vendor/bmake: Add back LICENSE and VERSION
* Keep LICENSE for vendor software, keeping consistent with other vendor
softwares.
* VERSION can be included in the Makefile to avoid hardcoding the
version there.
security/openvpn-devel: upgrade to commit 64fae9d829
this brings in the upstream development work that has happened over
the last two months, plus two CVE fixes:
- fix race condition in TLS handshake that could lead to leaking of
packet data from a previous handshake under specific circumstances
(CVE-2026-40215)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai at tencent.com))
- fix server ASSERT() on receiving a suitably malformed packet with
a valid tls-crypt-v2 key (CVE-2026-35058)
(Bug found by XlabAI Team of Tencent Xuanwu Lab (xlabai at tencent.com)
and independently by Emma Reuter of Cisco ASIG (TALOS-2026-2381))
besides this, most of the commits are code maintenance - modernizing
code, adjusting OpenSSL APIs used to be 4.0 compatible, adding more
[8 lines not shown]
security/openvpn-devel: Update 2.7_rc6 -> post-2.7 commit 38243844
OpenVPN 2.7.0 has been released and will show up as "security/openvpn"
soon.
This port skips 2.7.0 release and continues to track development versions,
which will focus on code cleanup / refactoring for the next few months.
Use this opportunity to bring option and dependency handling more in
line with main port
- X509ALTUSERNAME is gone (always-on now in upstream source)
- ASYNC_PUSH added, with freebsd-version dependent handling of
libinotify dependency (see PR 293176)
- UNITTEST added, with libcmocka dependency if unit tests are desired
(cherry picked from commit da00fa0ed292ff71ea1eeaa6902f70d53de9d512)
[RISCV] Canonicalize the true operand of vselect to fold more vmerge.vvm instructions (#206449)
Convert (vselect CC, true, false) to (vselect InvertCC, false, true)
when false has one use, true has multiple use and CC is SETEQ or ISD::SETNE.
When compile llvm-test-suite with --march=rv64gcv -O3 -ffast-math,
Without this patch, foldVMergeToMask removes `441` PseudoVMERGE_VVM
instructions.
With this patch, foldVMergeToMask removes `794` PseudoVMERGE_VVM
instructions.
zbookmark_compare: handle "marker" bookmarks with negative levels
"Marker" bookmarks (those with zb_level == ZB_ROOT_LEVEL, ZB_ZIL_LEVEL
or ZB_DNODE_LEVEL) represent valid blocks, but are associated with a
dataset directly rather than with a specific object within it. They end
up on bookmark lists during scan prefetch, and so need to be sorted
ahead of any "true" object blocks.
The problem is that for negative levels, BP_SPANB produces a negative
shift, which is not legal C. Fortunately the results are used only for
comparison, so the worst possible behaviour in a forgiving compilation
environment is a mis-sort, which for the scan/traverse cases, means that
we haven't prefetched certain metadata before we actually need it. But
there _is_ UB in there, and UBSAN does rightly complain.
Here we fix all this by handling these bookmarks directly - sorting them
ahead of "true" object blocks, which is usually what scan/traverse will
prefer. And we don't do any interesting math on these bookmarks, so we
sidestep the whole UB thing.
[6 lines not shown]
[flang][cuda] Add CUFAllocDelay pass to defer device descriptor allocation (#206882)
Add a new MLIR pass that delays cuf.alloc operations for allocatable
descriptor (box) types from function entry to just before their first
use. This defers cudaMallocManaged calls so that programs can call
cudaSetDevice or initialize communication libraries before any CUDA
context is created.
[clang] fix typo correction crash with template destructor names (#207101)
Disables typo correction for template destructor names, as typo
correction is not aware of destructors and would provide suugestions
which would form an invalid name.
Since this fixes a regression that was never released, there are no
release notes.
Fixes #206992
[clang] Fix crash in VisitVarTemplatePartialSpecializationDecl on failed instantiation (#200161)
Fixes #198890
When a class template is explicitly instantiated and a member variable
template's type involves a substitution failure (e.g. `typename T::type`
with `T=int`), `VisitVarDecl` returned `nullptr`, causing
`VisitVarTemplateDecl` to bail out before registering the
`VarTemplateDecl` in the owner's lookup table. A subsequent call to
`VisitVarTemplatePartialSpecializationDecl` then hit an assert
(`!Found.empty()`) on the empty lookup result.
