FreeBSD/src e3e8ec2sys/kern kern_kexec.c

kexec: Disallow kexec_load if securelevel > 0

kexec_load() + reboot is intended to be equivalent to a system reboot.
However kexec_load() can load arbitrary data as the target kernel,
leading to execution of arbitrary code, even though it's effectively in
a new context.  Rather than being equivalent to a system reboot, it's
also equivalent to kldload(), which loads arbitrary code into the
running kernel.  Since kldload() is blocked at securelevel 1, also block
kexec_load().

Reported by:    markj
Fixes:          e02c57ff3 ("kern: Introduce kexec system feature (MI)")
Sponsored by:   Hewlett Packard Enterprise
Differential Revision:  https://reviews.freebsd.org/D56580
DeltaFile
+3-0sys/kern/kern_kexec.c
+3-01 files

FreeBSD/src 69cc351libexec/rc safe_eval.sh

safe_set ignore leading white-space

Also treate ':' at the start of a line as for '#'
ie. a comment.
DeltaFile
+2-2libexec/rc/safe_eval.sh
+2-21 files

FreeBSD/src 588bb16usr.sbin/jail command.c

jail: fix crash with startup commands on a jail without name

Jail name is optional, thus don't try setenv(NULL).

Fixes:  d8f021add40c321c4578da55dae52fb93c7ccb5f
(cherry picked from commit 78c4f821f43d530ba1f2a6308a64a8483208ebe3)
DeltaFile
+2-2usr.sbin/jail/command.c
+2-21 files

FreeBSD/ports 4fbbbccdevel/forgejo-cli Makefile distinfo

devel/forgejo-cli: Make DISTFILE unique to avoid DISTDIR collisions

While here, incorporate some minor cleanups:
- Remove unnecessary CARGO_ENV values
- Move pkg-plist entries to PLIST_FILES

Reviewed by:    diizzy
Sponsored by:   The FreeBSD Foundation
DeltaFile
+7-6devel/forgejo-cli/Makefile
+3-3devel/forgejo-cli/distinfo
+0-4devel/forgejo-cli/pkg-plist
+10-133 files

FreeBSD/ports df17aefwww/py-django-bootstrap3 Makefile, www/py-django-bootstrap3/files patch-pyproject.toml

www/py-django-bootstrap3: Unbreak build after 21c2f9c595ac

* Relax the version requirements for py-uv-build which has been updated
  recently.

Reported by:    pkg-fallout
DeltaFile
+1-1www/py-django-bootstrap3/files/patch-pyproject.toml
+1-1www/py-django-bootstrap3/Makefile
+2-22 files

FreeBSD/ports 93e2925games/anki Makefile

games/anki: Extend memory usage of NodeJS during build

* Set a higher value for V8's old memory to fix OOM issues during build:

[...]
vite v6.3.6 building for production...
transforming...

<--- Last few GCs --->

[85302:0x40cbfe36a000]    61573 ms: Mark-Compact (reduce) 505.7 (525.0) -> 502.2 (512.8) MB, pooled: 0 MB, 53.70 / 0.00 ms  (+ 530.4 ms in 111 steps since start of marking, biggest step 5.2 ms, walltime since start of marking 659 ms) (average mu = 0.194, [85302:0x40cbfe36a000]    62211 ms: Mark-Compact 503.3 (512.8) -> 498.8 (515.5) MB, pooled: 0 MB, 631.85 / 0.00 ms  (average mu = 0.113, current mu = 0.009) allocation failure; scavenge might not succeed

FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
----- Native stack trace -----

 1: 0x19a5b74 node::OOMErrorHandler(char const*, v8::OOMDetails const&) [/usr/local/bin/node]
 2: 0x1be1c44 node::inspector::protocol::IO::DomainDispatcherImpl::~DomainDispatcherImpl() [/usr/local/bin/node]
 3: 0x1e1a6b0 v8::internal::HeapLayout::CheckYoungGenerationConsistency(v8::internal::MemoryChunk const*) [/usr/local/bin/node]
 4: 0x1e1d5f4 v8::internal::HeapLayout::CheckYoungGenerationConsistency(v8::internal::MemoryChunk const*) [/usr/local/bin/node]

    [5 lines not shown]
DeltaFile
+1-0games/anki/Makefile
+1-01 files

FreeBSD/ports 9823d1eeditors/neovim distinfo Makefile

editors/neovim: Update to 0.12.2

Changes:
https://github.com/neovim/neovim/commit/4b35336f6f850ce68a230716401cdaa21bdb6a25
DeltaFile
+5-5editors/neovim/distinfo
+2-2editors/neovim/Makefile
+7-72 files

