HardenedBSD/ports da3395cgraphics/hdr_histogram Makefile, graphics/hdr_histogram/files patch-src_hdr__endian.h.patch patch-src_hdr__time.c.patch

by Shawn Webb on ⎇
HBSD: Fix HdrHistogram's issues

This patch allegedly fixes the issues regarding graphics/hdr_histogram.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
Obtained-from:  https://lists.freebsd.org/archives/freebsd-ports/2026-April/009367.html
DeltaFile
+23-0graphics/hdr_histogram/files/patch-src_hdr__endian.h.patch
+11-0graphics/hdr_histogram/files/patch-src_hdr__time.c.patch
+1-0graphics/hdr_histogram/Makefile
+35-03 files

HardenedBSD/ports ad9ace3lang/nickel distinfo Makefile.crates, www/ungoogled-chromium/files patch-chrome_browser_about__flags.cc patch-third__party_blink_renderer_platform_runtime__enabled__features.json5

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+1,221-0lang/nickel/distinfo
+609-0lang/nickel/Makefile.crates
+51-51www/ungoogled-chromium/files/patch-chrome_browser_about__flags.cc
+25-0lang/nickel/Makefile
+10-10www/ungoogled-chromium/files/patch-third__party_blink_renderer_platform_runtime__enabled__features.json5
+9-9www/ungoogled-chromium/files/patch-chrome_browser_ui_startup_startup__browser__creator__impl.cc
+1,925-7027 files not shown
+2,011-12533 files

HardenedBSD/ports 32d0835math/saga/files patch-src_saga__core_saga__cmd_saga__cmd.cpp patch-src_saga__core_saga__gui_dlg__about.cpp

by Rainer Hurling (rhurlin) on ⎇
math/saga: Update to 9.12.2

Fixes a crash in the landsat_scene_import tool in GDALOpen(Ex)(),
when trying to open a non-existing file

Unfortunately, the tarball still contains many files with CRLF line
endings, so dos2unix is used again.

Changelog:      https://sourceforge.net/p/saga-gis/wiki/Changelog%209.12.2/attachment/changelog_saga_9.12.2.txt
DeltaFile
+16-16math/saga/files/patch-src_saga__core_saga__cmd_saga__cmd.cpp
+14-14math/saga/files/patch-src_saga__core_saga__gui_dlg__about.cpp
+10-10math/saga/files/patch-CMakeLists.txt
+9-9math/saga/files/patch-src_saga__core_saga__gui_CMakeLists.txt
+8-8math/saga/files/patch-src_tools_imagery_imagery__svm_svm__grids.h
+8-8math/saga/files/patch-src_tools_imagery_imagery__svm_MLB__Interface.cpp
+65-652 files not shown
+72-718 files

HardenedBSD/ports a6bfc96www/ungoogled-chromium distinfo, www/ungoogled-chromium/files patch-chrome_browser_about__flags.cc patch-third__party_blink_renderer_platform_runtime__enabled__features.json5

by Robert Nagy (rnagy) on ⎇
www/ungoogled-chromium: update to 147.0.7727.101

Security:       https://vuxml.freebsd.org/freebsd/d93c247b-4dba-43ce-b5c0-ac5bd03bea8d.html
DeltaFile
+51-51www/ungoogled-chromium/files/patch-chrome_browser_about__flags.cc
+10-10www/ungoogled-chromium/files/patch-third__party_blink_renderer_platform_runtime__enabled__features.json5
+9-9www/ungoogled-chromium/files/patch-chrome_browser_ui_startup_startup__browser__creator__impl.cc
+7-7www/ungoogled-chromium/distinfo
+3-3www/ungoogled-chromium/files/patch-components_password__manager_core_browser_password__manual__fallback__flow.cc
+3-3www/ungoogled-chromium/files/patch-services_device_hid_BUILD.gn
+83-838 files not shown
+101-10114 files

HardenedBSD/ports 96a7b88lang Makefile, lang/nickel distinfo Makefile.crates

by Derek Anderson via Michael Osipov (michaelo) on ⎇
[NEW PORT] lang/nickel Universal configuration language

Co-authored-by: Michael Osipov <michaelo at FreeBSD.org>
PR:             294549
DeltaFile
+1,221-0lang/nickel/distinfo
+609-0lang/nickel/Makefile.crates
+25-0lang/nickel/Makefile
+16-0lang/nickel/pkg-descr
+1-0lang/Makefile
+1,872-05 files

