HardenedBSD/src 267759f. RELNOTES, etc/mtree BSD.include.dist

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+1,079-233share/misc/pci_vendors
+1-461RELNOTES
+0-42sys/netinet/tcp_timewait.c
+0-6sys/dev/xilinx/if_xae.c
+1-1etc/mtree/BSD.include.dist
+1,081-7435 files

HardenedBSD/src 915e089. RELNOTES, etc/mtree BSD.include.dist

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+1,079-233share/misc/pci_vendors
+1-461RELNOTES
+0-42sys/netinet/tcp_timewait.c
+0-6sys/dev/xilinx/if_xae.c
+1-1etc/mtree/BSD.include.dist
+1,081-7435 files

HardenedBSD/src e7d294fsys/dev/vt vt_core.c

Merge branch 'freebsd/14-stable/main' into hardened/14-stable/master
DeltaFile
+3-3sys/dev/vt/vt_core.c
+3-31 files

HardenedBSD/ports 9426c70devel/kdesdk-thumbnailers pkg-plist, devel/kio-extras pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+343-211sysutils/gstat-rs/distinfo
+170-104sysutils/gstat-rs/Makefile.crates
+4-90devel/kio-extras/pkg-plist
+74-0security/vuxml/vuln/2025.xml
+0-51devel/kdesdk-thumbnailers/pkg-plist
+47-0security/autofirma/Makefile
+638-456320 files not shown
+1,659-1,390326 files

HardenedBSD/ports 824fde6net-mgmt/net-snmp Makefile

net-mgmt/net-snmp: Respect LDFLAGS.

No functional change intended.

Sponsored by:   Dell
Reviewed by:    zi, vangyzen
Differential Revision: https://reviews.freebsd.org/D54183
DeltaFile
+3-2net-mgmt/net-snmp/Makefile
+3-21 files

HardenedBSD/ports 548c97asecurity/autofirma Makefile pkg-plist, security/autofirma/files afirma.desktop.in pkg-message.in

java/autofirma: [new port]. Digital signature application

Autofirma is a java application used to sign digital documents.
It is the official application of the Spanish Government and as such it is
required to perform many online tasks with the Administration.

Reviewed by:            michaelo@
Differential Revision:  https://reviews.freebsd.org/D53807
DeltaFile
+47-0security/autofirma/Makefile
+16-0security/autofirma/files/afirma.desktop.in
+9-0security/autofirma/files/pkg-message.in
+5-0security/autofirma/files/autofirma.in
+5-0security/autofirma/pkg-plist
+4-0security/autofirma/pkg-descr
+86-03 files not shown
+94-09 files

HardenedBSD/ports 0716e1cwww/gallery-dl distinfo Makefile

www/gallery-dl: update to 1.31.0

Changes:        https://github.com/mikf/gallery-dl/releases/tag/v1.31.0
Reported by:    GitHub (watch releases)
DeltaFile
+3-3www/gallery-dl/distinfo
+1-2www/gallery-dl/Makefile
+4-52 files

HardenedBSD/ports c9fcf86www/varnish-libvmod-digest distinfo Makefile

www/varnish-libvmod-digest: Update to 1.0.3

- Fix Base64 decoding vulnerability

Approved by:    implicit/security
Security:       64bec4c7-d785-11f0-a1c0-0050569f0b83
DeltaFile
+3-3www/varnish-libvmod-digest/distinfo
+2-3www/varnish-libvmod-digest/Makefile
+5-62 files

HardenedBSD/ports 229c32esecurity/vuxml/vuln 2025.xml

security/vuxml: Document vulnerability in www/varnish-libvmod-digest
DeltaFile
+32-0security/vuxml/vuln/2025.xml
+32-01 files

HardenedBSD/src e1c985csys/dev/vt vt_core.c

vt: Allow VT_SETMODE with frsig=0

Linux does not check that any of the signals in vt_mode VT_SETMODE ioctl
(relsig, acqsig, frsig) are valid, but FreeBSD required that all three
are valid.  frsig is unusued in both Linux and FreeBSD, and software
typically leaves it unset.  To improve portability, allow frsig to be
set to zero.

