HardenedBSD/src f6aead8sys/modules/zlib Makefile

HBSD: Opt zlib kernel module into -ftrivial-var-auto-init=zero

Recent CVEs in the zlib project demonstrate the need to apply additional
protections.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
See-Also:       https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf
MFC-to:         15-STABLE
DeltaFile
+2-0sys/modules/zlib/Makefile
+2-01 files

HardenedBSD/src 8ec609ecrypto/krb5/src/util/et compile_et.sh, lib/libutil trimdomain.3

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+5-7lib/libutil/trimdomain.3
+4-4usr.bin/m4/eval.c
+3-0sbin/recoverdisk/recoverdisk.c
+2-0usr.bin/m4/tests/regress.eval.out
+2-0usr.sbin/bhyveload/bhyveload.c
+1-1crypto/krb5/src/util/et/compile_et.sh
+17-124 files not shown
+19-1610 files

HardenedBSD/ports 275d88bcad/surfer distinfo Makefile.crates, devel/lief pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+3-821security/sssd2/files/patch-Makefile.am
+307-319cad/surfer/distinfo
+595-0devel/lief/pkg-plist
+472-0security/sssd2/files/patch-src_config_cfg__rules.ini
+152-158cad/surfer/Makefile.crates
+0-125security/sssd2/files/patch-src__util__find_uid.c
+1,529-1,423167 files not shown
+2,471-2,932173 files

HardenedBSD/ports 177f6a4devel/py-itanium_demangler Makefile

devel/py-itanium_demangler: Pass maintainership

PR:             291196
DeltaFile
+1-1devel/py-itanium_demangler/Makefile
+1-11 files

HardenedBSD/src 0f2b718usr.sbin/bhyveload bhyveload.c

bhyveload: If disk cannot be opened RW try RO. (=same as bhyve)

Not expecting it to turn into yak-shaving: kevans
DeltaFile
+2-0usr.sbin/bhyveload/bhyveload.c
+2-01 files

HardenedBSD/src d7d0369sbin/recoverdisk recoverdisk.c

recoverdisk: Ensure medium_read is multiple of small_read.
DeltaFile
+3-0sbin/recoverdisk/recoverdisk.c
+3-01 files

HardenedBSD/src c4130a8secure/lib/libcrypto/man/man3 Makefile

OpenSSL: install EVP_CIPHER_CTX_get_app_data.3 once

A separate EVP_CIPHER_CTX_get_app_data.3 was added in the OpenSSL 3.5.5
import, but the link to EVP_EncryptInit.3 was still being installed
which stomped on the file and created inconsistent entries in the METALOG.

Reviewed by:    emaste
Found by:       package_check script in Cirrus-CI
Fixes:          1731fc70f734 ("OpenSSL: update vendor sources to match 3.5.5 content")
Sponsored by:   Innovate UK
Differential Revision:  https://reviews.freebsd.org/D55332
DeltaFile
+0-1secure/lib/libcrypto/man/man3/Makefile
+0-11 files

HardenedBSD/ports 5455b3dsysutils/smartmontools Makefile, sysutils/smartmontools/files patch-smartd.cpp smartd.in

sysutils/smartmontools: fix reload command

- add patch from upstream to set signals regardless existing flags
- simplify rc script by handling reload natively

PR: 293205
DeltaFile
+50-0sysutils/smartmontools/files/patch-smartd.cpp
+0-14sysutils/smartmontools/files/smartd.in
+1-1sysutils/smartmontools/Makefile
+51-153 files

HardenedBSD/ports 6c101b8audio/sidplayfp distinfo Makefile

audio/sidplayfp: Update to 2.16.1
DeltaFile
+3-3audio/sidplayfp/distinfo
+1-1audio/sidplayfp/Makefile
+4-42 files

HardenedBSD/src 9607197lib/libutil trimdomain.3

trimdomain.3: Explain DISPLAY a bit more

MFC after:              3 days
Reported by:            jrtc27
Reviewed by:            des
Differential Revision:  https://reviews.freebsd.org/D54629
DeltaFile
+5-7lib/libutil/trimdomain.3
+5-71 files

HardenedBSD/ports 786aa9ax11/xterm distinfo Makefile

x11/xterm: Update to 407
DeltaFile
+3-3x11/xterm/distinfo
+1-1x11/xterm/Makefile
+4-42 files

HardenedBSD/ports 4d3445ecad/surfer distinfo Makefile.crates

cad/surfer: Update to 0.6.0

Changelog: https://gitlab.com/surfer-project/surfer/-/releases/v0.6.0
DeltaFile
+307-319cad/surfer/distinfo
+152-158cad/surfer/Makefile.crates
+1-2cad/surfer/Makefile
+460-4793 files

HardenedBSD/ports c96451agames/gcompris-qt Makefile

games/gcompris-qt: ignore on systems with legacy OpenSSL
DeltaFile
+2-0games/gcompris-qt/Makefile
+2-01 files

HardenedBSD/ports 3916e14www/redmine60 Makefile, www/redmine60/files patch-Gemfile

www/redmine60: Allow build with ruby34

- Bump PORTREVISION for package change

PR:             292489
Approved by:    delphij (maintainer)
DeltaFile
+4-2www/redmine60/files/patch-Gemfile
+1-0www/redmine60/Makefile
+5-22 files

