, could inject plaintext data into the response before the TLS
handshake begins (CVE-2026-1642); the fix was ported from nginx 1.29.5.
Changelog:
https://en.angie.software/angie/docs/oss_changes/#angie-1-11-3
- Bump PORTREVISION in www/angie-module-*.
- Fix using of ANGIE_PORTREVISION in RUN_DEPENDS for modules.
- Replace INSTALL_MAN with INSTALL_DATA for documentation.
- Unroll "for" loops with 1-2 items - simplify Makefile and call
"INSTALL_*" 1 time instead of several.
PR: 293034
Security: CVE-2026-1642
MFH: 2026Q1
devel/electron40: Add port: Build cross-platform desktop apps with JavaScript, HTML, and CSS
Build cross platform desktop apps with JavaScript, HTML, and CSS.
It's easier than you think.
If you can build a website, you can build a desktop app. Electron is a
framework for creating native applications with web technologies like
JavaScript, HTML, and CSS. It takes care of the hard parts so you can
focus on the core of your application.
WWW: https://electronjs.org/
*/*: Bump PORTREVISION for known Qt private API abusers
Qt 6.10.2 edition.
These ports are known to directly use or link to a library that uses the
Qt private API and must be rebuilt with every Qt update.
Qt *public* API/ABI compatability is excellent, so most consumers don't
need to necessarily be rebuilt between patch or even minor releases, but
use of the private API breaks this compatibility between even patch
releases and its use is highly discouraged.
This list [1] is based on histortical data. We don't have time to
revisit every port on the list with each Qt update, so if your port has
dropped Qt private headers and was bumped in error, please remove it
yourself if you have write access to the Wiki or alert someone on kde@.
[1] https://wiki.freebsd.org/KDE/Qt
Qt6: Update to 6.10.2
January 29, 2026 by Jani Heikkinen
Qt 6.10.2 is now available for download. As a patch release, Qt 6.10.2
doesn’t introduce new features, but it delivers around 300 bug fix,
security improvements, and quality enhancements on top of Qt 6.10.1.
For a full overview of the most notable changes, take a look at the Qt
6.10.2 release notes.
Announcement:
https://www.qt.io/blog/qt-6.10.2-released
Release notes:
https://code.qt.io/cgit/qt/qtreleasenotes.git/about/qt/6.10.2/release-note.md
FreeBSD ports changes:
devel/qt6-base:
- Disable the reduced_relocations feature. Prior to Qt 6.10.0, this was
only enabled if the compiler was GCC, but we are seeing crashes in
[32 lines not shown]