BSD Commit Log Search

mail/postfix: Update to 3.11.1

This update brings some possibly breaking changes:

- Postfix 3.11.0:

  - TLS
    - smtp_tls_security_level now defaults to "may" when Postfix is built with
      TLS support and compatibility_level >= 3.11
    - RFC 8689 REQUIRETLS support added: requires strong authentication
      (DANE/STS) from all servers in the forward path that announce REQUIRETLS
    - TLS logging now includes desired vs. actual security level enforcement
      status and REQUIRETLS policy enforcement details
    - New smtp_tls_enforce_sts_mx_patterns parameter (default: yes) ensures
      MX hostname matching for MTA-STS
    - OpenSSL 3.5+ changes the tls_eecdh_auto_curves default to avoid
      protocol ossification (post-quantum cryptography prep)

  - Other

    [14 lines not shown]

misc/ollama: update 0.15.1 → 0.17.7

PR:             293686

databases/{,py-}duckdb: update 1.4.4 → 1.5.0

databases/postgresql??-*: Update to latest version

The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.3, 17.9, 16.13, 15.17,
and 14.22. This is an out-of-cycle release that fixes several
regressions reported after the last update release.

Release notes:  https://www.postgresql.org/about/news/postgresql-183-179-1613-1517-and-1422-released-3246/
                https://wiki.postgresql.org/wiki/2026-02_Regression_Fixes

(cherry picked from commit a6361f4a39787740ae300170da7a74eeb752b7b0)

databases/postgresql*-*: Update to latest version

The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.2, 17.8, 16.12, 15.16,
and 14.21. This release fixes 5 security vulnerabilities and over 65
bugs reported over the last several months.

Release notes:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
https://www.postgresql.org/docs/release/

Security:
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code
CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Remove postgresql13* since it is now EoL.

    [2 lines not shown]

net-mgmt/zabbix6-server: Update to 6.0.45

Release notes:  https://www.zabbix.com/rn/rn6.0.45

security/vuls: Update to 0.38.6

Release notes:  https://github.com/future-architect/vuls/releases/tag/v0.38.6

sysutils/rubygem-bundler-audit: Add new port

bundler-audit provides patch-level verification for Bundled Ruby
applications by auditing Gemfile.lock against a database of known
vulnerabilities.

Also add rubygem-bundle-audit as a wrapper gem that depends on
rubygem-bundler-audit, for developers who reference "bundle-audit"
instead of "bundler-audit".

devel/rubygem-uniform_notifier: Add version 1.18.0

uniform_notifier provides a unified notification interface supporting
Rails logger, JavaScript alert/console, XMPP, Slack, and more.

net/samba423: update to version 2.23.6

Sponsored by:   Klara, Inc.
Reported by:    portscout

devel/rubygem-bullet: Add rubygem-bullet 8.1.0

Bullet is a development tool that helps increase application performance
by reducing the number of queries it makes. It detects N+1 queries,
unused eager loading, and suggests counter cache usage.

Also add rubygem-bullet-rails72 slave port for Rails 7.2 compatibility.

security/rubygem-doorkeeper-i18n{,-rails72}: Add new port.

Internationalization files for Doorkeeper OAuth2 provider

While I'm there, also add a variant of rubygem-doorkeeper for use
with rails72.

math/octave-forge-biosig: Update to 3.9.4.

devel/patch: update GNU patch to the latest version 2.8

- GC previous Debian patches, backport new upstream fixes:
  add missing filename quoting, enable merge, skip read-only
  check when output file specified, reject empty filenames
- On i386, apply the same fix as Debian for Hurd/i386
- The port now seemingly builds fine with BSD make(1)
- Install some standard documentation files

PR:     285796

graphics/egl-x11: Update to version 1.0.5

Changes:
https://github.com/NVIDIA/egl-x11/releases/tag/v1.0.5

While here, drop a patch that is now included in upstream,
and add warning about minimum supported version of NVIDIA
drivers (560) in pkg-descr.

PR:             293718
Reviewed by:    ashafer (versioning)
Differential Revision:  https://reviews.freebsd.org/D55797

net-p2p/bazarr: Fix build with python version other than 3.11

PR:             293708
Approved by:    Michiel van Baak Jansen <michiel at vanbaak.eu> (maintainer)
MFH:            2026Q1

(cherry picked from commit d000c5fe82e03452f035761e9ea217f61d0645f1)

graphics/egl-wayland2: New port

Introduce graphics/egl-wayland2, Wayland EGL External Platform library
Version 2 that works with NVIDIA drivers 560 and later.

This is a new implementation of the EGL External Platform Library
for Wayland (EGL_KHR_platform_wayland), using the NVIDIA driver's
new platform surface interface (Dma-buf-based), which simplifies
a lot of the library and improves window resizing.

This library can be installed alongside the previous egl-wayland
implementation (graphics/egl-wayland).

The new library has a higher selection priority by default,
so if both are present, then a 560 or later driver will select
the new library, and an older driver will fall back to the old
library.

PR:             293719

    [2 lines not shown]

net-p2p/bazarr: Fix build with python version other than 3.11

PR:             293708
Approved by:    Michiel van Baak Jansen <michiel at vanbaak.eu> (maintainer)
MFH:            2026Q1

security/netbird: Update 0.66.1 => 0.66.3

Changelogs:
https://github.com/netbirdio/netbird/releases/tag/v0.66.2
https://github.com/netbirdio/netbird/releases/tag/v0.66.3

Commit log:
https://github.com/netbirdio/netbird/compare/v0.66.1...v0.66.3

PR:     293710

security/chkrootkit: Update 0.58b => 0.59

Changelog:
 - New checks: Process executed from memory
 - New commands: nologin
 - XZ Backdoor Bottkitty (UEFI Bootkit)
 - Bug fixes
https://www.chkrootkit.org/#new

Remove local patches with support FreeBSD 9.

PR:             293520
Approved by:    Lacey Powers <lacey.leanne at gmail.com> (maintainer)
MFH:            2026Q1

(cherry picked from commit 91316bf1e26c797b602a73872592abaed8b58a9b)

security/chkrootkit: Update 0.58b => 0.59

Changelog:
 - New checks: Process executed from memory
 - New commands: nologin
 - XZ Backdoor Bottkitty (UEFI Bootkit)
 - Bug fixes
https://www.chkrootkit.org/#new

Remove local patches with support FreeBSD 9.

PR:             293520
Approved by:    Lacey Powers <lacey.leanne at gmail.com> (maintainer)
MFH:            2026Q1

biology/salmon: Unbreak: Relax libgff version requirement

Also drop unnecessary libboost dep

Reported by:    pkg-fallout

textproc/elasticsearch7: Correct product name

Rename ElasticSearch to Elasticsearch in the file pkg-message.

PR:             261591
Approved by:    elastic (maintainer, timeout 4+ years)

devel/py-p4python: Update to 2025.2.2863679

PR:             293725
Approved by:    antonfb at hesiod.org (maintainer)

net/dpdk: update to latest LTS release, 25.11.0, adopt (+)

Tested on:      aarch64, amd64
Release notes:  http://doc.dpdk.org/guides/rel_notes/release_25_11.html
Approved by:    Bruce Richardson (former maintainer)

mail/mailpit: Update to 1.29.3

Improved ONLY_FOR_ARCHS_REASON message to better explain the supported
architectures.

audio/subtui: Update to 2.10.0

Changelog: https://github.com/MattiaPun/SubTUI/releases/tag/v2.10.0

graphics/igt-gpu-tools: Fix builds since D49183

textproc/qo: Update to 0.3.1

sysutils/goaccess: Update to 1.10.1