HardenedBSD/src 92106besys/dev/acpica acpi_spmc.c, sys/dev/uart uart_bus_pci.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+447-5tests/sys/netinet6/ndp.sh
+184-231sys/netinet6/nd6_rtr.c
+26-29sys/dev/uart/uart_bus_pci.c
+43-8tests/sys/netinet6/ra.py
+1-12usr.sbin/virtual_oss/virtual_oss/virtual_oss.8
+5-6sys/dev/acpica/acpi_spmc.c
+706-2919 files not shown
+733-30015 files

HardenedBSD/src 96f812bsys/dev/acpica acpi_spmc.c, sys/dev/uart uart_bus_pci.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+447-5tests/sys/netinet6/ndp.sh
+184-231sys/netinet6/nd6_rtr.c
+26-29sys/dev/uart/uart_bus_pci.c
+43-8tests/sys/netinet6/ra.py
+1-12usr.sbin/virtual_oss/virtual_oss/virtual_oss.8
+5-6sys/dev/acpica/acpi_spmc.c
+706-2919 files not shown
+733-30015 files

HardenedBSD/ports 41b0526graphics/py-opencv-python-headless/files patch-opencv_modules_core_include_opencv2_core_vsx__utils.hpp, mail/thunderbird/files patch-libwebrtc-generated patch-pipewire_init

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+1,425-424mail/thunderbird/files/patch-libwebrtc-generated
+59-44mail/thunderbird/files/patch-pipewire_init
+35-0mail/thunderbird/files/patch-ipc_glue_ForkServer.cpp
+19-13mail/thunderbird/files/patch-python_sites_mach.txt
+0-22security/nss/files/patch-lib_softoken_pkcs11c.c
+22-0graphics/py-opencv-python-headless/files/patch-opencv_modules_core_include_opencv2_core_vsx__utils.hpp
+1,560-50323 files not shown
+1,671-58429 files

HardenedBSD/ports 0beb6adnet/dataplaneapi distinfo Makefile

net/dataplaneapi: Update to 3.3.3

ChangeLog:
https://github.com/haproxytech/dataplaneapi/compare/v3.3.1...v3.3.3
DeltaFile
+5-5net/dataplaneapi/distinfo
+2-3net/dataplaneapi/Makefile
+7-82 files

HardenedBSD/ports a81125dwww/oauth2-proxy distinfo Makefile

www/oauth2-proxy: Update to 7.15.2

ChangeLog: https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.15.2

MFH:            2026Q2
DeltaFile
+5-5www/oauth2-proxy/distinfo
+1-2www/oauth2-proxy/Makefile
+6-72 files

HardenedBSD/ports 679a24fwww/filebrowser-quantum distinfo Makefile

www/filebrowser-quantum: Update to 1.2.4

ChangeLog:
https://github.com/gtsteffaniak/filebrowser/compare/v1.1.2-stable...v1.2.4-stable
DeltaFile
+7-7www/filebrowser-quantum/distinfo
+2-3www/filebrowser-quantum/Makefile
+9-102 files

HardenedBSD/ports ff82f83www/filebrowser distinfo Makefile

www/filebrowser: Update to 1.63.2

ChangeLog: https://github.com/filebrowser/filebrowser/releases/tag/v2.63.2
DeltaFile
+7-7www/filebrowser/distinfo
+2-3www/filebrowser/Makefile
+9-102 files

HardenedBSD/ports 20e166fmultimedia/navidrome distinfo Makefile

multimedia/navidrome: Update to 0.61.2

ChangeLog: https://github.com/navidrome/navidrome/releases/tag/v0.61.2
DeltaFile
+7-7multimedia/navidrome/distinfo
+1-2multimedia/navidrome/Makefile
+8-92 files

HardenedBSD/ports cc2105ewww/tinyauth distinfo Makefile

www/tinyauth: Update to 5.0.7

ChangeLogs:

- https://github.com/steveiliop56/tinyauth/releases/tag/v5.0.5
- https://github.com/steveiliop56/tinyauth/releases/tag/v5.0.6
- https://github.com/steveiliop56/tinyauth/releases/tag/v5.0.7
DeltaFile
+7-7www/tinyauth/distinfo
+3-4www/tinyauth/Makefile
+10-112 files

HardenedBSD/ports 0bcd71bfinance/homebox distinfo Makefile

finance/homebox: Update to 0.25.0

ChangeLog: https://github.com/sysadminsmedia/homebox/releases/tag/v0.25.0
DeltaFile
+7-7finance/homebox/distinfo
+3-4finance/homebox/Makefile
+10-112 files

HardenedBSD/src f6bcc09tests/sys/netinet6 ndp.sh ra.py

tests/netinet6: Add test for route information option

Test handling of receiving multiple route information options in RA.

Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56216
DeltaFile
+67-0tests/sys/netinet6/ndp.sh
+27-5tests/sys/netinet6/ra.py
+94-52 files

HardenedBSD/src c173f02tests/sys/netinet6 ndp.sh ra.py

tests/netinet6: Add SLAAC and RA validation tests to ndp

* RA hop limit validation
* RA source address validation
* Multi router RA validation
* Two hour rule RA validation
* SLAAC onlink prefix switching test

Reviewed by: glebius
Differential Revision: https://reviews.freebsd.org/D56128
DeltaFile
+380-5tests/sys/netinet6/ndp.sh
+17-4tests/sys/netinet6/ra.py
+397-92 files

HardenedBSD/src 7204394sys/netinet6 nd6_rtr.c

nd6: Remove goto and unused condition in prelist_update

While here, style it.

Reviewed by: markj, zlei
Differential Revision: https://reviews.freebsd.org/D56136
DeltaFile
+13-28sys/netinet6/nd6_rtr.c
+13-281 files

HardenedBSD/src 5f27592sys/netinet6 nd6_rtr.c

nd6: Break nd6_prefix_lifetime_update out of prelist_update

Logic of updating prefix lifetime is big enough that deserves
its own function.
While here, fix style.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56135
DeltaFile
+101-108sys/netinet6/nd6_rtr.c
+101-1081 files

HardenedBSD/src e808119sys/netinet6 nd6_rtr.c

nd6: Remove anycast check in prelist_update

RFC 2462 is obsoleted by RFC 4862 and it made statements more
clear than before.
Considering SLAAC can't create anycast addresses by itself, remove
its check.
While here, update comments based on RFC 4862.

Reviewed by: markj, zlei
Differential Revision: https://reviews.freebsd.org/D56134
DeltaFile
+6-19sys/netinet6/nd6_rtr.c
+6-191 files

HardenedBSD/src 05f2acdsys/netinet6 nd6_rtr.c

nd6: Ignore entire PI if violates RFC 4862 section 5.5.3

Ignore prefix information update earlier in `prelist_update()`.
If PI is invalid or autonomous bit is unset, we better to let our
SLAAC address expire and if we don't have any previous matching
prefix, better not to create new one.
Because either our router don't want us to have one anymore, or
the very RA is malicious.

Reviewed by: ae
Differential Revision: https://reviews.freebsd.org/D56133
DeltaFile
+10-12sys/netinet6/nd6_rtr.c
+10-121 files

HardenedBSD/src d022dd8sys/netinet6 nd6_rtr.c

nd6: Change prelist_update return type to void

The return value of `prelist_update()` is unused.

Reviewed by: markj, zlei
Differential Revision: https://reviews.freebsd.org/D56132
DeltaFile
+18-29sys/netinet6/nd6_rtr.c
+18-291 files

HardenedBSD/src ced1de2sys/netinet6 nd6_rtr.c nd6.h

nd6: Break pfxrtr_add out of nd6_prelist_add

Updating defrouter only required by `prelist_update()`.
since `nd6_prelist_add()` is a public function, exclude unsed
dr logic from it.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56131
DeltaFile
+6-9sys/netinet6/nd6_rtr.c
+1-2sys/netinet6/nd6.h
+1-1sys/netinet6/in6_ifattach.c
+1-1sys/netinet6/in6.c
+9-134 files

HardenedBSD/src d96e8cbsys/netinet6 nd6_rtr.c

nd6: Break nd6_prefix_update out of prelist_update

if PI exists, call prefix_update, instead of doing it inside
the prelist_update.
no functional change intended.

Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56130
DeltaFile
+41-37sys/netinet6/nd6_rtr.c
+41-371 files

HardenedBSD/ports 0b29810security/nss distinfo Makefile, security/nss/files patch-lib_softoken_pkcs11c.c

security/nss: update to 3.123

Announcement:
  https://groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/AW6VHkn6E0o

Patch patch-lib_softoken_pkcs11c.c was dropped - it is unclear if it
was still relevant. The last discussion of the problem this patch was
supposed to fix happened >15 years ago, and nothing came out of that.
DeltaFile
+0-22security/nss/files/patch-lib_softoken_pkcs11c.c
+3-3security/nss/distinfo
+1-1security/nss/Makefile
+4-263 files

HardenedBSD/ports af1bd58graphics/py-opencv-python-headless/files patch-opencv_modules_core_include_opencv2_core_vsx__utils.hpp

graphics/py-opencv-python-headless: fix build on powerpc64le

Import patch from graphics/opencv to fix build.
DeltaFile
+22-0graphics/py-opencv-python-headless/files/patch-opencv_modules_core_include_opencv2_core_vsx__utils.hpp
+22-01 files

HardenedBSD/src 0a764besys/dev/acpica acpi_spmc.c

acpi_spmc(4): Remove redundant setting of 'sc->dev' on attach

Should have been part of the previous commit (but PEBCAK).

