LLVM/project a9721cbllvm/lib/Transforms/Scalar LoopInterchange.cpp, llvm/test/Transforms/LoopInterchange inner-induciton-step-is-not-invariant.ll

[LoopInterchange] Reject if inner loop IV has outer-variant step
DeltaFile
+20-48llvm/test/Transforms/LoopInterchange/inner-induciton-step-is-not-invariant.ll
+17-8llvm/lib/Transforms/Scalar/LoopInterchange.cpp
+37-562 files

LLVM/project c1ff74cmlir/lib/Bytecode/Reader BytecodeReader.cpp

[mlir] Don't use shared_ptr reference. (#202703)

`const std::share_ptr<...>&` doesn't increase ref count which can easily
cause downstream user bugs with maintaining the life time of the object.
Remove `&` to kick in ref count.
DeltaFile
+1-1mlir/lib/Bytecode/Reader/BytecodeReader.cpp
+1-11 files

FreeBSD/src 8f9aabb. MAINTAINERS, .github CODEOWNERS

OpenSSL: update MAINTAINERS/CODEOWNERS

I've been the quasi-defacto component maintainer for OpenSSL since
14.0-RELEASE. Make it official via CODEOWNERS/MAINTAINERS.

The goal is to help guide those interested in making changes in this
space to solicit my input with the new vendor import process and
coordinate fixes with upstream until things are at a point where most of
this is automated a system of automated checks and balances to confirm
that the updates being made to the component help maintain a security
supply chain for this given component.

Thank you benl and jkim for your past efforts in this component area.
Hopefully I can do my part to help improve this critical space further
as you both did in your respective tenures.

MFC after:      3 days
DeltaFile
+4-3.github/CODEOWNERS
+1-1MAINTAINERS
+5-42 files

XigmaNAS/svn 10627trunk/www services_daap.php

remove service configuration page for daap
DeltaFile
+0-205trunk/www/services_daap.php
+0-2051 files

FreeBSD/ports bf518dbwww/py-yubal-api pkg-plist Makefile, www/py-yubal-api/files yubal.in patch-src_yubal__api_services_log__buffer.py

www/py-yubal-api: New port: Self-hosted YouTube Music downloader (API)

yubal is a self-hosted YouTube Music downloader. Paste a link, get
a tagged, organized library.

Scheduled sync. Smart deduplication. Media server ready. Browser
extension included.

WWW: https://github.com/guillevc/yubal/
DeltaFile
+158-0www/py-yubal-api/pkg-plist
+57-0www/py-yubal-api/Makefile
+45-0www/py-yubal-api/files/yubal.in
+19-0www/py-yubal-api/files/patch-src_yubal__api_services_log__buffer.py
+13-0www/py-yubal-api/files/patch-src_yubal__api_domain_types.py
+5-0www/py-yubal-api/pkg-descr
+297-02 files not shown
+303-08 files

FreeBSD/ports 9ea16bedevel Makefile, devel/py-ytmusicapi Makefile distinfo

devel/py-ytmusicapi: New port: Unofficial API for YouTube Music

ytmusicapi is a Python 3 library to send requests to the YouTube
Music API. It emulates YouTube Music web client requests using the
user's cookie data for authentication.

WWW: https://github.com/sigma67/ytmusicapi
DeltaFile
+25-0devel/py-ytmusicapi/Makefile
+21-0devel/py-ytmusicapi/files/patch-pyproject.toml
+3-0devel/py-ytmusicapi/distinfo
+3-0devel/py-ytmusicapi/pkg-descr
+1-0devel/Makefile
+53-05 files

FreeBSD/ports f4f0f11www Makefile, www/py-yubal Makefile pkg-descr

www/py-yubal: New port: Self-hosted YouTube Music downloader

yubal is a self-hosted YouTube Music downloader. Paste a link, get
a tagged, organized library.

Scheduled sync. Smart deduplication. Media server ready. Browser
extension included.

WWW: https://github.com/guillevc/yubal/
DeltaFile
+38-0www/py-yubal/Makefile
+5-0www/py-yubal/pkg-descr
+3-0www/py-yubal/distinfo
+1-0www/Makefile
+47-04 files

XigmaNAS/svn 10626trunk/build/ports Makefile firefly

cleanup firefly port
DeltaFile
+0-1trunk/build/ports/Makefile
+0-0trunk/build/ports/firefly/
+0-12 files

XigmaNAS/svn 10625trunk/www license.php

remove daap from license information
DeltaFile
+0-4trunk/www/license.php
+0-41 files

XigmaNAS/svn 10624trunk/www guiconfig.inc

remove daap from menu
DeltaFile
+0-1trunk/www/guiconfig.inc
+0-11 files

XigmaNAS/svn 10623trunk/etc/inc services.inc

remove service daap
DeltaFile
+0-1trunk/etc/inc/services.inc
+0-11 files

LLVM/project fb8ec0bllvm/unittests/Support/DynamicLibrary DynamicLibraryTest.cpp

[test][Support] Disable CFI-icall for DynamicLibrary Overload test (#202446) (#202684)

The test performs manual symbol lookup and calls, which triggers
Control Flow Integrity indirect call checks.

