[X86] Update PMADDWD tests to more closely match middle-end vector.reduce.add codegen (#198993)
The middle-end will detect vector.reduce.add patterns - update the
Codegen tests to use the intrinsics directly and add PhaseOrdering tests
to ensure vector.reduce.add intrinsics are created
[LV] Convert gather loads with constant stride into strided loads (#147297)
This patch detects non-consecutive load accesses (i.e. gather) with a
constant stride, such as:
```
void stride(int* a, int *b, int n) {
for (int i = 0; i < n; i++)
a[i * 5] = b[i * 5] + i;
}
```
and converts them into strided loads when legal and profitable, using
experimental_vp_strided_load.
The new VPlan transformation, convertToStridedAccesses, hoists the
functionality of RISCVGatherScatterLowering into the vectorizer,
enabling a more precise cost estimation during vectorization.
Additionally, by leveraging SCEV for stride analysis, the vectorizer can
potentially detect more opportunities to optimize gathers into strided
loads.
This enables more efficient code generation for targets like RISC-V that
support strided loads natively.
[X86] LowerVECREDUCE - don't attempt to handle vectors with non-pow2 element counts (#198989)
32-bit targets will attempt to lower vXi64 reductions prior to argtype legalization
Crash fix - we can improve the handling in a future commit
[LoopInterchange] Make the instorder profitability check GEP-independent (#181991)
The heuristic function `instorder` assumes that the structure of GEPs
reflect the original memory access patterns, which is not always true.
Moreover, recent trends in LLVM are moving in a direction where such
patterns are no longer preserved. If the migration from GEP to ptrtoadd
is completed, this heuristic will no longer make sense.
To achieve what this heuristic is trying to do, we should examine the
SCEV of the pointer operands of loads/stores, rather than relying on
GEPs. This patch replaces the GEP‑dependent logic with an SCEV‑based
analysis. Instead of relying on the operand order in GEPs, the
SCEV‑based approach walks through the SCEV expression, identifies the
step recurrences of the relevant loops, and compares them. This allows
us to perform what `instorder` intends to do without relying on how
memory access patterns are represented in the IR.
[LoopInterchange] Always create a new latch when interchanging (#194574)
In the transformation phase of loop-interchange, when the inner loop to
be interchanged is the innermost one, a new latch BB is created and
several instructions are moved from the original BB to the new one to
generate valid IR. I'm not sure why this process was performed only when
the target loop is the innermost loop, but as demonstrated in #163954,
this process is also necessary when interchanging non‑innermost loops,
e.g., when a reduction exists and the reduction operation is located in
the latch BB of the inner loop.
This patch removes the conditional branch and always creates a new latch
during the transformation.
Fix #163954
unbound: blocklist improvements (#10149)
* Organizes DNSBLs by provider/category.
* Adds the Social Network blocklist by hegizi.
* The tester now gives you the DNSBL name and category instead of its shortcode.
rsync: updated to 3.4.3
rsync 3.4.3 (20 May 2026)
Changes in this version:
SECURITY FIXES:
Six CVEs are fixed in this release. All six are assigned by
VulnCheck as CNA. Affected versions are 3.4.2 and earlier in every
case. Three of the six (CVE-2026-29518, CVE-2026-43617,
CVE-2026-43619) require non-default daemon configuration to reach:
the first and third need `use chroot = no` for a module, the second
needs `daemon chroot = ...` set in rsyncd.conf. Two (CVE-2026-43618,
CVE-2026-43620) are reachable from a normal pull or a normal
authenticated daemon connection. The sixth (CVE-2026-45232) is
reachable only when `RSYNC_PROXY` is set and the proxy (or a MITM)
returns a pathological response. Many thanks to the external
researchers who reported these issues.
[128 lines not shown]
(devel/R-Rcpp) Updated 1.0.14 to 1.1.1.1.1
(pkgsrc)
- Three patches dropped
- Added patch for src/Makevars (by looking at devel/R-fs)
to take care the issue of not finding the function backtrace_symbol
(Atsushi Toyokura helped me a lot on this modification)
- Tested only on NetBSD (9.4), Linux and SunOS are not tested, sorry
(upstream)
Changes in Rcpp non-release version 1.1.1-1.1 (2026-04-19):
* Please see pr #1466 addressing #1465 for context (plus change
from #1460, and R_getRegisteredNamespace from #1469)
* This is an unplanned, unscheduled and uncalled for
non-release made solely to unplug CRAN from late-breaking
changes in R 4.6.0
[165 lines not shown]
unbound: updated to 1.25.1
1.25.1
Bug Fixes
Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie, padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-41292, Parsing a long list of incoming EDNS options degrades performance. Thanks to GitHub user 'N0zoM1z0', also Qifan Zhang from Palo Alto Networks, for the report.
Fix CVE-2026-42534, Jostle logic bypass degrades resolution performance. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42923, Degradation of service with unbounded NSEC3 hash calculations. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42960, Possible cache poisoning attack while following delegation. Thanks to TaoFei Guo from Peking University, Yang Luo and JianJun Chen, Tsinghua University, for the report.
Fix CVE-2026-44390, Unbounded name compression in certain cases causes degradation of service. Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-44608, Use after free and crash in RPZ code. Thanks to Qifan Zhang, Palo Alto Networks, for the report.