HardenedBSD/ports 0fce4f7devel/gitaly distinfo, net-im/teams distinfo

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+13-13devel/gitaly/distinfo
+6-6www/gitlab/distinfo
+5-5net-im/teams/distinfo
+5-5net/gitlab-agent/distinfo
+5-5www/gitlab-pages/distinfo
+5-5www/gitlab-workhorse/distinfo
+39-396 files not shown
+48-4912 files

OPNSense/plugins c8c7436www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms dialogLayer4.xml, www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy Caddy.php Caddy.xml

www/caddy: Add Layer 4 upstream originate TLS feature (#5263)

* www/caddy: Add Layer 4 upstream originate TLS feature, which can connect to an upstream via TLS after TLS has been terminated

* Add a proper validation for OriginateTls and modernize validation logic with framework cast helpers
DeltaFile
+45-40www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.php
+21-15www/caddy/src/opnsense/service/templates/OPNsense/Caddy/includeLayer4
+10-0www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dialogLayer4.xml
+6-1www/caddy/src/opnsense/mvc/app/views/OPNsense/Caddy/reverse_proxy.volt
+6-0www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
+88-565 files

NetBSD/pkgsrc ycIPX5qsysutils/py-ansible-compat distinfo Makefile

   py-ansible-compat: updated to 25.12.1

   25.12.1

   Bump pillow from 12.1.0 to 12.1.1 in the uv group across 1 directory
   Bump cryptography from 46.0.4 to 46.0.5 in the uv group across 1 directory
VersionDeltaFile
1.37+4-4sysutils/py-ansible-compat/distinfo
1.44+2-2sysutils/py-ansible-compat/Makefile
+6-62 files

NetBSD/pkgsrc PhHcGmfdoc CHANGES-2026

   Updated net/py-botocore, net/py-boto3, net/py-awscli, devel/py-awscrt
VersionDeltaFile
1.1430+5-1doc/CHANGES-2026
+5-11 files

NetBSD/pkgsrc VmVYrybdevel/py-awscrt distinfo Makefile

   py-awscrt: updated to 0.31.2

   0.31.2

   Flow Control for HTTP/1.1 and HTTP/2
   Update Skipped MQTT5 Tests
   Update manifest for s2n feature probe
   Add support for XXHash algos
VersionDeltaFile
1.3+4-4devel/py-awscrt/distinfo
1.4+2-2devel/py-awscrt/Makefile
+6-62 files

NetBSD/pkgsrc Yg34eW0net/py-awscli PLIST distinfo

   py-awscli: updated to 1.44.48

   1.44.48
   =======

   * api-change:``backup-gateway``: This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates.
   * api-change:``ec2``: Add c8id, m8id and hpc8a instance types.
   * api-change:``ecs``: Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs.
   * api-change:``marketplace-entitlement``: Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response.
   * api-change:``meteringmarketplace``: Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters.
   * api-change:``securityhub``: Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2


   1.44.47
   =======

   * api-change:``batch``: AWS Batch documentation update for service job capacity units.
   * api-change:``ec2``: Add support for EC2 Capacity Blocks in Local Zones.
   * api-change:``ecr``: Update repository name regex to comply with OCI Distribution Specification

    [78 lines not shown]
VersionDeltaFile
1.56+2-35net/py-awscli/PLIST
1.75+4-4net/py-awscli/distinfo
1.81+2-2net/py-awscli/Makefile
+8-413 files

NetBSD/pkgsrc XU3Du3gnet/py-boto3 distinfo Makefile

   py-boto3: updated to 1.42.58

   1.42.58
   =======

   * api-change:``backup-gateway``: [``botocore``] This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates.
   * api-change:``ec2``: [``botocore``] Add c8id, m8id and hpc8a instance types.
   * api-change:``ecs``: [``botocore``] Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs.
   * api-change:``marketplace-entitlement``: [``botocore``] Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response.
   * api-change:``meteringmarketplace``: [``botocore``] Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters.
   * api-change:``securityhub``: [``botocore``] Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2


   1.42.57
   =======

   * api-change:``batch``: [``botocore``] AWS Batch documentation update for service job capacity units.
   * api-change:``ec2``: [``botocore``] Add support for EC2 Capacity Blocks in Local Zones.
   * api-change:``ecr``: [``botocore``] Update repository name regex to comply with OCI Distribution Specification

