BSD Commit Log Search

em(4): fix capability bounds needed to access checksum context.

Ensure the offp capability bounds cover entire struct with checksum fields.

This is needed for CHERI systems to avoid bounds violation trap, as
otherwise offp allowed to dereference 4 bytes of csum_flags field only
so bzero failed.

Tested on ARM Morello.

Reviewed by:    kbowling
Discussed with: jrtc27
Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53903

multimedia/av1an: update to 0.5.0

This release fixes the build with ffmpeg 6 and 8
Chase upstream change to rust-av

PR:     289061

math/py-pandas: Upgrade port to 2.3.3

PR:             290628
Reviewed by:    makc
Approved by:    python (maintainer timeout)
Differential Revision:  https://reviews.freebsd.org/D53393
Release Notes:  https://pandas.pydata.org/pandas-docs/version/2.3/whatsnew/v2.3.3.html

nvme(4): Increase HMB alignment.

The NVME controller in Crucial P310 disk does not accept 16-byte aligned
host memory buffer on Codasip Prime platform, but works fine on PAGE_SIZE
aligned memory.

Instead of adding a quirk, just increase alignment for everyone.

Reviewed by:    jhb
Discussed with: imp
Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53296

databases/powa-archivist: Update to 5.1.0

Release notes:  https://github.com/powa-team/powa-archivist/releases/tag/REL_5_1_0

misc/py-huggingface-hub: Update to 1.1.5

Changelog:
- https://github.com/huggingface/huggingface_hub/releases/tag/v1.0.0
- https://github.com/huggingface/huggingface_hub/releases/tag/v1.0.1
- https://github.com/huggingface/huggingface_hub/releases/tag/v1.1.0
- https://github.com/huggingface/huggingface_hub/releases/tag/v1.1.3
- https://github.com/huggingface/huggingface_hub/releases/tag/v1.1.4
- https://github.com/huggingface/huggingface_hub/releases/tag/v1.1.5

Reported by:    Repology

net/unison240: Fix packaging

I removed `OPTIONS_DEFINE` in the last update by mistake

Reported by:    fallout
Fixes:          ba72838fff3e7fa001d247aa5409e889a7c864c3
MFH:            2025Q4

(cherry picked from commit 14befc22a972963c55d1166745c5086744cd1413)

Fixes:          1ba7408e1c2910a6220c399ab906c470ee5edaa3 (2025Q4)

net/unison240: Fix packaging

I removed `OPTIONS_DEFINE` in the last update by mistake

Reported by:    fallout
Fixes:          ba72838fff3e7fa001d247aa5409e889a7c864c3
MFH:            2025Q4

editors/zed: Update to 0.213.7

Changelog:
- https://github.com/zed-industries/zed/releases/tag/v0.213.4
- https://github.com/zed-industries/zed/releases/tag/v0.213.6
- https://github.com/zed-industries/zed/releases/tag/v0.213.7

Reported by:    GitHub (watch releases)

devel/glab: update to 1.78.3

Changes:        https://gitlab.com/gitlab-org/cli/-/releases

databases/iowow: update the port to version 1.4.18

- Squash the chains of consecutive spaces between compilation
  flags to make the build log more readable
- databases/ejdb: pull upstream patch to synchronize with the
  new IOWOW struct naming

Reported by:    portscout

math/lean4: Update patches

security/tor: update 0.4.8.20 → 0.4.8.21

audio/tetraproc: update 0.9.2 → 0.10.0

archivers/zchunk: update 1.5.2 → 1.5.3

dns/subfinder: update 2.9.0 → 2.10.1

net/torsocks: update 2.4.0 → 2.5.0

math/zimpl: update 3.6.2 → 3.7.0

15.0: Put RC4 back on the schedule.

I started 15.0-RC4 builds on November 24th.  This is "one last RC"
to double-check that nothing broke with adding a backup pkgbase
signing key and tweaking the package set on DVDs again.

kern: Fix section name for embedded firmware blobs

In practice this just ends up as an orphan section and so is placed next
to .rodata-like sections, so it's pretty harmless, but not intended.

Fixes:  a095390344fb ("Use a template assembly file for firmware object files.")

devel/tinysparql: update to 3.10.1

Changelog: https://gitlab.gnome.org/GNOME/tinysparql/-/blob/3.10.1/NEWS

- make options for avahi, bash completions, docs, man pages, tests and vapi
- create libtracker-sparql-3.0.so unversioned symlink for consumer LIB_DEPENDS

openssh: Don't attempt to connect to unsupported addresses

When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.

MFC after:      1 week
PR:             195231
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53588

(cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f)

openssh: Don't attempt to connect to unsupported addresses

When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.

MFC after:      1 week
PR:             195231
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53588

(cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f)

sh: Don't assume EINTR means SIGALRM

While waiting for input in the read builtin, if select() is interrupted
but there is no pending signal, we act like we timed out, and return the
same status as if we had been interrupted by SIGALRM, instead of looping
until we actually do time out.

* Replace the single select() call with a ppoll() loop.

* Improve validation of the timeout value.  We now accept things like
  "1h30m15s", which we used to silently truncate to "1h".  The flip side
  is that we no longer accept things like "1hour" or "5sec".

* Modify the existing `read -t 0` test case to verify that read returns
  immediately when there is input and fails immediately when there isn't.

* Add a second test case which performs the same tests with a non-zero
  timeout value.


    [7 lines not shown]

sh tests: Fix racy test11.0

This was sometimes exiting while the child fifo was created resulting in
[ENOTEMPTY] from rm.  The child fifo isn't needed, just sleep.

PR:     290837
Fixes:  e31fb97148f ("read builtin: Empty variables on timeout")
MFC after:      3 days

(cherry picked from commit 5d55553e160a93788372785300f5bd07c2451f93)

openssh: Don't attempt to connect to unsupported addresses

When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.

MFC after:      1 week
PR:             195231
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53588

(cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f)

sh: Don't assume EINTR means SIGALRM

While waiting for input in the read builtin, if select() is interrupted
but there is no pending signal, we act like we timed out, and return the
same status as if we had been interrupted by SIGALRM, instead of looping
until we actually do time out.

* Replace the single select() call with a ppoll() loop.

* Improve validation of the timeout value.  We now accept things like
  "1h30m15s", which we used to silently truncate to "1h".  The flip side
  is that we no longer accept things like "1hour" or "5sec".

* Modify the existing `read -t 0` test case to verify that read returns
  immediately when there is input and fails immediately when there isn't.

* Add a second test case which performs the same tests with a non-zero
  timeout value.


    [7 lines not shown]

sh tests: Fix racy test11.0

This was sometimes exiting while the child fifo was created resulting in
[ENOTEMPTY] from rm.  The child fifo isn't needed, just sleep.

PR:     290837
Fixes:  e31fb97148f ("read builtin: Empty variables on timeout")
MFC after:      3 days

(cherry picked from commit 5d55553e160a93788372785300f5bd07c2451f93)

math/octave-forge-quaternion: Update to 2.4.1.

stand: Rename ZFSSRC to SAZFSSRC to avoid confusion

ZFSSRC is abiguous on its surface and too clos to ZFSTOP, so rename it
to SAZFSSRC.

Sponsored by:           Netflix
Reviewed by:            tsoome
Differential Revision:  https://reviews.freebsd.org/D53901