PR:             289812
Reported by:    Dušan Gvozdenović
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52835

(cherry picked from commit 5198c32210039d8dc92554647384eee75688848c)
(cherry picked from commit 224d65015465d085f2e07edccef1f23a8c217b88)
DeltaFile
+3-3sys/dev/vt/vt_core.c
+3-31 files

HardenedBSD/src a16fdef. RELNOTES

RELNOTES: Truncate for 16.0

Differential Revision:  https://reviews.freebsd.org/D54195
DeltaFile
+1-461RELNOTES
+1-4611 files

HardenedBSD/src 929338dsys/netinet tcp_timewait.c

tpc: retire net.inet.tcp.nolocaltimewait

See c3fc0db3bc50df18a724e6e6b12ea4e060fd9255 for details.
DeltaFile
+0-42sys/netinet/tcp_timewait.c
+0-421 files

HardenedBSD/ports 294e82esysutils/gstat-rs distinfo Makefile.crates

sysutils/gstat-rs: 0.1.7

The main change is to fix a math error in the kb/r and kb/w columns

https://github.com/asomers/gstat-rs/blob/master/gstat/CHANGELOG.md#017---2025-12-11

Sponsored by:   ConnectWise
DeltaFile
+343-211sysutils/gstat-rs/distinfo
+170-104sysutils/gstat-rs/Makefile.crates
+1-2sysutils/gstat-rs/Makefile
+514-3173 files

HardenedBSD/ports 2823eb8devel/jenkins-lts distinfo Makefile

devel/jenkins-lts: Update to 2.528.3

Fixes CVE-2025-67635, CVE-2025-67636, CVE-2025-67637, CVE-2025-67638,
CVE-2025-67639

PR:             291580
Security:       2956aba3-1fcb-4c39-9cea-d88a46a3bf93
MFH:            2025Q4
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins-lts/distinfo
+1-1devel/jenkins-lts/Makefile
+4-42 files

HardenedBSD/ports 09b4c73devel/jenkins distinfo Makefile

devel/jenkins: Update to 2.541

Fixes CVE-2025-67635, CVE-2025-67636, CVE-2025-67637, CVE-2025-67638,
CVE-2025-67639

PR:             291580
Security:       2956aba3-1fcb-4c39-9cea-d88a46a3bf93
MFH:            2025Q4
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3devel/jenkins/distinfo
+1-1devel/jenkins/Makefile
+4-42 files

HardenedBSD/ports 381fdeasecurity/vuxml/vuln 2025.xml

security/vuxml: Document Jenkins Security Advisory 2025-12-10

PR:             291580
Sponsored by:   The FreeBSD Foundation
DeltaFile
+42-0security/vuxml/vuln/2025.xml
+42-01 files

HardenedBSD/src 945884dsys/cam/scsi scsi_xpt.c, sys/dts/arm/overlays spigen-rpi-b.dtso

Merge remote-tracking branch 'internal/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+45-0sys/fs/unionfs/union_vnops.c
+0-30sys/dts/arm/overlays/spigen-rpi-b.dtso
+25-2sys/fs/unionfs/union_vfsops.c
+2-2tools/test/stress2/misc/pg_zero.sh
+1-2sys/kern/vfs_default.c
+1-1sys/cam/scsi/scsi_xpt.c
+74-373 files not shown
+76-399 files

HardenedBSD/ports 9a32b0daudio/audacity Makefile distinfo

audio/audacity: Update 3.7.6 => 3.7.7

Changelog:
- Hotfix: fixes broken waveform scrolling and selection for some users
  introduced in 3.7.6.
- Added checksum to WavPack export.
https://github.com/audacity/audacity/releases/tag/Audacity-3.7.7

PR:     291601
DeltaFile
+4-3audio/audacity/Makefile
+3-3audio/audacity/distinfo
+7-62 files

HardenedBSD/ports 8bef5e8textproc/R-cran-yaml Makefile distinfo

textproc/R-cran-yaml: Update to 2.3.12

Update test dependencies.

Changelog: https://cran.r-project.org/web/packages/yaml/news/news.html
DeltaFile
+4-2textproc/R-cran-yaml/Makefile
+3-3textproc/R-cran-yaml/distinfo
+7-52 files

HardenedBSD/src ef2d586etc/mtree BSD.include.dist

etc/mtree/BSD.include.dist: Remove libmilter-dev

When building with WITHOUT_SENDMAIL this result in a FreeBSD-libmilter-dev
package with only this directory and a dependacy on FreeBSD-libmilter which
doesn't exists.

