BSD Commit Log Search

www/caddy: Update to 2.11.3

This contains security fixes. See the link below for details.

Changes: https://github.com/caddyserver/caddy/releases/tag/v2.11.3
(cherry picked from commit 0a696546ee9801da4afe88f9625c753644e37d7a)

www/caddy: Update to 2.11.3

This contains security fixes. See the link below for details.

Changes: https://github.com/caddyserver/caddy/releases/tag/v2.11.3

java/apache-commons-logging: Update 1.3.5 => 1.3.6

Release Notes:
https://github.com/apache/commons-logging/blob/rel/commons-logging-1.3.6/RELEASE-NOTES.txt

PR:             295247
Sponsored by:   UNIS Labs

BSD.root.dist: Correct tag for /etc/sysctl.kld.d

This is only used by rc.subr and belongs in rc, not runtime.

Approved by:    re (cperciva)
Fixes:          fa6d67cd16b5 ("BSD.root.dist: Add package tag for all directories")
MFC after:      3 days
Reviewed by:    ivy
Differential Revision:  https://reviews.freebsd.org/D56900

(cherry picked from commit 44338ccd12685621c4b1c57e692a4f27f5a655d3)
(cherry picked from commit 714f6ac0003482d3270a9d0026e59909cff73c3f)

databases/weaviate: update 1.37.2 → 1.37.3

devel/goswagger: Update 0.33.1 => 0.33.2

Changelog:
https://github.com/go-swagger/go-swagger/releases/tag/v0.33.2

PR:             295248
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit 5154d10ae4c1364804bdcd370562ebd1f679cc3a)

devel/goswagger: Update 0.33.1 => 0.33.2

Changelog:
https://github.com/go-swagger/go-swagger/releases/tag/v0.33.2

PR:             295248
Sponsored by:   UNIS Labs
MFH:            2026Q2

devel/catch2: update 3.14.0 → 3.15.0

audio/xsynth: update 0.3.4 → 0.4.0

devel/py-uv-build: update 0.11.13 → 0.11.14

devel/{,py-}uv: update 0.11.13 → 0.11.14

dns/dnsmasq-devel: Update 2.93test10 => 2.93rc1 (6 CVEs)

This contains the six security fixed (or variants thereof) recently
appeared in 2.92rel2.

Including privilege escalation, cache poisoning/rediction, information
leak, and denial of service.

See https://www.kb.cert.org/vuls/id/471747
See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html

Upstream Git changelog since v2.93test10:

* 14094e8 2026-05-09 | Fix buffer OOB read in find_soa() (tag: v2.93rc1)
                       [do litli]
* c705607 2026-04-06 | Fix problen in from_wire() when names contain
                       escape chars. [Simon Kelley]
* 9d2c93b 2026-03-30 | Sync 3ea905b98b8756f0652a9626a98384e96bab3a97 with
                       7cd050075ea73cd7707fce5b70f0fec25f722f67

    [35 lines not shown]

dns/dnsmasq-devel: update to v2.93test10

Upstream Git changes since v2.93test9:
* fc22868 2026-04-21 | Preserve existing log file permissions when adding group-write bit. (tag: v2.93test10) [Florian Margaine]
* d158aec 2026-04-21 | Increase default limit on TCP handler processes from 20 to 30. [Simon Kelley]
* 36d081e 2026-04-21 | Fix buffer overlow in log_query() [Simon Kelley]
* 9eb0757 2026-04-21 | Fix crash with mal-formed config option. [Toliak Purple]
* 2d0e0c7 2026-04-10 | Tweak DHCPv6 replay decapsulation. [Simon Kelley]
* cfc2244 2026-04-08 | Bump copyrights to 2026. [Simon Kelley]

Upstream Git changes since v2.93test8:
* 9ad7492 2026-04-06 | Fix 1-byte buffer overflow in relay_reply4() (tag: v2.93test9) [Simon Kelley]
* a6069da 2026-04-05 | Check DNS query via TCP doesn't have QR bit set. [Simon Kelley]
* 14f5317 2026-04-05 | Sanity checking on DNS replies via TCP. [Simon Kelley]
* 8fd06d2 2026-03-30 | OOB buffer check with DNS bitstring labels. [Simon Kelley]
* d152e81 2026-03-30 | Tighten check on TFTP pathnames to avoid directory escape. [Simon Kelley]
* e0bec33 2026-03-30 | Move logging on TCP timeout from child process to main process. [Simon Kelley]
* dd70793 2026-03-20 | dump: check lseek() return in pcap record-counting loop [Dominik]
* c5f4641 2026-03-19 | domain: fix strncat buffer-size argument in is_rev_synth() [Dominik]

    [24 lines not shown]

dns/dnsmasq-devel: Update 2.93test10 => 2.93rc1 (6 CVEs)

This contains the six security fixed (or variants thereof) recently
appeared in 2.92rel2.