Reland of #202446 reverted with #202550.

Here we are going to use LLVM_NO_SANITIZE.
DeltaFile
+1-1llvm/unittests/Support/DynamicLibrary/DynamicLibraryTest.cpp
+1-11 files

NetBSD/pkgsrc-wip 5cdb14c. Makefile, brush-shell distinfo cargo-depends.mk

brush-shell: Bug submit to upstream
DeltaFile
+1,973-0brush-shell/distinfo
+658-0brush-shell/cargo-depends.mk
+21-0brush-shell/Makefile
+4-0brush-shell/PLIST
+2-0brush-shell/DESCR
+1-0Makefile
+2,659-01 files not shown
+2,660-07 files

NetBSD/pkgsrc-wip e0886cf. Makefile, ipv6calc Makefile PLIST

net/ipv6calc-4.4.0: Trying to make it working
DeltaFile
+30-0ipv6calc/Makefile
+19-0ipv6calc/PLIST
+8-0ipv6calc/DESCR
+5-0ipv6calc/distinfo
+4-0ipv6calc/TODO
+1-0Makefile
+67-06 files

XigmaNAS/svn 10622trunk/conf config.xml

remove section daap from default config.xml
DeltaFile
+0-16trunk/conf/config.xml
+0-161 files

LLVM/project c4803d7llvm/lib/Transforms/InstCombine InstCombineCalls.cpp, llvm/test/Transforms/InstCombine assume.ll

[InstCombine] Move nonnull assumptions to the base of a gep (#195650)

Alive2 proof: https://alive2.llvm.org/ce/z/2TkRyt
DeltaFile
+25-0llvm/test/Transforms/InstCombine/assume.ll
+8-0llvm/lib/Transforms/InstCombine/InstCombineCalls.cpp
+33-02 files

NetBSD/src U0hTDAAdoc 3RDPARTY CHANGES

   New OpenSSL
VersionDeltaFile
1.2214+5-5doc/3RDPARTY
1.3268+2-1doc/CHANGES
+7-62 files

FreeBSD/src 3a71a35apps testrsa.h, crypto/cast cast_s.h

openssl: import 3.5.7

This change adds OpenSSL 3.5.7 from upstream [1].

The 3.5.7 artifact was been verified via PGP key [2] and by SHA256 checksum [3].

This change is a security release which resolves several issues with OpenSSL 3.5,
the highest severity issue being ranked "High". Users are strongly encouraged to
update to this release.

More information about the release (from a high level) can be found in
the release notes [4].

Updated via [5] with `update_openssl.sh 3.5.7`.

Approved by:    so (gordon; implicit)

1. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz
2. https://github.com/openssl/openssl/releases/download/openssl-3.5.7/openssl-3.5.7.tar.gz.asc

    [3 lines not shown]
DeltaFile
+854-8,335test/quic_record_test.c
+449-4,467apps/testrsa.h
+380-3,027fuzz/dtlsserver.c
+284-2,821test/pkcs12_format_test.c
+224-2,214test/evp_extra_test2.c
+257-2,049crypto/cast/cast_s.h
+2,448-22,913204 files not shown
+8,075-35,360210 files

NetBSD/src NKIgl0Ddistrib/sets/lists/comp mi

   new OpenSSL man page
VersionDeltaFile
1.2526+4-1distrib/sets/lists/comp/mi
+4-11 files

NetBSD/src hexKMXlcrypto/external/apache2/openssl/dist/test ectest.c destest.c, crypto/external/apache2/openssl/lib/libcrypto/arch/powerpc chachap10-ppc.S

   merge changes between OpenSSL 3.5.6 and 3.5.7
VersionDeltaFile
1.4+48-463crypto/external/apache2/openssl/dist/test/ectest.c
1.4+13-105crypto/external/apache2/openssl/dist/test/destest.c
1.1+110-0crypto/external/apache2/openssl/lib/libcrypto/man/X509V3_EXT_print.3
1.6+85-3crypto/external/apache2/openssl/lib/libcrypto/man/BIO_s_bio.3
1.2+46-4crypto/external/apache2/openssl/lib/libcrypto/arch/powerpc64/chachap10-ppc.S
1.2+46-4crypto/external/apache2/openssl/lib/libcrypto/arch/powerpc/chachap10-ppc.S
+348-579862 files not shown
+1,443-1,587868 files

LLVM/project 5997a17llvm/lib/Transforms/Scalar JumpThreading.cpp, llvm/test/Transforms/JumpThreading lifetime-alloca.ll

[JumpThreading] Fix lifetime markers when alloca requires SSA renaming (#188147)

JumpThreading can create PHI nodes for alloca values when threading
across blocks. This violates the requirement introduced in #149310 that
lifetime.start/end intrinsics must operate directly on allocas.