Fix: When `SubstType` fails and `InstantiatingVarTemplate=true`, recover
by using `int` as the type (via `getTrivialTypeSourceInfo(IntTy)`) and
mark the resulting `VarDecl` invalid. This ensures
`VisitVarTemplateDecl` always receives a valid `VarDecl` and finishes
registering the `VarTemplateDecl`, preserving the invariant the asserts
rely on.
A regression test is added in `clang/test/SemaTemplate/GH198890.cpp`.
[orc-rt] Fix unused Expected::isFailureOfType, add testcase. (#207105)
Expected::isFailureOfType method template was calling a non-existant
Error::isFailureOfType method, but didn't trigger any compile errors as
isFailureOfType was unused. This commit fixes isFailureOfType and adds a
testcase to exercise it.
pkgconf: determine the default paths dynamically
This automatically computes the correct PKG_CONFIG_PATH with LOCALBASE
from the environment (when set) or from the "user.localbase" sysctl, in
this order.
Reviewed by: des
Approved by: des
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57246
wg-userspace(8): Ignore recvfrom errors.
On IPv6 networks, issuing sendto(2) when we've lost IPv6 connectivity
may eventually lead to the next recvfrom(2) failing with EHOSTDOWN.
Example ktrace:
8072 16529 rump_server 1782951176.090085182 CALL sendto(0xa,0x70fb4fa1b50c,0x60,0,0x70fb4f236b00,0x1c)
8072 16529 rump_server 1782951176.090085664 MISC msghdr: [name=0x70fb4f236b00, namelen=28, iov=0xffffc5126bfa8f50, iovlen=1, control=0x0, controllen=0, flags=0]
8072 16529 rump_server 1782951176.090086919 MISC mbsoname: [2601:...]
8072 16529 rump_server 1782951176.090093493 GIO fd 10 wrote 96 bytes
8072 16529 rump_server 1782951176.090094033 RET sendto 96/0x60
...
8072 23248 rump_server 1782951180.090105990 CALL recvfrom(0xa,0x70fb4efe203c,0x233a,0,0x70fb3f7cff50,0x70fb3f7cff4c)
8072 23248 rump_server 1782951180.090106339 MISC msghdr: [name=0x0, namelen=0, iov=0xffffc5126c63ff20, iovlen=1, control=0x0, controllen=0, flags=0]
8072 23248 rump_server 1782951180.090107309 RET recvfrom -1 errno 64 Host is down
In this case, wg_user_rcvthread mistakenly ignored the failing result
and blithely shoved the ssize_t -1 error indicator into
iov[1].iov_len and passed it on to rumpkern_recv_peer:
[34 lines not shown]
Merge tag 'bootconfig-fixes-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace
Pull bootconfig fix from Masami Hiramatsu:
- bootconfig: Fix NULL-pointer arithmetic
Fix undefined pointer arithmetic in xbc_snprint_cmdline() when
probing the buffer length with NULL and size 0. Track the written
length as a size_t instead to prevent build-time UBSan/FORTIFY_SOURCE
failures.
* tag 'bootconfig-fixes-v7.2-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace:
bootconfig: fix NULL-pointer arithmetic in xbc_snprint_cmdline()
nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools
Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted. The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created. The EINVAL failure leaves these new files
messed up (mode == 0).
This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.
If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.
PR: 296066
(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)
nfs_nfsdserv.c: Fix setting of birthtime for some ZFS pools
Some ZFS pools do not support va_birthtime and will return
EINVAL when a VOP_SETATTR() of it is attempted. The MacOS
NFSv4 client sets va_birthtime (TimeCreate) in the same
Setattr with ctime/mtime and other attributes after a new
file is created. The EINVAL failure leaves these new files
messed up (mode == 0).
This patch pretends the setting of TimeCreate succeeded if
ctime/mtime were also set in the same Setattr RPC, which
resolves the problem for the MacOS client.
If this fix is not sufficient, a new pathconf name to detect
if a file system supports birthtime may be needed.
PR: 296066
(cherry picked from commit b1af05406b5117d76f567056fba0a023a6374465)