HardenedBSD/ports e04fd5esecurity/openssl33 Makefile, security/openssl34 Makefile

HBSD: Enable ZEROREG for security/openssl3*

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+2-0security/openssl36/Makefile
+2-0security/openssl33/Makefile
+2-0security/openssl34/Makefile
+2-0security/openssl35/Makefile
+8-04 files

HardenedBSD/src 4414d19share/man/man4 divert.4, sys/netinet ip_mroute.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+187-62tests/sys/netpfil/pf/divert-to.sh
+4-106sys/netinet6/ip6_output.c
+23-87sys/netinet6/ip6_input.c
+18-23sys/netinet/ip_mroute.c
+15-13share/man/man4/divert.4
+9-15sys/netpfil/ipfw/ip_fw_iface.c
+256-30629 files not shown
+337-35635 files

HardenedBSD/src 06505bfshare/man/man4 divert.4, sys/netinet ip_mroute.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+187-62tests/sys/netpfil/pf/divert-to.sh
+23-87sys/netinet6/ip6_input.c
+4-106sys/netinet6/ip6_output.c
+18-23sys/netinet/ip_mroute.c
+15-13share/man/man4/divert.4
+9-15sys/netpfil/ipfw/ip_fw_iface.c
+256-30629 files not shown
+337-35635 files

HardenedBSD/src c3204basys/kern link_elf.c link_elf_obj.c, sys/netinet6 in6.c nd6_rtr.c

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+76-0tests/sys/netinet6/ndp.sh
+33-13sys/kern/link_elf.c
+35-10sys/netinet6/in6.c
+7-31sys/netinet6/nd6_rtr.c
+14-0sys/kern/link_elf_obj.c
+10-3usr.sbin/periodic/etc/daily/460.status-mail-rejects
+175-575 files not shown
+200-7011 files

HardenedBSD/ports f78d1c1games/flightgear-aircraft distinfo, games/genact distinfo

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+654-0x11-themes/xapp-symbolic-icons/pkg-plist
+53-124www/element-web/pkg-plist
+109-3games/genact/distinfo
+95-0sysutils/py-ansible-core220/Makefile
+42-42games/flightgear-aircraft/distinfo
+66-0security/vuxml/vuln/2026.xml
+1,019-16953 files not shown
+1,362-33959 files

HardenedBSD/ports dd39003security/netbird distinfo Makefile

security/netbird: Update 0.64.1 => 0.64.2

Changelog:
https://github.com/netbirdio/netbird/releases/tag/v0.64.2

Commit log:
https://github.com/netbirdio/netbird/compare/v0.64.1...v0.64.2

PR:     292762
DeltaFile
+5-5security/netbird/distinfo
+1-1security/netbird/Makefile
+6-62 files

HardenedBSD/src 72a6991sys/netgraph/bluetooth/include ng_hci.h

bluetooth: Don't use a non-string to initialize NG_HCI_BDADDR_ANY

Explicitly use an array of 6 zeroes instead of a C string containing
nul characters.  GCC 15 warns about the truncation, but this is
cleaner regardless.

In file included from /usr/obj/.../amd64.amd64/tmp/usr/include/bluetooth.h:51,
                 from usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:45:
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c: In function 'register_sdp':
usr.sbin/virtual_oss/virtual_bt_speaker/bt_speaker.c:96:13: error: initializer-string for array of 'unsigned char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Werror=unterminated-string-initialization]
   96 |             NG_HCI_BDADDR_ANY, (const uint8_t *)&record, sizeof(record),
      |             ^~~~~~~~~~~~~~~~~

Reviewed by:    dim
Differential Revision:  https://reviews.freebsd.org/D54869
DeltaFile
+2-2sys/netgraph/bluetooth/include/ng_hci.h
+2-21 files

HardenedBSD/src 5c504c6usr.bin/kyua Makefile

kyua: Workaround unclear warning from GCC

GCC 15 does not like a push_back() invocation in utils::find_core()
and incorrectly believes libc++ will free a non-heap pointer.  Disable
the warning to pacify GCC.

