| 100 most recent commits (all timestamps are UTC) |
|
FreshPorts has everything you want to know about FreeBSD software, ports, packages,
applications, whatever term you want to use.
Yesterday's Commits | Quarterly Branch
|
|
Monday, 1 Dec 2025
|
19:46 Muhammad Moinur Rahman (bofh) 
- Mk/Uses/php.mk
- Mk/bsd.default-versions.mk
**php**: Switch PHP default to 8.4
Tested by: Local exp-run
Approved by: portmgr (blanket)
    f22d3ff
19:45 Muhammad Moinur Rahman (bofh)
sysutils/ipfs-go-fs-repo-migrations: Mark DEPRECATED
- Was required for migrations in between different IPFS versions and no
longer required
- Set EXPIRATION_DATE 2025-12-31
If someone needs this port feel free to undeprecate and takeover
maintainership.
f390d8a |
19:45 Muhammad Moinur Rahman (bofh)
net-mgmt/py-pyixapi: Update version 0.2.6=>0.2.7
Changelog: https://github.com/peering-manager/pyixapi/releases/tag/0.2.7
Sponsored by: Nepustil
1efadcc |
19:45 Muhammad Moinur Rahman (bofh)
databases/clickhouse: Update version 25.10.2.65=>25.10.3.100
Changelog:
https://github.com/ClickHouse/ClickHouse/releases/tag/v25.10.3.100-stable
Sponsored by: Nepustil
3f6282f |
19:45 Muhammad Moinur Rahman (bofh)
devel/tokei: Update version 12.1.2=>13.0.0
Changelog: https://github.com/XAMPPRocky/tokei/releases/tag/v13.0.0
04d4e9b |
19:45 Muhammad Moinur Rahman (bofh)
devel/py-perceval-mozilla:Return to pool
Used in cluster and releasing so that others can update as necessary
without my intervention.
62ac4f4 |
19:45 Muhammad Moinur Rahman (bofh)
- devel/please 17.25.0
High-performance extensible build system for reproducible builds
devel/please: Update version 17.24.1=>17.25.0
Changelog: https://github.com/thought-machine/please/releases/tag/v17.25.0
25f9446 |
19:45 Muhammad Moinur Rahman (bofh)
databases/freetds-devel: Update version 1.5.160=>1.5.163
75cee28 |
19:39 Yuri Victorovich (yuri)
- devel/RStudio 2025.09.2+418
Integrated development environment (IDE) for R (desktop UI version)
devel/RStudio: update 2022.12.0+353 → 2025.09.2+418
d76ff9f |
19:39 Yuri Victorovich (yuri)
misc/gollama: update 1.27.15 → 1.37.5
f5887f0 |
19:39 Yuri Victorovich (yuri)
- devel/gitleaks 8.30.0
Tool for detecting hardcoded secrets in git repositories
devel/gitleaks: update 8.29.1 → 8.30.0
d32873a |
19:25 Richard Gallamore (ultima)
security/py-social-auth-core: Fix distinfo
PR: 291324
Reported by: einar@isnic.is
98d97e6 |
19:11 Jochen Neumeister (joneum)
- www/wordpress 6.8.3,1
State-of-the-art semantic personal publishing platform
www/wordpress: Return to Pool
Sponsored by: Netzkommune GmbH
ccc6675 |
19:07 Joseph Mingrone (jrm)
- sysutils/tmux 3.6_1
Terminal Multiplexer
sysutils/tmux: Document requirement to restart tmux after upgrading
PR: 291325
Reported by: freebsd@bengrimm.net
Sponsored by: The FreeBSD Foundation
458a737
18:30 Vladimir Druzenko (vvd) Author: Mamadou Babaei
- editors/jucipp 1.8.1
Lightweight C++-IDE with support for C++11, C++14 and C++17
editors/jucipp: Update 1.8.0 => 1.8.1
Changelog:
https://gitlab.com/cppit/jucipp/-/releases/v1.8.1
PR: 291326
534d1cf |
17:37 Vladimir Druzenko (vvd) Author: NetBird GmbH
ecurity/netbird: Update 0.59.8 => 0.60.4
Changelogs:
https://github.com/netbirdio/netbird/releases/tag/v0.59.9
https://github.com/netbirdio/netbird/releases/tag/v0.59.10
https://github.com/netbirdio/netbird/releases/tag/v0.59.11
https://github.com/netbirdio/netbird/releases/tag/v0.59.12
https://github.com/netbirdio/netbird/releases/tag/v0.59.13
https://github.com/netbirdio/netbird/releases/tag/v0.60.0
https://github.com/netbirdio/netbird/releases/tag/v0.60.1
https://github.com/netbirdio/netbird/releases/tag/v0.60.2
https://github.com/netbirdio/netbird/releases/tag/v0.60.3
https://github.com/netbirdio/netbird/releases/tag/v0.60.4
Commit log:
https://github.com/netbirdio/netbird/compare/v0.59.8...v0.60.4
PR: 291331
1e6b22f |
16:56 Fernando Apesteguía (fernape)
security/vuxml: Add mongodb multiple vulnerabilities
* CVE-2025-13644
* CVE-2025-13507
* CVE-2025-13643
d7f4e84 |
16:38 Vladimir Druzenko (vvd) Author: Yusuf Yaman
- textproc/moor 2.9.3
Pager designed to do the right thing without any configuration
textproc/moor: Update 2.9.2 => 2.9.3
Changelog:
https://github.com/walles/moor/releases/tag/v2.9.3
PR: 291308
64c28eb |
15:38 Vladimir Druzenko (vvd) Author: Olivier Duchateau
- x11/plank 0.11.156
Elegant, simple, and clean dock
x11/plank: Update 0.11.154 => 0.11.156
Changelog:
https://github.com/zquestz/plank-reloaded/releases/tag/0.11.155
https://github.com/zquestz/plank-reloaded/releases/tag/0.11.156
PR: 291304
Approved by: daniel@shafer.cc (maintainer, implicit - inactive since 2021)
a3827fa |
15:08 Vladimir Druzenko (vvd) Author: Thibault Payet
emulators/wine-devel: Update 10.19 => 10.20
Changelog:
- Bundled vkd3d upgraded to version 1.18.
