HardenedBSD/src cb58eb8sys/dev/xilinx if_xae.c axidma.c, sys/netpfil/ipfilter/netinet fil.c ip_nat.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+669-446sys/dev/xilinx/if_xae.c
+60-498sys/dev/xilinx/axidma.c
+90-2sys/netpfil/ipfilter/netinet/fil.c
+53-0sys/dev/xilinx/axidma_if.m
+37-16sys/dev/xilinx/if_xaevar.h
+41-1sys/netpfil/ipfilter/netinet/ip_nat.c
+950-9639 files not shown
+1,012-98315 files

HardenedBSD/src 4d84888contrib/unbound/iterator iter_scrub.c, usr.sbin/unbound/setup local-unbound-setup.sh

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+35-4contrib/unbound/iterator/iter_scrub.c
+4-4usr.sbin/unbound/setup/local-unbound-setup.sh
+39-82 files

HardenedBSD/src 0fb16becontrib/unbound/iterator iter_scrub.c, usr.sbin/unbound/setup local-unbound-setup.sh

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+35-4contrib/unbound/iterator/iter_scrub.c
+4-4usr.sbin/unbound/setup/local-unbound-setup.sh
+39-82 files

HardenedBSD/ports 424a806lang/cairo distinfo, misc/gemini-cli pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+756-45misc/gemini-cli/pkg-plist
+235-318science/trilinos/pkg-plist
+319-51misc/gemini-cli/files/package-lock.json
+353-0textproc/py-zensical/distinfo
+133-133lang/cairo/distinfo
+113-117sysutils/mise/distinfo
+1,909-664140 files not shown
+3,141-1,420146 files

HardenedBSD/ports dbb76b3sysutils/slurm-wlm Makefile, sysutils/slurm-wlm/files slurmctld.in slurmd.in

sysutils/slurm-wlm: Improve rc.d scripts

- Add rc.conf knobs for slurm_conf, logdir, rundir, pidfile and logfile paths
- Run slurmctld and slurmd under daemon(8) in foreground mode (-D)
- Implement status/reload using pidfiles and procname via rc.subr helpers
- Create log/run directories with appropriate ownership and permissions
- Ensure clean shutdown and avoid stray helper processes across restarts
- Preserve compatibility with existing *_flags and SLURM_CONF settings

PR:     290211
DeltaFile
+115-18sysutils/slurm-wlm/files/slurmctld.in
+93-18sysutils/slurm-wlm/files/slurmd.in
+1-0sysutils/slurm-wlm/Makefile
+209-363 files

HardenedBSD/ports 37f1074x11/roxterm pkg-plist distinfo

x11/roxterm: Update to 3.17.2
DeltaFile
+15-4x11/roxterm/pkg-plist
+3-3x11/roxterm/distinfo
+3-2x11/roxterm/Makefile
+21-93 files

HardenedBSD/ports 49135fedeskutils/elementary-calendar pkg-plist distinfo

deskutils/elementary-calendar: Update to 8.0.1
DeltaFile
+7-0deskutils/elementary-calendar/pkg-plist
+3-3deskutils/elementary-calendar/distinfo
+1-2deskutils/elementary-calendar/Makefile
+11-53 files

HardenedBSD/ports 97e28b4x11/elementary-terminal distinfo Makefile

x11/elementary-terminal: Update to 7.2.0
DeltaFile
+3-3x11/elementary-terminal/distinfo
+1-1x11/elementary-terminal/Makefile
+4-42 files

HardenedBSD/ports 1d06fa2graphics/py-glfw distinfo Makefile

graphics/py-glfw: Update to 2.10.0
DeltaFile
+3-3graphics/py-glfw/distinfo
+1-1graphics/py-glfw/Makefile
+4-42 files

HardenedBSD/ports 1ef0453devel/tracy distinfo Makefile

devel/tracy: Update 0.12.2 => 0.13.0

Changelog:
https://github.com/wolfpld/tracy/releases/tag/v0.13.0

PR:     291199
DeltaFile
+3-3devel/tracy/distinfo
+1-1devel/tracy/Makefile
+1-1devel/tracy/pkg-plist
+5-53 files

HardenedBSD/ports bdbb388www/chawan Makefile distinfo

www/chawan: update 0.2.2 -> 0.3.0

Release notes:
https://chawan.net/news/chawan-0-3-0.html

While here fix warning from portclippy.

