HardenedBSD/src 5a59ef8sys/dev/iommu iommu_gas.c, sys/kern kern_procctl.c

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+64-85sys/kern/kern_procctl.c
+1-1sys/dev/iommu/iommu_gas.c
+65-862 files

HardenedBSD/ports d8218dadevel/catppuccin-whiskers distinfo, misc/claude-code pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+2,643-2,290www/homepage/pkg-plist
+84-64misc/claude-code/files/package-lock.json
+28-28misc/github-copilot-cli/files/package-lock.json
+4-33misc/claude-code/pkg-plist
+15-15devel/catppuccin-whiskers/distinfo
+8-10net-im/folks/Makefile
+2,782-2,44042 files not shown
+2,871-2,51748 files

HardenedBSD/ports 2573feemisc/github-copilot-cli distinfo Makefile, misc/github-copilot-cli/files package-lock.json

misc/github-copilot-cli: update 0.0.400 → 0.0.394

Later versions suffer from freezes, see https://github.com/github/copilot-cli/issues/1320
DeltaFile
+28-28misc/github-copilot-cli/files/package-lock.json
+3-3misc/github-copilot-cli/distinfo
+2-1misc/github-copilot-cli/Makefile
+33-323 files

HardenedBSD/ports 6453deenet-im/folks Makefile distinfo

net-im/folks: update to 0.15.12

Update to 0.15.12:

  overview of changes from libfolks 0.15.11 to libfolks 0.15.12
  =============================================================

  Bugs fixed:
    * CI fixes

  overview of changes from libfolks 0.15.10 to libfolks 0.15.11
  =============================================================

  Bugs fixed:
    * eds backend: Correct patch for evolution-data-server 3.59.1 API changes
    * meson: Set minimum GLib version to 2.80

  Overview of changes from libfolks 0.15.9 to libfolks 0.15.10
  ============================================================

    [9 lines not shown]
DeltaFile
+8-10net-im/folks/Makefile
+3-3net-im/folks/distinfo
+2-0net-im/folks/pkg-plist
+13-133 files

HardenedBSD/ports f7832f9devel/cl-flexi-streams-sbcl Makefile, devel/cl-infix-sbcl Makefile

*/*: Bump PORTREVISION on *-sbcl ports after lang/sbcl upgrade.
DeltaFile
+1-1devel/cl-flexi-streams-sbcl/Makefile
+1-1devel/cl-infix-sbcl/Makefile
+1-1devel/cl-port-sbcl/Makefile
+1-1devel/cl-split-sequence-sbcl/Makefile
+1-1devel/cl-trivial-features-sbcl/Makefile
+1-1devel/cl-trivial-gray-streams-sbcl/Makefile
+6-614 files not shown
+20-2020 files

HardenedBSD/ports 7fc5f56lang/sbcl Makefile distinfo

lang/sbcl: Update to 2.6.2
DeltaFile
+6-6lang/sbcl/Makefile
+3-3lang/sbcl/distinfo
+9-92 files

HardenedBSD/ports 154118dwww/homepage pkg-plist distinfo

www/homepage: Update to 1.10.1

ChangeLog:
https://github.com/gethomepage/homepage/compare/v1.8.0...v1.10.1
DeltaFile
+2,643-2,290www/homepage/pkg-plist
+3-3www/homepage/distinfo
+2-2www/homepage/Makefile
+2,648-2,2953 files

HardenedBSD/ports ce919a1devel/catppuccin-whiskers distinfo Makefile.crates

devel/catppuccin-whiskers: Update to 2.6.1

Changelog: https://github.com/catppuccin/whiskers/blob/v2.6.1/CHANGELOG.md

Reported by:    GitHub (watch releases)
DeltaFile
+15-15devel/catppuccin-whiskers/distinfo
+6-6devel/catppuccin-whiskers/Makefile.crates
+1-1devel/catppuccin-whiskers/Makefile
+22-223 files

HardenedBSD/ports 28bd660graphics/zint Makefile pkg-plist, graphics/zint/files patch-CMakeLists.txt

graphics/zint: update the port to version 2.16.0

Install useful documentation files and program icon.

