HardenedBSD/src bfa93d2lib/libc/gen posix_spawnattr_getexecfd_np.3, lib/libsys pdfork.2

by HardenedBSD Sync Services on ⎇
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+278-127sys/kern/kern_exit.c
+68-26sys/kern/kern_fork.c
+81-8lib/libsys/pdfork.2
+86-0lib/libc/gen/posix_spawnattr_getexecfd_np.3
+68-0sys/kern/systrace_args.c
+68-0sys/compat/freebsd32/freebsd32_systrace_args.c
+649-16155 files not shown
+1,117-18961 files

HardenedBSD/src 556161csbin/camcontrol camcontrol.c, sys/cam/scsi scsi_all.c scsi_all.h

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+34-0sys/cam/scsi/scsi_all.c
+4-0sys/cam/scsi/scsi_all.h
+1-1sys/dev/ufshci/ufshci_sim.c
+0-2sys/cam/scsi/scsi_cd.c
+0-1sbin/camcontrol/camcontrol.c
+0-1sys/dev/mpr/mpr_sas_lsi.c
+39-52 files not shown
+39-78 files

HardenedBSD/ports f7b51afmath/fend distinfo Makefile, misc/gemini-cli pkg-plist

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+1,450-130misc/gemini-cli/pkg-plist
+554-84misc/gemini-cli/files/package-lock.json
+293-255math/fend/distinfo
+147-129math/fend/Makefile
+110-91multimedia/webcamoid/pkg-plist
+65-0misc/ollama/files/update-port.sh
+2,619-68928 files not shown
+2,770-81734 files

HardenedBSD/src 8ef8c6asys/cam cam_periph.c, sys/cam/scsi scsi_all.c scsi_all.h

by Jaeyoon Choi (jaeyoon) on ⎇
cam/scsi: Restore scsi_start_stop() and add scsi_start_stop_pc()

Revert the argument change that broke libcam in 8c35de49 and move
power_condition support to scsi_start_stop_pc().

Reported by:            imp
Reviewed By:            #cam, imp (mentor)
Sponsored by:           Samsung Electronics
Differential Revision:  https://reviews.freebsd.org/D54822
DeltaFile
+34-0sys/cam/scsi/scsi_all.c
+4-0sys/cam/scsi/scsi_all.h
+0-2sys/cam/scsi/scsi_cd.c
+1-1sys/dev/ufshci/ufshci_sim.c
+0-1sys/dev/mps/mps_sas_lsi.c
+0-1sys/cam/cam_periph.c
+39-52 files not shown
+39-78 files

HardenedBSD/ports d490061archivers/py-zopfli Makefile

by Charlie Li (vishwin) on ⎇
archivers/py-zopfli: disable Python limited API

Upstream uses the limited API to allow generating a wheel compatible
with all currently supported CPython versions regardless of which
version is actually used to generate it, but this is not needed
here. Disabling also allows building on 3.13t.

Event: Winter Field Day 2026
PR: 292246
Approved by: sunpoet (maintainer)
DeltaFile
+3-1archivers/py-zopfli/Makefile
+3-11 files

HardenedBSD/ports 89f079elang/python311 distinfo Makefile

by Charlie Li (vishwin) on ⎇
lang/python311: pull in upstream commits addressing vuxml entries

Security: 613d0f9e-d477-11f0-9e85-03ddfea11990

Event: Winter Field Day 2026
PR: 291609
DeltaFile
+5-1lang/python311/distinfo
+5-0lang/python311/Makefile
+10-12 files

HardenedBSD/ports 82836aalang/python310 distinfo Makefile

by Charlie Li (vishwin) on ⎇
lang/python310: pull in upstream commits addressing vuxml entries

Security: 613d0f9e-d477-11f0-9e85-03ddfea11990

Event: Winter Field Day 2026
PR: 291609
DeltaFile
+5-1lang/python310/distinfo
+5-0lang/python310/Makefile
+10-12 files

HardenedBSD/ports cfbc3c7security/vuxml/vuln 2025.xml

by Charlie Li (vishwin) on ⎇
security/vuxml: update/simplify Python vulnerability version ranges

Event: Winter Field Day 2026
PR: 291609
DeltaFile
+6-7security/vuxml/vuln/2025.xml
+6-71 files