Reviewed by:    obiwac
Fixes:          bd05b47fbd8b ("acpi_spmc(4): Small probe improvements/fixes")
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D56483
DeltaFile
+0-2sys/dev/acpica/acpi_spmc.c
+0-21 files

HardenedBSD/src 788d71eusr.sbin/virtual_oss/virtual_oss virtual_oss.8

virtual_oss.8: Remove CPU performance example

See also:       https://github.com/freebsd/virtual_oss/issues/2
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
DeltaFile
+1-12usr.sbin/virtual_oss/virtual_oss/virtual_oss.8
+1-121 files

HardenedBSD/src bd05b47sys/dev/acpica acpi_spmc.c

acpi_spmc(4): Small probe improvements/fixes

Remove the test on presence of an ACPI handle, this is implied by
ACPI_ID_PROBE() succeeding.

Set 'sc->dev' early, so that acpi_spmc_check_dsm_set() using
device_printf() will print the driver name.

Add a missing newline after printing that more DSM functions are
implemented then expected.

Reviewed by:    obiwac
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D56483
DeltaFile
+5-4sys/dev/acpica/acpi_spmc.c
+5-41 files

HardenedBSD/src 45c8ddcsys/dev/uart uart_dev_ns8250.c

uart/pci: recover ADL AMT device after FIFO size probing

When the Alder Lake Serial-over-LAN device is put into loopback mode and
repeated writes are performed to the data register it results in the device
ending up in a non-functional state afterwards.

Recovering the device to a working state requires re-writing the LCR
register with it's current value (no effective change).  This should be
harmless on all other devices.

Sponsored by: Citrix Systems R&D
Differential revision: https://reviews.freebsd.org/D56107
Reviewed by: imp
DeltaFile
+9-0sys/dev/uart/uart_dev_ns8250.c
+9-01 files

HardenedBSD/src 2ac5b9bsys/dev/uart uart_bus_pci.c

uart/pci: use different probe return values

For PCI devices listed in pci_ns8250_ids return BUS_PROBE_SPECIFIC, while
for generic UART devices not explicitly listed in pci_ns8250_ids return
BUS_PROBE_GENERIC.  This allows more specific drivers to take over those
devices, and the generic UART PCI driver will only be used as a fallback.

This fixes an issue where the UART PCI driver would attach to multiport PCI
UART devices, that instead need to use the puc(4) driver to multiplex the
device.

Reported by: markj
Sponsored by: Citrix Systems R&D
Differential revision: https://reviews.freebsd.org/D56467
Reviewed by: markj imp
DeltaFile
+26-29sys/dev/uart/uart_bus_pci.c
+26-291 files

HardenedBSD/src b4be4a7sys/powerpc/conf GENERIC64 GENERIC64LE

powerpc64: fix builds

Oops, I missed 'device ix' in here, and it now requires mdio.
DeltaFile
+2-0sys/powerpc/conf/GENERIC64
+2-0sys/powerpc/conf/GENERIC64LE
+4-02 files

HardenedBSD/ports 7975e03mail/thunderbird/files patch-libwebrtc-generated patch-pipewire_init

mail/thunderbird: update to 150.0 (rc1)

Release Notes (soon):
  https://www.thunderbird.net/en-US/thunderbird/150.0/releasenotes/
DeltaFile
+1,425-424mail/thunderbird/files/patch-libwebrtc-generated
+59-44mail/thunderbird/files/patch-pipewire_init
+35-0mail/thunderbird/files/patch-ipc_glue_ForkServer.cpp
+19-13mail/thunderbird/files/patch-python_sites_mach.txt
+19-0mail/thunderbird/files/patch-xpcom_base_nsMemoryInfoDumper.cpp
+17-0mail/thunderbird/files/patch-python_sites_build.txt
+1,574-4812 files not shown
+1,579-4868 files

HardenedBSD/ports 05102a8mail/thunderbird-esr distinfo Makefile

mail/thunderbird-esr: update to 140.10.0 (rc1)

Release Notes (soon):
  https://www.thunderbird.net/en-US/thunderbird/140.10.0esr/releasenotes/
DeltaFile
+3-3mail/thunderbird-esr/distinfo
+1-1mail/thunderbird-esr/Makefile
+4-42 files

HardenedBSD/src d9e7dd4sys/netinet ip_carp.h ip_carp.c

carp: define CARP_AUTHLEN for carp_authlen field

Replace the bare 7 with a named constant.
DeltaFile
+6-0sys/netinet/ip_carp.h
+1-1sys/netinet/ip_carp.c
+7-12 files