www/nginx-devel: Update to 1.31.3
Changes:
*) Security: heap buffer overflow when using the map directive with
regex matching (CVE-2026-42533)
*) Security: uninitialized memory access when using unnamed regex
captures with the "slice" directive or background cache update
(CVE-2026-60005)
*) Security: use-after-free when processing a specially crafted
proxied backend response with the ngx_http_ssi_filter_module
(CVE-2026-56434)
*) Change: the size of headers and trailers in HTTP/2 responses in
the ngx_http_proxy_v2_module and ngx_http_grpc_module is now
limited with "proxy_buffer_size" and "grpc_buffer_size"
*) Feature: the "xml_external_entities" directive in the
ngx_http_xslt_filter_module; loading of external entities is now
disabled by default
[9 lines not shown]
tcp: Align PRR implementation with RFC 9937
- Early return when no new data is delivered
- Switching from PRR-CRB to PRR-SSRB only when both SND.UNA advances and no further loss is indicated.
- Accounting for sequence ranges SACKed before entering recovery in RecoverFS calculation.
- Force a fast retransmit upon entering recovery when prr_out is 0 AND SndCnt is 0.
- Set cwnd to ssthresh post recovery.
Obtained from: mohnishhemanthkumar_gmail.com
Reviewed by: rscheff, tuexen
Differential Revision: https://reviews.freebsd.org/D56535
MFC after: 3 months
lang/gcc12: pull over the changes to rs6000/netbsd.h from our in-tree gcc.
This is so that this builds and runs on powerpc/11.0*.
The most important fix is that on powerpc, -msecure-plt is enabled by
default, so that resulting executables can be run with PAX_MPROTECT active.
Otherwise, we end up with executables with sections which have both
"write" and "execute" turned on, which PAX_MPROTECT rejects.
Fixes PR#60439.
Bump PKGREVISION for both gcc12 and gcc12-libs, to adhere to rules in comments.
base64_encode(): avoid reading off end of clear
Don't read clear[i+2] without bounds checking,
which can occur when (len % 3) == 1.
Issue reported in private email by "Acts1631",
and confirmed with gcc15 asan and a test harness.
[lldb][NativePDB] Fix width and signedness of enum constants (#210338)
Enumerator values aren't always encoded in the correct bit width and
signedness. This happens with both MSVC and Clang.
On MSVC, unsigned 64bit enumerators can be encoded as signed. For
example `ULONGLONG_MAX` will be encoded as `-1`.
Clang/LLVM will always encode the values as unsigned.
Example: https://godbolt.org/z/96YjGW48W.
I fixed this by setting the expected width and signedness when creating
the enumerator constant. We can't use a shell test like for the other
PDB tests, because no output shows the enum values.
p5-Data-Alias: update to 1.30.
1.30 2026-03-11 XMATH
- Use isGV_with_GP_on when available. (RT 173582)
1.29 2026-02-02 XMATH
- Fix compatibility with perl 5.43.8 (contributed by mauke)
[SPIR-V] Handle bfloat in getZeroFP/getOneFP (#202859)
Related spirv-val change:
https://github.com/KhronosGroup/SPIRV-Tools/pull/6734
---------
Co-authored-by: Juan Manuel Martinez Caamaño <jmartinezcaamao at gmail.com>
[alpha.webkit.UncountedCallArgsChecker] Crash in printArgument (#210411)
The crash was caused by missing nullptr check for Decl used to get
printing policy. Fixed the bug by replacing the use of Decl with
BugManager to get the policy.
www/remark42: update to 1.16.4
Switch build toolchain from npm-node22 to npm-node24. The frontend
switched to pnpm workspaces but the app has no intra-repo dependencies,
so npm continues to work with COREPACK_ENABLE_STRICT=0.