FreeBSD/src 7b2702esys/amd64/amd64 machdep.c, sys/sys systm.h

sys: add safe_read(9)

The MD function with MI interface to provide a way to read arbitrary
(canonical) KVA.  amd64 only for now.

Reviewed by:    markj
Tested by:      aokblast
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D49566
DeltaFile
+18-0sys/amd64/amd64/machdep.c
+8-0sys/sys/systm.h
+26-02 files

FreeBSD/src 67d61d1sys/amd64/amd64 mem.c uio_machdep.c, sys/amd64/include md_var.h

amd64: extract uiomove_mem() from memrw()

Reviewed by:    markj
Tested by:      aokblast
Sponsored by:   The FreeBSD Foundation
MFC after:      1 week
Differential revision:  https://reviews.freebsd.org/D49566
DeltaFile
+11-92sys/amd64/amd64/mem.c
+96-0sys/amd64/amd64/uio_machdep.c
+6-0sys/amd64/include/md_var.h
+113-923 files

LLVM/project 61b5b08libc/test/integration/src/__support/GPU CMakeLists.txt

[libc] Move fixed buffer GPU test to an integration test (#200042)

Move the `fixedbuffer` GPU test to an integration test.

libc tests are intended to be GTest style tests written with the normal
`TEST(Suite, Test)` GTest macros. Example
[here](https://github.com/llvm/llvm-project/blob/main/libc/test/include/SignbitTest.h#L32).

This test has its own `main` which ends up causing a `main multiple
definitions` linker error when compiling for SPIR-V (work in progress).
I'm not sure why this error doesn't occur for AMDGPU, probably the fact
we have to compile with a ton less compile/linker flags for SPIR-V and
one of them hides the issue.

Specifically the fix is that we don't link against
`libc/test/UnitTest/CMakeFiles/LibcTest.hermetic.dir/LibcTestMain.cpp.o`
which has its own main which conflicts with the one defined in the test.

All other tests in this directory are integration tests too.

    [4 lines not shown]
DeltaFile
+1-1libc/test/integration/src/__support/GPU/CMakeLists.txt
+1-11 files

FreeBSD/src 39f23afusr.sbin/certctl certctl.c

certctl: Style nits

MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D57298
DeltaFile
+3-2usr.sbin/certctl/certctl.c
+3-21 files

FreeBSD/src 05039fdtests/sys/acl tools-posix.test run

tests: Fix reliability issues in POSIX ACL tests

The ACL tests use UIDs and GIDs 41 through 49 and expect them to be
unassigned.  Since GID 43 is now assigned to the audio group, some
tests have begun to fail.

While here, also fix a benign Perl syntax issue in the test runner.

MFC after:      1 week
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D57297
DeltaFile
+7-7tests/sys/acl/tools-posix.test
+1-1tests/sys/acl/run
+8-82 files

LLVM/project 9107dacllvm/include/llvm/Analysis LazyValueInfo.h MemoryDependenceAnalysis.h

llvm: Fix most LLVM_ABI annotations in Analysis (#199019)

This updates most LLVM_ABI annotations in the Analysis headers to match
expected usage:
* All public APIs should be properly annotated.
* Inlined functions should not be annotated.

These changes were done by a script fixing annotations on LLVM public
headers and manually checked.

This effort is tracked in #109483.
DeltaFile
+34-29llvm/include/llvm/Analysis/LazyValueInfo.h
+31-31llvm/include/llvm/Analysis/MemoryDependenceAnalysis.h
+31-28llvm/include/llvm/Analysis/Delinearization.h
+28-30llvm/include/llvm/Analysis/IR2Vec.h
+26-25llvm/include/llvm/Analysis/StackSafetyAnalysis.h
+22-18llvm/include/llvm/Analysis/LoopCacheAnalysis.h
+172-16144 files not shown
+410-37550 files

OPNSense/core a84020fsrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml

Selectable false for enabled and category
DeltaFile
+2-0src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+2-01 files

OPNSense/core 8f57c05src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api SystemhealthController.php, src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api LaggSettingsController.php VlanSettingsController.php

Merge remote-tracking branch 'origin/master' into firewall-always-show-internal-rules
DeltaFile
+0-311src/www/reporting_settings.php
+192-68src/opnsense/mvc/app/views/OPNsense/Diagnostics/health.volt
+60-11src/opnsense/mvc/app/views/OPNsense/Unbound/overview.volt
+53-3src/opnsense/mvc/app/controllers/OPNsense/Diagnostics/Api/SystemhealthController.php
+30-24src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/LaggSettingsController.php
+21-16src/opnsense/mvc/app/controllers/OPNsense/Interfaces/Api/VlanSettingsController.php
+356-43324 files not shown
+577-49630 files