FreeBSD/doc 26592dbwebsite/data/en/news news.toml

News: Announce 2026Q1 status report
DeltaFile
+5-0website/data/en/news/news.toml
+5-01 files

FreeBSD/src 967186fcontrib/libcbor CMakeLists.txt, contrib/libcbor/doc/source using.rst

libcbor: Update to 0.13.0

Sponsored by:   The FreeBSD Foundation

(cherry picked from commit b5b9517bfe394e55088f5a05882eabae7e9b7b29)
DeltaFile
+377-34contrib/libcbor/test/copy_test.c
+225-114contrib/libcbor/CMakeLists.txt
+135-137contrib/libcbor/test/cbor_serialize_test.c
+170-26contrib/libcbor/src/cbor.c
+183-0contrib/libcbor/examples/crash_course.c
+0-174contrib/libcbor/doc/source/using.rst
+1,090-485122 files not shown
+3,665-2,450128 files

FreeBSD/src a544288contrib/libfido2/fuzz functions.txt fuzz_attobj.c, contrib/libfido2/regress cred.c dev.c

libfido2: Update to 1.16.0

Sponsored by:   The FreeBSD Foundation

(cherry picked from commit febb0da5bf4bc99828ebede7abcb039514ac367a)
DeltaFile
+553-543contrib/libfido2/fuzz/functions.txt
+972-94contrib/libfido2/regress/cred.c
+333-0contrib/libfido2/fuzz/fuzz_attobj.c
+14-220contrib/libfido2/regress/dev.c
+182-0contrib/libfido2/regress/mock.c
+75-70contrib/libfido2/tools/test.sh
+2,129-92776 files not shown
+3,140-1,40682 files

FreeBSD/src 9b8f4cftools/build/options INIT_ALL

INIT_ALL: Fix typo in option description

From GitHub pull request #2035; the change needs to be applied to the
source file for the option description, not the generated src.conf.5.

(cherry picked from commit c9f3de0ba95b8da31d35fa92e0a54cf6f3d3f1dd)
DeltaFile
+1-1tools/build/options/INIT_ALL
+1-11 files

FreeBSD/src 51b65c6usr.sbin/ctladm/tests port.sh

ctladm tests: Only use allowed chars in IQN

_ isn't part of the allowed IQN format, but - is.

None functional change.

Reviewed by:            asomers, ngie
Approved by:            asomers (mentor)
MFC after:              1 week
Sponsored by:           ConnectWise
Differential Revision:  https://reviews.freebsd.org/D56557
DeltaFile
+5-5usr.sbin/ctladm/tests/port.sh
+5-51 files

FreeBSD/src 19213b8tests/sys/cam/ctl opcodes.sh

ctl: require ctladm in addition to sg_opcodes

Each test case in opcodes.sh uses ctladm to create and remove the LUN it
exercises, but only sg_opcodes was listed in require.progs.
On systems where ctladm is not builded the tests would fail at setup instead of
being skipped cleanly.

Approved by:    asomers
Sponsored by:   Netflix
Differential Revision:  https://reviews.freebsd.org/D56568
DeltaFile
+9-9tests/sys/cam/ctl/opcodes.sh
+9-91 files

FreeBSD/ports 6056f5fmath/octave-forge Makefile

math/octave-forge: Add new optional dependency.

- Add optional dependency math/octave-forge-rf.
- Update to 20260422.
DeltaFile
+3-3math/octave-forge/Makefile
+3-31 files

FreeBSD/ports f331ebcmath Makefile, math/octave-forge-rf Makefile pkg-descr

math/octave-forge-rf: New port.

RF and microwave network-parameter utilities for GNU Octave. Provides
S-parameter conversions (ST, SZ, SY, SABCD, SH, SG), cascading,
de-embedding, port reordering, renormalization, mixed-mode conversion
for differential pairs, and Touchstone I/O.
DeltaFile
+24-0math/octave-forge-rf/Makefile
+15-0math/octave-forge-rf/pkg-descr
+3-0math/octave-forge-rf/distinfo
+1-0math/Makefile
+43-04 files

FreeBSD/src 6395bf5release/packages/ucl clang.ucl

pkgbase: remove incorrect clang shlib requires

The FreeBSD-clang package contains a 32-bit shared object at
/usr/lib/clang/19/lib/freebsd/libclang_rt.asan-i386.so

This is expected, since clang uses this object when compiling for i386
targets with asan enabled.

What is not expected is that the FreeBSD-clang package currently depends
on 32-bit libc packages due to pkg's shared library analysis, making it
impossible to install pkgbase on x86_64 without any lib32 packages.

