NetBSD/pkgsrc u8hQxB6archivers/szip PLIST buildlink3.mk, archivers/szip/patches patch-config_gnu-flags patch-aa

   szip: remove

   libaec (BSD license) has replaced this (restrictive license),
   upstream's homepage is gone, and the only user in pkgsrc had switched
   to libaec already.
VersionDeltaFile
1.4164+2-1doc/CHANGES-2026
1.3+1-1archivers/szip/patches/patch-config_gnu-flags
1.3+1-1archivers/szip/PLIST
1.8+1-1archivers/szip/buildlink3.mk
1.15+1-1archivers/szip/distinfo
1.4+1-1archivers/szip/patches/patch-aa
+7-63 files not shown
+8-79 files

NetBSD/pkgsrc XpJHXCjarchivers/libaec Makefile

   libaec: add comment where to report bugs
VersionDeltaFile
1.6+3-1archivers/libaec/Makefile
+3-11 files

FreeNAS/freenas b2252d3src/middlewared/middlewared/api/v27_0_0 filesystem.py update.py, src/middlewared/middlewared/plugins filesystem.py

Enable pydantic mypy plugin and fix some errors
DeltaFile
+19-14src/middlewared/middlewared/utils/filesystem/stat_x.py
+17-6src/middlewared/middlewared/utils/filesystem/directory.py
+5-7src/middlewared/middlewared/api/v27_0_0/filesystem.py
+10-1src/middlewared/middlewared/utils/crypto.py
+5-4src/middlewared/middlewared/plugins/filesystem.py
+4-2src/middlewared/middlewared/api/v27_0_0/update.py
+60-3414 files not shown
+75-4120 files

LLVM/project 8643f4cllvm/lib/Target/AArch64 AArch64ISelLowering.cpp, llvm/test/CodeGen/AArch64/Atomics aarch64-atomic-load-lse2.ll aarch64-atomic-load-lse2_lse128.ll

first attempt to fix atomics issue
DeltaFile
+21-0llvm/lib/Target/AArch64/AArch64ISelLowering.cpp
+2-2llvm/test/CodeGen/AArch64/Atomics/aarch64-atomic-load-lse2.ll
+2-2llvm/test/CodeGen/AArch64/Atomics/aarch64-atomic-load-lse2_lse128.ll
+2-2llvm/test/CodeGen/AArch64/Atomics/aarch64-atomic-load-rcpc3.ll
+2-2llvm/test/CodeGen/AArch64/Atomics/aarch64-atomic-load-rcpc_immo.ll
+2-2llvm/test/CodeGen/AArch64/Atomics/aarch64_be-atomic-load-lse2.ll
+31-105 files not shown
+41-1611 files

NetBSD/pkgsrc Ng927hKdoc CHANGES-2026

   Updated devel/py-pyobjc
VersionDeltaFile
1.4163+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ZBSB8sOdevel/py-pyobjc-framework-AppleScriptKit distinfo, devel/py-pyobjc-framework-AppleScriptObjC distinfo

   py-pyobjc: updated to 12.2.1

   12.2.1

   A number of test files were in a directory name
   with lower-case letters where upper-case letters should have been
   used. This only affects users checking out the repository on
   systems with a case-sensitive filesystem.

   Fix build error in the Quartz bindings when the SDK
   is for macOS 15 or later and the build target is also macOS 15 or later.

   Implement basic support for handling Swift classes that
   have an Objective-C representation but are not subclasses of NSObject,
   as used in the Network framework.
VersionDeltaFile
1.26+4-4devel/py-pyobjc-framework-AppleScriptKit/distinfo
1.26+4-4devel/py-pyobjc-framework-AppleScriptObjC/distinfo
1.24+4-4devel/py-pyobjc-framework-ApplicationServices/distinfo
1.13+4-4devel/py-pyobjc-framework-AudioVideoBridging/distinfo
1.13+4-4devel/py-pyobjc-framework-AuthenticationServices/distinfo
1.13+4-4devel/py-pyobjc-framework-AutomaticAssessmentConfiguration/distinfo
+24-24145 files not shown
+602-602151 files