OPNSense/core 3507ecfsrc/opnsense/www/js opnsense_bootgrid.js

bootgrid: allow column selection exclusions
DeltaFile
+5-3src/opnsense/www/js/opnsense_bootgrid.js
+5-31 files

LLVM/project 0adae5fllvm/docs AMDGPUUsage.rst

[AMDGPU] Document that only naturally aligned atomics of up to 64 bits are supported by the AMDGPU backend

We get an error from AtomicExpandPass if those constraints are not satisfied.
The 64-bit limit is set [here, in AMDGPUISelLowering.cpp](https://github.com/llvm/llvm-project/blob/5cac2751fb9cf3112d16717b278e40d07dd6cfdc/llvm/lib/Target/AMDGPU/AMDGPUISelLowering.cpp#L645).
DeltaFile
+3-0llvm/docs/AMDGPUUsage.rst
+3-01 files

FreeBSD/ports 46d6486net-mgmt/netbox Makefile

net-mgmt/netbox: Move away from py-dj52-* ports

* The counterparts of the py-dj52-* ports switched to Django 5.2 in
  ce59801b72ef, thus move Netbox to those ones.

* Bump PORTREVISION due changed dependencies.

PR:             291707
DeltaFile
+26-26net-mgmt/netbox/Makefile
+26-261 files

FreeBSD/ports 98dfdddwww/py-strawberry-graphql-django Makefile distinfo

www/py-strawberry-graphql-django: Update to 0.84.0

* There are already newer versions available, but stick with this one
  for now to stay in sync with the py-dj52 counterpart to ensure
  compatibility once net-mgmt/netbox is switched to this this port.

Changelogs since 0.82.1:

https://github.com/strawberry-graphql/strawberry-django/releases/tag/0.84.0
https://github.com/strawberry-graphql/strawberry-django/releases/tag/0.83.0
DeltaFile
+3-4www/py-strawberry-graphql-django/Makefile
+3-3www/py-strawberry-graphql-django/distinfo
+6-72 files

FreeBSD/ports 201d1b1www/py-social-auth-app-django Makefile distinfo, www/py-social-auth-app-django/files patch-cve-2025-61783 patch-pyproject.toml

www/py-social-auth-app-django: Update to 5.9.0

* Remove no longer required patch.

Changelog since 5.4.3:

https://github.com/python-social-auth/social-app-django/blob/5.9.0/CHANGELOG.md
DeltaFile
+0-101www/py-social-auth-app-django/files/patch-cve-2025-61783
+23-0www/py-social-auth-app-django/files/patch-pyproject.toml
+4-4www/py-social-auth-app-django/Makefile
+3-3www/py-social-auth-app-django/distinfo
+30-1084 files

FreeBSD/ports bad2ec0www/py-django-filter Makefile distinfo

www/py-django-filter: Update to 25.2

* Add DRF option to reflect the settings as noted in "pyproject.toml"
  and make it default because Django REST framework is used by many
  Django implementations.

Changelog:

https://github.com/carltongibson/django-filter/blob/25.2/CHANGES.rst
DeltaFile
+8-2www/py-django-filter/Makefile
+3-3www/py-django-filter/distinfo
+11-52 files

FreeBSD/ports 0d064d2www/mod_auth_cas distinfo Makefile

www/mod_auth_cas: Update to 1.3
DeltaFile
+3-3www/mod_auth_cas/distinfo
+1-1www/mod_auth_cas/Makefile
+4-42 files

FreeBSD/ports 3df44d7www/mod_http2 distinfo Makefile

www/mod_http2: Update to 2.0.41
DeltaFile
+3-3www/mod_http2/distinfo
+1-1www/mod_http2/Makefile
+4-42 files

LLVM/project 5b32c6ellvm/include/llvm/IR InstrTypes.h, llvm/lib/IR Instructions.cpp

[InstCombine] Drop the correct assume when working on assume bundles (#198404)

