| 100 most recent commits (all timestamps are UTC) |
|
FreshPorts has everything you want to know about FreeBSD software, ports, packages,
applications, whatever term you want to use.
Yesterday's Commits | Quarterly Branch
|
|
Tuesday, 7 Jul 2026
|
00:03 Vladimir Druzenko (vvd) Author: Frank Wall 2026Q2
- net/turnserver 4.14.0
STUN/TURN Server; IPv6, DTLS support; RFCs 5389, 5766, 6062, 6156
net/turnserver: Update 4.10.0 => 4.14.0 (fix 4 CVEs)
Changelogs:
https://github.com/coturn/coturn/blob/4.14.0/ChangeLog
https://github.com/coturn/coturn/releases/tag/4.11.0
https://github.com/coturn/coturn/releases/tag/4.12.0
https://github.com/coturn/coturn/releases/tag/4.13.0
https://github.com/coturn/coturn/releases/tag/4.13.1
https://github.com/coturn/coturn/releases/tag/4.14.0
- Remove dead mirror from MASTER_SITES.
- Switch from http to https in MASTER_SITES.
- Remove unused dependency gettext-runtime.
PR: 296555
Approved by: blanket (fix 4 CVEs)
Security: CVE-2026-53450
Security: CVE-2026-53449
Security: CVE-2026-53448
Security: CVE-2026-43915
Sponsored by: UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>
MFH: 2026Q2
(cherry picked from commit fd77dbcdcf0659b6d458f06b1da69302cf76655e)
0063585 |
00:02 Vladimir Druzenko (vvd) Author: Frank Wall
- net/turnserver 4.14.0
STUN/TURN Server; IPv6, DTLS support; RFCs 5389, 5766, 6062, 6156
net/turnserver: Update 4.10.0 => 4.14.0 (fix 4 CVEs)
Changelogs:
https://github.com/coturn/coturn/blob/4.14.0/ChangeLog
https://github.com/coturn/coturn/releases/tag/4.11.0
https://github.com/coturn/coturn/releases/tag/4.12.0
https://github.com/coturn/coturn/releases/tag/4.13.0
https://github.com/coturn/coturn/releases/tag/4.13.1
https://github.com/coturn/coturn/releases/tag/4.14.0
- Remove dead mirror from MASTER_SITES.
- Switch from http to https in MASTER_SITES.
- Remove unused dependency gettext-runtime.
PR: 296555
Approved by: blanket (fix 4 CVEs)
Security: CVE-2026-53450
Security: CVE-2026-53449
Security: CVE-2026-53448
Security: CVE-2026-43915
Sponsored by: UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>
MFH: 2026Q2
fd77dbc |
|
Monday, 6 Jul 2026
|
23:46 Sergey A. Osokin (osa)
devel/rhg: New port
Experimental Rust backend for Mercurial.
Sponsored by: tipi.work
ba80bc9 |
23:38 Vladimir Druzenko (vvd) 
- www/deno 2.9.1_1
Secure JavaScript and TypeScript runtime
www/deno: Improve port
- Fix dependencies.
- Fix PREFIX and LOCALBASE usage.
- Fix warnings from portclippy.
- Merge INSTALL_PROGRAMs.
- Split long line in do-test.
PR: 296548
Sponsored by: UNIS Labs
54bba80 |
23:04 Craig Leres (leres) 
- security/zeek 8.0.9
System for detecting network intruders in real-time
security/zeek: Update to 8.0.9
https://github.com/zeek/zeek/releases/tag/v8.0.9
This release fixes the following potential DoS vulnerabilities:
- The NVT, Rlogin, and RSH analyzers have received fixes to avoid
unbounded state growth. Due to the fact that these packets can
be received from remote hosts, these are considered DoS risks.
- A specially crafted WebSocket payload can cause the Spicy WebSocket
analyzer to use excessive memory when processing close, ping,
and pong frames. Due to the fact that these packets can be
received from remote hosts, these are considered a DoS risk.
- A specially crafted series of Finger packets can cause the Spicy
Finger analyzer to use excessive amounts of memory and potentially
crash Zeek. Due to the fact that these packets can be received
from remote hosts, this is considered a DoS risk.
- A specially crafted Kerberos packet can cause the Kerberos
analyzer to enter an invalid state and potentially crash Zeek.
Due to the fact that these packets can be received from remote
hosts, this is considered a DoS risk.
- A specially crafted series of RDP packets can cause the RDP
analyzer to use excessive amounts of memory and potentially crash
Zeek. Due to the fact that these packets can be received from
remote hosts, this is considered a DoS risk.
- A specially crafted IP packet can cause the IP analyzer to read
past the end of the contents of the packet when emitting the
packet_contents event and possibly crash. Due to the fact that
these packets can be received from remote hosts, this is considered
a DoS risk.
