[mlir][vector] Skip redundant affine.apply when unrolling transfer ops. (#192700)
Unrolling transfer ops generates affine.apply ops for every
non-broadcasted dimension, even when the offset being added is zero.
Skip these.
Also export sliceTransferIndices to allow downstream projects to call
this method.
Co-authored-by: Claude Opus 4.6 (1M context) <noreply at anthropic.com>
[DAG] computeKnownFPClass - add ISD::EXTRACT_SUBVECTOR/INSERT_SUBVECTOR handling. (#190378)
This patch implements `ISD::EXTRACT_SUBVECTOR` and
`ISD::INSERT_SUBVECTOR` handling in `SelectionDAG::computeKnownFPClass`.
Fixes: #189586
[LangRef] Clarify requirement for non-pow-2 align bundle (#195631)
Now that null pointers are not necessarily zero pointers, I believe that
`"align"` with a non-power-of-two alignment should be requiring a zero
pointer specifically, not a null pointer.
This is because a zero pointer is aligned for any alignment (which we
can generalize to non-power-of-two alignments), while a -1 null pointer
only has alignment 1.
emulators/Ymir: Update 0.3.0 => 0.3.1
* Upstream removed the Ymir_INCLUDE_PACKAGING build option, so the port
removes it from CMAKE_OFF.
* Ymir documents all dependencies in its "About" window. This also
includes the vendored miniz from the vendored libchdr dependency and
requires the version constant from miniz.h. This library is currently
not available as a port and the Ymir port unbundles libchdr in the
first place, which is also configured to use the system-provided libz
instead of miniz.
Therefore remove all miniz references to unbreak the build.
Changelog:
https://github.com/StrikerX3/Ymir/releases/tag/v0.3.1
PR: 294992
Sponsored by: UNIS Labs
Captive Portal: remove redirection on HTTPS, ditch non-functional pass statement as well
In theory, clients only use HTTP to detect the presence of a portal.
If they were to use HTTPS, the 302 redirect would in most cases
not be accessible, as the certificate presented is most likely not
valid, cutting off the communication before any redirect to a login
page can happen.
The portal itself can and should remain accessible on HTTPS, as this
is the URL the redirect is pointing to. This may be attached to a
valid certificate as well, but the key point is that access to
this URL doesn't strictly need redirection for everything on port
443.
This should prevent clients opening bogus connections to the
captive portal, which consumes a lot of TLS traffic on the network
stack, bogging down lighttpd in bigger setups and creating
a lot of established states in pf.
vis.3: Try to better describe VIS_SAFE
The current text fails to draw the reader's attention to the fact that
VIS_SAFE essentially exempts certain characters from being encoded.
While here, fix some markup nits.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D56716
sysutils/mixer: Retire port
There is /etc/rc.d/mixer already, and does the same thing.
PR: 294661
Sponsored by: The FreeBSD Foundation
Approved by: mwm at mired.org (maintainer timeout, 2 weeks), diizzy
krb5: Fix two NegoEx parsing vulnerabilities
Bring in upstream commit 2e75f0d93 fixing two CVEs. Upstream commit
log is:
In parse_nego_message(), check the result of the second call to
vector_base() before dereferencing it. In parse_message(), check for
a short header_len to prevent an integer underflow when calculating
the remaining message length.
Reported by Cem Onat Karagun.
CVE-2026-40355:
In MIT krb5 release 1.18 and later, if an application calls
gss_accept_sec_context() on a system with a NegoEx mechanism
registered in /etc/gss/mech, an unauthenticated remote attacker can
trigger a null pointer dereference, causing the process to terminate.
[10 lines not shown]
[analyzer][NFC] Merge `BlockInvocationContext` class into `StackFrameContext` (#194857)
At the moment, the execution stack in the analyzer is represented with
the `LocationContext` base class and its two sub-classes
`StackFrameContext` and `BlockInvocationContext`. This hierarchy,
however, is more complicated than necessary and, in issue #190973, a
roadmap was created to reduce this hierarchy down to just a single
`StackFrame` class.
This patch implements the first five steps of that roadmap.
Specifically, the functionality of `BlockInvocationContext` was merged
into the `StackFrameContext` class and the `BlockInvocationContext`
class was removed together with its usages.
NAS-140882 / 27.0.0-BETA.1 / only update initramfs on value change (#18884)
When a tunable is updated, we only need to regenerate initramfs if the
actual value or enabled state is changed. If someone changes the
comment, there is no reason to regenerate it. Adds a test to validate
this scenario too.
