HardenedBSD/src 19aa4e7sys/dev/iwx if_iwx.c, sys/netinet ip_ecn.c ip_ecn.h

by HardenedBSD Sync Services on ⎇
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+32-30sys/dev/iwx/if_iwx.c
+8-8sys/netinet/ip_ecn.c
+6-6sys/sys/syscallsubr.h
+8-1tools/test/stress2/misc/syzkaller59.sh
+1-8tools/test/stress2/misc/all.exclude
+2-2sys/netinet/ip_ecn.h
+57-557 files not shown
+65-6413 files

HardenedBSD/src dfadf48sys/dev/iwx if_iwx.c, sys/netinet ip_ecn.c

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+32-30sys/dev/iwx/if_iwx.c
+8-8sys/netinet/ip_ecn.c
+6-6sys/sys/syscallsubr.h
+8-1tools/test/stress2/misc/syzkaller59.sh
+1-8tools/test/stress2/misc/all.exclude
+2-2tools/test/stress2/misc/syzkaller82.sh
+57-557 files not shown
+65-6413 files

HardenedBSD/src baaf2a0share/man/man9 exterror.9 Makefile

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+137-0share/man/man9/exterror.9
+1-0share/man/man9/Makefile
+138-02 files

HardenedBSD/ports eff668bgraphics/pgplot Makefile, security/gnutls pkg-plist

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+10-50security/suricata/pkg-plist
+28-0security/vuxml/vuln/2025.xml
+8-2graphics/pgplot/Makefile
+8-1security/gnutls/pkg-plist
+2-6security/suricata/Makefile
+3-3security/suricata/distinfo
+59-6215 files not shown
+90-8621 files

HardenedBSD/src 747e842sys/sys syscallsubr.h

by Brooks Davis (brooks) on ⎇
sys/syscallsubr.h: fix some whitespace

Sponsored by:   DARPA, AFRL
DeltaFile
+6-6sys/sys/syscallsubr.h
+6-61 files

HardenedBSD/src 5b33683sys/sys extattr.h

by Brooks Davis (brooks) on ⎇
sys/extaddr.h: don't declare struct iovec

The code never uses it so there's no need to forward declare it.

Sponsored by:   Innovate UK
DeltaFile
+0-2sys/sys/extattr.h
+0-21 files

HardenedBSD/ports ba56e83sysutils/vm-bhyve-devel Makefile pkg-plist

by Guido Falsi (madpilot) via Michael Osipov (michaelo) on ⎇
sysutils/vm-bhyve-devel: Add missing RC script

PR:             291117
MFH:            2025Q4
DeltaFile
+2-0sysutils/vm-bhyve-devel/Makefile
+1-0sysutils/vm-bhyve-devel/pkg-plist
+3-02 files

HardenedBSD/ports 02f43b9sysutils/vm-bhyve Makefile pkg-plist

by Guido Falsi (madpilot) via Michael Osipov (michaelo) on ⎇
sysutils/vm-bhyve: Add missing RC script

PR:             291117
DeltaFile
+2-0sysutils/vm-bhyve/Makefile
+1-0sysutils/vm-bhyve/pkg-plist
+3-02 files

HardenedBSD/ports ff9c251security/vuxml/vuln 2025.xml

by Tijl Coosemans (tijl) on ⎇
security/vuxml: Add GNUTLS-SA-2025-11-18
DeltaFile
+28-0security/vuxml/vuln/2025.xml
+28-01 files

HardenedBSD/ports b3af88bsecurity/gnutls pkg-plist distinfo

by Tijl Coosemans (tijl) on ⎇
security/gnutls: Update to 3.8.11
DeltaFile
+8-1security/gnutls/pkg-plist
+3-3security/gnutls/distinfo
+1-1security/gnutls/Makefile
+12-53 files

HardenedBSD/ports b06cb88cad/kicad-devel Makefile.git_rev distinfo, cad/kicad-library-footprints-devel distinfo Makefile.git_rev

by Michael Reifenberger (mr) on ⎇
cad/kicad-devel: Update

Update to 2025.11.20
DeltaFile
+3-3cad/kicad-library-footprints-devel/distinfo
+3-3cad/kicad-devel/Makefile.git_rev
+3-3cad/kicad-library-symbols-devel/distinfo
+3-3cad/kicad-devel/distinfo
+2-2cad/kicad-library-symbols-devel/Makefile.git_rev
+2-2cad/kicad-library-footprints-devel/Makefile.git_rev
+16-161 files not shown
+17-167 files

