HardenedBSD/src fafed4asys/contrib/dev/athk/ath10k testmode.c core.c, sys/contrib/dev/rtw88 bf.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+234-41sys/contrib/dev/athk/ath10k/testmode.c
+48-0usr.bin/truncate/tests/truncate_test.sh
+11-17sys/contrib/dev/athk/ath10k/core.c
+18-1sys/contrib/dev/athk/ath10k/wmi.h
+15-0sys/contrib/dev/athk/ath10k/testmode_i.h
+7-1sys/contrib/dev/rtw88/bf.c
+333-6010 files not shown
+358-6616 files

HardenedBSD/src dfa4e28sys/contrib/dev/athk/ath10k testmode.c core.c, sys/contrib/dev/rtw88 bf.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+234-41sys/contrib/dev/athk/ath10k/testmode.c
+48-0usr.bin/truncate/tests/truncate_test.sh
+11-17sys/contrib/dev/athk/ath10k/core.c
+18-1sys/contrib/dev/athk/ath10k/wmi.h
+15-0sys/contrib/dev/athk/ath10k/testmode_i.h
+7-1sys/contrib/dev/rtw88/bf.c
+333-6010 files not shown
+358-6616 files

HardenedBSD/ports d0b6658archivers/zip/files patch-zip.c

HBSD: Resolve merge conflict

This port was updated upstream. We no longer need to carry a patch
downstream to support our HARDCFLAGS option.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+0-23archivers/zip/files/patch-zip.c
+0-231 files

HardenedBSD/ports 1b29103devel/electron39/files/packagejsons yarn.lock, graphics/sdl2_gpu pkg-plist

Merge remote-tracking branch 'internal/freebsd/main' into hardenedbsd/main

Conflicts:
        archivers/zip/files/patch-zip.c (unresolved)
DeltaFile
+578-0multimedia/ccextractor/files/patch-src_rust_Cargo.lock
+268-268graphics/sdl2_gpu/pkg-plist
+377-85multimedia/ccextractor/distinfo
+180-34multimedia/ccextractor/Makefile.crates
+35-116multimedia/ccextractor/files/patch-linux_Makefile.am
+64-77devel/electron39/files/packagejsons/yarn.lock
+1,502-58060 files not shown
+1,982-88666 files

HardenedBSD/ports 648a61dgames/veloren-weekly distinfo Makefile

games/veloren-weekly: update to s20260121

Changes:        https://gitlab.com/veloren/veloren/-/compare/5378d5cf29...547fc9f725
DeltaFile
+3-3games/veloren-weekly/distinfo
+2-2games/veloren-weekly/Makefile
+5-52 files

HardenedBSD/ports 4e744e4emulators/rpcs3 distinfo Makefile

emulators/rpcs3: update to 0.0.39.18708

Changes:        https://github.com/RPCS3/rpcs3/compare/d7b723cd7c...3e49c32c9c
DeltaFile
+3-3emulators/rpcs3/distinfo
+2-2emulators/rpcs3/Makefile
+5-52 files

HardenedBSD/ports b95e493graphics/mesa-devel distinfo Makefile

graphics/mesa-devel: update to 26.0.b.44

Changes:        https://gitlab.freedesktop.org/mesa/mesa/-/compare/6f076cdfda3...481df222095
DeltaFile
+3-3graphics/mesa-devel/distinfo
+2-2graphics/mesa-devel/Makefile
+5-52 files

HardenedBSD/ports 023fa28x11/wvkbd distinfo Makefile

x11/wvkbd: update to 0.19

Changes:        https://git.sr.ht/~proycon/wvkbd/log/v0.19
Reported by:    GitHub (watch releases)
DeltaFile
+3-3x11/wvkbd/distinfo
+1-1x11/wvkbd/Makefile
+4-42 files

HardenedBSD/ports 91a52fcnet-im/ejabberd pkg-plist distinfo

net-im/ejabberd: Update to 26.01
DeltaFile
+35-1net-im/ejabberd/pkg-plist
+13-11net-im/ejabberd/distinfo
+10-8net-im/ejabberd/Makefile
+58-203 files

HardenedBSD/ports d36f41beditors/vscode Makefile, net-im/deltachat-desktop Makefile

*/*: Bump port revision after electron39 update (af09aa198c34)
DeltaFile
+1-1net-im/deltachat-desktop/Makefile
+1-0editors/vscode/Makefile
+2-12 files

HardenedBSD/ports af09aa1devel/electron39 distinfo Makefile, devel/electron39/files patch-electron_shell_browser_api_electron__api__web__contents.cc patch-electron_spec_version-bump-spec.ts

devel/electron39: Update to 39.3.0

Changelog: https://github.com/electron/electron/releases/tag/v39.3.0

Reported by:    GitHub (watch releases)
DeltaFile
+64-77devel/electron39/files/packagejsons/yarn.lock
+11-11devel/electron39/distinfo
+4-4devel/electron39/files/patch-electron_shell_browser_api_electron__api__web__contents.cc
+1-5devel/electron39/files/packagejsons/package.json
+2-2devel/electron39/Makefile
+2-2devel/electron39/files/patch-electron_spec_version-bump-spec.ts
+84-1011 files not shown
+85-1027 files

HardenedBSD/ports 8a7d9cdsecurity/himitsu pkg-plist Makefile, security/himitsu/files patch-Makefile

security/himitsu: create new port

Himitsu is a secure secret storage system for Unix-like systems. It provides an
arbitrary key/value store (where values may be secret) and a query language for
manipulating the key store.

