BSD Commit Log Search

HBSD: Disable PaX PAGEEXEC and PaX NOEXEC for science/zotero

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/main' into hardenedbsd/main

devel/py-grpcio-tools: update to 1.78.1.

devel/py-grpcio: update to 1.78.1.

net-mgmt/nfs-exporter: 0.4.6

https://github.com/Axcient/freebsd-nfs-exporter/blob/master/CHANGELOG.md#046---2026-02-20

Sponsored by:   ConnectWise

libnetbsd: import `__CTASSERT(..)` macros

These compile-time assert macros are similar to `Static_assert` on FreeBSD.

These macros are in use in newer versions of `contrib/netbsd-tests`.

Obtained from:  https://github.com/NetBSD/src (c26cc77b3a0b26b95a2)
MFC after:      1 week

net-mgmt/victoria-logs: Improve RC script

* Have the RC system perform user switch
* Initialize default variables
* Have the RC system handle start, status, stop
* Set the process title for ps/top
* Remove reload since victoria-logs does not support it
* Use single-hyphen command line options

PR:             293061
Approved by:    samm (maintainer)

math/R-cran-date: Update to 1.2-43

Changelog: https://cran.r-project.org/web/packages/date/ChangeLog

tcp: improve validation of received TCP over UDP packets

Reviewed by:            glebius, pouria
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D55410

nvmf: Limit the default I/O queue size to 128 entries

Previously the size defaulted to the maximum supported size reported
by the remote host.  The value of 128 matches the default on Linux and
avoids excessive resource usage for I/O queues.

Sponsored by:   Chelsio Communications

ctld: Honor the default maximum I/O queue size for NVMeoF controllers

<dev/nvmf.h> exports a constant to set the default maximum I/O queue
size which is used by ctl(4) if an explicit size is not set.  This
value was chosen to match Linux's default, but it also avoids
excessive resource usage for I/O queues.

ctld was using the absolute maxium size as the default instead.

Sponsored by:   Chelsio Communications

sysutils/fluent-bit: Update to 4.2.3.1

Release notes:  https://github.com/fluent/fluent-bit/releases/tag/v4.2.3.1

security/vuls: Update to 0.38.2

Release notes:  https://github.com/future-architect/vuls/releases/tag/v0.38.2

mail/thunderbird: update to 148.0 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/148.0/releasenotes/

mail/thunderbird-esr: update to 140.8.0 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/140.8.0esr/releasenotes/

graphics/simage: disable MPEG2ENC support by default to make packageable

With MPEG2ENC enabled by default, the license is not free, and this port
cannot be packaged.

Therefore the consumers of simage cannot be packaged: among them

Coin-4.0.6                      graphics/Coin          simage-1.8.4
FreeCAD-1.0.2_7                 cad/freecad            simage-1.8.4
FreeCAD-devel-r20251228075421_1 cad/freecad-devel      simage-1.8.4
py311-pivy-0.6.10               graphics/py-pivy at py311 simage-1.8.4
SoQt-1.6.4,1                    x11-toolkits/soqt      simage-1.8.4
visp-3.6.0_13                   misc/visp              simage-1.8.4

This patch make MPEG2ENC optional, so that these ports should be
packageable again.

Problem identified by:  Mark Millard


    [4 lines not shown]

devel/jenkins-lts: Update to 2.541.2

Security:       428e782a-0e92-11f1-a9b1-0cc47ada5f32
MFC:            2026Q1
Sponsored by:   The FreeBSD Foundation

devel/jenkins: Update to 2.551

Security:       428e782a-0e92-11f1-a9b1-0cc47ada5f32
MFC:            2026Q1
Sponsored by:   The FreeBSD Foundation

security/vuxml: Document Jenkins Security Advisory 2026-02-18

Sponsored by:   The FreeBSD Foundation

sysutils/czkawka: Update to 11.0.0

The krokiet GUI works for me so remove the post-patch target.

Changelog: https://github.com/qarmin/czkawka/releases/tag/11.0.0

www/p5-Catalyst-Plugin-Session: Fix dependencies

Crypt::SysRandom is a runtime dependency, not a test dependency.

MFH:    2026Q1

multimedia/py-subliminal: Update to 2.6.0

ChangeLog: https://github.com/Diaoul/subliminal/releases/tag/2.6.0

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

Merge branch 'freebsd/main' into hardenedbsd/main

net/keycloak: Update 26.5.3 => 26.5.4

Changelog:
https://www.keycloak.org/2026/02/keycloak-2654-released

PR:             293315
Security:       CVE-2026-1190
Security:       CVE-2026-0707
Security:       CVE-2025-5416
Security:       CVE-2026-2575
Security:       CVE-2026-2733
MFH:            2026Q1

security/vuxml: Add Mozilla vulnerability

 * CVE-2026-2447