HardenedBSD/src 33292a2cddl/contrib/opensolaris/cmd/dtrace dtrace.1, share/man/man7 tracing.7

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+4-5share/man/man7/tracing.7
+3-1cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
+7-62 files

HardenedBSD/src 3cff3abcddl/contrib/opensolaris/cmd/dtrace dtrace.1, share/man/man7 tracing.7

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+4-5share/man/man7/tracing.7
+3-1cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
+7-62 files

HardenedBSD/ports 33456b7devel/ispc distinfo, devel/libev/files patch-ev.c

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+123-0security/vuxml/vuln/2025.xml
+17-12textproc/xmlto/Makefile
+11-2devel/libev/files/patch-ev.c
+3-3net/traefik/distinfo
+3-3devel/ispc/distinfo
+3-3science/packmol/distinfo
+160-238 files not shown
+174-3314 files

HardenedBSD/ports 8416467net/traefik distinfo Makefile

net/traefik: Update to upstream release 3.4.4

Details:
- Bugfixes, see
  https://github.com/traefik/traefik/releases/tag/v3.4.4

MFH:            2025Q3
DeltaFile
+3-3net/traefik/distinfo
+2-2net/traefik/Makefile
+5-52 files

HardenedBSD/ports f426885science/packmol distinfo Makefile

science/packmol: Update to 21.0.4

ChangeLog: https://github.com/m3g/packmol/releases/tag/v21.0.4
DeltaFile
+3-3science/packmol/distinfo
+1-1science/packmol/Makefile
+4-42 files

HardenedBSD/ports cf7638cdevel/libev/files patch-ev.c patch-configure

devel/libev: Unbreak current after inotify add

After inotify was added to main, if condition bellow leads to build error
related to missing (linux) statfs.h header.

Fix it by adjusting correct headers:

 #if EV_USE_INOTIFY
-# include <sys/statfs.h>
+# include <sys/mount.h>
 # include <sys/inotify.h>

While here, refresh patches.

Approved by:    portmgr (blanket, build fix)
Sugested by:    markj
See also;       https://lists.freebsd.org/archives/dev-commits-src-all/2025-July/057269.html
DeltaFile
+11-2devel/libev/files/patch-ev.c
+2-2devel/libev/files/patch-configure
+2-2devel/libev/files/patch-Makefile.in
+15-63 files

HardenedBSD/src c479d2bshare/man/man7 tracing.7

tracing.7: Pet linters

Event:          Berlin 2025 Hackathon
DeltaFile
+4-5share/man/man7/tracing.7
+4-51 files

HardenedBSD/ports fa129aesecurity/vuxml/vuln 2025.xml

security/vuxml: extend libxml2/libxslt vuln to linux-* ports
DeltaFile
+16-0security/vuxml/vuln/2025.xml
+16-01 files

HardenedBSD/src 98a1084cddl/contrib/opensolaris/cmd/dtrace dtrace.1

dtrace.1: Reference dwatch(1) and tracing(7)

Reviewed by:    bcr
Event:          Berlin 2025 Hackathon
DeltaFile
+3-1cddl/contrib/opensolaris/cmd/dtrace/dtrace.1
+3-11 files

HardenedBSD/ports dceb46fsecurity/vuxml/vuln 2025.xml, textproc/libxslt Makefile

textproc/libxml2, textproc/libxslt: vulnerable

Note that libxslt is vulnerable, unfixed, and without maintainer.
Two of four vulnerabilities have been fixed.

Note that libxml2 in our ports is vulnerable and there is no upstream
release fixing these bugs, they need cherry-picks.

Deprecate textproc/xmlto and textproc/minixmlto,
which both depend on the unmaintained and vulnerable libxslt.
I have filed https://pagure.io/xmlto/issue/15 to ask the xmlto
upstream to switch to different XML/XSLT libraries.

Two issues are undisclosed and do not seem to have a CVE assigned yet.

