FreeBSD/ports ced5ef8security/openvpn-devel Makefile distinfo

security/openvpn-devel: upgrade to commit 64fae9d829

this brings in the upstream development work that has happened over
the last two months, plus two CVE fixes:

  - fix race condition in TLS handshake that could lead to leaking of
    packet data from a previous handshake under specific circumstances
    (CVE-2026-40215)

    (Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai at tencent.com))

  - fix server ASSERT() on receiving a suitably malformed packet with
    a valid tls-crypt-v2 key (CVE-2026-35058)

    (Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai at tencent.com)
     and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))

besides this, most of the commits are code maintenance - modernizing
code, adjusting OpenSSL APIs used to be 4.0 compatible, adding more

    [8 lines not shown]
DeltaFile
+5-5security/openvpn-devel/Makefile
+3-3security/openvpn-devel/distinfo
+8-82 files

FreeBSD/ports 757a85asecurity/openvpn-devel Makefile distinfo

security/openvpn-devel: Update 2.7_rc6 -> post-2.7 commit 38243844

OpenVPN 2.7.0 has been released and will show up as "security/openvpn"
soon.

This port skips 2.7.0 release and continues to track development versions,
which will focus on code cleanup / refactoring for the next few months.

Use this opportunity to bring option and dependency handling more in
line with main port

 - X509ALTUSERNAME is gone (always-on now in upstream source)
 - ASYNC_PUSH added, with freebsd-version dependent handling of
   libinotify dependency (see PR 293176)
 - UNITTEST added, with libcmocka dependency if unit tests are desired

(cherry picked from commit da00fa0ed292ff71ea1eeaa6902f70d53de9d512)
DeltaFile
+18-14security/openvpn-devel/Makefile
+3-3security/openvpn-devel/distinfo
+21-172 files

FreeBSD/src c146f5acontrib/pkgconf/libpkgconf personality.c, lib/libpkgconf Makefile

pkgconf: determine the default paths dynamically

This automatically computes the correct PKG_CONFIG_PATH with LOCALBASE
from the environment (when set) or from the "user.localbase" sysctl, in
this order.

Reviewed by:    des
Approved by:    des
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57246
DeltaFile
+61-0contrib/pkgconf/libpkgconf/personality.c
+0-2lib/libpkgconf/Makefile
+61-22 files

FreeBSD/ports 2ac9e4agames/CWR-CE Makefile pkg-descr, games/CWR-CE/files install-cwr-data.sh cwr-ce.sh

games/CWR-CE: New port

Game engine of Arma: Cold War Assault - Remastered
DeltaFile
+392-0games/CWR-CE/files/install-cwr-data.sh
+79-0games/CWR-CE/Makefile
+41-0games/CWR-CE/files/cwr-ce.sh
+31-0games/CWR-CE/files/pkg-message.in
+15-0games/CWR-CE/pkg-descr
+7-0games/CWR-CE/distinfo
+565-01 files not shown
+566-07 files

FreeBSD/ports 1597cdedatabases/timescaledb distinfo Makefile

databases/timescaledb: Update to 2.28.2
DeltaFile
+3-3databases/timescaledb/distinfo
+1-1databases/timescaledb/Makefile
+2-0databases/timescaledb/pkg-plist
+6-43 files

FreeBSD/ports 9e87c0bdevel/sem distinfo Makefile

devel/sem: Update to 0.15.1
DeltaFile
+3-3devel/sem/distinfo
+1-1devel/sem/Makefile
+4-42 files

FreeBSD/src f27c1dashare/man/man4 ntsync.4

ntsync.4: be explicit about the effect of automatic vs manual event on waiters

(cherry picked from commit 65251c43415aa0993b7d43962cbb71d772870c83)
DeltaFile
+7-1share/man/man4/ntsync.4
+7-11 files

FreeBSD/src 0b9f4c6sys/fs/nfsserver nfs_nfsdserv.c

nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools

Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted.  The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created.  The EINVAL failure leaves these new files
messed up (mode == 0).

This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.

If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.

PR:     296066

(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
DeltaFile
+10-0sys/fs/nfsserver/nfs_nfsdserv.c
+10-01 files

FreeBSD/src 76badd2sys/fs/nfsserver nfs_nfsdserv.c

nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools

Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted.  The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created.  The EINVAL failure leaves these new files
messed up (mode == 0).

This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.

If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.