LLVM/project 713d95emlir/lib/Dialect/SPIRV/Transforms ConvertToReplicatedConstantCompositePass.cpp, mlir/test/Dialect/SPIRV/Transforms replicated-const-composites.mlir

[mlir][SPIR-V] Fix crash on empty composite in replicated constants pass (#206647)
DeltaFile
+6-4mlir/lib/Dialect/SPIRV/Transforms/ConvertToReplicatedConstantCompositePass.cpp
+6-0mlir/test/Dialect/SPIRV/Transforms/replicated-const-composites.mlir
+12-42 files

LLVM/project a4e7bdallvm/test/CodeGen/AArch64 v8.4-atomic-128.ll, llvm/test/CodeGen/AArch64/GlobalISel v8.4-atomic-128.ll

[AArch64][NFC] Split v8.4 atomic-128 tests
DeltaFile
+209-87llvm/test/CodeGen/AArch64/GlobalISel/v8.4-atomic-128.ll
+187-69llvm/test/CodeGen/AArch64/v8.4-atomic-128.ll
+396-1562 files

NetBSD/src nIb7Nhesys/net if_wg.c

   Avoid stupid macro name clash: m68k/include/reg.h defines R0 and R1
   as the register offsets for returning values from functions in the.
   These clash with local buffers R0 and R1 here.
   Rename them to cookie_R0 and cookie_R1 to make all m68k ports build again.
VersionDeltaFile
1.140+7-7sys/net/if_wg.c
+7-71 files

LLVM/project 07b9a96llvm/utils/gn/secondary/llvm/lib/DebugInfo/LogicalView BUILD.gn, llvm/utils/gn/secondary/llvm/unittests/DebugInfo/LogicalView BUILD.gn

[gn build] Port e7290b1f1815 (#206923)
DeltaFile
+1-0llvm/utils/gn/secondary/llvm/lib/DebugInfo/LogicalView/BUILD.gn
+1-0llvm/utils/gn/secondary/llvm/unittests/DebugInfo/LogicalView/BUILD.gn
+2-02 files

LLVM/project 37387f4llvm/utils/gn/secondary/clang/unittests/AST BUILD.gn

[gn build] Port 7e31f2cffd39 (#206922)
DeltaFile
+1-0llvm/utils/gn/secondary/clang/unittests/AST/BUILD.gn
+1-01 files

FreeBSD/src 29b07efsys/fs/autofs autofs_vfsops.c

autofs: rename sx lock description for am_lock

Rename am_lock description from autofslk -> autfsm.

The lock description, autofslk, is used as the description for
autofs_softc->sc_lock, which is used to protect autofs requests and the
like as opposed to am_lock which protects autofs nodes for a given
mount.

This change allows witness to distinguish different lock orders for each
lock.

Reviewed by:    kib
Differential Revision:  https://reviews.freebsd.org/D57972
DeltaFile
+1-1sys/fs/autofs/autofs_vfsops.c
+1-11 files

LLVM/project 6c01d08llvm/include/llvm/Support KnownFPClass.h, llvm/lib/Analysis ValueTracking.cpp

ValueTracking: Improve frexp known range from dominating conditions

Try to restrict the known range of the exponent result of llvm.frexp
based on dominating conditions. Identify comparisons that imply the
incoming value cannot introduce an overflow in a downstream ldexp
use. This pattern appears in the implementation of some complex math
functions and allows finite only math to prune out more edge case
paths.

One attributor test for ldexp regresses due to the switch from
computeKnownBits to computeConstantRange. computeConstantRange
does not try to handle non-splat vector constants for the binary
operators.

