HardenedBSD/ports fbc90bbscience/zotero Makefile

HBSD: Disable PaX PAGEEXEC and PaX NOEXEC for science/zotero

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+4-1science/zotero/Makefile
+4-11 files

HardenedBSD/src 4f92075lib/libnetbsd/sys cdefs.h, sbin/nvmecontrol nvmecontrol.8

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+17-5sys/netinet/tcp_subr.c
+16-0lib/libnetbsd/sys/cdefs.h
+3-3sbin/nvmecontrol/nvmecontrol.8
+1-4usr.sbin/ctld/nvmf.cc
+2-1sys/dev/nvmf/nvmf.h
+2-1tools/tools/nvmf/nvmfdd/nvmfdd.c
+41-141 files not shown
+42-157 files

HardenedBSD/src 7c4c78dlib/libnetbsd/sys cdefs.h, sbin/nvmecontrol nvmecontrol.8

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+17-5sys/netinet/tcp_subr.c
+16-0lib/libnetbsd/sys/cdefs.h
+3-3sbin/nvmecontrol/nvmecontrol.8
+1-4usr.sbin/ctld/nvmf.cc
+2-1sys/dev/nvmf/nvmf.h
+2-1tools/tools/nvmf/nvmfdd/nvmfdd.c
+41-141 files not shown
+42-157 files

HardenedBSD/ports 78333fcmail/thunderbird-esr/files patch-cargo-checksums, mail/thunderbird/files patch-libwebrtc-generated

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+895-767sysutils/czkawka/distinfo
+611-426mail/thunderbird/files/patch-libwebrtc-generated
+446-382sysutils/czkawka/Makefile.crates
+62-0mail/thunderbird-esr/files/patch-cargo-checksums
+12-50net-mgmt/victoria-logs/files/victoria_logs.in
+35-0security/vuxml/vuln/2026.xml
+2,061-1,62530 files not shown
+2,209-1,70036 files

HardenedBSD/ports cec8681devel/py-grpcio-tools distinfo Makefile

devel/py-grpcio-tools: update to 1.78.1.
DeltaFile
+3-3devel/py-grpcio-tools/distinfo
+1-1devel/py-grpcio-tools/Makefile
+4-42 files

HardenedBSD/ports a495a4cdevel/py-grpcio distinfo Makefile

devel/py-grpcio: update to 1.78.1.
DeltaFile
+3-3devel/py-grpcio/distinfo
+1-1devel/py-grpcio/Makefile
+4-42 files

HardenedBSD/ports 9e6b216net-mgmt/nfs-exporter distinfo Makefile.crates

net-mgmt/nfs-exporter: 0.4.6

https://github.com/Axcient/freebsd-nfs-exporter/blob/master/CHANGELOG.md#046---2026-02-20

Sponsored by:   ConnectWise
DeltaFile
+19-7net-mgmt/nfs-exporter/distinfo
+8-2net-mgmt/nfs-exporter/Makefile.crates
+1-2net-mgmt/nfs-exporter/Makefile
+28-113 files

HardenedBSD/src d1f1402lib/libnetbsd/sys cdefs.h

libnetbsd: import `__CTASSERT(..)` macros

These compile-time assert macros are similar to `Static_assert` on FreeBSD.

These macros are in use in newer versions of `contrib/netbsd-tests`.

Obtained from:  https://github.com/NetBSD/src (c26cc77b3a0b26b95a2)
MFC after:      1 week
DeltaFile
+16-0lib/libnetbsd/sys/cdefs.h
+16-01 files

HardenedBSD/ports c4671ffnet-mgmt/victoria-logs Makefile pkg-plist, net-mgmt/victoria-logs/files victoria_logs.in

net-mgmt/victoria-logs: Improve RC script

* Have the RC system perform user switch
* Initialize default variables
* Have the RC system handle start, status, stop
* Set the process title for ps/top
* Remove reload since victoria-logs does not support it
* Use single-hyphen command line options

PR:             293061
Approved by:    samm (maintainer)
DeltaFile
+12-50net-mgmt/victoria-logs/files/victoria_logs.in
+7-2net-mgmt/victoria-logs/Makefile
+1-0net-mgmt/victoria-logs/pkg-plist
+20-523 files

HardenedBSD/ports f1bf1e0math/R-cran-date distinfo Makefile

math/R-cran-date: Update to 1.2-43

Changelog: https://cran.r-project.org/web/packages/date/ChangeLog
DeltaFile
+3-3math/R-cran-date/distinfo
+1-2math/R-cran-date/Makefile
+4-52 files

HardenedBSD/src e188655sys/netinet tcp_subr.c

tcp: improve validation of received TCP over UDP packets

Reviewed by:            glebius, pouria
MFC after:              3 days
Sponsored by:           Netflix, Inc.
Differential Revision:  https://reviews.freebsd.org/D55410
DeltaFile
+17-5sys/netinet/tcp_subr.c
+17-51 files

HardenedBSD/src 1602f00sbin/nvmecontrol nvmecontrol.8 fabrics.c, sys/dev/nvmf nvmf.h

nvmf: Limit the default I/O queue size to 128 entries

Previously the size defaulted to the maximum supported size reported
by the remote host.  The value of 128 matches the default on Linux and
avoids excessive resource usage for I/O queues.