Differential Revision:  https://reviews.freebsd.org/D54193
Fixes:          436618a427b4 ("etc/mtree: Add package tags for /usr/include")
Reviewed by:    ivy
Sponsored by:   Beckhoff Automation GMbH & Co. KG
DeltaFile
+1-1etc/mtree/BSD.include.dist
+1-11 files

HardenedBSD/src c522532sys/dev/xilinx if_xae.c

xae(4): remove unused function.

Sponsored by: CHERI Research Centre
DeltaFile
+0-6sys/dev/xilinx/if_xae.c
+0-61 files

HardenedBSD/ports 7c3f927x11-wm/plasma6-kwin distinfo Makefile

x11-wm/plasma6-kwin: backport upstream patch to fix regression in 6.5.4

KDE BUG:        https://bugs.kde.org/513151
DeltaFile
+3-1x11-wm/plasma6-kwin/distinfo
+3-0x11-wm/plasma6-kwin/Makefile
+6-12 files

HardenedBSD/ports b6f9168deskutils/fet distinfo Makefile

deskutils/fet: Update to 7.6.0

Changelog: https://lalescu.ro/liviu/fet/news.html
DeltaFile
+3-3deskutils/fet/distinfo
+1-1deskutils/fet/Makefile
+4-42 files

HardenedBSD/src 3b8e13cshare/misc pci_vendors

pci_vendors: update to version 2025-12-12
DeltaFile
+1,079-233share/misc/pci_vendors
+1,079-2331 files

HardenedBSD/ports cdbdb1cdeskutils/kdeconnect-kde/files patch-core_backends_lan_lanlinkprovider.cpp, deskutils/kdepim-addons pkg-plist

KDE: Update KDE Gear to 25.12.0

Announcement: https://kde.org/announcements/gear/25.12.0/

Ports changes:

deskutils/itinerary:
 - Require QCoro6

deskutils/kdeconnect-kde:
 - Regenerate patches

devel/kpublictransport:
 - Require QtLocation

editors/kate:
 - Fix shebang

math/rocs:

    [10 lines not shown]
DeltaFile
+4-90devel/kio-extras/pkg-plist
+0-51devel/kdesdk-thumbnailers/pkg-plist
+16-29deskutils/kdeconnect-kde/files/patch-core_backends_lan_lanlinkprovider.cpp
+41-1deskutils/kdepim-addons/pkg-plist
+40-1multimedia/kdenlive/pkg-plist
+23-1editors/kate/pkg-plist
+124-173275 files not shown
+904-976281 files

HardenedBSD/ports 4a8cfd5devel/kf6-kfilemetadata Makefile, graphics/kdegraphics Makefile

graphics/kdegraphics-mobipocket: unflavorize consumers
DeltaFile
+2-2devel/kf6-kfilemetadata/Makefile
+1-1graphics/kdegraphics-thumbnailers/Makefile
+1-1graphics/okular/Makefile
+1-1graphics/kdegraphics/Makefile
+5-54 files

HardenedBSD/ports 350f7c0. MOVED, graphics/kdegraphics-mobipocket Makefile pkg-plist

graphics/kdegraphics-mobipocket: remove Qt5 flavor in preparation for 25.12.0 update.

25.08 was the last release with Qt5 support.
DeltaFile
+2-13graphics/kdegraphics-mobipocket/Makefile
+11-0graphics/kdegraphics-mobipocket/pkg-plist
+0-11graphics/kdegraphics-mobipocket/pkg-plist.qt6
+0-11graphics/kdegraphics-mobipocket/pkg-plist.qt5
+2-0MOVED
+15-355 files

HardenedBSD/ports aa57fbadevel/kf5-kfilemetadata Makefile pkg-plist

devel/kf5-kfilemetadata: remove broken MOBIPOCKET option
DeltaFile
+0-7devel/kf5-kfilemetadata/Makefile
+0-1devel/kf5-kfilemetadata/pkg-plist
+0-82 files

HardenedBSD/ports 838a372net/samba422 Makefile

net/samba422: Set TEST_ENV with = instead of +=

"+=" may suggest that we are appending to the default value of TEST_ENV.
This is not true. Use "=" to be explicit about the intent.
DeltaFile
+1-1net/samba422/Makefile
+1-11 files

HardenedBSD/ports 8e96225net/samba422 Makefile

net/samba422: Remove redundant LDAP_CONFIGURE_* variables
DeltaFile
+0-2net/samba422/Makefile
+0-21 files