net-mgmt/monitoring-plugins: Update to 3.0.1
*) Security: fix a potential local privilege escalation in check_icmp,
which might be possible if check_icmp runs with setuid (the default)
*) Change: check_nt, check_ntp, check_nwstat and check_overcr were
removed upstream; check_ntp is replaced by check_ntp_time and
check_ntp_peer
*) Change: check_http is deprecated in favor of check_curl
*) Change: check_snmp now uses net-snmp natively instead of executing
snmpget
*) Change: generalized, mostly multi-line output for many plugins
*) Fix: check_curl now populates the DNS cache when the hostname is
resolved locally
Release Notes:
https://github.com/monitoring-plugins/monitoring-plugins/releases/tag/v3.0.1
PR: 296451
[3 lines not shown]
net-mgmt/monitoring-plugins: Update to 3.0.1
*) Security: fix a potential local privilege escalation in check_icmp,
which might be possible if check_icmp runs with setuid (the default)
*) Change: check_nt, check_ntp, check_nwstat and check_overcr were
removed upstream; check_ntp is replaced by check_ntp_time and
check_ntp_peer
*) Change: check_http is deprecated in favor of check_curl
*) Change: check_snmp now uses net-snmp natively instead of executing
snmpget
*) Change: generalized, mostly multi-line output for many plugins
*) Fix: check_curl now populates the DNS cache when the hostname is
resolved locally
Release Notes:
https://github.com/monitoring-plugins/monitoring-plugins/releases/tag/v3.0.1
PR: 296451
Sponsored by: Netzkommune GmbH
Import tzdata2026c from locally built tzdata2026cgtz.tar.gz
The real tzdata2026cgtz.tar.gz is not yet available (Europe in July!)
so I made a version which I think should be it. If there happen to
be any material differences when the real one appears, I will do an
update. Any irrelevant differences can just wait until next time.
Summary of changes in tzdata2026c (2026-07-08 10:23:58 -0700):
* Alberta’s 2026-03-08 spring forward was its last foreseeable clock
change, as it moved to permanent -06 thereafter.
* Although another TZDB release will likely be needed soon because
Northwest Territories will likely follow Alberta, the legal
formalities have not yet taken place.
* Morocco plans to move back to permanent UTC, without daylight
saving time transitions, on 2026-09-20 at 02:00.
* Changes to commentary.
[mlir][IR] Add SymbolUserTypeInterface (#198435)
This change adds SymbolUserTypeInterface, analogous to
SymbolUserAttrInterface, and extends SymbolTable verification to check
participating types.
Verification visits the types owned by an operation, (operand/result
types, block argument types, attribute-contained types, nested type
parameters) and checks each distinct type at most once, interrupting on
the first failure. Deduplication spans the whole symbol-table walk, so a
type used by multiple operations is checked only once.
Attribute (SymbolUserAttrInterface) verification also gets deduped the
same way.
Assisted-by: Codex (OpenAI)
Assisted-by: Claude (Anthropic)
tzdata2netbsd - minor updates
Add a few \n's missing from printf's that rarely (if ever) get used.
Add a new message before comparing files, so if there are differences
it is clear which file the differences are in. When doing that, ignore
any patch remnant files that might have been left around by accident.
www/nginx-devel: Update to 1.31.3
Changes:
*) Security: heap buffer overflow when using the map directive with
regex matching (CVE-2026-42533)
*) Security: uninitialized memory access when using unnamed regex
captures with the "slice" directive or background cache update
(CVE-2026-60005)
*) Security: use-after-free when processing a specially crafted
proxied backend response with the ngx_http_ssi_filter_module
(CVE-2026-56434)
*) Change: the size of headers and trailers in HTTP/2 responses in
the ngx_http_proxy_v2_module and ngx_http_grpc_module is now
limited with "proxy_buffer_size" and "grpc_buffer_size"
*) Feature: the "xml_external_entities" directive in the
ngx_http_xslt_filter_module; loading of external entities is now
disabled by default
[11 lines not shown]
www/nginx-devel: Update to 1.31.3
Changes:
*) Security: heap buffer overflow when using the map directive with
regex matching (CVE-2026-42533)
*) Security: uninitialized memory access when using unnamed regex
captures with the "slice" directive or background cache update
(CVE-2026-60005)
*) Security: use-after-free when processing a specially crafted
proxied backend response with the ngx_http_ssi_filter_module
(CVE-2026-56434)
*) Change: the size of headers and trailers in HTTP/2 responses in
the ngx_http_proxy_v2_module and ngx_http_grpc_module is now
limited with "proxy_buffer_size" and "grpc_buffer_size"
*) Feature: the "xml_external_entities" directive in the
ngx_http_xslt_filter_module; loading of external entities is now
disabled by default
[9 lines not shown]
replace qwx virtual interface list with a single interface structure
Fixes use of stale pointers on the vif list which caused crashes.
We do not support multiple interfaces per driver in our net80211 stack,
so this list inherited from Linux was pointless for us anyway.
Tested by ajacoutot, phessler, kettenis, gnezdo, krw, and myself.
ok phessler@ kettenis@ gnezdo@
tcp: Align PRR implementation with RFC 9937
- Early return when no new data is delivered
- Switching from PRR-CRB to PRR-SSRB only when both SND.UNA advances and no further loss is indicated.
- Accounting for sequence ranges SACKed before entering recovery in RecoverFS calculation.
- Force a fast retransmit upon entering recovery when prr_out is 0 AND SndCnt is 0.
- Set cwnd to ssthresh post recovery.
Obtained from: mohnishhemanthkumar_gmail.com
Reviewed by: rscheff, tuexen
Differential Revision: https://reviews.freebsd.org/D56535
MFC after: 3 months
lang/gcc12: pull over the changes to rs6000/netbsd.h from our in-tree gcc.
This is so that this builds and runs on powerpc/11.0*.
The most important fix is that on powerpc, -msecure-plt is enabled by
default, so that resulting executables can be run with PAX_MPROTECT active.
Otherwise, we end up with executables with sections which have both
"write" and "execute" turned on, which PAX_MPROTECT rejects.
Fixes PR#60439.
Bump PKGREVISION for both gcc12 and gcc12-libs, to adhere to rules in comments.
base64_encode(): avoid reading off end of clear
Don't read clear[i+2] without bounds checking,
which can occur when (len % 3) == 1.
Issue reported in private email by "Acts1631",
and confirmed with gcc15 asan and a test harness.
[lldb][NativePDB] Fix width and signedness of enum constants (#210338)
Enumerator values aren't always encoded in the correct bit width and
signedness. This happens with both MSVC and Clang.
On MSVC, unsigned 64bit enumerators can be encoded as signed. For
example `ULONGLONG_MAX` will be encoded as `-1`.
Clang/LLVM will always encode the values as unsigned.
Example: https://godbolt.org/z/96YjGW48W.
I fixed this by setting the expected width and signedness when creating
the enumerator constant. We can't use a shell test like for the other
PDB tests, because no output shows the enum values.
p5-Data-Alias: update to 1.30.
1.30 2026-03-11 XMATH
- Use isGV_with_GP_on when available. (RT 173582)
1.29 2026-02-02 XMATH
- Fix compatibility with perl 5.43.8 (contributed by mauke)