FreeBSD/ports 533c248security/wazuh-manager distinfo Makefile

security/wazuh-manager: Fixes cpython several vulnerabilities

- cpython source package was updated to afc40bdd3dd71f343fd9016f6d8eebbacbd6587c
- Bump PORTREVISION
DeltaFile
+2-2security/wazuh-manager/distinfo
+1-0security/wazuh-manager/Makefile
+3-22 files

FreeBSD/src 120ca8dsys/kern sched_ule.c sched_shim.c, sys/sys smp.h

Re-introduce kern.sched.topology_spec

Move it back from kern.sched.ule.topology_spec.
Make it scheduler-agnostic.
Provide trivial report for UP kernels.

Apparently the MIB is used by some third-party software.  Obviously it
did not worked on UP or 4BSD configs.

PR:     292574
Reviewed by:    olce
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D55062
DeltaFile
+0-92sys/kern/sched_ule.c
+91-0sys/kern/sched_shim.c
+47-34sys/kern/subr_smp.c
+6-3sys/sys/smp.h
+144-1294 files

FreeBSD/src 1cd151elib/libc/gen Makefile.inc, sys/conf kmod.mk

METALOG: Order keyword entries

To facilitate comparison with mtree -C generated output, keep the
keywords ordered.

No functional change intended.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54872

(cherry picked from commit fe962e33d86f888b496b17251c8bedebf92be8ee)
DeltaFile
+3-3lib/libc/gen/Makefile.inc
+1-1usr.sbin/services_mkdb/Makefile
+1-1sys/conf/kmod.mk
+1-1sys/modules/Makefile
+6-64 files

FreeBSD/src 4fe6070lib/libc/gen Makefile.inc, share/man Makefile

METALOG: Order keyword entries

To facilitate comparison with mtree -C generated output, keep the
keywords ordered.

No functional change intended.

Reviewed by:    imp
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54872

(cherry picked from commit fe962e33d86f888b496b17251c8bedebf92be8ee)
DeltaFile
+3-3lib/libc/gen/Makefile.inc
+2-2share/man/Makefile
+1-1sys/conf/kmod.mk
+1-1sys/modules/Makefile
+1-1usr.sbin/services_mkdb/Makefile
+8-85 files

FreeBSD/src b29f674tests/sys/netpfil/pf pflog.sh

pflog: tests: Fix rdr_action_head()

Fix a typo in the rdr_action_head() test.

Fixes:          685fb4253819 ("pf: Log the intended action when a NAT rule matches a packet")
MFC after:      1 week

(cherry picked from commit 964d91ee1d7a1405383aeb4fce72c4e3bc80af35)
DeltaFile
+1-1tests/sys/netpfil/pf/pflog.sh
+1-11 files

FreeBSD/ports 08813casysutils/qdirstat Makefile distinfo

sysutils/qdirstat: Update to 2.0
DeltaFile
+9-8sysutils/qdirstat/Makefile
+3-3sysutils/qdirstat/distinfo
+1-0sysutils/qdirstat/pkg-plist
+13-113 files

FreeBSD/src 052a791sys/dev/acpica acpi.c

acpi: add Darwin OSI quirk for Apple Mac hardware

Mac firmware hides the Intel integrated GPU (iGPU) on dual GPU x86
systems, i.e., with AMD/NVIDIA dGPUs, when the Darwin OSI is not
installed via ACPI.

Prior to this change, FreeBSD always used the dGPU. This is fine in
practice, but consumed more power than when the iGPU is used,
resulting in reduced battery life.

Linux handles this in `drivers/acpi/osi.c` by detecting Apple
hardware via DMI, disabling all Windows OSI strings, and
by explicitly installing the Darwin OSI ACPI handler. This change
applies equivalent logic to the acpi(4) driver on FreeBSD.

This feature can be enabled/disabled using the
`hw.acpi.apple_darwin_osi` tunable. Setting this tunable to `0`
restores the previous behavior by explicitly disabling the added
support.

    [3 lines not shown]
DeltaFile
+72-0sys/dev/acpica/acpi.c
+72-01 files

FreeBSD/ports be88687security/nmap Makefile pkg-plist, security/nmap/files patch-configure patch-libdnet-stripped_configure

security/nmap: Update to 7.98
DeltaFile
+46-10security/nmap/files/patch-configure
+17-17security/nmap/files/patch-libdnet-stripped_configure
+7-7security/nmap/files/patch-libdnet-stripped_src_eth-bsd.c
+0-14security/nmap/files/patch-libssh2_src_openssl.h
+10-3security/nmap/Makefile
+8-1security/nmap/pkg-plist
+88-523 files not shown
+99-649 files