PR:     291235
DeltaFile
+3-3www/chawan/Makefile
+3-3www/chawan/distinfo
+2-0www/chawan/pkg-plist
+8-63 files

HardenedBSD/ports 030b6f5www/waterfox distinfo Makefile, www/waterfox/files patch-memory_mozalloc_throw__gcc.h

www/waterfox: Update 6.6.5 => 6.6.5.1

Changelog:
https://www.waterfox.net/docs/releases/6.6.5.1/

PR:     291226
MFH:    2025Q4
DeltaFile
+0-69www/waterfox/files/patch-memory_mozalloc_throw__gcc.h
+3-3www/waterfox/distinfo
+1-2www/waterfox/Makefile
+4-743 files

HardenedBSD/ports 2920545textproc/ibus-typing-booster distinfo pkg-plist

textproc/ibus-typing-booster: upgrade to 2.28.6

Releases notes at https://github.com/mike-fabian/ibus-typing-booster/releases
DeltaFile
+3-3textproc/ibus-typing-booster/distinfo
+4-1textproc/ibus-typing-booster/pkg-plist
+1-1textproc/ibus-typing-booster/Makefile
+8-53 files

HardenedBSD/ports 207b036finance/grisbi distinfo Makefile

finance/grisbi: upgrade to 3.90.0

New in version 3.90.0
- Redesign of search functions
- Improved response times
- Added a progress slider in case of long loading times
- Various feature improvements
- Added Meson build system
- Bug fixes
DeltaFile
+3-3finance/grisbi/distinfo
+2-3finance/grisbi/Makefile
+1-1finance/grisbi/pkg-plist
+6-73 files

HardenedBSD/ports 7f326d6net/spoofdpi distinfo Makefile, net/spoofdpi/files modules.txt spoofdpi.toml.sample

net/spoofdpi: Update 1.0.2 => 1.1.3

Changelogs:
https://github.com/xvzc/SpoofDPI/releases/tag/v1.1.0
https://github.com/xvzc/SpoofDPI/releases/tag/v1.1.1
https://github.com/xvzc/SpoofDPI/releases/tag/v1.1.2
https://github.com/xvzc/SpoofDPI/releases/tag/v1.1.3

PR:     291197
DeltaFile
+7-33net/spoofdpi/distinfo
+4-32net/spoofdpi/files/modules.txt
+10-23net/spoofdpi/Makefile
+11-0net/spoofdpi/files/spoofdpi.toml.sample
+32-884 files

HardenedBSD/ports fa8531bsysutils/deskflow Makefile pkg-plist

sysutils/deskflow: Update 1.24.0 => 1.25.0

Changelog:
https://github.com/deskflow/deskflow/releases/tag/v1.25.0

Remove unused dependencies.

PR:     291201
DeltaFile
+3-5sysutils/deskflow/Makefile
+8-0sysutils/deskflow/pkg-plist
+3-3sysutils/deskflow/distinfo
+14-83 files

HardenedBSD/src d45816fusr.sbin/bsdinstall Makefile

bsdinstall: Ignore -p[0-9]+ in determining BRANCH

The patch level is not part of the branch per se and should not be
used in constructing the FreeBSD-base.conf file used by bsdinstall.

MFC after:      1 day
DeltaFile
+1-1usr.sbin/bsdinstall/Makefile
+1-11 files

HardenedBSD/ports 2c72942net/iwnet distinfo Makefile, net/iwnet/files patch-src_CMakeLists.txt

net/iwnet: update the port to version 1.1.0

Reported by:    portscout
DeltaFile
+12-3net/iwnet/files/patch-src_CMakeLists.txt
+3-3net/iwnet/distinfo
+2-2net/iwnet/Makefile
+17-83 files

HardenedBSD/src 5af240clib/libc/locale xlocale_private.h

libc: Simplify __get_locale()

MFC after:      1 week
Sponsored by:   Klara, Inc.
Reviewed by:    fuz
Differential Revision:  https://reviews.freebsd.org/D53908
DeltaFile
+2-4lib/libc/locale/xlocale_private.h
+2-41 files

HardenedBSD/ports 43d7d28misc/github-copilot-cli distinfo pkg-plist, misc/github-copilot-cli/files package-lock.json

misc/github-copilot-cli: update 0.0.362-0 → 0.0.365
DeltaFile
+4-4misc/github-copilot-cli/files/package-lock.json
+3-3misc/github-copilot-cli/distinfo
+4-0misc/github-copilot-cli/pkg-plist
+1-1misc/github-copilot-cli/Makefile
+12-84 files

HardenedBSD/src 974ecf6sys/conf files.riscv, sys/dev/xilinx if_xae.c axidma.c

xae(4), axidma(4): rewrite DMA operation.