As a side effect, this also improves knowing that ldexp can't
introduce overflow for the 0 case.
DeltaFile
+28-84llvm/test/Transforms/InstCombine/frexp-implied-exponent-range-dominating-conditions.ll
+63-8llvm/lib/Analysis/ValueTracking.cpp
+26-3llvm/test/Transforms/Attributor/nofpclass-ldexp.ll
+13-6llvm/lib/Support/KnownFPClass.cpp
+10-4llvm/include/llvm/Support/KnownFPClass.h
+140-1055 files

LLVM/project 6e5e1d2llvm/test/Transforms/InstCombine frexp-implied-exponent-range-dominating-conditions.ll

InstCombine: Add baseline test for implied frexp exponent ranges
DeltaFile
+1,221-0llvm/test/Transforms/InstCombine/frexp-implied-exponent-range-dominating-conditions.ll
+1,221-01 files

LLVM/project b0ab92alldb/docs/resources test.md

[lldb][docs] Document how to test specific layers (#205581)

This is motivated by the fact that we have the ability to test almost
any component of the debug session on its own, but it's hard to find
those tests.

If we put AI aside, you can't look for "test that lldb doesn't fault
when qProcessInfo
contains foo". Even though that is a thing we can test.

So in this change I'm adding a section to the testing docs with some
starting points that
people can search for.

It will be incomplete but we can add to it over time.

I will need someone to write the DAP part in a follow up PR, as I'm not
familiar with the layers there.
DeltaFile
+63-0lldb/docs/resources/test.md
+63-01 files

FreeBSD/ports 20b4544ports-mgmt/synth distinfo Makefile

ports-mgmt/synth: update to 3.15 release (+)

Changelog:

* remove ARM_version_7 function
* Replace portsmon hyperlinks with freshports links
* attempt to fix purge-distfiles on flavored ports
* fix,, take 2
* handle distinfo files with extensions during purge operation
* Fix port directory (dropped origin accidently)

PR:     295627
DeltaFile
+3-3ports-mgmt/synth/distinfo
+1-1ports-mgmt/synth/Makefile
+4-42 files

LLVM/project b3ec327llvm/docs AMDGPUDMAOperations.md AMDGPUAsyncOperations.rst

[docs][AMDGPU] move DMA operations to a separate file
DeltaFile
+145-0llvm/docs/AMDGPUDMAOperations.md
+10-46llvm/docs/AMDGPUAsyncOperations.rst
+26-28llvm/docs/AMDGPUUsage.rst
+7-1llvm/docs/UserGuides.md
+188-754 files

OPNSense/core c930ab5src/opnsense/scripts/syslog lockout_handler, src/opnsense/service/templates/OPNsense/Syslog syslog-ng-lockout.conf

system: lockout: address newline injection and correct IP parsing

PR: GHSA-2v2x-m4j7-76pv
(cherry picked from commit 8bdaad95f405f4587bb83bf35aa652ca493cc2a4)
DeltaFile
+5-0src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-lockout.conf
+1-1src/opnsense/scripts/syslog/lockout_handler
+6-12 files

OPNSense/core 631e147src/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php

mvc: checkAndThrowValueInUse validate input token which may only contain alphanum and dashes

PR: GHSA-98h6-479q-9q3w
(cherry picked from commit d7054cef69f72588feac1091254960835be19dfe)
DeltaFile
+3-1src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php
+3-11 files

OPNSense/core adcb02fsrc/www system_advanced_admin.php

System: Settings: Administration - add missing legacy_html_escape_form_data for $a_cert

PR: GHSA-8pgr-x852-qx4j
(cherry picked from commit 9d0a590e9c49f4374a5539929b366123f63bc9eb)
DeltaFile
+1-0src/www/system_advanced_admin.php
+1-01 files

OPNSense/core a92d951src/etc/inc/plugins.inc.d ntpd.inc, src/www services_ntpd_gps.php

network time: fix stored XSS in GPS init string display

Squelch a PHP warning and change the way the default init
command string is used.

PR: GHSA-h793-67jm-j4m5
(cherry picked from commit ed04a154dc40967541be1388e9134e451be4199e)
DeltaFile
+3-2src/www/services_ntpd_gps.php
+2-1src/etc/inc/plugins.inc.d/ntpd.inc
+5-32 files

OPNSense/core 5e6313fsrc/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt nat_rule.volt

firewall: escape user-controlled values in tooltip attributes

PR: GHSA-2xrm-p255-p43h
(cherry picked from commit fb3b8a07f407ce281b1dde748706acbb0bc514ce)
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+2-2src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+4-42 files

