HardenedBSD/src a6af590sys/netpfil/pf pf.h

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+1-1sys/netpfil/pf/pf.h
+1-11 files

HardenedBSD/ports 83a3c6adatabases/postgresql13-server pkg-plist-server pkg-plist-client, databases/postgresql13-server/files postgresql.in

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+0-1,546databases/postgresql13-server/pkg-plist-server
+0-1,242databases/postgresql13-server/pkg-plist-client
+0-239databases/postgresql13-server/pkg-plist-contrib
+183-0security/vuxml/vuln/2026.xml
+0-126databases/postgresql13-server/files/postgresql.in
+23-98games/openbve/pkg-plist
+206-3,251153 files not shown
+721-4,501159 files

HardenedBSD/ports bf12d5demulators/playonbsd Makefile

emulators/playonbsd: Fix plist

Fix plist by deletion of __pycache__ dirs.

PR:             287658
Approved by:    maintainer timeout >6 months
DeltaFile
+3-0emulators/playonbsd/Makefile
+3-01 files

HardenedBSD/ports 00c3e49chinese/libreoffice-zh_CN distinfo, chinese/libreoffice-zh_TW distinfo

editors/libreoffice: regen i18n distinfo for 26.2.0 release

Reported by:    vvd
DeltaFile
+5-5chinese/libreoffice-zh_CN/distinfo
+5-5chinese/libreoffice-zh_TW/distinfo
+5-5editors/libreoffice-km/distinfo
+5-5editors/libreoffice-lo/distinfo
+5-5editors/libreoffice-lt/distinfo
+5-5editors/libreoffice-lv/distinfo
+30-3062 files not shown
+264-26468 files

HardenedBSD/ports 200aa38sysutils/try-rs distinfo Makefile

sysutils/try-rs: Update to 1.1.1
DeltaFile
+3-3sysutils/try-rs/distinfo
+3-1sysutils/try-rs/Makefile
+6-42 files

HardenedBSD/ports d90beefeditors/vim distinfo Makefile

editors/vim: Update to 9.1.2144
DeltaFile
+3-3editors/vim/distinfo
+1-1editors/vim/Makefile
+4-42 files

HardenedBSD/ports dbadda5security/testssl.sh distinfo Makefile

security/testssl.sh: Update to 3.2.3
DeltaFile
+3-3security/testssl.sh/distinfo
+1-1security/testssl.sh/Makefile
+4-42 files

HardenedBSD/ports d51054cdevel/godot Makefile, devel/godot/files patch-thirdparty_linuxbsd__headers_udev_libudev.h patch-thirdparty_linuxbsd_headers_udev_libudev.h

devel/godot: Improve port

- Refresh patch patch-platform__methods.py
- Correct the patch name patch-thirdparty_linuxbsd__headers_udev_libudev.h
- Remove unused dependency from multimedia/libvpx.
- Enable opengl3 support.
- Explicit enable use_sowrap - dynamically load system libraries.
- Explicit enable dynamically load dbus if installed.

PR:             288408
Tested by:      Sure Beae <sure at disroot.org>
Approved by:    Shane <FreeBSD at ShaneWare.Biz> (maintainer, timeout 6 months)
DeltaFile
+11-0devel/godot/files/patch-thirdparty_linuxbsd__headers_udev_libudev.h
+0-11devel/godot/files/patch-thirdparty_linuxbsd_headers_udev_libudev.h
+4-3devel/godot/Makefile
+3-3devel/godot/files/patch-platform__methods.py
+18-174 files

HardenedBSD/ports 2b4a145security/openvpn-auth-oauth2 distinfo Makefile

security/openvpn-auth-oauth2: Update to 1.27.0

Release notes:  https://github.com/jkroepke/openvpn-auth-oauth2/releases/tag/v1.27.0

PR:             293139
DeltaFile
+5-5security/openvpn-auth-oauth2/distinfo
+1-2security/openvpn-auth-oauth2/Makefile
+6-72 files