FreeBSD/ports 51ce0absecurity/nmap-devel Makefile, security/nmap-devel/files patch-configure patch-libdnet-stripped_configure

security/nmap-devel: Sync patches and build configs with security/nmap
DeltaFile
+56-0security/nmap-devel/files/patch-configure
+17-3security/nmap-devel/files/patch-libdnet-stripped_configure
+11-0security/nmap-devel/files/patch-libdnet-stripped_src_eth-bsd.c
+6-2security/nmap-devel/Makefile
+4-3security/nmap-devel/files/patch-libpcap_Makefile.in
+3-3security/nmap-devel/files/patch-libdnet-stripped_src_intf.c
+97-116 files

FreeBSD/src 4a71fc3sys/dev/acpica acpivar.h acpi.c

acpi: Post/pre device suspend/resume eventhandlers

These eventhandlers are called after suspending the device tree and
before resuming it. This is useful for PMC (power management controller)
drivers.

Reviewed by:    olce
Approved by:    olce
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D48735
DeltaFile
+3-1sys/dev/acpica/acpivar.h
+2-0sys/dev/acpica/acpi.c
+5-12 files

FreeBSD/src fedc974sys/dev/acpica acpi_spmc.c

acpi_spmc: Register SPMC suspend/resume routines

SPMC suspend runs after the device tree is suspended using the
acpi_post_dev_suspend eventhandler, and SPMC resume runs before the
device tree is resumed using the acpi_pre_dev_suspend eventhandler.

Reviewed by:    olce
Approved by:    olce
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D48735
DeltaFile
+31-14sys/dev/acpica/acpi_spmc.c
+31-141 files

FreeBSD/ports 2de5165databases/gom distinfo Makefile

databases/gom: update to 0.5.5

0.5.5
-----
- Fix some gi-doc annotations
- Build system fixes
- Improve unit tests

PR:             290754
MFH:            2026Q1
(cherry picked from commit 68550161e50c54e589816746ea6a610dc33bc66b)
DeltaFile
+3-3databases/gom/distinfo
+1-1databases/gom/Makefile
+4-42 files

FreeBSD/ports d6c4b06archivers/file-roller Makefile distinfo, archivers/file-roller/files patch-src_fr-command-tar.c patch-src_fr-command-7z.c

archivers/file-roller: update to 44.6

Update file-roller to version 44.6.

Trim LIB_DEPENDS. (truckman)

PR:             290387
(cherry picked from commit 0a08fff16207f5e89a1b7dd2158e175eb376ca5a)
DeltaFile
+39-12archivers/file-roller/files/patch-src_fr-command-tar.c
+8-16archivers/file-roller/Makefile
+0-16archivers/file-roller/files/patch-src_fr-command-7z.c
+3-3archivers/file-roller/distinfo
+1-1archivers/file-roller/pkg-plist
+51-485 files

FreeBSD/ports d8a9749x11-toolkits/libpanel distinfo Makefile

x11-toolkits/libpanel: update to 1.10.3

libpanel 1.10.3
===============

 * Improve save-changes dialog to always show discard all option
 * Translation updates

PR:             290755
MFH:            2026Q1
(cherry picked from commit e212d47eac23f8b4971d1323dcd1e5a100f98378)
DeltaFile
+3-3x11-toolkits/libpanel/distinfo
+1-1x11-toolkits/libpanel/Makefile
+1-0x11-toolkits/libpanel/pkg-plist
+5-43 files

FreeBSD/ports fe2c97acomms/py-streamdeck distinfo Makefile

comms/py-streamdeck: Update to version 0.9.8

ChangeLog:
https://github.com/abcminiuser/python-elgato-streamdeck/blob/0.9.8/CHANGELOG

Approved by:    eduardo (mentor, implicit)
MFH:            2026Q1

(cherry picked from commit 12d307f3fb3fbd93c2747b14df5e62543ed33e4e)
DeltaFile
+3-3comms/py-streamdeck/distinfo
+1-1comms/py-streamdeck/Makefile
+4-42 files

FreeBSD/src a2a9a77crypto/heimdal/kdc mit_dump.c

heimdal: Pass the correct pointer to realloc when growing a string buffer

The realloc in my_fgetln was trying to grow the pointer to the string
buffer, not the string buffer itself.

