HardenedBSD/src c5da144sbin/geom/core geom.c, sbin/reboot reboot.8 reboot.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+46-16sbin/reboot/reboot.8
+42-16sbin/reboot/reboot.c
+9-11sys/netlink/netlink_snl.h
+4-4sbin/shutdown/shutdown.8
+4-4sbin/shutdown/shutdown.c
+6-2sbin/geom/core/geom.c
+111-531 files not shown
+112-567 files

HardenedBSD/src 8b0f496sys/dev/irdma irdma_hw.c irdma_cm.c, usr.sbin/certctl certctl.sh

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+108-24sys/dev/irdma/irdma_hw.c
+73-22usr.sbin/certctl/certctl.sh
+2-36sys/dev/irdma/irdma_cm.c
+2-2sys/dev/irdma/icrdma.c
+2-1sys/dev/irdma/irdma_main.h
+187-855 files

HardenedBSD/src 3b4c638. Makefile.inc1, sys/dev/irdma irdma_hw.c irdma_cm.c

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+108-24sys/dev/irdma/irdma_hw.c
+2-36sys/dev/irdma/irdma_cm.c
+7-2Makefile.inc1
+2-2sys/dev/irdma/icrdma.c
+2-1sys/dev/irdma/irdma_main.h
+121-655 files

HardenedBSD/ports 3b0b8addevel/linux-rl9-lldb pkg-plist.amd64 pkg-plist.aarch64, devel/linux-rl9-llvm pkg-plist.amd64 pkg-plist.aarch64

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+70,298-70,797www/librewolf/files/patch-libwebrtc-generated
+4,989-59devel/linux-rl9-llvm/pkg-plist.amd64
+2,668-34devel/linux-rl9-llvm/pkg-plist.aarch64
+1,167-22devel/linux-rl9-lldb/pkg-plist.amd64
+607-23devel/linux-rl9-lldb/pkg-plist.aarch64
+135-135emulators/linux_base-rl9/distinfo
+79,864-71,070128 files not shown
+80,992-71,779134 files

HardenedBSD/ports 1c0b260net-mgmt/bind_exporter Makefile

net-mgmt/bind_exporter: actually remove the deprecatin notice

Must have vanished in a puff of logic.

Reported by:    "Matthew D. Fuller" <fullermd at over-yonder.net>
DeltaFile
+0-3net-mgmt/bind_exporter/Makefile
+0-31 files

HardenedBSD/ports 5bfbcafsysutils/rkbin Makefile distinfo, sysutils/u-boot-master Makefile

sysutils/rkbin: Update to v0.3

Now includes rk3566_ddr_1056MHz_v1.23.bin and rk3568_bl31_v1.45.elf
Bump PORTREVISION for depending ports.
DeltaFile
+5-5sysutils/rkbin/Makefile
+3-3sysutils/u-boot-master/Makefile
+3-3sysutils/rkbin/distinfo
+2-0sysutils/u-boot-quartz64-b/Makefile
+2-0sysutils/u-boot-nanopi-r5s/Makefile
+2-0sysutils/u-boot-quartz64-a/Makefile
+17-112 files not shown
+21-118 files

HardenedBSD/ports 6783c88games/ktx Makefile pkg-message

games/ktx: Improve port (no functional changes)

Improve do-install goal and pkg-message.
DeltaFile
+12-10games/ktx/Makefile
+1-1games/ktx/pkg-message
+13-112 files

HardenedBSD/src a0347b0sbin/geom/core geom.c

gpart: "gpart --libxo:JP list" duplicates attribute keys

Add leaf-list modifier to attrib as it's possible to have multiple
attributes on a gpart provider.

I purposely made it so that the normal output still says "attrib:" just
so we don't break any scripts people may be using to parse the output,
but the libxo output now says "attribute" just like `gpart show` will do
once https://reviews.freebsd.org/D53950 is merged.

PR:             291377
MFC after:      1 week
Reviewed by:    asomers
Sponsored by:   ConnectWise
Differential Revision: https://reviews.freebsd.org/D54080
DeltaFile
+6-2sbin/geom/core/geom.c
+6-21 files

HardenedBSD/src 23aaa07. Makefile.inc1

Makefile.inc1: Force NO_ROOT for distribute* and package*

These targets are used to produce legacy dist sets for install media and
now always use NO_ROOT mode.  Extend existing logic that forces NO_ROOT
mode to these cases to ensure they do not run in the wrong mode.

Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D50551

(cherry picked from commit 300aa267efaa08564337797e89590737a7cc6af0)
DeltaFile
+7-2Makefile.inc1
+7-21 files

HardenedBSD/ports 3a01163www/librewolf distinfo Makefile, www/librewolf/files patch-libwebrtc-generated patch-third__party_libwebrtc_modules_portal_pipewire__utils.h

www/librewolf: Update 145.0.2-2 => 146.0-1

Release Notes:
https://www.firefox.com/en-US/firefox/146.0/releasenotes/

PR:     291554
MFH:    2025Q4
DeltaFile
+70,298-70,797www/librewolf/files/patch-libwebrtc-generated
+19-0www/librewolf/files/patch-third__party_libwebrtc_modules_portal_pipewire__utils.h
+3-3www/librewolf/distinfo
+2-3www/librewolf/Makefile
+70,322-70,8034 files

HardenedBSD/src 17bc015sys/dev/irdma irdma_hw.c irdma_cm.c

irdma(4): fix potential memory leak on qhash cqp operation

It was found that in some circumstances when launching
non-waiting create qhash cqp operation the refcount on
the cqp_request may be not properly decremented leading to a memory
leak.

Signed-off-by: Bartosz Sobczak <bartosz.sobczak at intel.com>

Reviewed by:    anzhu_netapp.com
Tested by:      mateusz.moga_intel.com
Approved by:    kbowling (mentor)
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D53732

(cherry picked from commit 7b6644e160ed63b633e7c68a3cacf2c71d216cd5)
DeltaFile
+108-24sys/dev/irdma/irdma_hw.c
+2-36sys/dev/irdma/irdma_cm.c
+2-2sys/dev/irdma/icrdma.c
+2-1sys/dev/irdma/irdma_main.h
+114-634 files

HardenedBSD/src bb69c09sys/dev/irdma irdma_hw.c irdma_cm.c

irdma(4): fix potential memory leak on qhash cqp operation

It was found that in some circumstances when launching
non-waiting create qhash cqp operation the refcount on
the cqp_request may be not properly decremented leading to a memory
leak.

Signed-off-by: Bartosz Sobczak <bartosz.sobczak at intel.com>

Reviewed by:    anzhu_netapp.com
Tested by:      mateusz.moga_intel.com
Approved by:    kbowling (mentor)
Sponsored by:   Intel Corporation
Differential Revision:  https://reviews.freebsd.org/D53732

(cherry picked from commit 7b6644e160ed63b633e7c68a3cacf2c71d216cd5)
DeltaFile
+108-24sys/dev/irdma/irdma_hw.c
+2-36sys/dev/irdma/irdma_cm.c
+2-2sys/dev/irdma/icrdma.c
+2-1sys/dev/irdma/irdma_main.h
+114-634 files

HardenedBSD/ports 8282713games/widelands distinfo Makefile, games/widelands/files patch-c0b44ccc04df35a9a23ca9be3e05f5d3a5428f6f patch-CMakeLists.txt

games/widelands: update 1.2 → 1.2.1
DeltaFile
+224-0games/widelands/files/patch-c0b44ccc04df35a9a23ca9be3e05f5d3a5428f6f
+15-15games/widelands/files/patch-CMakeLists.txt
+3-3games/widelands/distinfo
+1-2games/widelands/Makefile
+243-204 files

HardenedBSD/ports 62a2f89textproc/miller pkg-descr Makefile

textproc/miller: Adopt port
DeltaFile
+11-4textproc/miller/pkg-descr
+1-1textproc/miller/Makefile
+12-52 files

HardenedBSD/ports 7dabd4clang/quilc Makefile

lang/quilc: Constrain to gfortran
DeltaFile
+1-1lang/quilc/Makefile
+1-11 files

HardenedBSD/ports f232bdcscience/q Makefile

science/q: Constrain to gfortran
DeltaFile
+1-1science/q/Makefile
+1-11 files

HardenedBSD/ports 430367enet/py-mpi4py Makefile

net/py-mpi4py: Fix building with Flang
DeltaFile
+7-2net/py-mpi4py/Makefile
+7-21 files

HardenedBSD/ports 7fc7654biology/psi88 Makefile

biology/psi88: Fix building with Flang
DeltaFile
+7-2biology/psi88/Makefile
+7-21 files

HardenedBSD/ports 32eefddx11/xpra-html5 distinfo Makefile

x11/xpra-html5: Update to 19

Reported by:    portscout!
DeltaFile
+3-3x11/xpra-html5/distinfo
+1-1x11/xpra-html5/Makefile
+4-42 files

HardenedBSD/src 4ae02d9sys/compat/linuxkpi/common/src linux_page.c

linuxkpi: clean up stray pctrie_iter_reset

This removes an extraneous pctrie_iter_reset before returning.
This is not needed as it simply clears a local variable that
will get cleaned up anyway as we immediately return from the
function.

