HardenedBSD/src 79d1b27sys/amd64/amd64 mp_machdep.c, sys/amd64/include smp.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+2-1sys/amd64/amd64/mp_machdep.c
+0-1sys/amd64/include/smp.h
+2-22 files

HardenedBSD/src c0d9a18sys/amd64/amd64 mp_machdep.c, sys/amd64/include smp.h

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+2-1sys/amd64/amd64/mp_machdep.c
+0-1sys/amd64/include/smp.h
+2-22 files

HardenedBSD/src c41a8d8. Makefile.inc1

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+18-32Makefile.inc1
+18-321 files

HardenedBSD/ports 28ff5cawww/wordpress/files patch-6.9.1-to-6.9.4, x11/waveterm distinfo Makefile.crates

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+1,760-2,078x11/waveterm/files/packagejsons/package-lock.json
+1,487-1,281x11/waveterm/distinfo
+392-289x11/waveterm/Makefile.crates
+373-0www/wordpress/files/patch-6.9.1-to-6.9.4
+0-329x11/waveterm/files/patch-swc_bindings_Cargo.lock
+290-0x11/waveterm/files/patch-swc_Cargo.lock
+4,302-3,97742 files not shown
+4,589-4,35348 files

HardenedBSD/ports 10c7738misc/codex distinfo Makefile.crates, misc/codex/files patch-codex-rs_core_tests_suite_view__image.rs

misc/codex: Update to 0.114.0

Changelog:
- https://github.com/openai/codex/releases/tag/rust-v0.110.0
- https://github.com/openai/codex/releases/tag/rust-v0.111.0
- https://github.com/openai/codex/releases/tag/rust-v0.112.0
- https://github.com/openai/codex/releases/tag/rust-v0.113.0
- https://github.com/openai/codex/releases/tag/rust-v0.114.0

Reported by:    GitHub (watch releases)
DeltaFile
+15-9misc/codex/distinfo
+0-11misc/codex/files/patch-codex-rs_core_tests_suite_view__image.rs
+6-3misc/codex/Makefile.crates
+2-6misc/codex/Makefile
+23-294 files

HardenedBSD/src 5f0ab9dsys/amd64/amd64 mp_machdep.c, sys/amd64/include smp.h

amd64: Make start_all_aps() static

It is not used elsewhere since the change [1].

[1] ac3ede5371af x86/xen: remove PVHv1 code

MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D55668
DeltaFile
+2-1sys/amd64/amd64/mp_machdep.c
+0-1sys/amd64/include/smp.h
+2-22 files

HardenedBSD/ports 122fc90www/wordpress Makefile, www/wordpress/files patch-6.9.1-to-6.9.4

www/wordpress: upgrade to 6.9.4 (security)

Upstream does not offer localized tarballs for 6.9.4, so download the
6.9.1 tarballs and apply files/patch-6.9.1-to-6.9.4 instead.

Security fixes in 6.9.2:
- Blind SSRF
- PoP-chain weakness in HTML API and Block Registry
- Regex DoS in Numeric Character References
- Stored XSS in Nav Menus
- AJAX query-attachments Authorization Bypass
- Stored XSS via data-wp-bind directive
- XSS allowing override of client-side templates in admin area
- PclZip Path Traversal
- Authorization Bypass on Notes feature
- XXE in external getID3 library

Bug fix in 6.9.3:
- Restore compatibility for themes using stringable objects with the

    [6 lines not shown]
DeltaFile
+373-0www/wordpress/files/patch-6.9.1-to-6.9.4
+5-4www/wordpress/Makefile
+378-42 files

HardenedBSD/ports 92d6a09misc/crush distinfo Makefile

misc/crush: Update to 0.47.2

Changelog:
- https://github.com/charmbracelet/crush/releases/tag/v0.47.0
- https://github.com/charmbracelet/crush/releases/tag/v0.47.1
- https://github.com/charmbracelet/crush/releases/tag/v0.47.2

Reported by:    GitHub (watch releases)
DeltaFile
+5-5misc/crush/distinfo
+1-2misc/crush/Makefile
+6-72 files

HardenedBSD/ports d99be71x11/waveterm distinfo Makefile.crates, x11/waveterm/files patch-swc_bindings_Cargo.lock patch-swc_Cargo.lock

x11/waveterm: Update to 0.14.1

Changelog: https://github.com/wavetermdev/waveterm/releases/tag/v0.14.1

Reported by:    GitHub (watch releases)
DeltaFile
+1,760-2,078x11/waveterm/files/packagejsons/package-lock.json
+1,487-1,281x11/waveterm/distinfo
+392-289x11/waveterm/Makefile.crates
+0-329x11/waveterm/files/patch-swc_bindings_Cargo.lock
+290-0x11/waveterm/files/patch-swc_Cargo.lock
+134-134x11/waveterm/files/packagejsons/tsunami/templates/package-lock.json
+4,063-4,1119 files not shown
+4,117-4,18415 files

HardenedBSD/src 2a3d650. Makefile.inc1

packages: Don't create empty packages

If a package plist only contains directories, but no files, do not
create the package.

