HardenedBSD/ports 109ee3beditors/gedit pkg-plist Makefile, editors/gedit-plugins Makefile

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+114-114mail/mailpit/files/patch-package-lock.json
+35-1editors/gedit/pkg-plist
+29-0security/vuxml/vuln/2026.xml
+7-7mail/mailpit/distinfo
+5-6editors/gedit-plugins/Makefile
+5-5editors/gedit/Makefile
+195-13313 files not shown
+230-16319 files

HardenedBSD/ports 53a4a50security/vuxml/vuln 2026.xml

security/vuxml: Document TCP readTimeout bypass in traefik
DeltaFile
+29-0security/vuxml/vuln/2026.xml
+29-01 files

HardenedBSD/ports 0682bdfnet/traefik Makefile

net/traefik: Ensure the build uses go 1.25 or higher
DeltaFile
+1-1net/traefik/Makefile
+1-11 files

HardenedBSD/ports 0928be2editors/enter-tex distinfo Makefile

editors/enter-tex: update to 3.49.0

Update to 3.49.0

  Release 3.49.0, 2026-01-03
  --------------------------

  Under the hood changes:
  * Adapt the code to the latest libgedit-gtksourceview API.

  Release 3.49.alpha2, 2025-11-17
  -------------------------------

  User-visible changes:
  * Find and Replace: add tooltips; adjust a margin.
  * Man-page: small improvements.

  Under the hood changes:
  * Find and Replace: rewrite the UI part in C in Gtex (GtexFindBar) as a first

    [27 lines not shown]
DeltaFile
+3-3editors/enter-tex/distinfo
+2-3editors/enter-tex/Makefile
+2-0editors/enter-tex/pkg-plist
+7-63 files

HardenedBSD/ports 2f8078bx11-toolkits/tepl6 Makefile distinfo

x11-toolkits/tepl6: update to 6.14.0

Update to 6.14.0

  News in 6.14.0, 2026-01-03
  --------------------------
  * Nothing new.

  News in 6.14.alpha2, 2025-11-17
  -------------------------------
  * New class: TeplStatusbar.
  * Translations updates.

  News in 6.14.alpha1, 2025-09-05
  -------------------------------
  * Add TeplCodeCommentView for the comment/uncomment feature.
  * Remove tepl_iter_*() function, moved to libgedit-gtksourceview.
  * TeplFileLoader: use libgedit-gfls.
  * Translations updates.

    [4 lines not shown]
DeltaFile
+3-3x11-toolkits/tepl6/Makefile
+3-3x11-toolkits/tepl6/distinfo
+4-2x11-toolkits/tepl6/pkg-plist
+10-83 files

HardenedBSD/ports 1bc3cc2x11-toolkits/libgedit-gtksourceview Makefile distinfo

x11-toolkits/libgedit-gtksourceview: update to 299.6.0

Update to 299.6.0

  News in 299.6.0, 2026-01-03
  ---------------------------

  Completion framework:
  * The GtkSourceCompletion class no longer implements the GtkBuildable interface.
  * GtkSourceCompletionProposal: various improvements.
  * GtkSourceCompletionItem:
    - Various improvements.
    - Remove all the properties.

  Microsoft Windows:
  * Fix compilation warnings.
  * Fix unit tests failures.

  Various gardening tasks:

    [85 lines not shown]
DeltaFile
+3-3x11-toolkits/libgedit-gtksourceview/Makefile
+3-3x11-toolkits/libgedit-gtksourceview/distinfo
+4-1x11-toolkits/libgedit-gtksourceview/pkg-plist
+10-73 files

HardenedBSD/ports a207d0beditors/gedit pkg-plist Makefile, editors/gedit-plugins Makefile distinfo

editors/gedit*: update to 49.0

Update to 49.0 for compatability with libgedit-gtksourceview 299.6.0.

  News in 49.0, 2026-01-03
  ------------------------

  * Metainfo data: add more infos to fix Flathub warnings.
  * Cleanup: remove BuildStream and Snap from build-aux/ (outdated).
  * Translation updates.

  News in 49.alpha2, 2025-11-17
  -----------------------------

  User-visible changes:
  * Add a max-file-size setting for document loading, fixing the common problem
    with very large files.
  * New symbolic app icon (to have a square one).
  * Statusbar: fix a bug with the language button popover.