MFC after:      1 week
Sponsored by:   NVIDIA
Reviewed by:    alc
Differential Revision:  https://reviews.freebsd.org/D54153
DeltaFile
+1-3sys/compat/linuxkpi/common/src/linux_page.c
+1-31 files

HardenedBSD/ports c1497f6www/waterfox distinfo Makefile

www/waterfox: Update 6.6.5.1 => 6.6.6

Release Notes:
https://www.waterfox.net/docs/releases/6.6.6/

PR:     291547
MFH:    2025Q4
DeltaFile
+3-3www/waterfox/distinfo
+1-1www/waterfox/Makefile
+4-42 files

HardenedBSD/src 255af72sys/netlink netlink_snl.h

netlink: Don't overwrite existing data in a linear buffer in snl_writer

First, a bit of background on some of the data structures netlink uses
to manage data associated with a netlink connection.

- struct linear_buffer contains a single virtually-contiguous buffer
  of bytes.  Regions of this buffer are suballocated via lb_allocz()
  which uses a simple "bump" where the buffer is split into an
  allocated region at the start and a free region at the end.  Each
  allocation "bumps" the boundary (lb->offset) forward by the
  allocation size.

  Individual allocations are not freed.  Instead, the entire buffer is
  freed once all of the allocations are no longer in use.

  Linear buffers also contain an embedded link to permit chaining
  buffers together.

- snl_state contains various state for a netlink connection including

    [51 lines not shown]
DeltaFile
+9-11sys/netlink/netlink_snl.h
+9-111 files

HardenedBSD/ports b4b05c6archivers/libzip Makefile

archivers/libzip: take
DeltaFile
+1-1archivers/libzip/Makefile
+1-11 files

HardenedBSD/ports 8b5b849x11-servers/xwayland distinfo Makefile

x11-servers/xwayland: bump to 24.1.9

Fixes CVE-2025-62229, CVE-2025-62230, and CVE-2025-62231.

Changelog: https://lists.x.org/archives/xorg-announce/2025-October/003637.html

PR:             291134
MFH:            2025Q4
Security:       e99a32c8-b8e2-11f0-8510-b42e991fc52e
DeltaFile
+3-3x11-servers/xwayland/distinfo
+1-2x11-servers/xwayland/Makefile
+4-52 files

HardenedBSD/ports d285060net-mgmt/bind_exporter Makefile

net-mgmt/bind_exporter: remove Go toolchain version pinning

Also remove the phony DEPRECATED notice.  The port is fine, this should
have been handled without worrying users about deprecations.
DeltaFile
+2-2net-mgmt/bind_exporter/Makefile
+2-21 files

HardenedBSD/ports ac1abefdevel/goreleaser distinfo Makefile

devel/goreleaser: update to 2.13.0

Changelog: https://github.com/goreleaser/goreleaser/releases/tag/v2.13.0
Changelog: https://goreleaser.com/blog/goreleaser-v2.13/
DeltaFile
+5-5devel/goreleaser/distinfo
+1-2devel/goreleaser/Makefile
+6-72 files

HardenedBSD/ports 46416cdwww/ladybird Makefile

www/ladybird: drop maintainership

Much has changed upstream since I did the initial port.  The project
now depends on various complicated components like angle and skia that
all need to be ported (skia in particular must be the exact right
version it seems).  I don't think I'll be able to do that.
DeltaFile
+1-1www/ladybird/Makefile
+1-11 files

HardenedBSD/ports 03bce52devel/tbox distinfo Makefile

devel/tbox: update to 1.7.9

Changelog: https://github.com/tboox/tbox/releases/tag/v1.7.9
DeltaFile
+3-3devel/tbox/distinfo
+1-1devel/tbox/Makefile
+1-1devel/tbox/pkg-plist
+5-53 files

HardenedBSD/ports ac93ea8editors/rehex distinfo Makefile

editors/rehex: update to 0.63.4

A bug fix release.

Changelog: https://github.com/solemnwarning/rehex/releases/tag/0.63.4

MFH:            2025Q4
DeltaFile
+3-3editors/rehex/distinfo
+1-2editors/rehex/Makefile
+4-52 files

HardenedBSD/ports f2611f1games/wesnoth/files patch-src_game__display.cpp

games/wesnoth: fix build following addition of unreachable(3)

This avoids a name collision between the C23 unreachable() macro from
<stddef.h> and a local variable, fixing the build on FreeBSD 16-CURRENT.

Reported by:    fluffy
Approved by:    portmgr (build fix blanket)
MFH:            2025Q4
DeltaFile
+14-0games/wesnoth/files/patch-src_game__display.cpp
+14-01 files