BSD Commit Log Search

zfskeys - only prompt if zfskeys and zfskeys_prompt are enabled

By default don't block booting with a prompt if a zpool needs a keyboard
password to unlock it.  To enable prompting for keyboard password during
boot require:
    zfskeys_enable="YES"
    zfskeys_prompt_enable="YES"

to both be enabled.  This returns to POLA of prior behaviour.

PR:             296130
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57750

handbook/jails: Small fixes to the Linux jail section

- Add missing containers/ path in one instance
- Move the jail.conf creation to the beginning of this section (slightly
  modified from the original patch), because it fits better there
  instead of letting the reader know about it when starting the jail
- Use sh as the shell executed when running jexec to ensure it is a jail
  that is present in Linux
- Rephrase a sentence to avoid a comma and instead use "and" to connect
  the two packages to install (also modified from the original
  submission)

Event:                  Halifax Hackathon 202606
PR:                     295777
Differential Revision:  https://reviews.freebsd.org/D57771

devel/R-cran-listenv: Update to 1.0.0

ChangeLog: https://cran.r-project.org/web/packages/listenv/news/news.html

fts: refactor to use fd-relative operations internally

Replace all _open() calls with _openat() in __fts_open(), fts_read(),
and fts_children().

Add fts_dirfd to FTSENT. Callers can use
openat(ent->fts_dirfd, ent->fts_name, ...) to access files
safely without relying on fts_accpath, which enables:

1. Capsicum capability mode where path-based operations fail
2. Security-sensitive programs that avoid TOCTOU races

Replace statfs(ent->fts_path) with _fstatfs(ent->fts_dirfd) in
fts_ufslinks() when fts_dirfd is valid, falling back to statfs() for
root-level entries where fts_dirfd is -1

This is a preparatory change for fts_openat() which will allow
callers to provide a pre-opened directory fd, enabling fts(3)
traversal inside Capsicum capability mode.

    [5 lines not shown]

sys: use curthread_pflags_set/restore to manage TDP_DEADLKTREAT for uio

For i386, remove now unused label.
Remove unneeded initialization of the 'save' local.

Reviewed bu:    brooks
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D57726

libusb: Add missing default in handling option switch

This makes GCC happy

Fixes:  2879c818e553 ("implement libusb_set_option")
Event:  Halifax Hackathon 202606
Sponsored by:   The FreeBSD Foundation

libusb: Implement libusb_set_log_cb

Reviewed by:    adrian
Event:  Halifax Hackathon 202606
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57770

devel/R-cran-withr: Update to 3.0.3

Reported by:    portscout

www/cinny: Update to 4.12.3

www/R-cran-servr: Update to 0.33

Reported by:    portscout

misc/valentina: update 1.0.2 → 1.0.3

x11-themes/catppuccin-gtk-theme: Update to 1.0.1

Changelog: https://github.com/Fausto-Korpsvart/Catppuccin-GTK-Theme/blob/v1.0.1/CHANGELOG.md

Reported by:    GitHub (watch releases)

adduser.sh: Add info which separator to use in the question itself

During the non-root user setup (adduser.sh), people are often confused
what the separator is when they are asked which groups to join the new
user into. For example, wheel and operator: users often assume that the
two groups are separated by a comma (and maybe even a space after it),
but the script will check for that and refuses such entries.

Help the users by mentioning that the groups need to be space separated
in the question itself. That way, it does not take up extra space and
avoids confusion about what the separator is.

Reviewed by:            jrm
Event:                  Halifax Hackathon 202626
Differential Revision:  https://reviews.freebsd.org/D57768

net-p2p/{lib,r}torrent: Update to 0.16.15

ChangeLog: https://github.com/rakshasa/rtorrent/releases/tag/v0.16.15

security/vuxml: Document podman vulnerability

Reviewed by:    dfr
Sponsored by:  SkunkWerks, GmbH
Differential Revision:  https://reviews.freebsd.org/D57736

sysutils/podman: Update to v5.8.3

Approved by:    dfr
Security:       CVE-2026-44517
Sponsored by:   SkunkWerks, GmbH
Differential Revision:  https://reviews.freebsd.org/D57735

net/amqpcat: Declare libgc-threaded shlib dependency, add USES=ssl

The Crystal-built binary links libgc-threaded.so.1 (Boehm GC, via the
crystal runtime) and libssl.so / libcrypto.so (via amqp-client.cr's
TLS support), but the port declared neither.

Detected by poudriere stage-qa:

  Warning: amqpcat-1.1.0 will be rebuilt as it misses libgc-threaded.so.1
  which no dependency provides. It is likely (silently) failing testport/
  stage-qa.

  Warning: you need USES=ssl

Add LIB_DEPENDS=libgc-threaded.so:devel/boehm-gc-threaded, USES+=ssl,
and bump PORTREVISION.

Obtained from:  olgeni
Sponsored by:   SkunkWerks, GmbH
Differential Revision:  https://reviews.freebsd.org/D56926

dns/py-ns1-python: update to 0.28.0

Adjust distfiles name as URL changed to comply with PEP 625.

Sponsored by:   SkunkWerks, GmbH

textproc/py-zensical: Update to 0.0.46

Changelog:

https://github.com/zensical/zensical/releases/tag/v0.0.46

emulators/qmc2: Deprecate unmaintained consumers of Qt5 WebEngine

PR:     296230

filesystems/zerofs: Update to 1.2.7

PR:             296186

textproc/ast-grep: Update to 0.44.0

Changelog: https://github.com/ast-grep/ast-grep/blob/0.44.0/CHANGELOG.md

Reported by:    GitHub (watch releases)

net/qoauth-qt5: Schedule for removal before 2026Q4

deskutils/kdepim-addons: Remove leftover from migration to Qt 6

devel/lazygit: Update to 0.62.2

Changes:        https://github.com/jesseduffield/lazygit/releases/tag/v0.62.2
Changes:        https://github.com/jesseduffield/lazygit/releases/tag/v0.62.1
Changes:        https://github.com/jesseduffield/lazygit/releases/tag/v0.62.0

net-mgmt/peering-manager: Fix Python version

Upstream claims to support >=3.10,<3.15 which translates to 3.10-3.14.

Reviewed by:    bofh
Differential Revision:  https://reviews.freebsd.org/D57709

x86: Harmonize GENERIC and MINIMAL

* Reorder MINIMAL so everything is in the same order as in GENERIC.

* Wherever comments diverged, except for the explanatory comment at
  the top, copy the GENERIC version to MINIMAL.

* Add KDTRACE_FRAME to i386 GENERIC; it was already in MINIMAL, and
  adding it to GENERIC seemed like the more correct move.

With these changes, MINIMAL is a strict subset of GENERIC, apart from
the identifier and the explanatory comment at the top.

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D57729

misc/py-litellm: Update to 1.89.3

Changelog: https://github.com/BerriAI/litellm/releases/tag/v1.89.3

Reported by:    Repology

security/trivy: update to 0.71.2

Changes:        https://github.com/aquasecurity/trivy/releases

net/py-ldapdomaindump: Update to 0.10.0