devel/freebsd-git-devtools: Update to 2025-11-27 snapshot
Base commits since last update:
6049f1bc2106 - git-arc: Fix failure to call arc() function
257da67d2808 - git-arc: Fix existence check
b3e53f9fff11 - git-arc: Don't require devel/arcanist
be27c64b3a01 - git-arc: Fix quoting of review titles
af445e1dd95d - mfc-candidates.lua: add -F fmt option
e57d72a7f35c - mfc-candidates: Improve branch detection and repository handling
3a20f630a9fc - git-arc: Fix handling of author names when we have to make a guess
3d4a61a10bb7 - git-arc: Try harder to get the author name and email out of phab
20e6354fe783 - git-arc.1: Clarify argument format for group reviewers
Sponsored by: The FreeBSD Foundation
Export t4_tom's symbols for other offload modules
This allows iw_cxgbe.ko, cxgbei.ko, nvmf_che.ko, etc. to be loaded when
debug.link_elf_leak_locals and debug.link_elf_obj_leak_locals are
disabled.
PR: 291250
MFC after: 1 week
Sponsored by: Chelsio Communications
ports-mgmt/poudriere-devel: Update to 3.3.0-2467-g1e1cd81b9
Changes:
- Fix dev asserts causing error when DEBUG option not enabled.
- jail -c -m pkgbase: Use pkg.freebsd.org for pkgbase now that it has
redirects setup.
kgssapi: Remove broken MOD_UNLOAD code
The module panicked at unload with "recursing but non-recursive rw".
There is a comment that "Unloading of the kgssapi module is not
currently supported" and the MOD_UNLOAD case falls through to returning
EOPNOTSUPP anyway. Just #if 0 the code in the unload path, leaving it
as a hint in case someone implements unload support later on.
PR: 291249
Reviewed by: rmacklem
Fixes: ad704a34bc2c ("Use syscall_helper_register(9) rather than syscall_register().")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53949
git-arc: Fix failure to call arc() function
As of b3e53f9fff11, git-arc attempted to call the internal shell
function, arc(), using env(1). However, because env(1) does not call
shell functions, it actually attempted to run the arc utility. This led
to errors:
% git arc create -r xxx HEAD
env: arc: No such file or directory
git-arc: could not create Phabricator diff
This change removes the unnecessary use of env(1), so the arc() function
is correctly called.
Reviewed by: markj
Fixes: b3e53f9fff11 ("git-arc: Don't require devel/arcanist")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D53972
security/vuxml: reference FreeBSD-SA-25:10.unbound
Add a reference to FreeBSD-SA-25:10.unbound (issued 2025-11-26) to the
vuxml entry for Unbound CVE-2025-11411.
FreeBSD-SA-25:10.unbound affects all supported versions of FreeBSD
Mitigate YXDOMAIN and nodata non-referral answer poisoning.
Add a fix to apply scrubbing of unsolicited NS RRSets (and their
respective address records) for YXDOMAIN and nodata non-referral
answers. This prevents a malicious actor from exploiting a possible
cache poison attack.
Obtained from: NLnet Labs
Security: FreeBSD-SA-25:10.unbound
Security: CVE-2025-11411
(cherry picked from commit 2a3a6a1771148a709c2d9694c1d66c41ce8dee79)
(cherry picked from commit cd40a23fb249bba461e38ca0c3d243a20a12eef4)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>