- More support for reparse points.
- More refactoring of Common Controls after the v5/v6 split.
- Progress dialog for document scanning.
- Various bug fixes.
https://gitlab.winehq.org/wine/wine/-/releases/wine-10.20
Advice FreeBSD 15.0 user to either use wine64 or build their own packages for
32bit.
PR: 291300
fec8326 |
14:53 Matthias Fechner (mfechner)
devel/rubygem-grape-swagger-gitlab: update to 2.1.3
Changes: https://github.com/ruby-grape/grape-swagger/blob/master/CHANGELOG.md
b4af2c8 |
11:33 Rene Ladan (rene)
- mail/mu4e-maildirs 0.8.20201028_19
Maildirs extension for Mu4e
- MOVED
mail/mu4e-maildirs: Remove expired port
2025-11-30 mail/mu4e-maildirs: Upstream discourages using this software and
recommends feature now integrated into mail/mu
59568b4
11:32 Rene Ladan (rene)
- accessibility/gammy 0.9.64_1
Adaptive screen brightness and temperature for Windows and Unix
- MOVED
accessibility/gammy: Remove expired port
2025-11-30 accessibility/gammy
e0cd25e
11:31 Rene Ladan (rene)
- textproc/moar 1.31.3_1
Pager designed to just do the right thing without any configuration
- MOVED
textproc/moar: Remove expired port
2025-11-30 textproc/moar: Upstream renamed to moor, use textproc/moor instead.
973bbac
11:30 Rene Ladan (rene)
- games/dose-response 1.0.0_56
Open-world roguelike game where you play an addict
- MOVED
games/dose-response: Remove expired port
2025-11-30 games/dose-response: fails to build with rust-1.91.0 and no
maintainer for this port
e5399e9
11:29 Rene Ladan (rene)
- lang/typescript 5.9.3_1
Superset of JavaScript that compiles to JavaScript output
- MOVED
lang/typescript: Remove expired port
2025-11-30 lang/typescript: New port was added without port maintainer,
submitter not interested in taking it. See
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289856 and contact mandree@ if
you are willing to maintain typescript and have a track record that lets you
appear suitable for maintaining a high-profile port.
fe8e952
11:28 Rene Ladan (rene)
- audio/decibels 48.0
GNOME audio player
- MOVED
audio/decibels: Remove expired port
2025-11-30 audio/decibels: Depends on deprecated lang/typescript (which needs a
maintainer), see https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289856
9d649c5
08:53 Hiroki Tagato (tagattie)
graphics/shaderc: Update to 2025.5
Changelog: https://github.com/google/shaderc/blob/v2025.5/CHANGES
Reported by: portscout
ae79574 |
08:37 Palle Girgensohn (girgen)
- databases/powa-web 5.1.1
PostgreSQL Workload Analyzer is a performance tool for PostgreSQL
databases/powa-web: Update to 5.1.1
Release notes: https://github.com/powa-team/powa-web/releases/tag/5.1.1
96aa88a |
08:30 Hiroki Tagato (tagattie)
databases/py-redisvl: Update to 0.12.1
Changelog: https://github.com/redis/redis-vl-python/releases/tag/v0.12.1
Reported by: Repology
dbc41a2 |
08:27 Palle Girgensohn (girgen)
security/vuls: Update to 0.36.3
Release notes: https://github.com/future-architect/vuls/releases/tag/v0.36.3
fb934ea |
08:17 Hiroki Tagato (tagattie)
- devel/py-ty 0.0.1.a29
Extremely fast Python type checker, written in Rust
devel/py-ty: Update to 0.0.1a29
Changelog: https://github.com/astral-sh/ty/blob/0.0.1-alpha.29/CHANGELOG.md
Reported by: Repology
2ed9245 |
06:57 Dirk Meyer (dinoex)
- graphics/xv 6.1.0
X11 program that displays images of various formats
graphics/xv: update to 6.1.0
0fe6932 |
06:22 Hiroki Tagato (tagattie)
- x11/hyprland-guiutils 0.1.0_1
Hyprland GUI utilities
- x11/hyprlauncher 0.1.3_1
Multipurpose and versatile launcher / picker for Hyprland
x11/{hyprland-guiutils,hyprlauncher}: Bump port revision after hyprtoolkit
update (ee44f36ed04b)
a0a1ba2
06:22 Hiroki Tagato (tagattie)
x11-toolkits/hyprtoolkit: Update to 0.4.0
Changelog: https://github.com/hyprwm/hyprtoolkit/releases/tag/v0.4.0
Reported by: GitHub (watch releases)
ee44f36 |
05:57 Adam Weinberger (adamw)
- editors/vim 9.1.1942
Improved version of the vi editor (console flavor)
editors/vim: Update to 9.1.1942
12ff828 |
02:16 Vladimir Druzenko (vvd) Author: Christos Chatzaras 2025Q4
www/fcgi: Update 2.4.6 => 2.4.7 (fixes CVE-2025-23016)
Commit log:
https://github.com/FastCGI-Archives/fcgi2/compare/2.4.6...2.4.7
Changelog:
https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7
PR: 291307
Approved by: John von Essen <john@essenz.com> (maintainer, implicit - last
activity 2019)
Security: CVE-2025-23016
MFH: 2025Q4
(cherry picked from commit 1a30da80670973368b399f2b01fe9c04b91a1273)
02853b7 |
02:11 Vladimir Druzenko (vvd) Author: Christos Chatzaras
www/fcgi: Update 2.4.6 => 2.4.7 (fixes CVE-2025-23016)
Commit log:
https://github.com/FastCGI-Archives/fcgi2/compare/2.4.6...2.4.7
Changelog:
https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7
PR: 291307
Approved by: John von Essen <john@essenz.com> (maintainer, implicit - last
activity 2019)