After SSA reconstruction, check if any lifetime marker for an alloca now
points to a PHI node. If so, drop all lifetime markers for that alloca.

Fixes #167733
DeltaFile
+80-0llvm/test/Transforms/JumpThreading/lifetime-alloca.ll
+19-5llvm/lib/Transforms/Scalar/JumpThreading.cpp
+99-52 files

LLVM/project 784836dflang/include/flang/Optimizer/Dialect FIROps.td, flang/lib/Optimizer/CodeGen CodeGen.cpp

[FIR] add a fir.shape_extents operation (#199361)

Add fir.shape_extents op. This takes a !fir.shape<n> and unpacks it into
n integer SSA values (one per dimension, row-to-column order). This
supports lowering when extent values are needed but the defining
fir.shape is not visible.

FIRToMemRef now inserts fir.shape_extents when recovering extents from a
shape operand that is not a direct fir.shape / fir.shape_shift /
existing fir.shape_extents result (e.g. block arguments from
fir.select_case).

Also allow live fir.shape values at fir-to-llvm lowering: !fir.shape<n>
maps to an n-field i64 LLVM struct, and live fir.shape ops lower via
llvm.undef + llvm.insertvalue. fir.shape_extents lowers via
llvm.extractvalue (+ cast to index).

In the original path, cg-rewrite still fuses shape-bearing fir.embox /
fir.array_coor into fircg.* forms and shapes remain dead before LLVM

    [10 lines not shown]
DeltaFile
+97-12flang/lib/Optimizer/CodeGen/CodeGen.cpp
+89-0flang/test/Fir/shape-to-llvm.mlir
+66-14flang/lib/Optimizer/Transforms/FIRToMemRef.cpp
+71-0flang/lib/Optimizer/Dialect/FIROps.cpp
+57-0flang/test/Fir/shape-extents.mlir
+35-0flang/include/flang/Optimizer/Dialect/FIROps.td
+415-263 files not shown
+451-509 files

LLVM/project d0a1f86lldb/source/Plugins/ObjectFile/Mach-O ObjectFileMachO.cpp MachOTrie.cpp

[lldb] Extract Mach-O export trie parsing into MachOTrie.{h,cpp} (NFC) (#202735)

ParseTrieEntries and its TrieEntry helpers were file-local statics in
ObjectFileMachO.cpp, unreachable from tests. Move them into a
self-contained translation unit (depending only on lldbUtility) so the
parser can be exercised in isolation.
DeltaFile
+1-127lldb/source/Plugins/ObjectFile/Mach-O/ObjectFileMachO.cpp
+126-0lldb/source/Plugins/ObjectFile/Mach-O/MachOTrie.cpp
+85-0lldb/source/Plugins/ObjectFile/Mach-O/MachOTrie.h
+1-0lldb/source/Plugins/ObjectFile/Mach-O/CMakeLists.txt
+213-1274 files

LLVM/project c901f5bclang/include/clang/Basic Attr.td, clang/test/Driver driverkit26-boundary.c simple-darwin.c

[clang][Darwin] Canonicalize DriverKit platform between DriverKit 26<->27 (#202690)

* Canonicalize driverkit26 to 27 in availability & deployment
versioning.
* Make darwin27 and later map 1:1 to the same macOS major version.

Resolves: rdar://178548081
DeltaFile
+23-0llvm/unittests/TargetParser/TripleTest.cpp
+11-2llvm/lib/TargetParser/Triple.cpp
+12-0clang/test/Driver/driverkit26-boundary.c
+5-0clang/test/Driver/simple-darwin.c
+2-0clang/include/clang/Basic/Attr.td
+53-25 files

LLVM/project 89b969eclang/lib/Driver Driver.cpp, clang/test/Driver hip-phases.hip hip-rdc-device-only.hip

Reapply "[Clang] Set default LTO mode for AMDGCN/SPIR-V targets to full" (#202714) (#202736)

This reverts commit 655462209f3444ecaf526de6e1df2a84d5e54e4b.
DeltaFile
+92-103clang/test/Driver/hip-phases.hip
+18-93clang/lib/Driver/Driver.cpp
+20-20clang/test/Driver/hip-rdc-device-only.hip
+13-12clang/test/Driver/hip-binding.hip
+10-9clang/test/Driver/hip-spirv-backend-phases.c
+15-3clang/test/Driver/hip-device-compile.hip
+168-24032 files not shown
+277-32638 files

