HBSD: Build framework updates
In preparing the next quarterly build (2026q2), I discovered that
HardenedBSD 15-STABLE is lagging behind with regards to building the
installer images. This commit brings us more up-to-date and fixes the
build.
This is a direct commit to 15-STABLE.
Signed-off-by: Shawn Webb <shawn.webb at hardenedbsd.org>
AMDGPU: Skip last corrections in afn f64 reciprocal
Device libs has a fast reciprocal macro that is close
to the fast division expansion, but skips the last terms
compared to the full division.
The basic reciprocal handling has identical output to this
macro. The negative reciprocal case has different fneg placement
and smaller code size, but I believe should be the same.
strip Telegram binary to save +400M in installed size
debug builds have long been disabled due to the binary being too big,
but it still contains debug symbols. instructing cmake to strip during
fake fixes that.
drop obsolete configure flags while here, cmake reports them as unused.
www/zine-ssg: Unbreak build
IIUC, the Zig community is actively abandoning github, so dependencies
are likely to keep disappearing as they move to different services.
Differential Revision: https://reviews.freebsd.org/D56124
www/zine-ssg: Unbreak build
IIUC, the Zig community is actively abandoning github, so dependencies
are likely to keep disappearing as they move to different services.
Differential Revision: https://reviews.freebsd.org/D56124
security/tor: update 0.4.9.5 → 0.4.9.6
Quoting the announcement at:
<https://lists.torproject.org/mailman3/hyperkitty/list/tor-announce@lists.torproject.org/message/MDZTQ6KHN7YPUPE2GQYYQQFNP3KCMK3M/>
Changes in version 0.4.9.6 - 2026-03-25
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
[16 lines not shown]
security/tor: update 0.4.9.5 → 0.4.9.6
Quoting the announcement at:
<https://lists.torproject.org/mailman3/hyperkitty/list/tor-announce@lists.torproject.org/message/MDZTQ6KHN7YPUPE2GQYYQQFNP3KCMK3M/>
Changes in version 0.4.9.6 - 2026-03-25
This is a security release fixing major bugfixes that could possibly lead to
remote crashing relays. We strongly recommend upgrading as soon as possible.
o Major bugfix (security):
- Fix a stack overflow of 11 bytes on malicious CREATED2. This lead
to a remote crash. TROVE-2026-003. Reported-by: Anas Cherni of
Calif.io. Fixes bug 41231; bugfix on 0.4.9.1-alpha.
o Major bugfix (security, conflux):
- Fix a memory compare using the wrong length. This could lead to a
remote crash when using the conflux subsystem. TROVE-2026-004.
Fixes bug 41232; bugfix on 0.4.8.1-alpha.
[16 lines not shown]
After the kernel-writes-the-buffer changes to profil(2) a year ago, the
profil(2) call only works for stop/restart of profiling. So pledge no
longer interferes and it is available in "stdio".
[MLIR][XeGPU] Add distribution patterns for vector step, shape_cast & broadcast from sg-to-wi (#185960)
This PR adds distribution patterns for vector.step, vector.shape_cast &
vector.broadcast in the new sg-to-wi pass
Merge tag 'trace-v7.0-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull tracing fixes from Steven Rostedt:
- Fix potential deadlock in osnoise and hotplug
The interface_lock can be called by a osnoise thread and the CPU
shutdown logic of osnoise can wait for this thread to finish. But
cpus_read_lock() can also be taken while holding the interface_lock.
This produces a circular lock dependency and can cause a deadlock.
Swap the ordering of cpus_read_lock() and the interface_lock to have
interface_lock taken within the cpus_read_lock() context to prevent
this circular dependency.
- Fix freeing of event triggers in early boot up
If the same trigger is added on the kernel command line, the second
one will fail to be applied and the trigger created will be freed.
[9 lines not shown]
Merge tag 's390-7.0-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux
Pull s390 fixes from Vasily Gorbik:
- Add array_index_nospec() to syscall dispatch table lookup to prevent
limited speculative out-of-bounds access with user-controlled syscall
number
- Mark array_index_mask_nospec() __always_inline since GCC may emit an
out-of-line call instead of the inline data dependency sequence the
mitigation relies on
- Clear r12 on kernel entry to prevent potential speculative use of
user value in system_call, ext/io/mcck interrupt handlers
* tag 's390-7.0-6' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390/entry: Scrub r12 register on kernel entry
s390/syscalls: Add spectre boundary for syscall dispatch table
s390/barrier: Make array_index_mask_nospec() __always_inline
