BSD Commit Log Search

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

Merge branch 'freebsd/main' into hardenedbsd/main

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'internal/hardened/current/master' into hardened/current/cross-dso-cfi

Conflicts:
        share/mk/src.opts.mk (unresolved)

multimedia/mediamtx: Update to 1.16.1

https://github.com/bluenviron/mediamtx/releases/tag/v1.16.1

devel/jansson: Update to 2.15.0

Changelog: https://github.com/akheron/jansson/releases/tag/v2.15.0

PR:             292855
Reviewed by:    vanilla

graphics/librsvg2-rust: Update to 2.61.4

Changelog: https://gitlab.gnome.org/GNOME/librsvg/-/releases/2.61.4

PR:             293170
Reviewed by:    desktop (arrowd)
Exp-run by:     antoine

graphics/png: Update to 1.6.55

Fixes CVE-2026-25646

Changelog: https://github.com/pnggroup/libpng/blob/v1.6.55/ANNOUNCE

PR:             293173
Reviewed by:    desktop (arrowd)
Exp-run by:     antoine

bhyve: fix USB mouse requests

USB HCI requests may not include HCI transfer block structures (i.e.,
xfer->data[] == NULL), but in several places, the USB mouse emulation
code assumes one will exist. This can lead to a NULL pointer dereference
and a SEGV in the bhyve process as observed via experiments with an
Ubuntu guest and PyUSB code. Note that many of the cases processing
other request types already checked for data == NULL.

While in the neighborhood, fix a typo in the loop iterating over the
usb_data_xfer_block array which used the wrong variable to check for
valid data (idx vs. i).

Reported by: danmcd at edgecast.io
Obtained from: SmartOS
MFC after: 1 week
Relnotes: yes

Reviewed by:    imp
Differential Revision:  https://reviews.freebsd.org/D54661

x86: provide extended description for x86_msr_op(9)

(cherry picked from commit cb81a9c18db93a2046c47b0c7dc0bd6adcdd2495)

x86_msr_op(9): consistently return the value read from MSR

(cherry picked from commit 36ceb5509d01ff2e6482a78ca809c344574e9a25)

x86: add a safe variant of MSR_OP_SCHED* operations for x86_msr_op(9)

(cherry picked from commit af99e40af1dd4e8b39ca986240ee8b9aea722958)

syslogd/tests: use kern.features to detect INET support

This fixes INET feature detection with kernel configs
that do not include the kern.conftxt sysctl, such as
riscv64 currently[0].

[0] https://ci.freebsd.org/view/Test/job/FreeBSD-main-riscv64-test/16514/testReport/usr.sbin.syslogd/syslogd_forwarded_format_test/O_flag_bsd_forwarded_legacy/

Reviewed by:    markj
Approved by:    emaste (mentor)
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55383

riscv: GENERIC: enable KERN_TLS

This unskips 585 sys/kern/ktls_test testcases[0] in CI. All 585 tests currently pass.

[0] https://ci.freebsd.org/view/Test/job/FreeBSD-main-riscv64-test/16514/testReport/sys.kern/

Approved by:            emaste (mentor)
MFC after:              3 days
Sponsored by:           The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55376

mail/mu: Update 1.12.13 => 1.12.15

Changelog:
https://github.com/djcb/mu/releases/tag/v1.12.14
https://github.com/djcb/mu/releases/tag/v1.12.15

Improve port:
- Fix build with emacs installed.
- Fix warning from portclippy.

PR:     293277 292576
MFH:    2026Q1

bhyve: Fix unchecked stream I/O in RFB handler

Convert rfb_send_* helpers to return status codes and check their
results. Add missing checks for stream_read() and stream_write() returns
during the handshake in rfb_handle() to avoid acting on failed I/O.

Signed-off-by:  Hayzam Sherif <hayzam at gmail.com>

Reviewed by:    markj
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D55343

sysutils/stackit: Update 0.53.1 => 0.54.1

Changelogs:
https://github.com/stackitcloud/stackit-cli/releases/tag/v0.54.0
https://github.com/stackitcloud/stackit-cli/releases/tag/v0.54.1

PR:     293281

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'internal/freebsd/current/main' into hardened/current/master

Conflicts:
        sys/sys/priv.h (unresolved)

HBSD: Resolve merge conflict

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>

Merge remote-tracking branch 'internal/freebsd/main' into hardenedbsd/main

Conflicts:
        biology/diamond/Makefile (unresolved)

OptionalObsoleteFiles: Don't mark /usr/lib/debug/boot directory obsolete

The intent of the currect code is to ignore anything under
/usr/lib/debug/boot/*.  But we also should make sure that
/usr/lib/debug/boot directory is also ignored and is not marked
obsolete.  If we don't do that, `make DBATCH_DELETE_OLD_FILES
delete-old` will try to rmdir(1) this directory, which will cause an
error, since /usr/lib/debug/boot may have nested directories like
kernel/ and modules/.

Reviewed by:    markj
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55077

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main

security/libgpg-error: update to 1.59

math/z3: Update 4.15.8.0 => 4.16.0.0

Approved by:            arrowd@ (maintainer)
Approved by:            db@, yuri@ (Mentors, implicit)
Differential Revision:  https://reviews.freebsd.org/D55374

vmm.4: Fix width

Reported by:    ziaee
Fixes:          d26c8ae527bb ("vmm.4: Add information on VM access control")

RELNOTES: Document some recent vmm changes

vmm: Enable unprivileged bhyve

- Add the vmm group.
- Let /dev/vmmctl belong to the vmm group by default, and give group
  write permissions.
- When creating a VM's device files, make them owned by the creating
  process' effective UID.

Reviewed by:    bnovkov
MFC after:      2 months
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54741