Security: CVE-2025-23016
MFH: 2025Q4
1a30da8 |
01:58 Adam Weinberger (adamw)
- ftp/wget 1.25.0
Retrieve files from the Net via HTTP(S) and FTP
ftp/wget: adopt port
2a6802f |
00:11 Santhosh Raju (fox) 2025Q4
security/wolfssl: Update to 5.8.4
Changes since 5.8.2:
To download the release bundle of wolfSSL visit the download page at
www.wolfssl.com/download/
PR stands for Pull Request, and PR references a GitHub pull request number
where the code change was added.
Vulnerabilities
* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic
implementations due to timing side channels introduced by compiler
optimizations and CPU architecture limitations, specifically with the
Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the
low memory implementations of X25519, which is now turned on as the default
for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275.
* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak
through multiple KeyShareEntry with the same group in malicious TLS 1.3
ClientHello messages. This affects users who are running wolfSSL on the
server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang
University of Science and Technology (POSTECH) for the report. Fixed in PR
9117.
* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to
PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello
that has a key share extension and the server responds with a ServerHello
that does not have a key share extension the connection would previously
continue on without using PFS. Thanks to Jaehun Lee from Pohang University
of Science and Technology (POSTECH) for the report. Fixed in PR 9112.
* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256
during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported
signature algorithm the server previously could respond as ECDSA P256 being
the accepted signature algorithm and the connection would continue with
using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and
Technology (POSTECH) for the report. Fixed in PR 9113.
* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension
parsing. Previously duplicate CKS extensions were not rejected leading to a
potential memory leak when processing a ClientHello. Thanks to Jaehun Lee
from Pohang University of Science and Technology (POSTECH) for the report.
Fixed in PR 9132.
* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in
XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to
the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS
connections, only from direct calls from an application. Thanks to Luigino
Camastra from Aisle Research for the report. Fixed in PR 9223.
* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The
server previously verified the TLS 1.3 PSK binder using a non-constant time
method which could potentially leak information about the PSK binder. Thanks
to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223.
* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest,
specifically a weaker digest, rather than those in the CertificateRequest.
Thanks to Jaehun Lee from Pohang University of Science and Technology
(POSTECH) for the report. Fixed in PR 9395
New Features
* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete
APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049)
* Initial wolfCrypt FreeBSD kernel module support (PR 9392)
* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage /
OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7
builds with AES keywrap unset. (PR 9018, 9029, 9032)
* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free
operations. (PR 9002, 9309)
* Add support for certificate_authorities extension in ClientHello and
certificate manager CA-type selection/unloading. (PR 9209, 9046)
* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha,
hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and
conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328,
9368, 9389, 9357, 9433)
* Rust: support optional heap and dev_id parameters and enable conditional
compilation based on C build options. (PR 9407, 9433)
* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware
acceleration additions. (PR 9228, 9256, 9185)
* STM32U5 added support for SAES and DHUK. (PR 9087)
* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR
9174)
Improvements / Optimizations
* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples,
libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096,
9141, 9091, 9122, 9388)
* Improved test ordering and CI test stability (random tests run order
changes, FIPS test fixes). (PR 9204, 9257)
* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and
example certificate renewals. (PR 9131, 9293, 9262, 9429)
* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add
Fetchmail and OpenVPN). (PR 9398, 9413)
* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements.
