HardenedBSD/src 6376e95sys/compat/linuxkpi/common/src linux_80211.c, sys/dev/asmc asmc.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+696-954sys/compat/linuxkpi/common/src/linux_80211.c
+113-14sys/dev/asmc/asmc.c
+13-99sys/dev/cxgbe/tom/t4_cpl_io.c
+13-1sys/kern/subr_bus.c
+13-0tools/tools/syscall_timing/Makefile.depend
+6-6sys/dev/sound/pci/vibes.c
+854-1,074192 files not shown
+1,069-1,284198 files

HardenedBSD/src 7466a86sys/compat/linuxkpi/common/src linux_80211.c, sys/dev/adb adb_bus.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+696-954sys/compat/linuxkpi/common/src/linux_80211.c
+113-14sys/dev/asmc/asmc.c
+13-99sys/dev/cxgbe/tom/t4_cpl_io.c
+13-1sys/kern/subr_bus.c
+13-0tools/tools/syscall_timing/Makefile.depend
+6-6sys/dev/adb/adb_bus.c
+854-1,074192 files not shown
+1,069-1,284198 files

HardenedBSD/ports 35fa0aflang/fpc-devel pkg-plist Makefile, lang/fpc-devel-source Makefile

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+90-0security/vuxml/vuln/2026.xml
+24-0lang/fpc-devel/pkg-plist
+10-5sysutils/py-filelock/Makefile
+9-4lang/fpc-devel/Makefile
+5-5shells/carapace/distinfo
+7-3lang/fpc-devel-source/Makefile
+145-1724 files not shown
+200-7330 files

HardenedBSD/ports 0594296sysutils/py-filelock Makefile distinfo

sysutils/py-filelock: update 3.20.1 → 3.24.3

PR:     293432
DeltaFile
+10-5sysutils/py-filelock/Makefile
+3-3sysutils/py-filelock/distinfo
+13-82 files

HardenedBSD/src 3023bb4sys/dev/asmc asmc.c

asmc: introduce the concept of generic models

Having to enter in each of the models for Apple hardware, recompiling,
etc, is tedious. Provide generic models so end-users can leverage some
of the capabilities provided by the driver, i.e., common features like
minimal fans and lights (if present on the generic model) support.

The generic models are as follows:
- Macmini
- MacBookAir
- MacBookPro
- MacPro

This sort of follows the pattern established by the `applesmc` driver in
Linux.

MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55395
DeltaFile
+67-13sys/dev/asmc/asmc.c
+67-131 files

HardenedBSD/ports d7e7c6dnet/revsocks distinfo Makefile

net/revsocks: Update to 2.9
DeltaFile
+3-3net/revsocks/distinfo
+1-2net/revsocks/Makefile
+4-52 files

HardenedBSD/ports 2c55f0aaudio/libxmp distinfo Makefile

audio/libxmp: Update to 4.7.0
DeltaFile
+3-3audio/libxmp/distinfo
+1-1audio/libxmp/Makefile
+4-42 files

HardenedBSD/src 94db365sys/dev/asmc asmc.c asmcvar.h

asmc: add Wake-on-LAN control via sysctl

Apple Mac systems support Wake-on-LAN from powered-off state (S5/G2) via
the AUPO SMC key.

This change adds a convenience sysctl, `dev.asmc.0.wol`. This can be
disabled if set to 0 and enabled if set to 1.

The AUPO key is volatile and resets to 0x00 on every boot, so WoL must
be manually enabled before each shutdown to work from powered-off state.
Users need to run: `sysctl dev.asmc.0.wol=1` before shutting down the
system. The sysctl is best set to persist in `/etc/sysctl.conf`.

MFC after:      1 week
Reviewed By:    markj, ngie
Differential Revision:  https://reviews.freebsd.org/D54439
DeltaFile
+45-0sys/dev/asmc/asmc.c
+5-0sys/dev/asmc/asmcvar.h
+50-02 files

HardenedBSD/ports bd452c5science/afni distinfo pkg-plist

science/afni: Update to 26.0.09
DeltaFile
+3-3science/afni/distinfo
+1-1science/afni/pkg-plist
+1-1science/afni/Makefile
+5-53 files

HardenedBSD/ports 6fe60f2editors/lazarus-devel distinfo Makefile

editors/lazarus-devel: Update to 4.99.20260223
DeltaFile
+3-3editors/lazarus-devel/distinfo
+2-2editors/lazarus-devel/Makefile
+5-52 files

HardenedBSD/ports 4059a25lang/fpc-devel pkg-plist Makefile, lang/fpc-devel-source Makefile distinfo

lang/fpc-devel*: Update to 3.3.1.20260224

PR:             292887
DeltaFile
+24-0lang/fpc-devel/pkg-plist
+9-4lang/fpc-devel/Makefile
+5-5lang/fpc-devel/distinfo
+7-3lang/fpc-devel-source/Makefile
+3-3lang/fpc-devel-source/distinfo
+48-155 files

HardenedBSD/src 0fc6c3fsys/dev/adb adb_bus.c, sys/dev/axgbe if_axgbe.c

chore: replace {0, 0} with {DEV,KOBJ}METHOD_END

Both of the aforementioned macros have been present in FreeBSD
for well over a decade: 2009 for `KOBJMETHOD_END`; 2011 for
`DEVMETHOD_END`.