WWW: https://himitsustore.org

PR:             292475
DeltaFile
+22-0security/himitsu/pkg-plist
+19-0security/himitsu/Makefile
+15-0security/himitsu/pkg-message
+11-0security/himitsu/files/patch-Makefile
+3-0security/himitsu/pkg-descr
+3-0security/himitsu/distinfo
+73-01 files not shown
+74-07 files

HardenedBSD/ports 9711d61multimedia/ccextractor distinfo Makefile.crates, multimedia/ccextractor/files patch-src_rust_Cargo.lock patch-linux_Makefile.am

multimedia/ccextractor: update to 0.96.5

 - rust now mandatory
 - GUI rewritten in flutter, which we do not support unfortunately
 - hard subtitle extraction works now

Changelog: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.5
Changelog: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.4
Changelog: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.3
Changelog: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.2
Changelog: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96.1
Changelog: https://github.com/CCExtractor/ccextractor/releases/tag/v0.96
DeltaFile
+578-0multimedia/ccextractor/files/patch-src_rust_Cargo.lock
+377-85multimedia/ccextractor/distinfo
+180-34multimedia/ccextractor/Makefile.crates
+35-116multimedia/ccextractor/files/patch-linux_Makefile.am
+55-17multimedia/ccextractor/Makefile
+0-54multimedia/ccextractor/Makefile.master
+1,225-3068 files not shown
+1,308-37914 files

HardenedBSD/ports e13864d. MOVED, multimedia Makefile

multimedia/ccextractor-gui: remove port

The ccextractor GUI has been rewritten in flutter, which requires Dart.
We do not support Dart, so that means no GUI for us for now.
DeltaFile
+0-20multimedia/ccextractor-gui/Makefile
+1-0MOVED
+0-1multimedia/Makefile
+1-213 files

HardenedBSD/ports e83a9b0multimedia/gpac Makefile

multimedia/gpac: enable pic everywhere

This fixes the build on arm64 for example.

Approved by:    portmgr (build fix blanket)
DeltaFile
+2-3multimedia/gpac/Makefile
+2-31 files

HardenedBSD/ports 93bb4e4net-im/gurk-rs Makefile

net-im/gurk-rs: fix build on armv7

Same fix as for shells/nushell.

Approved by:    portmgr (build fix blanket)
MFH:            2026Q1
DeltaFile
+1-0net-im/gurk-rs/Makefile
+1-01 files

HardenedBSD/ports bd7e3e8net-mgmt/nagios-pf-plugin Makefile

net-mgmt/nagios-pf-plugin: broken on FreeBSD 15, deprecate

This port requires the obsolete ioctl(DIOCGETSTATUS), which is no
longer supported on FreeBSD 15.  Upstream is dead, so deprecate.
It also has some questionable warnings.

See also:       D41651
MFH:            2026Q1
DeltaFile
+7-1net-mgmt/nagios-pf-plugin/Makefile
+7-11 files

HardenedBSD/ports e730129shells/nushell Makefile

shells/nushell: fix build on armv7

PR:             286368
MFH:            2026Q1
Tested by:      fuz
Approved by:    yuri (maintainer timeout)
DeltaFile
+1-2shells/nushell/Makefile
+1-21 files

HardenedBSD/ports e0e704barchivers/zip Makefile, archivers/zip/files patch-zip.c patch-fileio.c

archivers/zip: apply Debian patches

These patches fix some security and other issues:

 - ( 7) zipnote.c: Close in_file instead of undefined file x
 - ( 8) Use format specifier %s to print strings, not the string itself
 - (14) Fix buffer overflow when filename contains unicode characters
 - (15) Fix buffer overflow when using '-T -TT'
 - (16) Fix symlink update detection

Obtained from:  https://salsa.debian.org/sanvila/zip
Reported by:    diizzy
Reviewed by:    diizzy
Security:       CVE-2018-13410
MFH:            2026Q1
DeltaFile
+43-0archivers/zip/files/patch-zip.c
+19-0archivers/zip/files/patch-fileio.c
+16-0archivers/zip/files/patch-zipnote.c
+15-0archivers/zip/files/patch-unix_unix.c
+1-1archivers/zip/Makefile
+94-15 files

HardenedBSD/ports f41b42dsecurity/snortsam Makefile

security/snortsam: broken on FreeBSD 15, deprecate

This port requires the obsolete ioctl(DIOCGETSTATUS), which is no
longer supported on FreeBSD 15.  Upstream is dead, so deprecate.
It also has some questionable warnings.

