HardenedBSD/ports 9426c70devel/kdesdk-thumbnailers pkg-plist, devel/kio-extras pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+343-211sysutils/gstat-rs/distinfo
+170-104sysutils/gstat-rs/Makefile.crates
+4-90devel/kio-extras/pkg-plist
+74-0security/vuxml/vuln/2025.xml
+0-51devel/kdesdk-thumbnailers/pkg-plist
+47-0security/autofirma/Makefile
+638-456320 files not shown
+1,659-1,390326 files

HardenedBSD/ports 824fde6net-mgmt/net-snmp Makefile

net-mgmt/net-snmp: Respect LDFLAGS.

No functional change intended.

Sponsored by:   Dell
Reviewed by:    zi, vangyzen
Differential Revision: https://reviews.freebsd.org/D54183
DeltaFile
+3-2net-mgmt/net-snmp/Makefile
+3-21 files

HardenedBSD/ports 548c97asecurity/autofirma Makefile pkg-plist, security/autofirma/files afirma.desktop.in pkg-message.in

java/autofirma: [new port]. Digital signature application

Autofirma is a java application used to sign digital documents.
It is the official application of the Spanish Government and as such it is
required to perform many online tasks with the Administration.

Reviewed by:            michaelo@
Differential Revision:  https://reviews.freebsd.org/D53807
DeltaFile
+47-0security/autofirma/Makefile
+16-0security/autofirma/files/afirma.desktop.in
+9-0security/autofirma/files/pkg-message.in
+5-0security/autofirma/files/autofirma.in
+5-0security/autofirma/pkg-plist
+4-0security/autofirma/pkg-descr
+86-03 files not shown
+94-09 files

HardenedBSD/ports 0716e1cwww/gallery-dl distinfo Makefile

www/gallery-dl: update to 1.31.0

Changes:        https://github.com/mikf/gallery-dl/releases/tag/v1.31.0
Reported by:    GitHub (watch releases)
DeltaFile
+3-3www/gallery-dl/distinfo
+1-2www/gallery-dl/Makefile
+4-52 files

HardenedBSD/ports c9fcf86www/varnish-libvmod-digest distinfo Makefile

www/varnish-libvmod-digest: Update to 1.0.3

- Fix Base64 decoding vulnerability

Approved by:    implicit/security
Security:       64bec4c7-d785-11f0-a1c0-0050569f0b83
DeltaFile
+3-3www/varnish-libvmod-digest/distinfo
+2-3www/varnish-libvmod-digest/Makefile
+5-62 files

HardenedBSD/ports 229c32esecurity/vuxml/vuln 2025.xml

security/vuxml: Document vulnerability in www/varnish-libvmod-digest
DeltaFile
+32-0security/vuxml/vuln/2025.xml
+32-01 files

HardenedBSD/ports 294e82esysutils/gstat-rs distinfo Makefile.crates

sysutils/gstat-rs: 0.1.7

The main change is to fix a math error in the kb/r and kb/w columns

https://github.com/asomers/gstat-rs/blob/master/gstat/CHANGELOG.md#017---2025-12-11

Sponsored by:   ConnectWise
DeltaFile
+343-211sysutils/gstat-rs/distinfo
+170-104sysutils/gstat-rs/Makefile.crates
+1-2sysutils/gstat-rs/Makefile
+514-3173 files

HardenedBSD/ports 2823eb8devel/jenkins-lts distinfo Makefile

devel/jenkins-lts: Update to 2.528.3

Fixes CVE-2025-67635, CVE-2025-67636, CVE-2025-67637, CVE-2025-67638,
CVE-2025-67639

PR:             291580
Security:       2956aba3-1fcb-4c39-9cea-d88a46a3bf93
MFH:            2025Q4
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins-lts/distinfo
+1-1devel/jenkins-lts/Makefile
+4-42 files

HardenedBSD/ports 09b4c73devel/jenkins distinfo Makefile

devel/jenkins: Update to 2.541

Fixes CVE-2025-67635, CVE-2025-67636, CVE-2025-67637, CVE-2025-67638,
CVE-2025-67639

PR:             291580
Security:       2956aba3-1fcb-4c39-9cea-d88a46a3bf93
MFH:            2025Q4
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins/distinfo
+1-1devel/jenkins/Makefile
+4-42 files

HardenedBSD/ports 381fdeasecurity/vuxml/vuln 2025.xml

security/vuxml: Document Jenkins Security Advisory 2025-12-10

PR:             291580
Sponsored by:   The FreeBSD Foundation
DeltaFile
+42-0security/vuxml/vuln/2025.xml
+42-01 files

HardenedBSD/ports 9a32b0daudio/audacity Makefile distinfo

audio/audacity: Update 3.7.6 => 3.7.7

Changelog:
- Hotfix: fixes broken waveform scrolling and selection for some users
  introduced in 3.7.6.
- Added checksum to WavPack export.
https://github.com/audacity/audacity/releases/tag/Audacity-3.7.7

PR:     291601
DeltaFile
+4-3audio/audacity/Makefile
+3-3audio/audacity/distinfo
+7-62 files

HardenedBSD/ports 8bef5e8textproc/R-cran-yaml Makefile distinfo

textproc/R-cran-yaml: Update to 2.3.12

Update test dependencies.

