FreeBSD/doc bef56d2website/data/security advisories.toml

Correct the 26:11 advisory to be amd64.

Approved by:    so
DeltaFile
+1-1website/data/security/advisories.toml
+1-11 files

LLVM/project 10f8205llvm/lib/Transforms/Vectorize SLPVectorizer.cpp, llvm/test/Transforms/SLPVectorizer/X86 expanded-binop-doesnotneedschedule-user.ll

[SLP]Fix stale deps for operands of non-scheduled expanded-binop parents

When a parent tree entry does not require scheduling and contains an
expanded binop (e.g. `shl x, 1` modelled as `add x, x`), it never gets
a bundle. So, the operand's `ScheduleData::Dependencies` keeps the count
from the first sibling's `tryScheduleBundle` and misses later-added
entries sharing the same expanded scalar. At real scheduling,
`schedule()` then issues decrements for every current containing entry
and trips `UnscheduledDeps >= 0`.

Fixes #193040

Reviewers: 

Pull Request: https://github.com/llvm/llvm-project/pull/193265
DeltaFile
+36-0llvm/test/Transforms/SLPVectorizer/X86/expanded-binop-doesnotneedschedule-user.ll
+11-0llvm/lib/Transforms/Vectorize/SLPVectorizer.cpp
+47-02 files

LLVM/project 66e674ellvm/lib/Target/SPIRV SPIRVEmitIntrinsics.cpp

Simplify loop
DeltaFile
+5-8llvm/lib/Target/SPIRV/SPIRVEmitIntrinsics.cpp
+5-81 files

LLVM/project 6c5b4a7lldb/include/lldb/ValueObject DILParser.h, lldb/source/ValueObject DILEval.cpp DILParser.cpp

[lldb] Move GetTypeSystemFromCU to DILEval.cpp (NFC) (#193245)

`GetTypeSystemFromCU` is used only in `DILEval.cpp`.
DeltaFile
+10-0lldb/source/ValueObject/DILEval.cpp
+0-10lldb/source/ValueObject/DILParser.cpp
+0-3lldb/include/lldb/ValueObject/DILParser.h
+10-133 files

FreeBSD/ports 82205ebsecurity/wolfssh distinfo pkg-plist

security/wolfssh: Update to 1.5.0

Changes:        https://github.com/wolfSSL/wolfssh/releases
Security:       CVE-2026-0930
(cherry picked from commit 0abd69b00a7c07534fa6be3a43bf365b11084b29)
DeltaFile
+3-3security/wolfssh/distinfo
+1-1security/wolfssh/pkg-plist
+1-1security/wolfssh/Makefile
+5-53 files

FreeBSD/ports 58975d4net/libngtcp2-wolfssl distinfo Makefile

net/libngtcp2-wolfssl: Update to 1.22.0

Changes:        https://github.com/ngtcp2/ngtcp2/releases
(cherry picked from commit a0564bada1ff39a768d62a888a291d9d01e8c4b8)
DeltaFile
+3-3net/libngtcp2-wolfssl/distinfo
+1-1net/libngtcp2-wolfssl/Makefile
+1-1net/libngtcp2-wolfssl/pkg-plist
+5-53 files

FreeBSD/ports 0d80880net/libngtcp2-wolfssl distinfo Makefile

net/libngtcp2-wolfssl: Update to 1.22.1

Changes:        https://github.com/ngtcp2/ngtcp2/releases
Security:       CVE-2026-40170
(cherry picked from commit 122e48974a3b2b883de87032439ceeec70726578)
DeltaFile
+3-3net/libngtcp2-wolfssl/distinfo
+1-1net/libngtcp2-wolfssl/Makefile
+4-42 files

FreeBSD/ports 172f658net/libngtcp2-wolfssl pkg-descr Makefile

net/libngtcp2-wolfssl: Fix COMMENT and pkg-descr

(cherry picked from commit fa35317447a5a72d878052634eec31fb427a36e8)
DeltaFile
+1-1net/libngtcp2-wolfssl/pkg-descr
+1-1net/libngtcp2-wolfssl/Makefile
+2-22 files

FreeBSD/ports 181321fnet/libngtcp2-gnutls distinfo Makefile

net/libngtcp2-gnutls: Update to 1.22.1

Changes:        https://github.com/ngtcp2/ngtcp2/releases
Security:       CVE-2026-40170
(cherry picked from commit f36baa7244b348f997e9e891fb0cf24a2c0b3165)
DeltaFile
+3-3net/libngtcp2-gnutls/distinfo
+1-1net/libngtcp2-gnutls/Makefile
+4-42 files

FreeBSD/ports 02ff5f4net/libngtcp2-gnutls distinfo pkg-plist

net/libngtcp2-gnutls: Update to 1.22.0

Changes:        https://github.com/ngtcp2/ngtcp2/releases
(cherry picked from commit 9b2f4678e3d8d72058013216c6a0a50ef5e796e9)
DeltaFile
+3-3net/libngtcp2-gnutls/distinfo
+1-1net/libngtcp2-gnutls/pkg-plist
+1-1net/libngtcp2-gnutls/Makefile
+5-53 files

