FreeBSD/ports f96acb2security/vuxml/vuln 2026.xml

security/vuxml: add FreeBSD SAs issued on 2026-06-30

FreeBSD-SA-26:37.vm affects all supported releases
FreeBSD-SA-26:38.jail affects 15.0R and 15.1R
FreeBSD-SA-26:39.execve affects all supported releases
FreeBSD-SA-26:40.zfs affects all supported releases
FreeBSD-SA-26:41.libalias affects all supported releases
FreeBSD-SA-26:42.unlinkat affects all supported releases
FreeBSD-SA-26:43.tcp affects all supported releases
FreeBSD-SA-26:44.posixshm affects all supported releases
FreeBSD-SA-26:45.audit affects all supported releases
FreeBSD-SA-26:46.ktls affects all supported releases
FreeBSD-SA-26:47.linux affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:48.compat32 affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:49.iconv affects all supported releases
DeltaFile
+480-0security/vuxml/vuln/2026.xml
+480-01 files

FreeBSD/ports 805e608security/openconnect Makefile distinfo, security/openconnect/files patch-openconnect-internal.h

security/openconnect: Update 9.12 => 9.21

Changelog:
https://www.infradead.org/openconnect/changelog.html

- Remove unnecessary GNU_CONFIGURE_MANPREFIX.
- Fix warnings from portclippy.
- Add P11KIT option.

PR:             296085
Approved by:    zi (maintainer, timeout 2 weeks)
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH:            2026Q2

(cherry picked from commit 9fdee93d72012d505371d25f8b5bc9a4242bde0c)
DeltaFile
+29-25security/openconnect/Makefile
+8-16security/openconnect/files/patch-openconnect-internal.h
+3-3security/openconnect/distinfo
+40-443 files

FreeBSD/ports 9fdee93security/openconnect Makefile distinfo, security/openconnect/files patch-openconnect-internal.h

security/openconnect: Update 9.12 => 9.21

Changelog:
https://www.infradead.org/openconnect/changelog.html

- Remove unnecessary GNU_CONFIGURE_MANPREFIX.
- Fix warnings from portclippy.
- Add P11KIT option.

PR:             296085
Approved by:    zi (maintainer, timeout 2 weeks)
Sponsored by:   UNIS Labs
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
MFH:            2026Q2
DeltaFile
+29-25security/openconnect/Makefile
+8-16security/openconnect/files/patch-openconnect-internal.h
+3-3security/openconnect/distinfo
+40-443 files

FreeBSD/src 43b1adelib/libpkgconf Makefile, lib/libpkgconf/libpkgconf config.h

pkgconf: match the update to version 2.9.93

This update brings spdxtool(1), with the ability to generate software
bill of material files (SBOM) in the SPDX 3.0.1 format (JSON-LD).

Reviewed by:    markj
Approved by:    markj
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57953
DeltaFile
+58-35lib/libpkgconf/libpkgconf/config.h
+29-4lib/libpkgconf/Makefile
+30-0usr.bin/spdxtool/Makefile
+4-4packages/pkgconf/pkgconf.ucl
+2-0usr.bin/pkgconf/Makefile
+1-0usr.bin/Makefile
+124-431 files not shown
+125-437 files

LLVM/project c7e2809clang/lib/Sema SemaInit.cpp SemaExpr.cpp, clang/test/AST/HLSL ConstantBuffers-AST.hlsl ConstantBuffers-AST-error.hlsl

[HLSL] Enable conversion of ConstantBuffer<T> to T (#205996)

HLSL allows assigning a `ConstantBuffer<T>` to an object of type `T`.
This change adds support for this.

Fixes #195093
DeltaFile
+255-0clang/test/CodeGenHLSL/resources/ConstantBufferT-struct-passing.hlsl
+31-0clang/test/AST/HLSL/ConstantBuffers-AST.hlsl
+29-1clang/lib/Sema/SemaInit.cpp
+0-24clang/test/AST/HLSL/ConstantBuffers-AST-error.hlsl
+0-23clang/test/CodeGenHLSL/cbuffer_copy_layout.hlsl
+14-4clang/lib/Sema/SemaExpr.cpp
+329-526 files not shown
+344-6312 files

FreeBSD/src 592efe2contrib/pkgconf/cli main.c core.c, contrib/pkgconf/cli/spdxtool core.c

Merge commit '0cf7106da9f36671ef62142c27de98eee9d874d6' into khorben/pkgconf-2.9.93
DeltaFile
+173-1,493contrib/pkgconf/cli/main.c
+1,585-0contrib/pkgconf/tests/test-runner.c
+1,464-0contrib/pkgconf/cli/core.c
+194-975contrib/pkgconf/libpkgconf/win-dirent.h
+475-447contrib/pkgconf/libpkgconf/pkg.c
+854-0contrib/pkgconf/cli/spdxtool/core.c
+4,745-2,915542 files not shown
+24,800-6,437548 files

