FreeBSD/ports f734acfsecurity/vuxml/vuln 2026.xml

security/vuxml: fix package name

Fixes:  25fdff6924a2ffc740d7102a0940c896cc8c35d0
DeltaFile
+1-1security/vuxml/vuln/2026.xml
+1-11 files

FreeBSD/ports 3e65db3www/squidclamav distinfo Makefile

www/squidclamav: Update to 7.5

Pull Request:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+3-3www/squidclamav/distinfo
+1-2www/squidclamav/Makefile
+4-52 files

FreeBSD/ports 783a09edevel/buildkite-agent/files buildkite.in

devel/buildkite_agent: Enable logfile for output

Reviewed by:    dch
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57885
DeltaFile
+1-0devel/buildkite-agent/files/buildkite.in
+1-01 files

FreeBSD/ports 51cda26x11-toolkits/mygui-dummy Makefile, x11-toolkits/mygui-opengl Makefile

x11-toolkits/mygui-*: restore oblivoiusly zeroed PORTREVISIONS
DeltaFile
+1-1x11-toolkits/mygui-dummy/Makefile
+1-1x11-toolkits/mygui-opengl/Makefile
+2-22 files

FreeBSD/ports fa567b7sysutils/leaf distinfo Makefile

sysutils/leaf: Update to 1.26.1

Changelog: https://github.com/RivoLink/leaf/blob/1.26.1/CHANGELOG.md

Reported by:    GitHub (watch releases)
DeltaFile
+3-3sysutils/leaf/distinfo
+1-1sysutils/leaf/Makefile
+4-42 files

FreeBSD/ports 37d1fc9graphics/poppler Makefile, graphics/poppler/files patch-poppler_SplashOutputDev.cc

graphics/poppler: Fix CVE-2026-10118

PR:             296769
Security:       CVE-2026-10118
Approved by:    desktop (arrowd)
Approved by:    osa (mentor)
MFH:            2026Q3

(cherry picked from commit fcafe0397f536499c548605740b9ef7ed62b1cbf)
DeltaFile
+32-0graphics/poppler/files/patch-poppler_SplashOutputDev.cc
+1-0graphics/poppler/Makefile
+33-02 files

FreeBSD/ports c9badc5security/vuxml/vuln 2026.xml

security/vuxml: Document Poppler vulnerability

PR:             296769
Approved by:    osa (mentor)
Security:       CVE-2026-10118
DeltaFile
+37-0security/vuxml/vuln/2026.xml
+37-01 files

FreeBSD/ports a34b6bbdevel/mercurial distinfo Makefile, devel/mercurial/files patch-pyproject.toml patch-setup.py

devel/mercurial: update to 7.2.3

Regenerate patches and update pkg-plist.

PR:             296404
Approved by:    python (maintainer timeout)

Sponsored by:   tipi.work
DeltaFile
+20-0devel/mercurial/files/patch-pyproject.toml
+3-3devel/mercurial/files/patch-setup.py
+3-3devel/mercurial/distinfo
+1-4devel/mercurial/Makefile
+2-2devel/mercurial/pkg-plist
+29-125 files

FreeBSD/ports 944a88ddevel/git distinfo pkg-plist

devel/git: Update to 2.55.0

Avoid rust buil-time requirement while it's still possible

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+7-7devel/git/distinfo
+10-0devel/git/pkg-plist
+3-3devel/git/Makefile
+20-103 files

FreeBSD/ports ed58cdeMk/Uses npm.mk

Mk/Uses/npm.mk: Unbreak make index

In the previous commit, NPM_VER_MAJOR and NPM_VER_MINOR are left
undefined when NPM_VER is manually specified. This change corrects the
error.

Reported by:    Xavier Humbert <xavier at groumpf.org> (via ports),
                antoine (via ports-committers)
Fixes:          dad28f35db5a (Mk/Uses/npm.mk: Correct NPM version comparison)
DeltaFile
+3-2Mk/Uses/npm.mk
+3-21 files

FreeBSD/ports b5732f0devel/lndir Makefile

devel/lndir: Take maintainership
DeltaFile
+1-1devel/lndir/Makefile
+1-11 files

FreeBSD/ports f2bb236devel/R-cran-mlbench distinfo Makefile

devel/R-cran-mlbench: Update to 2.1-9

ChangeLog: https://cran.r-project.org/web/packages/mlbench/NEWS
DeltaFile
+3-3devel/R-cran-mlbench/distinfo
+1-1devel/R-cran-mlbench/Makefile
+4-42 files

FreeBSD/ports 4b7b28emath/R-cran-slam distinfo Makefile

math/R-cran-slam: Update to 0.1-56

ChangeLog: https://github.com/cran/slam/compare/0.1-55...0.1-56
DeltaFile
+3-3math/R-cran-slam/distinfo
+1-1math/R-cran-slam/Makefile
+4-42 files