HardenedBSD/ports 1cd34f6x11-drivers/xorgxrdp Makefile, x11-drivers/xorgxrdp-devel Makefile

by Koichiro Iwao (meta) on ⎇
x11-drivers/xorgxrdp{,-devel}: Bump after xorg update
DeltaFile
+1-1x11-drivers/xorgxrdp-devel/Makefile
+1-1x11-drivers/xorgxrdp/Makefile
+2-22 files

HardenedBSD/ports 2f88ad2sysutils/appjail distinfo Makefile

by Jesús Daniel Colmenares Oviedo (dtxdf) on ⎇
sysutils/appjail: Update to 4.11.1

ChangeLog: https://github.com/DtxdF/AppJail/releases/tag/v4.11.1

MFH:            2026Q2
DeltaFile
+3-3sysutils/appjail/distinfo
+1-1sysutils/appjail/Makefile
+4-42 files

HardenedBSD/ports 94e696dsysutils/appjail-devel distinfo Makefile

by Jesús Daniel Colmenares Oviedo (dtxdf) on ⎇
sysutils/appjail-devel: Update to 4.11.1.20260416

ChangeLog:
https://github.com/DtxdF/AppJail/commits/ddafd23acf2d30266be24d72085f7fbd6d32eb3f/

MFH:            2026Q2
DeltaFile
+3-3sysutils/appjail-devel/distinfo
+2-2sysutils/appjail-devel/Makefile
+5-52 files

HardenedBSD/ports 28d6130math/saga/files patch-src_saga__core_saga__cmd_saga__cmd.cpp patch-src_saga__core_saga__gui_dlg__about.cpp

by Rainer Hurling (rhurlin) on ⎇
math/saga: Fix patch phase

Forgot to commit updated patches, sorry for the breakage.

Reported by:    pkg-fallout
DeltaFile
+17-17math/saga/files/patch-src_saga__core_saga__cmd_saga__cmd.cpp
+15-15math/saga/files/patch-src_saga__core_saga__gui_dlg__about.cpp
+10-10math/saga/files/patch-src_saga__core_saga__gui_CMakeLists.txt
+9-9math/saga/files/patch-src_tools_imagery_imagery__svm_MLB__Interface.cpp
+9-9math/saga/files/patch-src_tools_imagery_imagery__svm_svm__grids.h
+13-0math/saga/files/patch-CMakeLists.txt
+73-606 files

HardenedBSD/ports 36c4f42devel/cargo-readme distinfo Makefile.crates, multimedia/dvdstyler pkg-plist

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+0-1,721multimedia/lebiniou-data/pkg-plist
+0-334multimedia/dvdstyler/pkg-plist
+113-129devel/cargo-readme/distinfo
+0-133multimedia/lebiniou/pkg-plist
+55-63devel/cargo-readme/Makefile.crates
+114-0multimedia/kdenlive/pkg-plist
+282-2,380359 files not shown
+1,702-3,783365 files

HardenedBSD/ports 785da17graphics/p5-Image-ExifTool-devel distinfo pkg-plist

by Sergei Vyshenski via Vladimir Druzenko (vvd) on ⎇
graphics/p5-Image-ExifTool-devel: Update 13.55 => 13.56

Changelog:
https://exiftool.org/history.html#v13.56

PR:             294579
Sponsored by:   UNIS Labs
DeltaFile
+3-3graphics/p5-Image-ExifTool-devel/distinfo
+2-0graphics/p5-Image-ExifTool-devel/pkg-plist
+1-1graphics/p5-Image-ExifTool-devel/Makefile
+6-43 files

HardenedBSD/ports 23741b7ports-mgmt/poudriere-dsh2dsh distinfo Makefile

by Denis Shaposhnikov via Vladimir Druzenko (vvd) on ⎇
ports-mgmt/poudriere-dsh2dsh: Update 3.4.99.20260304 => 3.4.99.20260415

Upstream changes:
- Pkg 2.7.0 support
- write_atomic: Add a C implementation
- Hooks: Remove example.org
- Fix build on older releases

