BSD Commit Log Search

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

Merge branch 'freebsd/main' into hardenedbsd/main

math/octave-forge-datatypes: Update to 1.2.2.

security/tailscale: Update to 1.96.4

MFH:            2026Q2

mq_open(2): document sysctl limit EINVAL and ENFILE conditions

Document two missing error conditions for mq_open(2):

- EINVAL: returned when mq_maxmsg exceeds kern.mqueue.maxmsg or
  mq_msgsize exceeds kern.mqueue.maxmsgsize.
- ENFILE: add kern.mqueue.maxmq sysctl name to the existing entry.

PR:             243209
Reviewed by:    mhorne
MFC after:      1 week
Signed-off-by:  Kit Dallege <xaum.io at gmail.com>
Pull Request:   https://github.com/freebsd/freebsd-src/pull/2098

security/wazuh*: Update to 4.14.4

ChangeLog at:   https://documentation.wazuh.com/current/release-notes/release-4-14-4.html

security/zaproxy: Update JAVA_VERSION to 17+

- JAVA 22 will be removed soon so 17+ shows us the current java versions
  supported by zaproxy
- Bump PORTREVISION

PR:             294176
Reported by:    ronald

ena: Verify that an ENA ring is in netmap only in native mode

netmap operates in two modes:
1) Emulated - netmap handling is done by the network stack, the
NIC driver operates transparently to netmap.
2) Native - netmap management is done by the NIC driver.

When checking whether a specific ENA ring is running in netmap
mode, only the following checks were done:
1. IFCAP_NETMAP - Check whether netmap capability is enabled on
the device.
2. NKR_NETMAP_ON - Check whether netmap is actively using this
ring.

The above checks implied that the netmap mode is native and the
ENA driver needs to handle the netmap logic.
The code was missing an explicit check on whether native mode
is actually on (NAF_NATIVE).
This led to a case where though emulated mode was used and

    [19 lines not shown]

ena: Minor changes

1. Move parenthesis to correct place in switch and fix include order
2. Add comment at the end of an ifdef for clarity
3. Change include order.

Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D55696
Sponsored by: Amazon, Inc.

(cherry picked from commit 2667a8454cff5896c7b467c78cd4ace5ad40f5eb)

ena: Update driver version to v2.8.2

Bug Fixes:
* Verify that an ENA ring is in netmap only in native mode

Minor Changes:
* Move parenthesis to correct place in switch
* Add comment
* Reorder define

Reviewed by: cperciva
Differential Revision: https://reviews.freebsd.org/D55698
Sponsored by: Amazon, Inc.

(cherry picked from commit 96c5eaf0ac6b98d0832e1037d672064de43a7e00)

mtree: stop creating /usr/share/doc/ncurses

In base 68ad2b0d7af2a the ncurses html documentation was removed, and
entries added to ObsoleteFiles.inc to get rid of /usr/share/doc/ncurses,
but the directory was still being re-created via BSD.usr.dist. Remove it
from there too.

Fixes:          68ad2b0d7af2a
MFC after:      1 month

(cherry picked from commit 212272a43767c3d7be3ddb87605612f6164774c1)

release: Restore licenses for kyua and ncurses

These were modified to avoid triggering a libucl bug which is now fixed.

MFC after:      1 week
Reviewed by:    ivy, kevans
Differential Revision:  https://reviews.freebsd.org/D52824

finance/gnucash-docs: Update to 5.15

finance/gnucash: Update to 5.15

tunefs: Fix alignment warning on arm64

MFC after:      1 week
Fixes:          c5e79c7e93dd ("tunefs: Don't lower WARNS")
Reviewed by:    bakul
Differential Revision:  https://reviews.freebsd.org/D56229

security/spectre-meltdown-checker: update to v26.21.0401891

Changelog:      https://github.com/speed47/spectre-meltdown-checker/releases/tag/v26.21.0401891

*/*: bump portrevision after java_default=25 update

Included all ports that have USES=java.

PR:     293559

Mk/bsd.default-versions.mk: update JAVA_DEFAULT to 25

The ports tree is adjusted and tested to be ready to set the default
java version to 25.

Openjdk 25 upstream dropped support for i386 so the default for i386
stays at openjdk21.

Thanks to everybody involved in making Java a vivid environment on
FreeBSD.

PR:     293559
Relnotes:       yes

misc/claude-code: Patch claude to increase timeouts to 24 hours

Current timeouts of 1 and 10 minutes easily get exceeded when
the AI endpoint API backend is CPU-based.

Even 10x10 munutes can easily get exceeded.

I raised this issue with the upstream.
Patching it here in the meantime.

misc/claude-code: update 2.1.89 → 2.1.90

devel/websvn: Update to 2.8.6

MFH:            2026Q2
Changelog:      https://github.com/websvnphp/websvn/releases/tag/2.8.6

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

cad/openvsp: Update to 3.48.2

ChangeLog:
https://openvsp.org/blogs/announcements/2026/03/04/openvsp-3-48-2-released

 * Fix regressions to Stack Presets caused by 3.48.1 fixes.

Merge branch 'freebsd/main' into hardenedbsd/main

www/gohugo: Update to 0.159.2

ChangeLog: https://github.com/gohugoio/hugo/releases/tag/v0.159.2

 * Fix potential content XSS by escaping dangerous URLs in Markdown links and
   images.
 * resources/page: Fix shared reader in Source.ValueAsOpenReadSeekCloser.

Approved by:    doceng@ (implicit)
MFH:            2026Q2 security issue

devel/p5-EV: Update 4.34 => 4.37

ChangeLog:
https://metacpan.org/dist/EV/changes

PR:             293942
Reported by:    Sergei Vyshenski <svysh.fbsd at gmail.com> (maintainer)
Approved by:    vvd (mentor)
MFH:            2026Q1

audio/waves: Update to 0.1.44

ChangeLog:      https://github.com/llehouerou/waves/releases/tag/v0.1.44
Reported by:    "github-actions[bot]" <notifications at github.com>