FreeBSD/ports 332b34ejapanese/lookup Makefile, japanese/lookup/files patch-lisp_Makefile.am

japanese/lookup: Do not build *.elc files

PR:             296744
Approved by:    osa (mentor)
DeltaFile
+18-0japanese/lookup/files/patch-lisp_Makefile.am
+2-6japanese/lookup/Makefile
+20-62 files

FreeBSD/ports fcafe03graphics/poppler Makefile, graphics/poppler/files patch-poppler_SplashOutputDev.cc

graphics/poppler: Fix CVE-2026-10118

PR:             296769
Security:       CVE-2026-10118
Approved by:    desktop (arrowd)
Approved by:    osa (mentor)
MFH:            2026Q3
DeltaFile
+32-0graphics/poppler/files/patch-poppler_SplashOutputDev.cc
+1-0graphics/poppler/Makefile
+33-02 files

FreeBSD/ports 6cf3e1aaudio/beets Makefile distinfo

audio/beets: Update 2.5.1 => 2.12.0

Changelogs:
https://github.com/beetbox/beets/releases/tag/v2.6.0
https://github.com/beetbox/beets/releases/tag/v2.6.1
https://github.com/beetbox/beets/releases/tag/v2.6.2
https://github.com/beetbox/beets/releases/tag/v2.7.0
https://github.com/beetbox/beets/releases/tag/v2.7.1
https://github.com/beetbox/beets/releases/tag/v2.8.0
https://github.com/beetbox/beets/releases/tag/v2.9.0
https://github.com/beetbox/beets/releases/tag/v2.10.0
https://github.com/beetbox/beets/releases/tag/v2.11.0
https://github.com/beetbox/beets/releases/tag/v2.12.0

PR:             296425
Approved by:    Leonhard Wachutka <leonhard at wachutka.eu> (maintainer)
Sponsored by:   UNIS Labs
MFH:            2026Q3

(cherry picked from commit e8a92391cd7f44bcee6812f9ab14bc1f4629128e)
DeltaFile
+12-10audio/beets/Makefile
+3-3audio/beets/distinfo
+15-132 files

FreeBSD/ports e8a9239audio/beets Makefile distinfo

audio/beets: Update 2.5.1 => 2.12.0

Changelogs:
https://github.com/beetbox/beets/releases/tag/v2.6.0
https://github.com/beetbox/beets/releases/tag/v2.6.1
https://github.com/beetbox/beets/releases/tag/v2.6.2
https://github.com/beetbox/beets/releases/tag/v2.7.0
https://github.com/beetbox/beets/releases/tag/v2.7.1
https://github.com/beetbox/beets/releases/tag/v2.8.0
https://github.com/beetbox/beets/releases/tag/v2.9.0
https://github.com/beetbox/beets/releases/tag/v2.10.0
https://github.com/beetbox/beets/releases/tag/v2.11.0
https://github.com/beetbox/beets/releases/tag/v2.12.0

PR:             296425
Approved by:    Leonhard Wachutka <leonhard at wachutka.eu> (maintainer)
Sponsored by:   UNIS Labs
MFH:            2026Q3
DeltaFile
+12-10audio/beets/Makefile
+3-3audio/beets/distinfo
+15-132 files

FreeBSD/ports a65fe3awww/nextcloud-calendar distinfo Makefile

www/nextcloud-calendar: Update to 6.5.1
DeltaFile
+3-3www/nextcloud-calendar/distinfo
+1-1www/nextcloud-calendar/Makefile
+4-42 files

FreeBSD/ports 33dc48ddevel/R-cran-urlchecker Makefile distinfo

devel/R-cran-urlchecker: Update to 2.0.0

The port doesn't need compiling so remove BUILD_DEPENDS.
Switch WWW to canonical form.

Changelog:
https://cran.r-project.org/web/packages/urlchecker/news/news.html
DeltaFile
+9-5devel/R-cran-urlchecker/Makefile
+3-3devel/R-cran-urlchecker/distinfo
+12-82 files

FreeBSD/ports 0c19ebcsecurity/vuxml/vuln 2026.xml

security/vuxml: Add devel/ocaml-opam vulnerability

While here, fix whitespaces of two previous entries after the
feedback of `make validate`.

PR:             296642
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+42-9security/vuxml/vuln/2026.xml
+42-91 files

FreeBSD/ports d86d9a5multimedia/filebot Makefile pkg-message, multimedia/filebot/files patch-filebot.sh

multimedia/filebot: update to 5.2.3

This brings multimedia/filebot up to date with the current version.

Some changes on our end:

1. Drop OpenJFX in favor of Zenity: Long since overdue, since OpenJFX is long-since abandoned. I don't know exactly when Rednoah added this, but now we have it also.

2. Move to JAVA 25: Dropping OpenJFX opens us up to a modern JVM. I'm not sure that JFX was actually holding us back before, but now we can be certain.

3. Limit to amd64: there's a prebuilt JNA lib required from the developer. If you need filebot on other archs, that is an exercise left to the reader.