Currently, all assumes of the same kind in an assume bundle are dropped,
even though only a single one is actually checked to be redundant and
should be dropped. This introduces a new `removeOperandFromBundleAt`,
which instead drops a bundle at a specific position. This should also be
faster, since copying the bundles can now be done into an already
correctly allocated vector.
DeltaFile
+16-0llvm/lib/IR/Instructions.cpp
+15-0llvm/test/Transforms/InstCombine/assume.ll
+4-4llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
+4-0llvm/include/llvm/IR/InstrTypes.h
+39-44 files

NetBSD/pkgsrc mbCbAiEdoc CHANGES-2026

   Updated www/py-tornado, textproc/py-sphinx-issues
VersionDeltaFile
1.3319+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc fyXMmTttextproc/py-sphinx-issues distinfo Makefile

   py-sphinx-issues: updated to 6.0.0

   6.0.0 (2026-03-13)

   Backwards-incompatible: Remove implicit extraction of group/project from GitHub URLs in issues_uri. If you relied on setting _only_ issues_uri (e.g. https://github.com/myuser/myproject/issues/{issue}) without also setting issues_github_path or issues_default_group_project, you must now explicitly set one of those options in your conf.py:

   Before:

   issues_uri = "https://github.com/myuser/myproject/issues/{issue}"
   After:

   issues_github_path = "myuser/myproject"
   Support Python 3.10-3.14. 3.9 is no longer supported, as it is EOL.

   Pin lower bound of Sphinx to 8.1.0 (see "Sphinx version support policy above").
VersionDeltaFile
1.7+4-4textproc/py-sphinx-issues/distinfo
1.15+3-3textproc/py-sphinx-issues/Makefile
+7-72 files

NetBSD/pkgsrc Te6HikAwww/py-tornado distinfo Makefile

   py-tornado: updated to 6.5.6

   6.5.6

   Security fixes

   SimpleAsyncHTTPClient now strips the Authorization and Cookie headers from the request when following a redirect to a different origin. This matches the default behavior of CurlAsyncHTTPClient. Applications that need different behavior here can set follow_redirects=False and handle redirects manually. Thanks to [Yannick Wang](https://github.com/noobone123) for being first to report this issue, as well as additional reporters [Kai Aizen](https://github.com/SnailSploit), [HunSec](https://github.com/0xHunSec), and [Thai Son Dinh](https://github.com/sondt99).
   SimpleAsyncHTTPClient now enforces max_body_size on the decompressed size of the response, rather than the compressed size. This prevents a denial-of-service attack via a very large compressed response. Thanks to [Yuichiro Kedashiro](https://github.com/yuui25) for reporting this issue.
   Fixed a bug in the C extension that could have read up to three bytes past the end of an input array. Thanks to [Thai Son Dinh](https://github.com/sondt99) for reporting this issue.
   OpenIDMixin has improved parsing for the check_authentication response. Thanks to [Yannick Wang](https://github.com/noobone123) for reporting this issue.

   Bug fixes

   CurlAsyncHTTPClient has been updated to use non-deprecated APIs, avoiding deprecation warnings with recent versions of pycurl.
VersionDeltaFile
1.36+4-4www/py-tornado/distinfo
1.48+2-2www/py-tornado/Makefile
+6-62 files

LLVM/project 8ecfd9bmlir/include/mlir/Target/SPIRV SPIRVExtInstSets.h, utils/bazel/llvm-project-overlay/mlir BUILD.bazel

[BUILD]: Fix for af772866 (#200158)
DeltaFile
+4-1utils/bazel/llvm-project-overlay/mlir/BUILD.bazel
+3-2mlir/include/mlir/Target/SPIRV/SPIRVExtInstSets.h
+7-32 files

OPNSense/core 7cf0a25src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogFilterRule.xml

Adjust widths feedback @swhite2
DeltaFile
+3-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogFilterRule.xml
+3-11 files

OpenBSD/ports CdaqpDImeta/lxqt Makefile

   meta/lxqt: add archiver to RUN_DEPENDS-extra
VersionDeltaFile
1.9+2-0meta/lxqt/Makefile
+2-01 files

NetBSD/pkgsrc zugya01doc CHANGES-2026

   Updated textproc/py-sphinx-autodoc-typehints, net/py-apache-libcloud
VersionDeltaFile
1.3318+3-1doc/CHANGES-2026
+3-11 files

OpenBSD/ports RIKB3sDx11/lxqt Makefile

   x11/lxqt/Makefile: +archiver & wayland-session
VersionDeltaFile
1.6+2-0x11/lxqt/Makefile
+2-01 files

