NAS-140494 / 26.0.0-BETA.2 / fix containers network with truenasbr0 (by yocalebo) (#18612)
Containers with an explicit NIC device attached to truenasbr0 get
macvtap (DIRECT) networking instead of bridge networking, preventing
them from receiving DHCP addresses or reaching the network.
`factory_utils.py` determines bridge vs direct NIC type using
`nic_attach.startswith('br')`. Since truenasbr0 starts with tr, not br,
it always falls through to DIRECT. This creates a macvtap interface that
bypasses the bridge's IP stack, so the container can't reach dnsmasq for
DHCP.
Containers without an explicit NIC device are unaffected because
`lifecycle.py` auto-adds a NIC with hardcoded NICDeviceType.BRIDGE,
bypassing the factory code entirely.
The same `startswith('br')` check exists in the `trust_guest_rx_filters`
validation in `nic.py`, meaning users could set that flag on truenasbr0
without it being rejected — even though it's invalid for bridge devices.
[8 lines not shown]
[Flang] Compute elemental character MIN/MAX result length in HLFIR (#189464)
This patch fixes lowering of elemental character MIN/MAX in HLFIR.
Previously, these cases could hit a lowering-time TODO
`ElementalIntrinsicCallBuilder::computeDynamicCharacterResultLength` and
abort. This change computes the character result length as the maximum
length of the present actual arguments, allowing valid elemental
character MIN/MAX calls to lower successfully.
Added regression coverage for elemental character MIN/MAX, including
differing-length arguments.
Co-authored-by: Sairudra More <moresair at pe31.hpc.amslabs.hpecorp.net>
NAS-140494 / 27.0.0-BETA.1 / fix containers network with truenasbr0 (#18610)
Containers with an explicit NIC device attached to truenasbr0 get
macvtap (DIRECT) networking instead of bridge networking, preventing
them from receiving DHCP addresses or reaching the network.
`factory_utils.py` determines bridge vs direct NIC type using
`nic_attach.startswith('br')`. Since truenasbr0 starts with tr, not br,
it always falls through to DIRECT. This creates a macvtap interface that
bypasses the bridge's IP stack, so the container can't reach dnsmasq for
DHCP.
Containers without an explicit NIC device are unaffected because
`lifecycle.py` auto-adds a NIC with hardcoded NICDeviceType.BRIDGE,
bypassing the factory code entirely.
The same `startswith('br')` check exists in the `trust_guest_rx_filters`
validation in `nic.py`, meaning users could set that flag on truenasbr0
without it being rejected — even though it's invalid for bridge devices.
[4 lines not shown]
[CodeGen] Do not remove IMPLICIT_DEF unless all uses have undef flag added (#188133)
Do not remove IMPLICIT_DEF of a physreg unless all uses have an undef
flag added. Previously, only the first use instruction had undef flags
added. This will cause a failure in machine instruction verification.
Multi-instruction uses tested in AMDGPU/multi-use-implicit-def.mir and
X86/multi-use-implicit-def.mir.
---------
Signed-off-by: John Lu <John.Lu at amd.com>
linuxkpi: Handle bin attributes in sysfs attribute groups
For instance, this is used by DRM drivers to declare the EDID property
of an GPU output connector:
sysctl -b sys.device.drmn1.card0.card0-DP-1.edid | edid-decode
...
Block 0, Base EDID:
EDID Structure Version & Revision: 1.4
Vendor & Product Identification:
Manufacturer: SAM
Model: 29814
Serial Number: 810635354 (0x3051505a)
Made in: week 15 of 2025
...
Reviewed by: bz, emaste, wulf
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D55176
[CodeGen] Allow rematerializer to rematerialize at the end of a block (#184339)
This makes the rematerializer able to rematerialize MIs at the end of a
basic block. We achieve this by tracking the parent basic block of every
region inside the rematerializer and adding an explicit target region to
some of the class's methods. The latter removes the requirement that we
track the MI of every region (`Rematerializer::MIRegion`) after the
analysis phase; the class member is therefore deleted.
This new ability will be used shortly to improve the design of the
rollback mechanism.
kernel/pci: Use ACPI's ACPI_PWR_FOR_SLEEP().
__HAVE_ACPI was never defined in DragonFly because the PCI upgrade
that brought in this check (4d28e78f7e70287ae03930ce9e16ba027ca69477)
missed actually defining it.