HardenedBSD/ports 6e743fasecurity/suricata pkg-plist Makefile

by Olivier Cochard (olivier) on ⎇
security/suricata: Update to 8.0.2

PR:             288446
Reported by:    Zane C. Bowers-Hadley <vvelox at vvelox.net>
Approved by:    franco at opnsense.org (maintainer)
Sponsored by:   OPNsense
DeltaFile
+10-50security/suricata/pkg-plist
+2-6security/suricata/Makefile
+3-3security/suricata/distinfo
+15-593 files

HardenedBSD/src 8158b81share/man/man4 isp.4

by Gordon Bergling (gbe) on ⎇
isp.4: Fix a typo in the manual page

- s/Chanel/Channel/

MFC after:      3 days
DeltaFile
+1-1share/man/man4/isp.4
+1-11 files

HardenedBSD/src bb3bfc7share/man/man4 snd_dummy.4

by Gordon Bergling (gbe) on ⎇
snd_dummy.4: Fix a typo in the manual page

- s/devic/device/

MFC after:      3 days
DeltaFile
+1-1share/man/man4/snd_dummy.4
+1-11 files

HardenedBSD/src 361492bsbin/pfctl pfctl.c

by Gordon Bergling (gbe) on ⎇
pfctl(8): Fix a typo in an error message

- s/registeration/registration/

MFC after:      5 days
DeltaFile
+1-1sbin/pfctl/pfctl.c
+1-11 files

HardenedBSD/src d941fdetools/test/stress2/misc all.exclude

by Peter Holm (pho) on ⎇
stress2: Update the exclude list
DeltaFile
+1-8tools/test/stress2/misc/all.exclude
+1-81 files

HardenedBSD/src c149db0tools/test/stress2/misc syzkaller82.sh syzkaller84.sh

by Peter Holm (pho) on ⎇
stress2: No not rely on unset variables when using 'set -u'
DeltaFile
+2-2tools/test/stress2/misc/syzkaller82.sh
+1-0tools/test/stress2/misc/syzkaller84.sh
+3-22 files

HardenedBSD/src 51e0c42tools/test/stress2/misc syzkaller59.sh

by Peter Holm (pho) on ⎇
stress2: Added more robust test termination
DeltaFile
+8-1tools/test/stress2/misc/syzkaller59.sh
+8-11 files

HardenedBSD/src 0d8535eshare/man/man9 exterror.9 Makefile

by Konstantin Belousov (kib) on ⎇
exterror.9 man page

(cherry picked from commit 0eca7fa1c96f779039dd70eeeb0585ac12d153da)
DeltaFile
+137-0share/man/man9/exterror.9
+1-0share/man/man9/Makefile
+138-02 files

HardenedBSD/ports 515870agraphics/pgplot Makefile

by Gleb Popov (arrowd) on ⎇
graphics/pgplot: Fix building with Flang
DeltaFile
+8-2graphics/pgplot/Makefile
+8-21 files

HardenedBSD/src f258265sys/netinet ip_ecn.c ip_ecn.h, sys/netinet6 ip6_ecn.h

by Seyed Pouria Mousavizadeh Tehrani via Michael Tuexen (tuexen) on ⎇
ip: use standard C types for ECN helper functions

No functional change intended, suggested by glebius.

Reviewed by:            rscheff, zlei, tuexen
Differential Revision:  https://reviews.freebsd.org/D53739
DeltaFile
+8-8sys/netinet/ip_ecn.c
+2-2sys/netinet/ip_ecn.h
+2-2sys/netinet6/ip6_ecn.h
+12-123 files

HardenedBSD/ports cd901cfwww/py-binarycookies distinfo Makefile

by Alexey Dokuchaev (danfe) on ⎇
www/py-binarycookies: update the port to version 2.3.0

Reported by:    portscout
DeltaFile
+3-3www/py-binarycookies/distinfo
+1-1www/py-binarycookies/Makefile
+4-42 files

HardenedBSD/src 4d29178sys/dev/iwx if_iwx.c

by Adrian Chadd (adrian) on ⎇
iwx: tag RX frames as A_MPDU RX; tag A-MSDU frames appropriately

* tag packets for 11n/11ac associated nodes with A_MPDU so they
  get passed into the reordering logic

* tag A-MSDU frames with AMSDU and AMSDU_MORE so they don't get
  dropped due to duplicate sequence numbers.

Note: I haven't yet elicited A-MSDU in A-MPDU to fully test this,
but I do see the net80211 reordering logic kick in (which you can
see via wlanstats -i wlan0 -o ampdu 1).

I've checked with Johannes Berg at Intel (who maintains the linux
iwlwifi stuff); he replied saying none of the firmware versions are
doing AMPDU reorder offloading.

