HardenedBSD/src a9dd68bsys/kern kern_prot.c, sys/riscv/conf GENERIC

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+22-12sys/kern/kern_prot.c
+2-2sys/sys/exterrvar.h
+1-0sys/riscv/conf/GENERIC
+25-143 files

HardenedBSD/ports 63fe107devel/gitaly distinfo, net-im/flare distinfo

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+11-11devel/gitaly/distinfo
+6-6www/gitlab/distinfo
+11-1shells/bash/distinfo
+5-5www/gitlab-pages/distinfo
+5-5www/gitlab-workhorse/distinfo
+5-5net-im/flare/distinfo
+43-3322 files not shown
+89-8028 files

HardenedBSD/ports 870130edevel/gitaly distinfo, net/gitlab-agent distinfo

www/gitlab: security and patch update to 18.6.1

Changes:        https://about.gitlab.com/releases/2025/11/26/patch-release-gitlab-18-6-1-released/
Security:       4530fc9f-cb47-11f0-85d8-2cf05da270f3
DeltaFile
+11-11devel/gitaly/distinfo
+6-6www/gitlab/distinfo
+5-5net/gitlab-agent/distinfo
+5-5www/gitlab-pages/distinfo
+5-5www/gitlab-workhorse/distinfo
+2-2www/gitlab/Makefile.common
+34-346 files

HardenedBSD/src d9e734dsys/sys exterrvar.h

exterrvar.h: style(9): Fix two small nits

- Use tabs before '\'.
- Comment for '#else' must be the negation of the initial '#if''s test.

No functional change.

Sponsored by:   The FreeBSD Foundation
DeltaFile
+2-2sys/sys/exterrvar.h
+2-21 files

HardenedBSD/src 000d5b5sys/kern kern_prot.c

setcred(2): Fix a panic on too many groups from latest commit

kern_setcred_copyin_supp_groups() is documented to always set
'sc_supp_groups', but did not do it if there are more supplementary
groups than 'ngroups_max'.  Also, that case was omitted from the herald
comment.  Add it there, also including it as a case where
'sc_supp_groups_nb' is reset to 0 as a security measure.

Initially, kern_setcred_copyin_supp_groups() had the usual property that
nothing had to be freed on it returning an error, but was then converted
to relying on the caller to free() even on error, and this part was
missed during the conversion.  The benefits of this unusual convention
are that we can zero or NULLify groups-related attributes in advance,
preventing inadvertent use of stale data (defensive security measure),
and we can avoid some small code duplication (no need to have two same
calls to free()).  This makes sense as kern_setcred_copyin_supp_groups()
is meant to be a private sub-routine of user_setcred() only.  While
here, rename kern_setcred_copyin_supp_groups() =>
user_setcred_copyin_supp_groups().

    [4 lines not shown]
DeltaFile
+22-12sys/kern/kern_prot.c
+22-121 files

HardenedBSD/ports fc43ffdmail/nextcloud-mail distinfo Makefile

mail/nextcloud-mail: Update to 5.6.1
DeltaFile
+3-3mail/nextcloud-mail/distinfo
+1-1mail/nextcloud-mail/Makefile
+4-42 files

HardenedBSD/ports 821c840www/nextcloud distinfo Makefile

www/nextcloud: Update to 32.0.2
DeltaFile
+3-3www/nextcloud/distinfo
+1-1www/nextcloud/Makefile
+4-42 files

HardenedBSD/src 06a4a09sys/riscv/conf GENERIC

riscv: include Xilinx PCIe controller driver.

This is used on Codasip Prime.

Sponsonred by: CHERI Research Centre
DeltaFile
+1-0sys/riscv/conf/GENERIC
+1-01 files

HardenedBSD/ports 2f60a00net-im/flare distinfo Makefile

net-im/flare: Update 0.17.2 => 0.17.3

Changelog:
https://gitlab.com/schmiddi-on-mobile/flare/-/releases/0.17.3

PR:             291000
Reported by:    Yusuf Yaman <nxjoseph at protonmail.com> (maintainer)
DeltaFile
+5-5net-im/flare/distinfo
+1-2net-im/flare/Makefile
+1-1net-im/flare/Makefile.crates
+7-83 files

