<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/lib, branch stable/14</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>contrib/expat: import expat 2.8.2</title>
<updated>2026-07-02T04:15:35+00:00</updated>
<author>
<name>Philip Paeps</name>
<email>philip@FreeBSD.org</email>
</author>
<published>2026-06-25T14:34:28+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=12b941265ebb01bc6f4683d84551a16580bb5cc6'/>
<id>12b941265ebb01bc6f4683d84551a16580bb5cc6</id>
<content type='text'>
Changes: https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes

Security:	CVE-2026-50219
Security:	CVE-2026-56131
Security:       CVE-2026-56132
Security:       CVE-2026-56403
Security:       CVE-2026-56404
Security:       CVE-2026-56405
Security:       CVE-2026-56406
Security:       CVE-2026-56407
Security:       CVE-2026-56408
Security:       CVE-2026-56409
Security:       CVE-2026-56410
Security:       CVE-2026-56411
Security:       CVE-2026-56412

(cherry picked from commit c82aeee8a6d39371006f5eeb1b51704e7b97e2b7)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Changes: https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes

Security:	CVE-2026-50219
Security:	CVE-2026-56131
Security:       CVE-2026-56132
Security:       CVE-2026-56403
Security:       CVE-2026-56404
Security:       CVE-2026-56405
Security:       CVE-2026-56406
Security:       CVE-2026-56407
Security:       CVE-2026-56408
Security:       CVE-2026-56409
Security:       CVE-2026-56410
Security:       CVE-2026-56411
Security:       CVE-2026-56412

(cherry picked from commit c82aeee8a6d39371006f5eeb1b51704e7b97e2b7)
</pre>
</div>
</content>
</entry>
<entry>
<title>iconv: Fix a stack buffer overflow in _ISO2022_sputwchar()</title>
<updated>2026-06-30T17:00:22+00:00</updated>
<author>
<name>Mark Johnston</name>
<email>markj@FreeBSD.org</email>
</author>
<published>2026-06-23T17:45:28+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=d62d0b6586a88f64edb706295a4d568f2bde2808'/>
<id>d62d0b6586a88f64edb706295a4d568f2bde2808</id>
<content type='text'>
In the ISO2022-CN encoding, characters may require at least seven bytes,
and MB_LEN_MAX==6 is insufficient.  From code inspection,
_ISO2022_sputwchar() can emit 10 bytes in the worst case, so use that to
size buffers.

Add a regression test.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58082
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D57950
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
In the ISO2022-CN encoding, characters may require at least seven bytes,
and MB_LEN_MAX==6 is insufficient.  From code inspection,
_ISO2022_sputwchar() can emit 10 bytes in the worst case, so use that to
size buffers.

Add a regression test.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58082
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D57950
</pre>
</div>
</content>
</entry>
<entry>
<title>iconv: Fix a buffer overflow in the HZ encoding</title>
<updated>2026-06-30T17:00:22+00:00</updated>
<author>
<name>Mark Johnston</name>
<email>markj@FreeBSD.org</email>
</author>
<published>2026-06-23T16:05:31+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=298e912b0d8deab54dbd77cea08615e4b146cc03'/>
<id>298e912b0d8deab54dbd77cea08615e4b146cc03</id>
<content type='text'>
wcrtomb may store up to 2 2-byte escape sequences to the state buffer in
addition to the character itself.  In the worst case, a 3-byte heap
overflow is possible.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58081
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D57949
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
wcrtomb may store up to 2 2-byte escape sequences to the state buffer in
addition to the character itself.  In the worst case, a 3-byte heap
overflow is possible.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58081
Reviewed by:	kevans
Differential Revision:	https://reviews.freebsd.org/D57949
</pre>
</div>
</content>
</entry>
<entry>
<title>iconv(3): Draft some automatic tests.</title>
<updated>2026-06-30T17:00:22+00:00</updated>
<author>
<name>Taylor R Campbell</name>
<email>riastradh@NetBSD.org</email>
</author>
<published>2026-06-22T19:44:55+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=399151130357641c6f66f4d05f66aeed42515afc'/>
<id>399151130357641c6f66f4d05f66aeed42515afc</id>
<content type='text'>
Based on a report by Nick Wellnhofer.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Reviewed by:	markj, kevans
Differential Revision:	https://reviews.freebsd.org/D57948
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Based on a report by Nick Wellnhofer.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Reviewed by:	markj, kevans
Differential Revision:	https://reviews.freebsd.org/D57948
</pre>
</div>
</content>
</entry>
<entry>
<title>iconv(3): Fix problems in various encodings</title>
<updated>2026-06-30T17:00:22+00:00</updated>
<author>
<name>Taylor R Campbell</name>
<email>riastradh@NetBSD.org</email>
</author>
<published>2026-06-22T21:15:25+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=799132497f046c0d449cced38b1c3095e4d89abd'/>
<id>799132497f046c0d449cced38b1c3095e4d89abd</id>
<content type='text'>
Fix null pointer dereference with HZ8 encoding.

Fix output buffer overrun in UTF-7, VIQR, ZW encodings.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58081
Reviewed by:	markj, kevans
Differential Revision:	https://reviews.freebsd.org/D57947
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix null pointer dereference with HZ8 encoding.

Fix output buffer overrun in UTF-7, VIQR, ZW encodings.

