FreeBSD/ports 9a816d4misc/koboldcpp distinfo Makefile

misc/koboldcpp: update 1.113.1 → 1.113.2
DeltaFile
+3-3misc/koboldcpp/distinfo
+1-1misc/koboldcpp/Makefile
+4-42 files

FreeBSD/ports 98fed66devel/lefthook distinfo Makefile

devel/lefthook: update 2.1.6 → 2.1.8
DeltaFile
+5-5devel/lefthook/distinfo
+1-2devel/lefthook/Makefile
+6-72 files

FreeBSD/ports 5900c52sysutils/mise distinfo Makefile

sysutils/mise: update 2026.5.11 → 2026.5.12
DeltaFile
+37-37sysutils/mise/distinfo
+18-18sysutils/mise/Makefile
+55-552 files

FreeBSD/ports 8e0b364audio/jamulus distinfo Makefile

audio/jamulus: update 3_12_0 → 3.12.1
DeltaFile
+3-3audio/jamulus/distinfo
+1-1audio/jamulus/Makefile
+4-42 files

FreeBSD/ports f9a7be6misc/py-uuid-utils distinfo Makefile

misc/py-uuid-utils: update 0.15.0 → 0.16.0
DeltaFile
+3-3misc/py-uuid-utils/distinfo
+1-1misc/py-uuid-utils/Makefile
+4-42 files

FreeBSD/ports 784fd84devel/nextest distinfo Makefile

devel/nextest: update 0.9.135 → 0.9.136
DeltaFile
+3-3devel/nextest/distinfo
+1-1devel/nextest/Makefile
+4-42 files

FreeBSD/src 57fb48fsys/kern uipc_usrreq.c

linuxulator: fix SO_PEERCRED emulation after 1d24638d3e8

For Linux binaries, sopt->sopt_td may be null.  And there's also no
need to check it, since struct l_ucred has the same layout on 32-bit
systems as on 64-bit ones.

PR:             295333
Reported by:    Miguel Gomes <miguel.dias.gomes at protonmail.com>
Fixes:          1d24638d3e8 ("Fix LOCAL_PEERCRED in 32-bit compat mode")
Reviewed by:    emaste
Differential Revision: https://reviews.freebsd.org/D57032

(cherry picked from commit 4cee16d471d47f4673e4d2c66f7a96d4e6d86ee9)
DeltaFile
+3-1sys/kern/uipc_usrreq.c
+3-11 files

FreeBSD/ports 3d2becenet/keycloak pkg-plist distinfo

net/keycloak: Update 26.6.1 => 26.6.2 (fix 18 CVEs)

Release Notes:
https://www.keycloak.org/2026/05/keycloak-2662-released

PR:             295416
Security:       CVE-2026-33871
Security:       CVE-2026-33870
Security:       CVE-2026-4628
Security:       CVE-2026-37980
Security:       CVE-2026-5588
Security:       CVE-2026-6856
Security:       CVE‐2026‐0636
Security:       CVE‐2026‐3505
Security:       CVE‐2026‐5598
Security:       CVE-2026-7307
Security:       CVE-2026-7504
Security:       CVE-2026-7571
Security:       CVE-2026-7507

    [9 lines not shown]
DeltaFile
+175-175net/keycloak/pkg-plist
+3-3net/keycloak/distinfo
+1-1net/keycloak/Makefile
+179-1793 files

FreeBSD/ports 0e9163cnet/keycloak pkg-plist distinfo

net/keycloak: Update 26.6.1 => 26.6.2 (fix 18 CVEs)

Release Notes:
https://www.keycloak.org/2026/05/keycloak-2662-released

PR:             295416
Security:       CVE-2026-33871
Security:       CVE-2026-33870
Security:       CVE-2026-4628
Security:       CVE-2026-37980
Security:       CVE-2026-5588
Security:       CVE-2026-6856
Security:       CVE‐2026‐0636
Security:       CVE‐2026‐3505
Security:       CVE‐2026‐5598
Security:       CVE-2026-7307
Security:       CVE-2026-7504
Security:       CVE-2026-7571
Security:       CVE-2026-7507

    [7 lines not shown]
DeltaFile
+175-175net/keycloak/pkg-plist
+3-3net/keycloak/distinfo
+1-1net/keycloak/Makefile
+179-1793 files

FreeBSD/src 5642fd4sbin/ping/tests test_ping.py

ping: fix listing test cases when scapy is not installed

The ATF-python test program was attempting to list test cases that
require scapy.  But it attempted to import the scapy module before the
test cases had been listed, resulting in an ImportError that kyua
interpreted as a test program crash.

Fix this behavior by handling that ImportError well enough to list test
cases, but not run them.  If scapy isn't present, Kyua will refuse to
run the test cases.  But it needs to be able to list them in order to
know to skip them.