    [80 lines not shown]
VersionDeltaFile
1.63+4-4net/py-boto3/distinfo
1.67+2-2net/py-boto3/Makefile
+6-62 files

NetBSD/pkgsrc nIv2r6hnet/py-botocore PLIST distinfo

   py-botocore: updated to 1.42.58

   1.42.58
   =======

   * api-change:``backup-gateway``: This release updates GetGateway API to include deprecationDate and softwareVersion in the response, enabling customers to track gateway software versions and upcoming deprecation dates.
   * api-change:``ec2``: Add c8id, m8id and hpc8a instance types.
   * api-change:``ecs``: Adding support for Capacity Reservations for ECS Managed Instances by introducing a new "capacityOptionType" value of "RESERVED" and new field "capacityReservations" for CreateCapacityProvider and UpdateCapacityProvider APIs.
   * api-change:``marketplace-entitlement``: Added License Arn as a new optional filter for GetEntitlements and LicenseArn field in each entitlement in the response.
   * api-change:``meteringmarketplace``: Added LicenseArn to ResolveCustomer response and BatchMeterUsage usage records. BatchMeterUsage now accepts LicenseArn in each UsageRecord to report usage at the license level. Added InvalidLicenseException error response for invalid license parameters.
   * api-change:``securityhub``: Security Hub added EXTENDED PLAN integration type to DescribeProductsV2 and added metadata.product.vendor name GroupBy support to GetFindingStatisticsV2


   1.42.57
   =======

   * api-change:``batch``: AWS Batch documentation update for service job capacity units.
   * api-change:``ec2``: Add support for EC2 Capacity Blocks in Local Zones.
   * api-change:``ecr``: Update repository name regex to comply with OCI Distribution Specification

    [80 lines not shown]
VersionDeltaFile
1.60+14-9net/py-botocore/PLIST
1.75+4-4net/py-botocore/distinfo
1.79+2-2net/py-botocore/Makefile
+20-153 files

LLVM/project 72ad4d2llvm/test/CodeGen/AMDGPU amdgcn.bitcast.1024bit.ll amdgcn.bitcast.512bit.ll, llvm/test/MC/AMDGPU gfx8_asm_vop3.s gfx7_asm_vop3.s

Merge branch 'main' into users/evelez7/clang-doc-anonymous-enums
DeltaFile
+121,423-138,333llvm/test/CodeGen/AMDGPU/amdgcn.bitcast.1024bit.ll
+43,316-44,830llvm/test/CodeGen/AMDGPU/amdgcn.bitcast.512bit.ll
+42,349-42,348llvm/test/MC/AMDGPU/gfx8_asm_vop3.s
+41,419-41,418llvm/test/MC/AMDGPU/gfx7_asm_vop3.s
+36,428-36,427llvm/test/MC/AMDGPU/gfx9_asm_vop3.s
+28,175-28,174llvm/test/MC/AMDGPU/gfx9_asm_vopc.s
+313,110-331,53018,218 files not shown
+2,990,465-1,991,46518,224 files

OpenBSD/ports vkZ9AD5databases/postgresql distinfo Makefile, databases/postgresql/pkg PLIST-docs

   Update to PostgreSQL 18.3

   Fixes:

   CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory

   CVE-2026-2004: PostgreSQL intarray missing validation of type of input
   to selectivity estimator executes arbitrary code

   CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes
   arbitrary code

   CVE-2026-2006: PostgreSQL missing validation of multibyte character
   length executes arbitrary code

   CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern
   onto server memory

   OK landry@
VersionDeltaFile
1.109+2-2databases/postgresql/distinfo
1.318+1-2databases/postgresql/Makefile
1.122+2-0databases/postgresql/pkg/PLIST-docs
+5-43 files

LLVM/project 192acd6clang/include/clang/Basic BuiltinsAMDGPU.td, clang/test/CodeGenHIP builtins-amdgcn-gfx1250-wmma-f16.hip

[Clang][AMDGPU] Change __fp16 to _Float16 in GFX1250 WMMA/SWMMAC builtin definitions (#183493)