FreeBSD/ports 68fd058net/libngtcp2-boringssl distinfo Makefile

net/libngtcp2-boringssl: Update to 1.22.1

Changes:        https://github.com/ngtcp2/ngtcp2/releases
Security:       CVE-2026-40170
(cherry picked from commit f10bbc445f1b1755a05ca7c8f6c0d17aac7bfc5b)
DeltaFile
+3-3net/libngtcp2-boringssl/distinfo
+1-1net/libngtcp2-boringssl/Makefile
+4-42 files

FreeBSD/ports 0343372net/libngtcp2-gnutls Makefile

net/libngtcp2-gnutls: Fix COMMENT

(cherry picked from commit ffd24c1b63bbd4d5df8a9b0bab5736b27115a6af)
DeltaFile
+1-1net/libngtcp2-gnutls/Makefile
+1-11 files

FreeBSD/ports 3b5b40bnet/libngtcp2-boringssl distinfo Makefile

net/libngtcp2-boringssl: Update to 1.22.0

Changes:        https://github.com/ngtcp2/ngtcp2/releases
(cherry picked from commit 7898d59df77168f65501eae0dc9772fc6da6eb8e)
DeltaFile
+3-3net/libngtcp2-boringssl/distinfo
+1-1net/libngtcp2-boringssl/Makefile
+4-42 files

FreeBSD/ports 691b38anet Makefile, net/libngtcp2-boringssl Makefile pkg-descr

net/libngtcp2-boringssl: Add libngtcp2-boringssl

ngtcp2 project is an effort to implement QUIC protocol which is now being
discussed in IETF QUICWG for its standardization.

This port provides the crypto helper library for BoringSSL backend.

(cherry picked from commit 78e392c02a614e6cea1e6933980317a7221284c6)
DeltaFile
+38-0net/libngtcp2-boringssl/Makefile
+13-0net/libngtcp2-boringssl/files/patch-Makefile.in
+4-0net/libngtcp2-boringssl/pkg-descr
+3-0net/libngtcp2-boringssl/distinfo
+2-0net/libngtcp2-boringssl/pkg-plist
+1-0net/Makefile
+61-06 files

FreeBSD/ports 22c98ddnet/libngtcp2 distinfo pkg-plist

net/libngtcp2: Update to 1.22.1

Changes:        https://github.com/ngtcp2/ngtcp2/releases
Security:       CVE-2026-40170
(cherry picked from commit f6c155e379f2d53d2d49d999e151135b82fba7cf)
DeltaFile
+3-3net/libngtcp2/distinfo
+1-1net/libngtcp2/pkg-plist
+1-1net/libngtcp2/Makefile
+5-53 files

FreeBSD/ports cc34a12net/libngtcp2 distinfo pkg-plist

net/libngtcp2: Update to 1.22.0

Changes:        https://github.com/ngtcp2/ngtcp2/releases
(cherry picked from commit c8b6c88c2080c6a69009fe0824aec6681367507f)
DeltaFile
+3-3net/libngtcp2/distinfo
+1-1net/libngtcp2/pkg-plist
+1-1net/libngtcp2/Makefile
+5-53 files

FreeBSD/ports a373659net/libngtcp2 Makefile

net/libngtcp2: Update SLAVEDIRS

(cherry picked from commit 49d17cfa6b17924a7d51134bbc155589d26beec6)
DeltaFile
+1-1net/libngtcp2/Makefile
+1-11 files

LLVM/project 655f38fllvm/utils/gn/secondary/libcxx/include BUILD.gn

[gn build] Port b799d7e8f8bc (#193262)
DeltaFile
+1-0llvm/utils/gn/secondary/libcxx/include/BUILD.gn
+1-01 files

FreeBSD/ports 7d01e8egraphics/libexif distinfo Makefile, graphics/libexif/files patch-Makefile.in

graphics/libexif: Update to 0.6.26

Changes:        https://github.com/libexif/libexif/releases
Security:       CVE-2026-32775, CVE-2026-40385, CVE-2026-40386
(cherry picked from commit 8ec2e1befa90a8a49fa8fdaf88915c1440bdddc2)
DeltaFile
+8-8graphics/libexif/files/patch-Makefile.in
+3-3graphics/libexif/distinfo
+1-1graphics/libexif/Makefile
+1-0graphics/libexif/pkg-plist
+13-124 files

LLVM/project e86ed67llvm/lib/Transforms/Vectorize LoopVectorize.cpp

[LV] Improve code around all_of, any_of (NFC) (#193150)
DeltaFile
+3-5llvm/lib/Transforms/Vectorize/LoopVectorize.cpp
+3-51 files

LLVM/project 57409d7llvm/utils/gn/secondary/llvm/lib/Target/X86 BUILD.gn

[gn build] Port acc3f73113ab (#193261)
DeltaFile
+1-1llvm/utils/gn/secondary/llvm/lib/Target/X86/BUILD.gn
+1-11 files

