BSD Commit Log Search

www/caddy: Update to 2.11.4 (security)

Changes:
  Security-related patches:
  - caddyhttp: Normalize Windows backslashes in path matcher (thanks
    @Vincent550102)
  - rewrite: Prevent placeholder re-expansion in injected query
    (thanks @WhiskerEnt)
  - templates: Improved stripHTML action to more reliably remove
    malformed HTML (thanks to @jmrcsnchz)
  - caddyhttp: Ignore header fields with underscores to prevent
    collisions (thanks @Vincent550102 for the report and @dunglas for
    the patch)

    NB: These security patches may be breaking if your application
    relies on the buggy behaviors.

  What's Changed:
  - reverseproxy: further prevent body closes from dial errors by

    [37 lines not shown]

security/vuxml: Add caddy < 2.11.4

www/caddy: Update to 2.11.4 (security)

Changes:
  Security-related patches:
  - caddyhttp: Normalize Windows backslashes in path matcher (thanks
    @Vincent550102)
  - rewrite: Prevent placeholder re-expansion in injected query
    (thanks @WhiskerEnt)
  - templates: Improved stripHTML action to more reliably remove
    malformed HTML (thanks to @jmrcsnchz)
  - caddyhttp: Ignore header fields with underscores to prevent
    collisions (thanks @Vincent550102 for the report and @dunglas for
    the patch)

    NB: These security patches may be breaking if your application
    relies on the buggy behaviors.

  What's Changed:
  - reverseproxy: further prevent body closes from dial errors by

    [35 lines not shown]

audio/praat: update to 6.4.67, latest upstream

Release notes as always at
        https://www.fon.hum.uva.nl/praat/manual/What_s_new_.html

The build system has been revamped (in unfortunate ways), I ought to
engage with upstream to get it to build well with meson on FreeBSD,
so we can abandon all the Makefile hacks.

audio/musescore: update to 4.7.3, latest upstream

The 4.7 series announcements are at
        https://musescore.org/en/4.7

Submitted by Keith White, additional patches for build and bump to .3 by me.

net/traefik: Update to upstream release 3.7.5

Details:
- Update to upstream release 3.7.5, see:
  https://github.com/traefik/traefik/releases/tag/v3.7.5
- Fixes 2 CVEs in the process, see below

MFH:            2026Q2
Security:       CVE-2026-48020
                CVE-2026-48491
(cherry picked from commit 183293183e8a899aa5c4e22cd61b37597a767cab)

acl_to_text_nfs4.c: Fix a snprintf() for large uid

Commit 6e7c10c79dea fixed a couple of snprintf()s for large
uid/gid numbers above 2Gig.  This patch fixes another one.

Reviewed by:    rmacklem
Differential Revision:  https://reviews.freebsd.org/D57561

net/traefik: Update to upstream release 3.7.5

Details:
- Update to upstream release 3.7.5, see:
  https://github.com/traefik/traefik/releases/tag/v3.7.5
- Fixes 2 CVEs in the process, see below

MFH:            2026Q2
Security:       CVE-2026-48020
                CVE-2026-48491

security/nss: update to 3.125

Release Notes:
  https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_125.html

benchmarks/clpeak: update to 2.0.13

Changes:        https://github.com/krrishnarraj/clpeak/releases/tag/2.0.13
Reported by:    GitHub (watch releases)

x11-wm/cagebreak: update to 3.2.0

Changes:        https://github.com/project-repo/cagebreak/releases/tag/3.2.0
Reported by:    GitHub (watch releases)

net/sendme: fix build on non-x86

The netdev crate has the value of ioctl SIOCGIFXMEDIA hardcoded for x86.
Add definitions for other architectures to fix the build.

See also:       https://github.com/shellrow/netdev/issues/170
Approved by:    portmgr (build fix blanket)
MFH:            2026Q2

(cherry picked from commit d4de8e372e2e8f829afe06d2ea4aa8528d2d96d2)

graphics/s10sh: fix endianess code

Instead of hard-coding a list of architectures, defer to <endian.h>.
This fixes the build on all platforms tested.