Change the type signature of `gfx1250 WMMA/SWMMAC` builtins from
`__fp16` to `_Float16` in the tablegen builtin definitions.
DeltaFile
+469-0clang/test/CodeGenHIP/builtins-amdgcn-gfx1250-wmma-f16.hip
+16-16clang/include/clang/Basic/BuiltinsAMDGPU.td
+485-162 files

HardenedBSD/ports b83e329devel/gitaly distinfo, net/gitlab-agent distinfo

www/gitlab: security and patch update to 18.9.1

Changes:        https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/
Security:       102a03c9-1316-11f1-93ca-2cf05da270f3
DeltaFile
+13-13devel/gitaly/distinfo
+6-6www/gitlab/distinfo
+5-5www/gitlab-pages/distinfo
+5-5www/gitlab-workhorse/distinfo
+5-5net/gitlab-agent/distinfo
+1-1www/gitlab/Makefile.common
+35-356 files

FreeBSD/ports b83e329devel/gitaly distinfo, net/gitlab-agent distinfo

www/gitlab: security and patch update to 18.9.1

Changes:        https://about.gitlab.com/releases/2026/02/25/patch-release-gitlab-18-9-1-released/
Security:       102a03c9-1316-11f1-93ca-2cf05da270f3
DeltaFile
+13-13devel/gitaly/distinfo
+6-6www/gitlab/distinfo
+5-5www/gitlab-workhorse/distinfo
+5-5www/gitlab-pages/distinfo
+5-5net/gitlab-agent/distinfo
+1-1www/gitlab/Makefile.common
+35-356 files

FreeBSD/ports 0dcff6fwww/py-fastapi-sso distinfo Makefile

www/py-fastapi-sso: Update to 0.21.0

Changelog: https://github.com/tomasvotava/fastapi-sso/releases/tag/0.21.0

Reported by:    portscout
DeltaFile
+3-3www/py-fastapi-sso/distinfo
+1-1www/py-fastapi-sso/Makefile
+4-42 files

HardenedBSD/ports 0dcff6fwww/py-fastapi-sso distinfo Makefile

www/py-fastapi-sso: Update to 0.21.0

Changelog: https://github.com/tomasvotava/fastapi-sso/releases/tag/0.21.0

Reported by:    portscout
DeltaFile
+3-3www/py-fastapi-sso/distinfo
+1-1www/py-fastapi-sso/Makefile
+4-42 files

LLVM/project 32134a6mlir/lib/Dialect/LLVMIR/IR LLVMDialectBytecode.cpp, mlir/test/mlir-tblgen bytecode-write.td

[mlirbc] Switch generator to enable write's with failures. (#182464)

Previously one had to have a matching case per entry (e.g., one could
use a printer predicate, but the assumption was one woujld never
fallback) and just always return success.
DeltaFile
+28-0mlir/test/mlir-tblgen/bytecode-write.td
+8-5mlir/tools/mlir-tblgen/BytecodeDialectGen.cpp
+0-7mlir/lib/Dialect/LLVMIR/IR/LLVMDialectBytecode.cpp
+36-123 files

LLVM/project ed8f080clang/www cxx_status.html

[Clang][docs] Fix proposal number typo for P1847R4 (#183671)

This PR fixes a typo in `clang/www/cxx_status.html`. 

The link text for the feature "Make declaration order layout mandated"
incorrectly referred to **P1874R4**, while the actual URL
(https://wg21.link/p1847r4) and the feature name correctly point to
**P1847R4**.

This change corrects the displayed text to match the proposal number.
DeltaFile
+1-1clang/www/cxx_status.html
+1-11 files

LLVM/project 86b99efclang/docs ReleaseNotes.rst, clang/lib/Sema SemaDecl.cpp

Revert "[Sema] Fix crash on invalid operator template-id (#181404)" (#183682)

Reverts llvm/llvm-project#181404
(c056d7c5d6ea076b38fa937c54ab44ce2e5a95e1) because of post-commit ci
failure.
DeltaFile
+0-7clang/test/SemaCXX/crash-invalid-operator-template.cpp
+0-4clang/lib/Sema/SemaDecl.cpp
+0-1clang/docs/ReleaseNotes.rst
+0-123 files

FreeBSD/src bd758ebsys/netinet ip_divert.c

divert: unbreak the LINT-NOIP build

Only expose `dcb` when either `INET` or `INET6` is defined.