Sponsored by:           ConnectWise
Reviewed by:            maxim
Differential Revision:  https://reviews.freebsd.org/D56765

(cherry picked from commit 3e845b1090565912375c5578cf0399d27b7fa70c)
DeltaFile
+25-1sbin/ping/tests/test_ping.py
+25-11 files

FreeBSD/ports 1b4c4dfscience/R-cran-bayesm distinfo Makefile

science/R-cran-bayesm: Update to 3.1.7
DeltaFile
+3-3science/R-cran-bayesm/distinfo
+1-1science/R-cran-bayesm/Makefile
+4-42 files

FreeBSD/src e6623a9share/man/man9 locking.9

locking.9: warn about using sleepable lock address as a sleep channel

(cherry picked from commit 56bc43f5d02bd0745d597db44c285bf78d083762)
DeltaFile
+10-5share/man/man9/locking.9
+10-51 files

FreeBSD/src af8675bsys/fs/nfsclient nfs_clsubs.c nfsnode.h

nfs_clsubs.c: Fix ncl_getcookie() when "pos" is negative

In ncl_getcookie(), a very large value for "off" for
a directory can result in "pos" being set to a bogus
value (including a negative one), due to truncation.
When "pos" is negative, is can skip past the
while (pos >= NFSNUMCOOKIES) loop and return a
bogus pointer instead of NULL.

This patch changes the type to u_int and also adds
a sanity check for a very large "off" to ensure that
a NULL pointer is returned for this case.

This bug has been in the code for decades and I am
not aware of any report of it causing a problem for
users.

(cherry picked from commit 448b4c3f7f7dd4c7e1707d7b833a26294c297182)
DeltaFile
+9-1sys/fs/nfsclient/nfs_clsubs.c
+1-1sys/fs/nfsclient/nfsnode.h
+10-22 files

FreeBSD/ports e01caecsecurity/kanidm distinfo Makefile

security/kanidm: Update to 1.10.2

ChangeLog: https://github.com/kanidm/kanidm/releases/tag/v1.10.2

Approved by:    bofh@ (implicit)
DeltaFile
+3-3security/kanidm/distinfo
+1-1security/kanidm/Makefile
+4-42 files

FreeBSD/src 3aab037sys/fs/nfsclient nfs_clsubs.c nfsnode.h

nfs_clsubs.c: Fix ncl_getcookie() when "pos" is negative

In ncl_getcookie(), a very large value for "off" for
a directory can result in "pos" being set to a bogus
value (including a negative one), due to truncation.
When "pos" is negative, is can skip past the
while (pos >= NFSNUMCOOKIES) loop and return a
bogus pointer instead of NULL.

This patch changes the type to u_int and also adds
a sanity check for a very large "off" to ensure that
a NULL pointer is returned for this case.

This bug has been in the code for decades and I am
not aware of any report of it causing a problem for
users.

(cherry picked from commit 448b4c3f7f7dd4c7e1707d7b833a26294c297182)
DeltaFile
+9-1sys/fs/nfsclient/nfs_clsubs.c
+1-1sys/fs/nfsclient/nfsnode.h
+10-22 files

FreeBSD/src 3c07cfbusr.bin/elfdump elfdump.c

elfdump: Decode SHT_LLVM_ADDRSIG section header type

Reported by:    bz
Sponsored by:   The FreeBSD Foundation
DeltaFile
+1-0usr.bin/elfdump/elfdump.c
+1-01 files

FreeBSD/ports 7db1410audio/songrec distinfo Makefile

audio/songrec: update 0.7.1 → 0.7.3
DeltaFile
+15-13audio/songrec/distinfo
+9-8audio/songrec/Makefile
+24-212 files

FreeBSD/ports e15745eshells/agsh distinfo Makefile

shells/agsh: update 0.23.1 → 0.24.1
DeltaFile
+3-3shells/agsh/distinfo
+1-1shells/agsh/Makefile
+4-42 files

FreeBSD/ports 00796b6misc/lean-ctx distinfo Makefile

misc/lean-ctx: update 3.6.8 → 3.6.9
DeltaFile
+11-3misc/lean-ctx/distinfo
+5-1misc/lean-ctx/Makefile
+16-42 files

FreeBSD/src b79facalib/libcasper/services/cap_net cap_net.c

cap_net: do not allow new limits to drop keys from the old ones

If the old limit had family/hosts/sockaddr set, the new limit must
have them too. Before, a missing key in the new limit was treated as
"allow any", which let a caller silently extend their limits.

Reported by:    Joshua Rogers of AISLE Research Team
Reviewed by:    markj
MFC after:      1 day
Differential Revision:  https://reviews.freebsd.org/D56991

(cherry picked from commit d705a519525f2acae3c1efba11436ec6ee8aea0a)
DeltaFile
+31-0lib/libcasper/services/cap_net/cap_net.c
+31-01 files

FreeBSD/src 7eb3fd6lib/libcasper/services/cap_net cap_net.c

cap_net: do not allow new limits to drop keys from the old ones

If the old limit had family/hosts/sockaddr set, the new limit must
have them too. Before, a missing key in the new limit was treated as
"allow any", which let a caller silently extend their limits.