In function 'my_fgetln',
    inlined from 'mit_prop_dump' at crypto/heimdal/kdc/mit_dump.c:156:19:
crypto/heimdal/kdc/mit_dump.c:119:13: error: 'realloc' called on unallocated object 'line' [-Werror=free-nonheap-object]
  119 |         n = realloc(buf, *sz + (*sz >> 1));
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
crypto/heimdal/kdc/mit_dump.c: In function 'mit_prop_dump':
crypto/heimdal/kdc/mit_dump.c:139:11: note: declared here
  139 |     char *line = NULL;
      |           ^~~~

Reviewed by:    rmacklem, cy
Fixes:          a93e1b731ae4 ("heimdal-kadmin: Add support for the -f dump option")
Differential Revision:  https://reviews.freebsd.org/D54933

(cherry picked from commit 03d8ac948b1ad9c419b294c3129b7da58d818363)
DeltaFile
+1-1crypto/heimdal/kdc/mit_dump.c
+1-11 files

FreeBSD/src fc0c921sys/dev/iicbus iicbb.c

iicbb: Fix gcc12 complaint

So gcc12 doesn't understand that t->udelay is >= 1, so thinks that noack
might be unset sometimes. While we specifically constrain this on direct
assignment, there's a sysctl that might not. This is likely also a bug.
Instead of uglifying everything by using MAX(1, sc->udelay), I rewrote
the for loop as a do-while loop (which arguably dictates intent better
because this code clearly assumes it will be executed once).

Sponsored by:           Netflix

(cherry picked from commit 4b301f7e7ab43bb61561786c2ab33f3a3c4a725d)
DeltaFile
+4-3sys/dev/iicbus/iicbb.c
+4-31 files

FreeBSD/src 4bfb7cfusr.bin/runat runat.c

runat: Add -h to manipulate a symlink's named attribute dir

Lionel Cons <lionelcons1972 at gmail.com> requested
that a new option be added to runat(1) so that it could
be used to manipulate named attributes associated with
a symbolic link and not the file the symbolic link refers to).

This patch adds the option -h/--nofollow to do this.

Requested by:   Lionel Cons <lionelcons1972 at gmail.com>
Reviewed by:    kib
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55023
DeltaFile
+28-7usr.bin/runat/runat.c
+28-71 files

FreeBSD/ports 12d307fcomms/py-streamdeck distinfo Makefile

comms/py-streamdeck: Update to version 0.9.8

ChangeLog:
https://github.com/abcminiuser/python-elgato-streamdeck/blob/0.9.8/CHANGELOG

Approved by:    eduardo (mentor, implicit)
MFH:            2026Q1
DeltaFile
+3-3comms/py-streamdeck/distinfo
+1-1comms/py-streamdeck/Makefile
+4-42 files

FreeBSD/ports d4bb455emulators/86Box distinfo Makefile

emulators/86Box: Update to version 5.3

ChangeLog:      https://86box.net/2025/12/21/86box-v5-3.htmlA
Approved by:    eduardo (mentor, implicit)
MFH:            2026Q1

(cherry picked from commit 618c8e365d2a447cd05a465a0394a7548042e1be)
DeltaFile
+3-3emulators/86Box/distinfo
+1-1emulators/86Box/Makefile
+4-42 files

FreeBSD/ports 618c8e3emulators/86Box distinfo Makefile

emulators/86Box: Update to version 5.3

ChangeLog:      https://86box.net/2025/12/21/86box-v5-3.htmlA
Approved by:    eduardo (mentor, implicit)
MFH:            2026Q1
DeltaFile
+3-3emulators/86Box/distinfo
+1-1emulators/86Box/Makefile
+4-42 files

FreeBSD/src b941d1csys/dev/sym sym_hipd.c

sym(4): Map HCB memory as uncacheable also on x86

As part of making the chip-specific mix and match of different accesses
(DMA/bus space) work as desired, the intent is to map the HCB memory as
uncacheable. Prior to VM_MEMATTR_*, the !x86 way of indicating this to
bus_dmamem_alloc(9) was BUS_DMA_COHERENT. Then later on in 2db99100a4,
BUS_DMA_NOCACHE was hooked up to VM_MEMATTR_UNCACHEABLE for x86. As it
turns out, still as of today bus_dmamem_alloc(9) differs in this regard
across architectures. On arm, it still supports BUS_DMA_COHERENT only
for requesting uncacheable DMA and x86 still uses BUS_DMA_NOCACHE only.
On arm64 and riscv, BUS_DMA_COHERENT seems to effectively be an alias
for BUS_DMA_NOCACHE.

Thus, allocate the HCB memory with BUS_DMA_COHERENT | BUS_DMA_NOCACHE,
so we get uncacheable memory on all architectures including x86 and so
loads and stores from/to HCB won't get reordered. However, even on x86
we still need to use at least compiler barriers to achieve the desired
program order.


    [10 lines not shown]
DeltaFile
+19-27sys/dev/sym/sym_hipd.c
+19-271 files

FreeBSD/ports f6e450csecurity/zeek distinfo Makefile

security/zeek: security/zeek: Update to 8.0.6

    https://github.com/zeek/zeek/releases/tag/v8.0.6

This release fixes the following potential DoS vulnerability:

 - Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding
   or Content-Length headers set in MIME entities within HTTP bodies
   and change the analyzer behavior.

