security/vuxml: add FreeBSD SAs issued on 2026-06-30
FreeBSD-SA-26:37.vm affects all supported releases
FreeBSD-SA-26:38.jail affects 15.0R and 15.1R
FreeBSD-SA-26:39.execve affects all supported releases
FreeBSD-SA-26:40.zfs affects all supported releases
FreeBSD-SA-26:41.libalias affects all supported releases
FreeBSD-SA-26:42.unlinkat affects all supported releases
FreeBSD-SA-26:43.tcp affects all supported releases
FreeBSD-SA-26:44.posixshm affects all supported releases
FreeBSD-SA-26:45.audit affects all supported releases
FreeBSD-SA-26:46.ktls affects all supported releases
FreeBSD-SA-26:47.linux affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:48.compat32 affects 14.3R, 14.4R and 15.0R
FreeBSD-SA-26:49.iconv affects all supported releases
pkgconf: match the update to version 2.9.93
This update brings spdxtool(1), with the ability to generate software
bill of material files (SBOM) in the SPDX 3.0.1 format (JSON-LD).
Reviewed by: markj
Approved by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57953
[HLSL] Enable conversion of ConstantBuffer<T> to T (#205996)
HLSL allows assigning a `ConstantBuffer<T>` to an object of type `T`.
This change adds support for this.
Fixes #195093
asmc: try PIO before MMIO to avoid false T2 detection
Add hw.asmc.system-state and hw.asmc.board-id read-only sysctls to
expose the T2 system state register and Mac board identifier via SMC.
Try PIO access before MMIO during probe to prevent false T2 detection
on Macs that happen to have something mapped at the T2 BAR address.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57844
net80211: fix CCMP/GCMP AAD for MFP frames
Update ieee80211_crypto_init_aad() to do what 802.11-2020 says -
only mask fc[0] bits 4-6 on data frames, not on management frames.
This (with other diffs to actually negotiate MFP and configure
ath(4) for MFP + software keys) allows the CCMP path to decrypt
CCMP MFP frames in the software path.
Differential Revision: https://reviews.freebsd.org/D57799
asmc: deduplicate sensor converters and cause sysctls
Replace per-type spXX_to_milli() functions with a table-driven
asmc_sensor_convert() that looks up the divisor by SMC type string.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57854
asmc: add system state and board identity sysctls
Add dev.asmc.0.system subtree with read-only sysctls for SMC diagnostic
and identity keys: shutdown_cause (MSSD), sleep_cause (MSSP),
thermal_status (MSAL), time_of_day (CLKT), power_state (MSPS),
board_id (RPlt), and chip_gen (RGEN).
Each sysctl is registered only if the key exists on the hardware.
Reviewed by: adrian
Differential Revision: https://reviews.freebsd.org/D57853
Introduce EFIKA_OFW_WORKAROUNDS - patch OFW trampoline for EFIKA.
Long story short, is that SmartFirmware (EFIKA's OpenFirmware) misbehaves
on every OF call from the kernel by zeroing SDR1 and messing with BATs.
In the olden days, these problems were worked around with FIRMWORKSBUGS
option. However, that option does not work currently on EFIKA. Presumaly,
something has changed between 2012 and now, which causes FIRMWORKSBUGS
to hang on SmartFirmware very early (before NetBSD copyright banner is
printed).
So we get this kludge, which only does the bare minimum to let OFW
call succeed, and the kernel continue after the call.
[libc++][test][NFC] Remove implementation-detail noise from _BitInt test comments (#206666)
Several `_BitInt` test comments named the builtin the code lowers to,
restated macro equivalences, or pointed at another test file's
internals. They read as machine-generated and do not help a reader. This
rewords them across the `_BitInt` tests touched by #203876, where the
pattern was flagged in review.
Assisted-by: Claude (Anthropic)
Co-authored-by: Claude Opus 4.6 <noreply at anthropic.com>
citrus/HZ: Be more careful about encoding buffer.
1. Use unsigned char for chlen, since it's never negative and only
needs to be big enough for the ch array.
2. Expand the ch array by space for two escape sequences, each of
which is two characters.
I don't think it is currently possible with the i18n data we ship
for it to emit two escape sequences in a row -- there is a code
path to do this, but I don't think it can be reached without
setting escape sequences for variable 1 and extending this in some
way. Nevertheless, let's err on the side of safety.
3. Sprinkle assertions everywhere.
PR 59019: various iconv issues
iconv(3): Fix printing bytes on test failure.
Don't sign-extend to a 32-bit quantity causing the left to be padded
with f's; just print the 8-bit quantity.
PR 59019: various iconv issues