- A specially crafted IP packet can cause the packet discarding
code to read off the end of the packet when looking for follow-on
header data. This may potentially lead to a crash of Zeek. Due
to the fact that these packets can be received from remote hosts,
this is considered a DoS risk.
- A specially crafted series of Gnutella packets may cause Zeek
to continue accumulating memory and eventually crash. Due to the
fact that these packets can be received from remote hosts, this
is considered a DoS risk.
- A specially crafted ICMPv6 packet can cause the ICMP analyzer
to skip part of the packet and not report corresponding events
and logs. Due to the fact that these packets can be received
from remote hosts, this is considered an evasion risk.
- A specially crafted SSH packet can cause the SSH analyzer to
throw BinPAC exceptions for extremely large packets and skip
logging them otherwise. Due to the fact that these packets can
be received from remote hosts, this is considered an evasion
risk.
- A number of issues with the HTTP analyzer were found involving
unusual Content-Length, Transfer-Encoding and Expect header
usage. Due to the fact that these packets can be received from
remote hosts, this is considered an evasion risk.
- A series of fixes were applied to the serialization code in Zeek
to avoid buffer overreads with both Broker and ZeroMQ traffic.
On debug builds, these hit various abort() conditions and cause
Zeek to exit. Due to the fact that all of these states require
direct access to the Broker/ZeroMQ ports (meaning access to the
local network to some degree), this isn’t considered a DoS risk.
This release fixes the following bugs:
- Zeek now builds correctly with newer versions of LibreSSL.
- ZeekJS was updated to v0.23.0, which brings compatibility with
Node v26.
- Spicy was updated to v1.14.1.
- The TCP analyzer now clamps the window scale to 14 bytes, which
conforms with RFC7323.
- The Geneve analyzer now properly parses encapsulated IPv6 packets.
- A regression in the management framework's handling of metrics-port
collision avoidance was fixed.
- A number of out-of-bounds reads where fixed in the following
analyzers: BitTorrent, DCE-RPC, GSS-API, GTPv1, IRC, KRB, Login,
NetBIOS, NFLog, and SSL.
- A number of signed bit-shifting issues were fixed in the following
analyzers: ASN.1, DNS, DTLS, FTP, Geneve, IP, NetBIOS, Null,
RFB, SNAP, SMB, and VXLAN.
- The Ident analyzer fixed a potential signed overflow when parsing
port information.
- A bug was fixed in the pcapng packet source with handling empty
options blocks.
- A potential segfault was fixed with the global_ids BIF if it was
called during startup before all of the script-level type data
was fully parsed.
- The NTP analyzer gained some additional length checking when
parsing extension fields to avoid potential integer overflows.
- Certain protocol fields in the RDP parser are capped to maximum
values to prevent unbounded buffering.
- A few fixes were applied to the handling of HTTP Content-Range
values to avoid integer overflows.
- The GENEVE and VXLAN analyzers now use the correct packet object
when parsing the inner packet, avoiding a possible null pointer
dereference.
Reported by: Tim Wojtulewicz
2fb62f7 |
22:59 Craig Leres (leres)
security/vuxml: Mark security/zeek < 8.0.9 as vulnerable as per:
https://github.com/zeek/zeek/releases/tag/v8.0.9
This release fixes the following potential DoS vulnerabilities:
- The NVT, Rlogin, and RSH analyzers have received fixes to avoid
unbounded state growth. Due to the fact that these packets can
be received from remote hosts, these are considered DoS risks.
- A specially crafted WebSocket payload can cause the Spicy WebSocket
analyzer to use excessive memory when processing close, ping,
and pong frames. Due to the fact that these packets can be
received from remote hosts, these are considered a DoS risk.
- A specially crafted series of Finger packets can cause the Spicy
Finger analyzer to use excessive amounts of memory and potentially
crash Zeek. Due to the fact that these packets can be received
from remote hosts, this is considered a DoS risk.
- A specially crafted Kerberos packet can cause the Kerberos
analyzer to enter an invalid state and potentially crash Zeek.
Due to the fact that these packets can be received from remote
hosts, this is considered a DoS risk.
- A specially crafted series of RDP packets can cause the RDP
analyzer to use excessive amounts of memory and potentially crash
Zeek. Due to the fact that these packets can be received from
remote hosts, this is considered a DoS risk.
- A specially crafted IP packet can cause the IP analyzer to read
past the end of the contents of the packet when emitting the
packet_contents event and possibly crash. Due to the fact that
these packets can be received from remote hosts, this is considered
a DoS risk.