LLVM/project 002b2dcllvm/utils/gn/secondary/libcxx/include BUILD.gn

[gn build] Port 9b8635f3247d (#193260)
DeltaFile
+2-0llvm/utils/gn/secondary/libcxx/include/BUILD.gn
+2-01 files

LLVM/project adf1207llvm/utils/gn/secondary/clang-tools-extra/clangd BUILD.gn

[gn build] Port 4acbf997891c (#193258)
DeltaFile
+1-1llvm/utils/gn/secondary/clang-tools-extra/clangd/BUILD.gn
+1-11 files

LLVM/project 93dce0bllvm/lib/Transforms/Vectorize VPlanTransforms.cpp

[VPlan] Strip null-check in partial-red casts (NFC) (#193162)

A successful match guarantees that operands are non-null.
DeltaFile
+4-4llvm/lib/Transforms/Vectorize/VPlanTransforms.cpp
+4-41 files

FreeBSD/doc 7eaa453website/static/security/advisories FreeBSD-SA-26:10.tty.asc FreeBSD-SA-26:11.amd64.asc, website/static/security/patches/SA-26:11 amd64-14.patch amd64-15.patch

Add EN-26:05 through EN-26:07, SA-26:10, and SA-26:11.

Approved by:    so
DeltaFile
+397-0website/static/security/patches/SA-26:11/amd64-14.patch
+397-0website/static/security/patches/SA-26:11/amd64-15.patch
+397-0website/static/security/patches/SA-26:11/amd64-13.patch
+165-0website/static/security/advisories/FreeBSD-SA-26:10.tty.asc
+163-0website/static/security/advisories/FreeBSD-SA-26:11.amd64.asc
+158-0website/static/security/advisories/FreeBSD-EN-26:05.vm.asc
+1,677-025 files not shown
+2,746-031 files

FreeBSD/src 69e8d8bsys/netinet tcp_hpts_test.c

tests/sys/netinet/tcp_hpts: Make a socket available in mock inpcbs

After commit 9b76228006d8, tcp_hptsi() dereferences inp_socket in order
to get the inpcb's VNET.  This means that mock inpcbs created by the
HPTS test fixture must set inp_socket.  Also set the current VNET there;
previously, it was NULL, and this was not noticed since VNET_DEBUG is
disabled even in debug kernels.

Fixes:  9b76228006d8 ("inpcb: retire inp_vnet")
DeltaFile
+8-0sys/netinet/tcp_hpts_test.c
+8-01 files

FreeBSD/src dce5659sys/kern kern_clocksource.c

epoch: Don't idle CPUs when there's pending epoch work

The epoch(9) subsystem implements per-CPU queues of object destructors
which get invoked once it is safe to do so.  These queues are polled via
hardclock().

When a CPU is about to go idle, we reduce the hardclock frequency to 1Hz
by default, to avoid unneeded wakeups.  This means that if there is any
garbage in these destructor queues, it won't be cleared for at least 1s
(and possibly longer) even if it would otherwise be safe to do so.

epoch_drain_callbacks() is used in some places to provide a barrier,
ensuring that all garbage present in the destructor queues is cleaned up
before returning.  It's implemented by adding a fake destructor in the
queues and blocking until it gets run on all CPUs.  The above-described
phenomenon means that it can take a long time for these calls to return,
even (especially) when some CPUs are idle.  This causes long delays when
destroying VNET jails, for instance, as epoch_drain_callbacks() is
invoked each time a network interface is destroyed.

    [11 lines not shown]
DeltaFile
+2-1sys/kern/kern_clocksource.c
+2-11 files

FreeBSD/src 30b7621tests/sys/net if_geneve.sh if_gif.sh

tests/sys/net: Set require.kmods where appropriate
DeltaFile
+14-85tests/sys/net/if_geneve.sh
+6-20tests/sys/net/if_gif.sh
+3-17tests/sys/net/if_stf.sh
+4-8tests/sys/net/if_wg.sh
+27-1304 files

FreeBSD/src 14a47a8sys/netinet in_pcb.c, sys/netinet6 in6_pcb.c

inpcb: remove always true condition in in_pcblookup_local()

We are searching through the hash that has only wildcard bindings.
This was missed by fdb987bebddf05e15a5af840379c7715a94aec1c.

Reviewed by:            markj
Differential Revision:  https://reviews.freebsd.org/D56488
DeltaFile
+1-2sys/netinet/in_pcb.c
+1-2sys/netinet6/in6_pcb.c
+2-42 files

LLVM/project 980ddceclang/lib/CIR/CodeGen CIRGenFunction.cpp, clang/test/CIR/CodeGen vla.c

[CIR] Implement variably modified type parameter handling (#193072)

CIR was missing checks for variably modified types in its function
handling, so if one of the function arguments was a variable-length
array, we weren't recording the VLA size and hitting an assertion when
we later try to retrieve the VLA size from our map. One dimensional VLAs
are passed as pointers to the array type rather than as variably
modified types, so that didn't trigger the error.
DeltaFile
+68-0clang/test/CIR/CodeGen/vla.c
+18-0clang/lib/CIR/CodeGen/CIRGenFunction.cpp
+86-02 files