See also:       D41651
MFH:            2026Q1
DeltaFile
+7-1security/snortsam/Makefile
+7-11 files

HardenedBSD/ports 1717614cad/abc Makefile

cad/abc: not for armv7 either

Approved by:    portmgr (build fix blanket)
MFH:            2026Q1
DeltaFile
+1-1cad/abc/Makefile
+1-11 files

HardenedBSD/ports f53b9f4graphics/sdl2_gpu pkg-plist Makefile

graphics/sdl2_gpu: rename DOCS option to DOXYGEN

This avoids having to OPTIONS_EXCLUDE the DOCS option.

Suggested by:   makc
MFH:            2026Q1
DeltaFile
+268-268graphics/sdl2_gpu/pkg-plist
+9-8graphics/sdl2_gpu/Makefile
+277-2762 files

HardenedBSD/ports 997b94feditors/wordgrinder Makefile

editors/wordgrinder: broken on 15 too, deprecate

This port can likely be saved as upstream is still alive and a
newer version (0.8) exists.

See also:       https://cowlark.com/wordgrinder/
MFH:            2026Q1
DeltaFile
+4-2editors/wordgrinder/Makefile
+4-21 files

HardenedBSD/src eacc501usr.bin/truncate truncate.c, usr.bin/truncate/tests truncate_test.sh

truncate: fix a minor nit + add a hole-punching test

The struct spacectl_range we use is only really used in these three
lines of code, so re-scope it down to just the dealloc branch.  This is
marginally easier to reason about what might be necessary to replace in
porting our truncate(1) to other platforms.

While we're here, add a test for the -d flag to be sure it really does
punch a hole in the file.  The test also tries to confirm that it does
not disturb other segments of the file in the process, just to inspire
some confidence that it's not corrupting the file somehow.

Sponsored by:   Klara, Inc.
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D51207
DeltaFile
+48-0usr.bin/truncate/tests/truncate_test.sh
+2-1usr.bin/truncate/truncate.c
+50-12 files

HardenedBSD/ports 0abc606science/afni distinfo Makefile

science/afni: Update to 26.0.04
DeltaFile
+3-3science/afni/distinfo
+1-1science/afni/Makefile
+4-42 files

HardenedBSD/ports 216fed1devel/py-pytest-html distinfo Makefile

devel/py-pytest-html: update to 4.2.0

Changes:        https://github.com/pytest-dev/pytest-html/releases/tag/4.2.0
Reported by:    portscout, repology
DeltaFile
+3-3devel/py-pytest-html/distinfo
+1-1devel/py-pytest-html/Makefile
+4-42 files

HardenedBSD/ports c1abbcbsysutils/wmtop Makefile distinfo, sysutils/wmtop/files patch-wmtop.c patch-Makefile

sysutils/wmtop: Update 0.84 => 0.85

Changelog:
https://repo.or.cz/dockapps.git/blob/refs/tags/wmtop-0.85:/wmtop/ChangeLog

Upstream moved to https://www.dockapps.net/wmtop.

PR:             292626
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
DeltaFile
+16-16sysutils/wmtop/files/patch-wmtop.c
+13-10sysutils/wmtop/Makefile
+0-21sysutils/wmtop/files/patch-Makefile
+3-2sysutils/wmtop/distinfo
+32-494 files

HardenedBSD/src 6c61f58sys/contrib/dev/athk/ath10k testmode.c core.c

ath10k: update Atheros/QCA's ath10k driver

This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
24d479d26b25bce5faea3ddd9fa8f3a6c3129ea7 ( tag: v6.19-rc6 ).

Sponsored by:   The FreeBSD Foundation
DeltaFile
+234-41sys/contrib/dev/athk/ath10k/testmode.c
+11-17sys/contrib/dev/athk/ath10k/core.c
+18-1sys/contrib/dev/athk/ath10k/wmi.h
+15-0sys/contrib/dev/athk/ath10k/testmode_i.h
+5-1sys/contrib/dev/athk/ath10k/core.h
+1-1sys/contrib/dev/athk/ath10k/qmi.c
+284-612 files not shown
+286-628 files

HardenedBSD/src 80ba893sys/contrib/dev/rtw88 bf.c bf.h, sys/modules/rtw88 Makefile

rtw88: update Realtek's rtw88 driver

This version is based on
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
24d479d26b25bce5faea3ddd9fa8f3a6c3129ea7 ( tag: v6.19-rc6 ).

Sponsored by:   The FreeBSD Foundation
DeltaFile
+7-1sys/contrib/dev/rtw88/bf.c
+7-0sys/contrib/dev/rtw88/bf.h
+3-1sys/contrib/dev/rtw88/sdio.c
+2-0sys/contrib/dev/rtw88/rtw8822cu.c
+2-0sys/contrib/dev/rtw88/rtw8822bu.c
+1-1sys/modules/rtw88/Makefile
+22-36 files

HardenedBSD/src d4d13a5sys/netinet sctp_bsd_addr.c

sctp: support bridge interfaces

Reported by:    Timo Völker
Tested by:      Timo Völker

(cherry picked from commit 8d82dafa568baf7be46e5e443dd7310986a28aa9)
DeltaFile
+1-0sys/netinet/sctp_bsd_addr.c
+1-01 files