Including privilege escalation, cache poisoning/rediction, information
leak, and denial of service.

See https://www.kb.cert.org/vuls/id/471747
See https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html

Upstream Git changelog since v2.93test10:

* 14094e8 2026-05-09 | Fix buffer OOB read in find_soa() (tag: v2.93rc1)
                       [do litli]
* c705607 2026-04-06 | Fix problen in from_wire() when names contain
                       escape chars. [Simon Kelley]
* 9d2c93b 2026-03-30 | Sync 3ea905b98b8756f0652a9626a98384e96bab3a97 with
                       7cd050075ea73cd7707fce5b70f0fec25f722f67

    [33 lines not shown]

x11/rio: update 0.4.3 → 0.4.4

databases/qdrant: update 1.17.1 → 1.18.0

misc/lean-ctx: update 3.5.18 → 3.5.21

misc/py-uuid-utils: update 0.14.1 → 0.15.0

u3g: Add Telit LM960A18 LTE modem

The patch in the PR failed to apply, so I manually applied the same
changes.

PR:             295231
Submitted by:   Mike Tancsa <mike at sentex.net>
Reviewed by:    emaste

Cirrus-CI: Bump toolchain to LLVM 21

Cirrus-CI is shutting down at the end of the month, but we can still
finish with an up-to-date working build with an LLVM version matching
the in-tree toolchain.

Sponsored by:   The FreeBSD Foundation

mlx5en: destroy TIR before DEK during TLS RX teardown

(cherry picked from commit bf636accdde4bb9af2c6c07af5420dffffd82332)

graphics/openboard: New port: Interactive whiteboard

OpenBoard is an open source cross-platform interactive whiteboard
application designed primarily for use in schools. It was originally
forked from Open-Sankore, which was itself based on Uniboard. It
supports digital pens, virtual keyboards, PDF import, web browsing,
video playback, and screen annotations.

WWW: https://www.openboard.org/
https://github.com/OpenBoard-org/OpenBoard/

Patches reported to upstream:
https://github.com/OpenBoard-org/OpenBoard/pull/1489
https://github.com/OpenBoard-org/OpenBoard/pull/1490

PR:             295104
Sponsored by:   UNIS Labs

misc/py-llm: Update 0.27 => 0.31, take maintainerhsip

Changelog:
https://github.com/simonw/llm/releases/tag/0.27.1
https://github.com/simonw/llm/releases/tag/0.28
https://github.com/simonw/llm/releases/tag/0.29
https://github.com/simonw/llm/releases/tag/0.30
https://github.com/simonw/llm/releases/tag/0.31

PR:             295216
Sponsored by:   UNIS Labs

biology/sra-tools: Patch out extraneous scripts

Build from source was installing scripts directly into /etc/profile.d
that are not even needed when installing from ports.
Also patched out some pip commands to silence poudriere warnings.

PR:             294837
Reported by:    milios at ccsys.com

security/zeek: Update to 8.0.8

    https://github.com/zeek/zeek/releases/tag/v8.0.8

This release fixes the following potential DoS vulnerability:

 - A specially-crafted series of MIME headers sent via SMTP or HTTP
   could cause Zeek to use large amounts of memory and potentially
   crash.

This release fixes the following potential DoS vulnerability:

 - Sqlite storage backends no longer potentially write data into a
   single database file across multiple unrelated backend handles.

 - A crash in the table code was fixed if reallocation failed while
   resizing.

Reported by:    Tim Wojtulewicz

security/vuxml: Mark security/zeek < 8.0.8 as vulnerable as per:

    https://github.com/zeek/zeek/releases/tag/v8.0.8

This release fixes the following potential DoS vulnerability:

 - A specially-crafted series of MIME headers sent via SMTP or HTTP
   could cause Zeek to use large amounts of memory and potentially
   crash.

Reported by:    Tim Wojtulewicz

committers-guide: Remove stale FreeBSD Mall link

PR: 293468

devel/fatal: update 2026.02.09.00 → 2026.05.11.00

www/proxygen: update 2026.02.09.00 → 2026.05.11.00

net/wangle: update 2026.02.09.00 → 2026.05.11.00