- A specially crafted IP packet can cause the packet discarding
code to read off the end of the packet when looking for follow-on
header data. This may potentially lead to a crash of Zeek. Due
to the fact that these packets can be received from remote hosts,
this is considered a DoS risk.
- A specially crafted series of Gnutella packets may cause Zeek
to continue accumulating memory and eventually crash. Due to the
fact that these packets can be received from remote hosts, this
is considered a DoS risk.
- A specially crafted ICMPv6 packet can cause the ICMP analyzer
to skip part of the packet and not report corresponding events
and logs. Due to the fact that these packets can be received
from remote hosts, this is considered an evasion risk.
- A specially crafted SSH packet can cause the SSH analyzer to
throw BinPAC exceptions for extremely large packets and skip
logging them otherwise. Due to the fact that these packets can
be received from remote hosts, this is considered an evasion
risk.
- A number of issues with the HTTP analyzer were found involving
unusual Content-Length, Transfer-Encoding and Expect header
usage. Due to the fact that these packets can be received from
remote hosts, this is considered an evasion risk.
- A series of fixes were applied to the serialization code in Zeek
to avoid buffer overreads with both Broker and ZeroMQ traffic.
On debug builds, these hit various abort() conditions and cause
Zeek to exit. Due to the fact that all of these states require
direct access to the Broker/ZeroMQ ports (meaning access to the
local network to some degree), this isn’t considered a DoS risk.
Reported by: Tim Wojtulewicz
76913ff |
22:26 Nuno Teixeira (eduardo)
devel/aws-crt-cpp: Update to 0.41.0
ChangeLog: https://github.com/awslabs/aws-crt-cpp/releases/tag/v0.41.0
d471570 |
22:26 Nuno Teixeira (eduardo)
security/qt-sudo: Update to 2.4.1
ChangeLog: https://github.com/aarnt/qt-sudo/releases/tag/v2.4.1
1f9c3ac |
21:47 Olivier Cochard (olivier) 
- games/CWR-CE 3.01_2
Arma: Cold War Assault - Remastered Community Edition
games/CWR-CE: roll upstream fork forward and fix aarch64 build
e9034ac |
21:47 Olivier Cochard (olivier) 
- devel/moon 2.4.1
Repository management, organization and task orchestration tool
devel/moon: update to 2.4.1
4766551 |
20:43 Juraj Lutter (otis) 
- mail/postfix 3.11.5,1
Secure alternative to widely-used Sendmail
mail/postfix: Update to 3.11.5
80c2db1 |
20:14 Guido Falsi (madpilot)
sysutils/cpdup-FreeBSD: update to 1.1.0
Approved by: Gianmarco Giovannelli <gmarco@giovannelli.it> (maintainer, via
email)
e3c08be |
19:38 Gleb Popov (arrowd) 
- databases/ldb25 2.5.3_2
LDAP-like embedded database
- databases/ldb28 2.8.2_2
LDAP-like embedded database
- databases/ldb29 2.9.2_3
LDAP-like embedded database
- dns/knot3 3.5.5_1
High performance authoritative-only DNS server
- net/samba416 4.16.11_12
Free SMB/CIFS and AD/DC server and client for Unix
- net/samba419 4.19.9_13
Free SMB/CIFS and AD/DC server and client for Unix
- net/samba420 4.20.8_2
Free SMB/CIFS and AD/DC server and client for Unix
- net/samba422 4.22.10_1
Free SMB/CIFS and AD/DC server and client for Unix
- net/samba423 4.23.8_1
Free SMB/CIFS and AD/DC server and client for Unix
*: Fix dependency on lmdb0
7a7dea4 |
19:35 Yuri Victorovich (yuri) 
- science/gpaw-setups 0.9.20000
Setups (data files) for py-gpaw, the DFT quantum chemistry software
science/gpaw-setups: Improve install target
c3f806d |
19:35 Yuri Victorovich (yuri)
devel/cpp2py: Fix build broken by python-3.12 transition
Reported by: fallout
4cbac2c |
19:17 Pat Maddox (patmaddox) Author: Artur Manuel
devel/tree-sitter-cli: use llvm:lib to solve rquickjs-sys build failure
PR: 296016
Approved by: Artur Manuel <amadaluzia@disroot.org> (maintainer)
Approved by: dch (mentor)
Approved by: portmgr (build fix blanket)
Fixes: 9f53adf51b02
b5eb1f6 |
18:37 Gleb Popov (arrowd) 
- devel/appstream 1.1.2_1
Machine-readable software metadata for desktop environments
devel/appstream: Fix dependency on lmdb0
PR: 296530 296560
205c8a2 |
18:36 Gleb Popov (arrowd)
www/ot-recorder: Fix dependency on lmdb0
PR: 296530
fd4f4e6 |
18:20 Sergey A. Osokin (osa) 
- lang/luajit 2.1.0.20260629
Just-In-Time Compiler for Lua
lang/luajit: update to the recent snapshot
Sponsored by: tipi.work
c66ca7a |
18:13 Alexey Dokuchaev (danfe) 
- games/battletanks 0.9.8083_11
Fast 2D tank arcade game with multiplayer and split-screen modes
games/battletanks: allow to build against any supported Lua version
Drop CXXFLAGS+=-fpermissive while here which seems no longer needed
and sort the `pkg-plist' after commit 2d8f9fb62e9e.
