LLVM/project 64c70c1llvm/lib/Target/AMDGPU AMDGPULowerVGPREncoding.cpp, llvm/test/CodeGen/AMDGPU vgpr-setreg-mode-swar.mir hazard-setreg-vgpr-msb-gfx1250.mir

[AMDGPU] Refactor setreg handling in the VGPR MSB lowering

It can skip inserting S_SET_VGPR_MSB if we set the mode via
piggybacking. We are now relying on the HW bug for correct
behavior. If/when the bug is fixed lowering will be incorrect.

SETREG is not a piggybacking target anymore. Instead piggybacking is
disabled if we have seen a SETREG since the last mode change.
DeltaFile
+117-48llvm/test/CodeGen/AMDGPU/vgpr-setreg-mode-swar.mir
+14-34llvm/lib/Target/AMDGPU/AMDGPULowerVGPREncoding.cpp
+9-3llvm/test/CodeGen/AMDGPU/hazard-setreg-vgpr-msb-gfx1250.mir
+140-853 files

LLVM/project b2dda8cclang/lib/Analysis/LifetimeSafety FactsGenerator.cpp, clang/test/Sema warn-lifetime-safety.cpp

[LifetimeSafety] Add placement new support (#194030)

Allows flow from placement new closely resembling standard library form.

Comes as part of the completion of #164963.
DeltaFile
+203-11clang/test/Sema/warn-lifetime-safety.cpp
+43-6clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
+246-172 files

OPNSense/core baa1467src/opnsense/mvc/app/views/layouts default.volt

ui: change generic error trap to exclude upgradestatus messages and prevent multiple instances being created, which prevents the user being spammed faster than he/she can close dialogs.

(cherry picked from commit 6f48d0fa4fa0571bd55479271b7dec716c85d53c)
DeltaFile
+9-1src/opnsense/mvc/app/views/layouts/default.volt
+9-11 files

OPNSense/core 0f13ad9src/opnsense/mvc/app/models/OPNsense/Unbound Unbound.php Unbound.xml

Services: Unbound DNS: Overrides - One of the major disadvantages of asking for domains and hostnames seperately is that standard fqdn validations don't apply, which is the case here. Adding a dot at the end of a fqdn is valid, having an empty element isn't. We fix the latter by preventing a hostname ending with a dot here. closes https://github.com/opnsense/core/issues/10170

(cherry picked from commit 16ddd5a1c1f4751171de10b036f0f8e04ac3d682)
DeltaFile
+10-0src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.php
+1-0src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+11-02 files

LLVM/project a94ad60llvm/lib/Target/AMDGPU AMDGPULowerVGPREncoding.cpp, llvm/test/CodeGen/AMDGPU vgpr-setreg-mode-swar.mir

[AMDGPU] Preserve old MSBs when handling SETREG (#191352)
DeltaFile
+1-1llvm/test/CodeGen/AMDGPU/vgpr-setreg-mode-swar.mir
+1-1llvm/lib/Target/AMDGPU/AMDGPULowerVGPREncoding.cpp
+2-22 files

OPNSense/core 593a591src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php FilterController.php

Firewall: Use save method from ApiMutableModelControllerBase for log command, move rule command and savepoint action (#10201)

* Firewall: Use save method from ApiMutableModelControllerBase for log command, move rule command and savepoint action

* Guard all Savepoint Actions additionally as they can interact directly with the config save inside the model

* Add comment to mark the savepoint feature as currently unused by GUI

* We can enable validation on save since only changed fields are evaluated and log or sequence are not chained into other dependant validations
DeltaFile
+15-8src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+1-2src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+16-102 files

OPNSense/core 614b363src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogDNatRule.xml

firewall: clarify redirect target port help text (#10223)

(cherry picked from commit 3d696692a970df18847b844b9d58a4c2748363ef)
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogDNatRule.xml
+1-11 files

OPNSense/core 63ff497src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/Api SettingsController.php, src/opnsense/mvc/app/controllers/OPNsense/Kea/Api Dhcpv4Controller.php Dhcpv6Controller.php

mvc: generalize placeholders between controllers and JS for #10225

(cherry picked from commit 34db4ec6d7c819bec276d178d4d59e5d619391b2)
DeltaFile
+0-8src/opnsense/mvc/app/views/OPNsense/Dnsmasq/settings.volt
+0-8src/opnsense/mvc/app/views/OPNsense/Kea/dhcpv4.volt
+0-8src/opnsense/mvc/app/views/OPNsense/Kea/dhcpv6.volt
+3-1src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Dhcpv4Controller.php
+3-1src/opnsense/mvc/app/controllers/OPNsense/Kea/Api/Dhcpv6Controller.php
+2-1src/opnsense/mvc/app/controllers/OPNsense/Dnsmasq/Api/SettingsController.php
+8-271 files not shown
+11-277 files

OPNSense/core 0864576src/opnsense/scripts/syslog lockout_handler

system: lockout bypass fix

Parse reject messages before parsing success messages.