HardenedBSD/ports dbbed7bnet-mgmt/unifi10 distinfo Makefile

net-mgmt/unifi10: Update to 10.1.84

Release notes:  https://community.ui.com/releases/r/network/10.1.84
DeltaFile
+5-5net-mgmt/unifi10/distinfo
+1-1net-mgmt/unifi10/Makefile
+6-62 files

HardenedBSD/ports 79fd1a2mail/spamd Makefile

mail/spamd: Drop maintainership
DeltaFile
+1-1mail/spamd/Makefile
+1-11 files

HardenedBSD/ports 0a2e670textproc/lexilla Makefile

textproc/lexilla: Deprecate

PR:             290319
Reported by:    Naram Qashat <cyberbotx at cyberbotx.com>
DeltaFile
+4-0textproc/lexilla/Makefile
+4-01 files

HardenedBSD/ports 575a44cx11-toolkits/scintilla Makefile

x11-toolkits/scintilla: Deprecate

PR:             290319

Reported by:    Naram Qashat <cyberbotx at cyberbotx.com>
DeltaFile
+4-0x11-toolkits/scintilla/Makefile
+4-01 files

HardenedBSD/ports 07f9db7editors/scite Makefile distinfo, editors/scite/files patch-scite_gtk_makefile patch-gtk_makefile

editors/scite: Update to 5.5.8

PR:             290319
DeltaFile
+26-18editors/scite/Makefile
+36-0editors/scite/files/patch-scite_gtk_makefile
+0-33editors/scite/files/patch-gtk_makefile
+20-0editors/scite/files/patch-scintilla_gtk_makefile
+10-0editors/scite/files/patch-lexilla_src_makefile
+3-3editors/scite/distinfo
+95-541 files not shown
+98-557 files

HardenedBSD/ports 8b57203Mk/Uses pgsql.mk

databases/postgresql13-*: Remove due to EoL
DeltaFile
+5-5Mk/Uses/pgsql.mk
+5-51 files

HardenedBSD/ports f07e047graphics/graphviz Makefile pkg-plist

graphics/graphviz: update to 14.1.2

Fix false positive with bsd.sanity.mk
DeltaFile
+7-9graphics/graphviz/Makefile
+4-4graphics/graphviz/pkg-plist
+3-3graphics/graphviz/distinfo
+14-163 files

HardenedBSD/ports 4262abbsecurity/vuxml/vuln 2026.xml

security/vuxml: add info about PostgreSQL vulnerabilities
DeltaFile
+82-0security/vuxml/vuln/2026.xml
+82-01 files

HardenedBSD/src 5fa297fusr.sbin/mixer/tests mixer_test.sh Makefile

mixer/tests: use require.kmods property instead of ad-hoc checks

Reviewed by:    christos
Approved by:    lwhsu (mentor)
Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D55221
DeltaFile
+0-12usr.sbin/mixer/tests/mixer_test.sh
+2-1usr.sbin/mixer/tests/Makefile
+2-132 files

HardenedBSD/src fbe6da7lib/libnv/tests nvlist_send_recv_test.c

libnv/tests: unskip nvlist_send_recv__send_many_fds__dgram

The test passes consistently for 1000+ consecutive iterations.

PR:             260891
Reviewed by:    oshogbo
Approved by:    lwhsu (mentor)
Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D55223
DeltaFile
+0-2lib/libnv/tests/nvlist_send_recv_test.c
+0-21 files

HardenedBSD/src 0bba277lib/libc/stdlib div.3 ldiv.3

libc: Improve {,l,ll,imax}div(3) manpages

Mainly rename numerator parameter of div(3) and ldiv(3) from num to
numer, and explicitly specify what "numer", "denom", and "rem" mean in
the manpages.