HardenedBSD/ports 7c11e27audio/py-torchaudio Makefile distinfo

by Yuri Victorovich (yuri) on ⎇
audio/py-torchaudio: update 2.8.0 → 2.10.0
DeltaFile
+5-19audio/py-torchaudio/Makefile
+3-3audio/py-torchaudio/distinfo
+8-222 files

HardenedBSD/ports a25bbfamultimedia/assimp distinfo pkg-plist

by Yuri Victorovich (yuri) on ⎇
multimedia/assimp: update 6.0.3 → 6.0.4

Reported by:    portscout
DeltaFile
+3-3multimedia/assimp/distinfo
+1-1multimedia/assimp/pkg-plist
+1-1multimedia/assimp/Makefile
+5-53 files

HardenedBSD/ports 52d91e5math/fend distinfo Makefile

by Yuri Victorovich (yuri) on ⎇
math/fend: update 1.5.7 → 1.5.8

Reported by:    portscout
DeltaFile
+293-255math/fend/distinfo
+147-129math/fend/Makefile
+440-3842 files

HardenedBSD/ports 28bf570lang/gravity distinfo Makefile

by Yuri Victorovich (yuri) on ⎇
lang/gravity: update 0.8.5 → 0.9.0

Reported by:    portscout
DeltaFile
+3-3lang/gravity/distinfo
+2-2lang/gravity/Makefile
+5-52 files

HardenedBSD/ports 88cbd0fmultimedia/webcamoid pkg-plist Makefile, multimedia/webcamoid/files patch-libAvKys_Plugins_Codecs_Video_Encoders_svtav1_src_videoencodersvtav1element.cpp patch-libAvKys_Plugins_VideoCapture_src_capture_v4l2sys_src_capturev4l2.cpp

by Eric Camachat via Yuri Victorovich (yuri) on ⎇
multimedia/webcamoid: update 9.1.1 → 9.3.0

PR:     291987
DeltaFile
+110-91multimedia/webcamoid/pkg-plist
+13-18multimedia/webcamoid/Makefile
+22-0multimedia/webcamoid/files/patch-libAvKys_Plugins_Codecs_Video_Encoders_svtav1_src_videoencodersvtav1element.cpp
+4-4multimedia/webcamoid/files/patch-libAvKys_Plugins_VideoCapture_src_capture_v4l2sys_src_capturev4l2.cpp
+4-4multimedia/webcamoid/files/patch-libAvKys_Plugins_VirtualCamera_src_v4l2lb_src_vcamv4l2lb.cpp
+3-3multimedia/webcamoid/distinfo
+156-1206 files

HardenedBSD/ports 1e84466misc/github-copilot-cli distinfo Makefile, misc/github-copilot-cli/files package-lock.json package-lock-keytar.json

by Yuri Victorovich (yuri) on ⎇
misc/github-copilot-cli: update 0.0.377 → 0.0.394
DeltaFile
+28-31misc/github-copilot-cli/files/package-lock.json
+5-5misc/github-copilot-cli/distinfo
+7-1misc/github-copilot-cli/Makefile
+3-3misc/github-copilot-cli/files/package-lock-keytar.json
+1-1misc/github-copilot-cli/pkg-plist
+44-415 files

HardenedBSD/ports 2892dd5misc/gemini-cli pkg-plist distinfo, misc/gemini-cli/files package-lock.json

by Yuri Victorovich (yuri) on ⎇
misc/gemini-cli: update 0.22.5 → 0.25.2
DeltaFile
+1,450-130misc/gemini-cli/pkg-plist
+554-84misc/gemini-cli/files/package-lock.json
+3-3misc/gemini-cli/distinfo
+1-1misc/gemini-cli/Makefile
+2,008-2184 files

HardenedBSD/ports 6d2bfe3misc/ollama distinfo Makefile, misc/ollama/files update-port.sh freebsd-compatibility.patch

by Yuri Victorovich (yuri) on ⎇
misc/ollama: update 0.13.5 → 0.15.1
DeltaFile
+65-0misc/ollama/files/update-port.sh
+5-5misc/ollama/distinfo
+4-4misc/ollama/files/freebsd-compatibility.patch
+1-3misc/ollama/Makefile
+75-124 files

HardenedBSD/src 7c49c67lib/libc/gen posix_spawn.c, sys/kern kern_fork.c

by Shawn Webb on ⎇
HBSD: Resolve merge conflicts

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+1-6lib/libc/gen/posix_spawn.c
+0-3sys/kern/kern_fork.c
+1-92 files