Reported by:    portscout
DeltaFile
+8-2graphics/zint/Makefile
+5-3graphics/zint/files/patch-CMakeLists.txt
+4-3graphics/zint/pkg-plist
+3-3graphics/zint/distinfo
+20-114 files

HardenedBSD/ports 0646ec8editors/vim distinfo Makefile

editors/vim: Update to 9.2.0073, multiple security fixes

While the minor has bumped, and much has changed from 9.1 to 9.2,
we've been incrementally adopting the patches so it's not "new" to us,
per se. All the gory details are at:
  https://github.com/vim/vim/blob/master/runtime/doc/version9.txt

This commit adds patches for six security issues:

patch 9.2.0073: [security]: possible command injection using netrw
Problem:  [security]: Insufficient validation of hostname and port in
          netrw URIs allows command injection via shell metacharacters
          (ehdgks0627, un3xploitable).
Solution: Implement stricter RFC1123 hostname and IP validation.
          Use shellescape() for the provided hostname and port.

Github Advisory:
GHSA-m3xh-9434-g336


    [62 lines not shown]
DeltaFile
+3-3editors/vim/distinfo
+1-1editors/vim/Makefile
+4-42 files

HardenedBSD/ports 12acdf0misc/crush distinfo Makefile

misc/crush: Update to 0.46.1

Changelog:
- https://github.com/charmbracelet/crush/releases/tag/v0.45.1
- https://github.com/charmbracelet/crush/releases/tag/v0.46.0
- https://github.com/charmbracelet/crush/releases/tag/v0.46.1

Reported by:    GitHub (watch releases)
DeltaFile
+5-5misc/crush/distinfo
+1-1misc/crush/Makefile
+6-62 files

HardenedBSD/ports 357ccdbsysutils/try-rs distinfo Makefile

sysutils/try-rs: Update to 1.6.1
DeltaFile
+3-3sysutils/try-rs/distinfo
+1-1sysutils/try-rs/Makefile
+4-42 files

HardenedBSD/ports 900d36fmisc/claude-code pkg-plist distinfo, misc/claude-code/files package-lock.json

misc/claude-code: update 2.0.58 → 2.1.62
DeltaFile
+84-64misc/claude-code/files/package-lock.json
+4-33misc/claude-code/pkg-plist
+3-3misc/claude-code/distinfo
+1-1misc/claude-code/Makefile
+92-1014 files

HardenedBSD/src fe90ad2sys/kern kern_procctl.c

procctl(PROC_REAP_KILL): align error reporting with pgkill(2)

(cherry picked from commit 5c8af592f69a31da94c45722dcd74afcf0ab375e)
DeltaFile
+5-1sys/kern/kern_procctl.c
+5-11 files

HardenedBSD/src cf64824sys/kern kern_procctl.c

reap_kill_subtree_once(): reap_kill_proc_work() might drop proctree_lock

(cherry picked from commit 0e67c3f675eab3a9c00b76e3886ace7700ef1bd4)
DeltaFile
+8-3sys/kern/kern_procctl.c
+8-31 files

HardenedBSD/src 08f95c4sys/kern kern_procctl.c

procctl(PROC_REAP_KILL): use pgrp pg_killsx sx to sync with fork

PR:     290844

(cherry picked from commit be140717a0a4bbfa7176d334c36364d34a0b1bc5)
DeltaFile
+54-84sys/kern/kern_procctl.c
+54-841 files

HardenedBSD/src e0dbeabsys/dev/iommu iommu_gas.c

iommu_gas: Fix assertion.