FreeBSD/src 20bfab9contrib/ldns net.c error.c, contrib/ldns/ldns error.h

ldns: Fix query response validation

Approved by:    so
Security:       FreeBSD-SA-26:36.ldns
Security:       CVE-2026-10846
DeltaFile
+90-2contrib/ldns/net.c
+6-0contrib/ldns/error.c
+4-1contrib/ldns/ldns/error.h
+100-33 files

FreeBSD/src 865c8ffcrypto/openssl/crypto/asn1 a_mbstr.c, crypto/openssl/ssl/quic quic_rx_depack.c quic_fifd.c

openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Reject oversized inputs in ASN1_mbstring_ncopy()
  cms: kek_unwrap_key: Fix out-of-bounds read in check-byte validation
  cms: kek_unwrap_key: test for fix out-of-bounds read in check-byte validation
  Avoid length truncation in ASN1_STRING_set
  pkcs12: verify that the pbmac1 key length is safe
  Reject potentially forged encrypted CMS AuthEnvelopedData messages
  QUIC stack must limit the number of PATH_CHALLENGE frames processed in RX
  Fix NULL dereference in QUIC address validation
  Fix potential NULL dereference processing CMS PasswordRecipientInfo
  Fix potential NULL dereference in OSSL_CRMF_ENCRYPTEDVALUE_decrypt()
  Enforce implicit rejection for CMS/PKCS#7 decryption
  Use the correct issuer when validating rootCAKeyUpdate
  Match the local q DHX parameter against the peer's q
  Apply the buffered IV on the AES-OCB EVP_Cipher() path
  Fix handling of empty-ciphertext messages in AES-GCM-SIV and AES-SIV
  Fix possible use-after-free in OpenSSL PKCS7_verify()

    [19 lines not shown]
DeltaFile
+140-0crypto/openssl/test/evp_extra_test.c
+37-25crypto/openssl/ssl/quic/quic_rx_depack.c
+46-2crypto/openssl/test/cmsapitest.c
+43-0crypto/openssl/ssl/quic/quic_fifd.c
+39-0crypto/openssl/ssl/quic/quic_channel_local.h
+28-3crypto/openssl/crypto/asn1/a_mbstr.c
+333-3027 files not shown
+473-9433 files

FreeBSD/src e1cdc49sys/kern imgact_elf.c, tests/sys/kern aslr.c Makefile

imgact_elf: Clear no-ASLR and -WXORX flags earlier for setugid images

Otherwise an unprivileged user can disable randomization of the base
address for PIEs even if they are setugid.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:32.elf
Security:       CVE-2026-49414
Reported by:    David Berard
Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57397
DeltaFile
+157-0tests/sys/kern/aslr.c
+28-27sys/kern/imgact_elf.c
+2-0tests/sys/kern/Makefile
+187-273 files

FreeBSD/src 3ac9726sys/compat/linux linux_elf.c

linux: Correct the issetugid check in copyout_auxargs

The runtime linker in glibc relies on the AT_SECURE auxv entry to know
whether the executable is set-ugid, if so then various dangerous
functionality such as LD_PRELOAD is disabled.

The check added in commit 669414e4fb74 failed to take into account the
fact that during execve, P_SUGID may not yet be set for a set-ugid
process.  Correct the test.

Approved by:    so
Security:       FreeBSD-SA-26:30.linux
Security:       CVE-2026-49413
Reported by:    Minseong Kim
Fixes:          669414e4fb74 ("Implement AT_SECURE properly.")
Reviewed by:    kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57350
DeltaFile
+1-3sys/compat/linux/linux_elf.c
+1-31 files

FreeBSD/src 7628e1dsys/dev/sound/pcm dsp.c buffer.c, tests/sys/sound mmap.c

sound: Fix software buffer lifetime issues

The channel buffer mapped by dsp_mmap_single() may be freed when the
device handle is closed, but the mapping persists beyond that, allowing
userspace to read or write memory owned by a different consumer.

Fix the problem by adding a reference counter to the sound buffer.
Define pager ops for the VM object returned by dsp_mmap_single() and use
them to manage the extra reference.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:27.sound
Security:       CVE-2026-49417
Reported by:    Lexpl0it, 75Acol, Liyw979, Rob1n
Reviewed by     kib
Sponsored by:   The FreeBSD Foundation
Differential Revision:  https://reviews.freebsd.org/D57393
DeltaFile
+77-16sys/dev/sound/pcm/dsp.c
+60-0tests/sys/sound/mmap.c
+36-2sys/dev/sound/pcm/buffer.c
+4-0sys/dev/sound/pcm/buffer.h
+177-184 files