lang/python314: SECURITY update to v3.14.3
ChangeLog: https://docs.python.org/release/3.14.3/whatsnew/changelog.html
MFH: 2026Q1 (immediately)
Security fixes:
* gh-144125: BytesGenerator will now refuse to serialize (write) headers
that are unsafely folded or delimited; see verify_generated_headers.
(Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
* gh-143935: Fixed a bug in the folding of comments when flattening an
email message using a modern email policy. Comments consisting of a
very long sequence of non-foldable characters could trigger a forced
line wrap that omitted the required leading space on the continuation
line, causing the remainder of the comment to be interpreted as a new
header field. This enabled header injection with carefully crafted
inputs.
[11 lines not shown]
ufshci: Remove UIC error during initialization
This patch removes the UIC error caused by QEMU not supporting certain
UIC command. Additionally, it removes the unused unipro_version.
Reviewed by: imp (mentor)
Sponsored by: Samsung Electronics
Differential Revision: https://reviews.freebsd.org/D54513
bpf: don't clear pointer from descriptor to the tap on descriptor close
During packet processing the descriptor is looked up using epoch(9) and it
can be accessed after bpf_detachd(). In scenario of descriptor close the
tap point is alive (it actually produces packets) and thus the pointer can
be legitimately dereferenced. This fixes a race on a bpf(4) device close
that would otherwise result in panic.
Differential Revision: https://reviews.freebsd.org/D55064
net/tcpkali: forbid port
A possible backdoor issue was discovered.
Forbid this port until this can be investigated in detail.
Reported by: danilo
MFH: 2026Q1
devel/hs-ghcup: New Port: Main installer Haskell
GHCup is the primary installer and version manager for the Haskell
toolchain. It provides a unified interface to install and switch
between different versions of GHC, Cabal, Stack, and the
Haskell Language Server.
WWW: https://www.haskell.org/ghcup/
PR: 292940
Approved by: eduardo (mentor)
devel/libdispatch: do not define HAVE_DISPATCH_WORKQ_MONITORING on FreeBSD
It causes random crashes in telegram-desktop
Reported by: freebsd_ru community members
net-mgmt/nagios4: Update 4.5.1 => 4.5.11, take maintainership
Changelog:
https://www.nagios.org/projects/nagios-core/4x/
Improve port:
- Replace PORTVERSION with DISTVERSION.
- Parametrize nagios with ${PORTNAME}.
- Replace CFLAGS, CPPFLAGS and LIBS with USES+=localbase.
- Update CONFLICTS.
- Use ${ETCDIR} instead of ${PREFIX}/etc/nagios.
- Fix warnings from portclippy.
- Fix install with non-default NAGIOSUSER/NAGIOSGROUP.
- Split long line in post-patch.
- Improve indents.
- Regenerate patches with changed line numbers.
PR: 292357
Tested by: Fabian Wenk <fabian at wenks.ch>
[2 lines not shown]
ipfilter: Fix possible overrun
The destination buffer is FR_GROUPLEN (16 bytes) in length. When
gname is created, the userspace utilities correctly use FR_GROUPLEN
as the buffer length. The kernel should also limit its copy operation to
FR_GROUPLEN bytes to avoid any user written code from exploiting this
vulnerability.
Reported by: Ilja Van Sprundel <ivansprundel at ioactive.com>
MFC after: 1 week
net-mgmt/victoria-logs: upgrade to 1.44.0
- Update to the latest version
- Change download to GH because of goproxy issue
- fix logs directory ownership (PR 292405)
PR: 292405
ChangeLog: https://docs.victoriametrics.com/victorialogs/changelog/
stand: Minor style tweaks
re-wrap the function calls in a couple of ifs in get_zfs_root so they
are more readable. They really didn't need to be wrapped like this in
the first place.
Sponsored by: Netflix
ifconfig: fix gre(4) status
Set `ifr->ifr_name` to display gre options
for the interface.
Reviewed by: glebius, zlei
Approved by: glebius (mentor)
MFC after: 1 day
Differential Revision: https://reviews.freebsd.org/D55099