(cherry picked from commit 7e8284c6ad95bb7a0fc84d4d945ee98737efdd36)
DeltaFile
+1-1sys/dev/iommu/iommu_gas.c
+1-11 files

HardenedBSD/src 565a233sys/dev/e1000 if_em.c, usr.sbin/freebsd-update freebsd-update.sh

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+2-2sys/dev/e1000/if_em.c
+4-0usr.sbin/freebsd-update/freebsd-update.sh
+6-22 files

HardenedBSD/ports 5079765dns/blocky distinfo, misc/freebsd-release-manifests pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+22-0security/vuxml/vuln/2026.xml
+8-8misc/freebsd-release-manifests/pkg-plist
+5-5www/oauth2-proxy/distinfo
+5-5dns/blocky/distinfo
+9-0misc/freebsd-release-manifests/files/MANIFESTS/arm64-aarch64-14.4-RC1
+9-0misc/freebsd-release-manifests/files/MANIFESTS/powerpc-powerpc64-14.4-RC1
+58-1825 files not shown
+124-10131 files

HardenedBSD/ports df4f957misc/freebsd-release-manifests pkg-plist, misc/freebsd-release-manifests/files/MANIFESTS amd64-amd64-14.4-RC1 arm64-aarch64-14.4-RC1

misc/freebsd-release-manifests: Add 14.4-RC1 MANIFEST files

Approved by:    re (implicit)
Sponsored by:   OpenSats Initiative
DeltaFile
+8-8misc/freebsd-release-manifests/pkg-plist
+9-0misc/freebsd-release-manifests/files/MANIFESTS/amd64-amd64-14.4-RC1
+9-0misc/freebsd-release-manifests/files/MANIFESTS/arm64-aarch64-14.4-RC1
+9-0misc/freebsd-release-manifests/files/MANIFESTS/powerpc-powerpc64-14.4-RC1
+0-9misc/freebsd-release-manifests/files/MANIFESTS/amd64-amd64-14.4-BETA3
+0-9misc/freebsd-release-manifests/files/MANIFESTS/arm64-aarch64-14.4-BETA3
+35-2612 files not shown
+71-7118 files

HardenedBSD/src b24dc84sys/dev/e1000 if_em.c

e1000: Increase FC pause/refresh time on PCH2 and newer

This corresponds to Linux f74dc880098b4a29f76d756b888fb31d81ad9a0c

That commit does not provide any public background detail, but it's been
in use for over 5 years and corresponds to previous chip bugs w.r.t.
automatic generation of PAUSE frames.

Reviewed by:    kgalazka
Differential Revision:  https://reviews.freebsd.org/D54555

(cherry picked from commit 2bdec2ee73be7dbafce9982b0dc5c273918a5443)
DeltaFile
+2-2sys/dev/e1000/if_em.c
+2-21 files

HardenedBSD/ports d9903aasysutils/nut-devel distinfo Makefile

sysutils/nut-devel: Update to the latest networkupstools/nut github commit
DeltaFile
+3-3sysutils/nut-devel/distinfo
+2-2sysutils/nut-devel/Makefile
+3-1sysutils/nut-devel/pkg-plist
+8-63 files

HardenedBSD/ports 54361e1shells/ksh-devel Makefile

shells/ksh-devel: Fix poudriere build
DeltaFile
+2-0shells/ksh-devel/Makefile
+2-01 files

HardenedBSD/ports b363013multimedia/droidcam distinfo Makefile

multimedia/droidcam: Update 2.1.4 => 2.1.5

While here, make use of ${DESKTOPDIR} instead.

Changelog:
https://github.com/dev47apps/droidcam-linux-client/releases/tag/v2.1.5

Reviewed by:    osa, vvd (mentors)
Approved by:    vvd (mentor)
Differential Revision: https://reviews.freebsd.org/D55542
DeltaFile
+3-3multimedia/droidcam/distinfo
+2-3multimedia/droidcam/Makefile
+5-62 files

HardenedBSD/ports 71a2722net-mgmt/networkmgr distinfo Makefile

net-mgmt/networkmgr: update to 6.9
DeltaFile
+3-3net-mgmt/networkmgr/distinfo
+1-1net-mgmt/networkmgr/Makefile
+4-42 files

HardenedBSD/src 178d0b5lib/libpmc/pmu-events/arch/x86/amdzen6 floating-point.json load-store.json

libpmc: Import AMD Zen 6 PMU events.

