BSD Commit Log Search

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/main' into hardenedbsd/main

cpucontrol: Be more strict with input validation

Avoid truncating 32-bit values.  This would have saved me a bit of time
when I was looking at a cpuid leaf on my system and typed 0x80000001f
instead of 0x8000001f.

Reviewed by:    kib
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D54919

sysutils/fluent-bit: Improve RC script and fix issues

* Document 'fluent_bit_group' variable
* Install PID file with mode 0600 instead of 0755
* Reuse ${name}
* Pass '-t {name}' to daemon(8)
* Remove self-created PID file

PR:             292782
MFH:            2026Q1
Approved by:    girgen (maintainer)

security/vuxml: Add firefox vulnerabilities

 * CVE-2026-24868
 * CVE-2026-24869

HBSD: Revert "sysutils/py-ansible-core220: Add new port"

This reverts commit 2b0cca695ede66c78626c5bc687a6f9798209691. This
commit by upstream FreeBSD breaks the build.

Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>

ifconfig: Exit with a non-zero status when SIOCSIFFIB fails

Previously, setting an interface FIB to some invalid value would result
in a warning being printed, but the ifconfig command would exit with
status 0, but this is wrong.

Add a little regression test.

Reviewed by:    pouria, zlei, melifaro
MFC after:      2 weeks
Sponsored by:   Stormshield
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D54918

dns/dnscontrol: Update to 4.32.0

www/forgejo: Update to 14.0.1

MFH:            2026Q1

www/forgejo-lts: Update to 11.0.10

MFH:            2026Q1

flua: lposix: fix WARNS=6 issues

lposix is the last holdout of modules built into flua until we can fix
the module design to have the right parts require()able.  Address a
valid bug in lua_read() found at a higher WARNS and drop the override
entirely.  Some of the modules could possibly be re-evaluated.

Fixes:  c2caf3b3313 ("flua: lposix: add more useful functions [...]")
Reported by:    des
Reviewed by:    des
Sponsored by:   Klara, Inc.
Sponsored by:   NetApp, Inc.

net-im/gotosocial: Update 0.20.2 => 0.20.3

Changelog:
https://codeberg.org/superseriousbusiness/gotosocial/releases/tag/v0.20.3

PR:     292772
MFH:    2026Q1

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi

Merge branch 'freebsd/current/main' into hardened/current/master

Merge branch 'freebsd/main' into hardenedbsd/main

www/deno: Update to 2.6.6

Obtained from:  OpenBSD (Volker Schlecht)

ports-mgmt/pkg_replace: Update 20260127 => 20260128

Changelog:
https://github.com/kdeguchi/pkg_replace/releases/tag/20260128

PR:     292777

www/chromium: update to 144.0.7559.109

Security:       https://vuxml.freebsd.org/freebsd/409d70ab-fc23-11f0-85c5-a8a1599412c6.html

www/iridium: update to 2026.01.144.2

security/vuxml: add www/*chromium < 144.0.7559.109

Obtained from:  https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_27.html

www/tomcat-devel: Update 11.0.15 => 11.0.18

Changelog:
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.18_(markt)

MFH:    2026Q1

www/tomcat110: Update 11.0.15 => 11.0.18

Changelog:
https://tomcat.apache.org/tomcat-11.0-doc/changelog.html#Tomcat_11.0.18_(markt)

MFH:    2026Q1

www/tomcat101: Update 10.1.50 => 10.1.52

Changelog:
https://tomcat.apache.org/tomcat-10.1-doc/changelog.html#Tomcat_10.1.52_(schultz)

MFH:    2026Q1

acpi: Use AcpiGbl_FACS even on ACPI_REDUCED_HARDWARE

This has been possible since ACPICA 20240827, and is actually
a requirement to get out of S3 on ACPI_REDUCED_HARDWARE (that said, we
don't implement S3 on arm64 yet).

Relevant ACPICA commit:
https://github.com/acpica/acpica/commit/79cd933e7b370e8d3fb490bf36ca5d111a12f96a.

Reviewed by:    obiwac
MFC after:      2 weeks
MFC to:         stable/15
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54625

acpi_spmc(4): Fix compilation on 32-bit platforms

Fixes:          c5daa5a4c32c ("acpi_spmc: Add system power management controller driver")
Sponsored by:   The FreeBSD Foundation

acpi: Use only AcpiGetSleepTypeData() to determine Sx support

Previously, we would first call AcpiEvaluateObject() to execute \_Sx
before calling AcpiGetSleepTypeData().  This was unnecessary, as
AcpiGetSleepTypeData() performs the same call itself.  While doing so,
the latter function logs any other error than AE_NOT_FOUND (which
indicates that a particular sleep state is not supported), which most
probably is an added benefit of this change.

Reviewed by:    obiwac
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D54624

ahc(4): Fix a warning on i386 compilation

Fixes:          cd036e891a35 ("ahc_pci.c: If bus_dma...")
MFC after:      3 days
Sponsored by:   The FreeBSD Foundation

www/surge: Add high-performance download manager

Surge is a TUI/CLI download manager with parallel downloads,
pause/resume, speed graphs, and browser extension support.

math/py-cvxpy: Add comment