(PR 8902, 9055)
* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family
digest selection) and improved crypto-only build cases. (PR 9070, 9252,
9271, 9100, 9194)
* AES & HW offload improvements including AES-CTR support in PKCS11 driver
and AES ECB offload sizing fix. (PR 9277, 9364)
* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR
8987, 9225, 9264)
* Renesas FSP / RA examples updated and security-module TLS context
improvements. (PR 9047, 9010, 9158, 9150)
* Broad configure/CMake/Autotools workflow improvements (Apple options
tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037,
9167, 9161, 9264)
* New assembly introspection / performance helpers for RISC-V and PPC32;
benchmarking enhancements (cycle counts). (PR 9101, 9317)
* Update to SGX build for using assembly optimizations. (PR 8463, 9138)
* Testing with Fil-C compiler version to 0.674 (PR 9396)
* Refactors and compressing of small stack code (PR 9153)
Bug Fixes
* Removed the test feature using popen when defining the macro
WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with
having the macro HAVE_HTTP_CLIENT set. There was the potential for
vulnerable behavior with the use of popen when the API
wolfSSL_BIO_new_connect() was called with this specific build. This exact
build configuration is only intended for testing with QEMU and is not
enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the
report. (PR 9038)
* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw
public key import when using the API Ed25519ImportPublic.This was a broken
API with the C# wrapper that would crash on use. Thanks to Luigino Camastra
from Aisle Research for the bug report. (PR 9291)
* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis
driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324)
* TLS 1.2/DTLS improvements: client message order checks, DTLS
cookie/exchange and replay protections, better DTLS early-data handling. (PR
9387, 9253, 9205, 9367)
* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints,
restore inner server name for ECH, retrying cert candidate chains. (PR 8890,
9234, 8692)
* Sniffer robustness: fix infinite recursion, better handling of OOO appData
and partial overlaps, and improved retransmission detection. (PR 9051, 9106,
9140, 9094)
* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and
FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067,
9111, 9121)
* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import
correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439)
* Avoid uninitialized-variable and GCC warnings; several fixes for
undefined-shift/overflow issues. (PR 9020, 9372, 9195)
* Memory & leak fixes in X509 verification and various struct sizing fixes
for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036 )
* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when
WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031,
9263)
(cherry picked from commit bc229e671a4c797dc247918453bd92421cae8555)
022d232 | |
Sunday, 30 Nov 2025
|
23:56 Yasuhiro Kimura (yasu)
- databases/closql 2.3.2
Store EIEIO objects using EmacSQL
- databases/db18 18.1.40
Oracle Berkeley DB, Release 18.1
- databases/emacsql 4.3.3
High-level Emacs Lisp RDBMS front-end
- databases/pg.el 0.61
PostgreSQL Elisp interface
- devel/boehm-gc 8.2.10
Garbage collection and memory leak detection for C and C++
- devel/cond-let 0.2.0
Additional and improved binding conditionals in Emacs Lisp
- devel/forge 0.6.2
Work with Git forges from the comfort of Magit
- devel/ghub 5.0.2
Client libraries for the APIs of various Git forges
- devel/git-modes 1.4.7,1
GNU Emacs modes for Git-related files
- devel/liblockfile 1.17_1
Standard lockfile library
(Only the first 10 of 42 items in this commit are shown above.  )
*/*: Return to pool
I'll be away from keyboard soon and am not sure if I will return. So
return all ports that I currently maintain to pool hoping new
volunteers take care of them.
f12c037
23:03 Guido Falsi (madpilot)
sysutils/upower: Update to 1.91.0
- Added patch to install documentation file in correct diretory
- Added DOCS option to handle document installation
PR: 291286
593001c |
23:00 Xin LI (delphij) Author: Matt Kempe
- www/redmine60 6.0.7_1
Flexible project management web application
www/redmine60: Use puma 7, fix install directories
This commit also modernizes the port's dependencies and configuration
options.
Redmine 6.0 has changed to use a slightly different directory structure
from previous versions. The installation now creates public/assets and
tmp/pdf directories that Redmine 6.x expects, preventing runtime errors
related to missing directories.
Support for Puma 7 allows users to benefit from the latest web server
performance improvements among other enhancements.
Database configuration is now clearer with mutually exclusive options that
prevent misconfiguration. SQLite and SQL Server support give users more
deployment flexibility, though SQLite is clearly marked as unsuitable for
production use.
Use the standardized "PGSQL" naming for PostgreSQL which aligns with
other ports.
The new database.yml.sample patch helps users avoid common configuration
mistakes by providing inline documentation for connection settings, ports,
and encoding options.
PR: 291306
da111ef |
22:28 Xin LI (delphij)
science/py-scikit-learn: Fix build with newer version of Cython
Approved by: trivial build fix
2a1eb94 |
21:57 Santhosh Raju (fox)
security/vuxml: Document wolfSSL multiple vulnerabilities.
dd09ed9 |
21:07 Yuri Victorovich (yuri)
- misc/tlm 1.2
Local CLI Copilot, powered by Ollama
misc/tlm: New port: Local CLI Copilot, powered by Ollama
9f01acb
21:07 Yuri Victorovich (yuri)
databases/weaviate: update 1.34.1 → 1.34.2
ece4646 |
20:09 Christoph Moench-Tegeder (cmt)
astro/qmapshack: update to 1.19.0
Release Notes:
https://github.com/Maproom/qmapshack/releases/tag/V_1.19.0
While here, take maintainer.
