[LifetimeSafety] Fix false negative for GSL Owner type with arrow operator (#184725)
`shouldTrackImplicitObjectArg` tracks whether a method call's return
value depends on the implicit object's lifetime. It already handles
operator* on Owner types (return reference), but misses operator->
(return pointer). This fix adds `OO_Arrow` handling for Owner types.
Only affects CFG (-Wlifetime-safety) analysis paths.
Fixes #184361
[BOLT] Check if symbol is in data area of function (#160143)
There are cases in which `getEntryIDForSymbol` is called, where the
given Symbol is in a constant island, and so BOLT can not find its
function. This causes BOLT to reach `llvm_unreachable("symbol not
found")` and crash. This patch adds a check that avoids this crash.
mvc: ConfigMaintenance: when constructing class names use a safer way to strip .php extension
It's not entirely clear what is going on in the report but since the class is more or less
"empty" it looks like a path has a "." in it and the leftmost part of that path wins the
explode() although it was meant to strip the PHP extension at the end instead.
Thus make the code safer and try again with the user.
PR: https://forum.opnsense.org/index.php?topic=51102.0
(cherry picked from commit df6d9ea777878b1bf62fe14f257581a95fd36bdb)
[AMDGPU] Make chain functions receive a stack pointer (#184616)
Currently, chain functions are free to set up a stack pointer if they
need one, and they assume they can start at scratch offset 0. This is
not correct if CWSR and dynamic VGPRs are both enabled, since in that
case we need to reserve an area at offset 0 for the trap handler, but
only when running on a compute queue (which we determine at runtime).
Rather than duplicate in every chain function the code sequence for
determining if/how much scratch space needs to be reserved, this patch
changes the ABI of chain functions so that they receive a stack pointer
from their caller.
Since chain functions can no longer use plain offsets to access their
own stack, we'll also need to allocate a frame pointer more often (and
sometimes also a base pointer). For simplicity, we use the same
registers that `amdgpu_gfx` functions do (s32, s33, s34). This may
change in the future. Chain functions never return to their caller and
thus don't need to preserve the frame or base pointer.
Another consequence is that now we might need to realign the stack in
some cases (since it no longer starts at the infinitely aligned 0).
let's take chardet back to 5.2.0 for now, 6.0.0 which we were using has
some performance regressions. also add comments linking to issues with
vibe-coded 7.x (incompatibility, serious startup speed issues, licensing
issues to be resolved).
jujutsu: avoid permission problems when using a jj work tree
If it exists, the "secure config" of a jj repo is stored in the 0600 file
.jj/repo/config-id which leads to permission problems if jj is run from
that repo with another user than the repo owner. This happens in particular
with PORTS_PRIVSEP if the ports tree is a jj work tree. So run jj from /tmp
to generate the man pages and the shell completions. This will still break
if you use jj to manage / or /tmp, but that's rather unlikely...
reported/tested/tweaked/ok semarie
[clang-tidy][NFC] Fix various clang-tidy finding (#184831)
I suspect many of them must slipped under the radar in CI because they
were absent in diff (like redundant includes).
Other cases must be some fixed FN in existing checks.
[lldb-dap] Fix valueLocationReference in setVariable request (#184782)
Fixed small typo. We always send invalidated event, so it is not a real
problem.
py-python-discovery: added version 1.1.0
You may have multiple Python versions installed on your machine -- system
Python, versions from pyenv, mise, asdf, uv, or the Windows registry (PEP 514).
python-discovery finds the right one for you.
Give it a requirement like python3.12 or >=3.11,<3.13, and it searches all
known locations, verifies each candidate, and returns detailed metadata about
the match. Results are cached to disk so repeated lookups are fast.
mlkem: use timingsafe_memcmp() in decapsulation
Replace memcmp() with timingsafe_memcmp() when comparing the
re-encrypted ciphertext.
FIPS 203 Section 6.3 defines this comparison result as a secret piece
of intermediate data that must not be revealed in any form.
ok tb
Firewall: Rules [new]: Fix category colors in grid (#9899)
* Firewall: Rules [new]: Fix category colors in grid
Before this change, the controller returned color values and the frontend matched them best effort to the category key. This means there was an implicit order, and this order could break.
With this change, order independant metadata is returned, and the frontend renders these categories directly in the category formatter.
* lazy load the Category model to simplify code
* Dedicated string cast is not needed here
* Apply suggestion from @fichtner
Co-authored-by: Franco Fichtner <franco at opnsense.org>
* Update src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/FilterBaseController.php
Co-authored-by: Stephan de Wit <stephan.de.wit at deciso.com>
[5 lines not shown]
add patch from upstream PR also needed to loosen tinycss2 version spec
when bleach is listed as a dependency via "bleach[css]"
reported by naddy->daniel
[lldb] Initial plugin and test for SymbolLocatorSymStore (#183302)
Minimal infrastructure for a the SymbolLocator plugin that fetches debug
info from Microsoft SymStore repositories. More features will follow.
SymbolVendorPECOFF was tailored towards DWARF debug info so far. This
patch adds code to load the PDB path from the executable and not bail
out if DWARF sections are missing, so that in the PDB case we still
call `AddSymbolFileRepresentation()` in the very end of
`CreateInstance()`.
The API test in this patch mocks the directory layout from SymStore, so
it doesn't depend on `SymStore.exe` from the Windows SDK. It runs on all
platforms that link debug info in a PDB file, which is still just
Windows, but it could be cross-platform in principle.