This fixes an issue where setting "package=foo" in mtree causes the
"foo" package to always be created, even if nothing else installs in
that package, because the mtree entry is always added to the plist.

This most often happens:

* With architecture-specific directories, because mtree can't install
  a directory conditionally based on architecture, and

* With packages that are completely empty when a particular src.conf
  knob is disabled, because mtree will still create the directories.

Although it's theoretically possible that we might want to create a
package that only contains directories, there are no such packages

    [8 lines not shown]
DeltaFile
+18-11Makefile.inc1
+18-111 files

HardenedBSD/src 1346ffb. Makefile.inc1

Makefile.inc1: Remove svn support

We don't need this, and we don't use this. It's left over from the svn
days. We stopped supporting svn as a project entirely when 12.x went
EOL. And VCS_REVSION isn't in any current ucl file or anywhere else in
the tree.

Sponsored by:           Netflix
Reviewed by     :       kevans, brd
Differential Revision:  https://reviews.freebsd.org/D52912

(cherry picked from commit 28b858f5059c8b25fa08be494699997000fce58c)

Makefile.inc1: Add back missing if

The .if defined(_MKSHOWCONFIG) covered an unusually large area, so it
should have not been removed in the last commit. I must have tested in
the wrong tree before pushing...


    [4 lines not shown]
DeltaFile
+1-22Makefile.inc1
+1-221 files

HardenedBSD/ports 41efe83comms/conserver-com Makefile distinfo, comms/conserver-com/files patch-conserver_readcfg.c

comms/conserver-com: update to 8.3.0

Changes: https://github.com/bstansell/conserver/releases/tag/v8.3.0

While here: add an option to enable IPv6 support (default: on).
DeltaFile
+0-14comms/conserver-com/files/patch-conserver_readcfg.c
+5-4comms/conserver-com/Makefile
+3-3comms/conserver-com/distinfo
+8-213 files

HardenedBSD/ports e71b9feeditors/vim distinfo Makefile

editors/vim: Update to 9.2.0140

Contains a fix for a null pointer dereferencing vulnerability in the
regex engine. Vim assigned it a MODERATE risk score. See the below
disclosure report.

Security:       https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r
DeltaFile
+3-3editors/vim/distinfo
+2-2editors/vim/Makefile
+5-52 files

HardenedBSD/ports 0af72ffgraphics/nvidia-drm-515-kmod distinfo, graphics/nvidia-drm-61-kmod distinfo

x11/nvidia-driver, x11/nvidia-kmod, x11/linux-nvidia-libs, graphics/nvidia-drm*-kmod, x11/nvidia-settings, x11/nvidia-xconfig: Update to 580.142

Update to latest Production Branch of drivers 580.142:
https://www.nvidia.com/en-us/drivers/details/265444/

Linux counterparts for x11/linux-nvidia-libs:
https://www.nvidia.com/en-us/drivers/details/265443/

Add graphics/egl-wayland2 as a dependency for non-legacy branches.
This library can be installed alongside the previous egl-wayland
implementation (graphics/egl-wayland) and has a higher selection
priority by default, but doesn't support legacy branches.

PR:             293738
Differential Revision:  https://reviews.freebsd.org/D55813
DeltaFile
+10-2x11/linux-nvidia-libs/Makefile
+3-3graphics/nvidia-drm-515-kmod/distinfo
+3-3graphics/nvidia-drm-61-kmod/distinfo
+3-3graphics/nvidia-drm-66-kmod/distinfo
+3-3graphics/nvidia-drm-latest-kmod/distinfo
+3-3x11/linux-nvidia-libs/distinfo
+25-179 files not shown
+42-3215 files

HardenedBSD/src f9a4771sys/cam cam_xpt.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+4-0sys/cam/cam_xpt.c
+4-01 files

HardenedBSD/src f335c0esys/cam cam_xpt.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+4-0sys/cam/cam_xpt.c
+4-01 files

HardenedBSD/src ce17e2alib/libmt mtlib.c, usr.bin/mt mt.1

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+8-1usr.bin/mt/mt.1
+2-0lib/libmt/mtlib.c
+10-12 files

HardenedBSD/ports 24c8adddevel/gitoxide distinfo, finance/ord distinfo Makefile

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+0-4,767graphics/blender-doc/pkg-plist
+707-595finance/ord/distinfo
+563-537lang/prql/distinfo
+467-443devel/gitoxide/distinfo
+353-298finance/ord/Makefile
+281-269lang/prql/Makefile
+2,371-6,909113 files not shown
+6,159-10,340119 files

HardenedBSD/ports 469548agames/veloren-weekly distinfo Makefile, games/veloren-weekly/files patch-unix

games/veloren-weekly: update to s20260311

Changes:        https://gitlab.com/veloren/veloren/-/compare/7c7606b0d4...96cd780828
DeltaFile
+0-61games/veloren-weekly/files/patch-unix
+3-3games/veloren-weekly/distinfo
+2-2games/veloren-weekly/Makefile
+5-663 files