Adapt all hardcoded references of `{0, 0}` with `DEVMETHOD_END`
and `KOBJMETHOD_END` as appropriate. This helps ensure that
future adaptations to drivers following patterns documented
in driver(9) can be made more easily/without issue.

MFC after:      1 week
Differential Revision:   https://reviews.freebsd.org/D55414
DeltaFile
+6-6sys/dev/sound/pci/vibes.c
+6-6sys/dev/adb/adb_bus.c
+2-2sys/dev/axgbe/if_axgbe.c
+2-2sys/dev/dpaa/qman_fdt.c
+2-2sys/dev/qlnx/qlnxe/qlnx_os.c
+2-2sys/dev/cxgbe/t4_main.c
+20-20180 files not shown
+208-207186 files

HardenedBSD/src 0ac5cddtools/tools/syscall_timing Makefile.depend

syscall_timing: add Makefile.depend

This was part of review D44761. It was separated into another commit for
better clarity.

Obtained from:  Hewlett Packard Enterprise
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D44761
DeltaFile
+13-0tools/tools/syscall_timing/Makefile.depend
+13-01 files

HardenedBSD/src de773bctools/tools/syscall_timing Makefile

Use NO_SHARED instead of explicitly using -static flag

NO_SHARED is the proper way to declare linking a program without
shared libraries.

Obtained from:  Hewlett Packard Enterprise
MFC after:      1 week
Reviewed by:    emaste
Differential Revision:  https://reviews.freebsd.org/D44761
DeltaFile
+2-1tools/tools/syscall_timing/Makefile
+2-11 files

HardenedBSD/ports 1bd9f9egraphics/ImageMagick7 distinfo Makefile

graphics/ImageMagick7: Update to 7.1.2-15

PR:             293419
DeltaFile
+3-3graphics/ImageMagick7/distinfo
+1-2graphics/ImageMagick7/Makefile
+4-52 files

HardenedBSD/ports 9370b17security/wolfssl Makefile

security/wolfssl: enable TLS 1.3 middlebox compat mode

PR:             293232
Reported by:    Mark Felder <feld at FreeBSD.org>
DeltaFile
+2-1security/wolfssl/Makefile
+2-11 files

HardenedBSD/ports a885709sysutils/try-rs distinfo Makefile

sysutils/try-rs: Update to 1.5.3
DeltaFile
+3-3sysutils/try-rs/distinfo
+1-1sysutils/try-rs/Makefile
+4-42 files

HardenedBSD/src 48f55a4sys/compat/linuxkpi/common/src linux_80211.c

LinuxKPI: 802.11: fold the sta state machine again

In and around d9f59799fc3e7 we adjusted the initial sta state machine
implementation and unfolded some functions, duplicating code.
This version tries to undo some of that as it seems that we can get
away with doing it more cleanly these days.

There are 5 main functions for the path from INIT to RUN (UP1,2,3.1,3.2,4)
and 4 main functions for the path from RUN to INIT (DOWN1,2,3,4).
The reason there is one more on the patch up is that we can go directly
from AUTH to RUN without going through ASSOC first.
In addition there are further functions relying only on these 9 base
state change functions in order to implement the remaining possible
state transitions net80211 can do (without CSA and SLEEP).

Another change is that we no longer take a sta always through INIT/SCAN
first and then back up to AUTH, that is, we are no longer deleting the
sta from the firmware unless net80211 would also take us down to that
state and in a follow-up back up.

    [12 lines not shown]
DeltaFile
+667-945sys/compat/linuxkpi/common/src/linux_80211.c
+667-9451 files

HardenedBSD/src acba7a6sys/compat/linuxkpi/common/src linux_80211.c

LinuxKPI: 802.11: improve crypto debug logging

Add a log entry to lkpi_ieee80211_iterate_keys() in order to be able
to determine if there are still keys available when a driver calls
into this (e.g., iwlwifi does before removing the sta to make sure
the keys are gone).

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
DeltaFile
+8-0sys/compat/linuxkpi/common/src/linux_80211.c
+8-01 files

HardenedBSD/src 96a57fcsys/compat/linuxkpi/common/src linux_80211.c

LinuxKPI: 802.11: adjust assoc check before key deletion

There is a discrepancy between the vif assoc state and the sta state
(see comment in lkpi_sta_run_to_init()).
Adjust the check in lkpi_iv_key_delete() and add it to
lkpi_sta_del_keys() so that we can take way the keys after whatever
comes first: the sta went away from AUTHORIZED (RUN) or if the vif is
no longer marked assoc.
This is needed as we may only take the sta down partially back to
State 2 (cf. 802.11-2024, Figure 11-23) and key material is no longer
valid before the vif gets cleaned up and the sta is removed entirely.