HardenedBSD/src 0662f0dlib/libc/gen posix_spawnattr_getexecfd_np.3, lib/libsys pdfork.2

by Shawn Webb on ⎇
Merge remote-tracking branch 'origin/freebsd/current/main' into hardened/current/master

Conflicts:
        lib/libc/gen/posix_spawn.c (unresolved)
        sys/kern/kern_fork.c (unresolved)
DeltaFile
+278-127sys/kern/kern_exit.c
+71-26sys/kern/kern_fork.c
+81-8lib/libsys/pdfork.2
+86-0lib/libc/gen/posix_spawnattr_getexecfd_np.3
+68-0sys/compat/freebsd32/freebsd32_systrace_args.c
+68-0sys/kern/systrace_args.c
+652-16147 files not shown
+1,084-18053 files

HardenedBSD/src 9d71290sys/compat/linuxkpi/common/src linux_current.c linux_shmemfs.c, sys/dev/asmc asmc.c

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+55-0sys/dev/asmc/asmc.c
+6-6sys/dev/iicbus/adc/ads111x.c
+5-5sys/dev/isl/isl.c
+5-5sys/dev/jme/if_jme.c
+2-8sys/compat/linuxkpi/common/src/linux_current.c
+3-4sys/compat/linuxkpi/common/src/linux_shmemfs.c
+76-285 files not shown
+83-3511 files

HardenedBSD/ports c035bd5dns/ddclient Makefile, dns/ddclient/files patch-ddclient.in

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+298-13net/teddycloud/pkg-plist
+163-0net/teddycloud/files/patch-Makefile
+26-29dns/ddclient/files/patch-ddclient.in
+21-29net/teddycloud/Makefile
+17-23net/teddycloud/distinfo
+15-16dns/ddclient/Makefile
+540-11035 files not shown
+723-17741 files

HardenedBSD/src 36daea2tools/build make_libc_exterr_cat_filenames.sh

by Mark Johnston (markj) on ⎇
exterr: Sort output from make_libc_exterr_cat_filenames.sh

Otherwise the script may permute the order of entries in the file since
find(1) output is not stable.

Reviewed by:    kib
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54669

(cherry picked from commit bda6ed2ee4d8e836b1b2f8ca7a6ed72034e5f231)
DeltaFile
+1-1tools/build/make_libc_exterr_cat_filenames.sh
+1-11 files

HardenedBSD/src f1e1bfesys/compat/linuxkpi/common/src linux_shmemfs.c

by Mark Johnston (markj) on ⎇
linuxkpi: Clean up linux_shmem_file_setup() a bit

- Free the pointer that was returned by the allocator, instead of the
  address of the first member.  These will be equal in practice, but
  it's sketchy and won't work on CHERI with subobject bounds checking.
- Use an anonymous struct, there's no need to name it.

Reviewed by:    bz, brooks, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54673

(cherry picked from commit 251662e5abdd85f5a83766b400e23c2ac5597fb9)
DeltaFile
+3-4sys/compat/linuxkpi/common/src/linux_shmemfs.c
+3-41 files

HardenedBSD/src a11b4f7sys/dev/asmc asmc.c

by Abdelkader Boudih via Mark Johnston (markj) on ⎇
asmc: add per-fan manual mode control via sysctl

Add per-fan manual mode control via dev.asmc.0.fan.N.manual sysctl.

Apple SMCs support manual fan control via the FS! SMC key,
a 16-bit bitmask where each bit controls one fan (0=auto, 1=manual).

This change adds a new sysctl per fan:
    dev.asmc.0.fan.N.manual (0=auto, 1=manual)

When set to manual mode (1), the fan runs at the speed set via
dev.asmc.0.fan.N.targetspeed instead of automatic thermal control.  When
set to auto mode (0), the SMC controls fan speed automatically.

The FS! key was already defined in asmcvar.h but not accessible.
This exposes it for debugging, testing, and advanced fan control.

Implementation uses read-modify-write to allow independent control of
each fan without affecting others.

    [6 lines not shown]
DeltaFile
+55-0sys/dev/asmc/asmc.c
+55-01 files

HardenedBSD/src 6cbd76esys/dev/jme if_jme.c

by Abdelkader Boudih via Mark Johnston (markj) on ⎇
jme: Convert driver to CTLFLAG_MPSAFE

Replace CTLFLAG_NEEDGIANT with CTLFLAG_MPSAFE for all interrupt
coalescing sysctls. The driver uses jme_mtx mutex for proper
synchronization and does not require Giant lock.

