Should this not do the same as 9134ed157388f3e34374322a5de06449a031f1ec?
- Queries
- All Stories
- Search
- Advanced Search
- Transactions
- Transaction Logs
Feed All Stories
All Stories
All Stories
Today
Today
math/R-cran-fracdiff: Update to 1.5-4
pouria committed rGc5a92616c41f: if_gre(4): Fix gre_clone_dump_nl address dump (authored by pouria).
if_gre(4): Fix gre_clone_dump_nl address dump
@adrian could you perhaps look into getting this reviewed and committed upstream?
mail/thunderbird-esr: update to 140.10.1 (rc1)
mail/thunderbird: update to 150.0.1 (rc1)
net-mgmt/check_ssl_cert: update to 2.98.0
mail/thunderbird-esr: update to 140.10.1 (rc1)
mail/thunderbird: update to 150.0.1 (rc1)
md5: Encode non-printable filenames
sysutils/iocage: fix "make test"
gordon committed R9:f8af2345e0b4: Update credit line for SA-26:13 per submitter request. (authored by gordon).
Update credit line for SA-26:13 per submitter request.
Note that @grembo , while AFK, indicated his approval to me over email.
gordon committed R9:51a06c234837: Add EN-26:08 through EN-26:10 and SA-26:12 through SA-26:17. (authored by gordon).
Add EN-26:08 through EN-26:10 and SA-26:12 through SA-26:17.
www/py-nh3: Update to 0.3.5
kai committed R11:5707ef38f03c: www/py-drf-spectacular-sidecar: Update to 2026.4.14 (authored by kai).
www/py-drf-spectacular-sidecar: Update to 2026.4.14
textproc/py-zensical: Update to 0.0.37
textproc/py-pyahocorasick: Update to 2.3.1
textproc/py-ttp-templates: Update to 0.5.5
devel/py-strawberry-graphql: Update to 0.315.2
net-mgmt/netbox: Update to 4.5.9
kai committed R11:3eb77bbf122f: www/py-dj52-social-auth-app-django: Update to 5.8.0 (authored by kai).
www/py-dj52-social-auth-app-django: Update to 5.8.0
kai committed R11:4a51b0ec0454: www/py-dj52-drf-spectacular-sidecar: Update to 2026.4.14 (authored by kai).
www/py-dj52-drf-spectacular-sidecar: Update to 2026.4.14
textproc/py-mkdocstrings: Update to 1.0.4
devel/py-rq: Update to 2.8.0
kai committed R11:51a95ce7ba35: devel/py-dj52-strawberry-graphql: Update to 0.315.2 (authored by kai).
devel/py-dj52-strawberry-graphql: Update to 0.315.2
nxjoseph committed R11:b024233aa8b7: net-mgmt/rubygem-oxidized-web: Update 0.18.0 => 0.18.1 (authored by nxjoseph).
net-mgmt/rubygem-oxidized-web: Update 0.18.0 => 0.18.1
www/forgejo-lts: Update to 11.0.13
www/foregjo: Update to 14.0.5
www/forgejo-lts: Update to 11.0.13
www/foregjo: Update to 14.0.5
In D46284#1299021, @crest_freebsd_rlwinm.de wrote:In D46284#1298773, @kevans wrote:I had hoped to attend the jail user call today to be able to discuss this, but the Discord event has it an hour off and I didn't discover the authoritative source @ callfortesting.org until I was wondering why nobody was showing up. *deep sigh*
I don't think we're comfortable, as a project, to enable this for all users of jail(8) by default without an additional flag. I appreciate that you want to do stuff like this with existing jail scripts but this is a huge POLA violation (even assuming proper communication across a major branch update) with security implications, and I don't think enabling maybe-executable config scripts is a pattern that we really want propagating.
There was some discussion out-of-band after a concerned user reached out about this, and it was pointed out to me that automountd does the same thing, so I've pitched a review to try and neuter that a bit because that's terrifying: D56680.
The jail.conf(5) format already defines hooks that by design execute as root on the host (exec.prepare/created/prestart/poststart/prestop/poststop/release). Having any untrusted jail.conf(5) on the system is a game over scenario similar to having a malicous /etc/crontab or rc.d script installed. Moving the attack surface a few milliseconds forward from the exec.prepare (or exec.prestop when removing a jail) stage to the config parsing stage doesn't increase the attack surface in a meaningful way.
