[PowerPC] Fix combineSignExtendSetCC() for large/small types (#207721)
The code should reject larger types (like i128) and zero-extend smaller
types (like i8 and i16). Consolidate the handling based on being
smaller/larger than OpVT to reduce the number of PPC64 conditions.
rebirth the fontencc.[ch] files.
libXfont2 2.0.8 removed these without bumping the shlib, and to avoid
any possible problem with pullups, we're adding them back here. these
are just 5 shimming one-line functions that cost 270 bytes on amd64.
merge libXfont2 2.0.8.
(we're gonna put back these two files, since they've been removed
without the shlib being bumped, and we'd like to pull this up.
the symbols are almost certainly not used anywhere, but it still
feels wrong to drop them without a major bump.)
[Clang] No longer reject call expression whose type is a not-yet-deduced auto type. (#208007)
This fixes a regression introduced in #139246
Fixes #207565
[BOLT][AArch64] Support call ICP (#208158)
* extends MCPlusBuilder with comparision between registers.
* updates the ICP pass to request a scavenged register for AArch64
callsites.
* wires ICP code generation on AArch64.
captive portal: adjust accounting interval to Acct-Interim-Interval (#10474)
This changes the default interval to 600, which is the recommended
value according to RFC 2869.
p5-DBI: update to 1.650.
1.650 - 2026-07-06, H.Merijn Brand & Robert Rothenberg
* Set a hard limit of 99999 on '?' placeholders (CVE-2026-14739)
* Fix out-of-bounds read in preparse of SQL that starts with a comment (CVE-2026-14740)
* Fix code injection via Profile DSN attribute or DBI_PROFILE variable (CVE-2026-14380)
* Update dbipport.h to Devel::PPPort-3.73
* Require Test::More 0.96 (tests will otherwise fail on pristine perl-5.12)
modular-xorg-server: update to 21.1.24.
This release contains the fixes for the issues reported in today's
security advisory:
https://lists.x.org/archives/xorg-announce/2026-July/003716.html
- CVE-2026-55999: glamor Font Atlas Heap Buffer Overflow
- CVE-2026-56000: GLX contextTags Use-After-Free in CommonMakeCurrent()
As noted in the security advisory, CVE-2026-56000 seems to depend on a
commit not previously in a 21.1.x release (but is present in this
release). As far as we can tell, 21.1.23 and earlier are not vulnerable
to CVE-2026-56000.
On top of those we have few cleanup fixes backported to the 21.1 releases.
libXfont2: update to 2.0.8.
This release contains the fixes for the issues reported in today's
security advisory:
https://lists.x.org/archives/xorg-announce/2026-July/003714.html
- CVE-2026-56001: BitmapScaleBitmaps Integer Overflow Heap Buffer Overflow
- CVE-2026-56002: PCF Font Parsing Heap Buffer Overflow
- CVE-2026-56003: computeProps Property Buffer Heap Buffer Overflow
Additionally it contains a number of minor cleanup patches and the
removal of a decades-obsolete compat API.
wxGTK32: updated to 3.2.11
3.2.11 includes an unusually huge amount of bug fixes for possible security
problems, probably prompted by the increasing use of LLMs for finding them and
also helped by the addition of extra fuzzers. Upgrading to this version is
strongly recommended if you use any of the functions or classes mentioned below
in untrusted contexts:
Fix multiple buffer overflows in wxBMPHandler: when loading malformed BMP files with invalid RLE data
Fix multiple buffer overflows in wxXPMDecoder
Fix multiple problems in wxGIFHandler: reject more invalid GIFs and do it without leaking memory
Fix buffer overflow in wxTarInputStream
Fix out-of-bounds read in wxFileType::ExpandCommand()
Fix buffer overflow in wxVsnprintf()
Fix out-of-bounds read in wxRegEx::Replace()
Fix out-of-bounds read in wxUString
Fix wxDateTime::Format() handling of invalid format
Fix buffer overflow in wxGethostby{addr,name}_r()
Fix multiple buffer overflows in wxIFFDecoder: out-of-bounds palette write
[8 lines not shown]
[LoopInterchange] Fix crash when dbg_value exists right after PHI (#208147)
When enabling reduction2mem with `-loop-interchange-reduction-to-mem`
and the input IR contains `dbg_value`s immediately after a certain PHI
node, assertion failure could be triggered due to the insertion position
of newly created PHI node. This patch fixes the issue by changing
IRBuilder ctor to be called. TBH, I'm not entirely sure what the
difference is between `IRBuilder::IRBuilder(Instruction *)` and
`IRBuilder::IRBuilder(BasicBlock *, BasicBlock::iterator)`, but judging
from the generated code, the behavior with this patch seems reasonable.
Taken over from #183273