HardenedBSD/src 46701fasys/net rtsock.c

rtsock: Fix stack overflow

Approved by:    so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")

(cherry picked from commit f3be7df50f01d9a6ead9f27b55bb4dfd7dc4f9d2)
(cherry picked from commit df932377e7dd7dc536fa14612d9e80aa3554772e)
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+2-2sys/net/rtsock.c
+2-21 files

HardenedBSD/src f62e80esys/net rtsock.c

Merge remote-tracking branch 'origin/freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+2-2sys/net/rtsock.c
+2-21 files

HardenedBSD/src c617708share/man/man5 src.conf.5

HBSD: Resolve merge conflict

Regen src.conf.5.

Signed-off-by:  Shawn Webb <shawn.webb at hardenedbsd.org>
DeltaFile
+1-5share/man/man5/src.conf.5
+1-51 files

HardenedBSD/src 5339846sbin/camcontrol camcontrol.c, share/man/man4 ffs.4

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+178-177sys/sys/elf_common.h
+29-0sbin/camcontrol/camcontrol.c
+5-10usr.sbin/bhyve/iov.c
+11-2sys/netinet/tcp_stacks/rack.c
+3-2share/man/man4/ffs.4
+2-2usr.sbin/ngctl/main.c
+228-1933 files not shown
+231-1969 files

HardenedBSD/src 28f4e57sbin/camcontrol camcontrol.c, share/man/man4 ffs.4

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+178-177sys/sys/elf_common.h
+29-0sbin/camcontrol/camcontrol.c
+5-10usr.sbin/bhyve/iov.c
+11-2sys/netinet/tcp_stacks/rack.c
+3-2share/man/man4/ffs.4
+2-2usr.sbin/ngctl/main.c
+228-1933 files not shown
+231-1969 files

HardenedBSD/ports 8550922devel/py-maturin distinfo Makefile.crates, lang/fpc-devel pkg-plist

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+367-273devel/py-maturin/distinfo
+182-135devel/py-maturin/Makefile.crates
+108-15lang/fpc-devel/pkg-plist
+47-57www/py-nh3/distinfo
+22-27www/py-nh3/Makefile.crates
+27-16misc/py-fastmcp/Makefile
+753-52360 files not shown
+1,029-68766 files

HardenedBSD/src c8e27a6sbin/geom/core geom.c, share/man/man5 src.conf.5

Merge remote-tracking branch 'origin/freebsd/15-stable/main' into hardened/15-stable/main

Conflicts:
        share/man/man5/src.conf.5 (unresolved)
DeltaFile
+40-39sbin/geom/core/geom.c
+31-21sys/kern/vfs_mount.c
+8-0share/man/man5/src.conf.5
+3-0tools/build/options/WITH_IPFILTER_IPFS
+1-2usr.sbin/syslogd/tests/syslogd_format_test_common.sh
+1-0sys/riscv/conf/GENERIC
+84-626 files

HardenedBSD/ports ce07a53devel/aws-crt-cpp distinfo Makefile

devel/aws-crt-cpp: Update to 0.37.3

ChangeLog: https://github.com/awslabs/aws-crt-cpp/releases/tag/v0.37.3
DeltaFile
+3-3devel/aws-crt-cpp/distinfo
+1-1devel/aws-crt-cpp/Makefile
+4-42 files

HardenedBSD/ports 9fd0270devel/R-cran-testit distinfo Makefile

devel/R-cran-testit: Update to 0.16

ChangeLog: https://github.com/yihui/testit/releases/tag/v0.16
DeltaFile
+3-3devel/R-cran-testit/distinfo
+1-1devel/R-cran-testit/Makefile
+4-42 files

HardenedBSD/ports d02f6cemail/nextcloud-mail distinfo Makefile

mail/nextcloud-mail: Update to 5.7.1
DeltaFile
+3-3mail/nextcloud-mail/distinfo
+1-1mail/nextcloud-mail/Makefile
+4-42 files

HardenedBSD/ports df303f9net-im/nextcloud-talk distinfo Makefile

net-im/nextcloud-talk: Update to 23.0.1
DeltaFile
+3-3net-im/nextcloud-talk/distinfo
+2-2net-im/nextcloud-talk/Makefile
+5-52 files

