Fix missing 2FA account flag and re-enable STIG tests
AccountFlag.TWOFACTOR was set in _get_user_obj() based on
self.twofactor_user, which only becomes true after the PAM OATH
conversation runs -- i.e. it was always false at that point. As a
result 2FA web sessions never carried the '2FA' flag and
validate_stig() rejected every credential, blocking STIG
enablement. This is why the suite had been failing for months.
Set TWOFACTOR in authenticate_oath() on success instead, where
the second factor has actually been verified, mirroring how OTPW
is recorded. Drop the now-dead check from _get_user_obj().
Re-enable tests/stig test_01 and test_02 and restore the conftest
server setup. test_03 stays skipped: its auditd-event checks need
the auditd daemon (Debian auditd.service + tnaudit), which is
managed outside middleware.
[NFC][LLVM] Drop redundant verifier checks for masked load/stores (#204359)
All current verifier checks for masked load/store intrinsics are
redundant as they are covered by the generic intrinsic signature
verification. Drop them.
Rename verifier `intrinsic-bad-arg-type.ll` lit test to
`masked-load-store.ll` and extend it to cover cases corresponding to the
dropped checks to verify that generic intrinsic signature verification
will still flag them.
AMDGPU/Tests: Remove redundant explicit data layouts from AMDGPU tests (#203447)
These all look like either cargo culting of outdated requirements or
test cases that were not fully reduced. Since the data layout evolves
over time with new address spaces being added, it seems good practice to
avoid hard-coding it in tests that don't need it.
[NFC][LLVM] Tighten overload types for `@llvm.get.active.lane.mask` (#204356)
Change return type to `llvm_any_vector_int_ty` and the 2 argument types
to `llvm_any_scalar_int_ty`.
[AArch64] Fix swapped operands in tryFoldCselToFMaxMin (#203230)
These swapped operands will treat nan the wrong way, make sure we only
use the matching direction when converting to fminnm/fmaxnm.
[RISCV][P-ext] Replace v4i8/v2i16 mul and v4i8 mulh patterns on RV32 with custom lowering. (#204382)
Instead of emitting 2 instructions from an isel pattern, custom lower to
PWMUL(S)(U)+SRL+TRUNC.
This only slightly reduces the number of isel patterns today, but we
will need the WMUL patterns for intrinsics. Exposing the SRL+TRUNC to
DAG combine may allow additional optimizations.
Assisted-by: Claude Sonnet 4.6
[CtxProf] emit fatal usage error when flatten-prethinlink runs without guid metadata (#194383)
`ctx-prof-flatten-prethinlink` can call `AssignGUIDPass::getGUID()` on
defined functions even when the GUID metadata is missing. In that case,
LLVM currently asserts on missing `!guid` metadata.
Replace the assertion with `reportFatalUsageError()` so the pass fails
with a clear user-facing error, and add a regression test for invoking
only `ctx-prof-flatten-prethinlink`.
Fixes #194185
security/vuxml: fix NGINX entry again
That's what happens when you're not focused.
Edit the entry again, since it's for nginx-devel
Sponsored by: Netzkommune GmbH
[InstCombine] Register manually created assumes in the AssumptionCache. (#204416)
Instructions inserted via Result->insertInto() bypassing the IRBuilder
inserter that would otherwise register new @llvm.assume calls in the
AssumptionCache.
Register the assume when inserting such a Result, mirroring what the
IRBuilder inserter does.
PR: https://github.com/llvm/llvm-project/pull/204416
java/sigar: remove run_depends
this port is only used as a library
the final application decides what JDK is used
by removing RUN_DEPENDS we prevent installing an unused extra openjdk
Approved-by: no maintainer
databases/mongodb70: 7.0.35
Release notes:
https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.35---june-9--2026
- gen-config.sh is move to scripts/gen-config.sh
- Patch added to circumvent these errors:
src/mongo/util/net/openssl_init.cpp:247:51: error: no member named 'opensslPrimaryDRBGReseedMaxRequests' in namespace 'mongo::crypto'
src/mongo/util/net/openssl_init.cpp:249:45: error: no member named 'opensslPrimaryDRBGReseedMaxTime' in namespace 'mongo::crypto'
- disabled PATCH_FILE for python3.12, didn't apply
- other patches just got a refresh
Security: CVE-2026-9740
Security: CVE-2026-9741
Security: CVE-2026-9746
Security: CVE-2026-9747
Security: CVE-2026-9748
Security: CVE-2026-9749
Security: CVE-2026-9750
[3 lines not shown]
[lldb][test] Don't export all symbols when building Wasm test inferiors (#204426)
WASI.rules linked test inferiors with -Wl,--export-all and the
reactor-style -Wl,--no-entry. I cargo-culted them and neither flag is
needed as our test inferiors all have a main and crt1 provided _start.
The --export-all flag was also harmful: for a no-argument main(),
wasi-libc renames the user's main to __original_main and emits a small
`main` trampoline. The --export-all flag caused that trampoline to an
exported `main` symbol, so `break main` resolved to two locations.
Drop both flags but keep --allow-undefined for inferiors that reference
runtime-provided symbols.
[ProfileData] Add traits for on-disk function offset hash table (NFC) (#202110)
This patch introduces serialization helper classes (traits) for the
on-disk chained hash table that will be used to index function offsets
in the SecFuncOffsetTable section:
- FuncOffsetHashTableWriterInfo (in SampleProfWriter.h) for writing.
- FuncOffsetHashTableInfo (in SampleProfReader.h) for reading.
These traits map a 64-bit function name GUID to a 32-bit byte offset
pointing into the SecLBRProfile section. This index structure is
intended to replace the flat layout of the SecFuncOffsetTable section
in the upcoming v104 format. This will allow the compiler to query the
offset of a function sample without having to parse the entire
SecFuncOffsetTable section at startup.
While these two trait classes share identical boilerplate for type
definitions and key comparison, they are kept separate to maintain
clean interface separation between the reader and writer headers. We
[9 lines not shown]