    [52 lines not shown]
DeltaFile
+35-1editors/gedit/pkg-plist
+5-6editors/gedit-plugins/Makefile
+5-5editors/gedit/Makefile
+3-3editors/gedit-plugins/distinfo
+3-3editors/gedit/distinfo
+51-185 files

HardenedBSD/ports af12022mail/mailpit distinfo Makefile, mail/mailpit/files patch-package-lock.json

mail/mailpit: Update to 1.29.1
DeltaFile
+114-114mail/mailpit/files/patch-package-lock.json
+7-7mail/mailpit/distinfo
+1-2mail/mailpit/Makefile
+122-1233 files

HardenedBSD/src 2fe040csys/netinet6 in6_mcast.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+11-8sys/netinet6/in6_mcast.c
+11-81 files

HardenedBSD/ports 614f816graphics/blender pkg-plist, graphics/blender/files patch-fmtlib

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+3,256-0graphics/blender/files/patch-fmtlib
+0-1,834x11-fonts/nerd-fonts/pkg-plist
+1,453-0graphics/blender4/pkg-plist
+311-273graphics/blender/pkg-plist
+399-0x11-fonts/nerd-fonts-noto/pkg-plist
+0-276security/openssl-quictls/pkg-plist
+5,419-2,383313 files not shown
+9,640-3,419319 files

HardenedBSD/ports ceba750net-mgmt/zabbix74-server distinfo Makefile

net-mgmt/zabbix74-server: Update to 7.4.7

Release notes:  https://www.zabbix.com/rn/rn7.4.7
DeltaFile
+3-3net-mgmt/zabbix74-server/distinfo
+1-1net-mgmt/zabbix74-server/Makefile
+1-0net-mgmt/zabbix74-server/pkg-plist.frontend
+5-43 files

HardenedBSD/ports 3044bf7net-mgmt/zabbix7-server distinfo Makefile

net-mgmt/zabbix7-server: Update to 7.0.23

Release notes:  https://www.zabbix.com/rn/rn7.0.23
DeltaFile
+3-3net-mgmt/zabbix7-server/distinfo
+1-1net-mgmt/zabbix7-server/Makefile
+4-42 files

HardenedBSD/ports 2af45b8net-mgmt/zabbix6-server distinfo Makefile

net-mgmt/zabbix6-server: Update to 6.0.44

Release notes:  https://www.zabbix.com/rn/rn6.0.44
DeltaFile
+3-3net-mgmt/zabbix6-server/distinfo
+1-1net-mgmt/zabbix6-server/Makefile
+4-42 files

HardenedBSD/ports ea5760csecurity/vuxml/vuln 2026.xml

security/vuxml: Add munge vulnerability

  * CVE-2026-25506

Reported by: Chris Dunlap <chris.m.dunlap at gmail.com>
DeltaFile
+38-0security/vuxml/vuln/2026.xml
+38-01 files

HardenedBSD/ports 98a2024security/vuxml/files newentry.sh nvd_provider.sh

security/vuxml: make newentry: Fix providers init.

An init fail shouldn't exit the script.
Initialize registered providers only.

Use successfully initialized providers only.

Keep euvd for now although it's been down for the last few days.
DeltaFile
+9-6security/vuxml/files/newentry.sh
+1-1security/vuxml/files/nvd_provider.sh
+1-1security/vuxml/files/euvd_provider.sh
+11-83 files

HardenedBSD/ports f164467net/traefik distinfo Makefile

net/traefik: Update to upstream release 3.6.8

Details:
- Bugfix release, see
  https://github.com/traefik/traefik/releases/tag/v3.6.8
- Includes a fix for CVE-2026-25949, a potential DoS

MFH:            2026Q1
Security:       CVE-2026-25949
DeltaFile
+3-3net/traefik/distinfo
+1-2net/traefik/Makefile
+4-52 files

HardenedBSD/ports ca04c95x11-wm/wlmaker Makefile

x11-wm/wlmaker: switch to wlroots020
DeltaFile
+2-1x11-wm/wlmaker/Makefile
+2-11 files

HardenedBSD/ports da9c82fx11-wm/wlmaker distinfo pkg-plist, x11-wm/wlmaker/files patch-session

x11-wm/wlmaker: update to 0.7.1

Changes:        https://github.com/phkaeser/wlmaker/releases/tag/v0.7.1
Reported by:    GitHub (watch releases)
DeltaFile
+27-0x11-wm/wlmaker/files/patch-session
+7-5x11-wm/wlmaker/distinfo
+10-0x11-wm/wlmaker/pkg-plist
+7-2x11-wm/wlmaker/Makefile
+51-74 files

HardenedBSD/ports dcc3dd3x11-toolkits/wlroots020 distinfo Makefile

x11-toolkits/wlroots020: update to 0.20.0.r2

Changes:        https://gitlab.freedesktop.org/wlroots/wlroots/-/releases/0.20.0-rc2
Reported by:    GitLab (notify releases)
DeltaFile
+3-3x11-toolkits/wlroots020/distinfo
+1-1x11-toolkits/wlroots020/Makefile
+4-42 files

HardenedBSD/ports 2e623d8www/chromium distinfo Makefile

www/chromium: update to 144.0.7559.75

Security:       https://vuxml.freebsd.org/freebsd/424d598b-09c4-11f1-85c5-a8a1599412c6.html
DeltaFile
+7-7www/chromium/distinfo
+1-1www/chromium/Makefile
+8-82 files

HardenedBSD/ports ca832c8security/vuxml/vuln 2026.xml

security/vuxml: add www/*chromium < 144.0.7559.75

Obtained from:  https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html
DeltaFile
+33-0security/vuxml/vuln/2026.xml
+33-01 files

HardenedBSD/src 83ab2b3sbin/camcontrol camcontrol.c, sys/cam cam_periph.c

cam/scsi: Restore scsi_start_stop() and add scsi_start_stop_pc()

Revert the argument change that broke libcam in 8c35de49 and move
power_condition support to scsi_start_stop_pc().