9861c26 |
19:43 Jochen Neumeister (joneum)
www/serendipity: Back to pool
Sponsored by: Netzkommune GmbH
a0975d4 |
14:44 Dirk Meyer (dinoex)
mail/sendmail-devel: update to 8.18.1.16
78e0829 |
14:27 Santhosh Raju (fox)
security/wolfssl: Update to 5.8.4
Changes since 5.8.2:
To download the release bundle of wolfSSL visit the download page at
www.wolfssl.com/download/
PR stands for Pull Request, and PR references a GitHub pull request number
where the code change was added.
Vulnerabilities
* [Low CVE-2025-12888] Vulnerability in X25519 constant-time cryptographic
implementations due to timing side channels introduced by compiler
optimizations and CPU architecture limitations, specifically with the
Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the
low memory implementations of X25519, which is now turned on as the default
for Xtensa. Thanks to Adrian Cinal for the report. Fixed in PR 9275.
* [Med. CVE-2025-11936] Potential DoS vulnerability due to a memory leak
through multiple KeyShareEntry with the same group in malicious TLS 1.3
ClientHello messages. This affects users who are running wolfSSL on the
server side with TLS 1.3. Thanks to Jaehun Lee and Kyungmin Bae, Pohang
University of Science and Technology (POSTECH) for the report. Fixed in PR
9117.
* [Low CVE-2025-11935] PSK with PFS (Perfect Forward Secrecy) downgrades to
PSK without PFS during TLS 1.3 handshake. If the client sends a ClientHello
that has a key share extension and the server responds with a ServerHello
that does not have a key share extension the connection would previously
continue on without using PFS. Thanks to Jaehun Lee from Pohang University
of Science and Technology (POSTECH) for the report. Fixed in PR 9112.
* [Low CVE-2025-11934] Signature Algorithm downgrade from ECDSA P521 to P256
during TLS 1.3 handshake. When a client sends ECDSA P521 as the supported
signature algorithm the server previously could respond as ECDSA P256 being
the accepted signature algorithm and the connection would continue with
using ECDSA P256. Thanks to Jaehun Lee from Pohang University of Science and
Technology (POSTECH) for the report. Fixed in PR 9113.
* [Low CVE-2025-11933] DoS Vulnerability in wolfSSL TLS 1.3 CKS extension
parsing. Previously duplicate CKS extensions were not rejected leading to a
potential memory leak when processing a ClientHello. Thanks to Jaehun Lee
from Pohang University of Science and Technology (POSTECH) for the report.
Fixed in PR 9132.
* [Low CVE-2025-11931] Integer Underflow Leads to Out-of-Bounds Access in
XChaCha20-Poly1305 Decrypt. This issue is hit specifically with a call to
the function wc_XChaCha20Poly1305_Decrypt() which is not used with TLS
connections, only from direct calls from an application. Thanks to Luigino
Camastra from Aisle Research for the report. Fixed in PR 9223.
* [Low CVE-2025-11932] Timing Side-Channel in PSK Binder Verification. The
server previously verified the TLS 1.3 PSK binder using a non-constant time
method which could potentially leak information about the PSK binder. Thanks
to Luigino Camastra from Aisle Research for the report. Fixed in PR 9223.
* [Low CVE-2025-12889] With TLS 1.2 connections a client can use any digest,
specifically a weaker digest, rather than those in the CertificateRequest.
Thanks to Jaehun Lee from Pohang University of Science and Technology
(POSTECH) for the report. Fixed in PR 9395
New Features
* New ML-KEM / ML-DSA APIs and seed/import PKCS8 support; added _new/_delete
APIs for ML-KEM/ML-DSA. (PR 9039, 9000, 9049)
* Initial wolfCrypt FreeBSD kernel module support (PR 9392)
* Expanded PKCS7/CMS capabilities: decode SymmetricKeyPackage /
OneSymmetricKey, add wc_PKCS7_GetEnvelopedDataKariRid, and allow PKCS7
builds with AES keywrap unset. (PR 9018, 9029, 9032)
* Add custom AES key wrap/unwrap callbacks and crypto callback copy/free
operations. (PR 9002, 9309)
* Add support for certificate_authorities extension in ClientHello and
certificate manager CA-type selection/unloading. (PR 9209, 9046)
* Large expansion of Rust wrapper modules: random, aes, rsa, ecc, dh, sha,
hmac, cmac, ed25519/ed448, pbkdf2/PKCS#12, kdf/prf, SRTP KDFs, and
conditional compilation options. (PR 9191, 9212, 9273, 9306, 9320, 9328,
9368, 9389, 9357, 9433)
* Rust: support optional heap and dev_id parameters and enable conditional
compilation based on C build options. (PR 9407, 9433)
* STM32 fixes (benchmarking and platform fixes) and PSoC6 hardware
acceleration additions. (PR 9228, 9256, 9185)
* STM32U5 added support for SAES and DHUK. (PR 9087)
* Add --enable-curl=tiny option for a smaller build when used with cURL. (PR
9174)
Improvements / Optimizations
* Regression test fixes and expansion: TLS 1.3/1.2 tests, ARDUINO examples,
libssh2 tests, hostap workflows, and nightly test improvements. (PR 9096,
9141, 9091, 9122, 9388)
* Improved test ordering and CI test stability (random tests run order
changes, FIPS test fixes). (PR 9204, 9257)
* Docs and readme fixes, docstring updates, AsconAEAD comment placement, and
example certificate renewals. (PR 9131, 9293, 9262, 9429)
* Updated GPL exception lists (GPLv2 and GPLv3 exception updates: add
Fetchmail and OpenVPN). (PR 9398, 9413)
* Introduced WOLFSSL_DEBUG_CERTS and additional debug/logging refinements.