Sysctls converted:
- dev.jme.X.tx_coal_to (TX coalescing timeout)
- dev.jme.X.tx_coal_pkt (TX coalescing packet count)
- dev.jme.X.rx_coal_to (RX coalescing timeout)
- dev.jme.X.rx_coal_pkt (RX coalescing packet count)
- dev.jme.X.process_limit (max RX events to process)

Reviewed by:    markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54618

(cherry picked from commit c2a55efd74cccb3d4e7b9037b240ad062c203bb8)
DeltaFile
+5-5sys/dev/jme/if_jme.c
+5-51 files

HardenedBSD/src fd6bccclib/libc/gen exterr_cat_filenames.h

by Mark Johnston (markj) on ⎇
exterr: Regenerate exterr_cat_filenames.h
DeltaFile
+1-1lib/libc/gen/exterr_cat_filenames.h
+1-11 files

HardenedBSD/src 72dc1a1sys/compat/linuxkpi/common/src linux_current.c

by Mark Johnston (markj) on ⎇
linuxkpi: Fix an error path in linux_alloc_current()

If the allocation fails we should free the task struct.

While here get rid of a couple of unnecessary assertions.

Reported by:    Kevin Day <kevin at your.org>
Reviewed by:    emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54671

(cherry picked from commit a4955b0143361900140df640d116891f047f5431)
DeltaFile
+2-8sys/compat/linuxkpi/common/src/linux_current.c
+2-81 files

HardenedBSD/src 4d9eaa0sys/arm64/iommu smmu.c

by Mark Johnston (markj) on ⎇
arm64/iommu: Fix a resource leak in smmu_domain_alloc()

We should free the allocated ASID if smmu_init_cd() fails.

Move the allocation of "domain" to simplify the first error path.

Reported by:    Kevin Day <kevin at your.org>
Reviewed by:    br
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54676

(cherry picked from commit 6740cccb1eff2a0e1e6d451fa9676a21736937d2)
DeltaFile
+2-3sys/arm64/iommu/smmu.c
+2-31 files

HardenedBSD/src da714e3sys/dev/isl isl.c

by Abdelkader Boudih via Mark Johnston (markj) on ⎇
isl: Convert driver to CTLFLAG_MPSAFE

Replace CTLFLAG_NEEDGIANT with CTLFLAG_MPSAFE for all light sensor
sysctls.  All of the sysctl handlers are serialized by a driver mutex.

Sysctls converted:
- dev.isl.X.als (ambient light sensor)
- dev.isl.X.ir (infrared sensor)
- dev.isl.X.prox (proximity sensor)
- dev.isl.X.resolution (sensor resolution)
- dev.isl.X.range (sensor range)

Reviewed by:    markj
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54621

(cherry picked from commit 0672e0e38a08c580f723a02bb183344d8c7cee65)
DeltaFile
+5-5sys/dev/isl/isl.c
+5-51 files

HardenedBSD/src a3b3be5sys/compat/linuxkpi/common/src linux_firmware.c

by Mark Johnston (markj) on ⎇
linuxkpi: Avoid a potential null pointer dereference in an error path

Reported by:    Kevin Day <kevin at your.org>
Reviewed by:    bz, emaste
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54672

(cherry picked from commit aa1eb623389008c95b897976f4d28a7fe0acd93c)
DeltaFile
+2-1sys/compat/linuxkpi/common/src/linux_firmware.c
+2-11 files

HardenedBSD/src 0e2e588sys/arm64/vmm/io vgic_v3.c

by Mark Johnston (markj) on ⎇
arm64/vgic_v3: Fix an inverted test when reading GICD_I<C|S>ENABLER

On read, these registers' fields return 1 if forwarding of the
corresponding interrupt is enabled, and 0 otherwise.  The test in
read_enabler() was inverted.

Reported by:    Kevin Day <kevin at your.org>
Reviewed by:    andrew
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D54678

(cherry picked from commit 6fef0c9ee64cea1f22b6a33a0c4dd39f605b7465)
DeltaFile
+1-1sys/arm64/vmm/io/vgic_v3.c
+1-11 files