Sponsored by:   The FreeBSD Foundation
MFC after:      3 days
DeltaFile
+21-9sys/compat/linuxkpi/common/src/linux_80211.c
+21-91 files

HardenedBSD/ports 91b3c4dmail/py-resend distinfo Makefile

mail/py-resend: Update to 2.23.0

Changelog: https://github.com/resend/resend-python/releases/tag/v2.23.0

Reported by:    Repology
DeltaFile
+3-3mail/py-resend/distinfo
+1-1mail/py-resend/Makefile
+4-42 files

HardenedBSD/ports f6b1c58misc/crush distinfo Makefile

misc/crush: Update to 0.45.0

Changelog: https://github.com/charmbracelet/crush/releases/tag/v0.45.0

Reported by:    GitHub (watch releases)
DeltaFile
+5-5misc/crush/distinfo
+1-1misc/crush/Makefile
+6-62 files

HardenedBSD/src e43730esys/dev/cxgbe/tom t4_cpl_io.c

cxgbe tom: Use the same WRs as iSCSI to send PDUs for NVMe

Reviewed by:    np (earlier version)
Sponsored by:   Chelsio Communications
Differential Revision:  https://reviews.freebsd.org/D55470
DeltaFile
+13-99sys/dev/cxgbe/tom/t4_cpl_io.c
+13-991 files

HardenedBSD/ports 4c9d3dcports-mgmt/poudriere-devel distinfo Makefile

ports-mgmt/poudriere-devel: Update to 3.3.0-2518-gb94c44b64

Changes:
 - bulk/testport: Fix caching of fetched distfiles for flavored-ports
   * Note that this does not fix go mod cache files not being cached.
     That is tracked in https://github.com/freebsd/poudriere/issues/1311
DeltaFile
+3-3ports-mgmt/poudriere-devel/distinfo
+2-2ports-mgmt/poudriere-devel/Makefile
+5-52 files

HardenedBSD/src 6513c28sys/arm/arm machdep_boot.c machdep.c, sys/arm64/arm64 machdep_boot.c

sys: Declare 'end' as an extern char[]

While here, remove an unused declaration.

Reviewed by:    jrtc27
Sponsored by:   AFRL, DARPA
Differential Revision:  https://reviews.freebsd.org/D53898
DeltaFile
+1-1sys/arm/arm/machdep_boot.c
+0-2sys/arm/arm/machdep.c
+1-1sys/arm64/arm64/machdep_boot.c
+1-1sys/riscv/riscv/machdep.c
+3-54 files

HardenedBSD/src fba56belib/libdevctl devctl.3, sys/kern subr_bus.c

Do not fail 'devctl clear driver' if another driver is not found

Detaching the bhyve(4) ppt driver from an unsupported PCI device
should not raise a "Device not configured" error.  We do not expect
that a new driver must take over the device in this case.

Reviewed by:    imp, jhb
Differential Revision:  https://reviews.freebsd.org/D52050
DeltaFile
+13-1sys/kern/subr_bus.c
+2-1lib/libdevctl/devctl.3
+15-22 files

HardenedBSD/ports 1e1d3cdshells/carapace distinfo Makefile

shells/carapace: Update to 1.6.3

Changelog: https://github.com/carapace-sh/carapace-bin/releases/tag/v1.6.3

Reported by:    GitHub (watch releases)
DeltaFile
+5-5shells/carapace/distinfo
+1-1shells/carapace/Makefile
+6-62 files

HardenedBSD/ports 837a3fdsecurity/vuxml/vuln 2026.xml

security/vuxml: add FreeBSD SAs issued on 2026-02-24

FreeBSD-SA-26:04.jail affects FreeBSD 13.5 and FreeBSD 14.3
FreeBSD-SA-26:05.route affects all supported versions of FreeBSD
DeltaFile
+90-0security/vuxml/vuln/2026.xml
+90-01 files

HardenedBSD/src ef1218asys/kern sched_shim.c

kern/sched_shims.c: back to ifunc

Reported by:    kevans
Reviewed by:    kevans, mhorne
Fixes:  0d3652f67d246348e2c017205c6782caf4484449
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differrential revision: https://reviews.freebsd.org/D55490
DeltaFile
+2-3sys/kern/sched_shim.c
+2-31 files

HardenedBSD/src 40a4ccasys/compat/linuxkpi/common/src linux_80211.c, sys/crypto/ccp ccp_hardware.h

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+37-8sys/sys/bus.h
+7-28sys/dev/acpica/acpivar.h
+14-11usr.sbin/bsdinstall/scripts/bootconfig
+22-0sys/compat/linuxkpi/common/src/linux_80211.c
+12-2tools/build/stddef.h
+5-5sys/crypto/ccp/ccp_hardware.h
+97-549 files not shown
+112-6615 files