Security:       CVE-2025-6021
Security:       CVE-2025-6170
Security:       CVE-2025-7424
Security:       CVE-2025-7425

    [16 lines not shown]
DeltaFile
+107-0security/vuxml/vuln/2025.xml
+17-12textproc/xmlto/Makefile
+3-0textproc/minixmlto/Makefile
+3-0textproc/libxslt/Makefile
+130-124 files

HardenedBSD/ports 217e2efnet/usockets Makefile

net/usockets: Enable riscv64 build

Differential Revision:  https://reviews.freebsd.org/D51271
DeltaFile
+0-2net/usockets/Makefile
+0-21 files

HardenedBSD/ports c30c7b6devel/ispc distinfo Makefile

devel/ispc: update 1.26.0 → 1.27.0
DeltaFile
+3-3devel/ispc/distinfo
+1-1devel/ispc/Makefile
+4-42 files

HardenedBSD/ports ba053f2multimedia/video-trimmer distinfo Makefile.crates, www/angie Makefile distinfo

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+197-367multimedia/video-trimmer/distinfo
+62-147multimedia/video-trimmer/Makefile.crates
+28-17www/angie/Makefile
+7-7www/nginx-devel/distinfo
+7-7www/angie/distinfo
+6-5multimedia/video-trimmer/Makefile
+307-55025 files not shown
+371-59731 files

HardenedBSD/ports 749716bnet-p2p/jackett Makefile distinfo

net-p2p/jackett: update to 0.22.2140

While here, add USES=ssl.

PR:             288130
Reported by:    Ralf van der Enden <tremere at cainites.net> (maintainer)
DeltaFile
+4-4net-p2p/jackett/Makefile
+3-3net-p2p/jackett/distinfo
+2-0net-p2p/jackett/pkg-plist
+9-73 files

HardenedBSD/ports be0c90cmultimedia/video-trimmer distinfo Makefile.crates

multimedia/video-trimmer: update to 25.03

While here:
- Added 'gnome' to DIST_SUBDIR and to second CATEGORIES.
- Updated COMMENT to hopefully a better COMMENT.
- Added 'pango' to USE_GNOME.

Changelog: https://gitlab.gnome.org/YaLTeR/video-trimmer/-/releases/v25.03

PR:             287923
Reported by:    Yusuf Yaman <nxjoseph at protonmail.com> (maintainer)
DeltaFile
+197-367multimedia/video-trimmer/distinfo
+62-147multimedia/video-trimmer/Makefile.crates
+6-5multimedia/video-trimmer/Makefile
+1-0multimedia/video-trimmer/pkg-plist
+266-5194 files

HardenedBSD/ports 2921d7dmail/mailutils distinfo Makefile

mail/mailutils: update the port to version 3.19

Requested by:   maintainer
DeltaFile
+3-3mail/mailutils/distinfo
+1-2mail/mailutils/Makefile
+1-0mail/mailutils/pkg-plist
+5-53 files

HardenedBSD/ports ebd32eax11-wm/labwc Makefile distinfo

x11-wm/labwc: update to 0.9.0

Changes:        https://github.com/labwc/labwc/releases/tag/0.9.0
Reported by:    GitHub (watch releases)
DeltaFile
+5-4x11-wm/labwc/Makefile
+3-3x11-wm/labwc/distinfo
+8-72 files

HardenedBSD/ports ccc0ce0www/nginx-devel distinfo Makefile.extmod, www/nginx-devel/files extra-patch-spnego-http-auth-nginx-module-config

www/nginx-devel: third-party modules management

o) ngx_devel_kit: update to 0.3.4
o) headers_more: update to 0.39
o) spnego-http-auth (aka auth_krb5): update to 1.1.3

Bump PORTREVISION.
DeltaFile
+7-7www/nginx-devel/distinfo
+3-3www/nginx-devel/Makefile.extmod
+2-2www/nginx-devel/files/extra-patch-spnego-http-auth-nginx-module-config
+1-1www/nginx-devel/Makefile
+13-134 files

HardenedBSD/ports 689410femulators/ppsspp Makefile

emulators/{ppsspp,libretro-ppsspp,ppsspp-qt5}: fix build on arm64

Arm64 requires bundled libpng17 module. Removing it from EXCLUDE
unbreaks build on arm64 platform.