NetBSD/src OZVCckcsys/arch/ofppc/conf EFIKA

   Add kernel config for EFIKA 5200B. The board is supported now.
VersionDeltaFile
1.1+271-0sys/arch/ofppc/conf/EFIKA
+271-01 files

FreeBSD/src bb1e071sys/dev/asmc asmc.c asmcmmio.c

asmc: try PIO before MMIO to avoid false T2 detection

Add hw.asmc.system-state and hw.asmc.board-id read-only sysctls to
expose the T2 system state register and Mac board identifier via SMC.

Try PIO access before MMIO during probe to prevent false T2 detection
on Macs that happen to have something mapped at the T2 BAR address.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57844
DeltaFile
+34-27sys/dev/asmc/asmc.c
+1-1sys/dev/asmc/asmcmmio.c
+1-1sys/dev/asmc/asmcvar.h
+36-293 files

FreeBSD/src a2d087bsys/net80211 ieee80211_crypto.c

net80211: fix CCMP/GCMP AAD for MFP frames

Update ieee80211_crypto_init_aad() to do what 802.11-2020 says -
only mask fc[0] bits 4-6 on data frames, not on management frames.
This (with other diffs to actually negotiate MFP and configure
ath(4) for MFP + software keys) allows the CCMP path to decrypt
CCMP MFP frames in the software path.

Differential Revision:  https://reviews.freebsd.org/D57799
DeltaFile
+7-2sys/net80211/ieee80211_crypto.c
+7-21 files

FreeBSD/src 126f82asys/dev/asmc asmc.c

asmc: deduplicate sensor converters and cause sysctls

Replace per-type spXX_to_milli() functions with a table-driven
asmc_sensor_convert() that looks up the divisor by SMC type string.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57854
DeltaFile
+46-109sys/dev/asmc/asmc.c
+46-1091 files

LLVM/project f9f4331libc/shared builtins.h, libc/shared/builtins muldf3.h

[libc] add shared muldf3 builtin (#205674)

Re-exposes LLVM-libc's `__muldf3` as `shared::muldf3` for reuse by
compiler-rt's builtins.

Stacked change - merge these first:
- #200094
- #205669
- #205670
- #205671
- #205672
- #205673

Part of #197824
DeltaFile
+32-0libc/src/__support/builtins/muldf3.h
+29-0libc/shared/builtins/muldf3.h
+9-0libc/src/__support/builtins/CMakeLists.txt
+1-0libc/shared/builtins.h
+1-0libc/test/shared/CMakeLists.txt
+1-0libc/test/shared/shared_builtins_test.cpp
+73-06 files

FreeBSD/src 6a1bd52sys/dev/asmc asmc.c asmcvar.h

asmc: add system state and board identity sysctls

Add dev.asmc.0.system subtree with read-only sysctls for SMC diagnostic
and identity keys: shutdown_cause (MSSD), sleep_cause (MSSP),
thermal_status (MSAL), time_of_day (CLKT), power_state (MSPS),
board_id (RPlt), and chip_gen (RGEN).

Each sysctl is registered only if the key exists on the hardware.

Reviewed by:    adrian
Differential Revision:  https://reviews.freebsd.org/D57853
DeltaFile
+220-0sys/dev/asmc/asmc.c
+86-0sys/dev/asmc/asmcvar.h
+306-02 files

FreeBSD/ports 468bc70. UPDATING

UPDATING: Add description how to migrate from audio/murmur to audio/mumble-server

Sponsored by:   UNIS Labs
DeltaFile
+31-0UPDATING
+31-01 files

NetBSD/src 9QpNxuBsys/arch/powerpc/mpc5200 mpc5200_ac97.c

   Add debugging to MPC5200B AC97 driver.

   An attempt to hunt down rare cold boot race.
VersionDeltaFile
1.2+26-7sys/arch/powerpc/mpc5200/mpc5200_ac97.c
+26-71 files

NetBSD/src Ui0b2ucsys/arch/powerpc/conf files.ofw, sys/arch/powerpc/oea ofw_subr.S

   Introduce EFIKA_OFW_WORKAROUNDS - patch OFW trampoline for EFIKA.

   Long story short, is that SmartFirmware (EFIKA's OpenFirmware) misbehaves
   on every OF call from the kernel by zeroing SDR1 and messing with BATs.

