BSD Commit Log Search

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/main' into hardenedbsd/main

security/kanidm: Update to 1.9.2

ChangeLog: https://github.com/kanidm/kanidm/releases/tag/v1.9.2

Approved by:    bofh@ (implicit)

ndp: fix late KASSERT in nd6_queue_timer

Reviewed by:    glebius
Fixes:          7f3b46fe54f1 ("ndp: Add support for Gratuitous...")
Differential Revision: https://reviews.freebsd.org/D55844

security/openssl35: Security update for CVE-2026-2673

Security:       ee1e6a24-1eeb-11f1-81da-8447094a420f

devel/nextpnr-devel: Update to 2026-03-12

www/freenginx-acme: fix a group name used for freenginx

While I'm here, make portlint(1) happy.

PR:             293781
Sponsored by:   tipi.work

sysutils/logstash8: Update 8.19.9 => 8.19.12

Release Notes:
https://www.elastic.co/guide/en/logstash/8.19/logstash-8-19-10.html
https://www.elastic.co/guide/en/logstash/8.19/logstash-8-19-11.html
https://www.elastic.co/guide/en/logstash/8.19/logstash-8-19-12.html

Improve port:
- Replace PORTVERSION with DISTVERSION.
- Add LOCAL/vvd/elastic to MASTER_SITES for those who can't download due
  to the HTTP error "Forbidden 403".
- Sort USES.
- Adjust JAVA_VERSION to supported LTS 25, 21 and 17.
- Parametrize "logstash" with "${PORTNAME}".
- Adjust CONFLICTS.
- Fix warnings from portclippy.
- Add possibility to use custom user/group.
- Replace RM of bundled JDK and *.bat files with
  EXTRACT_AFTER_ARGS=--exclude.

    [5 lines not shown]

devel/nextpnr: Update to 0.10

Changelog: https://github.com/YosysHQ/nextpnr/releases/tag/nextpnr-0.10

While here, also enable the himbaechel architecture as well as adding
support for the GateMate micro-architecture via prjpeppercorn.

textproc/py-regex: Upgrade to 2026.2.28

PR:             293785
Approved by:    fax at nohik.ee (maintainer)
Changelog:      https://github.com/mrabarnett/mrab-regex/blob/2026.2.28/changelog.txt

textproc/elasticsearch7: Fix runtime with non-default USERS/GROUPS

Also:
- Respect ETCDIR substitution in rc.d script.
- Replace RM of bundled JDK, jna.jar and modules/x-pack/x-pack-ml files
  with EXTRACT_AFTER_ARGS=--exclude.
- Replace ${JAVASHAREDIR} with ${LOCALBASE}/share/java -
  JAVASHAREDIR=PREFIX/share/java, but devel/jna installed in LOCALBASE.

Approved by:    blanket (fix runtime)
MFH:            2026Q1

sysutils/logstash7: Fix runtime with non-default USERS/GROUPS

Also:
- Respect LOGSTASH_HOME and ETCDIR substitutions in rc.d script.
- Replace RM of bundled JDK and *.bat files with
  EXTRACT_AFTER_ARGS=--exclude.

Approved by:    blanket (fix runtime)
MFH:            2026Q1

lang/crystal: update to 1.19.1

- https://github.com/crystal-lang/crystal/blob/release/1.19/CHANGELOG.md

Sponsored by:   SkunkWerks, GmbH

net/lavinmq: update to 2.6.9

- drop `--error-on-warnings` until LavinMQ next release fully supports
  Crystal 1.19.1 without 9 deprecation warnings

- https://github.com/cloudamqp/lavinmq/blob/v2.6.9/CHANGELOG.md

Sponsored by:   SkunkWerks, GmbH

devel/shards: update to 0.20.0

- https://github.com/crystal-lang/shards/blob/v0.20.0/CHANGELOG.md

Sponsored by:   SkunkWerks, GmbH

sysutils/podman: Allow setting ownership on auto-created socket

The podman_service daemon auto-creates a socket on startup, along with
parent directory, and is always run as root. It is often useful to have
another proxy like haproxy or nginx provide more sophisticed security,
and these daemons do not need root privileges.

Approved by:    dfr
Reported by:    pat at patmaddox.com
Tested by:      arrowd
Differential Revision:  https://reviews.freebsd.org/D55455

net/amqpcat: update to 1.1.0

- https://github.com/cloudamqp/amqpcat/releases/tag/v1.1.0

Sponsored by:   SkunkWerks, GmbH

filesystems/versitygw: update to 1.3.1

- https://github.com/versity/versitygw/releases/tag/v1.3.1
- https://github.com/versity/versitygw/releases/tag/v1.3.0

devel/R-cran-cyclocomp: Update to 1.1.2

Changelog: https://cran.r-project.org/web/packages/cyclocomp/news/news.html

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'origin/freebsd/main' into hardenedbsd/main

Conflicts:
        math/symengine/Makefile (unresolved)

security/vuxml: Document OpenSSL 3.5/3.6 vulnerability

graphics/py-colour: remove deprecated d2to1

d2to1 has been deprecated and archived for years, and its functionality
has been subsumed into plain setuptools.

While here, switch to USE_PYTHON=pep517

PR: 293782
Approved by: Martin Neubauer (maintainer)

readelf: Use the gABI name for a dynamic tag value.

graphics/R-cran-ggrepel: Update to 0.9.7

Add test dependencies.
Change WWW to canonical form.

Changelog: https://cran.r-project.org/web/packages/ggrepel/news/news.html

graphics/ogre3d: add textproc/pugixml as default dep (+)

If textproc/pugixml is insalled on a baremetal system, several files do not get installed.
Add the small texproc/pugixml as a hard dep.

PR:             293780

sysutils/parkverbot: update the port to version 1.6

GC no longer needed GNU_CONFIGURE_MANPREFIX, sort
PLIST_FILES, and install rc script.

PR:     278603

misc/hxtools: update the port to the latest version 20251011

- Increase bgfg contrast in light2.theme
- extract_dxhog: repair wrong seeking to archive entries
- Delete unmaintained xfs_irecover (alternative: xfs_undelete)
- Delete extract_f3pod (alternative: SLADE)
- Add make_qupak, git-logsortbychgsize, selective-preprocess

Reported by:    portscout

lang/libhx: update the port to version 5.3

Reported by:    portscout