PR:             294575
Sponsored by:   UNIS Labs
DeltaFile
+3-3ports-mgmt/poudriere-dsh2dsh/distinfo
+1-1ports-mgmt/poudriere-dsh2dsh/Makefile
+1-0ports-mgmt/poudriere-dsh2dsh/pkg-plist
+5-43 files

HardenedBSD/ports 97f22e4security/vuxml/vuln 2026.xml

by Matthias Andree (mandree) via Daniel Engberg (diizzy) on ⎇
security/vuxml: Add entry for Python CVE-2026-4786

Incomplete mitigation of CVE-2026-4519,
%action expansion for command injection to webbrowser.open()

Obtained from:  GitHub repo
Security:       CVE-2026-4786
                cf75f572-378a-11f1-a119-e36228bfe7d4
DeltaFile
+35-0security/vuxml/vuln/2026.xml
+35-01 files

HardenedBSD/ports 965c6f7lang/python314 Makefile, lang/python314/files patch-gh-148169-fix-webbrowser-_action_substitution-bypass-of-dash-prefix-check

by Matthias Andree (mandree) via Daniel Engberg (diizzy) on ⎇
lang/python314: Fix incomplete mitigation of webbrowser.open()

Cherry-pick fix to resolve
Incomplete mitigation of CVE-2026-4519,
%action expansion for command injection to webbrowser.open()

Obtained from:  GitHub repo
                https://github.com/python/cpython/pull/148516
Security:       CVE-2026-4786
                cf75f572-378a-11f1-a119-e36228bfe7d4
DeltaFile
+66-0lang/python314/files/patch-gh-148169-fix-webbrowser-_action_substitution-bypass-of-dash-prefix-check
+1-1lang/python314/Makefile
+67-12 files

HardenedBSD/ports 013edbclang/python314 pkg-plist Makefile, lang/python314/files patch-gh-148395-fix-possible-uaf-in-decompressors

by Matthias Andree (mandree) via Daniel Engberg (diizzy) on ⎇
lang/python314: Security update + other fixes

Fix critical use-after-free bug in LZMA/BZ2/ZLib decompressor routines
when reusing decompressor instances after a MemoryError was raised from
one.

While here:

- fix DEBUG build/package (several %%ABI%% were in the wrong place
  in pkg-plist that caused failed installs)
- switch to using system textproc/expat2 library
- issue warnings in pre-test that IPV6, PYMALLOC are required and
  DEBUG also breaks one self-test
- bump PORTREVISION
- drop LTOFULL again and make LTO use =full

References:
https://mail.python.org/archives/list/security-announce@python.org/thread/HTWB2Z6KT5QQX4RYEZAFININDHNOSIF3
https://www.cve.org/CVERecord?id=CVE-2026-6100

    [6 lines not shown]
DeltaFile
+65-0lang/python314/files/patch-gh-148395-fix-possible-uaf-in-decompressors
+21-21lang/python314/pkg-plist
+18-11lang/python314/Makefile
+104-323 files

HardenedBSD/ports 22584e7security/vuxml/vuln 2026.xml

by Matthias Andree (mandree) via Daniel Engberg (diizzy) on ⎇
security/vuxml: Add entry for Python CVE-2026-6100

Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor
and gzip.GzipFile

Obtained from:  GitHub repo
Security:       b8e9f33c-375d-11f1-a119-e36228bfe7d4
                CVE-2026-6100
DeltaFile
+41-0security/vuxml/vuln/2026.xml
+41-01 files

HardenedBSD/ports 75fdac0www/sogo Makefile pkg-plist, www/sogo/files patch-general.make patch-Tests_Unit_GNUmakefile

by Marius Strobl (marius) on ⎇
www/sogo: Update to 5.12.7

5.12.7 is a major release as it fixes 2 major vulnerabilities, 5.12.6
addresses another vulnerability.

While at it:
o pet portlint,
o make the installed configuration file for sysutils/logrotate useable
  out of the box by replacing sogo:sogo with sogod:sogod,
o make the installed sogo-backup.sh useable out of the box by:
  - correcting the path to sogo-tool,
  - changing the function definitions to match sh(1) syntax, saving a
    dependency on shells/bash, and
  - installing it as executable.