Due to performance constraints on a synthesized CHERI RISC-V core,
remove usage of xdma(4) scatter-gather framework.  Instead, provide
a minimalistic interface between two drivers.

This increases performance ~4-5 times.
Tested using scp(1) and nc(1) on Codasip Prime.

Sponsored by:   CHERI Research Centre
Differential Revision:  https://reviews.freebsd.org/D53932
DeltaFile
+669-446sys/dev/xilinx/if_xae.c
+60-498sys/dev/xilinx/axidma.c
+53-0sys/dev/xilinx/axidma_if.m
+37-16sys/dev/xilinx/if_xaevar.h
+1-10sys/dev/xilinx/axidma.h
+2-1sys/conf/files.riscv
+822-9716 files

HardenedBSD/ports 8ecb957www/cpp-httplib Makefile distinfo

www/cpp-httplib: update 0.27.0 → 0.28.0
DeltaFile
+4-4www/cpp-httplib/Makefile
+3-3www/cpp-httplib/distinfo
+7-72 files

HardenedBSD/ports 99355a2devel/buf distinfo Makefile

devel/buf: update 1.32.1 → 1.61.0
DeltaFile
+5-5devel/buf/distinfo
+3-3devel/buf/Makefile
+1-1devel/buf/pkg-descr
+9-93 files

HardenedBSD/ports 0b6bc6bmisc/claude-code distinfo Makefile

misc/claude-code: update 2.0.50 → 2.0.54
DeltaFile
+3-3misc/claude-code/distinfo
+1-1misc/claude-code/Makefile
+4-42 files

HardenedBSD/ports 0b2486emisc/gemini-cli pkg-plist distinfo, misc/gemini-cli/files package-lock.json

misc/gemini-cli: update 0.17.1 → 0.18.0
DeltaFile
+756-45misc/gemini-cli/pkg-plist
+319-51misc/gemini-cli/files/package-lock.json
+3-3misc/gemini-cli/distinfo
+1-1misc/gemini-cli/Makefile
+1,079-1004 files

HardenedBSD/ports 03db08cmisc/py-sagemaker-core pkg-descr Makefile

misc/py-sagemaker-core: Update WWW, COMMENT, pkg-descr
DeltaFile
+11-7misc/py-sagemaker-core/pkg-descr
+3-2misc/py-sagemaker-core/Makefile
+14-92 files

HardenedBSD/ports 3bfcb7dmisc Makefile, misc/py-sagemaker-train Makefile pkg-descr

misc/py-sagemaker-train: New port: SageMaker: Library for training & deploying models on Amazon SageMaker
DeltaFile
+30-0misc/py-sagemaker-train/Makefile
+16-0misc/py-sagemaker-train/files/patch-pyproject.toml
+11-0misc/py-sagemaker-train/pkg-descr
+3-0misc/py-sagemaker-train/distinfo
+1-0misc/Makefile
+61-05 files

HardenedBSD/src cd40a23contrib/unbound/iterator iter_scrub.c

Mitigate YXDOMAIN and nodata non-referral answer poisoning.

Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.

Obtained from:  NLnet Labs
Security:       FreeBSD-SA-25:10.unbound
Security:       CVE-2025-11411

(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
DeltaFile
+35-4contrib/unbound/iterator/iter_scrub.c
+35-41 files

HardenedBSD/src b01f35acontrib/unbound/iterator iter_scrub.c

Mitigate YXDOMAIN and nodata non-referral answer poisoning.

Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.

Obtained from:  NLnet Labs
Security:       FreeBSD-SA-25:10.unbound
Security:       CVE-2025-11411

(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
DeltaFile
+35-4contrib/unbound/iterator/iter_scrub.c
+35-41 files

HardenedBSD/src 2a3a6a1contrib/unbound/iterator iter_scrub.c

Mitigate YXDOMAIN and nodata non-referral answer poisoning.

Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.

Obtained from:  NLnet Labs
Security:       CVE-2025-11411
DeltaFile
+35-4contrib/unbound/iterator/iter_scrub.c
+35-41 files