HardenedBSD/src a2aa7f5contrib/ntp/ntpd ntp_io.c, crypto/openssh sshconnect.c FREEBSD-upgrade

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+9-0crypto/openssh/sshconnect.c
+7-0crypto/openssh/FREEBSD-upgrade
+5-1sys/dev/e1000/if_em.c
+2-1sys/dev/e1000/e1000_82571.c
+1-1contrib/ntp/ntpd/ntp_io.c
+24-35 files

HardenedBSD/src 90043a6contrib/ntp/ntpd ntp_io.c, crypto/openssh sshconnect.c FREEBSD-upgrade

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+9-0crypto/openssh/sshconnect.c
+7-0crypto/openssh/FREEBSD-upgrade
+5-1sys/dev/e1000/if_em.c
+2-1sys/dev/e1000/e1000_82571.c
+1-1contrib/ntp/ntpd/ntp_io.c
+24-35 files

HardenedBSD/ports b3fb561multimedia/libxine/files ffmpeg8-1.patch ffmpeg8-2.patch, net/ntp/files patch-ntpd_ntp__io.c

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+13,650-4,891www/librewolf/files/patch-libwebrtc-generated
+114-0multimedia/libxine/files/ffmpeg8-1.patch
+36-27www/librewolf/files/patch-third__party_libwebrtc_build_config_BUILDCONFIG.gn
+7-14www/librewolf/files/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland__egl__dmabuf.cc
+20-0multimedia/libxine/files/ffmpeg8-2.patch
+15-1net/ntp/files/patch-ntpd_ntp__io.c
+13,842-4,93327 files not shown
+13,915-4,98033 files

HardenedBSD/ports 4ab5a40lang/algol68g distinfo Makefile

lang/algol68g: update Algol 68 Genie to version 3.10.6

- New procedures: "https time out" to manage waiting for
  unresponsive URLs and "append", analogous to "open" but
  to append at EOF
- Fixed I/O timeout occurring on some platforms
- Introduced raw reading of the terminal; functions "raw",
  "cooked", and "peek char"
- Minor miscellaneous fixes
- Chase HTTP/2 302 redirection in WWW line

Reported by:    portscout
DeltaFile
+3-3lang/algol68g/distinfo
+2-2lang/algol68g/Makefile
+5-52 files

HardenedBSD/src 2ead091sys/dev/e1000 e1000_82571.c

e1000: Don't enable ASPM L1 without L0s

Reporter noted packet loss with 82583.  NVM is down level.  The
errata docs mention disabling this, which should be the firmware
default, so I am not sure why we were enabling this bit.  Linux and
OpenBSD have the same issue, while NetBSD got it right.

Reported by:    Codin <codin at nagi.ftp.sh>
Tested by:      Codin <codin at nagi.ftp.sh>
MFC after:      2 weeks
DeltaFile
+2-1sys/dev/e1000/e1000_82571.c
+2-11 files

HardenedBSD/src aa30babsys/dev/e1000 if_em.c

e1000: Bump 82574/82583 PBA to 32K

The reporter contacted me with packet loss and throughput fluctuations
on a low power machine (Intel J1900) that got worse with the recent AIM
algorithm in FreeBSD 14.2+.

32K RX PBA matches Linux default.  Add a conditional path since we don't
otherwise do a fixup for jumbo frames to retain space for two frames in
Tx.

With this change and an additional errata change, the throughput meets
line rate for the reporter.

Reported by:    Codin <codin at nagi.ftp.sh>
Tested by:      Codin <codin at nagi.ftp.sh>
MFC after:      2 weeks
DeltaFile
+5-1sys/dev/e1000/if_em.c
+5-11 files

HardenedBSD/ports 7d6c2b9chinese/fcitx5-mcbopomofo pkg-plist distinfo

chinese/fcitx5-mcbopomofo: Update to 2.9.4
DeltaFile
+3-3chinese/fcitx5-mcbopomofo/pkg-plist
+3-3chinese/fcitx5-mcbopomofo/distinfo
+1-1chinese/fcitx5-mcbopomofo/Makefile
+7-73 files

HardenedBSD/ports 741d98adevel/php-composer distinfo Makefile

devel/php-composer: Update to 2.9.2

PR:             291118
Approved by:    Naram Qashat <cyberbotx at cyberbotx.com> (maintainer)
DeltaFile
+3-3devel/php-composer/distinfo
+1-1devel/php-composer/Makefile
+4-42 files

HardenedBSD/src 5818b6ecrypto/openssh sshconnect.c FREEBSD-upgrade

openssh: Don't attempt to connect to unsupported addresses

When iterating over known addresses for the requested target host name,
skip those that are not supported by the running kernel.