PR: GHSA-h3vx-4q27-rc42

(cherry picked from commit 7a0a4c174e62f9316f520b8e4dcccd1b6f216213)
DeltaFile
+3-3src/opnsense/scripts/syslog/lockout_handler
+3-31 files

OPNSense/core 7a0a4c1src/opnsense/scripts/syslog lockout_handler

Merge commit from fork

* lockout bypass

* Apply suggestion from @fichtner

* Apply suggestion from @fichtner

* Apply suggestion from @fichtner

---------

Co-authored-by: Konstantinos Spartalis <scoon405 at gmail.com>
DeltaFile
+3-3src/opnsense/scripts/syslog/lockout_handler
+3-31 files

FreeBSD/src 5c4021csys/net if.c

ifnet: if_detach(): Fix races with vmove operations

The rationality is that the driver private data holds a strong reference
to the interface, and the detach operation shall never fail. Given the
vmove operation, if_vmove_loan(), if_vmove_reclaim() or vnet_if_return()
is not atomic and spans multiple steps, acquire ifnet_detach_sxlock only
for if_detach_internal() and if_vmove() is not sufficient. It is possible
that the thread running if_detach() sees stale vnet, or the vmoving is
in progress, then if_unlink_ifnet() will fail.

Fix that by extending coverage of ifnet_detach_sxlock a bit to also
cover if_unlink_ifnet(), so that the entire detach and vmove operation
is serialized.

Given it is an error when the if_unlink_ifnet() fails, and if_detach()
is a public KPI, prefer panic() over assertion on failure, to indicate
explicitly that bad thing happens. That shall also prevent potential
corrupted status of the interface, which is a bit hard to diagnose.


    [6 lines not shown]
DeltaFile
+17-6sys/net/if.c
+17-61 files

FreeBSD/src 3a4c4d6tests/sys/netgraph eiface_test.sh Makefile

tests/netgraph: Add a test for races between if_detach() and vnet_if_return()

A ng_eiface(4) or physical interface does not involve the cloner hence
the detaching is a bit different with epair(4). Add more tests to cover
that.

PR:             292993
MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D56609

(cherry picked from commit 0988abd52352ae0977cd3e5c10316b7d94e1cac8)
DeltaFile
+67-0tests/sys/netgraph/eiface_test.sh
+2-0tests/sys/netgraph/Makefile
+69-02 files

FreeBSD/src 696d159tests/sys/net if_clone_test.sh

tests/net/if_clone_test: Add a test for races between if_detach() and if_vmove_reclaim()

Ideally we shall have tests for all possible races. It is races between
if_detach(), if_vmove_loan(), if_vmove_reclaim() and vnet_if_return().
Well that requires too many tests and it appears to be less valuable to
have them all. So focus on potential in future regressions related to
recent fixes [1] and [2] only.

[1] ee9456ce3753 ifnet: Fix races in if_vmove_reclaim()
[2] ba7f47d47dc1 ifnet: if_detach(): Fix races with vmove operations

MFC after:      3 days
Differential Revision:  https://reviews.freebsd.org/D56606

(cherry picked from commit f4be16983dea4904f85ac20e921ad2a8c18a0f79)
DeltaFile
+29-0tests/sys/net/if_clone_test.sh
+29-01 files

FreeBSD/src c624e04sys/net if_clone.c if.c, sys/netlink/route iface.c

if_clone: Make ifnet_detach_sxlock opaque to consumers

The change e133271fc1b5e introduced ifnet_detach_sxlock, and change
6d2a10d96fb5 widened its coverage, but there are still consumers,
net80211 and tuntap e.g., want it. Instead of sprinkling it everywhere,
make it opaque to consumers.

Out of tree drivers shall also benefit from this change.

Reviewed by:    kp
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D56298

(cherry picked from commit e9fc0c538264355bd3fd9120c650078281c2a290)
DeltaFile
+16-1sys/net/if_clone.c
+1-4sys/net/if.c
+0-3sys/netlink/route/iface.c
+17-83 files

FreeBSD/src ccfc2d9sys/net if.c

ifnet: vnet_if_return(): Avoid unnecessary recursive acquisition of ifnet_detach_sxlock

vnet_if_return() will be invocked by vnet_sysuninit() on vnet destructing,
while the lock ifnet_detach_sxlock has been acquired in vnet_destroy()
already.