Differential Revision:  https://reviews.freebsd.org/D53781

Locally tested:

    [3 lines not shown]
DeltaFile
+32-30sys/dev/iwx/if_iwx.c
+32-301 files

HardenedBSD/src a2aa7f5contrib/ntp/ntpd ntp_io.c, crypto/openssh sshconnect.c FREEBSD-upgrade

by HardenedBSD Sync Services on ⎇
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+9-0crypto/openssh/sshconnect.c
+7-0crypto/openssh/FREEBSD-upgrade
+5-1sys/dev/e1000/if_em.c
+2-1sys/dev/e1000/e1000_82571.c
+1-1contrib/ntp/ntpd/ntp_io.c
+24-35 files

HardenedBSD/src 90043a6contrib/ntp/ntpd ntp_io.c, crypto/openssh sshconnect.c FREEBSD-upgrade

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+9-0crypto/openssh/sshconnect.c
+7-0crypto/openssh/FREEBSD-upgrade
+5-1sys/dev/e1000/if_em.c
+2-1sys/dev/e1000/e1000_82571.c
+1-1contrib/ntp/ntpd/ntp_io.c
+24-35 files

HardenedBSD/ports b3fb561multimedia/libxine/files ffmpeg8-1.patch ffmpeg8-2.patch, net/ntp/files patch-ntpd_ntp__io.c

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+13,650-4,891www/librewolf/files/patch-libwebrtc-generated
+114-0multimedia/libxine/files/ffmpeg8-1.patch
+36-27www/librewolf/files/patch-third__party_libwebrtc_build_config_BUILDCONFIG.gn
+7-14www/librewolf/files/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland__egl__dmabuf.cc
+20-0multimedia/libxine/files/ffmpeg8-2.patch
+15-1net/ntp/files/patch-ntpd_ntp__io.c
+13,842-4,93327 files not shown
+13,915-4,98033 files

HardenedBSD/ports 4ab5a40lang/algol68g distinfo Makefile

by Alexey Dokuchaev (danfe) on ⎇
lang/algol68g: update Algol 68 Genie to version 3.10.6

- New procedures: "https time out" to manage waiting for
  unresponsive URLs and "append", analogous to "open" but
  to append at EOF
- Fixed I/O timeout occurring on some platforms
- Introduced raw reading of the terminal; functions "raw",
  "cooked", and "peek char"
- Minor miscellaneous fixes
- Chase HTTP/2 302 redirection in WWW line

Reported by:    portscout
DeltaFile
+3-3lang/algol68g/distinfo
+2-2lang/algol68g/Makefile
+5-52 files

HardenedBSD/src 2ead091sys/dev/e1000 e1000_82571.c

by Kevin Bowling (kbowling) on ⎇
e1000: Don't enable ASPM L1 without L0s

Reporter noted packet loss with 82583.  NVM is down level.  The
errata docs mention disabling this, which should be the firmware
default, so I am not sure why we were enabling this bit.  Linux and
OpenBSD have the same issue, while NetBSD got it right.

Reported by:    Codin <codin at nagi.ftp.sh>
Tested by:      Codin <codin at nagi.ftp.sh>
MFC after:      2 weeks
DeltaFile
+2-1sys/dev/e1000/e1000_82571.c
+2-11 files

HardenedBSD/src aa30babsys/dev/e1000 if_em.c

by Kevin Bowling (kbowling) on ⎇
e1000: Bump 82574/82583 PBA to 32K

The reporter contacted me with packet loss and throughput fluctuations
on a low power machine (Intel J1900) that got worse with the recent AIM
algorithm in FreeBSD 14.2+.

32K RX PBA matches Linux default.  Add a conditional path since we don't
otherwise do a fixup for jumbo frames to retain space for two frames in
Tx.

With this change and an additional errata change, the throughput meets
line rate for the reporter.

Reported by:    Codin <codin at nagi.ftp.sh>
Tested by:      Codin <codin at nagi.ftp.sh>
MFC after:      2 weeks
DeltaFile
+5-1sys/dev/e1000/if_em.c
+5-11 files

HardenedBSD/ports 7d6c2b9chinese/fcitx5-mcbopomofo pkg-plist distinfo

by Li-Wen Hsu (lwhsu) on ⎇
chinese/fcitx5-mcbopomofo: Update to 2.9.4
DeltaFile
+3-3chinese/fcitx5-mcbopomofo/pkg-plist
+3-3chinese/fcitx5-mcbopomofo/distinfo
+1-1chinese/fcitx5-mcbopomofo/Makefile
+7-73 files