MFC after:      1 week
PR:             195231
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D53588
DeltaFile
+9-0crypto/openssh/sshconnect.c
+7-0crypto/openssh/FREEBSD-upgrade
+16-02 files

HardenedBSD/ports 592e759multimedia/libxine Makefile, multimedia/libxine/files ffmpeg8-1.patch ffmpeg8-2.patch

multimedia/libxine: fix build with ffmpeg8

Incorporate 2 upstream patches to fix build with ffmpeg8
DeltaFile
+114-0multimedia/libxine/files/ffmpeg8-1.patch
+20-0multimedia/libxine/files/ffmpeg8-2.patch
+3-0multimedia/libxine/Makefile
+137-03 files

HardenedBSD/ports d4d9d1adeskutils/podman-desktop Makefile, editors/vscode Makefile

*/*: bump port revision after electron37 update (6c349dbafa33)
DeltaFile
+1-1net-im/deltachat-desktop/Makefile
+1-1deskutils/podman-desktop/Makefile
+1-1graphics/drawio/Makefile
+1-1textproc/obsidian/Makefile
+1-0net-im/signal-desktop/Makefile
+1-0editors/vscode/Makefile
+6-46 files

HardenedBSD/ports 6c349dbdevel/electron37 distinfo Makefile.version

devel/electron37: Update to 37.10.2

Changelog:
- https://github.com/electron/electron/releases/tag/v37.10.1
- https://github.com/electron/electron/releases/tag/v37.10.2

Reported by:    GitHub (watch releases)
DeltaFile
+5-5devel/electron37/distinfo
+1-1devel/electron37/Makefile.version
+6-62 files

HardenedBSD/ports 7575dffnet/minidlna/files patch-libav.h

net/minidlna: fix build with newer ffmpeg

PR:     289034
DeltaFile
+14-0net/minidlna/files/patch-libav.h
+14-01 files

HardenedBSD/ports f340e3fnet/ntp Makefile, net/ntp/files patch-ntpd_ntp__io.c

net/ntp: Fix two segfaults

Pull in src/628715fdcc9f and src/ac1f48b4a7be fixing two NULL pointer
derefs.

Obtained from:  src/628715fdcc9f and src/ac1f48b4a7be
MFH:            2025Q4
DeltaFile
+15-1net/ntp/files/patch-ntpd_ntp__io.c
+1-1net/ntp/Makefile
+16-22 files

HardenedBSD/ports 4b45327astro/phd2 Makefile distinfo

astro/phd2: Update to 2.6.13dev8

ChangeLog at:   https://github.com/OpenPHDGuiding/phd2/releases/tag/v2.6.13dev8
DeltaFile
+3-3astro/phd2/Makefile
+3-3astro/phd2/distinfo
+1-0astro/phd2/pkg-plist
+7-63 files

HardenedBSD/ports 27d0bf1www/librewolf distinfo Makefile, www/librewolf/files patch-libwebrtc-generated patch-third__party_libwebrtc_build_config_BUILDCONFIG.gn

www/librewolf: Update 144.0.2-1 => 145.0.1-1

Release notes:
https://www.firefox.com/en-US/firefox/145.0/releasenotes/
https://www.firefox.com/en-US/firefox/145.0.1/releasenotes/

PR:     291111
MFH:    2025Q4
DeltaFile
+13,650-4,891www/librewolf/files/patch-libwebrtc-generated
+36-27www/librewolf/files/patch-third__party_libwebrtc_build_config_BUILDCONFIG.gn
+7-14www/librewolf/files/patch-third__party_libwebrtc_modules_desktop__capture_linux_wayland__egl__dmabuf.cc
+8-1www/librewolf/files/patch-dom_media_webrtc_libwebrtc__overrides_moz.build
+3-3www/librewolf/distinfo
+2-3www/librewolf/Makefile
+13,706-4,9396 files

HardenedBSD/ports 4f23ad0net-im/telegram-desktop distinfo Makefile, net-im/telegram-desktop/files patch-Telegram_SourceFiles_platform_linux_specific__linux.cpp

net-im/telegram-desktop: update from 6.3.1 to 6.3.2

ChangeLog:      https://github.com/telegramdesktop/tdesktop/compare/v6.3.1...v6.3.2

Sponsored by:   tipi.work
DeltaFile
+3-3net-im/telegram-desktop/distinfo
+3-3net-im/telegram-desktop/files/patch-Telegram_SourceFiles_platform_linux_specific__linux.cpp
+1-1net-im/telegram-desktop/Makefile
+7-73 files

HardenedBSD/ports 129e8e3devel/wasi-libc/files patch-Makefile, editors/vscode distinfo

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+15-15x11/wallutils/distinfo
+20-0devel/wasi-libc/files/patch-Makefile
+7-8x11/wallutils/Makefile
+7-7editors/vscode/distinfo
+7-5net/wireshark/Makefile
+4-4net/wireshark/pkg-plist
+60-3931 files not shown
+108-11137 files

HardenedBSD/ports 114cb6beditors/vscode distinfo pkg-plist

editors/vscode: Update to 1.106.2

Changelog: https://code.visualstudio.com/updates/v1_106

Reported by:    GitHub (watch releases)
DeltaFile
+7-7editors/vscode/distinfo
+5-1editors/vscode/pkg-plist
+2-2editors/vscode/Makefile
+14-103 files

HardenedBSD/src ac1f48bcontrib/ntp/ntpd ntp_io.c

ntpd: Fix segfault when same IP on multiple interfaces

Use the protype socket to obtain the IP address for an error message.
Using the resultant socket address, a NULL because create_interface()
had failed, results in SIGSEGV.