Reported by:            imp
Reviewed By:            #cam, imp (mentor)
Sponsored by:           Samsung Electronics
Differential Revision:  https://reviews.freebsd.org/D54822

(cherry picked from commit 8ef8c6abfadfc9eb0465ce57c6b09ca310415bdd)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+34-0sys/cam/scsi/scsi_all.c
+4-0sys/cam/scsi/scsi_all.h
+0-2sys/cam/scsi/scsi_cd.c
+1-1sys/dev/ufshci/ufshci_sim.c
+0-1sbin/camcontrol/camcontrol.c
+0-1sys/cam/cam_periph.c
+39-52 files not shown
+39-78 files

HardenedBSD/src 64f3efccontrib/blocklist/bin blacklistd.c blacklistd.conf.5

blocklist: blacklist: Chase recent upstream changes

MFC after:      3 days

(cherry picked from commit a25b12c6ce63be1fefb31d14daca332682fd31fc)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+14-14contrib/blocklist/bin/blacklistd.c
+3-3contrib/blocklist/bin/blacklistd.conf.5
+17-172 files

HardenedBSD/ports 6e9102bnet-mgmt/check_ssl_cert distinfo Makefile

net-mgmt/check_ssl_cert: update to 2.96.0

Release Notes:
  https://github.com/matteocorti/check_ssl_cert/releases/tag/v2.96.0
DeltaFile
+3-3net-mgmt/check_ssl_cert/distinfo
+1-1net-mgmt/check_ssl_cert/Makefile
+4-42 files

HardenedBSD/src bb34d2bcontrib/blocklist/bin blocklistd.c run.c, contrib/blocklist/port popenve.c

Vendor import of blocklist 2026-02-07 (10a907f)

Upstream hash 10a907f09f5a92068d86dcb4ef4f91d7bc10c501.

Obtained from:https://github.com/zoulasc/blocklist

(cherry picked from commit a39ba5e2935176fe982235556e46ba3f51178187)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+39-36contrib/blocklist/port/popenve.c
+14-14contrib/blocklist/bin/blocklistd.c
+9-8contrib/blocklist/bin/run.c
+3-3contrib/blocklist/bin/blocklistd.conf.5
+2-3contrib/blocklist/bin/support.c
+67-645 files

HardenedBSD/src 79eff4asys/netinet6 in6_mcast.c

netinet6: Return EAFNOSUPPORT for non-IPv6 addresses in mcast sockopts.

This is a non-functional change; it just returns the correct errno value
where IPv6 multicast socket options were passed non-AF_INET6 arguments,
in preparation for handling PR 193246 with a side-call into netinet as
xnu currently does.

Reviewed by:    glebius
Approved by:    glebius
PR:             193246 (with refinements)
Differential revision:  https://reviews.freebsd.org/D55233
DeltaFile
+11-8sys/netinet6/in6_mcast.c
+11-81 files

HardenedBSD/ports 3c5b37dx11-fonts/nerd-fonts Makefile

x11-fonts/nerd-fonts: fix maintainer

I copied the wrong address by accident.

PR:             291929
DeltaFile
+1-1x11-fonts/nerd-fonts/Makefile
+1-11 files

HardenedBSD/ports 87e11aamail/thunderbird-esr distinfo Makefile

mail/thunderbird-esr: update to 140.7.2 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/140.7.2esr/releasenotes/
DeltaFile
+3-3mail/thunderbird-esr/distinfo
+1-2mail/thunderbird-esr/Makefile
+4-52 files

HardenedBSD/ports a984e5email/thunderbird distinfo Makefile

mail/thunderbird: update to 147.0.2 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/147.0.2/releasenotes/
DeltaFile
+3-3mail/thunderbird/distinfo
+2-3mail/thunderbird/Makefile
+5-62 files

HardenedBSD/ports 76f3516security/openssl-quictls pkg-plist Makefile, security/openssl-quictls/files patch-CVE-2024-9143 patch-crypto_async_arch_async__posix.h

security/openssl-quictls: Remove expired port

2025-12-31 security/openssl-quictls: Upstream project has been archived, use security/quictls
DeltaFile
+0-276security/openssl-quictls/pkg-plist
+0-198security/openssl-quictls/files/patch-CVE-2024-9143
+0-182security/openssl-quictls/Makefile
+0-32security/openssl-quictls/files/patch-crypto_async_arch_async__posix.h
+0-20security/openssl-quictls/pkg-message
+0-20security/openssl-quictls/files/extra-patch-util_find-doc-nits
+0-7285 files not shown
+1-74111 files