Reported by:    clang (`-Wunused`)
MFC after:      1 week
Fixes 5547a7bb39 ("divert: Use a better source identifier...")
Differential Revision: https://reviews.freebsd.org/D55548
DeltaFile
+3-2sys/netinet/ip_divert.c
+3-21 files

LLVM/project 07007b7lldb/source/Host/macosx/objcxx HostInfoMacOSX.mm

[lldb] Don't add remap entries for empty segments (#183651)

There are some binaries in the shared cache with a zero-length segment,
or segments who get mapped to lldb address 0 to indicate a failure. Do
not add entries to the VirtualDataExtractor's LookupTablefor those -
they
are not readable.

rdar://171106338
DeltaFile
+2-1lldb/source/Host/macosx/objcxx/HostInfoMacOSX.mm
+2-11 files

LLVM/project 145051bclang/docs ReleaseNotes.rst, clang/lib/Sema SemaDecl.cpp

Revert "[Sema] Fix crash on invalid operator template-id (#181404)"

This reverts commit c056d7c5d6ea076b38fa937c54ab44ce2e5a95e1.
DeltaFile
+0-7clang/test/SemaCXX/crash-invalid-operator-template.cpp
+0-4clang/lib/Sema/SemaDecl.cpp
+0-1clang/docs/ReleaseNotes.rst
+0-123 files

LLVM/project b033dcbclang/unittests/Analysis/Scalable/Serialization/JSONFormatTest TUSummaryTest.cpp, lldb/test/API/functionalities/postmortem/FreeBSD-Kernel-Core/tools libfbsdvmcore-hacks.patch

rebase

Created using spr 1.3.7
DeltaFile
+456-103llvm/test/Transforms/LoopUnrollAndJam/unroll-and-jam.ll
+0-323lldb/test/API/functionalities/postmortem/FreeBSD-Kernel-Core/tools/libfbsdvmcore-hacks.patch
+301-0llvm/test/CodeGen/AArch64/faddv.ll
+140-134clang/unittests/Analysis/Scalable/Serialization/JSONFormatTest/TUSummaryTest.cpp
+160-64llvm/test/Transforms/LoopUnrollAndJam/dependencies.ll
+2-221llvm/test/CodeGen/PowerPC/fmf-propagation.ll
+1,059-845180 files not shown
+4,264-1,909186 files

LLVM/project 77600cbmlir/lib/Dialect/XeGPU/Transforms XeGPULayoutImpl.cpp, mlir/test/Dialect/XeGPU propagate-layout-inst-data.mlir propagate-layout.mlir

[MLIR][XeGPU] XeGPU Layout adds support for fractional-subgroup-size vector  (#183434)

This PR enhances the layout assignment for XeGPU load/store operations
to handle vector size smaller than subgroup size.
Say for vector[4], in case of lane_data=[1], lane_layout=[4] and
inst_data=[4].
The fractional-subgroup-size vector support is required to support the
cross-subgroup reduction case. The number of participant subgroups in
reduction can be small, so it causes each subgroup needs to reduce a
small vector size, often a fraction of subgroup size.
Most layout-based subgroup distribution patterns support
fraction-subgroup-size without no change except a few: reduction,
insert/extract, constant. We don't expect ND operations (like
load_nd/store_nd/dpas) accept fractional-subgroup-size vector.
DeltaFile
+18-16mlir/lib/Dialect/XeGPU/Transforms/XeGPULayoutImpl.cpp
+15-1mlir/test/Dialect/XeGPU/propagate-layout-inst-data.mlir
+14-0mlir/test/Dialect/XeGPU/propagate-layout.mlir
+47-173 files

LLVM/project f30dfe7mlir/tools/mlir-tblgen OpDocGen.cpp

Revert "[mlir-tblgen] Remove `namespace {}` around OpDocGroup (#182721)" (#183458)

Reverts #182721, it's not needed after #183457.

It was a work around for #182720.