Sponsored by:   Chelsio Communications
DeltaFile
+3-3sbin/nvmecontrol/nvmecontrol.8
+2-1sys/dev/nvmf/nvmf.h
+2-1tools/tools/nvmf/nvmfdd/nvmfdd.c
+1-1sbin/nvmecontrol/fabrics.c
+8-64 files

HardenedBSD/src 0788e7cusr.sbin/ctld nvmf.cc

ctld: Honor the default maximum I/O queue size for NVMeoF controllers

<dev/nvmf.h> exports a constant to set the default maximum I/O queue
size which is used by ctl(4) if an explicit size is not set.  This
value was chosen to match Linux's default, but it also avoids
excessive resource usage for I/O queues.

ctld was using the absolute maxium size as the default instead.

Sponsored by:   Chelsio Communications
DeltaFile
+1-4usr.sbin/ctld/nvmf.cc
+1-41 files

HardenedBSD/ports 96b2243sysutils/fluent-bit distinfo Makefile

sysutils/fluent-bit: Update to 4.2.3.1

Release notes:  https://github.com/fluent/fluent-bit/releases/tag/v4.2.3.1
DeltaFile
+3-3sysutils/fluent-bit/distinfo
+1-1sysutils/fluent-bit/Makefile
+4-42 files

HardenedBSD/ports 8abe739security/vuls distinfo Makefile

security/vuls: Update to 0.38.2

Release notes:  https://github.com/future-architect/vuls/releases/tag/v0.38.2
DeltaFile
+5-5security/vuls/distinfo
+1-1security/vuls/Makefile
+6-62 files

HardenedBSD/ports 07ecc56mail/thunderbird distinfo Makefile, mail/thunderbird/files patch-libwebrtc-generated patch-comm_third__party_rnp_src_common_file-utils.c

mail/thunderbird: update to 148.0 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/148.0/releasenotes/
DeltaFile
+611-426mail/thunderbird/files/patch-libwebrtc-generated
+25-0mail/thunderbird/files/patch-comm_third__party_rnp_src_common_file-utils.c
+20-0mail/thunderbird/files/patch-third__party_libwebrtc_modules_desktop__capture_desktop__capturer.h
+3-3mail/thunderbird/distinfo
+2-2mail/thunderbird/Makefile
+661-4315 files

HardenedBSD/ports f2f83f7mail/thunderbird-esr distinfo Makefile, mail/thunderbird-esr/files patch-cargo-checksums

mail/thunderbird-esr: update to 140.8.0 (rc1)

Release Notes:
  https://www.thunderbird.net/en-US/thunderbird/140.8.0esr/releasenotes/
DeltaFile
+62-0mail/thunderbird-esr/files/patch-cargo-checksums
+3-3mail/thunderbird-esr/distinfo
+1-1mail/thunderbird-esr/Makefile
+66-43 files

HardenedBSD/ports 7889e35graphics/simage Makefile

graphics/simage: disable MPEG2ENC support by default to make packageable

With MPEG2ENC enabled by default, the license is not free, and this port
cannot be packaged.

Therefore the consumers of simage cannot be packaged: among them

Coin-4.0.6                      graphics/Coin          simage-1.8.4
FreeCAD-1.0.2_7                 cad/freecad            simage-1.8.4
FreeCAD-devel-r20251228075421_1 cad/freecad-devel      simage-1.8.4
py311-pivy-0.6.10               graphics/py-pivy at py311 simage-1.8.4
SoQt-1.6.4,1                    x11-toolkits/soqt      simage-1.8.4
visp-3.6.0_13                   misc/visp              simage-1.8.4

This patch make MPEG2ENC optional, so that these ports should be
packageable again.