HardenedBSD/ports 407b199lang/tcl90 distinfo pkg-plist, x11-toolkits/tk90 distinfo Makefile

lang/tcl90, x11-toolkits/tk90: update to 9.0.3

Announcements:
https://sourceforge.net/p/tcl/mailman/message/59259102/ (Tcl)
https://sourceforge.net/p/tcl/mailman/message/59259103/ (Tk)
DeltaFile
+3-3x11-toolkits/tk90/distinfo
+3-3lang/tcl90/distinfo
+3-3lang/tcl90/pkg-plist
+1-1x11-toolkits/tk90/Makefile
+1-1lang/tcl90/Makefile
+11-115 files

HardenedBSD/ports 0943d0bgraphics/catimg distinfo Makefile

graphics/catimg: Update to 2.8.0
DeltaFile
+3-3graphics/catimg/distinfo
+2-1graphics/catimg/Makefile
+5-42 files

HardenedBSD/ports c76178dshells/bash distinfo Makefile

shells/bash: Update to 5.3.8
DeltaFile
+11-1shells/bash/distinfo
+1-2shells/bash/Makefile
+12-32 files

HardenedBSD/ports 789a866audio/lilv distinfo Makefile

audio/lilv: Update to 0.26.2

ChangeLog: https://drobilla.net/2025/11/25/lilv-0-26-2.html
DeltaFile
+3-3audio/lilv/distinfo
+1-1audio/lilv/Makefile
+4-42 files

HardenedBSD/ports 5a1511fdevel/R-cran-testthat distinfo Makefile

devel/R-cran-testthat: Update to 3.3.1

ChangeLog: https://cloud.r-project.org/web/packages/testthat/news/news.html
DeltaFile
+3-3devel/R-cran-testthat/distinfo
+1-1devel/R-cran-testthat/Makefile
+4-42 files

HardenedBSD/ports 01622a7security/aws-c-cal distinfo Makefile

security/aws-c-cal: Update to 0.9.13

ChangeLog:
        https://github.com/awslabs/aws-c-cal/releases/tag/v0.9.13
        https://github.com/awslabs/aws-c-cal/releases/tag/v0.9.12
DeltaFile
+3-3security/aws-c-cal/distinfo
+1-1security/aws-c-cal/Makefile
+4-42 files

HardenedBSD/src de9f0b6share/man/man4 rl.4 re.4, sys/conf NOTES

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+18-18sys/conf/NOTES
+18-18sys/dev/re/if_re.c
+16-16sys/dev/rl/if_rl.c
+9-9sys/dev/mii/rlphy.c
+8-8share/man/man4/rl.4
+6-6share/man/man4/re.4
+75-7523 files not shown
+126-12629 files

HardenedBSD/src fd1e32dusr.sbin/bsdinstall Makefile

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+1-1usr.sbin/bsdinstall/Makefile
+1-11 files

HardenedBSD/ports 2df4fd5devel/grex distinfo Makefile.crates, graphics/xreader pkg-plist Makefile

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+299-329devel/grex/distinfo
+0-431print/xreader/pkg-plist
+311-0graphics/xreader/pkg-plist
+148-163devel/grex/Makefile.crates
+109-103textproc/feluda/distinfo
+112-0graphics/xreader/Makefile
+979-1,02628 files not shown
+1,127-1,36934 files

HardenedBSD/src e27d5c1usr.sbin/bsdconfig/share device.subr

bsdconfig: RealTek -> Realtek

Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.

Signed-off-by: ykla yklaxds at gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901
DeltaFile
+3-3usr.sbin/bsdconfig/share/device.subr
+3-31 files

HardenedBSD/src 8cbe0ddsys/dev/mii rlphy.c miidevs, sys/dev/re if_re.c

sys: RealTek -> Realtek

Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.

Signed-off-by: ykla yklaxds at gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901
DeltaFile
+18-18sys/dev/re/if_re.c
+16-16sys/dev/rl/if_rl.c
+9-9sys/dev/mii/rlphy.c
+5-5sys/dev/rl/if_rlreg.h
+4-4sys/dev/mii/miidevs
+4-4sys/dev/usb/net/ruephy.c
+56-5614 files not shown
+77-7720 files

HardenedBSD/src 5fd8a01share/man/man4 rl.4 re.4

man: RealTek -> Realtek

Realtek changed how it styled its name 25 or so years ago, but the old
style persisted in many places. These products use the new styling in
their datasheets.

