OPNSense/core be35c9fsrc/opnsense/www/js opnsense_bootgrid.js

bootgrid: adjust column persistence behavior to prevent horizontal dead space
DeltaFile
+15-0src/opnsense/www/js/opnsense_bootgrid.js
+15-01 files

LLVM/project 67a902fllvm/include/llvm/IR Constants.h, llvm/lib/Analysis ConstantFolding.cpp

[LLVM] Refactor ConstantFP member functions to rely on its native vector support. (#197931)

ConstantFP has native vector support so many of its member functions can
be simplified by removing the ConstantVector indirection and can return
a ConstantFP* rather than a generic Constant*.

NOTE: The changes to ConstantFolding.cpp are reverting part of
https://github.com/llvm/llvm-project/pull/193254 that was necessary at
the time.
DeltaFile
+25-56llvm/lib/IR/Constants.cpp
+12-12llvm/include/llvm/IR/Constants.h
+8-8llvm/lib/Analysis/ConstantFolding.cpp
+45-763 files

LLVM/project 15bc560clang/test/Driver modules-driver-incompatible-options.cpp

[clang][test] Use `FileCheck` in `Driver/modules-driver-incompatible-options.cpp` (#198218)

The test had `CHECK` directives that were never executed because the
`RUN` line did not pipe output to `FileCheck`.

This also includes `2>&1` before the pipe to `FileCheck`, since Clang's
driver error messages are written to `stderr`.

This also adds `%t/` prefix to `main.cpp`, which should be the intended
directory.
DeltaFile
+1-1clang/test/Driver/modules-driver-incompatible-options.cpp
+1-11 files

FreeNAS/freenas d978784src/middlewared/middlewared main.py, tests/api2 test_webshell_audit.py

Fix ruff
DeltaFile
+62-42tests/api2/test_webshell_audit.py
+9-3src/middlewared/middlewared/main.py
+71-452 files

FreeNAS/freenas 4f35466src/middlewared/middlewared/apps webshell_app.py, src/middlewared/middlewared/plugins auth.py

webshell: replace sudo gating with per-shell-type RBAC + audit

The shell websocket handler used to wrap VM/APP/CONTAINER commands in
`sudo -H -u <user>` for users without ALL-sudo, then run unwrapped
otherwise. In practice the wrapped form failed at root-owned libvirt/
docker sockets, so authorization was effectively "do you have
unrestricted sudo?" — coarse, surprising, and not auditable. The reason
why we did this historically was because the shell feature here was
added before we actually had RBAC.

Replace it with an explicit role gate keyed on the requested shell type:

  HOST       -> web_shell privilege only (unchanged) -- login as user
  VM         -> web_shell + VM_WRITE
  CONTAINER  -> web_shell + CONTAINER_WRITE
  APP        -> web_shell + APPS_WRITE

`auth.get_token_for_shell_application` now takes the shell_type and
returns structured errors (WEB_SHELL_DENIED, MISSING_ROLE) along with

    [11 lines not shown]
DeltaFile
+179-146src/middlewared/middlewared/apps/webshell_app.py
+125-0tests/api2/test_webshell_audit.py
+42-10tests/api2/test_account_privilege_authentication.py
+31-2src/middlewared/middlewared/plugins/audit/schema/middleware.py
+21-2src/middlewared/middlewared/plugins/auth.py
+21-0src/middlewared/middlewared/utils/auth.py
+419-1601 files not shown
+422-1637 files

FreeNAS/freenas 68170b1src/middlewared/middlewared/plugins/directoryservices_ activedirectory_health_mixin.py, tests/unit test_activedirectory_health.py

More ruff fixes
DeltaFile
+281-214tests/unit/test_activedirectory_health.py
+0-16src/middlewared/middlewared/plugins/directoryservices_/activedirectory_health_mixin.py
+281-2302 files

FreeNAS/freenas c03e507src/middlewared/middlewared/plugins/directoryservices_ connection.py, tests/unit test_directoryservices_secrets.py

Address review
DeltaFile
+7-4src/middlewared/middlewared/plugins/directoryservices_/connection.py
+2-6tests/unit/test_directoryservices_secrets.py
+9-102 files

FreeNAS/freenas d05e518tests/unit test_directoryservices_reset.py test_activedirectory_join.py

Add yet more ruff fixes
DeltaFile
+107-92tests/unit/test_directoryservices_reset.py
+63-37tests/unit/test_activedirectory_join.py
+25-24tests/unit/test_directoryservices_secrets.py
+195-1533 files

FreeNAS/freenas b792b8asrc/middlewared/middlewared/plugins/directoryservices_ activedirectory_health_mixin.py datastore.py, src/middlewared/middlewared/utils/directoryservices credential.py