Changelog: https://cran.r-project.org/web/packages/yaml/news/news.html
DeltaFile
+4-2textproc/R-cran-yaml/Makefile
+3-3textproc/R-cran-yaml/distinfo
+7-52 files

HardenedBSD/ports 7c3f927x11-wm/plasma6-kwin distinfo Makefile

x11-wm/plasma6-kwin: backport upstream patch to fix regression in 6.5.4

KDE BUG:        https://bugs.kde.org/513151
DeltaFile
+3-1x11-wm/plasma6-kwin/distinfo
+3-0x11-wm/plasma6-kwin/Makefile
+6-12 files

HardenedBSD/ports b6f9168deskutils/fet distinfo Makefile

deskutils/fet: Update to 7.6.0

Changelog: https://lalescu.ro/liviu/fet/news.html
DeltaFile
+3-3deskutils/fet/distinfo
+1-1deskutils/fet/Makefile
+4-42 files

HardenedBSD/ports cdbdb1cdeskutils/kdeconnect-kde/files patch-core_backends_lan_lanlinkprovider.cpp, deskutils/kdepim-addons pkg-plist

KDE: Update KDE Gear to 25.12.0

Announcement: https://kde.org/announcements/gear/25.12.0/

Ports changes:

deskutils/itinerary:
 - Require QCoro6

deskutils/kdeconnect-kde:
 - Regenerate patches

devel/kpublictransport:
 - Require QtLocation

editors/kate:
 - Fix shebang

math/rocs:

    [10 lines not shown]
DeltaFile
+4-90devel/kio-extras/pkg-plist
+0-51devel/kdesdk-thumbnailers/pkg-plist
+16-29deskutils/kdeconnect-kde/files/patch-core_backends_lan_lanlinkprovider.cpp
+41-1deskutils/kdepim-addons/pkg-plist
+40-1multimedia/kdenlive/pkg-plist
+23-1editors/kate/pkg-plist
+124-173275 files not shown
+904-976281 files

HardenedBSD/ports 4a8cfd5devel/kf6-kfilemetadata Makefile, graphics/kdegraphics Makefile

graphics/kdegraphics-mobipocket: unflavorize consumers
DeltaFile
+2-2devel/kf6-kfilemetadata/Makefile
+1-1graphics/kdegraphics-thumbnailers/Makefile
+1-1graphics/okular/Makefile
+1-1graphics/kdegraphics/Makefile
+5-54 files

HardenedBSD/ports 350f7c0. MOVED, graphics/kdegraphics-mobipocket Makefile pkg-plist

graphics/kdegraphics-mobipocket: remove Qt5 flavor in preparation for 25.12.0 update.

25.08 was the last release with Qt5 support.
DeltaFile
+2-13graphics/kdegraphics-mobipocket/Makefile
+11-0graphics/kdegraphics-mobipocket/pkg-plist
+0-11graphics/kdegraphics-mobipocket/pkg-plist.qt6
+0-11graphics/kdegraphics-mobipocket/pkg-plist.qt5
+2-0MOVED
+15-355 files

HardenedBSD/ports aa57fbadevel/kf5-kfilemetadata Makefile pkg-plist

devel/kf5-kfilemetadata: remove broken MOBIPOCKET option
DeltaFile
+0-7devel/kf5-kfilemetadata/Makefile
+0-1devel/kf5-kfilemetadata/pkg-plist
+0-82 files

HardenedBSD/ports 838a372net/samba422 Makefile

net/samba422: Set TEST_ENV with = instead of +=

"+=" may suggest that we are appending to the default value of TEST_ENV.
This is not true. Use "=" to be explicit about the intent.
DeltaFile
+1-1net/samba422/Makefile
+1-11 files

HardenedBSD/ports 8e96225net/samba422 Makefile

net/samba422: Remove redundant LDAP_CONFIGURE_* variables
DeltaFile
+0-2net/samba422/Makefile
+0-21 files

HardenedBSD/ports 27af3e4devel/dragon distinfo Makefile

devel/dragon: update 1.5.5 -> 1.5.6

- change all int to unsigned, where signed is never needed
DeltaFile
+3-3devel/dragon/distinfo
+1-1devel/dragon/Makefile
+4-42 files