Approved by:	so
Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58081
Reviewed by:	markj, kevans
Differential Revision:	https://reviews.freebsd.org/D57947
</pre>
</div>
</content>
</entry>
<entry>
<title>lib/msun/tests: re-enable nan_test on riscv</title>
<updated>2026-06-26T16:11:03+00:00</updated>
<author>
<name>Siva Mahadevan</name>
<email>siva@FreeBSD.org</email>
</author>
<published>2026-06-15T22:27:52+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=62bb16c64737b32b43a2824d158923bc6245b6bc'/>
<id>62bb16c64737b32b43a2824d158923bc6245b6bc</id>
<content type='text'>
Commit 1e25cda7f06923d05e28dac8eb1c1c428a5c92dc fixed it.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 52ad4f883489f73e7a876f5cf296bb5a7dc696a2)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 1e25cda7f06923d05e28dac8eb1c1c428a5c92dc fixed it.

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation

(cherry picked from commit 52ad4f883489f73e7a876f5cf296bb5a7dc696a2)
</pre>
</div>
</content>
</entry>
<entry>
<title>msun/logarithm_test: expect_fail log1p_accuracy_tests in the correct spot</title>
<updated>2026-06-26T16:10:59+00:00</updated>
<author>
<name>Siva Mahadevan</name>
<email>siva@FreeBSD.org</email>
</author>
<published>2026-06-17T17:04:54+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=487e1d061615935c91c0ec71c7be3e6fb60cdeb1'/>
<id>487e1d061615935c91c0ec71c7be3e6fb60cdeb1</id>
<content type='text'>
While here, remove the conditional on the "ci" config var to ensure that
this is reproducible locally as well.

This fixes a case where we are expecting a fail before the failing ATF_CHECK_*
assertion happens. Found in a CI failure here:
https://ci.freebsd.org/job/FreeBSD-main-riscv64-test/16608/testReport/lib.msun/logarithm_test/log1p_accuracy_tests/

PR:		253984
Fixes:		405188aeac540f7666dfde37c2f32d222119f56e
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D57351

(cherry picked from commit 19af9c77acc912e4bf90a667924f5f4ff78a7759)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
While here, remove the conditional on the "ci" config var to ensure that
this is reproducible locally as well.

This fixes a case where we are expecting a fail before the failing ATF_CHECK_*
assertion happens. Found in a CI failure here:
https://ci.freebsd.org/job/FreeBSD-main-riscv64-test/16608/testReport/lib.msun/logarithm_test/log1p_accuracy_tests/

PR:		253984
Fixes:		405188aeac540f7666dfde37c2f32d222119f56e
MFC after:	3 days
Differential Revision:	https://reviews.freebsd.org/D57351

(cherry picked from commit 19af9c77acc912e4bf90a667924f5f4ff78a7759)
</pre>
</div>
</content>
</entry>
<entry>
<title>lib/msun/tests: xfail remaining failing tests on non-x86 archs</title>
<updated>2026-06-26T16:10:24+00:00</updated>
<author>
<name>Siva Mahadevan</name>
<email>me@svmhdvn.name</email>
</author>
<published>2025-10-08T20:40:15+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=f08d5362b0138ad0be532fe339067224e470787d'/>
<id>f08d5362b0138ad0be532fe339067224e470787d</id>
<content type='text'>
These are the remaining trivial xfail cases where no other
test logic changes are necessary.

Signed-off-by: Siva Mahadevan &lt;me@svmhdvn.name&gt;
PR:		290099
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1871
(cherry picked from commit 405188aeac540f7666dfde37c2f32d222119f56e)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
These are the remaining trivial xfail cases where no other
test logic changes are necessary.

Signed-off-by: Siva Mahadevan &lt;me@svmhdvn.name&gt;
PR:		290099
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1871
(cherry picked from commit 405188aeac540f7666dfde37c2f32d222119f56e)
</pre>
</div>
</content>
</entry>
<entry>
<title>lib/msun/tests: xfail failing lrint_test cases on non-x86 archs</title>
<updated>2026-06-26T16:10:20+00:00</updated>
<author>
<name>Siva Mahadevan</name>
<email>me@svmhdvn.name</email>
</author>
<published>2025-10-08T20:40:15+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=a55f9466439b021bb1a2721b2c17fce8c1af4f06'/>
<id>a55f9466439b021bb1a2721b2c17fce8c1af4f06</id>
<content type='text'>
Replace ATF_CHECK_* with ATF_REQUIRE_* to fail fast and avoid
unexpected aborts.

Signed-off-by: Siva Mahadevan &lt;me@svmhdvn.name&gt;
PR:		290099
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1871
(cherry picked from commit de601d5bf5c6d2409134abc4638c7a0818cc896e)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace ATF_CHECK_* with ATF_REQUIRE_* to fail fast and avoid
unexpected aborts.

Signed-off-by: Siva Mahadevan &lt;me@svmhdvn.name&gt;
PR:		290099
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1871
(cherry picked from commit de601d5bf5c6d2409134abc4638c7a0818cc896e)
</pre>
</div>
</content>
</entry>
<entry>
<title>lib/msun/tests: xfail failing invtrig_test cases on non-x86</title>
<updated>2026-06-26T16:10:17+00:00</updated>
<author>
<name>Siva Mahadevan</name>
<email>me@svmhdvn.name</email>
</author>
<published>2025-10-08T20:40:15+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=20806e71e00c06969dbcfa2514f32a0787934627'/>
<id>20806e71e00c06969dbcfa2514f32a0787934627</id>
<content type='text'>
Replace ATF_CHECK_* with ATF_REQUIRE_* to fail fast and avoid
unexpected abort.

PR:		290099
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1871

(cherry picked from commit 5a0617454e37c6a3df4106c24bd5ad20b338fe3a)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Replace ATF_CHECK_* with ATF_REQUIRE_* to fail fast and avoid
unexpected abort.

PR:		290099
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Pull Request:	https://github.com/freebsd/freebsd-src/pull/1871

(cherry picked from commit 5a0617454e37c6a3df4106c24bd5ad20b338fe3a)
</pre>
</div>
</content>
</entry>
</feed>