Fix ruff errors
DeltaFile
+15-0src/middlewared/middlewared/plugins/directoryservices_/activedirectory_health_mixin.py
+2-2src/middlewared/middlewared/plugins/directoryservices_/datastore.py
+1-1src/middlewared/middlewared/utils/directoryservices/credential.py
+18-33 files

FreeNAS/freenas 327477esrc/middlewared/middlewared/plugins/directoryservices_ activedirectory_health_mixin.py, tests/unit test_activedirectory_health.py test_directoryservices_reset.py

Active Directory: fix rejoin, harden reset/recover, improve diagnostics

SAF cache stores {host, ip} dict (host captured via a fresh CLDAP ping to
the chosen kdc_server IP, so the pair authoritatively identifies one DC).
_saf_kdc_name uses the cached host directly, avoiding RDNS in samba's
--server flag and the krb5.conf kdc= override. activate_standby accepts
both the legacy single-string IP and the new dict form for HA mixed-version
upgrades.

_health_check_ad runs _test_machine_account_password only as a refinement
of a failing WBClient.ping_dc(). No krb5.conf churn on healthy systems;
AD_SECRET_INVALID fires only when ping_dc has already failed AND the
password test confirms a credential mismatch (PREAUTH_FAILED). The temp
krb5.conf the test writes now mirrors the system config (rdns=false,
dns_canonicalize_hostname=false, NAS-138687) and is restored via a finally
block so KRB5Error doesn't leave the system config polluted.

_recover_secrets typo fix: KRB5_PREAUTH_FAILED -> KRB5KDC_ERR_PREAUTH_FAILED.
The wrong constant meant the credential-mismatch arm was previously

    [18 lines not shown]
DeltaFile
+624-0tests/unit/test_activedirectory_health.py
+309-0tests/unit/test_directoryservices_reset.py
+200-0tests/unit/test_activedirectory_join.py
+123-51src/middlewared/middlewared/plugins/directoryservices_/activedirectory_health_mixin.py
+105-0tests/unit/test_directoryservices_secrets.py
+97-0tests/unit/test_krb5.py
+1,458-517 files not shown
+1,706-7913 files

OPNSense/plugins 4b94d33Mk plugins.mk

make: readlink -f needs an argument
DeltaFile
+1-1Mk/plugins.mk
+1-11 files

FreeBSD/ports ed772e9cad/openvsp distinfo Makefile, cad/openvsp/files patch-src_external_GeometricTools_GeometricTools_GTE_Mathematics_BSNumber.h

cad/openvsp: Update to 3.50.3

ChangeLog:
https://openvsp.org/blogs/announcements/2026/05/15/openvsp-3-50-3-released

 * Fix corrupt XML file output with vectors of vec3d’s
 * Fix crash when changing XSec type when CEdit screen still open
 * Fix problem reading VSPAERO results that caused ghost results
 * Write full precision in files sent to VSPAERO
DeltaFile
+0-12cad/openvsp/files/patch-src_external_GeometricTools_GeometricTools_GTE_Mathematics_BSNumber.h
+3-3cad/openvsp/distinfo
+1-2cad/openvsp/Makefile
+4-173 files

FreeBSD/ports e39255bnet-im/openfire pkg-plist distinfo

net-im/openfire: Update to 5.0.5

ChangeLog:
https://download.igniterealtime.org/openfire/docs/5.0.5/changelog.html

Improvement

 * Display newlines in details of logged SecurityAuditManager events
 * Do not show 'max users' count for a MUC when it is 0 (unlimited)
 * Bump BouncyCastle.version from 1.78.1 to 1.84
 * LDAP context-close failures are logged without their exception stack trace
 * Upgrade MySQL Connector/J driver to 8.4.0 release
 * Upgrade Jetty webserver library to 12.0.35 release
 * Update org.glassfish.jaxb:jaxb-runtime to the latest of the 2.3.x line

Task

 * Disabled performance benchmark in IQEntityTimeHandlerTest should be removed
   or converted

    [15 lines not shown]
DeltaFile
+39-39net-im/openfire/pkg-plist
+5-5net-im/openfire/distinfo
+2-3net-im/openfire/Makefile
+46-473 files

Dreckly/dreckly a2b52d3games/cbonsai PLIST Makefile

cbonsai: Add bash completion.
DeltaFile
+1-0games/cbonsai/PLIST
+0-1games/cbonsai/Makefile
+1-12 files

Dreckly/dreckly c80f8f6games/cbonsai Makefile distinfo, games/cbonsai/patches patch-cbonsai.c patch-Makefile

cbonsai: Initial import.
DeltaFile
+27-0games/cbonsai/Makefile
+21-0games/cbonsai/patches/patch-cbonsai.c
+17-0games/cbonsai/patches/patch-Makefile
+7-0games/cbonsai/distinfo
+4-0games/cbonsai/DESCR
+3-0games/cbonsai/PLIST
+79-01 files not shown
+80-07 files

LLVM/project f97789dllvm/test/Transforms/ArgumentPromotion/BPF argpromotion.ll

[ArgumentPromotion][BPF] Regenerate check lines (NFC) (#198272)

Test update after 7f396dbc9cdcf33e85dd857945dd8f1e921f887c, previously
missing.