4. Drop pkg-message: The advice in the pkg-message is outdated.

PR:     296768
DeltaFile
+16-15multimedia/filebot/Makefile
+13-0multimedia/filebot/files/patch-filebot.sh
+0-13multimedia/filebot/pkg-message
+3-3multimedia/filebot/distinfo
+4-0multimedia/filebot/pkg-plist
+36-315 files

FreeBSD/ports 34df385devel/ocaml-opam distinfo Makefile

devel/ocaml-opam: Security update 2.5.1 => 2.5.2

Changelog:
https://github.com/ocaml/opam/blob/2.5.2/CHANGES

PR:             296642
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q3
Security:       CVE-2026-57825

(cherry picked from commit d5ea67850ea1a47bffee8e76a5215b73345f897c)
DeltaFile
+3-3devel/ocaml-opam/distinfo
+1-1devel/ocaml-opam/Makefile
+4-42 files

FreeBSD/ports d5ea678devel/ocaml-opam distinfo Makefile

devel/ocaml-opam: Security update 2.5.1 => 2.5.2

Changelog:
https://github.com/ocaml/opam/blob/2.5.2/CHANGES

PR:             296642
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q3
Security:       CVE-2026-57825
DeltaFile
+3-3devel/ocaml-opam/distinfo
+1-1devel/ocaml-opam/Makefile
+4-42 files

FreeBSD/ports 20d18cdwww/otter-browser Makefile

www/otter-browser: Schedule for removal before 2026Q4

Requires deprecated Qt5 WebEngine
DeltaFile
+3-0www/otter-browser/Makefile
+3-01 files

FreeBSD/ports 4a355e0deskutils/semantik Makefile

deskutils/semantik: Schedule for removal before 2026Q4

Requires deprecated Qt5 WebEngine
DeltaFile
+3-0deskutils/semantik/Makefile
+3-01 files

FreeBSD/ports 57872eawww/py-qt5-webengine Makefile

www/py-qt5-webengine: Schedule for removal before 2026Q4

Requires deprecated Qt5 WebEngine
DeltaFile
+4-0www/py-qt5-webengine/Makefile
+4-01 files

FreeBSD/ports 895bc02graphics/krita pkg-plist Makefile, graphics/krita/files patch-cmake_modules_FindOpenJPEG.cmake patch-cmake_modules_pyproject.toml.in

graphics/krita: Update to 6.0.2.1 and switch to Qt6

Although the same tarball is used for 5.3.2.1 (Qt5) and 6.0.2.1 (Qt6),
Qt6 build is still considered experimental. Both versions are almost
functionally identical, with 6.0.x having more Wayland functionality.

Announcement:   https://krita.org/en/posts/2026/krita-5.3.0-released/
                https://krita.org/en/posts/2026/krita-5.3.1-released/
                https://krita.org/en/posts/2026/krita-5.3.2-released/
                https://krita.org/en/posts/2026/krita-5.3.2.1-released/
DeltaFile
+79-6graphics/krita/pkg-plist
+23-32graphics/krita/Makefile
+0-13graphics/krita/files/patch-cmake_modules_FindOpenJPEG.cmake
+4-6graphics/krita/files/patch-cmake_modules_pyproject.toml.in
+3-5graphics/krita/distinfo
+109-625 files

FreeBSD/ports 732c5d7graphics/kseexpr Makefile pkg-plist

graphics/kseexpr: Update to 6.0.0.0 and switch to Qt6

Use PLIST_SUB to reduce diff on future updates.
DeltaFile
+10-7graphics/kseexpr/Makefile
+9-4graphics/kseexpr/pkg-plist
+3-3graphics/kseexpr/distinfo
+22-143 files

FreeBSD/ports 299b18bgraphics/krita-gmic-plugin Makefile distinfo, graphics/krita-gmic-plugin/files patch-CMakeLists.txt patch-gmic-qt_CMakeLists.txt

graphics/krita-gmic-plugin: Update to 3.7.4.1 and switch to Qt6

Replace WRKSRC_SUBDIR with CMAKE_SOURCE_PATH to simplify patching.
DeltaFile
+0-35graphics/krita-gmic-plugin/files/patch-CMakeLists.txt
+17-11graphics/krita-gmic-plugin/Makefile
+22-0graphics/krita-gmic-plugin/files/patch-gmic-qt_CMakeLists.txt
+11-0graphics/krita-gmic-plugin/files/patch-src_CImg.h
+3-3graphics/krita-gmic-plugin/distinfo
+53-495 files

FreeBSD/ports 3445965devel/esbuild distinfo Makefile

devel/esbuild: update to 0.28.1

ChangeLog:      https://github.com/evanw/esbuild/compare/v0.28.0...v0.28.1
PR:             296408
Approved by:    dch (maintainer)

Sponsored by:   tipi.work
DeltaFile
+5-5devel/esbuild/distinfo
+1-2devel/esbuild/Makefile
+6-72 files