HardenedBSD/ports 00f5991graphics/mesa-devel distinfo Makefile

graphics/mesa-devel: update to 26.0.b.2279

Changes:        https://gitlab.freedesktop.org/mesa/mesa/-/compare/651cf906e24...a4cabc1334e
DeltaFile
+3-3graphics/mesa-devel/distinfo
+2-2graphics/mesa-devel/Makefile
+5-52 files

HardenedBSD/ports 7619668shells/xonsh Makefile distinfo

shells/xonsh: Update to 0.22.7

ChangeLog: https://github.com/xonsh/xonsh/releases/tag/0.22.7
DeltaFile
+5-6shells/xonsh/Makefile
+3-3shells/xonsh/distinfo
+8-92 files

HardenedBSD/ports 886e973devel/aws-c-mqtt distinfo Makefile

devel/aws-c-mqtt: Update to 0.15.0

ChangeLog: https://github.com/awslabs/aws-c-mqtt/releases/tag/v0.15.0
DeltaFile
+3-3devel/aws-c-mqtt/distinfo
+1-1devel/aws-c-mqtt/Makefile
+4-42 files

HardenedBSD/ports 185eb1adevel/binaryen distinfo Makefile

devel/binaryen: Update to 127

ChangeLog: https://github.com/WebAssembly/binaryen/blob/main/CHANGELOG.md#v127
DeltaFile
+3-3devel/binaryen/distinfo
+1-1devel/binaryen/Makefile
+4-42 files

HardenedBSD/src a8b1531sys/cam cam_xpt.c

cam: Add comment about routine

Explain why we bump ref counts here.

Sponsored by:           Netflix
DeltaFile
+4-0sys/cam/cam_xpt.c
+4-01 files

HardenedBSD/src d6574d9sys/amd64/conf HARDENEDBSD

HBSD: Re-Enable core kernel debugging features

With commit 1aad58b919d3d22f86be01b8e26a203cd020eaae, FreeBSD removed
the inclusion of "std.debug" in the GENERIC kernel. This results in a
broken kernel on HardenedBSD since we rely on INVARIANTS and WITNESS.

This is a direct commit to hardened/15-stable/main.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
Fixes:          1aad58b919d3d22f86be01b8e26a203cd020eaae
(cherry picked from commit 4f1ff705926f9c35813f28dd3d029f31f2951613)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+1-0sys/amd64/conf/HARDENEDBSD
+1-01 files

HardenedBSD/ports 26945bbwww/pmwiki Makefile distinfo

www/pmwiki: Update 2.5.4 => 2.5.8, take maintainership

Changelogs:
https://www.pmwiki.org/wiki/PmWiki/ChangeLog#v259

Release Notes:
https://www.pmwiki.org/wiki/PmWiki/ReleaseNotes#v258

Improve port:
- Replace PORTVERSION with DISTVERSION.
- Fix warnings from portclippy.
- Remove unnecessary MKDIR.
- Move install docs to do-install-DOCS-on goal.

PR:     293743
DeltaFile
+9-10www/pmwiki/Makefile
+3-3www/pmwiki/distinfo
+12-132 files

HardenedBSD/ports f477358security/nmap Makefile, security/nmap/files patch-libdnet-stripped_configure

security/nmap: Restore missed ./configure patch

PR:             293713
Fixes:          be8868737f7b
Submitted by:   Charlie Bo <cbo at dreamsolution.nl>
MFH:            2026Q1
DeltaFile
+4-1security/nmap/files/patch-libdnet-stripped_configure
+1-0security/nmap/Makefile
+5-12 files

HardenedBSD/ports 0b92d76databases/dbeaver Makefile

databases/dbeaver: fix build on openjdk25

Some jdk.xml EntitySizeLimit defaults changed in openjdk24.
In the issue are more details.

Tested to still compile with openjdk21 also.

PR:     293697
Approved-by:     Martin Filla (maintainer)
DeltaFile
+2-0databases/dbeaver/Makefile
+2-01 files

HardenedBSD/ports d37ed35emulators/wine-devel pkg-plist Makefile, emulators/wine-devel/files patch-configure.ac patch-dlls_ntdll_unix_loader.c

emulators/wine-devel: Update 11.3 => 11.4

Changelog:
- SAX reader reimplemented in MSXML.
- Resampling optimizations in DirectSound.
- Beginnings of a proper CFGMGR32 implementation.
- Better Unix timezone matching.
- Various bug fixes.
https://gitlab.winehq.org/wine/wine/-/releases/wine-11.4

Add support for libusb

PR:     293722
DeltaFile
+45-0emulators/wine-devel/files/patch-configure.ac
+14-0emulators/wine-devel/pkg-plist
+3-3emulators/wine-devel/Makefile
+3-3emulators/wine-devel/distinfo
+3-3emulators/wine-devel/files/patch-dlls_ntdll_unix_loader.c
+68-95 files

HardenedBSD/ports 7b1df99textproc/py-ebcdic Makefile distinfo

textproc/py-ebcdic: Update to 2.0.0

ChangeLog: https://github.com/roskakori/CodecMapper/releases/tag/v2.0.0
DeltaFile
+4-3textproc/py-ebcdic/Makefile
+3-3textproc/py-ebcdic/distinfo
+7-62 files