This release fixes the following bugs:

 - A missing state check was added to the finalize_redis hook in
   the Redis analyzer

 - A bug was fixed when attempting to append a vector to itself
   that would cause an infinite loop.

 - A memory leak was fixed that occurred when looping over tables

    [5 lines not shown]
DeltaFile
+3-3security/zeek/distinfo
+1-1security/zeek/Makefile
+4-42 files

FreeBSD/src bfbcd31sys/dev/sym sym_hipd.c

Revert "sym(4): Employ memory barriers also on x86"

The problem will be avoided in a different way.

This reverts commit e769bc77184312b6137a9b180c97b87c0760b849.
DeltaFile
+26-14sys/dev/sym/sym_hipd.c
+26-141 files

FreeBSD/ports 9c6e7f3lang/python314 Makefile

lang/python314: limit compileall to MAKE_JOBS_NUMBER

This seems to help with cross-builds (qemu) for RISC-V machines.

Obtained from:          Siva Mahadevan
Differential Revision:  https://reviews.freebsd.org/D55050

(cherry picked from commit c1d4c7da048b60be5d2d2c5ef47653ac34c3bb35)
DeltaFile
+2-1lang/python314/Makefile
+2-11 files

FreeBSD/ports c1d4c7dlang/python314 Makefile

lang/python314: limit compileall to MAKE_JOBS_NUMBER

This seems to help with cross-builds (qemu) for RISC-V machines.

Obtained from:          Siva Mahadevan
Differential Revision:  https://reviews.freebsd.org/D55050
DeltaFile
+2-1lang/python314/Makefile
+2-11 files

FreeBSD/ports d0d7964devel/py-ty distinfo Makefile.crates

devel/py-ty: Update to 0.0.14

Changelog: https://github.com/astral-sh/ty/blob/0.0.14/CHANGELOG.md

Reported by:    Repology
DeltaFile
+31-31devel/py-ty/distinfo
+15-15devel/py-ty/Makefile.crates
+1-2devel/py-ty/Makefile
+47-483 files

FreeBSD/src 18d47c1contrib/netbsd-tests/lib/libc/rpc t_rpc.c, include/rpc clnt.h

rpc: correct resultproc_t's type

It takes exactly three arguments of known type.

Tweak the types of various resultproc_t functions to match the type (mostly
added const to struct pointers) allowing us to drop casts.

Effort:         CHERI upstreaming
Reviewed by:    vangyzen, glebius
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D54941
DeltaFile
+5-3usr.bin/rpcinfo/rpcinfo.c
+5-3lib/libc/rpc/rpc_soc.c
+3-2contrib/netbsd-tests/lib/libc/rpc/t_rpc.c
+2-1include/rpc/clnt.h
+15-94 files

FreeBSD/src e236502include/rpc pmap_clnt.h, lib/libc/rpc rpc_soc.c

clnt_broadcast(3): fix eachresult argument type

The `eachresult` argument is documented to take a function pointer of
type:

        bool_t (*)(caddr_t, struct sockaddr_in *)

It was declared to take a resultproc_t which has historically been
declared to be:

        bool_t (*resultproc_t)(caddr_t, ...);

This overlapped well enough for currently supported ABIs where variadic
arguments are passed in registers, but this declaration is misaligned
with the documentation (resultproc_t takes three arguments) and will be
fixed in a followup commit.

Fix the type to be non-variadic, matching callbacks, and define a
convenience type of as most callbacks take something other than a char *

    [6 lines not shown]
DeltaFile
+3-2lib/libc/rpc/rpc_soc.c
+3-1include/rpc/pmap_clnt.h
+2-2usr.sbin/bootparamd/callbootd/callbootd.c
+1-1usr.sbin/ypbind/ypbind.c
+1-1usr.bin/rup/rup.c
+1-1usr.bin/rusers/rusers.c
+11-86 files

FreeBSD/src 47413f2lib/libc/rpc rpc_soc.c

clnt_broadcast(3): don't free function pointers

Replace use of thr_getspecific/thr_setspecific to stash the function
pointer we're smuggling between clnt_broadcast and rpc_wrap_bcast with a
simple thread local variable.  Clear it after use so the reference
doesn't linger.

In the relatively unlikely event clnt_broadcast was called from threads
that exited prior to program termination, the previous code called free
on a function pointer, which is undefined and might corrupted allocator
state.

Effort:         CHERI upstreaming
Reviewed by:    glebius, jhb
Sponsored by:   DARPA, AFRL
Differential Revision:  https://reviews.freebsd.org/D54939
DeltaFile
+10-25lib/libc/rpc/rpc_soc.c
+10-251 files