Reported by:    Joshua Rogers of AISLE Research Team
Reviewed by:    markj
MFC after:      1 day
Differential Revision:  https://reviews.freebsd.org/D56991

(cherry picked from commit d705a519525f2acae3c1efba11436ec6ee8aea0a)
DeltaFile
+31-0lib/libcasper/services/cap_net/cap_net.c
+31-01 files

FreeBSD/ports 798bd35net-mgmt/thanos Makefile

net-mgmt/thanos: Fix BUILD_DATE syntax to fix build

* Change the syntax of BUILD_DATE after switching to GO_LDFLAGS as
port was using double quotes but Uses/go.mk has single quotes where it
interpolates GO_LDFLAGS, which requires use of different syntax.
* Also switch date format of BUILD_DATE to classic ISO 8601.

PR:             295384
Reported by:    Chad Jacob Milios <milios at ccsys.com>
Approved by:    db@, yuri@ (Mentors, implicit)
Fixes:          2af7cdf6fd59 * net-mgmt/thanos: improve port
DeltaFile
+1-1net-mgmt/thanos/Makefile
+1-11 files

FreeBSD/ports 901bda9sysutils Makefile, sysutils/boxrun Makefile pkg-descr

sysutils/boxrun: New port: sandboxed execution of programs

* Initial commit (version 0.3.0)

MFH:            2026Q2
(cherry picked from commit 097d516cae1fe1baccaacc25e4d2ebe45f831f4d)
DeltaFile
+33-0sysutils/boxrun/Makefile
+11-0sysutils/boxrun/pkg-descr
+3-0sysutils/boxrun/distinfo
+1-0sysutils/Makefile
+48-04 files

FreeBSD/ports 097d516sysutils Makefile, sysutils/boxrun Makefile pkg-descr

sysutils/boxrun: New port: sandboxed execution of programs

* Initial commit (version 0.3.0)

MFH:            2026Q2
DeltaFile
+33-0sysutils/boxrun/Makefile
+11-0sysutils/boxrun/pkg-descr
+3-0sysutils/boxrun/distinfo
+1-0sysutils/Makefile
+48-04 files

FreeBSD/ports 7944f0cmultimedia/supersonic distinfo Makefile

multimedia/supersonic: Update to 0.21.1

ChangeLogs:

- https://github.com/dweymouth/supersonic/releases/tag/v0.21.0
- https://github.com/dweymouth/supersonic/releases/tag/v0.21.1
DeltaFile
+5-5multimedia/supersonic/distinfo
+1-2multimedia/supersonic/Makefile
+6-72 files

FreeBSD/ports 75bf0f9www/py-dj60-django-stubs-ext distinfo Makefile

www/py-dj60-django-stubs-ext: Update to 6.0.4

ChangeLog: https://github.com/typeddjango/django-stubs/releases/tag/6.0.4
DeltaFile
+3-3www/py-dj60-django-stubs-ext/distinfo
+1-1www/py-dj60-django-stubs-ext/Makefile
+4-42 files

FreeBSD/ports 9868431net/dataplaneapi distinfo Makefile

net/dataplaneapi: Update to 3.3.4

ChangeLog: https://github.com/haproxytech/dataplaneapi/releases/tag/v3.3.4
DeltaFile
+5-5net/dataplaneapi/distinfo
+2-3net/dataplaneapi/Makefile
+7-82 files

FreeBSD/ports 3547344textproc/py-typst distinfo Makefile.crates, textproc/py-typst/files patch-Cargo.lock patch-Cargo.toml

textproc/py-typst: Update to 0.14.9

ChangeLog: https://github.com/messense/typst-py/releases/tag/v0.14.9
DeltaFile
+239-219textproc/py-typst/distinfo
+118-108textproc/py-typst/Makefile.crates
+7-7textproc/py-typst/files/patch-Cargo.lock
+6-8textproc/py-typst/files/patch-Cargo.toml
+1-2textproc/py-typst/Makefile
+371-3445 files

FreeBSD/ports dce3decwww/rustypaste distinfo Makefile.crates

www/rustypaste: Update to 0.17.0

ChangeLog: https://github.com/orhun/rustypaste/releases/tag/v0.17.0
DeltaFile
+219-179www/rustypaste/distinfo
+108-88www/rustypaste/Makefile.crates
+1-2www/rustypaste/Makefile
+328-2693 files

FreeBSD/ports 954606fsysutils/bin distinfo Makefile

sysutils/bin: Update to 0.26.0

ChangeLog: https://github.com/marcosnils/bin/releases/tag/v0.26.0
DeltaFile
+5-5sysutils/bin/distinfo
+2-3sysutils/bin/Makefile
+7-82 files