mail/postfix: Update to 3.11.1
This update brings some possibly breaking changes:
- Postfix 3.11.0:
- TLS
- smtp_tls_security_level now defaults to "may" when Postfix is built with
TLS support and compatibility_level >= 3.11
- RFC 8689 REQUIRETLS support added: requires strong authentication
(DANE/STS) from all servers in the forward path that announce REQUIRETLS
- TLS logging now includes desired vs. actual security level enforcement
status and REQUIRETLS policy enforcement details
- New smtp_tls_enforce_sts_mx_patterns parameter (default: yes) ensures
MX hostname matching for MTA-STS
- OpenSSL 3.5+ changes the tls_eecdh_auto_curves default to avoid
protocol ossification (post-quantum cryptography prep)
- Other
[14 lines not shown]
databases/postgresql*-*: Update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.2, 17.8, 16.12, 15.16,
and 14.21. This release fixes 5 security vulnerabilities and over 65
bugs reported over the last several months.
Release notes:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/https://www.postgresql.org/docs/release/
Security:
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code
CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Remove postgresql13* since it is now EoL.
[2 lines not shown]
sysutils/rubygem-bundler-audit: Add new port
bundler-audit provides patch-level verification for Bundled Ruby
applications by auditing Gemfile.lock against a database of known
vulnerabilities.
Also add rubygem-bundle-audit as a wrapper gem that depends on
rubygem-bundler-audit, for developers who reference "bundle-audit"
instead of "bundler-audit".
devel/rubygem-uniform_notifier: Add version 1.18.0
uniform_notifier provides a unified notification interface supporting
Rails logger, JavaScript alert/console, XMPP, Slack, and more.
devel/rubygem-bullet: Add rubygem-bullet 8.1.0
Bullet is a development tool that helps increase application performance
by reducing the number of queries it makes. It detects N+1 queries,
unused eager loading, and suggests counter cache usage.
Also add rubygem-bullet-rails72 slave port for Rails 7.2 compatibility.
security/rubygem-doorkeeper-i18n{,-rails72}: Add new port.
Internationalization files for Doorkeeper OAuth2 provider
While I'm there, also add a variant of rubygem-doorkeeper for use
with rails72.
tzcode: Update to 2026a
Many thanks to Paul Eggert for adopting most of our adaptations as
optional features upstream in the previous release (2025c).
MFC after: 1 week
Reviewed by: philip
Differential Revision: https://reviews.freebsd.org/D55741
devel/patch: update GNU patch to the latest version 2.8
- GC previous Debian patches, backport new upstream fixes:
add missing filename quoting, enable merge, skip read-only
check when output file specified, reject empty filenames
- On i386, apply the same fix as Debian for Hurd/i386
- The port now seemingly builds fine with BSD make(1)
- Install some standard documentation files
PR: 285796
net-p2p/bazarr: Fix build with python version other than 3.11
PR: 293708
Approved by: Michiel van Baak Jansen <michiel at vanbaak.eu> (maintainer)
MFH: 2026Q1
(cherry picked from commit d000c5fe82e03452f035761e9ea217f61d0645f1)
graphics/egl-wayland2: New port
Introduce graphics/egl-wayland2, Wayland EGL External Platform library
Version 2 that works with NVIDIA drivers 560 and later.
This is a new implementation of the EGL External Platform Library
for Wayland (EGL_KHR_platform_wayland), using the NVIDIA driver's
new platform surface interface (Dma-buf-based), which simplifies
a lot of the library and improves window resizing.
This library can be installed alongside the previous egl-wayland
implementation (graphics/egl-wayland).
The new library has a higher selection priority by default,
so if both are present, then a 560 or later driver will select
the new library, and an older driver will fall back to the old
library.
PR: 293719
[2 lines not shown]
net-p2p/bazarr: Fix build with python version other than 3.11
PR: 293708
Approved by: Michiel van Baak Jansen <michiel at vanbaak.eu> (maintainer)
MFH: 2026Q1
build: Stop testing LINKER_FEATURES for ifunc and build-id
These features are available in all supported linkers, and we can expect
that they'll be supported by any GNU-compatible linker that we'd use to
link FreeBSD.
Reviewed by: imp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55676
