BSD Commit Log Search

caroot: Regenerate

Regenerate using certificate data from NSS 3.123.1.

MFC after:      1 week
Reviewed by:    kevans

caroot: Clean up

* Get certdata.txt directly from the NSS Mercurial repository, rather
  than from the Mozilla Firefox repository which imports it from NSS at
  irregular intervals.

* Instead of always fetching the latest certdata.txt, fetch a specific
  version.  For this commit, we set this to the version that was last
  imported in May 2025.

* Add a refrence to the MPL to the generated files.

* Regenerate with latest OpenSSL.  This is purely cosmetic; mostly, the
  certificate names now contain less unnecessary whitespace and some
  elements are quoted.

MFC after:      1 week
Reviewed by:    michaelo, kevans
Differential Revision:  https://reviews.freebsd.org/D56620

databases/percona-toolkit: Update distinfo

The distfile seems to have been rerolled since I last worked on
updating this port. go.sum and go.mod have been updated with new
version requirements for go modules and the release notes received a
couple of fixes. We don't use the go parts, yet, as I cannot seem to
make this work/compile within our ports framework.

graphics/drm-66-kmod: Fix build with llvm 21

audio/pt2-clone: Update to 1.88

textproc/dyff: Update to 1.12.0

Vendor import of expat 2.8.0

if_awg: Add missing awg_poll() prototype

The function awg_poll() was missing a prototype, which causes the build
to fail if DEVICE_POLLING is enabled, which it is in the ARMADAXP config.

MFC after:      2 weeks
Reviewed by:    tuexen, mmel, adrian
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D56651

sysutils/cbsd: update to 15.0.8

Changes:        https://github.com/cbsd/cbsd/releases/tag/v15.0.8

website: trivial typo fix

newline added before AsciiDoc list for correct render
Approved by: doceng (implicit)

packages: Don't build quotacheck if WITHOUT_QUOTAS=yes

PR:     294775
Fixes:  bb75b0d581f7 ("packages: Convert world to a subdir build")
MFC after:      2 weeks
Reported by:    Alastair Hogge <agh at riseup.net>
Sponsored by:   https://www.patreon.com/bsdivy
Differential Revision:  https://reviews.freebsd.org/D56635

misc/qwen-code: Update to 0.15.3

sysutils/bin: Update to 0.25.5

ChangeLog: https://github.com/marcosnils/bin/releases/tag/v0.25.5

security/openssh-portable: Fix blacklistd/HPN glue patch.

Reported by:    leres
Fixes: 899a7de9a078

sysutils/nvtop: New port: GPU & Accelerator process monitoring

NVTOP stands for Neat Videocard TOP, a (h)top like task monitor for GPUs
and accelerators. It can handle multiple GPUs and print information
about them in a htop-familiar way.

Currently supported vendors are AMD (Linux amdgpu driver), Apple
(limited M1 & M2 support), Huawei (Ascend), Intel (Linux i915/Xe
drivers), NVIDIA (Linux proprietary divers), Qualcomm Adreno (Linux MSM
driver), Broadcom VideoCore (Linux v3d driver), Rockchip, MetaX (MXSML
driver), Enflame (Linux EFML driver).

PR:             294825
Sponsored by:   UNIS Labs

print/pdf-tools: Add pkgconf build dependency and fix configure env

The recent import of pkgconf into the FreeBSD base system temporarily
caused a print/pdf-tools build failure and exposed two issues with the
port.  First, pkgconf should be a direct build dependency.  Second,
${CONFIGURE_ENV} should be passed to ./configure so that
PKG_CONFIG_LIBDIR is set correctly regardless of the pkgconf
implementation in the environment.

Sponsored by:   The FreeBSD Foundation

amd64: ia32_fetch_syscall_args() does not need to check params != NULL

Whatever params pointer is, it does not matter.  copyin() handles any
values.  In fact, params cannot be ever NULL.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56630

amd64 ia32_syscall(): only allow for ILP32 processes

64bit processes can issue INT $0x80 instruction, and get the syscall
dispatched through ia32_syscall().  This works because syscall argument
fetch and result return are selected from the process sysent.

But, ia32_syscall() does not verify some conditions and does not perform
some actions which are considered unnecessary because the caller is
supposed to only access lower 4G.  The INT syscall path breaks this
assumption.

We never supported such hack, so disable it.  Send the offending thread
SIGBUS as if #GP was issued by hardware due to IDT vector 0x80 having
not numerically high enough DPL value.

Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56630

mail/mutt: Update 2.3.1 => 2.3.2

Release Notes:
https://marc.info/?l=mutt-users&m=177718131918193&w=2

PR:             294821
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit 9cf55329fbe5185795c2706cc52afe76ce549d2a)

mail/mutt: Update 2.3.1 => 2.3.2

Release Notes:
https://marc.info/?l=mutt-users&m=177718131918193&w=2

PR:             294821
Sponsored by:   UNIS Labs
MFH:            2026Q2

net-mgmt/andwatch: Update 2.2.0 => 2.3.0

Changelog:
https://github.com/dennypage/andwatch/releases/tag/v2.3.0

PR:             294818
Sponsored by:   UNIS Labs

security/openssh-portable: Update to 10.3p1

Release notes: https://www.openssh.org/txt/release-10.3

security/openssh-portable: Fix `make test`

No changes here affect the build or package.

init.8: add RECOVERING section

Reviewed by:    imp, jilles
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536

init.8: document init_path among loader tunables

Reviewed by:    imp, jilles
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536

kern/init_main.c: path is for the binary, not process

Reviewed by:    imp, jilles
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536

bin/sh: make it possible to use as interactive init

If the /sbin/init binary is broken somehow, the way out is to set the
loader environment variable init_path to something else.  The most
natural choice would be either /bin/sh or /rescue/sh.  Unfortunately,
this does not work because the init process starts withoud stdin/out
descriptors.

Make it nicer to users by teaching /bin/sh startup code to open standard
descriptors on /dev/console if the shell is run as init.

Reviewed by:    imp, jilles, zlei
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536

init: build dynamically

This makes it easier to downgrade kernel when it stops providing some
syscall required by libc.  In this case, it is enough to downgrade libc
as well, our crt1 delegates all non-trivial work to
libc::__libc_start1().  With static init, the /sbin/init should be
downgraded as well, which might be not easy.

This does not mean that we support forward compatibility.

Reviewed by:    imp, jilles, zlei
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D56536

conf/std.nodebug: disable DEBUG_LOCKS

(cherry picked from commit 85a04bea5a54d6879c8fbf49eea20aba7ca24692)

membarrier(2): use atomic for lockless read of curproc->p_flag2

(cherry picked from commit 950fd59955e10429c1325c327f0141a7e97fcfe5)