bce0c99 |
18:08 Rainer Hurling (rhurlin) 
- math/saga 9.12.6
System for Automated Geoscientific Analyses
math/saga: Update to 9.12.6
Changelog: https://sourceforge.net/p/saga-gis/wiki/Changelog%209.12.6/attachment/changelog_saga_9.12.6.txt
Reported by: portscout
8c0a069 |
17:57 Christoph Moench-Tegeder (cmt) 2026Q2
- www/firefox 152.0.5,2
Web browser based on the browser portion of Mozilla
www/firefox: update to 152.0.5 (rc1)
Release Notes (soon):
https://www.firefox.com/en-US/firefox/152.0.5/releasenotes/
(cherry picked from commit 124c3980c657fc690613f84dd8a9417aa949f677)
a04426d |
17:54 Christoph Moench-Tegeder (cmt) 
- www/firefox 152.0.5,2
Web browser based on the browser portion of Mozilla
www/firefox: update to 152.0.5 (rc1)
Release Notes (soon):
https://www.firefox.com/en-US/firefox/152.0.5/releasenotes/
124c398 |
17:34 Alexey Dokuchaev (danfe)
x11-toolkits/py-kivy: update the port to version 2.3.1
Reported by: portscout
7b5b449 |
16:37 Cy Schubert (cy)
sysutils/py-ansible-core22?: Remove stale comment
Now that python312 is default the comment telling users to set the
default is no longer required.
0d449c4 |
16:37 Cy Schubert (cy)
sysutils/py-ansible-core: Set default to py-ansible-core221
Now that python312 is default we can set py-ansible-core221 as default.
9856c96 |
16:23 Michael Reifenberger (mr)
comms/inspectrum: Update to 0.4.0
aae3e08 |
16:17 Michael Reifenberger (mr)
cad/kicad-*devel*: Update
Update to 2026.07.06
7bd9bab |
15:58 Xin LI (delphij) 
- www/deno 2.9.1
Secure JavaScript and TypeScript runtime
www/deno: Avoid hardcoding llvm version.
c29f8e5 |
15:57 Xin LI (delphij) (Only the first 10 of 66 items in this commit are shown above. )
databases/lmdb0: Add port for LMDB 0.9.x legacy ABI
LMDB 1.0 introduced an incompatible on-disk format change and subtle
API breakage: applications that compiled cleanly against 1.0 headers
could fail silently at run time. Known affected ports include dns/knot3,
mail/bogofilter, and mail/postfix; the postfix issue has been confirmed
upstream. Linux distributions such as Arch Linux have observed the same
breakage. Samba can also be affected in certain configurations.
Because the regression is not detectable in an -exp build run -- the
postfix failure only manifests at run time, and bogofilter was caught
only because post-build self-tests happen to exercise this path -- we
cannot rely on package builds to validate the 1.0 upgrade.
This commit introduces databases/lmdb0 as a holding port for the 0.9.35
release, pinned to the 0.x branch with PORTSCOUT=limit:^0. and mutually
conflicting with databases/lmdb, which retains 1.0. The two packages
cannot be installed simultaneously, but having lmdb0 available means:
* Ports known to require the 0.9 ABI can declare an explicit dependency
on databases/lmdb0 until they are validated against 1.0.
* Users with existing databases in the 0.9 format can still access the
mdb_dump and mdb_load utilities to migrate data before upgrading.
* The package conflict prevents accidental mixing.
All 50 direct dependents of databases/lmdb are redirected to
databases/lmdb0 for now with a PORTREVISION bump, effectively restoring
the tree to the state prior to the LMDB 1.0 update. Once all dependent
ports are validated against LMDB 1.0, they will be moved back to
databases/lmdb and databases/lmdb0 will be removed.
PR: ports/296530
5f9d389 |
15:27 Sergey A. Osokin (osa)
www/freenginx-devel: third-party modules management (+)
- update passenger from 6.1.4 to 6.1.6
Bump PORTREVISION.