Approved by:    acm (maintainer)
Security:       https://www.sogo.nu/news/2026/sogo-v5126-released.html
Security:       https://www.sogo.nu/news/2026/sogo-v5127-released.html
Differential Revision:  https://reviews.freebsd.org/D56426
DeltaFile
+11-7www/sogo/Makefile
+17-0www/sogo/pkg-plist
+4-4www/sogo/files/patch-general.make
+4-3www/sogo/files/patch-Tests_Unit_GNUmakefile
+3-3www/sogo/files/patch-Tools_SOGoToolUpdateSecret.m
+3-3www/sogo/distinfo
+42-201 files not shown
+44-227 files

HardenedBSD/ports f6b9067devel/sope distinfo Makefile, devel/sope/files patch-configure

by Marius Strobl (marius) on ⎇
devel/sope: Update to 5.12.7

This is a minor update, fixing contact searches containing 2 dots.
While at it, pet portlint.

Approved by:    acm (maintainer)
Differential Revision:  https://reviews.freebsd.org/D56425
DeltaFile
+3-3devel/sope/distinfo
+3-3devel/sope/files/patch-configure
+2-2devel/sope/Makefile
+8-83 files

HardenedBSD/ports 460d9f3devel/cargo-readme distinfo Makefile.crates

by Carlo Strub (cs) on ⎇
devel/cargo-readme: Update to 3.3.2
DeltaFile
+113-129devel/cargo-readme/distinfo
+55-63devel/cargo-readme/Makefile.crates
+1-2devel/cargo-readme/Makefile
+169-1943 files

HardenedBSD/ports 6d72fbdaudio/soundtouch Makefile distinfo, audio/soundtouch/files patch-CMakeLists.txt

by Daniel Engberg (diizzy) on ⎇
audio/soundtouch: Update to 4.0.1

* Add USES= pathfix to fix install location of pkgconfig file and
  make build logs consistent
* Change CFLAGS to CXXFLAGS for i386

PR:             294149
Approved by:    maintainer timeout, 2+ weeks
DeltaFile
+5-5audio/soundtouch/files/patch-CMakeLists.txt
+5-4audio/soundtouch/Makefile
+3-3audio/soundtouch/distinfo
+1-1audio/soundtouch/pkg-plist
+14-134 files

HardenedBSD/ports 04460f5emulators/emu64 Makefile pkg-plist, emulators/emu64/files patch-src_widget__file__browse.h patch-src_savepng.c

by Daniel Engberg (diizzy) on ⎇
emulators/emu64: Remove from tree

Broken for months in tree and unmaintained

PR:             289037
DeltaFile
+0-36emulators/emu64/Makefile
+0-27emulators/emu64/pkg-plist
+0-13emulators/emu64/pkg-message
+0-13emulators/emu64/files/patch-src_widget__file__browse.h
+0-11emulators/emu64/files/patch-src_savepng.c
+0-11emulators/emu64/files/patch-src_src.pro
+0-1114 files not shown
+1-11610 files

HardenedBSD/ports 063f3eemultimedia/lebiniou pkg-plist Makefile, multimedia/lebiniou-data pkg-plist Makefile

by Daniel Engberg (diizzy) on ⎇
multimedia/lebiniou*: Remove from tree

Broken for months and last activity upstream in 2024

PR:             289066
DeltaFile
+0-1,721multimedia/lebiniou-data/pkg-plist
+0-133multimedia/lebiniou/pkg-plist
+0-46multimedia/lebiniou/Makefile
+0-20multimedia/lebiniou-data/Makefile
+0-14multimedia/lebiniou/pkg-descr
+0-6multimedia/lebiniou-data/pkg-descr
+0-1,9404 files not shown
+2-1,94810 files

HardenedBSD/ports 7702e88. MOVED, multimedia Makefile

by Daniel Engberg (diizzy) on ⎇
multimedia/dvdstyler: Remove from tree

Broken in tree for months and last upstream activity in 2024

PR:             289482
DeltaFile
+0-334multimedia/dvdstyler/pkg-plist
+0-75multimedia/dvdstyler/Makefile
+0-12multimedia/dvdstyler/pkg-descr
+0-3multimedia/dvdstyler/distinfo
+1-0MOVED
+0-1multimedia/Makefile
+1-4256 files