HardenedBSD/ports 1f40b9bsecurity/nextcloud-twofactor_webauthn distinfo Makefile

security/nextcloud-twofactor_webauthn: Update to 2.6.0
DeltaFile
+3-3security/nextcloud-twofactor_webauthn/distinfo
+2-3security/nextcloud-twofactor_webauthn/Makefile
+5-62 files

HardenedBSD/ports 5560d59security/nextcloud-end_to_end_encryption distinfo Makefile

security/nextcloud-end_to_end_encryption: Update to 2.0.0
DeltaFile
+3-3security/nextcloud-end_to_end_encryption/distinfo
+2-2security/nextcloud-end_to_end_encryption/Makefile
+5-52 files

HardenedBSD/ports 8e6a65dfinance/nextcloud-cospend distinfo Makefile

finance/nextcloud-cospend: Update to 4.0.0
DeltaFile
+3-3finance/nextcloud-cospend/distinfo
+2-2finance/nextcloud-cospend/Makefile
+5-52 files

HardenedBSD/ports c4459f3www/nextcloud-groupfolders distinfo Makefile

www/nextcloud-groupfolders: Update to 21.0.6
DeltaFile
+3-3www/nextcloud-groupfolders/distinfo
+2-2www/nextcloud-groupfolders/Makefile
+5-52 files

HardenedBSD/ports 0f11721www/nextcloud-deck distinfo Makefile

www/nextcloud-deck: Update to 1.17.0
DeltaFile
+3-3www/nextcloud-deck/distinfo
+2-2www/nextcloud-deck/Makefile
+5-52 files

HardenedBSD/ports 88d101cwww/nextcloud-contacts distinfo Makefile

www/nextcloud-contacts: Update to 8.3.3
DeltaFile
+3-3www/nextcloud-contacts/distinfo
+1-1www/nextcloud-contacts/Makefile
+4-42 files

HardenedBSD/ports 35987b3www/nextcloud-appointments distinfo Makefile

www/nextcloud-appointments: Update to 2.6.3
DeltaFile
+3-3www/nextcloud-appointments/distinfo
+2-3www/nextcloud-appointments/Makefile
+5-62 files

HardenedBSD/ports 4009926www/nextcloud distinfo Makefile, www/nextcloud/files patch-config_config.documented.php

www/nextcloud: Update to 33.0.0
DeltaFile
+11-11www/nextcloud/files/patch-config_config.documented.php
+3-3www/nextcloud/distinfo
+2-3www/nextcloud/Makefile
+16-173 files

HardenedBSD/ports a02b3fdlang/gforth Makefile distinfo, lang/gforth/files patch-engine_getopt.h patch-engine_forth.h

lang/gforth: try to unbreak the port's build against GCC 15

... by pulling two upstream patches.  While here, spell out
ANS Forth (1994) in the COMMENT and port description, fix a
typo, and provide a more meaningful MAKE_JOBS_UNSAFE reason.

PR:     293330
DeltaFile
+11-0lang/gforth/files/patch-engine_getopt.h
+0-11lang/gforth/files/patch-engine_forth.h
+0-11lang/gforth/files/patch-fflib.fs
+6-2lang/gforth/Makefile
+5-0lang/gforth/distinfo
+2-2lang/gforth/pkg-descr
+24-266 files

HardenedBSD/ports ec1c5f3math/saga distinfo Makefile

math/saga: Update to 9.11.3

(skip v9.11.2 because of a missing fix)

Changelog:      https://sourceforge.net/p/saga-gis/wiki/Changelog%209.11.3/attachment/changelog_saga_9.11.3.txt
                https://sourceforge.net/p/saga-gis/wiki/Changelog%209.11.2/attachment/changelog_saga_9.11.2.txt

Reported by:    portscout, Repology
MFH:            2026Q1
DeltaFile
+3-3math/saga/distinfo
+2-2math/saga/Makefile
+5-52 files

HardenedBSD/src 9063968sys/netinet/tcp_stacks rack.c

Mitigate a case where TCP rack can send an extra ack.