It only affects _suspend() and _resume() functions so in practice it
shouldn't cause any functional change.
mtree(8): Teach about the 'xlink' flag.
This fixes, for now, a confusing warning message during installworld
to be more meaningful:
empty: flags ("schg" is not "schg", modified to "schg")
becomes
empty: flags ("schg" is not "xlink,schg", modified to "schg")
[LV] Add epilogue minimum iteration check in VPlan as well. (#189372)
Update LV to also use the VPlan-based addMinimumIterationCheck for the
iteration count check for the epilogue.
As the VPlan-based addMinimumIterationCheck uses VPExpandSCEV, those
need to be placed in the entry block for now, moving vscale * VF * IC to
the entry for scalable vectors.
The new logic also fails to simplify some checks involving PtrToInt,
because they were only simplified when going through generated IR, then
folding some PtrToInt in IR, then constructing SCEVs again. But those
should be cleaned up by later combines, and there is not really much we
can do other than trying to go through IR.
PR: https://github.com/llvm/llvm-project/pull/189372
releases sidenav: label 14.3 as "Legacy"
It is already categorized this way on the page, just not in the
navigation bar, which still reads "Production Release".
Reviewed by: emaste (releng)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56183
website/i18n: make 'Legacy Release' an i18n keyword
This text appears in the 'sidenav' component on the left side at:
https://www.freebsd.org/releases/
Currently it is hard-coded. Add the keyword to the translation
templates.
Reviewed by: vladlen, ziaee
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D56182
Restore the previous behaviour with maximum verification depth.
The maximum depth is not expected to include the leaf certificate - restore
the decrement prior to checking, which means the previous behaviour is
retained for the callback depth and the maximum depth. Reduce the maximum
depth by one in order to avoid the overwrite that could previously occur.
Thanks to anton@ for flagging the rust-openssl failure in regress.
ok tb@
www/ruby-rack: update to 3.2.6
3.2.6 (2026-04-01)
Security
* CVE-2026-34763 Root directory disclosure via unescaped regex interpolation
in Rack::Directory.
* CVE-2026-34230 Avoid O(n^2) algorithm in Rack::Utils.select_best_encoding
which could lead to denial of service.
* CVE-2026-32762 Forwarded header semicolon injection enables Host and
Scheme spoofing.
* CVE-2026-26961 Raise error for multipart requests with multiple boundary
parameters.
* CVE-2026-34786 Rack::Static header_rules bypass via URL-encoded path mismatch.
[23 lines not shown]
abd: Fix stats asymmetry in case of Direct I/O
abd_alloc_from_pages() does not call abd_update_scatter_stats(),
since memory is not really allocated there. But abd_free_scatter()
called by abd_free() does. It causes negative overflow of some
ABD and possibly ARC counters.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Reviewed-by: Rob Norris <rob.norris at truenas.com>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18390
[MC] Move addEncodingComment() into new base class MCAsmBaseStreamer
This is in preparation to use this functionality in the
SystemZHLASMAsmStreamer. No functional change.
OS-8724 - Reserve vendor-data for SmartOS/Triton use
Reviewed by: Dan McDonald <danmcd at edgecast.io>
Reviewed by: Nahum Shalman <nahum.shalman at edgecast.io>
Approved by: Dan McDonald <danmcd at edgecast.io>
[flang][NFC] Converted five tests from old lowering to new lowering (part 40) (#189791)
Tests converted from test/Lower/Intrinsics: same_type_as.f9, scan.f90,
scan.f90, selected_int_kind.f90, selected_real_kind.f90
[clang-tidy][NFC] Remove the `ObjCModuleTest.cpp` unit test (#185832)
These unit tests only duplicate the tests in
`clang-tools-extra/test/clang-tidy/checkers/objc/forbidden-subclassing.m`.
[MC] Introduce new base class for MCAsmStreamer (#187083)
The class MCAsmBaseStreamer serves as the common base class for streamers
which emit assembly output. It has the same role as MCObjectStreamer has
for streams which emits object files.
[HLSL] Add CalculateLevelOfDetail methods to Texture2D
This adds the CalculateLevelOfDetail and CalculateLevelOfDetailUnclamped
methods to Texture2D using the establish pattern used for other methods.
Assisted-by: Gemini
devel/hp48xgcc: try to fix a race condition during the build
Declare as(1) and ld(1) targets' dependency on the `libLKV.a'
and use it literally instead of the phony `lib' target.
Reported by: pkg-fallout