HardenedBSD/ports c1d6483www/libmicrohttpd distinfo Makefile, www/libmicrohttpd/files patch-src_microhttpd_connection.c patch-src_include_microhttpd.h

by Daniel Engberg (diizzy) on ⎇
www/libmicrohttpd: Update to 1.0.4

Backport upstream commits 4f049186bfe22ba12c07279f2eef99293798a710 and
a083613d8405fa3ad7f6bc5bbbb635d0f50799e0

References:
https://git.gnunet.org/gnunet/libmicrohttpd/commit/4f049186bfe22ba12c07279f2eef99293798a710.html
https://git.gnunet.org/gnunet/libmicrohttpd/commit/a083613d8405fa3ad7f6bc5bbbb635d0f50799e0.html

Changelog: https://github.com/Karlson2k/libmicrohttpd/blob/d30316fda936111ad5d4f8b1fde7747c289468b6/ChangeLog

PR:             294534
Reviewed by:    Hung-Yi Chen <gaod at hychen.org> (maintainer)
DeltaFile
+16-0www/libmicrohttpd/files/patch-src_microhttpd_connection.c
+11-0www/libmicrohttpd/files/patch-src_include_microhttpd.h
+3-3www/libmicrohttpd/distinfo
+3-2www/libmicrohttpd/Makefile
+1-2www/libmicrohttpd/pkg-plist
+34-75 files

HardenedBSD/ports fe66689net-im/vesktop Makefile

by Daniel Engberg (diizzy) on ⎇
net-im/vesktop: Improve port

* Don't extract into WRKDIR
* Extract the files we want by using pipe instead of writing tarball
  to disk and then extracting it

PR:             294489
Reviewed by:    Céleste Ornato <celeste at ornato.com>
DeltaFile
+8-8net-im/vesktop/Makefile
+8-81 files

HardenedBSD/ports 9b1cae6games/suika3 Makefile distinfo

by Awe Morris via Kenneth Raplee (kenrap) on ⎇
games/suika3: Update to 26.04.9

PR:             294504
Approved by:    arrowd (co-mentor)
DeltaFile
+23-14games/suika3/Makefile
+3-3games/suika3/distinfo
+26-172 files

HardenedBSD/ports a926302devel/aws-crt-cpp distinfo Makefile

by Nuno Teixeira (eduardo) on ⎇
devel/aws-crt-cpp: Update to 0.38.5

ChangeLog: https://github.com/awslabs/aws-crt-cpp/releases/tag/v0.38.5
DeltaFile
+3-3devel/aws-crt-cpp/distinfo
+1-1devel/aws-crt-cpp/Makefile
+4-42 files

HardenedBSD/ports 7d8a9cearchivers/unadf distinfo Makefile

by Nuno Teixeira (eduardo) on ⎇
archivers/unadf: Update to 0.10.7

ChangeLog: https://github.com/adflib/ADFlib/releases/tag/v0.10.7
DeltaFile
+3-3archivers/unadf/distinfo
+1-1archivers/unadf/Makefile
+1-1archivers/unadf/pkg-plist
+5-53 files

HardenedBSD/ports 0eda8c7editors/zile Makefile

by Nuno Teixeira (eduardo) on ⎇
editors/zile: Fix build after 852c6720

852c6720: "devel/libgnuregex: Fix building after gnulib update"
DeltaFile
+2-4editors/zile/Makefile
+2-41 files

HardenedBSD/ports a52819caudio/libkcompactdisc pkg-plist Makefile, misc/minuet/files patch-CMakeLists.txt

by Max Brazhnikov (makc) on ⎇
KDE: Update KDE Gear to 26.04.0

Announcement: https://kde.org/announcements/gear/26.04.0/

Ports changes:

audio/libkcompactdisc:
 - Remove port, no longer shipped with KDE Gear

deskutils/kdeconnect-kde:
 - Add dependency on libei

misc/minuet:
 - Add missing dependencies
 - Add patch to restore parity with Linux

net/krdc:
 - Update dependencies


    [2 lines not shown]
DeltaFile
+114-0multimedia/kdenlive/pkg-plist
+0-79audio/libkcompactdisc/pkg-plist
+34-0net/mimetreeparser/pkg-plist
+27-0x11-fm/konqueror/pkg-plist
+0-20audio/libkcompactdisc/Makefile
+16-0misc/minuet/files/patch-CMakeLists.txt
+191-99275 files not shown
+945-871281 files