In function 'void std::__1::__libcpp_operator_delete(_Args ...) [with _Args = {void*, long unsigned int}]',
    inlined from 'void std::__1::__do_deallocate_handle_size(void*, size_t, _Args ...) [with _Args = {}]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:298:39,
    inlined from 'void std::__1::__libcpp_deallocate(void*, size_t, size_t)' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:311:39,
    inlined from 'void std::__1::allocator<_Tp>::deallocate(_Tp*, size_t) [with _Tp = utils::fs::path]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator.h:132:31,
    inlined from 'static void std::__1::allocator_traits<_Alloc>::deallocate(allocator_type&, pointer, size_type) [with _Alloc = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__memory/allocator_traits.h:314:19,
    inlined from 'std::__1::__split_buffer<_Tp, _Allocator>::~__split_buffer() [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>&]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/__split_buffer:365:31,
    inlined from 'std::__1::vector<_Tp, _Alloc>::pointer std::__1::vector<_Tp, _Alloc>::__push_back_slow_path(_Up&&) [with _Up = utils::fs::path; _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1504:1,
    inlined from 'void std::__1::vector<_Tp, _Alloc>::push_back(value_type&&) [with _Tp = utils::fs::path; _Allocator = std::__1::allocator<utils::fs::path>]' at /usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/vector:1526:34,
    inlined from 'utils::optional<utils::fs::path> utils::find_core(const fs::path&, const process::status&, const fs::path&)' at contrib/kyua/utils/stacktrace.cpp:217:25:
/usr/obj/.../amd64.amd64/tmp/usr/include/c++/v1/new:274:38: error: 'void operator delete(void*, size_t)' called on pointer '<unknown>' with nonzero offset [24, 9223372036854775807] [-Werror=free-nonheap-object]
  274 |   __builtin_operator_delete(__args...);
      |                                      ^
In function 'void* std::__1::__libcpp_operator_new(_Args ...) [with _Args = {long unsigned int}]',

    [13 lines not shown]
DeltaFile
+2-0usr.bin/kyua/Makefile
+2-01 files

HardenedBSD/src 6fb87a1share/mk bsd.sys.mk

bsd.sys.mk: Silence a few GCC warnings for C++

These warnings were already marked with -Wno-error=, but they trigger
so many false positives in libc++ headers to be utterly useless for
C++ code, so disable them entirely for C++.

Reviewed by:    imp, dim
Differential Revision:  https://reviews.freebsd.org/D54867
DeltaFile
+6-0share/mk/bsd.sys.mk
+6-01 files

HardenedBSD/src 2dea50acontrib/netbsd-tests/lib/libc/regex t_regex_att.c

netbsd-tests t_regex_att: Use __nonstring for a non-string constant

Fixes the following warning from GCC 15:

contrib/netbsd-tests/lib/libc/regex/t_regex_att.c:54:30: error: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (4 chars into 3 available) [-Werror=unterminated-string-initialization]
   54 | static const char delim[3] = "\\\\\0";
      |                              ^~~~~~~~

Reviewed by:    ngie, imp, dim
Differential Revision:  https://reviews.freebsd.org/D54866
DeltaFile
+1-1contrib/netbsd-tests/lib/libc/regex/t_regex_att.c
+1-11 files

HardenedBSD/src bfc6e56contrib/llvm-project/libcxx/include/__type_traits decay.h add_pointer.h

Merge commit 81b20e110b3f from llvm git (by Roland McGrath):

    [libc++] Work around new GCC 15 type_traits builtins that can't be
    used as Clang's can (#137871)

    GCC 15 has added builtins for various C++ type traits that Clang
    already had.  Since `__has_builtin(...)` now finds these, the #if
    branches previously only used for Clang are now used for GCC 15.
    However, GCC 15 requires that these builtins only be used in type
    aliases, not in template aliases.

    For now, just don't use the `__has_builtin(...)` branches under newer
    GCC versions, so both 14 and 15 work during the transition.  This
    can be cleaned up later to use all the GCC 15 builtins available.

    Fixed: #137704
    Fixed: #117319

Reviewed by:    dim
Differential Revision:  https://reviews.freebsd.org/D54865
DeltaFile
+1-1contrib/llvm-project/libcxx/include/__type_traits/decay.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/add_pointer.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/add_rvalue_reference.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/add_lvalue_reference.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/remove_all_extents.h
+1-1contrib/llvm-project/libcxx/include/__type_traits/remove_extent.h
+6-66 files

HardenedBSD/src 093fffasys/amd64/amd64 vm_machdep.c, sys/i386/i386 vm_machdep.c

sys: Use __is_aligned and __align_down for some kstack alignment operations

Reviewed by:    kib, jhibbits
Effort:         CHERI upstreaming
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54840
DeltaFile
+2-3sys/powerpc/powerpc/machdep.c
+2-2sys/powerpc/powerpc/vm_machdep.c
+2-2sys/powerpc/powerpc/exec_machdep.c
+2-1sys/i386/i386/vm_machdep.c
+1-2sys/amd64/amd64/vm_machdep.c
+9-105 files

HardenedBSD/src 9272b78sys/powerpc/powerpc exec_machdep.c vm_machdep.c

powerpc: Fix alignment of initial PCB on kstack

Commit cc81c44dd806737f98b4fd4094674dd71c8749f3 aimed to consolidate
duplicated code between the Book-E and AIM backends.  For
cpu_thread_alloc cpu_thread_alloc and cpu_fork it used the AIM
functions which used a bogus alignment mask (~0x2f).  The Book-E
functions used a proper alignment mask (~0x3f).  The AIM functions
appear to have been busted since they were first imported in commit
919cb3362fded33aca682a6ac57777f8fff86e36.