OPNSense/core e7fbfaasrc/opnsense/scripts/filter/lib/alias geoip.py

Firewall: Aliases - safeguard ISO country codes in alias download

PR: GHSA-wjqq-rfmm-v5h3
(cherry picked from commit c46aced9c47d956167e294911113bc334fea5f48)
DeltaFile
+2-2src/opnsense/scripts/filter/lib/alias/geoip.py
+2-21 files

OPNSense/core 11180dasrc/opnsense/mvc/app/views/OPNsense/OpenVPN status.volt, src/opnsense/www/js/widgets OpenVPNClients.js

openvpn: escape client common_name in connection-status views (stored XSS)

The OpenVPN connection-status widget and the connection-status page render
the client common_name into an HTML attribute (data-common-name /
data-common_name) without escaping the double quote, so a common_name
containing a quote breaks out of the attribute. With username-as-common-name
plus a RADIUS/LDAP backend the common_name is an attacker-chosen value.
Escape the quote before placing it in the attribute.

PR: GHSA-26cj-h9rj-g5pf
(cherry picked from commit e7b2ac8093f804bef8eb88dfa9a0d99fad00c12b)
DeltaFile
+1-1src/opnsense/mvc/app/views/OPNsense/OpenVPN/status.volt
+1-1src/opnsense/www/js/widgets/OpenVPNClients.js
+2-22 files

OPNSense/core 3af4961src/etc/inc/plugins.inc.d openvpn.inc, src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

openvpn: prevent path traversal in "common_name" attribute

PR: GHSA-2m9v-p7r9-gfcw
(cherry picked from commit 6101b3e2c90482111f420a47775c14a447441a72)
DeltaFile
+3-2src/etc/inc/plugins.inc.d/openvpn.inc
+3-1src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+6-32 files

OPNSense/core 52b18e6src/opnsense/mvc/app/models/OPNsense/Dnsmasq Dnsmasq.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.xml

src: configuration line injection via multiple GUI text fields

PR: GHSA-fq94-cxvc-9r7w
Co-authored-by: Franco Fichtner <franco at opnsense.org>
(cherry picked from commit 6c3be9a11699879fe50aea1c30e50de5864601d7)
DeltaFile
+23-20src/opnsense/mvc/app/models/OPNsense/Monit/Monit.xml
+24-9src/opnsense/mvc/app/models/OPNsense/Unbound/Unbound.xml
+8-6src/www/system_general.php
+6-4src/opnsense/mvc/app/models/OPNsense/Dnsmasq/Dnsmasq.xml
+4-4src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.xml
+4-4src/opnsense/mvc/app/models/OPNsense/IPsec/Swanctl.xml
+69-477 files not shown
+90-5913 files

NetBSD/pkgsrc wG6bKEHdoc CHANGES-2026

   Updated devel/py-polib, devel/py-pydantic-settings
VersionDeltaFile
1.4162+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 90LLwoLdevel/py-pydantic-settings distinfo Makefile

   py-pydantic-settings: updated to 2.14.2

   2.14.2

   This is a security patch release.

   Prevent NestedSecretsSettingsSource from following symlinks outside secrets_dir
VersionDeltaFile
1.16+4-4devel/py-pydantic-settings/distinfo
1.16+2-2devel/py-pydantic-settings/Makefile
+6-62 files

OPNSense/core fb3b8a0src/opnsense/mvc/app/views/OPNsense/Firewall filter_rule.volt nat_rule.volt

firewall: escape user-controlled values in tooltip attributes

PR: GHSA-2xrm-p255-p43h
DeltaFile
+2-2src/opnsense/mvc/app/views/OPNsense/Firewall/filter_rule.volt
+2-2src/opnsense/mvc/app/views/OPNsense/Firewall/nat_rule.volt
+4-42 files

OPNSense/core d7054cesrc/opnsense/mvc/app/controllers/OPNsense/Base ApiMutableModelControllerBase.php

mvc: checkAndThrowValueInUse validate input token which may only contain alphanum and dashes

PR: GHSA-98h6-479q-9q3w
DeltaFile
+3-1src/opnsense/mvc/app/controllers/OPNsense/Base/ApiMutableModelControllerBase.php
+3-11 files