Sponsored by: tipi.work
fcddf87 |
15:05 Yuri Victorovich (yuri) 
- math/lean4 4.31.0
Theorem prover and functional language for math (new gen)
math/lean4: Remove patch to fix build
Reported by: fallout
7019d2b |
15:05 Yuri Victorovich (yuri) 
- math/blasfeo 0.1.4.3
Basic Linear Algebra Subroutines For Embedded Optimization
- math/casadi 3.7.0_2
Symbolic framework for numeric optimization
- math/hpipm 0.1.3.225_1
High-performance interior-point-method QP solvers
- science/acados 0.4.3_1
Fast and embedded solvers for nonlinear optimal control
math/blasfeo: update 0.1.4.2 → 0.1.4.3
755b873 |
15:05 Yuri Victorovich (yuri) 
- math/amgcl 1.4.9
C++ header-only library for solving large sparse linear systems
math/amgcl: update 1.4.8 → 1.4.9
86960c9 |
14:53 Nuno Teixeira (eduardo)
net-p2p/{lib,r}torrent: Update to 0.16.17
- Remove i386 fix as it is not correct. Mark BROKEN_i386
ChangeLog: https://github.com/rakshasa/rtorrent/releases/tag/v0.16.17
https://github.com/rakshasa/rtorrent/releases/tag/v0.16.16
d7c2207b |
14:40 Olivier Cochard (olivier)
misc/qwen-code: update to 0.19.6
81c5bd8 |
14:26 Yuri Victorovich (yuri)
misc/github-copilot-cli: update 1.0.65 → 1.0.68
b6dc9f3 |
14:26 Yuri Victorovich (yuri)
devel/emscripten: update 6.0.1 → 6.0.2
0d3f2c7 |
14:26 Yuri Victorovich (yuri) 
- misc/gemini-cli 0.49.0
Open-source CLI for direct access to Google's Gemini AI model
misc/gemini-cli: update 0.47.0 → 0.49.0
8fae019 |
14:26 Yuri Victorovich (yuri) 
- misc/claude-code 2.1.201
Agentic coding tool from Anthropic that lives in your terminal
misc/claude-code: update 2.1.195 → 2.1.201
92860f4 |
14:26 Yuri Victorovich (yuri)
misc/grok-build: update 0.2.67 → 0.2.87
1e3a9fc |
14:26 Yuri Victorovich (yuri)
misc/antigravity-cli: update 1.0.13 → 1.0.16
0046626 |
14:26 Yuri Victorovich (yuri)
multimedia/youtui: update 0.0.37 → 0.0.38
cd6d9fa |
14:26 Yuri Victorovich (yuri)
shells/meka: update 0.30.0 → 0.32.0
386ff31 |
14:26 Yuri Victorovich (yuri)
databases/greptimedb: update 1.1.0 → 1.1.2
9da5621 |
14:26 Yuri Victorovich (yuri)
devel/nextest: update 0.9.138 → 0.9.140
8a3f1fd |
14:26 Yuri Victorovich (yuri) 
- misc/wacli 0.11.2
WhatsApp CLI with offline search and message sync
misc/wacli: update 0.11.1 → 0.11.2
ea911b1 |
14:26 Yuri Victorovich (yuri) 
- www/ghostunnel 1.11.0
SSL/TLS proxy with mutual authentication for securing non-TLS services
www/ghostunnel: update 1.10.0 → 1.11.0
1045850 |
14:26 Yuri Victorovich (yuri) 
- databases/rqlite 10.2.7
Lightweight, distributed relational database built on SQLite
databases/rqlite: update 10.2.5 → 10.2.7
df7a850 |
14:26 Yuri Victorovich (yuri)
devel/cargo-tarpaulin: update 0.36.0 → 0.37.0
955aa66 |
14:26 Yuri Victorovich (yuri)
lang/neocmakelsp: update 0.10.3 → 0.10.4
e89cdab |
14:26 Yuri Victorovich (yuri) 
- archivers/ouch 0.8.1
Painless compression and decompression for your terminal
archivers/ouch: update 0.8.0 → 0.8.1
9df4656 |
14:26 Yuri Victorovich (yuri)
shells/nushell: update 0.113.1 → 0.114.0
3e3be48 |
14:26 Yuri Victorovich (yuri) 
- misc/py-pytorch 2.12.1
PyTorch: Tensors and dynamic neural networks in Python
- misc/pytorch 2.12.1
Tensors and dynamic neural networks in Python (C++ library)
misc/{,py-}pytorch: update 2.12.0 → 2.12.1
4cf2d9c5 |
14:13 Bernard Spil (brnrd)
net/realtek-rge-kmod: Update to latest snapshot
bcd5f45 |
12:05 Thierry Thomas (thierry)
cad/ifcopenshell: fix with Python-3.12
Remark: I have a WIP to get rid of OpenCascade 740 and make IfcOpenShell
work with OCCT-8.0.