To fix, use the Book-E mask which requests 64 byte alignment.
Probably this was harmless in practice since td_kstack is page aligned
and struct pcb is probably a multiple of 32 bytes in size, so the 0x10
bit should have been clear anyway.

Reviewed by:    fuz, jhibbits
Fixes:          cc81c44dd806 ("Unify ABI-related bits of the Book-E and AIM...")
Effort:         CHERI upstreaming
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54839
DeltaFile
+1-1sys/powerpc/powerpc/exec_machdep.c
+1-1sys/powerpc/powerpc/vm_machdep.c
+2-22 files

HardenedBSD/src 05609c5sys/arm/arm machdep.c, sys/arm/include machdep.h

arm: Make init_proc0 static

This function is not used outside of machdep.c and is already static
on arm64 and riscv.

Reviewed by:    imp
Effort:         CHERI upstreaming
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D54838
DeltaFile
+1-1sys/arm/arm/machdep.c
+0-1sys/arm/include/machdep.h
+1-22 files

HardenedBSD/src 29c3350sys/netpfil/ipfw ip_fw_iface.c

ipfw: fix my stupid error in casting void * to enum

Fixes:  349fcf079ca32d5c93e45366d2b27638747affeb
DeltaFile
+4-4sys/netpfil/ipfw/ip_fw_iface.c
+4-41 files

HardenedBSD/ports 5211b64games/genact distinfo Makefile.crates

games/genact: Update to 1.5.1

ChangeLog: https://github.com/svenstaro/genact/releases/tag/v1.5.1
DeltaFile
+109-3games/genact/distinfo
+54-1games/genact/Makefile.crates
+1-1games/genact/Makefile
+164-53 files

HardenedBSD/ports 96b5e25games/cdogs-sdl pkg-plist distinfo, games/cdogs-sdl/files patch-CMakeLists.txt

games/cdogs-sdl: Update to 2.4.0

ChangeLog: https://github.com/cxong/cdogs-sdl/releases/tag/2.4.0
DeltaFile
+41-3games/cdogs-sdl/pkg-plist
+4-4games/cdogs-sdl/files/patch-CMakeLists.txt
+3-3games/cdogs-sdl/distinfo
+1-2games/cdogs-sdl/Makefile
+49-124 files

HardenedBSD/ports 6cb8e0fsecurity/uacme distinfo Makefile

security/uacme: Update to 1.8.0

ChangeLog: https://github.com/ndilieto/uacme/blob/master/ChangeLog
DeltaFile
+3-3security/uacme/distinfo
+1-2security/uacme/Makefile
+4-52 files

HardenedBSD/ports 57f2295science/packmol distinfo Makefile

science/packmol: Update to 21.2.1

ChangeLog: https://github.com/m3g/packmol/releases/tag/v21.2.1
DeltaFile
+3-3science/packmol/distinfo
+1-1science/packmol/Makefile
+4-42 files

HardenedBSD/ports a6a893cgraphics/oxipng distinfo Makefile.crates, graphics/oxipng/files patch-man

graphics/oxipng: Update to 10.1.0

ChangeLog: https://github.com/oxipng/oxipng/releases/tag/v10.1.0
DeltaFile
+33-17graphics/oxipng/distinfo
+15-7graphics/oxipng/Makefile.crates
+4-5graphics/oxipng/files/patch-man
+1-2graphics/oxipng/Makefile
+53-314 files

HardenedBSD/src d8a7804sys/netpfil/ipfw ip_fw_iface.c

ipfw: don't recurse on the upper half lock in ipfw_iface_ref()

Fixes:  e3caa360d5d0a73af0de1d293d5b8ff6e900ceb4
DeltaFile
+5-11sys/netpfil/ipfw/ip_fw_iface.c
+5-111 files

HardenedBSD/ports 589b3aewww/element-web pkg-plist distinfo

www/element-web: Update to 1.12.9

Approved by:    maintainer (implicit, version bump, as per PR 258262)
DeltaFile
+53-124www/element-web/pkg-plist
+3-3www/element-web/distinfo
+2-2www/element-web/Makefile
+58-1293 files

HardenedBSD/ports 274554amail/msmtp Makefile

mail/msmtp: fix the TLS option

Part of commit 61d57c2657e1178dd763c8dd63503a9338525f47 was
converting from *_CONFIGURE_ON to *_CONFIGURE_WITH
for the TLS option. As it is a radio option, it means that one
of the options will be always disabled, resulting in adding
`--without-tls` to the CONFIGURE_ARGS, and no TLS support.