Problem identified by:  Mark Millard


    [4 lines not shown]
DeltaFile
+16-9graphics/simage/Makefile
+16-91 files

HardenedBSD/ports 4b74069devel/jenkins-lts distinfo Makefile

devel/jenkins-lts: Update to 2.541.2

Security:       428e782a-0e92-11f1-a9b1-0cc47ada5f32
MFC:            2026Q1
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins-lts/distinfo
+1-1devel/jenkins-lts/Makefile
+4-42 files

HardenedBSD/ports 03bc05edevel/jenkins distinfo Makefile

devel/jenkins: Update to 2.551

Security:       428e782a-0e92-11f1-a9b1-0cc47ada5f32
MFC:            2026Q1
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins/distinfo
+1-1devel/jenkins/Makefile
+4-42 files

HardenedBSD/ports b089bd4security/vuxml/vuln 2026.xml

security/vuxml: Document Jenkins Security Advisory 2026-02-18

Sponsored by:   The FreeBSD Foundation
DeltaFile
+35-0security/vuxml/vuln/2026.xml
+35-01 files

HardenedBSD/ports 01994b9sysutils/czkawka distinfo Makefile.crates

sysutils/czkawka: Update to 11.0.0

The krokiet GUI works for me so remove the post-patch target.

Changelog: https://github.com/qarmin/czkawka/releases/tag/11.0.0
DeltaFile
+895-767sysutils/czkawka/distinfo
+446-382sysutils/czkawka/Makefile.crates
+5-7sysutils/czkawka/Makefile
+1,346-1,1563 files

HardenedBSD/ports 1509011www/p5-Catalyst-Plugin-Session Makefile

www/p5-Catalyst-Plugin-Session: Fix dependencies

Crypt::SysRandom is a runtime dependency, not a test dependency.

MFH:    2026Q1
DeltaFile
+3-2www/p5-Catalyst-Plugin-Session/Makefile
+3-21 files

HardenedBSD/ports e96c3f0multimedia/py-subliminal distinfo Makefile

multimedia/py-subliminal: Update to 2.6.0

ChangeLog: https://github.com/Diaoul/subliminal/releases/tag/2.6.0
DeltaFile
+3-3multimedia/py-subliminal/distinfo
+1-1multimedia/py-subliminal/Makefile
+4-42 files

HardenedBSD/src f7038edsys/amd64/include cpufunc.h, sys/i386/include cpufunc.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+6-20sys/i386/include/cpufunc.h
+6-8sys/amd64/include/cpufunc.h
+5-7tests/sys/netlink/test_rtnl_gre.c
+2-0usr.sbin/fstyp/exfat.c
+2-0usr.sbin/fstyp/fstyp.c
+2-0usr.sbin/fstyp/fstyp.h
+23-3517 files not shown
+55-3723 files

HardenedBSD/src eb7fe9esys/amd64/include cpufunc.h, sys/i386/include cpufunc.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+6-20sys/i386/include/cpufunc.h
+6-8sys/amd64/include/cpufunc.h
+5-7tests/sys/netlink/test_rtnl_gre.c
+2-0usr.sbin/fstyp/geli.c
+2-0usr.sbin/fstyp/fstyp.h
+2-0usr.sbin/bhyve/amd64/atkbdc.h
+23-3516 files not shown
+54-3622 files

HardenedBSD/src 32942f8lib/libc/arm/aeabi aeabi_unwind_cpp.c, lib/libsys/arm Makefile.sys

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+6-6lib/libc/arm/aeabi/aeabi_unwind_cpp.c
+5-0lib/libsys/arm/Makefile.sys
+11-62 files

HardenedBSD/ports 7a67fa0cad/freecad-devel pkg-plist, databases/mongodb70/files patch-src_third__party_boost_boost_log_utility_strictest__lock.hpp

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+455-461textproc/gitlab-code-parser/distinfo
+227-230textproc/gitlab-code-parser/Makefile.crates
+82-25cad/freecad-devel/pkg-plist
+70-0databases/mongodb70/files/patch-src_third__party_boost_boost_log_utility_strictest__lock.hpp
+28-29www/gitlab/Makefile
+0-48devel/magit/files/patch-lisp_magit-autorevert.el
+862-793120 files not shown
+1,426-1,173126 files

HardenedBSD/ports 471fbb9net/keycloak distinfo pkg-plist

net/keycloak: Update 26.5.3 => 26.5.4

Changelog:
https://www.keycloak.org/2026/02/keycloak-2654-released

PR:             293315
Security:       CVE-2026-1190
Security:       CVE-2026-0707
Security:       CVE-2025-5416
Security:       CVE-2026-2575
Security:       CVE-2026-2733
MFH:            2026Q1
DeltaFile
+3-3net/keycloak/distinfo
+1-1net/keycloak/pkg-plist
+1-1net/keycloak/Makefile
+5-53 files

HardenedBSD/ports 6d6e571security/vuxml/vuln 2026.xml

security/vuxml: Add Mozilla vulnerability

 * CVE-2026-2447
DeltaFile
+34-0security/vuxml/vuln/2026.xml
+34-01 files