This reverts commit a0f344f69d7eb5d87dd78c628a196a3a7440e792.
DeltaFile
+2-4mlir/tools/mlir-tblgen/OpDocGen.cpp
+2-41 files

LLVM/project b354b20clang/lib/Driver SanitizerArgs.cpp, clang/test/Driver fsanitize-minimal-runtime.c

[SafeStack] Allow -fsanitize-minimal-runtime with -fsanitize=safestack (#183644)

SafeStack does not require a full sanitizer runtime, so it should be
compatible
with the minimal runtime flag.
DeltaFile
+3-3clang/lib/Driver/SanitizerArgs.cpp
+6-0compiler-rt/test/safestack/overflow.c
+4-0clang/test/Driver/fsanitize-minimal-runtime.c
+13-33 files

LLVM/project 5929c90mlir/lib/Dialect/Vector/IR VectorOps.cpp

[mlir][vector] Fix fold result for empty vector.mask with no results (#180345)

This PR fixes `foldEmptyMaskOp` to return `failure` when folding an
empty vector.mask whose terminatorhas no operands. Previously this case
returned success without producing any folded results, which violates
the folding contract. Fixes #177825.
DeltaFile
+2-4mlir/lib/Dialect/Vector/IR/VectorOps.cpp
+2-41 files

NetBSD/pkgsrc Us8hY2vdoc CHANGES-2026 TODO

   doc: Updated lang/racket to 9.1
VersionDeltaFile
1.1429+2-1doc/CHANGES-2026
1.26869+1-2doc/TODO
+3-32 files

NetBSD/pkgsrc vMRt0wwlang/racket PLIST distinfo

   racket: update to 9.1

   - Documentation organization and navigation can be specialized by
     language family, to allow users to interact with documentation in a
     way that is tailored to that language family. This is currently used
     by Rhombus.
   - The `for` form and its variants accept an `#:on-length-mismatch`
     specifier. 3.18 Iterations and Comprehensions: for, for/list, ...
   - DrRacket improves the GUI for choosing color schemes.
   - DrRacket has curved syntax arrows. The degree of curvature indicates
     the relative left- or right-displacement of the arrow's target.
   - DrRacket's "Insert Large Letters" uses characters that match the
     comment syntax of the buffer's language, making it useful (and fun!)
     in Rhombus.
   - The `exn-classify-errno` maps network and filesystem error numbers
     on various platforms to posix-standard symbols, to enable more
     portable code. 10.2 Exceptions
   - The behavior of Racket BC on certain character operations (most
     notably `eq?`)  is changed to match that of Racket CS, with a small

    [18 lines not shown]
VersionDeltaFile
1.26+88-15lang/racket/PLIST
1.32+4-4lang/racket/distinfo
1.124+2-3lang/racket/Makefile
+94-223 files

NetBSD/pkgsrc YZYf3BEdoc CHANGES-2026

   doc: Updated lang/racket-textual to 9.1
VersionDeltaFile
1.1428+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc ERhI0OZlang/racket-textual PLIST distinfo

   racket: update to 9.1

   - Documentation organization and navigation can be specialized by
     language family, to allow users to interact with documentation in a
     way that is tailored to that language family. This is currently used
     by Rhombus.
   - The `for` form and its variants accept an `#:on-length-mismatch`
     specifier. 3.18 Iterations and Comprehensions: for, for/list, ...
   - DrRacket improves the GUI for choosing color schemes.
   - DrRacket has curved syntax arrows. The degree of curvature indicates
     the relative left- or right-displacement of the arrow's target.
   - DrRacket's "Insert Large Letters" uses characters that match the
     comment syntax of the buffer's language, making it useful (and fun!)
     in Rhombus.
   - The `exn-classify-errno` maps network and filesystem error numbers
     on various platforms to posix-standard symbols, to enable more
     portable code. 10.2 Exceptions
   - The behavior of Racket BC on certain character operations (most
     notably `eq?`)  is changed to match that of Racket CS, with a small

    [18 lines not shown]
VersionDeltaFile
1.21+16-4lang/racket-textual/PLIST
1.29+4-4lang/racket-textual/distinfo
1.48+2-2lang/racket-textual/Makefile
+22-103 files