CHERI: declare fueptr and suptr
These should replace fueword and suword when manipulating pointers in
memory. On CHERI targets they will be implemented using capability
aware instructions and otherwise they are defined to fueword and suword.
Reviewed by: kib, markj
Effort: CHERI upstreaming
Sponsored by: Innovate UK
Differential Revision: https://reviews.freebsd.org/D57664
CHERI: declare copy{in,out}ptr{,_nofault}
These provenance-preserving functions are to be used when copying
objects that are expected to contain pointers. Data buffers which do
not contain pointers should be copied by the traditional copyin/copyout
functions which *do not* preserve pointer provenance (on CHERI they
clear validity tags).
NOTE: Going forward, this requires changes when adding new syscalls or
ioctl that take pointers to objects containing pointers. Fortunately,
the vast majority (>90%) of copyin and copyout statements do not copy
pointers and require no change. Failure to make the chance will have no
effect on non-CHERI architectures.
Reviewed by: kib, markj
Effort: CHERI upstreaming
Sponsored by: DARPA, AFRL, Innovate UK
Differential Revision: https://reviews.freebsd.org/D57663
net/rclone: Security update 1.74.2 => 1.74.3
Changelog:
https://rclone.org/changelog/#v1-74-3-2026-06-05
PR: 296192
Reported by: Herbert J. Skuhra <herbert at gojira.at>
Approved by: Ralf van der Enden <tremere at cainites.net> (maintainer)
Approved by: osa, vvd (Mentors, implicit)
Tested by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH: 2026Q2
Security: CVE-2026-49980
(cherry picked from commit 6064d1dd6addbc89d9ac2c6c5df7494b6c7f6cee)
net/rclone: Security update 1.74.2 => 1.74.3
Changelog:
https://rclone.org/changelog/#v1-74-3-2026-06-05
PR: 296192
Reported by: Herbert J. Skuhra <herbert at gojira.at>
Approved by: Ralf van der Enden <tremere at cainites.net> (maintainer)
Approved by: osa, vvd (Mentors, implicit)
Tested by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH: 2026Q2
Security: CVE-2026-49980
www/authelia: enable secret mode to fetch secrets from files
Authelia provides the functionality using go templates so screts must
not be part of the config file, but can be read from external files.
That makes handling of keys more more convinient, like:
```
identity_providers:
oidc:
jwks:
- key: {{ secret "/usr/local/etc/authelia/private_ecdsa.pem" | mindent 10 "|" | msquote }}
- key: {{ secret "/usr/local/etc/authelia/private_rsa.pem" | mindent 10 "|" | msquote }}
```
Authelia must be started for this with the template filter which that commit
adds.
PR: 295354
Approved by: yuri (maintainer, timeout)
dns/dnsdist: update to v2.0.6
PR: 295515
Reported by: Jordan Ostreff <jordan at ostreff.info>
Approved by: tremere at cainites.net (maintainer)
(cherry picked from commit 9df447a2af2400984d1f068c7d3bed36da348e55)