Fixes: https://github.com/llvm/llvm-project/issues/198264.
DeltaFile
+1-7llvm/test/Transforms/ArgumentPromotion/BPF/argpromotion.ll
+1-71 files

LLVM/project 71b76ebflang-rt/test/Driver write01.f90

[flang-rt][test] Fix write01.f90 missing LD_LIBRARY_PATH (introduced in #187662) (#198230)

The test binary was run without setting LD_LIBRARY_PATH, causing
libflang_rt.runtime.so to not be found at runtime. Match the pattern
used other tests in the same directory.

Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>
DeltaFile
+2-1flang-rt/test/Driver/write01.f90
+2-11 files

NetBSD/pkgsrc-wip 24728bdpy-zensical distinfo, py-zensical/patches patch-crates_zensical_src_watcher.rs

py-zensical: add upstream patch for better NetBSD support
DeltaFile
+40-0py-zensical/patches/patch-crates_zensical_src_watcher.rs
+1-0py-zensical/distinfo
+41-02 files

NetBSD/pkgsrc tK17IFgdoc CHANGES-2026

   Removed lang/nodejs20
VersionDeltaFile
1.3097+2-1doc/CHANGES-2026
+2-11 files

LLVM/project 4e7b5e0flang-rt/test/Driver write01.f90

[flang-rt][test] Fix write01.f90 missing LD_LIBRARY_PATH (introduced in #187662)

The test binary was run without setting LD_LIBRARY_PATH, causing
libflang_rt.runtime.so to not be found at runtime. Match the pattern
used by exec.f90 and ctofortran.f90.

Co-Authored-By: Claude Sonnet 4.6 <noreply at anthropic.com>
DeltaFile
+2-1flang-rt/test/Driver/write01.f90
+2-11 files

LLVM/project 6aac107llvm/lib/Passes PassBuilderPipelines.cpp

[PassBuilder] Consistently use isLTOXxx helper functions (NFC) (#196290)

In `PassBuilderPipelines.cpp`, we sometimes use `isLTOPreLink()`/etc
helper functions and sometimes direct comparison against elements of the
`ThinOrFullLTOPhase` enum.

This patch add a few more helper functions and makes the code
consistently use them.
DeltaFile
+47-34llvm/lib/Passes/PassBuilderPipelines.cpp
+47-341 files

LLVM/project 40013b3lldb/source/Plugins/Process/gdb-remote GDBRemoteCommunicationClient.cpp

[lldb][NFC] Deduplicate code to format speed test packet (#198268)

The code was the same as the existing MakeSpeedTestPacket helper
function.
DeltaFile
+1-12lldb/source/Plugins/Process/gdb-remote/GDBRemoteCommunicationClient.cpp
+1-121 files

LLVM/project c7c289ellvm/test/Transforms/SLPVectorizer/X86 arith-mul-smulo.ll arith-add-saddo.ll

Revert "[SLP] Vectorize struct-returning intrinsics" (#198265)

It causes assertions failure such as this one. See discussion on the PR.

  Constants.cpp:2802:
static Constant *llvm::ConstantExpr::getInsertElement(Constant *,
Constant *, Constant *, Type *): Assertion `Val->getType()->isVectorTy()
&&
  "Tried to create insertelement operation on non-vector type!"' failed.

> Allow SLP to combine across lanes calls that return a literal struct
> (llvm.sincos, llvm.*.with.overflow, llvm.frexp, ...) into a single
> call returning a struct of vectors, by widening {T, T, ...} to
> {<VF x T>, ...} via VectorTypeUtils and emitting extractvalue +
> extractelement for external uses.
>
> Original Pull Request:
https://github.com/llvm/llvm-project/pull/195521
>

    [22 lines not shown]
DeltaFile
+615-549llvm/test/Transforms/SLPVectorizer/X86/arith-mul-smulo.ll
+615-449llvm/test/Transforms/SLPVectorizer/X86/arith-add-saddo.ll
+615-449llvm/test/Transforms/SLPVectorizer/X86/arith-sub-usubo.ll
+615-449llvm/test/Transforms/SLPVectorizer/X86/arith-sub-ssubo.ll
+615-449llvm/test/Transforms/SLPVectorizer/X86/arith-add-uaddo.ll
+615-429llvm/test/Transforms/SLPVectorizer/X86/arith-mul-umulo.ll
+3,690-2,77455 files not shown
+4,758-4,21861 files