4c312d7 |
11:19 Dave Cottlehuber (dch)
net-mgmt/uptime-kuma: new port - easy self-hosted monitoring
To save unnecessary space, substantial pruning of npm detritus was done.
Please report any errors and issues via the usual channels.
Sponsored by: SkunkWerks, GmbH
Differential Revision: https://reviews.freebsd.org/D57369
a206047 |
11:16 Ruslan Makhmatkhanov (rm)
www/py-http-parser: fix build with python3.12
2558907 |
10:53 Yusuf Yaman (nxjoseph) Author: Jonathan Schleifer 2026Q2
- devel/objfw 1.5.7
Portable, lightweight framework for the Objective-C language
devel/objfw: Update 1.4.1 => 1.5.7
Commit log:
https://git.nil.im/ObjFW/ObjFW/compare/1.4.1-release...1.5.7-release
PR: 296526
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
(cherry picked from commit 62835f0853d15875214a299c049dc8a2d9a4ac1b)
76395a0 |
10:52 Yusuf Yaman (nxjoseph) Author: Jonathan Schleifer
- devel/objfw 1.5.7
Portable, lightweight framework for the Objective-C language
devel/objfw: Update 1.4.1 => 1.5.7
Commit log:
https://git.nil.im/ObjFW/ObjFW/compare/1.4.1-release...1.5.7-release
PR: 296526
Approved by: osa, vvd (Mentors, implicit)
MFH: 2026Q2
62835f0 |
10:08 Dag-Erling Smørgrav (des) 
- net/rsync 3.4.4_1
Network file distribution/synchronization utility
net/rsync: Add back the FLAGS option
This restores support for copying file flags and fixes a long-standing
peeve of mine by renaming the command-line option to --file-flags,
better matching the naming style of other rsync options. Full backward
compatibility is maintained, including with older servers.
Reviewed by: rodrigo
Differential Revision: https://reviews.freebsd.org/D57645
f0211e1 |
09:38 Robert Clausecker (fuz)
devel/pecl-msgpack: reinstate IGNORE_WITH_PHP=86
Dependency devel/pecl-APCu is not yet available for php86.
Please make sure you test the port in the php86 flavour before
reenabling the option.
Fixes: 4390d463875b81a5948541e3b27275d30aad54e2
Approved by: portmgr (build fix blanket)
c85402b |
09:27 Dave Cottlehuber (dch)
sysutils/podman: Fix build by blocking fetching newer go over network
Go insists on trying to download a newer toolchain, as the default is currently
1.24,
and this version of podman requires 1.25 or newer. The MAKE_ENV flag is
described
here in nauseating detail https://go.dev/doc/toolchain .
712a103 |
09:27 Dave Cottlehuber (dch) 
- net/lavinmq 2.9.1
Next-generation AMQP 0.9.1 based message broker
net/lavinmq: update to 2.9.1
- https://github.com/cloudamqp/lavinmq/blob/v2.9.1/CHANGELOG.md
- Drop surplus JavaScript libraries
Sponsored by: SkunkWerks, GmbH
0bcd1ab |
09:27 Dave Cottlehuber (dch) 
- net/amqpcat 1.1.0_2
CLI tool for publishing to and consuming from AMQP servers
net/amqpcat: Bump PORTREVISION after lang/crystal
Sponsored by: SkunkWerks, GmbH
d5c7abd |
09:27 Dave Cottlehuber (dch) 
- devel/shards 0.20.0_1
Dependency manager for the Crystal programming language
devel/shards: Bump PORTREVISION after lang/crystal
Sponsored by: SkunkWerks, GmbH
1759a59 |
09:27 Dave Cottlehuber (dch) 
- lang/crystal 1.20.2
Language with Ruby-like syntax and static type checking
lang/crystal: update to 1.20.2
ChangeLog: https://crystal-lang.org/2026/04/16/1.20.0-released/
Sponsored by: SkunkWerks, GmbH
8ab3344 |
09:22 Hiroki Tagato (tagattie) 
- net-im/teams 2.11.1_3
Unofficial Microsoft Teams client
- x11/waveterm 0.14.5_16
Open source, AI-native terminal that sees your entire workspace
*/*: Bump port revision after electron41 update (c6af2219ba06)
a4db8ad |
09:21 Hiroki Tagato (tagattie) 
- devel/electron41 41.10.0
Build cross-platform desktop apps with JavaScript, HTML, and CSS
devel/electron41: Update to 41.10.0
Changelog: https://github.com/electron/electron/releases/tag/v41.10.0
Reported by: GitHub (watch releases)
c6af221 |
08:52 Robert Clausecker (fuz) 
- science/py-pyked 0.5.0
Package for manipulating Chemical Kinetics Experimental Data files
science/py-pyked: fix wrong portname in LIB_DEPENDS
yuri, please pay more attention; you're making a lot of random
little errors like these lately.