With this change the order of locking is more clear. There should be no
functional change.

Reviewed by:    pouria
Fixes:          868bf82153e8 if: avoid interface destroy race
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D56288

(cherry picked from commit f1fae67afbb13a41d488d0e0ec66b1805925019c)
DeltaFile
+2-2sys/net/if.c
+2-21 files

FreeBSD/src 477c3basys/net if.c

ifnet: Move SIOCSIFVNET from ifhwioctl() to ifioctl()

SIOCSIFVNET is not a hardware ioctl. Move it to where it belongs.

Where here, rewrite the logic of checking whether we are moving the
interface from and to the same vnet or not, since it is obviously not
stable to access the interface's vnet, given the current thread may
race with other threads those running if_vmove().

MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55880

(cherry picked from commit 38bd7ef62f318f791e232e217855307a9d75efa0)
DeltaFile
+27-17sys/net/if.c
+27-171 files

FreeBSD/src cef2f7bsys/net if.c

ifnet: Fix races in if_vmove_reclaim()

The thread running if_vmove_reclaim() may race with other threads those
running if_detach(), if_vmove_loan() or if_vmove_reclaim(). In case the
current thread loses race, two issues arise,

 1. It is unstable and unsafe to access ifp->if_vnet,
 2. The interface is removed from "active" list, hence if_unlink_ifnet()
    can fail.

For the first case, check against source prison's vnet instead, given
the interface is obtained from that vnet.

For the second one, return ENODEV to indicate the interface was on the
list but the current thread loses race, to distinguish from ENXIO, which
means the interface or child prison is not found. This is the same with
if_vmove_loan().

Reviewed by:    kp, pouria

    [5 lines not shown]
DeltaFile
+9-5sys/net/if.c
+9-51 files

FreeBSD/src a989b0fsys/net if.c

ifnet: Remove unreachable code

The ioctls SIOCSIFVNET and SIOCSIFRVNET are for userland only. For
SIOCSIFVNET, if_vmove_loan(), the interface is obtained from current
VNET. For SIOCSIFRVNET, if_vmove_reclaim(), a valid child prison is
held before getting the interface. In both cases the VNET of the
obtained interfaces is stable, so there's no need to check it.

No functional change intended.

Reviewed by:    glebius, jamie (for #jails)
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55828

(cherry picked from commit e0731059af912a27d0f842959218946b1daaa7d1)
DeltaFile
+0-18sys/net/if.c
+0-181 files

FreeBSD/src 877fa4fsys/net if.c

ifnet: Add some sanity checks

To be more robust since the checking is now performed where the
interface is referenced.

While here, remove a redundant check from if_vmove_loan().

Reviewed by:    kp, glebius, pouria
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D55875

(cherry picked from commit 00d96da231d007673a1672452748d8ea4f6788ae)
DeltaFile
+19-10sys/net/if.c
+19-101 files

OPNSense/core aa0a2e1src/etc/inc auth.inc

system: protect popen() with exec_safe()

Shell code execution safety has been widely covered in previous releases
but two popen() calls have eluded that previous scope.  The code is a bit
overloaded for historic reasons and trusts the config.xml content, but
it can be manipulated with admin-level access rights through either config
import or XMLRPC sync to contain shell injection which lands on the system
unquoted.  Fix this by splitting up composite variable $user_op and quoting
every dynamic argument to make sure there is no vector left to inject a
command.

PR: GHSA-xxp9-93cr-x54p

(cherry picked from commit 3b6f357e26a38079313b926b5a5d2b7171717d54)
DeltaFile
+9-6src/etc/inc/auth.inc
+9-61 files

LLVM/project 780a182llvm/lib/Target/LoongArch LoongArchLASXInstrInfo.td LoongArchLSXInstrInfo.td, llvm/test/CodeGen/LoongArch/lasx bitsel.ll

[LoongArch] Add patterns for vector bitwise selection (#193753)

Add instruction selection patterns for VBITSEL_V/XVBITSEL_V and
VBITSELI_B/XVBITSELI_B to match the canonical bitwise select idiom:

`(a & b) | (~a & c)`

This enables the backend to generate dedicated bitwise select
instructions instead of separate AND/ANDN/OR sequences.
DeltaFile
+5-15llvm/test/CodeGen/LoongArch/lasx/bitsel.ll
+5-15llvm/test/CodeGen/LoongArch/lsx/bitsel.ll
+11-0llvm/lib/Target/LoongArch/LoongArchLASXInstrInfo.td
+11-0llvm/lib/Target/LoongArch/LoongArchLSXInstrInfo.td
+32-304 files