NetBSD/pkgsrc o7fLwITnet/py-apache-libcloud distinfo PLIST

   py-apache-libcloud: updated to 3.9.1

   Changes in Apache Libcloud 3.9.1

   Compute

   - [VSphere] Add verify_ssl option
     Add verify_ssl option, to enable the user to avoid SSL verification explicitly.
   - [OpenStack] Initial Blazar support
     This is an initial implementation of Blazar support in Libcloud. It currently
     supports listing the available leases and hosts.
   - [Azure ARM] Update US GovCloud AD endpoint for AZURE_ARM provider.
   - [OpenStack] Add hypervisor_hostname attribute to OpenStack node.
   - [GCP]  Use the fully-qualified name for the GCP IMDS endpoint.
   - [Azure ARM, Amazon S3] Add signed upload to azure and s3.
   - [RcodeZero]: Fix issue when adding a record where a record with a different type already exists

   DNS


    [8 lines not shown]
VersionDeltaFile
1.16+4-4net/py-apache-libcloud/distinfo
1.14+3-1net/py-apache-libcloud/PLIST
1.22+2-2net/py-apache-libcloud/Makefile
+9-73 files

OpenBSD/ports Db4QxvNx11/lxqt/wayland-session Makefile distinfo, x11/lxqt/wayland-session/pkg PLIST README

   Initial revision
VersionDeltaFile
1.1+63-0x11/lxqt/wayland-session/pkg/PLIST
1.1+13-0x11/lxqt/wayland-session/Makefile
1.1+11-0x11/lxqt/wayland-session/pkg/README
1.1+9-0x11/lxqt/wayland-session/pkg/DESCR
1.1+2-0x11/lxqt/wayland-session/distinfo
1.1.1.1+0-0x11/lxqt/wayland-session/pkg/README
+98-04 files not shown
+98-010 files

LLVM/project 5cac275llvm/lib/Target/LoongArch LoongArchFrameLowering.cpp LoongArchISelLowering.cpp, llvm/test/CodeGen/LoongArch stack-clash-prologue.ll stack-probing-dynamic.ll

[LoongArch] Add `-fstack-clash-protection` support (#195595)

This PR adds stack probing and `-fstack-clash-protection` support to the
LoongArch backend and Clang driver.

The implementation is largely borrowed from the RISCV backend (cf.
#117612, #139731), with the same allocation-unrolling strategy for
const-sized allocations.
DeltaFile
+714-0llvm/test/CodeGen/LoongArch/stack-clash-prologue.ll
+479-0llvm/test/CodeGen/LoongArch/stack-probing-dynamic.ll
+351-0llvm/test/CodeGen/LoongArch/stack-clash-prologue-nounwind.ll
+226-21llvm/lib/Target/LoongArch/LoongArchFrameLowering.cpp
+185-0llvm/test/CodeGen/LoongArch/stack-probing-frame-setup.mir
+123-1llvm/lib/Target/LoongArch/LoongArchISelLowering.cpp
+2,078-228 files not shown
+2,233-2514 files

FreeBSD/src 45aaba5sys/netpfil/pf pf_nl.c

pf: fix incorrect table decoding in netlink

We used nla_p_table for pfr_table structures, but this netlink decoder
was intended for pfioc_table and decoded an extra field, outside
of pfr_table. This allowed userspace to write (slightly) outside of
pfr_table.

Use a separate nlattr_parser for pfr_table.

PR:             295218
Reported by:    Robert Morris <rtm at lcs.mit.edu>
MFC after:      1 week
Sponsored by:   Rubicon Communications, LLC ("Netgate")

(cherry picked from commit 64327f769cee0c26e1b81e6195a5092498b10403)
DeltaFile
+8-1sys/netpfil/pf/pf_nl.c
+8-11 files

FreeBSD/ports 9d3a633sysutils/limine distinfo pkg-descr

sysutils/limine: Update 12.2.0 => 12.3.2

While here, update COMMENT and pkg-descr.

Changelog:
https://github.com/Limine-Bootloader/Limine/blob/v12.3.2/ChangeLog

PR:             295658
Reported by:    mintsuki at protonmail.com (maintainer)
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2

(cherry picked from commit 1a858c328a8eaacf32106b5f4fb887559c0e7061)
DeltaFile
+3-3sysutils/limine/distinfo
+2-2sysutils/limine/pkg-descr
+2-2sysutils/limine/Makefile
+7-73 files