Rack will in theory send an extra rate limited ack when we get to a closing state (sending a FIN) so that
if we have only 1 packet outstanding we might encourage the connection to close out. However it does this
always which is not always wise. Change it so that it only does that if its been more than an srtt since
we have had some activity i.e. a send or a receive of a packet.
Reviewed by:tuexen, rscheff
Differential Revision:<https://reviews.freebsd.org/D55459>
DeltaFile
+11-2sys/netinet/tcp_stacks/rack.c
+11-21 files

HardenedBSD/ports 18366cdwww/py-nh3 distinfo Makefile.crates

www/py-nh3: Update to 0.3.3

Changelog:

https://github.com/messense/nh3/releases/tag/v0.3.3
DeltaFile
+47-57www/py-nh3/distinfo
+22-27www/py-nh3/Makefile.crates
+1-2www/py-nh3/Makefile
+70-863 files

HardenedBSD/ports ab1949bsecurity/py-cryptography distinfo Makefile

security/py-cryptography: Fix stage QA errors with py-maturin 1.12.0+

* If built with py-maturin 1.12.0+ following stage QA errors are emitted:

[...]
====> Running Q/A tests (stage-qa)
Error: Python package installs top-level 'docs/' directory in site-packages
Error:   Location: lib/python3.11/site-packages/docs
[...]
Error: Python package installs top-level 'tests/' directory in site-packages
Error:   Location: lib/python3.11/site-packages/tests
[...]

* This is because older versions of py-maturin didn't install these
  stray files due to an bug with the "include" pattern in
  "pyproject.toml".  With version 1.12.0, these files are now installed.

Approved by:    portmgr (build fix blanket)

security/py-cryptography: Convert to PATCH_SITES
DeltaFile
+3-1security/py-cryptography/distinfo
+3-0security/py-cryptography/Makefile
+6-12 files

HardenedBSD/ports 72dba13devel/py-maturin distinfo Makefile.crates

devel/py-maturin: Update to 1.12.4

Changelog since 1.11.5:

https://github.com/PyO3/maturin/blob/v1.12.4/Changelog.md
DeltaFile
+367-273devel/py-maturin/distinfo
+182-135devel/py-maturin/Makefile.crates
+1-2devel/py-maturin/Makefile
+550-4103 files

HardenedBSD/ports 71fbac3Mk/Uses lazarus.mk, lang/fpc-devel pkg-plist Makefile

lang/fpc-devel: add support for powerpc64*

PR:     292887
Submitted by:   Curtis Hamilton (hamiltcl at verizon.net)
DeltaFile
+108-15lang/fpc-devel/pkg-plist
+28-11lang/fpc-devel/Makefile
+7-3lang/fpc-devel/distinfo
+6-2Mk/Uses/lazarus.mk
+5-3lang/fpc-devel-source/Makefile
+3-3lang/fpc-devel-source/distinfo
+157-372 files not shown
+160-388 files

HardenedBSD/src df93237sys/net rtsock.c

rtsock: Fix stack overflow

Approved by:    so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")

(cherry picked from commit f3be7df50f01d9a6ead9f27b55bb4dfd7dc4f9d2)
DeltaFile
+2-2sys/net/rtsock.c
+2-21 files

HardenedBSD/src f3be7dfsys/net rtsock.c

rtsock: Fix stack overflow

Approved by:    so
Security:       FreeBSD-SA-26:05.route
Security:       CVE-2026-3038
Fixes:          92be2847e845 ("rtsock: Avoid copying uninitialized padding bytes")
DeltaFile
+2-2sys/net/rtsock.c
+2-21 files

HardenedBSD/src 0ff08b8sys/sys elf_common.h

elf_common.h: Sort SHT_ entries

Reviewed by:    jrtc27
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55488
DeltaFile
+3-2sys/sys/elf_common.h
+3-21 files

HardenedBSD/src d7d4da9usr.sbin/bhyve iov.c

bhyve: Fix truncate_iov()

The implementation was simply wrong.  It would always just return the
first entry in the iovec, even if the requested length is larger than
that first entry.

Note, this function will be removed soon, see D53468.

Reported by:    Vinod p n <vinod272 at gmail.com>
Reviewed by:    des, emaste, Hans Rosenfeld <rosenfeld at grumpf.hope-2000.org>
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D55438
DeltaFile
+5-10usr.sbin/bhyve/iov.c
+5-101 files