Fixes: df3f177364f785615f313069b68abbb008a3e9c7
0b65920 |
08:16 Alex Dupre (ale) 
- mail/roundcube 1.7.2,1
Fully skinnable XHTML/CSS webmail written in PHP
mail/roundcube: update to 1.7.2 release (fix security issues)
PR: 296538
Submitted by: filis
618c7d5 |
08:12 Adam Weinberger (adamw)
lang/Makefile: Fix spelling of "perl-lsp"
Reported by: Chris Torek
cb8a682 |
08:02 Dima Panov (fluffy) Author: Paavo-Einari Kaipila
devel/pecl-msgpack: update to 3.0.1 release (+)
Rename OPCAHE option to APCU and remove useless opcache dependency
Patch config.m4 to always honor APCU setting
Add LICENSE_FILE
Changes:
* Fix PHP-8.6v compatibility
* Fix enum support
Release notes: https://github.com/msgpack/msgpack-php/releases/tag/v3.0.1
Commit
log: https://github.com/msgpack/msgpack-php/compare/msgpack-3.0.0...v3.0.1
PR: 295953
e430a80 |
07:47 Alexey Dokuchaev (danfe)
deskutils/qownnotes: update QOwnNotes to version 26.7.1.
c93a93e |
07:04 Gleb Popov (arrowd)
net/tigervnc-server: Fix the dependency line on xkeyboard-config
Reported by: kib
Approved by: portmgr (fixit blanket)
4d684e1 |
06:48 Nicola Vitale (nivit) 
- x11/kitty 0.47.4
Cross-platform, fast, featureful, GPU-based terminal emulator
x11/kitty: Fix build
- Fix pkg-plist [2]
- Reenable DOCS option on FreeBSD 15+ [1]
- Update list of lib dependencies
- Pet portfmt
PR: 291485 [1]
Reported by: pkg-fallout [2]
d05aa6b |
06:11 Adam Weinberger (adamw)
lang/perl-lsp: Add port
perl-lsp is a Rust-based Perl language server.
5ef0c45 |
06:05 Alexey Dokuchaev (danfe) 
- x11-fm/worker 5.3.1
X11 file manager based on Directory Opus of AmigaOS
x11-fm/worker: update the port to bugfix version 5.3.1
Reported by: portscout
cbd6d6d |
04:27 Joseph Mingrone (jrm)
security/vuxml: Document Emacs vulnerability
PR: 296546
Security: CVE-2026-6861
Sponsored by: The FreeBSD Foundation
28960ff |
04:27 Joseph Mingrone (jrm) Author: Kousuke Kannagi
editors/emacs: Fix CVE-2026-6861
Upstream bug: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=80851
PR: 296546
Reviewed by: jrm
Security: CVE-2026-6861
915d199 |
04:10 Xin LI (delphij) 
- www/deno 2.9.1
Secure JavaScript and TypeScript runtime
www/deno: fix three patch correctness bugs found in review
- patch-cli_standalone_binary.rs: restore Linux ELF target support by
using || instead of replacing the linux check with freebsd
- patch-ext_os_lib.rs: fix FreeBSD rss() return type usize -> u64 to
match all other platforms; use %%PREFIX%% placeholder so post-patch
REINPLACE_CMD correctly substitutes the install prefix at build time
- Makefile: add s|%%PREFIX%%|${PREFIX}| substitution for ext/os/lib.rs
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
06c06ed |
03:29 Alexey Dokuchaev (danfe)
graphics/fotocx: the port had been updated to version 26.6.1
Move KERN_PROC_PATHNAME sysctl(3) call into its own function
and use it where applicable; this further reduces the number
of linuxisms in the program.
Reported by: portscout
1352a9d |
02:06 Wen Heping (wen)
astro/py-earthkit-utils: New port
Utilities for the earthkit ecosystem.