Fix by switching back to CONFIGURE_ON and bump PORTREVISION
to regenerate the package.

Reported by:    Scott Robbins
DeltaFile
+3-3mail/msmtp/Makefile
+3-31 files

HardenedBSD/src b61a43ausr.sbin/periodic/etc/daily 460.status-mail-rejects, usr.sbin/periodic/etc/security 800.loginfail 900.tcpwrap

periodic: Support RFC 5424 syslog timestamps

This is based on an initial implementation by michaelo in
https://reviews.freebsd.org/D54361.

PR:             270497
Reported by:    michaelo
Reviewed by:    michaelo
Tested by:      michaelo
MFC after:      1 week
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54606

(cherry picked from commit 8ac6427b1bb95470f6c755202d1c0391ed8eefbd)
DeltaFile
+10-3usr.sbin/periodic/etc/daily/460.status-mail-rejects
+9-2usr.sbin/periodic/etc/security/800.loginfail
+9-2usr.sbin/periodic/etc/security/900.tcpwrap
+28-73 files

HardenedBSD/ports 4dc3d9bx11-themes Makefile, x11-themes/xapp-symbolic-icons pkg-plist Makefile

x11-themes/xapp-symbolic-icons: new requirement for xapp-related apps

PR: 292763
DeltaFile
+654-0x11-themes/xapp-symbolic-icons/pkg-plist
+20-0x11-themes/xapp-symbolic-icons/Makefile
+6-0x11-themes/xapp-symbolic-icons/pkg-descr
+3-0x11-themes/xapp-symbolic-icons/distinfo
+1-0x11-themes/Makefile
+684-05 files

HardenedBSD/src b01763bshare/mk src.opts.mk

bhyve: make BHYVE_SNAPSHOT amd64-only

Build fails with BHYVE_SNAPSHOT enabled on non-amd64,
so add it to BROKEN_OPTIONS for these arches.

PR:                     292686
Reviewed by:            emaste, markj
MFC after:              3 days
Sponsored by:           The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54873
DeltaFile
+4-0share/mk/src.opts.mk
+4-01 files

HardenedBSD/src 4bcc5a3lib/libc/db/btree bt_seq.c

btree/bt_seq.c: Fix two NULL pointer dereferences

This change fixes two NULL pointer dereferences caused by the
__bt_first function.

The first was caused by returning 0 (i.e., RET_SUCCESS) when a key
was not found, causing the caller to dereference an uninitalized
or NULL pointer. The second one was caused by an if statment clobbering
a local variable with a function call result that might be NULL.

Reported by:    clang-tidy
Sponsored by:   Klara, Inc.
Reviewed by:    markj
Obtained from:  https://github.com/apple-oss-distributions/libc (partially)
Differential Revision:  https://reviews.freebsd.org/D54905
DeltaFile
+4-4lib/libc/db/btree/bt_seq.c
+4-41 files

HardenedBSD/ports b785ad2emulators/open-vm-kmod distinfo Makefile, emulators/open-vm-tools distinfo Makefile

emulators/open-vm-*: Update to 13.0.10

Sponsored by:   Rubicon Communications, LLC ("Netgate")
DeltaFile
+3-3emulators/open-vm-kmod/distinfo
+3-3emulators/open-vm-tools/distinfo
+1-2emulators/open-vm-tools/Makefile
+1-1emulators/open-vm-kmod/Makefile
+8-94 files

HardenedBSD/ports 3c2e221sysutils/graffer Makefile pkg-plist

sysutils/graffer: Update 1.1 => 1.5.1

News:
http://chaosophia.net/graffer/#news

Commit log:
https://github.com/koue/graffer/compare/1.1...1.5.1

PR:             292730
Co-authored-by: Vladimir Druzenko <vvd at FreeBSD.org>
DeltaFile
+15-20sysutils/graffer/Makefile
+15-0sysutils/graffer/pkg-plist
+3-2sysutils/graffer/distinfo
+33-223 files

HardenedBSD/ports 85c21fcsecurity/openssl36 distinfo Makefile

security/openssl36: Security update to 3.6.1

Security:       4b824428-fb93-11f0-b194-8447094a420f
MFH:            2026Q1
DeltaFile
+3-3security/openssl36/distinfo
+1-1security/openssl36/Makefile
+4-42 files