MFC after:      3 days
Obtained from:  https://github.com/apple-oss-distributions/libc (partially)
Sponsored by:   Klara, Inc.
DeltaFile
+8-6lib/libc/stdlib/div.3
+8-6lib/libc/stdlib/ldiv.3
+3-3lib/libc/stdlib/div.c
+3-3lib/libc/stdlib/imaxdiv.3
+3-3lib/libc/stdlib/ldiv.c
+3-3lib/libc/stdlib/lldiv.3
+28-246 files

HardenedBSD/ports b455d20security/vuxml/vuln 2026.xml

security/vuxml: Add mongodb[78] vulnerabilities

 * CVE-2026-1847
 * CVE-2026-1849
 * CVE-2026-1850
 * CVE-2026-25610
 * CVE-2026-25613
DeltaFile
+101-0security/vuxml/vuln/2026.xml
+101-01 files

HardenedBSD/ports 1a296dbx11-toolkits/granite7 distinfo Makefile

x11-toolkits/granite7: update to 7.8.0

PR:             293097
DeltaFile
+3-3x11-toolkits/granite7/distinfo
+1-1x11-toolkits/granite7/Makefile
+4-42 files

HardenedBSD/ports 52f5d9edatabases/postgresql13-server pkg-plist-server pkg-plist-client, databases/postgresql13-server/files postgresql.in 502.pgsql.in

databases/postgresql*-*: Update to latest version

The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.2, 17.8, 16.12, 15.16,
and 14.21. This release fixes 5 security vulnerabilities and over 65
bugs reported over the last several months.

Release notes:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/
https://www.postgresql.org/docs/release/

Security:
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code
CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory

Remove postgresql13* since it is now EoL.
DeltaFile
+0-1,546databases/postgresql13-server/pkg-plist-server
+0-1,242databases/postgresql13-server/pkg-plist-client
+0-239databases/postgresql13-server/pkg-plist-contrib
+0-126databases/postgresql13-server/files/postgresql.in
+0-114databases/postgresql13-server/files/502.pgsql.in
+0-71databases/postgresql13-server/files/pkg-message-server.in
+0-3,33843 files not shown
+35-3,90449 files

HardenedBSD/src 9778537sys/dev/igc igc_txrx.c

igc: remove M_HASHTYPE when RSS is not enabled

Summary: manually cherry-pick 21dd554d1697

Reviewed by: kbowling
Differential Revision: https://reviews.freebsd.org/D55256
DeltaFile
+1-1sys/dev/igc/igc_txrx.c
+1-11 files

HardenedBSD/ports 3671d47net/haproxy30 distinfo Makefile

net/haproxy30: update to version 3.0.16.
DeltaFile
+3-3net/haproxy30/distinfo
+1-1net/haproxy30/Makefile
+4-42 files

HardenedBSD/ports 37d8afcnet/haproxy33 distinfo Makefile

net/haproxy33: update to version 3.3.3
DeltaFile
+3-3net/haproxy33/distinfo
+1-1net/haproxy33/Makefile
+4-42 files

HardenedBSD/ports e3934d6net/haproxy distinfo Makefile, net/haproxy/files patch-src_tools.c

net/haproxy: update to version 3.2.12.
DeltaFile
+0-72net/haproxy/files/patch-src_tools.c
+3-3net/haproxy/distinfo
+1-1net/haproxy/Makefile
+4-763 files

HardenedBSD/src 64e612busr.sbin/newsyslog newsyslog.conf.5

newsyslog.conf.5: Add a CAVEAT

PR:                     282639
MFC after:              3 days
Reviewed by:            michaelo
Differential Revision:  https://reviews.freebsd.org/D55122
DeltaFile
+4-1usr.sbin/newsyslog/newsyslog.conf.5
+4-11 files

HardenedBSD/src 7c1c0e9sys/rpc svc_vc.c

rpc: Improve socket locking in svc_vc_accept()

so_state modifications must be synchronized by the socket lock.  For the
listening socket this probably doesn't matter but for the child socket I
think it's possible that this unlocked update clobbers a state
transition if the nascent connection is being disconnected for some
reason.

Also fix the line which potentially clears SS_NBIO in the listening
socket.

It is unclear whether this code is used at all.

Reviewed by:    glebius
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D55247
DeltaFile
+6-3sys/rpc/svc_vc.c
+6-31 files

HardenedBSD/src be393b6sys/netinet6 ip6_var.h

netinet6: Add a struct socket declaration to ip6_var.h

MFC after:      1 week
Reported by:    Ian FREISLICH <ianfreislich at gmail.com>
DeltaFile
+2-1sys/netinet6/ip6_var.h
+2-11 files