PR:             287572
Reported by:    Kevin Reinholz <kreinholz at gmail.com> (maintainer)
MFH:            2025Q3
DeltaFile
+1-1emulators/ppsspp/Makefile
+1-11 files

HardenedBSD/ports 555bfa4math/octave-forge-octave_php_wrapper/files patch-DESCRIPTION

math/octave-forge-octave_php_wrapper: Add forgotten patch.

- Add the patch file that was forgotten in the prior commit.
DeltaFile
+9-0math/octave-forge-octave_php_wrapper/files/patch-DESCRIPTION
+9-01 files

HardenedBSD/ports d374232math/octave-forge-octave_php_wrapper Makefile

math/octave-forge-octave_php_wrapper: Fix DESCRIPTION.

- DESCRIPTION had incorrect version.
- Bump portrevision.
DeltaFile
+2-0math/octave-forge-octave_php_wrapper/Makefile
+2-01 files

HardenedBSD/src 98e530bsys/kern kern_sig.c kern_syscalls.c, sys/sys syscallsubr.h

kern: add kern_nosys() and use it instead of type-punning the sys_nosys() arg

(cherry picked from commit 26061e4e542d220c577fb3437a9a9f108dc27698)
DeltaFile
+7-2sys/kern/kern_sig.c
+3-2sys/kern/kern_syscalls.c
+1-1sys/kern/sysv_msg.c
+1-1sys/kern/sysv_sem.c
+1-1sys/kern/sysv_shm.c
+1-0sys/sys/syscallsubr.h
+14-76 files

HardenedBSD/src d9290aesys/sys sysent.h

sys/sysent.h: use two nibbles for flags, and remove unused SY_THR_FLAGMASK

(cherry picked from commit baa15beed7f1f51c213ae434d3655c6664da8786)
DeltaFile
+4-5sys/sys/sysent.h
+4-51 files

HardenedBSD/src bc0d313sys/kern vfs_aio.c

aio: if there is at least one aio thread, hide an error from aio_init_aioinfo()

(cherry picked from commit 0c38e3dbbf6eaa2755d34189149c9140cacd4bb1)
DeltaFile
+8-1sys/kern/vfs_aio.c
+8-11 files

HardenedBSD/src dcb7a2bsys/amd64/amd64 pmap.c

amd64 pmap: do not panic on inability to insert ptp into trie

(cherry picked from commit 476d2d8f290f60cbbe6b546272a3485ef0316356)
DeltaFile
+37-17sys/amd64/amd64/pmap.c
+37-171 files

HardenedBSD/src bd5f766sys/kern vfs_aio.c

aio: handle errors from fork

(cherry picked from commit 4685fa8e4bef169e6a1ceaf07f149232326de805)
DeltaFile
+25-10sys/kern/vfs_aio.c
+25-101 files

HardenedBSD/src 48172adsys/kern vfs_aio.c

aio: make aio_init_aioinfo() and aio_aqueue() static

(cherry picked from commit c44439942cdb56cad8c7630444ff84447ca3866a)
DeltaFile
+4-4sys/kern/vfs_aio.c
+4-41 files

HardenedBSD/src 7b2ec2asys/amd64/amd64 pmap.c

amd64 pmap: update comment in pmap_demote_DMAP() explaining the len<NBPDP check

(cherry picked from commit ee502c8531833d7a0d4bc4c72cc05227f4a3715a)
DeltaFile
+7-5sys/amd64/amd64/pmap.c
+7-51 files

HardenedBSD/src 4c82dffsys/dev/mem memutil.c

dev/mem: use sx instead of rw lock

(cherry picked from commit ca554a7dea3f90f39fc2b7d25813d0be944e12e2)
DeltaFile
+9-11sys/dev/mem/memutil.c
+9-111 files

HardenedBSD/ports b60e4f7www/angie-module-set-misc Makefile

www/angie-module-set-misc: Update ngx_devel_kit 0.3.3 => 0.3.4

The www/angie-module-set-misc uses ngx_devel_kit in GH_TUPLE.

Changelog for ngx_devel_kit:
https://github.com/vision5/ngx_devel_kit/releases/tag/v0.3.4

PR:             288100
Approved by:    Oleg A. Mamontov <oleg at mamontov.net> (maintainer, implicit - inactive for more than 9 months)
DeltaFile
+1-1www/angie-module-set-misc/Makefile
+1-11 files