(PR 8902, 9055)
* Expanded crypto-callback support (SHA family, HKDF, SHA-224, sha512_family
digest selection) and improved crypto-only build cases. (PR 9070, 9252,
9271, 9100, 9194)
* AES & HW offload improvements including AES-CTR support in PKCS11 driver
and AES ECB offload sizing fix. (PR 9277, 9364)
* ESP32: PSRAM allocator support and SHA HW fixes for ESP-IDF v6/v5. (PR
8987, 9225, 9264)
* Renesas FSP / RA examples updated and security-module TLS context
improvements. (PR 9047, 9010, 9158, 9150)
* Broad configure/CMake/Autotools workflow improvements (Apple options
tracking, Watcom pinning, Debian packaging, ESP-IDF pinning). (PR 9037,
9167, 9161, 9264)
* New assembly introspection / performance helpers for RISC-V and PPC32;
benchmarking enhancements (cycle counts). (PR 9101, 9317)
* Update to SGX build for using assembly optimizations. (PR 8463, 9138)
* Testing with Fil-C compiler version to 0.674 (PR 9396)
* Refactors and compressing of small stack code (PR 9153)
Bug Fixes
* Removed the test feature using popen when defining the macro
WOLFSSL_USE_POPEN_HOST and not having HAVE_GETADDRINFO defined, along with
having the macro HAVE_HTTP_CLIENT set. There was the potential for
vulnerable behavior with the use of popen when the API
wolfSSL_BIO_new_connect() was called with this specific build. This exact
build configuration is only intended for testing with QEMU and is not
enabled with any autoconf/cmake flags. Thanks to linraymond2006 for the
report. (PR 9038)
* Fix for C# wrapper Ed25519 potential crash and heap overwrite with raw
public key import when using the API Ed25519ImportPublic.This was a broken
API with the C# wrapper that would crash on use. Thanks to Luigino Camastra
from Aisle Research for the bug report. (PR 9291)
* Coverity, cppcheck, MISRA, clang-tidy, ZeroPath and other static-analysis
driven fixes across the codebase. (PR 9006, 9078, 9068, 9265, 9324)
* TLS 1.2/DTLS improvements: client message order checks, DTLS
cookie/exchange and replay protections, better DTLS early-data handling. (PR
9387, 9253, 9205, 9367)
* Improved X.509 & cert handling: allow larger pathLen in Basic Constraints,
restore inner server name for ECH, retrying cert candidate chains. (PR 8890,
9234, 8692)
* Sniffer robustness: fix infinite recursion, better handling of OOO appData
and partial overlaps, and improved retransmission detection. (PR 9051, 9106,
9140, 9094)
* Numerous linuxkm (kernel-mode) fixes, relocation/PIE normalization, and
FIPS-related build tweaks across many iterations. (PR 9025, 9035, 9067,
9111, 9121)
* ML-KEM/Kyber and ML-DSA fixes for out-of-bounds and seed-import
correctness; multiple ML-related safety fixes. (PR 9142, 9105, 9439)
* Avoid uninitialized-variable and GCC warnings; several fixes for
undefined-shift/overflow issues. (PR 9020, 9372, 9195)
* Memory & leak fixes in X509 verification and various struct sizing fixes
for WOLFSSL_NO_MALLOC usage. (PR 9258, 9036 )
* Fixed RSA / signing / verify-only warnings allowing WOLFSSL_NO_CT_OPS when
WOLFSSL_RSA_VERIFY_ONLY is used and API cleanups for using const. (PR 9031,
9263)
bc229e6 |
14:21 Hiroki Tagato (tagattie)
- misc/crush 0.19.3
Glamourous AI coding agent for your favourite terminal
misc/crush: Update to 0.19.3
Changelog: https://github.com/charmbracelet/crush/releases/tag/v0.19.3
Reported by: GitHub (watch releases)
efb1081 |
14:06 Hiroki Tagato (tagattie)
misc/py-huggingface-hub: Update to 1.1.6
Changelog: https://github.com/huggingface/huggingface_hub/releases/tag/v1.1.6
Reported by: portscout
8182bd3 |
13:28 Hiroki Tagato (tagattie)
- x11-wm/hyprland 0.52.1
Dynamic tiling Wayland compositor that doesn't sacrifice on its looks
x11-wm/hyprland: Update to 0.52.1
Changelog:
- https://github.com/hyprwm/Hyprland/releases/tag/v0.52.0
- https://github.com/hyprwm/Hyprland/releases/tag/v0.52.1
Reported by: GitHub (watch releases)
f728901 |
13:18 Wen Heping (wen)
devel/py-rich-toolkit: Update to 0.17.0
1e4b6e3 |
13:16 Wen Heping (wen)
www/py-asgiref: Update to 3.11.0
cff4476 |
13:09 Matthias Fechner (mfechner)
devel/gitaly: fix build on i386
I provided that patch upstream here:
https://gitlab.com/gitlab-org/gitaly/-/merge_requests/8309
646e363 |
12:55 Wen Heping (wen)
- www/py-litestar 2.18.0
Production-ready, highly performant, extensible ASGI API Framework
www/py-litestar: Add new port
Litestar is a powerful, flexible yet opinionated ASGI framework, focused on
building APIs. It offers high-performance data validation, dependency injection,
first-class ORM integration, authorization primitives, a rich plugin API,
middleware, and much more that's needed to get applications up and running.
