sys: add safe_read(9)
The MD function with MI interface to provide a way to read arbitrary
(canonical) KVA. amd64 only for now.
Reviewed by: markj
Tested by: aokblast
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D49566
[libc] Move fixed buffer GPU test to an integration test (#200042)
Move the `fixedbuffer` GPU test to an integration test.
libc tests are intended to be GTest style tests written with the normal
`TEST(Suite, Test)` GTest macros. Example
[here](https://github.com/llvm/llvm-project/blob/main/libc/test/include/SignbitTest.h#L32).
This test has its own `main` which ends up causing a `main multiple
definitions` linker error when compiling for SPIR-V (work in progress).
I'm not sure why this error doesn't occur for AMDGPU, probably the fact
we have to compile with a ton less compile/linker flags for SPIR-V and
one of them hides the issue.
Specifically the fix is that we don't link against
`libc/test/UnitTest/CMakeFiles/LibcTest.hermetic.dir/LibcTestMain.cpp.o`
which has its own main which conflicts with the one defined in the test.
All other tests in this directory are integration tests too.
[4 lines not shown]
tests: Fix reliability issues in POSIX ACL tests
The ACL tests use UIDs and GIDs 41 through 49 and expect them to be
unassigned. Since GID 43 is now assigned to the audio group, some
tests have begun to fail.
While here, also fix a benign Perl syntax issue in the test runner.
MFC after: 1 week
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D57297
llvm: Fix most LLVM_ABI annotations in Analysis (#199019)
This updates most LLVM_ABI annotations in the Analysis headers to match
expected usage:
* All public APIs should be properly annotated.
* Inlined functions should not be annotated.
These changes were done by a script fixing annotations on LLVM public
headers and manually checked.
This effort is tracked in #109483.
net-mgmt/netbox: Move away from py-dj52-* ports
* The counterparts of the py-dj52-* ports switched to Django 5.2 in
ce59801b72ef, thus move Netbox to those ones.
* Bump PORTREVISION due changed dependencies.
PR: 291707
www/py-django-filter: Update to 25.2
* Add DRF option to reflect the settings as noted in "pyproject.toml"
and make it default because Django REST framework is used by many
Django implementations.
Changelog:
https://github.com/carltongibson/django-filter/blob/25.2/CHANGES.rst
[InstCombine] Drop the correct assume when working on assume bundles (#198404)
Currently, all assumes of the same kind in an assume bundle are dropped,
even though only a single one is actually checked to be redundant and
should be dropped. This introduces a new `removeOperandFromBundleAt`,
which instead drops a bundle at a specific position. This should also be
faster, since copying the bundles can now be done into an already
correctly allocated vector.
py-sphinx-issues: updated to 6.0.0
6.0.0 (2026-03-13)
Backwards-incompatible: Remove implicit extraction of group/project from GitHub URLs in issues_uri. If you relied on setting _only_ issues_uri (e.g. https://github.com/myuser/myproject/issues/{issue}) without also setting issues_github_path or issues_default_group_project, you must now explicitly set one of those options in your conf.py:
Before:
issues_uri = "https://github.com/myuser/myproject/issues/{issue}"
After:
issues_github_path = "myuser/myproject"
Support Python 3.10-3.14. 3.9 is no longer supported, as it is EOL.
Pin lower bound of Sphinx to 8.1.0 (see "Sphinx version support policy above").
py-tornado: updated to 6.5.6
6.5.6
Security fixes
SimpleAsyncHTTPClient now strips the Authorization and Cookie headers from the request when following a redirect to a different origin. This matches the default behavior of CurlAsyncHTTPClient. Applications that need different behavior here can set follow_redirects=False and handle redirects manually. Thanks to [Yannick Wang](https://github.com/noobone123) for being first to report this issue, as well as additional reporters [Kai Aizen](https://github.com/SnailSploit), [HunSec](https://github.com/0xHunSec), and [Thai Son Dinh](https://github.com/sondt99).
SimpleAsyncHTTPClient now enforces max_body_size on the decompressed size of the response, rather than the compressed size. This prevents a denial-of-service attack via a very large compressed response. Thanks to [Yuichiro Kedashiro](https://github.com/yuui25) for reporting this issue.
Fixed a bug in the C extension that could have read up to three bytes past the end of an input array. Thanks to [Thai Son Dinh](https://github.com/sondt99) for reporting this issue.
OpenIDMixin has improved parsing for the check_authentication response. Thanks to [Yannick Wang](https://github.com/noobone123) for reporting this issue.
Bug fixes
CurlAsyncHTTPClient has been updated to use non-deprecated APIs, avoiding deprecation warnings with recent versions of pycurl.
py-apache-libcloud: updated to 3.9.1
Changes in Apache Libcloud 3.9.1
Compute
- [VSphere] Add verify_ssl option
Add verify_ssl option, to enable the user to avoid SSL verification explicitly.
- [OpenStack] Initial Blazar support
This is an initial implementation of Blazar support in Libcloud. It currently
supports listing the available leases and hosts.
- [Azure ARM] Update US GovCloud AD endpoint for AZURE_ARM provider.
- [OpenStack] Add hypervisor_hostname attribute to OpenStack node.
- [GCP] Use the fully-qualified name for the GCP IMDS endpoint.
- [Azure ARM, Amazon S3] Add signed upload to azure and s3.
- [RcodeZero]: Fix issue when adding a record where a record with a different type already exists
DNS
[8 lines not shown]
[LoongArch] Add `-fstack-clash-protection` support (#195595)
This PR adds stack probing and `-fstack-clash-protection` support to the
LoongArch backend and Clang driver.
The implementation is largely borrowed from the RISCV backend (cf.
#117612, #139731), with the same allocation-unrolling strategy for
const-sized allocations.
pf: fix incorrect table decoding in netlink
We used nla_p_table for pfr_table structures, but this netlink decoder
was intended for pfioc_table and decoded an extra field, outside
of pfr_table. This allowed userspace to write (slightly) outside of
pfr_table.
Use a separate nlattr_parser for pfr_table.
PR: 295218
Reported by: Robert Morris <rtm at lcs.mit.edu>
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC ("Netgate")
(cherry picked from commit 64327f769cee0c26e1b81e6195a5092498b10403)