HardenedBSD/ports c2fa1c9java/openjfx14 Makefile

java/openjfx14: Fix a67f24e318a6966aa0f191de2c49f1fb687fde6e

Simplify RUBY_VER check

PR:             293109
Reported by:    Benjamin Takacs <nimaje+fbz at bureaucracy.de>
DeltaFile
+1-3java/openjfx14/Makefile
+1-31 files

HardenedBSD/ports 10e12d0databases/mysql96-server Makefile

databases/mysql96-server: Fix typo

Approved by:    portmgr (blanket)
DeltaFile
+1-1databases/mysql96-server/Makefile
+1-11 files

HardenedBSD/ports a7e6e36databases/mysql94-server Makefile

databases/mysql94-server: Fix typo

Approved by:    portmgr (blanket)
DeltaFile
+1-1databases/mysql94-server/Makefile
+1-11 files

HardenedBSD/ports 1a75f11x11-fonts/py-vfblib Makefile, x11-fonts/py-vfblib/files patch-pyproject.toml

x11-fonts/py-vfblib: Update version requirement of BUILD_DEPENDS
DeltaFile
+2-2x11-fonts/py-vfblib/files/patch-pyproject.toml
+1-1x11-fonts/py-vfblib/Makefile
+3-32 files

HardenedBSD/ports 884dba0print/py-vharfbuzz Makefile, print/py-vharfbuzz/files patch-pyproject.toml

print/py-vharfbuzz: Update version requirement of BUILD_DEPENDS
DeltaFile
+0-16print/py-vharfbuzz/files/patch-pyproject.toml
+1-1print/py-vharfbuzz/Makefile
+1-172 files

HardenedBSD/ports b2bdf71x11-fonts/py-babelfont Makefile, x11-fonts/py-babelfont/files patch-pyproject.toml

x11-fonts/py-babelfont: Update version requirement of BUILD_DEPENDS
DeltaFile
+3-5x11-fonts/py-babelfont/files/patch-pyproject.toml
+1-1x11-fonts/py-babelfont/Makefile
+4-62 files

HardenedBSD/ports 88be59dtextproc/py-youseedee Makefile, textproc/py-youseedee/files patch-pyproject.toml

textproc/py-youseedee: Update version requirement of BUILD_DEPENDS
DeltaFile
+1-1textproc/py-youseedee/Makefile
+1-1textproc/py-youseedee/files/patch-pyproject.toml
+2-22 files

HardenedBSD/ports 962ef34security/py-python-pkcs11 Makefile, security/py-python-pkcs11/files patch-pyproject.toml

security/py-python-pkcs11: Update version requirement of BUILD_DEPENDS
DeltaFile
+2-2security/py-python-pkcs11/Makefile
+1-1security/py-python-pkcs11/files/patch-pyproject.toml
+3-32 files

HardenedBSD/ports 6accf60devel/py-toml-fmt-common Makefile

devel/py-toml-fmt-common: Update WWW
DeltaFile
+2-1devel/py-toml-fmt-common/Makefile
+2-11 files

HardenedBSD/ports bbe6d95devel/py-localstack-core Makefile, devel/py-localstack-core/files patch-pyproject.toml

devel/py-localstack-core: Update version requirement of BUILD_DEPENDS
DeltaFile
+1-1devel/py-localstack-core/files/patch-pyproject.toml
+1-1devel/py-localstack-core/Makefile
+2-22 files

HardenedBSD/ports 70a5a11print/py-glyphsets Makefile, print/py-glyphsets/files patch-setup.py

print/py-glyphsets: Change BUILD_DEPENDS from py-setuptools-scm8 to py-setuptools-scm

- Update version requirement of BUILD_DEPENDS
- Bump PORTREVISION for package change
DeltaFile
+2-1print/py-glyphsets/Makefile
+1-1print/py-glyphsets/files/patch-setup.py
+3-22 files

HardenedBSD/ports 03e61abdevel/py-lark Makefile, devel/py-lark/files patch-pyproject.toml

devel/py-lark: Fix BUILD_DEPENDS
DeltaFile
+1-1devel/py-lark/files/patch-pyproject.toml
+1-0devel/py-lark/Makefile
+2-12 files

HardenedBSD/ports f80ed89devel/py-flatbuffers distinfo Makefile

devel/py-flatbuffers: Update to 25.12.19-2026-02-06-03fffb2

Changes:        https://github.com/google/flatbuffers/releases
DeltaFile
+3-3devel/py-flatbuffers/distinfo
+2-0devel/py-flatbuffers/Makefile
+5-32 files

HardenedBSD/ports 868fe8adevel/py-git-up Makefile, devel/py-git-up/files patch-pyproject.toml

devel/py-git-up: Allow build with py-packaging 26.0+

- Bump PORTREVISION for package change
DeltaFile
+11-0devel/py-git-up/files/patch-pyproject.toml
+2-1devel/py-git-up/Makefile
+13-12 files

HardenedBSD/ports 9efc84adevel/py-distributed Makefile, devel/py-distributed/files patch-pyproject.toml

devel/py-distributed: Update version requirement of BUILD_DEPENDS
DeltaFile
+1-1devel/py-distributed/files/patch-pyproject.toml
+1-1devel/py-distributed/Makefile
+2-22 files

HardenedBSD/ports 3828a7ddevel/py-dask Makefile, devel/py-dask/files patch-pyproject.toml

devel/py-dask: Update version requirement of BUILD_DEPENDS
DeltaFile
+1-1devel/py-dask/Makefile
+1-1devel/py-dask/files/patch-pyproject.toml
+2-22 files