9ed20a2
12:17 Bernard Spil (brnrd)
- irc/weechat 4.8.0
Lightweight and user friendly ncurses based IRC client
irc/weechat: Update to 4.8.0
ea2ae5f |
11:55 Kai Knoblich (kai)
www/py-django-tree-queries: Update to 0.23.0
Changelog:
https://github.com/feincms/django-tree-queries/blob/0.23/CHANGELOG.rst
b9b0c68 |
11:55 Kai Knoblich (kai)
textproc/py-pymdown-extensions: Update to 10.17.2
Changelog:
https://github.com/facelessuser/pymdown-extensions/releases/tag/10.17.2
88e0b6c |
11:55 Kai Knoblich (kai)
textproc/py-packageurl-python: Update to 0.17.6
Changelog:
https://github.com/package-url/packageurl-python/releases/tag/v0.17.6
4d21cb6 |
11:55 Kai Knoblich (kai)
devel/py-python-subunit: Update to 1.4.5
Changelog:
https://github.com/testing-cabal/subunit/blob/1.4.5/NEWS
34a3ee3 |
11:55 Kai Knoblich (kai)
devel/py-oslotest: Update to 6.0.0
* Switch to the PEP517 build framework.
* Hook up test suite.
Changelog since 4.4.1:
https://github.com/openstack/oslotest/compare/4.4.1...6.0.0
09ce5b9 |
11:54 Hiroki Tagato (tagattie)
x11/libxkbcommon: Update to 1.13.0
Changelog:
https://github.com/xkbcommon/libxkbcommon/blob/xkbcommon-1.13.0/NEWS.md
PR: 290996
Approved by: x11 (maintainer, timeout >2 weeks)
90d358a |
11:23 Piotr Kubaj (pkubaj)
lang/rust-bootstrap: enable on aarch64
Builds fine for all flavors.
0d557b0 |
11:22 Piotr Kubaj (pkubaj)
devel/freebsd-sysroot: bump to 13.5-RELEASE
The last update for 13-STABLE, next one will be to 14.3-RELEASE.
Reviewed by: mikael
Differential Revision: https://reviews.freebsd.org/D53943
463fdce |
10:52 Yuri Victorovich (yuri)
- devel/subprocess.h g20240720
Single header process launching solution for C and C++
devel/subprocess.h: New port: Single header process launching solution for C and
C++
50cf99c
10:52 Yuri Victorovich (yuri)
- misc/claude-code 2.0.55
Agentic coding tool from Anthropic that lives in your terminal
misc/claude-code: update 2.0.54 → 2.0.55
892cdc4 |
10:52 Yuri Victorovich (yuri)
- www/authelia 4.39.15
Single sign-on multi-factor portal for web apps
www/authelia: update 4.39.14 → 4.39.15
5525590 |
10:52 Yuri Victorovich (yuri)
- misc/libsolv 0.7.35
Package dependency solver using a satisfiability algorithm
misc/libsolv: update 0.7.31 → 0.7.35
5974f8b |
10:52 Yuri Victorovich (yuri)
- audio/dexed 1.0.1
DX7 FM multi plaform/multi format plugin
audio/dexed: update 0.9.9 → 1.0.1
3def393 |
10:52 Yuri Victorovich (yuri)
- security/libxcrypt 4.5.2
Extended crypt library for descrypt, md5crypt, bcrypt, and others
security/libxcrypt: update 4.5.1 → 4.5.2
41d9b4e |
10:52 Yuri Victorovich (yuri)
multimedia/libwebm: update 1.0.0.31 → 1.0.0.32
a6dda55 |
10:52 Yuri Victorovich (yuri)
- math/lis 2.1.10
Library of Iterative Solvers for linear systems
math/lis: update 2.1.8 → 2.1.10
f211259 |
10:52 Yuri Victorovich (yuri)
- multimedia/lms 3.72.1
Lightweight Music Server to access music using a web interface
multimedia/lms: update 3.72.0 → 3.72.1
9ab2f8e |
10:52 Yuri Victorovich (yuri)
benchmarks/inferno: update 0.12.3 → 0.12.4
a55e2a1 |
10:52 Yuri Victorovich (yuri)
math/hmat-oss: update 1.11.0 → 1.11.1
fb933b1 |
10:52 Yuri Victorovich (yuri)
- audio/wasabi 1.0.4
Fast and memory efficient Black MIDI player
audio/wasabi: update 0.1.4-3 → 1.0.4
3d6ff92 |
07:54 Roman Bogorodskiy (novel)
www/qutebrowser: update to 3.6.2
8199c72 |
07:51 Stephen Montgomery-Smith (stephen)
math/octave-forge-statistics: Update to 1.8.0.