OPNSense/core 3b6f357src/etc/inc auth.inc

Merge commit from fork

Shell code execution safety has been widely covered in previous releases
but two popen() calls have eluded that previous scope.  The code is a bit
overloaded for historic reasons and trusts the config.xml content, but
it can be manipulated with admin-level access rights through either config
import or XMLRPC sync to contain shell injection which lands on the system
unquoted.  Fix this by splitting up composite variable $user_op and quoting
every dynamic argument to make sure there is no vector left to inject a
command.

PR: GHSA-xxp9-93cr-x54p
DeltaFile
+9-6src/etc/inc/auth.inc
+9-61 files

NetBSD/pkgsrc q9HvDAZdoc CHANGES-2026

   Updated misc/py-trove-classifiers, devel/py-pydantic-settings
VersionDeltaFile
1.2694+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc FkARQeydevel/py-pydantic-settings distinfo Makefile

   py-pydantic-settings: updated to 2.14.0

   2.14.0

   Fix parsing env vars into Optional Strict types
   Fix RecursionError with mutually recursive models in CLI
   Fix env_file from model_config ignored in CliApp.run()
   Update dependencies
   Add Dependabot configuration
   Bump samuelcolvin/check-python-version from 4.1 to 5
   Bump actions/upload-artifact from 4 to 7
   Bump actions/checkout from 4 to 6
   Bump astral-sh/setup-uv from 5 to 7
   Bump actions/setup-python from 5 to 6
   Ignore chardet and group GitHub Actions in Dependabot
   Bump actions/download-artifact from 4 to 8 in the github-actions group
   Bump the python-packages group with 2 updates
   Support reading .env files from FIFOs (e.g. 1Password Environments)
   Fix AliasChoices ignored when changing provider priority

    [20 lines not shown]
VersionDeltaFile
1.14+4-4devel/py-pydantic-settings/distinfo
1.14+2-2devel/py-pydantic-settings/Makefile
+6-62 files

OPNSense/core 43be99dsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php FilterController.php

We can enable validation on save since only changed fields are evaluated and log or sequence are not chained into other dependant validations
DeltaFile
+2-2src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterController.php
+3-32 files

LLVM/project 63ee54alibcxx/include print, libcxx/include/__ostream print.h

[libc++] Refactor std::print to allow for constant folding of the format part (#185459)

```
---------------------------------------------------------
Benchmark                             old             new
---------------------------------------------------------
std::print("Hello, World!")       43.6 ns         9.88 ns
```
DeltaFile
+0-113libcxx/test/libcxx/input.output/iostream.format/print.fun/vprint_unicode_windows.pass.cpp
+111-0libcxx/test/libcxx/input.output/iostream.format/print.fun/output_unicode_windows.pass.cpp
+35-46libcxx/include/print
+39-0libcxx/test/benchmarks/format/print.bench.cpp
+4-5libcxx/include/__ostream/print.h
+189-1645 files

NetBSD/pkgsrc litkqaXmisc/py-trove-classifiers distinfo Makefile

   py-trove-classifiers: updated to 2026.4.28.13

   2026.4.28.13
   * feat: add `litestar` and `starlite` classifiers
VersionDeltaFile
1.46+4-4misc/py-trove-classifiers/distinfo
1.48+3-5misc/py-trove-classifiers/Makefile
+7-92 files

OPNSense/core fc97e01src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php

Add comment to mark the savepoint feature as currently unused by GUI
DeltaFile
+4-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+4-01 files

OPNSense/core 44e0022src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api FilterBaseController.php

Since we guard earlier in the safepoint feature, we could leave the direct config save intact here
DeltaFile
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
+1-11 files

OPNSense/ports 3921484security/strongswan pkg-plist Makefile, security/strongswan/files patch-conf_Makefile.in patch-src_libcharon_plugins_smp_smp.c

security/strongswan: sync with upstream

Taken from: FreeBSD
DeltaFile
+48-4security/strongswan/pkg-plist
+18-6security/strongswan/files/patch-conf_Makefile.in
+6-6security/strongswan/Makefile
+4-4security/strongswan/files/patch-src_libcharon_plugins_smp_smp.c
+3-3security/strongswan/distinfo
+2-2security/strongswan/files/patch-src_swanctl_Makefile.in
+81-251 files not shown
+83-277 files