FreeBSD/ports 10b1ea3security/vuls distinfo Makefile

security/vuls: Update to 0.39.1

Release notes:  https://github.com/future-architect/vuls/releases/tag/v0.39.1
DeltaFile
+5-5security/vuls/distinfo
+1-1security/vuls/Makefile
+6-62 files

NetBSD/pkgsrc JPBfOYOlang Makefile, lang/nodejs nodeversion.mk

   nodejs20: removed; end-of-life
VersionDeltaFile
1.23+9-11lang/nodejs/nodeversion.mk
1.788+1-2lang/Makefile
1.9+1-1lang/nodejs20/buildlink3.mk
1.28+1-1lang/nodejs20/distinfo
1.2+1-1lang/nodejs20/patches/patch-common.gypi
1.2+1-1lang/nodejs20/patches/patch-deps_cares_cares.gyp
+14-1724 files not shown
+37-4030 files

LLVM/project aaf8d4elldb/source/Target AssertFrameRecognizer.cpp, lldb/test/Shell/Recognizer assert.test

Revert "[lldb][windows] add assert frame recognizer Windows (#197282)" (#198263)

This reverts commit 9144646bed5684833fd4c7874c5d1ad78f3f3fe0.
DeltaFile
+13-40lldb/source/Target/AssertFrameRecognizer.cpp
+2-1lldb/test/Shell/Recognizer/assert.test
+15-412 files

NetBSD/pkgsrc uuxziLcdoc CHANGES-2026 TODO

   Updated devel/py-uv[-build]
VersionDeltaFile
1.3096+3-1doc/CHANGES-2026
1.27282+1-2doc/TODO
+4-32 files

NetBSD/pkgsrc vuYrx0edevel/py-uv distinfo cargo-depends.mk, devel/py-uv-build distinfo

   py-uv py-uv-build: updated to 0.11.14

   0.11.14

   Enhancements

   Add Astral mirror URL override
   Ignore top_level.txt entries in uninstall that are not valid Python identifiers

   Bug fixes

   Avoid applying .env files in parent process
   Filter ANSI codes in logging output
   Fix uv tree showing extra-conditional deps for packages required without extras
   Respect build options (e.g., --no-build) during lock validation
VersionDeltaFile
1.24+10-10devel/py-uv-build/distinfo
1.23+10-10devel/py-uv/distinfo
1.21+2-2devel/py-uv/cargo-depends.mk
1.25+2-2devel/py-uv/Makefile.common
+24-244 files

LLVM/project d7aa289mlir/lib/ExecutionEngine CudaRuntimeWrappers.cpp

[MLIR][ExecutionEngine] Revert stream/event teardown error suppressions (#194440)

#190717 fixed the race that produced CUDA_ERROR_CONTEXT_IS_DESTROYED on
mgpuStreamDestroy, mgpuStreamWaitEvent, mgpuEventDestroy, and
mgpuEventSynchronize. This changes restores CUDA_REPORT_IF_ERROR on
those four sites.

Keep the CUDA_ERROR_DEINITIALIZED tolerance on mgpuModuleUnload because
that's a separate global-destructor ordering issue, and an error on
module unload is benign anyway.

This is a partial revert of #190563.

Assisted-by: Claude
DeltaFile
+9-29mlir/lib/ExecutionEngine/CudaRuntimeWrappers.cpp
+9-291 files

LLVM/project ae265f5llvm/lib/Transforms/Vectorize VPlanValue.h VPlan.cpp, llvm/unittests/Transforms/Vectorize VPlanTest.cpp

[VPlan] Remove Def pointer from for VPSingleDefRecipes (NFC) (#195483)

For VPSingleDefRecipe, the VPRecipeValue's Def pointer always points
back to the containing VPRecipeBase, which is computable via
static_cast.

Introduce 2 VPRecipeValue subclasses to distinguish the VPValues defined
by VPSingleDefRecipes (VPSingleDefValue), and VPStandaloneValue for
other recipes.

The former does not need to store a pointer to the defining recipe, as
it can be computed via static_cast. This saves 8 bytes for most recipes.
I plan to use the extra bytes to store the type directly in VPValue as
follow-ups.

PR: https://github.com/llvm/llvm-project/pull/195483
DeltaFile
+56-15llvm/lib/Transforms/Vectorize/VPlanValue.h
+23-12llvm/lib/Transforms/Vectorize/VPlan.cpp
+7-7llvm/lib/Transforms/Vectorize/VPlan.h
+2-2llvm/unittests/Transforms/Vectorize/VPlanTest.cpp
+88-364 files