PR:     296066

(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
DeltaFile
+10-0sys/fs/nfsserver/nfs_nfsdserv.c
+10-01 files

FreeBSD/src cf85111sys/x86/include specialreg.h, sys/x86/x86 identcpu.c

x86: add CPUID bits for SHA512/SM3/SM4

Reviewed by:    mav
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D58003
DeltaFile
+3-0sys/x86/x86/identcpu.c
+3-0sys/x86/include/specialreg.h
+6-02 files

FreeBSD/ports 1959aaagraphics/nvidia-drm-515-kmod/files patch-nvidia-drm-helper.h, graphics/nvidia-drm-61-kmod/files patch-nvidia-drm-helper.h

graphics/nvidia-drm-*-kmod*: Fix GPF in some configs

Fix General Protection Fault in __nv_drm_gem_nvkms_handle_vma_fault,
lkpi_vmf_insert_pnf_prot_locked, vm_page_busy_acquire in specific
configurations, notably KDE on Wayland.

PR:             296195
Reported by:    keivan at motavalli.me
Reviewed by:    ashafer
Tested by:      keivan at motavalli.me
Differential Revision:  https://reviews.freebsd.org/D57989

Co-authored by: ashafer at FreeBSD.org
DeltaFile
+60-0graphics/nvidia-drm-latest-kmod/files/patch-nvidia-drm-helper.h
+60-0graphics/nvidia-drm-66-kmod/files/patch-nvidia-drm-helper.h
+60-0graphics/nvidia-drm-612-kmod/files/patch-nvidia-drm-helper.h
+60-0graphics/nvidia-drm-61-kmod/files/patch-nvidia-drm-helper.h
+60-0graphics/nvidia-drm-515-kmod/files/patch-nvidia-drm-helper.h
+54-0graphics/nvidia-drm-latest-kmod/files/patch-nvidia-drm-gem-nvkms-memory.c
+354-026 files not shown
+785-3332 files

FreeBSD/ports 38eb060security/py-gvm-tools Makefile

security/py-gvm-tools: Fix build

Reported by:    pkg-fallout
DeltaFile
+2-1security/py-gvm-tools/Makefile
+2-11 files

FreeBSD/ports 71f688asysutils/ezjail Makefile distinfo, sysutils/ezjail/files patch-ezjail-admin patch-Makefile

sysutils/ezjail: Update 3.4.2 => 3.4.3

Changelog:
- Install man pages to $DEST/share/man, not $DEST/man.
- Make distribution now needs to be called from /usr/src, not
  /usr/src/etc.
- Fix tyop: snapshot => snapshots.
- Incorporate fixes from port: provide shutdown script.
- for freebsdup-update -b, --currently-running now is mandatory.
- Fix superfluous asteriks in multiplication.
- Fix man page typos.
- Typo fixes.
- Incorporate Makefile patch from port.

Improve port:
- Replace PORTVERSION with DISTVERSION.
- Add LICENSE block.
- Sort plist.


    [3 lines not shown]
DeltaFile
+0-28sysutils/ezjail/files/patch-ezjail-admin
+6-6sysutils/ezjail/Makefile
+11-0sysutils/ezjail/files/patch-Makefile
+3-2sysutils/ezjail/distinfo
+2-2sysutils/ezjail/pkg-plist
+22-385 files

FreeBSD/ports 64fb174security/tailscale distinfo Makefile

security/tailscale: Update to 1.98.8
DeltaFile
+5-5security/tailscale/distinfo
+1-2security/tailscale/Makefile
+6-72 files

FreeBSD/ports 1a5d068www/angie-module-auth-totp Makefile, www/angie-module-brotli Makefile

www/angie-module-*: Bump PORTREVISION after update www/angie 1.11.6 => 1.11.8

PR:             296274
Approved by:    Sebastian Oswald <sko at rostwald.de> (maintainer)
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit d9655486bfa8f943b7e9b386f7642f4af12be4ed)
DeltaFile
+1-1www/angie-module-auth-totp/Makefile
+1-1www/angie-module-brotli/Makefile
+1-1www/angie-module-cache-purge/Makefile
+1-1www/angie-module-dav-ext/Makefile
+1-1www/angie-module-echo/Makefile
+1-1www/angie-module-enhanced-memcached/Makefile
+6-613 files not shown
+19-1919 files

FreeBSD/ports 577865cwww/angie Makefile distinfo, www/angie-module-vod Makefile pkg-descr

www/angie-module-vod: New upstream, update to 1.8.1

This patch changes the port to the new upstream repo, since the
original one the angie documentation still refers to in some places
has been abandoned since 2024.