   In the olden days, these problems were worked around with FIRMWORKSBUGS
   option. However, that option does not work currently on EFIKA. Presumaly,
   something has changed between 2012 and now, which causes FIRMWORKSBUGS
   to hang on SmartFirmware very early (before NetBSD copyright banner is
   printed).

   So we get this kludge, which only does the bare minimum to let OFW
   call succeed, and the kernel continue after the call.
VersionDeltaFile
1.21+48-1sys/arch/powerpc/oea/ofw_subr.S
1.7+9-1sys/arch/powerpc/conf/files.ofw
+57-22 files

FreeBSD/doc 4eb8e14website/content/en/releases/14.3R errata.adoc, website/content/en/releases/14.4R errata.adoc

Add errata affecting 14.3R, 14.4R, 15.0R and 15.1R

FreeBSD-EN-26:16.arm64 affects all supported releases
FreeBSD-EN-26:17.rpcsec_tls affects 15.0R and 15.1R
DeltaFile
+2-3website/content/en/releases/15.1R/errata.adoc
+2-0website/content/en/releases/15.0R/errata.adoc
+1-0website/content/en/releases/14.3R/errata.adoc
+1-0website/content/en/releases/14.4R/errata.adoc
+6-34 files

FreeBSD/doc c825b69website/content/en/releases/14.3R errata.adoc, website/content/en/releases/14.4R errata.adoc

Add security advisories affecting 14.3R, 14.4R, 15.0R and 15.1R

FreeBSD-SA-26:37.vm affects all supported releases
FreeBSD-SA-26:38.jail affects 15.0R and 15.1R
FreeBSD-SA-26:39.execve affects all supported releases
FreeBSD-SA-26:40.zfs affects all supported releases
FreeBSD-SA-26:41.libalias affects all supported releases
FreeBSD-SA-26:42.unlinkat affects all supported releases
FreeBSD-SA-26:43.tcp affects all supported releases
FreeBSD-SA-26:44.posixshm affects all supported releases
FreeBSD-SA-26:45.audit affects all supported releases
FreeBSD-SA-26:46.ktls affects all supported releases
FreeBSD-SA-26:47.linux affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:48.compat32 affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:49.iconv affects all supported releases
DeltaFile
+11-3website/content/en/releases/15.1R/errata.adoc
+13-0website/content/en/releases/15.0R/errata.adoc
+12-0website/content/en/releases/14.4R/errata.adoc
+12-0website/content/en/releases/14.3R/errata.adoc
+48-34 files

LLVM/project 443d933libunwind/src Unwind-wasm.c

[libunwind] Fix comment about phase (NFC) (#206660)

We switched to use `_UA_SEARCH_PHASE` in
https://github.com/emscripten-core/emscripten/pull/17991, but the
comment above was not fixed, and it was upstreamed that way later.
DeltaFile
+1-1libunwind/src/Unwind-wasm.c
+1-11 files

LLVM/project bc59f8fllvm/lib/ExecutionEngine/Orc InProcessEPC.cpp

[ORC] Add missing std::move. (#206859)

This should fix the build failure at
https://lab.llvm.org/buildbot/#/builders/116/builds/29995.
DeltaFile
+1-1llvm/lib/ExecutionEngine/Orc/InProcessEPC.cpp
+1-11 files

LLVM/project 3f92b6bllvm/lib/Target/AArch64/Disassembler AArch64Disassembler.cpp, llvm/lib/Target/AArch64/MCTargetDesc AArch64InstPrinter.cpp

fixup! Small improvement
DeltaFile
+1-3llvm/lib/Target/AArch64/Disassembler/AArch64Disassembler.cpp
+1-1llvm/lib/Target/AArch64/MCTargetDesc/AArch64InstPrinter.cpp
+2-42 files

NetBSD/pkgsrc Ru7ARzAcross/ppc-morphos-gcc Makefile, cross/ppc-morphos-gcc/files objc-saveds.diff

   cross/ppc-morphos-gcc: Fix objc-saveds.diff

   This fixes leaking saveds into non-ObjC methods as the type was shared.
VersionDeltaFile
1.2+6-6cross/ppc-morphos-gcc/files/objc-saveds.diff
1.7+2-2cross/ppc-morphos-gcc/Makefile
+8-82 files

LLVM/project fe80adelibcxx/test/std/containers/views/mdspan/extents bitint.pass.cpp, libcxx/test/std/language.support/support.limits/limits/numeric.limits.members min.pass.cpp digits10.pass.cpp

[libc++][test][NFC] Remove implementation-detail noise from _BitInt test comments (#206666)

Several `_BitInt` test comments named the builtin the code lowers to,
restated macro equivalences, or pointed at another test file's
internals. They read as machine-generated and do not help a reader. This
rewords them across the `_BitInt` tests touched by #203876, where the
pattern was flagged in review.