LGTM, please see my comment.
glebius committed rG6883b120c537: inpcb: allow to specify different sizes for port and load balance hashes (authored by glebius).
inpcb: allow to specify different sizes for port and load balance hashes
glebius committed rG9b8eb70ca974: inpcb: improve some internal function names (authored by glebius).
inpcb: improve some internal function names
sysutils/vobcopy: Update to 1.2.2
15.0: Update "latest" AMIs
In D56691#1298953, @sarah.walker2_arm.com wrote:In D56691#1298952, @zlei wrote:How can alignment lead locking issues ? Not an expert on this, just out of curious.
The standard behaviour for busdma_bounce implementations is that bus_dmamap with alignment > 1 is marked as COULD_BOUNCE. Among other things this can cause a bounce zone to be allocated at bus_dmamap creation time. This causes further allocations without M_NOWAIT which triggers the locking issue.
science/py-kim-query: update 3.0.0 → 4.0.0
misc/openclaw: update 2026.4.24 → 2026.4.26
yuri committed R11:f8447d47b68a: devel/wizer: Add patch to support FreeBSD/aarch64 (authored by yuri).
devel/wizer: Add patch to support FreeBSD/aarch64
science/py-hoomd-blue: update 6.0.0 → 7.0.1
devel/cargo-about: update 0.8.4 → 0.9.0
devel/cargo-udeps: update 0.1.60 → 0.1.61
misc/lean-ctx: update 3.4.3 → 3.4.5
math/cppad: update 20250000.1 → 20260000.0
misc/timr-tui: update 1.8.0 → 1.8.1
databases/weaviate: update 1.37.1 → 1.37.2
security/rpm-sequoia: update 1.10.1 → 1.10.2
www/ghostunnel: update 1.9.2 → 1.10.0
devel/gitoxide: update 0.52.0 → 0.53.0
lang/prql: update 0.13.11 → 0.13.12
sysutils/mise: update 2026.4.24 → 2026.4.25
shells/atuin: update 18.15.2 → 18.16.0
www/py-qh3: update 1.7.3 → 1.7.4
devel/{,py-}ruff: update 0.15.11 → 0.15.12
yuri committed R11:7a68de0bd6cb: misc/bun-decompile: New port: Extract and de-minify source code from Bun… (authored by yuri).
misc/bun-decompile: New port: Extract and de-minify source code from Bun…
misc/clawhub: update 0.9.0 → 0.12.0
textproc/ytt: update 0.53.2 → 0.54.0
devel/buf: update 1.68.3 → 1.68.4
security/gosec: update 2.25.0 → 2.26.1
sysutils/ipget: update 0.13.0 → 0.13.1
dns/subfinder: update 2.13.0 → 2.14.0
databases/rqlite: update 9.4.5 → 10.0.0
misc/py-datasets: update 4.8.2 → 4.8.5
misc/fabric: update 1.4.449 → 1.4.451
devel/catch2: update 3.13.0 → 3.14.0
lang/csharp-mode.el: Mark port as deprecated
x11/libXxf86dga: Update to 1.1.7
x11-fonts/font-micro-misc: Update to 1.0.4
In D46284#1299031, @imp wrote:In D46284#1299021, @crest_freebsd_rlwinm.de wrote:@kevans: Can you think of a realistic situation where someone will have their jail configuration unintentionally executable? I don't think chmod -R 777 /etc is a supported configuration. Are we forced to support FAT32 as root file system on any strange platform or something like that?
That's the wrong question. For security related things, you have to default to 'fail safe' and this feature fails to meet that criteria.
fernape committed R11:32bc1f34625a: security/vuxml: Add Mozilla vulnerabilities (authored by fernape).
security/vuxml: Add Mozilla vulnerabilities
In D46284#1299021, @crest_freebsd_rlwinm.de wrote:@kevans: Can you think of a realistic situation where someone will have their jail configuration unintentionally executable? I don't think chmod -R 777 /etc is a supported configuration. Are we forced to support FAT32 as root file system on any strange platform or something like that?
x11/editres: Update to 1.1.1
kerneldoc: also ingest .md (markdown files)
x11-toolkits/libXmu: Update to 1.3.1
Update comment
Add UPDATING entries and bump version