BSD Commit Log Search

graphics/openexr*: Security update to v3.4.5 and i386 fix

"Patch release that fixes an incorrect size check in
istream_nonparallel_read that could lead to a buffer overflow on invalid
input data."

Also fix i386 self-tests by adding -msse2: i386 builds require SSE2, but
the upstream cmake stuff does not enable this, so use CFLAGS_i386.

To prevent people seeing SIGILL crashes down late at run-time,
check if the CPU is sse2-capable by querying the clang compiler from
the pre-install script (pkg-plist's @preexec). Suggested by diizzy@.
  Other than that we could use the cpuid or the lscpu port instead, but
let's for now assume everything that wants to run OpenEXR also has a
working cc that is clang and has -march=native and gives us CPU details).
(GCC also gives us this but will use a different output format.)

While here, make failed tests verbose through ctest's environment so we
can see what's up from the build log already. (We need to go through

    [6 lines not shown]

www/restinio: Fix detection of llhttp's shared library

Upstream refers to it as llhttp_shared not llhttp_dynamic

Reference:
https://github.com/nodejs/llhttp/blob/release/v9.3.0/CMakeLists.txt#L96

Approved by:    blanket (just fix it)

net/cloud-init-devel: Deprecate and set expiration date to 2026-03-31

Currently unmaintained and years behind net/cloud-init

Reference: https://reviews.freebsd.org/D48959

security/vuxml: Add openexr < 3.4.5

Security:       716d25a6-0fdc-11f1-bfdf-ff9355aecb00

multimedia/mediamtx: Update to 1.16.2

Changelog: https://github.com/bluenviron/mediamtx/releases/tag/v1.16.2

databases/sqlcipher: Bump PORTREVISION after fix consumers

PR:     292688

databases/sqlcipher: Fix consumers

Rename installed files from *sqlite3* back to *sqlcipher*.
Unbreak consumers:
- finance/kmymoney
- finance/skrooge
- net-im/gurk-rs
- net-im/qTox
- net-p2p/retroshare
- databases/py-sqlcipher3

While here improve port:
- Use USES=localbase instead of CFLAGS+=-I${LOCALBASE}/include and
  LDFLAGS+=-L${LOCALBASE}/lib.
- Split long lines.
- Fix warnings from portclippy.
- Sort CONFIGURE_ARGS and CPPFLAGS.

PR:             292688

    [2 lines not shown]

net-im/nchat: update: 5.12.21 ->  5.13.17

ChangeLog:      https://github.com/d99kris/nchat/compare/v5.12.21...v5.13.17

Sponsored by:   tipi.work

emulators/virtualbox-ose{,-70,-71,-72,-legacy}: Improve port (non-functional)

- Replace ${PREFIX}/share/applications with ${DESKTOPDIR}.
- Replace "*" with . in COPYTREE_SHARE.

emulators/virtualbox-ose*: Add support of "Unattended Installation of Guest OS" feature

Install files required by Unattended Installation of Guest OS feature.
These files were already prepared during the ports' build, so just add
them to the installation.

Details about this feature are here:
https://www.virtualbox.org/manual/topics/create-vm.html#tk_create-vm-unattended-install

Reported by:    xin3qu via IRC (#freebsd-vbox @ Libera.Chat)

math/octave-forge-linear-algebra: Update to 2.2.4.

*/*: Update maintainer email to xlibre at FreeBSD.org

- Add powerpc64le to x11-drivers/xlibre-xf86-video-ast port

net/asterisk22: Update 20.18.1 => 20.18.2

Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
  leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
  ast_debug_tools.conf from /etc/asterisk; potentially leading to
  privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
  page echos user supplied values(cookie and query string) without
  sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
  file to world writeable folder; leading to potential privilege
  escalation.

Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html

PR:             293361

    [8 lines not shown]

net/asterisk22: Update 22.8.1 => 22.8.2

Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
  leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
  ast_debug_tools.conf from /etc/asterisk; potentially leading to
  privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
  page echos user supplied values(cookie and query string) without
  sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
  file to world writeable folder; leading to potential privilege
  escalation.

Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html

PR:             293361

    [8 lines not shown]

net/asterisk22: Update 20.18.1 => 20.18.2

Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
  leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
  ast_debug_tools.conf from /etc/asterisk; potentially leading to
  privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
  page echos user supplied values(cookie and query string) without
  sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
  file to world writeable folder; leading to potential privilege
  escalation.

Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-20.18.2.html

PR:             293361

    [6 lines not shown]

net/asterisk22: Update 22.8.1 => 22.8.2

Security Advisories Resolved: 4
- GHSA-85x7-54wr-vh42: Asterisk xml.c uses unsafe XML_PARSE_NOENT
  leading to potential XXE Injection.
- GHSA-rvch-3jmx-3jf3: ast_coredumper running as root sources
  ast_debug_tools.conf from /etc/asterisk; potentially leading to
  privilege escalation.
- GHSA-v6hp-wh3r-cwxh: The Asterisk embedded web server's /httpstatus
  page echos user supplied values(cookie and query string) without
  sanitization.
- GHSA-xpc6-x892-v83c: ast_coredumper runs as root, and writes gdb init
  file to world writeable folder; leading to potential privilege
  escalation.

Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/old-releases/ChangeLog-22.8.2.html

PR:             293361

    [6 lines not shown]

multimedia/minisatip: Update to 2.0.75

multimedia/tsduck: disable tsduck on 13

Mark tsduk broken on FreeBSD 13, OpenSSL 3.0 is required.
Also remove unnecessary dependencies and bump PORTREVSION

PR:     292353
PR:     292718
Reported-by:    Thierry Lelegard <thierry at lelegard.fr> (maintainer)

(cherry picked from commit bf75792f904db2621d101aa4eab92184860d3325)

net-p2p/transmission{,-components}: Update 4.0.6 => 4.1.1

Update gtk flavor to gtk4 and qt flavor to qt6.

Changelogs:
https://github.com/transmission/transmission/releases/tag/4.1.0
https://github.com/transmission/transmission/releases/tag/4.1.1

Improve port:
- Optimize Makefile for different flavors - dependencies, NO_BUILD,
  CMAKE_ARGS/CMAKE_ON/CMAKE_OFF, goals and etc.
- Add EXTRACT_AFTER_ARGS to prevent extract unnecessary files.
- Rework do-install.
- Fix warnings from portclippy.

PR:             292846
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>

net/libnatpmp: Update 20230423 => 20250404

Commit log:
https://github.com/miniupnp/libnatpmp/compare/724dc69...134fc89

PR:     292846

net-p2p/libutp: Update g20231123 => g20241117

Commit log:
https://github.com/transmission/libutp/compare/52645d6...490874c

PR:     292846

www/rubygem-gollum-lib: Update to 6.1.0

PR:             290530
Approved by:    maintainer (timeout)

dns/dnscontrol: Update to 4.34.0

sysutils/podman: Allow setting ownership on auto-created socket

The podman daemon auto-creates a socket on startup, along with parent
directory, and is always run as root. It is often useful to have another
proxy like haproxy or nginx provide more sophisticed security, and these
daemons do not need root privileges.

Differential Revision:  https://reviews.freebsd.org/D55339

Reviewed by:    arrowd
Approved by:    dfr

www/mod_http2: Update to 2.0.39

graphics/cloudcompare: Slightly improve port

* Use ${DESKTOPDIR} instead of ${PREFIX}/share/applications.

Reported by:            vvd@
Approved by:            db@, yuri@ (Mentors, implicit)
Differential Revision:  https://reviews.freebsd.org/D55434

emulators/wine-devel: Update 11.2 => 11.3

Changelog:
- Bundled vkd3d upgraded to version 1.19.
- Improved FIR filter in DirectSound.
- More optimizations in PDB loading.
- Light theme renamed to Aero for compatibility.
- Various bug fixes.
https://gitlab.winehq.org/wine/wine/-/releases/wine-11.3

PR:     293340

ports-mgmt/poudriere-dsh2dsh: Update 3.4.99.20260216 => 3.4.99.20260219

Upstream changes:
  - testport: Fix deleting existing packages (regression from Sep 2025)
  - testport: Default to not forcing TRYBROKEN; require -T.
  - destroyfs: Cleanup tmpfs mountpoints. (such as image cleanup)
  - bulk shlib tracking: Don't consider base libprivate*.so as missing.
  - bulk shlib tracking: Remove the 'misses all libraries' case; always print a
    specific library that is missing.

PR:     293337

www/go-anubis: update to 1.25.0

- https://github.com/TecharoHQ/anubis/releases/tag/v1.25.0

PR: 293006
PR: 293365
Sponsored by:   SkunkWerks, GmbH

graphics/cloudcompare: Pet portclippy(1) and portfmt(1)

* Pet portclippy(1) and portfmt(1)

Approved by:        db@, yuri@ (Mentors, implicit)