Sponsored by: Netflix

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2049
DeltaFile
+1,106-0lib/libpmc/pmu-events/arch/x86/amdzen6/floating-point.json
+523-0lib/libpmc/pmu-events/arch/x86/amdzen6/load-store.json
+339-0lib/libpmc/pmu-events/arch/x86/amdzen6/recommended.json
+326-0lib/libpmc/pmu-events/arch/x86/amdzen6/l2-cache.json
+192-0lib/libpmc/pmu-events/arch/x86/amdzen6/execution.json
+177-0lib/libpmc/pmu-events/arch/x86/amdzen6/l3-cache.json
+2,663-06 files not shown
+3,217-112 files

HardenedBSD/src 3ce3e89lib/libpmc/pmu-events/arch/x86/amdzen1 recommended.json, lib/libpmc/pmu-events/arch/x86/amdzen2 recommended.json

libpmc: Update event definitions for AMD Zen

The pmu event definitions for AMD Zen 5 was updated since it was
imported into the tree.  As a bonus I also updated the recommended json
counters for Zen 1-3 even though we do not use that file yet.

Sponsored by: Netflix

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2048
DeltaFile
+3-3lib/libpmc/pmu-events/arch/x86/amdzen5/load-store.json
+2-1lib/libpmc/pmu-events/arch/x86/amdzen1/recommended.json
+2-1lib/libpmc/pmu-events/arch/x86/amdzen2/recommended.json
+2-1lib/libpmc/pmu-events/arch/x86/amdzen3/recommended.json
+9-64 files

HardenedBSD/src e51ef8alib/libpmc libpmc.c, sys/dev/hwpmc hwpmc_ibs.c hwpmc_ibs.h

hwpmc: Initial support for AMD IBS

This patch adds support for AMD IBS.  It adds a new class of performance
counter that cotains two events: ibs-fetch and ibs-op events. Unlike
most existing sampled events, IBS events provide a number of values
containing extra information regarding the sample.  To support this we
use the existing callchain event, and introduce a new flag for multipart
payloads.  The first 8 bytes of the pc_sample contains a header that
defines up to four payloads.

Sponsored by: Netflix

Reviewed by: imp,mhorne
Pull Request: https://github.com/freebsd/freebsd-src/pull/2022
DeltaFile
+614-0sys/dev/hwpmc/hwpmc_ibs.c
+176-0sys/dev/hwpmc/hwpmc_ibs.h
+98-1usr.sbin/pmcstat/pmcstat_log.c
+84-12sys/dev/hwpmc/hwpmc_mod.c
+57-7lib/libpmc/libpmc.c
+23-4sys/x86/x86/local_apic.c
+1,052-248 files not shown
+1,130-3214 files

HardenedBSD/src 00c0a1flib/libpmc libpmc_pmu_util.c, lib/libpmc/pmu-events jevents.c json.c

hwpmc: Fix PMC flags for AMD Zen cores

The PMC flags available for DF and L3 counters were not all implemented.
More importantly, the field encodings for the L3 counters changed in an
incompatible way between Family 17h and Family 19h.  Similarly, the
field encodings for the DF coutners changed between Family 19h and 1Ah.
I also added the precise retire flag for the 3rd core counter.

Lastly, I added a warning in the jevent parser because ignoring the
unknown fields results in counters incorrectly programmed.  We should
not just ignore that.

Sponsored by: Netflix

Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/2040
DeltaFile
+67-26sys/dev/hwpmc/hwpmc_amd.h
+66-5lib/libpmc/libpmc_pmu_util.c
+39-1lib/libpmc/pmu-events/jevents.c
+17-2sys/dev/hwpmc/hwpmc_amd.c
+14-0lib/libpmc/pmu-events/json.c
+1-0lib/libpmc/pmu-events/json.h
+204-346 files

HardenedBSD/src 82069fasys/netlink netlink_snl_route_parsers.h

snl: Remove duplicate rta_expires member in route parser

There is no user for `rta_expires` member and it's
duplicate of `rta_expire`.

Reviewed By: melifaro
Differential Revision: https://reviews.freebsd.org/D55445
DeltaFile
+0-1sys/netlink/netlink_snl_route_parsers.h
+0-11 files