BEFORE UPDATING:
Carefully read the changelogs at
https://github.com/dio-az/nginx-vod-module/releases,
especially regarding these BREAKING CHANGES in v1.0.0:
- Drop support for HDS and MSS
- Improve compliance with DASH specification
- Use last audio track assuming higher bitrate

PR:             296274
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH:            2026Q2

(cherry picked from commit d746fb717c68cbb45d1e4032f81cdf6b8a6f168b)
DeltaFile
+5-4www/angie-module-vod/Makefile
+4-0www/angie/Makefile
+2-2www/angie/distinfo
+1-1www/angie-module-vod/files/pkg-message.in
+1-1www/angie-module-vod/pkg-descr
+13-85 files

FreeBSD/ports a478735www/angie distinfo, www/angie-module-keyval Makefile

www/angie-module-keyval: Update 0.4.0 => 0.5.0

Changelog:
https://github.com/kjdev/nginx-keyval/releases/tag/0.5.0

PR:             296274
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit 81347f582d4dbf6b003d7c1b9d22124e19785e63)
DeltaFile
+2-2www/angie-module-keyval/Makefile
+2-2www/angie/distinfo
+4-42 files

FreeBSD/ports fac0802www/angie distinfo, www/angie-module-auth-jwt Makefile

www/angie-module-auth-jwt: Update 0.13.1 => 0.14.1

Changelog:
https://github.com/kjdev/nginx-auth-jwt/releases/tag/0.14.0
https://github.com/kjdev/nginx-auth-jwt/releases/tag/0.14.1

PR:             296274
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit c8e7d0e35c1848a088c803c46c2861181a4c6fb2)
DeltaFile
+2-2www/angie/distinfo
+1-1www/angie-module-auth-jwt/Makefile
+3-32 files

FreeBSD/ports dbbcb04www/angie distinfo Makefile

www/angie: Update 1.11.6 => 1.11.8 (fix 3 CVEs)

Release Notes:
https://en.angie.software/news/releases/angie-1-11-7/
https://en.angie.software/news/releases/angie-1-11-8/

PR:             296274
Security:       CVE-2026-42055
Security:       CVE-2026-48142
Security:       CVE-2026-42530
Sponsored by:   UNIS Labs
Co-authored-by: Oleg Sidorkin <osidorkin at gmail.com>
MFH:            2026Q2

(cherry picked from commit 0baa6f006aadf8ee6da0df4a6f06f573bf36146b)
DeltaFile
+3-3www/angie/distinfo
+1-1www/angie/Makefile
+4-42 files

FreeBSD/ports d965548www/angie-module-auth-spnego Makefile, www/angie-module-auth-totp Makefile

www/angie-module-*: Bump PORTREVISION after update www/angie 1.11.6 => 1.11.8

PR:             296274
Approved by:    Sebastian Oswald <sko at rostwald.de> (maintainer)
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+1-1www/angie-module-redis2/Makefile
+1-1www/angie-module-auth-spnego/Makefile
+1-1www/angie-module-auth-totp/Makefile
+1-1www/angie-module-brotli/Makefile
+1-1www/angie-module-cache-purge/Makefile
+1-1www/angie-module-dav-ext/Makefile
+6-613 files not shown
+19-1919 files

FreeBSD/ports d746fb7www/angie Makefile distinfo, www/angie-module-vod Makefile pkg-descr

www/angie-module-vod: New upstream, update to 1.8.1

This patch changes the port to the new upstream repo, since the
original one the angie documentation still refers to in some places
has been abandoned since 2024.

BEFORE UPDATING:
Carefully read the changelogs at
https://github.com/dio-az/nginx-vod-module/releases,
especially regarding these BREAKING CHANGES in v1.0.0:
- Drop support for HDS and MSS
- Improve compliance with DASH specification
- Use last audio track assuming higher bitrate

PR:             296274
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH:            2026Q2
DeltaFile
+5-4www/angie-module-vod/Makefile
+4-0www/angie/Makefile
+2-2www/angie/distinfo
+1-1www/angie-module-vod/files/pkg-message.in
+1-1www/angie-module-vod/pkg-descr
+13-85 files

FreeBSD/ports 81347f5www/angie distinfo, www/angie-module-keyval Makefile

www/angie-module-keyval: Update 0.4.0 => 0.5.0

Changelog:
https://github.com/kjdev/nginx-keyval/releases/tag/0.5.0

PR:             296274
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+2-2www/angie-module-keyval/Makefile
+2-2www/angie/distinfo
+4-42 files

