BSD Commit Log Search

security/dropbear: update to 2025.89

Changelog:
- Security: Avoid privilege escalation via unix stream forwarding in Dropbear
  server. Other programs on a system may authenticate unix sockets via
  SO_PEERCRED, which would be root user for Dropbear forwarded connections,
  allowing root privilege escalation.
  Reported by Turistu, and thanks for advice on the fix.
  This is tracked as CVE-2025-14282, and affects 2024.84 to 2025.88.

  It is fixed by dropping privileges of the dropbear process after
  authentication. Unix stream sockets are now disallowed when a
  forced command is used, either with authorized_key restrictions or
  "dropbear -c command".

  In previous affected releases running with "dropbear -j" (will also disable
  TCP fowarding) or building with localoptions.h/distrooptions.h
  "#define DROPBEAR_SVR_LOCALSTREAMFWD 0" is a mitigation.


    [38 lines not shown]

sysutils/fastfetch: update to 2.56.1

Changelog:      https://github.com/fastfetch-cli/fastfetch/releases/tag/2.56.1

sysutils/py-overlord: Update 0.22.0

ChangeLog: https://github.com/DtxdF/overlord/releases/tag/v0.22.0

sysutils/py-director: Update to 0.16.0

ChangeLog: https://github.com/DtxdF/director/releases/tag/v0.16.0

sysutils/appjail-devel: Update to 4.7.0.20251222

ChangeLog:
https://github.com/DtxdF/AppJail/commits/83f350cd4b635d9a582e229ea3d796a95b96fe03/

sysutils/appjail: Update to 4.7.0

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v4.7.0

x11/py-xdot: Update 1.2 => 1.6, take maintainership

Commit log:
https://github.com/jrfonseca/xdot.py/compare/1.2...1.6

- Add GitHub to WWW.
- Add LICENSE_FILE.
- Fix warning from portclippy.

PR:     291847

graphics/vulkan-caps-viewer: Update 4.02 => 4.10

Changelogs:
https://github.com/SaschaWillems/VulkanCapsViewer/releases/tag/4.03
https://github.com/SaschaWillems/VulkanCapsViewer/releases/tag/4.10

Switch from Qt5 to Qt6.

PR:     291840

graphics/vulkan-validation-layers: Update 1.4.327 => 1.4.336

Commit log:
https://github.com/KhronosGroup/Vulkan-ValidationLayers/compare/v1.4.327...v1.4.336

PR:     291846

graphics/vulkan-extension-layer: Update 1.4.326 => 1.4.333

Commit log:
https://github.com/KhronosGroup/Vulkan-ExtensionLayer/compare/v1.4.326...v1.4.333

PR:     291841

graphics/vulkan-utility-libraries: Update 1.4.327 => 1.4.336

Commit log:
https://github.com/KhronosGroup/Vulkan-Utility-Libraries/compare/v1.4.327...v1.4.336

PR:     291843

graphics/vulkan-loader: Update 1.4.327 => 1.4.336

Commit log:
https://github.com/KhronosGroup/Vulkan-Loader/compare/v1.4.327...v1.4.336

PR:     291844

graphics/vulkan-tools: Update 1.4.327 => 1.4.336

Commit log:
https://github.com/KhronosGroup/Vulkan-Tools/compare/v1.4.327...v1.4.336

PR:     291845

graphics/vulkan-headers: Update 1.4.327 => 1.4.336

Commit log:
https://github.com/KhronosGroup/Vulkan-Headers/compare/v1.4.327...v1.4.336

PR:     291842

games/linux-steam-utils: Update 20251026 => 20251220

Commit log:
https://github.com/shkhln/linuxulator-steam-utils/compare/20251026...20251220

PR:     291866
MFH:    2025Q4
(cherry picked from commit 6c04d6a93bb1ed04cdad88edc9024ae1bb7bb483)

games/linux-steam-utils: Update 20251001 => 20251026

Commit log:
https://github.com/shkhln/linuxulator-steam-utils/compare/20251001...20251026

PR:     290525
(cherry picked from commit df149b6399c2ef48c1dbd2c6c19581a665809f2d)

games/linux-steam-utils: Update 20251026 => 20251220

Commit log:
https://github.com/shkhln/linuxulator-steam-utils/compare/20251026...20251220

PR:     291866
MFH:    2025Q4

net-mgmt/nagios-check_hdd_health: Fix maintainer mail

This port was returned to the pool but
the maintainer was misspelled

www/ladybird: Fix maintainer mail

This port was returned to the pool but
the maintainer was misspelled

comms/rtl-433: update 25.02 -> 25.12

Changelog: https://github.com/merbanan/rtl_433/releases/tag/25.12

Breaking changes:
    - Changed all uv fields to uvi, BREAKING change to UV sensors
    - Removed Python 2.7 support

*/*: Bump port revision after electron37 update (d2d025c37389)

devel/electron37: Update to 37.10.3

While here:
- switch to use USE_ELECTRON features of electron.mk for specifying
  node package manager, pre-fetching necessary node modules, and
  extracting the node modules into appropriate directories
- use USES=display for starting/stopping display server on testing
- specify TEST_ENV instead of listing env vars in test target

Changelog: https://github.com/electron/electron/releases/tag/v37.10.3

Reported by:    GitHub (watch releases)

net/samba422: Fix plist for MANPAGES=off BUNDLED_TALLOC=on

PR:             291831
Reported by:    intellisun at gmail.com

net/samba423: Fix plist for MANPAGES=off BUNDLED_TALLOC=on

PR:             291831
Reported by:    intellisun at gmail.com

devel/R-cran-tidyr: Update to 1.3.2

- Switch WWW url to canonical form

ChangeLog: https://cran.r-project.org/web/packages/tidyr/news/news.html

games/rocksndiamonds: Update to 4.4.1.0

ChangeLog: https://www.artsoft.org/2025/12/20/rocksndiamonds-4-4-1-0-released/

devel/R-cran-testit: Update to 0.15

ChangeLog: https://github.com/yihui/testit/releases/tag/v0.15

lang/erlang-runtime28: Update to 28.3

textproc/pecl-yaml: Update to 2.3.0

Changelog:  https://pecl.php.net/package-changelog.php?package=yaml&release=2.3.0

Mk/bsd.default-versions.mk: Update GCC_DEFAULT=14

Tested by:      exp-run (antoine)