To reproduce this bug,

ifconfig bridge100 create
ifconfig bridge100 10.10.10.10/24
ifconfig bridge101 create
ifconfig bridge101 10.10.10.10/24
ntpd -n

PR:             291119
MFC after:      3 days
DeltaFile
+1-1contrib/ntp/ntpd/ntp_io.c
+1-11 files

HardenedBSD/ports d3d3ecbdevel/binaryen distinfo Makefile

devel/binaryen: Update to 125

ChangeLog: https://github.com/WebAssembly/binaryen/blob/main/CHANGELOG.md#v125
DeltaFile
+3-3devel/binaryen/distinfo
+1-1devel/binaryen/Makefile
+4-42 files

HardenedBSD/ports e3bc3a0x11/wallutils distinfo Makefile

x11/wallutils: Update to 5.14.3

ChangeLog: https://github.com/xyproto/wallutils/releases/tag/v5.14.3
DeltaFile
+15-15x11/wallutils/distinfo
+7-8x11/wallutils/Makefile
+22-232 files

HardenedBSD/ports 1280849devel/R-cran-collapse distinfo Makefile

devel/R-cran-collapse: Update to 2.1.5

ChangeLog: https://cran.r-project.org/web/packages/collapse/news/news.html
DeltaFile
+3-3devel/R-cran-collapse/distinfo
+1-1devel/R-cran-collapse/Makefile
+4-42 files

HardenedBSD/ports f081334print/R-cran-tinytex Makefile distinfo

print/R-cran-tinytex: Update to 0.58

- Use RUN_DEPENDS only since port doesn't compile

ChangeLog: https://github.com/rstudio/tinytex/releases/tag/v0.58
DeltaFile
+2-4print/R-cran-tinytex/Makefile
+3-3print/R-cran-tinytex/distinfo
+5-72 files

HardenedBSD/ports cedd951Mk bsd.default-versions.mk, editors/lazarus Makefile

Mk/bsd.default-versions.mk: Move default version to 4.4

- Fix lazarus path folder to 4.4
- Bump PORTREVISION
DeltaFile
+2-2Mk/bsd.default-versions.mk
+2-2editors/lazarus/Makefile
+4-42 files

HardenedBSD/ports 4f2fef9mail/thunderbird Makefile, mail/thunderbird-esr Makefile

devel/wasi-libc: bump consumer PORTREVISIONs after update
DeltaFile
+1-1www/librewolf/Makefile
+1-1mail/thunderbird/Makefile
+1-1www/firefox-esr/Makefile
+1-1mail/thunderbird-esr/Makefile
+1-0www/firefox/Makefile
+1-0www/tor-browser/Makefile
+6-41 files not shown
+7-47 files

HardenedBSD/ports 1d55bbddevel/wasi-libc Makefile distinfo, devel/wasi-libc/files patch-Makefile

devel/wasi-libc: update to sdk-28

Consumer PORTREVISIONs to be bumped
DeltaFile
+20-0devel/wasi-libc/files/patch-Makefile
+1-6devel/wasi-libc/Makefile
+3-3devel/wasi-libc/distinfo
+0-5devel/wasi-libc/pkg-plist17
+0-5devel/wasi-libc/pkg-plist18
+0-5devel/wasi-libc/pkg-plist19
+24-242 files not shown
+24-348 files

HardenedBSD/ports 0dc0a4bnet/wireshark Makefile pkg-plist

net/wireshark: Fix packaging

Grrr, my OPTIONS had changed and I was no longer installing dev bits.
Correct the plist with the header changes and sort/update the base
LIB_DEPENDS.

PR:             291114
DeltaFile
+7-5net/wireshark/Makefile
+4-4net/wireshark/pkg-plist
+11-92 files

HardenedBSD/ports f56c498sysutils/bastille distinfo Makefile

sysutils/bastille: Upgrade port to 1.1.2.251119

Approved by:    tschetter.victor at gmail.com (maintainer)
MFH:            2025Q4
Differential Revision:  https://reviews.freebsd.org/D53834
DeltaFile
+3-3sysutils/bastille/distinfo
+1-1sysutils/bastille/Makefile
+1-0sysutils/bastille/pkg-plist
+5-43 files

HardenedBSD/ports 95b6456lang/fennel distinfo Makefile

lang/fennel: Update to 1.6.0

Changelog:      https://git.sr.ht/~technomancy/fennel/tree/1.6.0/item/changelog.md#160--2025-10-13
Sponsored by:   The FreeBSD Foundation
DeltaFile
+3-3lang/fennel/distinfo
+1-1lang/fennel/Makefile
+4-42 files