security/vuxml: update lang/python311 entry
Upstream are still reviewing and reworking the following:
- lang/python312: CVE-2024-6923
- lang/python310: gh-143935
Updated version ranges to be provided after those commits land there.
While here, remove nonexistent and EOL lang/python39
nfs: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.
This is the final patch in the series that enables
the extension of NFSv4.2 to support POSIX draft ACLs.
At this time, only UFS mounted with the "acls" option
will work, and only for FreeBSD built with these patches.
Patches for client and server for the Linux kernel are
in the works. (I'll admit my next little project is
cleaning the Linux patches up for submission for upstream.)
To make these changes really useful, the FreeBSD port
of OpenZFS needs to be patched to add POSIX draft ACL
support. (Support for POSIX draft ACLs is already in
the Linux port of OpenZFS.)
[4 lines not shown]
nfs: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.
This is the fifth of several patches that implement the
above draft.
This one mostly adds an extra argument to two functions
in nfscommon.ko. Unfortunately, these functions are
called in many places, so the changes are numerous, but
straightforward.
Since the internal KAPI between the NFS modules is changed
by this commit, all of nfscommon.ko, nfscl.ko and nfsd.ko
must be rebuilt from sources.
There should be no semantics change for the series at
[3 lines not shown]
nfscl: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.
This is the fourth of several patches that implement the
above draft.
There should be no semantics change for the series at
this point.
(cherry picked from commit 0e724de9ed6f2d2914cb79686a4ceee7f6dd31a1)
nfscommon: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.
This is the third of several patches that implement the
above draft.
There should be no semantics change for the series at
this point.
(cherry picked from commit 949cff4dceffdbee70fa7741c1d61cf6c5255aeb)
nfsd: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.
This is the second of several patches that implement the
above draft.
The only semantics change would be if you have exported
a UFS file system mounted with the "acl" option.
In that case, you would see the acl attribute supported.
This is bogus, but will be handled in the next commit.
(cherry picked from commit 8e3fd450cc53d37fcf4e7f460f559d03c22c0d84)
nfscommon: Add some support for POSIX draft ACLs
An internet draft (expected to become an RFC someday)
https://datatracker.ietf.org/doc/draft-ietf-nfsv4-posix-acls
describes an extension to NFSv4.2 to handle POSIX draft ACLs.
This is the first of several patches that implement the
above draft.
This patch should not result in a semantics change.
(cherry picked from commit a35bbd5d9f5f887a6f3de15cfe61fcc73fe22dc8)
lang/python314: SECURITY update to v3.14.3
ChangeLog: https://docs.python.org/release/3.14.3/whatsnew/changelog.html
MFH: 2026Q1 (immediately)
Security fixes:
* gh-144125: BytesGenerator will now refuse to serialize (write) headers
that are unsafely folded or delimited; see verify_generated_headers.
(Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
* gh-143935: Fixed a bug in the folding of comments when flattening an
email message using a modern email policy. Comments consisting of a
very long sequence of non-foldable characters could trigger a forced
line wrap that omitted the required leading space on the continuation
line, causing the remainder of the comment to be interpreted as a new
header field. This enabled header injection with carefully crafted
inputs.
[12 lines not shown]
lang/python314: SECURITY update to v3.14.3
ChangeLog: https://docs.python.org/release/3.14.3/whatsnew/changelog.html
MFH: 2026Q1 (immediately)
Security fixes:
* gh-144125: BytesGenerator will now refuse to serialize (write) headers
that are unsafely folded or delimited; see verify_generated_headers.
(Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650).
* gh-143935: Fixed a bug in the folding of comments when flattening an
email message using a modern email policy. Comments consisting of a
very long sequence of non-foldable characters could trigger a forced
line wrap that omitted the required leading space on the continuation
line, causing the remainder of the comment to be interpreted as a new
header field. This enabled header injection with carefully crafted
inputs.
[11 lines not shown]
ufshci: Remove UIC error during initialization
This patch removes the UIC error caused by QEMU not supporting certain
UIC command. Additionally, it removes the unused unipro_version.
Reviewed by: imp (mentor)
Sponsored by: Samsung Electronics
Differential Revision: https://reviews.freebsd.org/D54513
bpf: don't clear pointer from descriptor to the tap on descriptor close
During packet processing the descriptor is looked up using epoch(9) and it
can be accessed after bpf_detachd(). In scenario of descriptor close the
tap point is alive (it actually produces packets) and thus the pointer can
be legitimately dereferenced. This fixes a race on a bpf(4) device close
that would otherwise result in panic.
Differential Revision: https://reviews.freebsd.org/D55064
net/tcpkali: forbid port
A possible backdoor issue was discovered.
Forbid this port until this can be investigated in detail.
Reported by: danilo
MFH: 2026Q1
(cherry picked from commit 4aa7c5150bbaf755db66981cbb1cc3135597f091)
net/tcpkali: forbid port
A possible backdoor issue was discovered.
Forbid this port until this can be investigated in detail.
Reported by: danilo
MFH: 2026Q1
devel/hs-ghcup: New Port: Main installer Haskell
GHCup is the primary installer and version manager for the Haskell
toolchain. It provides a unified interface to install and switch
between different versions of GHC, Cabal, Stack, and the
Haskell Language Server.
WWW: https://www.haskell.org/ghcup/
PR: 292940
Approved by: eduardo (mentor)
devel/libdispatch: do not define HAVE_DISPATCH_WORKQ_MONITORING on FreeBSD
It causes random crashes in telegram-desktop
Reported by: freebsd_ru community members
net-mgmt/nagios4: Update 4.5.1 => 4.5.11, take maintainership
Changelog:
https://www.nagios.org/projects/nagios-core/4x/
Improve port:
- Replace PORTVERSION with DISTVERSION.
- Parametrize nagios with ${PORTNAME}.
- Replace CFLAGS, CPPFLAGS and LIBS with USES+=localbase.
- Update CONFLICTS.
- Use ${ETCDIR} instead of ${PREFIX}/etc/nagios.
- Fix warnings from portclippy.
- Fix install with non-default NAGIOSUSER/NAGIOSGROUP.
- Split long line in post-patch.
- Improve indents.
- Regenerate patches with changed line numbers.
PR: 292357
Tested by: Fabian Wenk <fabian at wenks.ch>
[4 lines not shown]
net-mgmt/nagios4: Update 4.5.1 => 4.5.11, take maintainership
Changelog:
https://www.nagios.org/projects/nagios-core/4x/
Improve port:
- Replace PORTVERSION with DISTVERSION.
- Parametrize nagios with ${PORTNAME}.
- Replace CFLAGS, CPPFLAGS and LIBS with USES+=localbase.
- Update CONFLICTS.
- Use ${ETCDIR} instead of ${PREFIX}/etc/nagios.
- Fix warnings from portclippy.
- Fix install with non-default NAGIOSUSER/NAGIOSGROUP.
- Split long line in post-patch.
- Improve indents.
- Regenerate patches with changed line numbers.
PR: 292357
Tested by: Fabian Wenk <fabian at wenks.ch>
[2 lines not shown]