Assisted-by: Claude (Anthropic)

Co-authored-by: Claude Opus 4.6 <noreply at anthropic.com>
DeltaFile
+10-30libcxx/test/std/utilities/utility/utility.intcmp/intcmp.bitint.pass.cpp
+9-20libcxx/test/std/numerics/bit/byteswap.pass.cpp
+4-8libcxx/test/std/numerics/numeric.ops/numeric.ops.sat/saturating.bitint.pass.cpp
+3-8libcxx/test/std/language.support/support.limits/limits/numeric.limits.members/min.pass.cpp
+4-7libcxx/test/std/language.support/support.limits/limits/numeric.limits.members/digits10.pass.cpp
+3-6libcxx/test/std/containers/views/mdspan/extents/bitint.pass.cpp
+33-798 files not shown
+44-10114 files

LLVM/project 475bc04libcxx/include set, libcxx/test/std/containers/associative/set iterator.pass.cpp merge.pass.cpp

[libc++] Make `<set>` `std::set` constexpr as part of P3372R3 (#167241)
DeltaFile
+161-91libcxx/include/set
+20-16libcxx/test/std/containers/associative/set/set.cons/copy_assign.pass.cpp
+20-13libcxx/test/std/containers/associative/set/iterator.pass.cpp
+20-13libcxx/test/std/containers/associative/set/set.nonmember/op_compare.pass.cpp
+19-11libcxx/test/std/containers/associative/set/merge.pass.cpp
+27-0libcxx/test/std/language.support/support.limits/support.limits.general/version.version.compile.pass.cpp
+267-14471 files not shown
+934-35177 files

NetBSD/src eage6aZlib/libc/citrus/modules citrus_viqr.c

   citrus/VIQR: unsigned chlen for simplicity; sprinkle assertions.

   PR 59019: various iconv issues
VersionDeltaFile
1.9+14-3lib/libc/citrus/modules/citrus_viqr.c
+14-31 files

NetBSD/src 0n1zEmmlib/libc/citrus/modules citrus_utf7.c

   citrus/UTF7: unsigned chlen for simplicity; sprinkle assertions.

   PR 59019: various iconv issues
VersionDeltaFile
1.9+26-6lib/libc/citrus/modules/citrus_utf7.c
+26-61 files

NetBSD/src 10gCbbolib/libc/citrus/modules citrus_hz.c

   citrus/HZ: Be more careful about encoding buffer.

   1. Use unsigned char for chlen, since it's never negative and only
      needs to be big enough for the ch array.

   2. Expand the ch array by space for two escape sequences, each of
      which is two characters.

      I don't think it is currently possible with the i18n data we ship
      for it to emit two escape sequences in a row -- there is a code
      path to do this, but I don't think it can be reached without
      setting escape sequences for variable 1 and extending this in some
      way.  Nevertheless, let's err on the side of safety.

   3. Sprinkle assertions everywhere.

   PR 59019: various iconv issues
VersionDeltaFile
1.7+22-6lib/libc/citrus/modules/citrus_hz.c
+22-61 files

NetBSD/src D74v71Slib/i18n_module Makefile.inc, lib/libc/citrus/modules citrus_viqr.c citrus_iconv_std.c

   i18n_modules: Build with _DIAGNOSTIC.

   Fix some bitrot that it turned up here.

   PR 59019: various iconv issues
VersionDeltaFile
1.8+19-6lib/libc/citrus/modules/citrus_viqr.c
1.17+6-4lib/libc/citrus/modules/citrus_iconv_std.c
1.6+6-4lib/libc/citrus/modules/citrus_hz.c
1.15+2-1lib/i18n_module/Makefile.inc
+33-154 files

NetBSD/src GLq16Yytests/lib/libc/locale t_iconv.c

   iconv(3): Fix printing bytes on test failure.

   Don't sign-extend to a 32-bit quantity causing the left to be padded
   with f's; just print the 8-bit quantity.

   PR 59019: various iconv issues
VersionDeltaFile
1.8+5-5tests/lib/libc/locale/t_iconv.c
+5-51 files

LLVM/project f89b1ecllvm/lib/Target/AArch64/Disassembler AArch64Disassembler.cpp

fixup! Small improvement
DeltaFile
+1-3llvm/lib/Target/AArch64/Disassembler/AArch64Disassembler.cpp
+1-31 files

NetBSD/src exLfYVQtests/lib/libc/locale t_iconv.c

   iconv(3): Expand ISO-2022-CN tests a little.

   This one is broken for a partial input case, not yet sure why.

   PR 59019: various iconv issues
VersionDeltaFile
1.7+19-4tests/lib/libc/locale/t_iconv.c
+19-41 files