Signed-off-by: ykla yklaxds at gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901
DeltaFile
+8-8share/man/man4/rl.4
+6-6share/man/man4/re.4
+4-4share/man/man4/rue.4
+4-4share/man/man4/miibus.4
+2-2share/man/man4/rgephy.4
+24-245 files

HardenedBSD/ports e949e46net/kea-devel pkg-plist distinfo

net/kea-devel: Update to 3.1.4
DeltaFile
+17-12net/kea-devel/pkg-plist
+3-3net/kea-devel/distinfo
+1-1net/kea-devel/Makefile
+21-163 files

HardenedBSD/ports caf4b0atextproc/moor distinfo Makefile

textproc/moor: Update 2.9.1 => 2.9.2

Changelog:
https://github.com/walles/moor/releases/tag/v2.9.2

PR:             291189
Reported by:    Yusuf Yaman <nxjoseph at protonmail.com> (maintainer)
DeltaFile
+5-5textproc/moor/distinfo
+1-1textproc/moor/Makefile
+6-62 files

HardenedBSD/ports 0a0263bgraphics/xreader pkg-plist Makefile, print/xreader pkg-plist Makefile

graphics/xreader: move and update to 4.6.0

This started as a fork of graphics/atril, which in turn forked from
graphics/evince, so move categories to match.

- make PDF and pixbuf support unconditional, support for those
  formats are always expected
- optionalise NLS, previewer, thumbnailer
- exclude DOCS as upstream is still evaluating the build issue
DeltaFile
+0-431print/xreader/pkg-plist
+311-0graphics/xreader/pkg-plist
+112-0graphics/xreader/Makefile
+0-97print/xreader/Makefile
+0-31print/xreader/files/patch-libview_meson.build
+0-30print/xreader/files/patch-shell_meson.build
+423-58910 files not shown
+431-68116 files

HardenedBSD/src 2996c41sys/conf NOTES

NOTES: fix typos and unify terminology in comments

Signed-off-by: ykla yklaxds at gmail.com
Sponsored by: Chinese FreeBSD Community
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1901
DeltaFile
+18-18sys/conf/NOTES
+18-181 files

HardenedBSD/ports c668b3ftextproc/feluda distinfo Makefile.crates, textproc/feluda/files patch-Cargo.toml

textproc/feluda: Update 1.10.1 => 1.10.3

Added run-time dependency for emojis to appear properly.
Removed accidentally added distinfo entry of openssl-src (from
previous commit) which we don't want use already.

Changelog:
- https://github.com/anistark/feluda/releases/tag/v1.10.2
- https://github.com/anistark/feluda/releases/tag/v1.10.3

PR:             290737
Reported by:    Yusuf Yaman <nxjoseph at protonmail.com> (maintainer)
DeltaFile
+109-103textproc/feluda/distinfo
+53-49textproc/feluda/Makefile.crates
+5-5textproc/feluda/files/patch-Cargo.toml
+2-2textproc/feluda/Makefile
+169-1594 files

HardenedBSD/src 7fe881estand/defaults loader.conf.5

loader: Note current autoboot_delay behavior

Some time ago, the boot loader stopped polling for a key press during
the kernel and module loading prior to the transition to lua. Inspection
of the code shows the polling is no longer there. Document the change.

Sponsored by:           Netflix
DeltaFile
+3-3stand/defaults/loader.conf.5
+3-31 files

HardenedBSD/ports a200828security/vuxml/vuln 2025.xml

security/vuxml: document gitlab vulnerabilities
DeltaFile
+39-0security/vuxml/vuln/2025.xml
+39-01 files

HardenedBSD/ports 8f6829bdevel/grex distinfo Makefile.crates

devel/grex: Update to 1.4.6

Changelog: https://github.com/pemistahl/grex/releases/tag/v1.4.6

PR:             291219
Reported by:    Petteri Valkonen <petteri.valkonen at iki.fi> (maintainer)
DeltaFile
+299-329devel/grex/distinfo
+148-163devel/grex/Makefile.crates
+1-2devel/grex/Makefile
+448-4943 files

HardenedBSD/ports 4159c8cdevel/air-go distinfo Makefile

devel/air-go: Update to 1.63.4
DeltaFile
+5-5devel/air-go/distinfo
+1-1devel/air-go/Makefile
+6-62 files