MFH:            2026Q2
(cherry picked from commit c653d172b2678fed4bdd92782c593b995d41c5e5)

devel/smv: builds fine on armv7

MFH:            2026Q2
(cherry picked from commit 25f7c062b26ce5065825b50bf673de76d79c51f3)

lang/micropython: enable on armv7, fix on i386

Builds fine.
One unit test fails on armv7: basics/int_64_basics.py

Approved by:    portmgr (build fix blanket)
MFH:            2026Q2

(cherry picked from commit 0f415d2616260b4c90af2a44434a5dbde8900a42)

math/tlfloat: builds fine on armv7

Tested on FreeBSD 14.3 and 15.0.
Test suite passes, too.

MFH:            2026Q2
(cherry picked from commit 42f2073184d330fabefb21264a9fe20280f65f1d)

devel/go-tools: update to 0.46.0

Selected upstream changes:

 - cmd/goyacc: use math.MinInt16 as sentinel value for large grammars
 - cmd/callgraph: add -{cpu,mem}profile flags for maintainers
 - all: fix typos in comments and docs
 - go.mod: update golang.org/x dependencies

Changelog: https://github.com/golang/tools/compare/v0.45.0...v0.46.0

net/sendme: fix build on non-x86

The netdev crate has the value of ioctl SIOCGIFXMEDIA hardcoded for x86.
Add definitions for other architectures to fix the build.

See also:       https://github.com/shellrow/netdev/issues/170
Approved by:    portmgr (build fix blanket)
MFH:            2026Q2

devel/smv: builds fine on armv7

MFH:            2026Q2

math/tlfloat: builds fine on armv7

Tested on FreeBSD 14.3 and 15.0.
Test suite passes, too.

MFH:            2026Q2

graphics/s10sh: fix endianess code

Instead of hard-coding a list of architectures, defer to <endian.h>.
This fixes the build on all platforms tested.

MFH:            2026Q2

lang/micropython: enable on armv7, fix on i386

Builds fine.
One unit test fails on armv7: basics/int_64_basics.py

Approved by:    portmgr (build fix blanket)
MFH:            2026Q2

net/ucx: Update 1.20.0 → 1.20.1

Changelog:
https://github.com/openucx/ucx/releases/tag/v1.20.1
https://github.com/openucx/ucx/blob/v1.20.1/NEWS

- Enable and pass gtest test suite.
- Fix warnings from portclippy.
- Improve formatting and alignment.

PR:             295984 294958 294959
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH:            2026Q2

(cherry picked from commit c54c53fa0e0876707df5666c0827264f7a5318c3)

net/ucx: Update 1.20.0 → 1.20.1

Changelog:
https://github.com/openucx/ucx/releases/tag/v1.20.1
https://github.com/openucx/ucx/blob/v1.20.1/NEWS

- Enable and pass gtest test suite.
- Fix warnings from portclippy.
- Improve formatting and alignment.

PR:             295984 294958 294959
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH:            2026Q2

misc/hwdata: 0.408

Reported by:    portscout!

snd_uaudio: Support Roland UA-33

Apply the appropriate quirk. Also, introduce a new uaudio_vendor_audio
table, similar to uaudio_vendor_midi, which includes non-standard USB
audio devices. The Roland UA-33 needs this, bceause it comes with
bInterfaceClass = 0xff (vendor-specific), so snd_uaudio(4) doesn't
detect it.

PR:             294814
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Reviewed by:    emaste
Pull Request:   https://ron-dev.freebsd.org/FreeBSD/src/pulls/24

(cherry picked from commit 549e740619873716b796a841a10f56fae3c3ad49)

www/gohugo: Update to 0.163.1

ChangeLog: https://github.com/gohugoio/hugo/releases/tag/v0.163.1

 * build(deps): bump golang.org/x/image from 0.41.0 to 0.42.0
 * Fix multi --renderSegments merge behavior
 * security: Normalize integer IPv4 host encodings in http.urls check
 * Drop symlinks in os.ReadDir, os.ReadFile, os.Stat and os.FileExists
 * commands: Fix convert command

Approved by:    doceng@ (implicit)

LinuxKPI: sync linuxkpi_video with Linux 6.12

MFC after:      1 week

www/fmd-server: add ONLY_FOR_ARCHS

security/sssd2: Update to 2.13.1

Reported by:    portscout!