7254c22 |
07:38 Po-Chuan Hsieh (sunpoet)
devel/opentelemetry-cpp: Revert 4030b7d57c68fda7bad3230379790065dbb1ed39
libc4core.so is an indirect dependency brought by devel/rapidyaml.
Since it is not a direct dependency, it should not be added to LIB_DEPENDS.
305d477 |
07:18 Po-Chuan Hsieh (sunpoet)
UPDATING: Document node{22,24,25} changes
www/node{22,24,25} now requires databases/sqlite3 with SESSION enabled.
1ca84c7 |
07:17 Po-Chuan Hsieh (sunpoet)
Mk/Uses/python.mk: Update CYTHON3_DEPENDS
- Cosmetic change
3a890f6 |
07:16 Po-Chuan Hsieh (sunpoet)
- devel/py-pytokens 0.3.0
Fast, spec compliant Python 3.14+ tokenizer that runs on older Pythons
devel/py-pytokens: Add py-pytokens 0.3.0
pytokens provides a fast, spec compliant Python 3.14+ tokenizer that runs on
older Pythons.
c543b0e
05:58 Matthias Fechner (mfechner)
www/rubygem-typhoeus-gitlab: fix build error
caused by regression from 9816a72d0e47bc436744e060d0eff483eb1678ce
===> Installing existing package
/packages/All/rubygem-faraday-typhoeus-gitlab-1.1.0_1.pkg
[143amd64-gitlab-job-02] Installing rubygem-faraday-typhoeus-gitlab-1.1.0_1...
[143amd64-gitlab-job-02] `-- Installing rubygem-typhoeus-gitlab-1.4.1...
[143amd64-gitlab-job-02] | `-- Installing rubygem-ethon-0.18.0...
[143amd64-gitlab-job-02] | | `-- Installing rubygem-logger-1.7.0...
pkg-static: rubygem-logger-1.7.0 conflicts with rubygem-logger-gitlab-1.7.0
(installs files into the same place). Problematic file:
/usr/local/lib/ruby/gems/3.3/specifications/logger-1.7.0.gemspec
299b415 |
05:50 Matthias Fechner (mfechner)
devel/opentelemetry-cpp: fix build error
Added devel/c4core as a lib dependency:
====> Running Q/A tests (stage-qa)
Error: /usr/local/lib/libopentelemetry_configuration.so.1.24.0 is linked to
/usr/local/lib/libc4core.so.0.2.6 from devel/c4core but it is not declared as a
dependency
Warning: you need LIB_DEPENDS+=libc4core.so:devel/c4core
Warning: you might not need LIB_DEPENDS on libcurl.so
Warning: you might not need LIB_DEPENDS on libgtest.so
*** Error code 1
Approved by: just-fix-it
4030b7d |
05:36 Matthias Fechner (mfechner)
deskutils/stirling-pdf: update to 2.0.2
Changes: https://github.com/Stirling-Tools/Stirling-PDF/releases/tag/v2.0.2
f0fc00c |
04:19 Cy Schubert (cy)
x11/cde-devel: Update to the latest cdesktopenv-code commit
Update to the latest cdedesktop-code commit proxied through my GH accoun
16bd691 |
03:44 Cy Schubert (cy)
- x11/cde 2.5.3
Common Desktop Environment
x11/cde: Update to 2.5.3
190b450 |
03:19 Wen Heping (wen)
- devel/py-polyfactory 3.1.0
Mock data generation factories
devel/py-polyfactory: Add new port
Polyfactory is a simple and powerful mock data generation library,
based around type hints and supporting dataclasses, typed-dicts,
pydantic models, msgspec structs and more.
dc3e228
02:54 Yuri Victorovich (yuri)
- net/wstunnel 10.5.1
Traffic tunnel over Websocket or HTTP2 to bypass firewalls/DPI
net/wstunnel: update 10.5.0 → 10.5.1
8b72e9e |
02:54 Yuri Victorovich (yuri)
databases/weaviate: update 1.34.0 → 1.34.1
753c8cc |
02:54 Yuri Victorovich (yuri)
- sysutils/systeroid 0.4.6
More powerful alternative to sysctl(8) with a terminal user interface
sysutils/systeroid: update 0.4.5 → 0.4.6
30a81f4 | |
02:54 Yuri Victorovich (yuri) | | | | | | | | | | | | | | | |
|
As an Amazon Associate I earn from qualifying purchases.