676b8ae |
01:18 Wen Heping (wen)
astro/py-sunpy: Update to 8.0.0
a1b5f91 |
01:18 Wen Heping (wen)
astro/py-extension-helpers: Fix setuptools version require, make sunpy build
c0e9889 |
00:25 Vladimir Druzenko (vvd) Author: Daniel O'Connor
lang/sdcc: Update 4.4.0 => 4.6.0
Release Notes:
https://sourceforge.net/p/sdcc/news/2026/06/sdcc-460-released/
https://sourceforge.net/p/sdcc/news/2025/01/sdcc-450-released/
Changelog:
https://sourceforge.net/p/sdcc/code/HEAD/tree/tags/sdcc-4.6.0/sdcc/ChangeLog
PR: 296242
Sponsored by: UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd@FreeBSD.org>
9398ec4 |
|
Sunday, 5 Jul 2026
|
22:45 Ashish SHUKLA (ashish)
editors/emacs-devel: Update to latest git snapshot 2adce1839db
727782d |
22:32 Hiroki Tagato (tagattie) 
- sysutils/leaf 1.26.0
Terminal-based Markdown previewer with a GUI-like experience
sysutils/leaf: Update to 1.26.0
While here, add COMPLETIONS option (ON by default).
Changelog: https://github.com/RivoLink/leaf/blob/1.26.0/CHANGELOG.md
Reported by: GitHub (watch releases)
26bc3dd |
22:04 Laurent Chardon (laurent)
sysutils/nerdctl: Update to 2.3.4
Changelog: https://github.com/containerd/nerdctl/releases/tag/v2.3.4
PR: 296514
Reviewed by: thierry (mentor)
Approved by: thierry (mentor)
decf626d |
21:15 Vladimir Druzenko (vvd) Author: Martin Birgmeier
www/mediawiki146: Fix PKGNAMESUFFIX: should be 146, not 145
PR: 296533
Approved by: blanket (fix port)
Sponsored by: UNIS Labs
203c1bb |
21:06 Jimmy Olgeni (olgeni)
sysutils/znapzend: Update to 0.23.4
9e4aec1 |
20:29 TAKATSU Tomonari (tota) 
- math/R-cran-doBy 4.7.2
Groupwise Statistics, LSmeans, Linear Estimates, Utilities
math/R-cran-doBy: Update to 4.7.2
Reported by: portscout
7781106 |
20:17 Hiroki Tagato (tagattie) 
- www/xh 0.26.1
Friendly and fast tool for sending HTTP requests
www/xh: Update to 0.26.1
While here, claim maintainership after three consecutive maintainer
timeout.
Changelog: https://github.com/ducaale/xh/blob/v0.26.1/CHANGELOG.md
PR: 296172
Approved by: lcook (former maintainer)
097af45 |
19:58 Piotr Kubaj (pkubaj)
emulators/x49gp: fix build on powerpc*
/usr/local/bin/ld: cannot find qemu/qemu-git/arm-softmmu/i386-dis.o: No such
file or directory
21f8089 |
19:44 Bernard Spil (brnrd) 2026Q2
- irc/weechat 4.9.3
Lightweight and user friendly ncurses based IRC client
irc/weechat: Security update to 4.9.3
Security: d7939352-788b-11f1-b72c-8447094a420f
MFH: 2026Q2
(cherry picked from commit d3fb58592a8d69d1cfc80e5fd4ea06273e2af746)
95af8ba |
19:44 Daniel Engberg (diizzy)
audio/denemo: Deprecate and set EXPIRATION_DATE to 2026-08-31
Current release is over a decade old, upstream is still active if someone
wants to pick it up and keep it up to date
51f0192 |
19:44 Daniel Engberg (diizzy) 
- audio/tta 3.4.1
The True Audio Encoder, lossless (de)compressor
audio/tta: Deprecate and set EXPIRATION_DATE to 2026-08-31
No active development for over a decade and main site is gone.
FFmpeg supports both encoding and decoding of this format
19781e9 |
19:42 Bernard Spil (brnrd) 
- irc/weechat 4.9.3
Lightweight and user friendly ncurses based IRC client
irc/weechat: Security update to 4.9.3
Security: d7939352-788b-11f1-b72c-8447094a420f
MFH: 2026Q2
d3fb585 |
19:18 Daniel Engberg (diizzy) 
- net-p2p/mkbrr 1.24.0
Commmand-line utility to create, modify and inspect torrent files written in Go
net-p2p/mkbrr: Update to 1.24.0
Changelog: https://github.com/autobrr/mkbrr/releases/tag/v1.24.0
14f7577 |
19:15 Daniel Engberg (diizzy) 
- audio/fluidsynth 2.5.6
Real-time software synthesizer based on the SoundFont 2 specifications
audio/fluidsynth: Update to 2.5.6
Fixes multiple security issues:
Fix CVE-2026-58264 - a heap-based buffer overrun in command handler
Fix a heap-based buffer overflow in MIDI player
Fix a heap-based buffer overrun for DLS samples
Fix a DLS ptbl chunk integer overflow
Fix a DLS articulation chunk integer overflow
Fix a SF2 DMOD chunk integer underflow
Changelog: https://github.com/FluidSynth/fluidsynth/releases/tag/v2.5.6
Security: CVE-2026-58264
3b1f222 |