This commit leverages a new pkg feature implemented in [1], but could
be landed before a pkg version including that feature is released
without any ill effects. Unknown keys in package manifests are ignored.

[1]: https://github.com/freebsd/pkg/pull/2594

Reviewed by:    ivy

    [4 lines not shown]
DeltaFile
+5-0release/packages/ucl/clang.ucl
+5-01 files

FreeBSD/ports 0c5d34dtextproc/py-jiter distinfo Makefile.crates

textproc/py-jiter: Update to 0.14.0

Changelog: https://github.com/pydantic/jiter/compare/v0.13.0...v0.14.0

Reported by:    portscout
DeltaFile
+115-79textproc/py-jiter/distinfo
+56-38textproc/py-jiter/Makefile.crates
+1-2textproc/py-jiter/Makefile
+172-1193 files

FreeBSD/src f2ce8d6contrib/libarchive/test_utils test_main.c

libarchive: Staticize some variables

This code was not being built due to errors in our libarchive
configuration.  Now that those have been addressed, staticize some
variables that trip a “no previous extern declaration” error.  This
is a subset of upstream PR 2962.

MFC after:      1 week
Reviewed by:    mm
Differential Revision:  https://reviews.freebsd.org/D56471

(cherry picked from commit 7e9d974bc023755161742f66c8c77546bab88586)
DeltaFile
+3-3contrib/libarchive/test_utils/test_main.c
+3-31 files

FreeBSD/src b9e1990lib/libarchive config_freebsd.h

libarchive: Update configuration

PR:             294577
MFC after:      1 week
Reviewed by:    mm
Differential Revision:  https://reviews.freebsd.org/D56468

(cherry picked from commit 05bbe5e3883492dd2afa52039da1fac45c5059a0)
DeltaFile
+89-37lib/libarchive/config_freebsd.h
+89-371 files

FreeBSD/src 57db556share/man/man5 src.conf.5

src.conf(5): rebuild after introduction of WITHOUT_PKGCONF

Sponsored by:   The FreeBSD Foundation
Reviewed by:    bapt, philip
Approved by:    philip (mentor)
DeltaFile
+3-1share/man/man5/src.conf.5
+3-11 files

FreeBSD/src e60d2d5contrib/libarchive/cpio cpio.c, contrib/libarchive/libarchive/test test_read_format_iso_zisofs_overflow.iso.uu test_read_format_rar5_loop_bug.rar.uu

libarchive: merge from vendor branch

libarchive 3.8.7

Important bugfixes:
 #2871 libarchive: fix handling of option failures
 #2897 iso9660: fix undefined behavior
 #2898 RAR: fix LZSS window size mismatch after PPMd block
 #2900 CAB: fix NULL pointer dereference during skip
 #2911 libarchive: do not continue with truncated numbers
 #2919 CAB: Fix Heap OOB Write in CAB LZX decoder
 #2934 iso9660: fix posibble heap buffer overflow on 32-bit systems
 #2939 cpio: Fix -R memory leak
 #2947 libarchive: lzop and grzip filter support

Important bugfixes between 3.8.5 and 3.8.6:
 #2860 bsdunzip: fix ISO week year and Gregorian year confusion
 #2864 7zip: ix SEGV in check_7zip_header_in_sfx via ELF offset validation
 #2875 7zip: fix out-of-bounds access on ELF 64-bit header

    [14 lines not shown]
DeltaFile
+1,096-0contrib/libarchive/libarchive/test/test_read_format_iso_zisofs_overflow.iso.uu
+189-0contrib/libarchive/libarchive/test/test_read_format_rar5_loop_bug.rar.uu
+135-0contrib/libarchive/libarchive/test/test_archive_string_conversion.c
+67-56contrib/libarchive/cpio/cpio.c
+104-0contrib/libarchive/libarchive/test/test_read_format_iso_zisofs_overflow.c
+95-0contrib/libarchive/libarchive/test/test_read_format_cab_skip_malformed.cab.uu
+1,686-5691 files not shown
+3,107-46097 files

FreeBSD/src b8352dalib/libpkgconf Makefile, lib/libpkgconf/libpkgconf config.h

pkgconf: import into the base system

This introduces the following option:

* MK_PKGCONF: determines if pkgconf and bomtool should be built

The objective is to allow the creation of SBOM information while
building FreeBSD's src tree. The build system cannot rely on the
presence of bomtool (and eventually also spdxtool) in the build
environment, except for having it as part of the src tree directly.

The framework implementing the generation of SBOM files is under review
in D56474.

This will also help simplifying the build, with the introduction of
another framework relying on the availability of pkgconf.