FreeBSD/ports c8e7d0ewww/angie distinfo, www/angie-module-auth-jwt Makefile

www/angie-module-auth-jwt: Update 0.13.1 => 0.14.1

Changelog:
https://github.com/kjdev/nginx-auth-jwt/releases/tag/0.14.0
https://github.com/kjdev/nginx-auth-jwt/releases/tag/0.14.1

PR:             296274
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+2-2www/angie/distinfo
+1-1www/angie-module-auth-jwt/Makefile
+3-32 files

FreeBSD/ports 0baa6f0www/angie distinfo Makefile

www/angie: Update 1.11.6 => 1.11.8 (fix 3 CVEs)

Release Notes:
https://en.angie.software/news/releases/angie-1-11-7/
https://en.angie.software/news/releases/angie-1-11-8/

PR:             296274
Security:       CVE-2026-42055
Security:       CVE-2026-48142
Security:       CVE-2026-42530
Sponsored by:   UNIS Labs
Co-authored-by: Oleg Sidorkin <osidorkin at gmail.com>
MFH:            2026Q2
DeltaFile
+3-3www/angie/distinfo
+1-1www/angie/Makefile
+4-42 files

FreeBSD/doc 37c90cdwebsite/content/ru/releases/15.1R errata.adoc

website/ru: Update releases/15.1R/errata.adoc

Update to EN c825b69ca0b0cdd41f3980c9dd4b45ce6cded427
DeltaFile
+12-4website/content/ru/releases/15.1R/errata.adoc
+12-41 files

FreeBSD/ports 9f3680cdevel/rubygem-pdk Makefile

devel/rubygem-pdk: fix typo in "DEPRECATED"

Reported by:    ronald
DeltaFile
+1-1devel/rubygem-pdk/Makefile
+1-11 files

FreeBSD/ports 0d4ebddnet-mgmt/check_mysql_health/files extra-patch-plugins-scripts_subst.in, security/openssl-pkcs11provider Makefile

Mk/bsd.port.mk: mark 14.3 unsupported

all: drop supoprt for FreeBSD 14.3

While here clean up some leftovers from FreeBSD 13

Reviewed by:    adamw, jbeich, kirill_varnakov.com, saheed, sunpoet
Approved by:    portmgr (implicit)
Differential Revision: https://reviews.freebsd.org/D57282
DeltaFile
+0-49x11-wm/sway/files/extra-patch-wordexp
+0-49x11-wm/swayfx/files/extra-patch-wordexp
+0-12x11-wm/swayfx/Makefile
+0-12x11-wm/sway/Makefile
+0-11net-mgmt/check_mysql_health/files/extra-patch-plugins-scripts_subst.in
+1-7security/openssl-pkcs11provider/Makefile
+1-14015 files not shown
+13-19121 files

FreeBSD/ports 21a743farchivers/minizip-ng distinfo Makefile

archivers/minizip-ng: Update 4.2.1 => 4.2.2

Changelog:
https://github.com/zlib-ng/minizip-ng/releases/tag/4.2.2

Sponsored by:   UNIS Labs
DeltaFile
+5-5archivers/minizip-ng/distinfo
+3-3archivers/minizip-ng/Makefile
+8-82 files

FreeBSD/ports bc784e5devel/rubygem-pdk Makefile

devel/rubygem-pdk: expire on 2026-09-30 for sysutils/rubygem-facter
DeltaFile
+3-0devel/rubygem-pdk/Makefile
+3-01 files

FreeBSD/ports ca7f541security/openvpn distinfo Makefile, security/openvpn/files patch-src_openvpn_buffer.c

security/openvpn: Update 2.7.4 => 2.7.5 (fix 6 CVEs)

Changelog:
https://github.com/OpenVPN/openvpn/blob/v2.7.5/Changes.rst

The upstream's signing sub-key expired yesterday, new key provided via
https://swupdate.openvpn.net/community/keys/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg

PR:             296429
Security:       ffa897a0-756f-11f1-b291-a74de6bb0320
Security:       CVE-2026-11771
Security:       CVE-2026-12932
Security:       CVE-2026-12996
Security:       CVE-2026-13117
Security:       CVE-2026-13122
Security:       CVE-2026-13698
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit 7bcce8a1bb5c23d738b378619625289403dffe37)
DeltaFile
+14-0security/openvpn/files/patch-src_openvpn_buffer.c
+3-3security/openvpn/distinfo
+2-3security/openvpn/Makefile
+19-63 files