HardenedBSD/ports 70a2850deskutils/cherrytree distinfo Makefile

deskutils/cherrytree: update the port to version 1.6.2

Reported by:    portscout
DeltaFile
+3-3deskutils/cherrytree/distinfo
+1-2deskutils/cherrytree/Makefile
+4-52 files

HardenedBSD/ports 96221fdsecurity/vuxml/vuln 2025.xml, www/chromium/files patch-chrome_browser_about__flags.cc

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+46-46www/iridium/files/patch-chrome_browser_about__flags.cc
+46-46www/chromium/files/patch-chrome_browser_about__flags.cc
+66-0security/vuxml/vuln/2025.xml
+11-11www/ungoogled-chromium/files/patch-sandbox_policy_openbsd_sandbox__openbsd.cc
+20-0www/py-dj52-django-treebeard/files/patch-pyproject.toml
+20-0www/py-django-treebeard/files/patch-pyproject.toml
+209-10377 files not shown
+479-29683 files

HardenedBSD/ports ae0ba35security/vuxml/vuln 2025.xml

security/vuxml: Add c-ares vulnerability

 * CVE-2025-62408

PR:             291503
Reported by:    polarian at polarian.dev
DeltaFile
+30-0security/vuxml/vuln/2025.xml
+30-01 files

HardenedBSD/ports 92b25f4www/iridium distinfo, www/iridium/files patch-chrome_browser_about__flags.cc patch-chrome_browser_ui_views_frame_browser__view.cc

www/iridium: update to 2025.12.143.1
DeltaFile
+46-46www/iridium/files/patch-chrome_browser_about__flags.cc
+3-3www/iridium/distinfo
+3-3www/iridium/files/patch-chrome_browser_ui_views_frame_browser__view.cc
+3-3www/iridium/files/patch-chrome_common_chrome__features.cc
+3-3www/iridium/files/patch-chrome_common_chrome__features.h
+2-2www/iridium/files/patch-chrome_browser_ui_webui_searchbox_searchbox__handler.cc
+60-601 files not shown
+61-617 files

HardenedBSD/ports 01152f9net/bird3 distinfo Makefile

net/bird3: Update to 3.1.5

Changelog:      https://gitlab.nic.cz/labs/bird/-/blob/release-v3.1.5/NEWS

Sponsored by:   Netflix
DeltaFile
+3-3net/bird3/distinfo
+1-1net/bird3/Makefile
+4-42 files

HardenedBSD/ports c895a8bwww/chromium/files patch-chrome_browser_about__flags.cc patch-chrome_common_chrome__features.cc

www/chromium: fixup patches after a bad merge from the shared bsd repo
DeltaFile
+46-71www/chromium/files/patch-chrome_browser_about__flags.cc
+3-14www/chromium/files/patch-chrome_common_chrome__features.cc
+3-13www/chromium/files/patch-chrome_browser_ui_views_frame_browser__view.cc
+3-13www/chromium/files/patch-chrome_common_chrome__features.h
+2-12www/chromium/files/patch-chrome_browser_ui_webui_searchbox_searchbox__handler.cc
+57-1235 files

HardenedBSD/ports 6a24551java/openjdk18 Makefile, java/openjdk19 Makefile

java/openjdk*: Deprecate unmaintained versions

Mark OpenJDK versions no longer maintained by upstream as deprecated,
and for future removal. Keeping LTS versions, as well as the actively
maintained latest versions in the tree.

Reviewed by:    bofh (mentor), jrm
Approved by:    bofh (mentor)
MFH:            2025Q4
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D54176
DeltaFile
+4-1java/openjdk20/Makefile
+4-1java/openjdk18/Makefile
+4-1java/openjdk19/Makefile
+4-1java/openjdk22/Makefile
+4-1java/openjdk24/Makefile
+4-0java/openjdk23/Makefile
+24-56 files

HardenedBSD/ports c32eedanet/bird2 distinfo Makefile

net/bird2: Update to 2.17.3

Changelog:      "fixed a bug in RAdv prefix deprecation and a crash in BMP"

Sponsored by:   Netflix
DeltaFile
+3-3net/bird2/distinfo
+1-2net/bird2/Makefile
+4-52 files

HardenedBSD/ports 2eb1e4ewww/py-dj52-django-treebeard Makefile distinfo, www/py-dj52-django-treebeard/files patch-pyproject.toml

www/py-dj52-django-treebeard: Update to 4.8.0

* Switch to the PEP517 build framework and adjust the related bits of
  the DOCS option accordingly.

Changelog:

https://github.com/django-treebeard/django-treebeard/blob/4.8.0/CHANGES.md
DeltaFile
+20-0www/py-dj52-django-treebeard/files/patch-pyproject.toml
+11-6www/py-dj52-django-treebeard/Makefile
+3-3www/py-dj52-django-treebeard/distinfo
+34-93 files