Sponsored by:           Alpha-Omega, The FreeBSD Foundation
Reviewed by:            bapt, philip

    [2 lines not shown]
DeltaFile
+77-0lib/libpkgconf/libpkgconf/config.h
+27-0lib/libpkgconf/Makefile
+23-0usr.bin/pkgconf/Makefile
+20-0usr.bin/bomtool/Makefile
+18-0tools/build/mk/OptionalObsoleteFiles.inc
+5-0tools/build/options/WITH_PKGCONF
+170-07 files not shown
+179-013 files

FreeBSD/src edcfb3dusr.bin/less lesspipe.sh

lesspipe: Use zstdcat

zstdcat is equivalent to zstd -dcf, and matches our intention.

Suggested by:   delphij (in D55101)
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 34d7f100c1d9e6f21d2f79097e891f7a17749d1b)
DeltaFile
+1-1usr.bin/less/lesspipe.sh
+1-11 files

FreeBSD/src a3cefe7contrib/pkgconf NEWS, contrib/pkgconf/cli main.c

Add 'contrib/pkgconf/' from commit '6294b6ab217a2d5f1d2bc23a64505a228294c508'

git-subtree-dir: contrib/pkgconf
git-subtree-mainline: 45827f9ad2e32ec8e4cdde62cbf722a48fb1b396
git-subtree-split: 6294b6ab217a2d5f1d2bc23a64505a228294c508
DeltaFile
+1,935-0contrib/pkgconf/libpkgconf/pkg.c
+1,823-0contrib/pkgconf/cli/main.c
+1,028-0contrib/pkgconf/libpkgconf/win-dirent.h
+943-0contrib/pkgconf/NEWS
+817-0contrib/pkgconf/libpkgconf/client.c
+803-0contrib/pkgconf/libpkgconf/fragment.c
+7,349-0178 files not shown
+19,696-0184 files

FreeBSD/src 6294b6a. NEWS, cli main.c

Vendor import of pkgconf 2.5.1

Obtained from https://github.com/pkgconf/pkgconf/archive/refs/tags/pkgconf-2.5.1.tar.gz

SHA1: c5d6a0e62f293b2c9078c815b2343b0f208c9879  -
SHA256: 79721badcad1987dead9c3609eb4877ab9b58821c06bdacb824f2c8897c11f2a  -
SHA512: 53244f372ea21125a1d97c5b89a84299740b55a66165782e807ed23adab3a07408a1547f1f40156e3060359660d07f49846c8b4893beef10ac9440ab7e8611cc  -
DeltaFile
+1,935-0libpkgconf/pkg.c
+1,823-0cli/main.c
+1,028-0libpkgconf/win-dirent.h
+943-0NEWS
+817-0libpkgconf/client.c
+803-0libpkgconf/fragment.c
+7,349-0178 files not shown
+19,696-0184 files

FreeBSD/ports 359aa20textproc/py-chardet distinfo Makefile

textproc/py-chardet: Update to 7.4.3

Changes:        https://github.com/chardet/chardet/releases
DeltaFile
+3-3textproc/py-chardet/distinfo
+1-1textproc/py-chardet/Makefile
+4-42 files

FreeBSD/ports d142762security/py-fido2 distinfo Makefile

security/py-fido2: Update to 2.2.0

Changes:        https://github.com/Yubico/python-fido2/releases
Security:       CVE-2026-40947
DeltaFile
+3-3security/py-fido2/distinfo
+1-1security/py-fido2/Makefile
+4-42 files

FreeBSD/ports b1a7595devel/py-nbconvert distinfo Makefile

devel/py-nbconvert: Update to 7.17.1

Changes:        https://github.com/jupyter/nbconvert/releases
                https://nbconvert.readthedocs.io/en/latest/changelog.html
DeltaFile
+3-3devel/py-nbconvert/distinfo
+1-1devel/py-nbconvert/Makefile
+4-42 files

FreeBSD/ports 829853bmisc/p5-Business-ISBN-Data distinfo Makefile

misc/p5-Business-ISBN-Data: Update to 20260416.001

Changes:        https://metacpan.org/dist/Business-ISBN-Data/changes
DeltaFile
+3-3misc/p5-Business-ISBN-Data/distinfo
+1-1misc/p5-Business-ISBN-Data/Makefile
+4-42 files

FreeBSD/ports bcb6bf8devel/p5-Log-Report distinfo Makefile

devel/p5-Log-Report: Update to 1.45

Changes:        https://metacpan.org/dist/Log-Report/changes
DeltaFile
+3-3devel/p5-Log-Report/distinfo
+1-1devel/p5-Log-Report/Makefile
+4-42 files