NAS-141273 / 26.0.0-RC.1 / Remove shared pydantic `Field()` from API type aliases (by themylogin) (by bugclerk) (#19155)
## Problem
Several API fields that are declared *required* are silently treated as
**optional with a bogus default** at runtime. For example, on the
current API
(v25_10_4):
VMRAWDevice.path = '127.0.0.1' # required path field, no default
declared
`VMRAWDevice.path` is `path: NonEmptyString = Field(pattern=...)` — it
should be
required, but it inherits `'127.0.0.1'` (leaked from
`VMDisplayDevice.bind`).
So `vm.device.create` for a RAW device with no `path` passes validation
and
silently uses `'127.0.0.1'` as the file path instead of being rejected.
[73 lines not shown]
[BOLT][AArch64] Only reserve constant-island space when an island exists (#204261)
`tentativeLayout()` aligns every function's tail to its constant island
alignment even when the function has no constant island. This over-padded
nearly every function, drifting tentative layout from emitted layout non
trivially, while the emitter only pads when emitting real constant island.
Guard with `estimateConstantIslandSize() > 0` so tentative better matches
emitted.
[RISCV] Remove unused CHECK prefixes in `rvp-simd-32.ll` (#204383)
They were probably introduced by merge conflicts + UTC script changes.
---------
Co-authored-by: Craig Topper <craig.topper at sifive.com>
www/nginx-devel: Update to 1.31.2
Changes with nginx 1.31.2 17 Jun
2026
*) Security: use-after-free might occur when using HTTP/3 and
processing
a specially crafted QUIC session, allowing an attacker to cause
worker process memory corruption or segmentation fault in a
worker
process (CVE-2026-42530).
Thanks to Trung Nguyen of CyStack.
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers
off;"
and "large_client_header_buffers" with large configured values
when
proxying a specially crafted request to HTTP/2 or gRPC backend,
[28 lines not shown]
xps: Various build fixes for GCC 14.
Include config.h before any #if checks are done, so that they actually
pass.
This is necessary so that stdlib.h gets correctly included, otherwise
it implicitly declares loadavg(3) and fails to build with a modern
compiler.
virtio_net: Use bus_dma for command/ack buffers
While the majority of virtio platforms will be fully coherent, some may
require cache maintenance or other specific device memory handling (eg for
secure partitioning). Using bus_dma allows for these usecases.
The virtio buffers are marked as coherent; this should ensure that sync
calls are no-ops in the common cases.
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D55564
virtio_net: Use bus_dma for rxq/txq buffers
While the majority of virtio platforms will be fully coherent, some may
require cache maintenance or other specific device memory handling (eg for
secure partitioning). Using bus_dma allows for these usecases.
The virtio buffers are marked as coherent; this should ensure that sync
calls are no-ops in the common cases.
Reviewed by: andrew
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D55492
[OpenMP] Control KMP_CANCEL_THREADS via CMake and detect pthread_cancel (#193681)
KMP_CANCEL_THREADS was a preprocessor switch in kmp.h, with Android and
WASI explicitly #undef-ing it. Move the control to CMake:
- Detect pthread_cancel via check_symbol_exists()
- Drive KMP_CANCEL_THREADS from that result, emitted as a 0/1 #define in
kmp_config.h.cmake (overridable with -DLIBOMP_USE_CANCEL_THREADS=OFF).
- Drop the Android/WASM special-casing
[OpenMP] Improve dladdr error handling in ompd_init() (#201043)
Guard dlerror() result against NULL before passing to fprintf to avoid
confusing "(null)" output. Also guard dli_fname against NULL on the
success path before calling strrchr.
Assisted-by: Claude Sonnet 4.6
www/nginx: Update to 1.30.3
Changes with nginx 1.30.3 17 Jun
2026
*) Security: a heap memory buffer overflow might occur in a worker
process when using a configuration with "ignore_invalid_headers
off;"
and "large_client_header_buffers" with large configured values
when
proxying a specially crafted request to HTTP/2 or gRPC backend,
allowing an attacker to cause worker process memory corruption or
segmentation fault in a worker process (CVE-2026-42055).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially sent response with decoding
from
UTF-8 via the "charset_map" directive, allowing an attacker to
[7 lines not shown]
[lldb][test] Skip wasm-unsupported API tests (#204625)
WebAssembly inferiors are built with -fno-exceptions and run on a wasip1
runtime with no exec/fork/setpgid, no setjmp/longjmp (needs the
exception-handling proposal), no memory-protection faults/signals, and
no _Float16/__bf16 support. Mark the corresponding API tests as skipped
on wasm so they report unsupported instead of failing to build or run.
Merge tag 'fuse-update-7.2' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse updates from Miklos Szeredi:
- Fix lots of bugs, most from the late 6.x era, but some going back
to 2.6.x
- Add subsystems (io-uring, passthrough) and respective maintainers
(Bernd, Joanne and Amir)
- Separate transport and fs layers (Miklos)
- Don't block on cat /dev/fuse (Joanne)
- Perform some refactoring in fuse-uring (Joanne)
- Don't use bounce-buffer for READDIR reply in virtio-fs (Matthew Ochs)
- Clean up documentation (Randy)
[31 lines not shown]
xroar: Fix build on NetBSD and SunOS with GCC 14.
NetBSD and SunOS need _NETBSD_SOURCE and __EXTENSIONS__
respectively to get strsep(3) defined when _POSIX_C_SOURCE
is 200112L.
