pfctl: pfctl_get_astats() doesn't set errno
After commit 08f54dfca197 pfctl_get_astats() doesn't set errno anymore,
except in one place. Fix up that one place and adjust callers
appropriately.
Reviewed by: kp
Fixes: 08f54dfca197 ("pf: convert DIOCRGETASTATS to netlink")
Differential Revision: https://reviews.freebsd.org/D57608
Fix missing 2FA account flag and re-enable STIG tests
AccountFlag.TWOFACTOR was set in _get_user_obj() based on
self.twofactor_user, which only becomes true after the PAM OATH
conversation runs -- i.e. it was always false at that point. As a
result 2FA web sessions never carried the '2FA' flag and
validate_stig() rejected every credential, blocking STIG
enablement. This is why the suite had been failing for months.
Set TWOFACTOR in authenticate_oath() on success instead, where
the second factor has actually been verified, mirroring how OTPW
is recorded. Drop the now-dead check from _get_user_obj().
Re-enable tests/stig test_01 and test_02 and restore the conftest
server setup. test_03 stays skipped: its auditd-event checks need
the auditd daemon (Debian auditd.service + tnaudit), which is
managed outside middleware.
sysutils/boxrun: Update to 0.4.3
ChangeLog:
- support for VNET/epair networking
- support for devfs, and mountpoints
- several security improvements
- bugfixes
MFH: 2026Q2
(cherry picked from commit 1f686502344979246e35b30a6972388660bc672b)
[MCJIT] Fix frem.ll test failure with LLVM_ENABLE_RPMALLOC on Windows (#200319)
When compiled with `LLVM_ENABLE_RPMALLOC`, `lli.exe` links statically to
the runtime. With `LLVM_EXPORT_SYMBOLS_FOR_PLUGINS` enabled, `lli.exe`
exports a subset of symbols from the runtime library, but not all. In
particular, `printf()` is exported from the application binary, but
`fflush()` and `exit()` are not. For a JITted module, unresolved
external symbols are loaded either from the application or dynamic
libraries, in this case, from `msvcrt.dll`. The `MCJIT/frem.ll` test
attempts to flush the output, but because the functions resolve to
different CRT instances, the output data is lost.
The patch avoids the test failure by disabling exporting symbols from
`lli.exe` when it is linked with the static runtime library.
sysutils/boxrun: Update to 0.4.3
ChangeLog:
- support for VNET/epair networking
- support for devfs, and mountpoints
- several security improvements
- bugfixes
MFH: 2026Q2
[flang][semantics] Allow forward-typed PARAMETER constants under IMPLICIT NONE (#203398)
Under IMPLICIT NONE, flang rejected a named constant defined by a
PARAMETER statement whose explicit type declaration appears later in the
same specification part:
implicit none
parameter(n=4096)
integer n ! error: No explicit type declared for 'n'
end
Accept it as an extension, reusing the existing ForwardRefImplicitNone
language feature that already permits forward references to dummy
arguments and COMMON variables under IMPLICIT NONE(TYPE). The behavior
is accepted silently by default and emits a portability warning under
-pedantic.
Assisted-by: AI
[clang][StaticAnalyzer] Reduce MallocSizeofChecker false positives for layout-compatible types (#200253)
When one operand is a record type and the other is a non-record type,
treat them as compatible if they share the same size and the record's
alignment satisfies the scalar's alignment. This suppresses warnings for
patterns like `malloc(sizeof(std::atomic<int32_t>))` assigned to an
`int32_t *` (or a wrapper struct with an identical layout), while still
flagging genuinely mismatched types such as `long` vs `double` or
unrelated struct pairs.
rdar://177553628
---------
Co-authored-by: Claude Sonnet 4.6 <noreply at anthropic.com>
[clang][AVR] Add basic AVR builtin functions (#203214)
Adds support for AVR specific builtin functions as defined in:
https://gcc.gnu.org/onlinedocs/gcc/AVR-Built-in-Functions.html
The simpler builtins have been implemented: nop, sei, cli, sleep, wdr,
swap. And they are lowered to their llvm.avr.* intrinsics.
---------
Signed-off-by: Dakkshesh <beakthoven at gmail.com>
Reland "[clang][ssaf] Track target triple in TU and LU summaries" (#204218)
This commit introduces the following changes:
- Add `TargetTriple` field to `TUSummary`, `LUSummary`, and their encodings.
- Frontend captures the triple from `CompilerInstance::getTarget()` when extracting a TU summary.
- JSON format reads/writes a `target_triple` field at the root of each summary; reader rejects strings not in `llvm::Triple::normalize` form.
- All TU/LU JSON test inputs/outputs and unit tests updated to include the new field.
- `TargetParser` is added to `LLVM_LINK_COMPONENTS` for `clangScalableStaticAnalysisFrameworkCore`, which provides `Triple::normalize` and `Triple(string&&)` constructor that the `JSONFormat` sources reference.
`clang-ssaf-linker` uses a hardcoded triple for the link unit; surfacing the triple through the tool will be handled in a follow-up PR.
rdar://179403011
Make sanitizer special case list slash-agnostic (#149886)
This changes the glob matcher for the sanitizer special case format so
that it treats `/` as matching both forward and back slashes.
When dealing with cross-compiles or build systems that don't normalize
slashes, it's possible to run into file paths with inconsistent
slashiness, e.g. `../..\v8/include\v8-internal.h` when [building
chromium](https://g-issues.chromium.org/issues/425364464).
We can match this using the current syntax using this ugly kludge:
`src:*{/,\\}v8{/,\\}*`. However, since the format is explicitly for
listing file paths, it makes sense to treat `/` as denoting a path
separator rather than a literal forward slash. This allows us to write
the much more natural form `src:*/v8/*` and have it work on any
platform.
This is technically a behavior change, but it seems very unlikely to
come up in practice. It will only make a difference if a user has a
[9 lines not shown]
[scudo] Use the unmap function on MemMap object. (#204001)
The current call does a unmap(MemMap), but the rest of the code is doing
MemMap.unmap(XXX), so follow that pattern.
[flang][cuda] Avoid runtime copies for scalar constant host reads (#204193)
Fix CUDA Fortran lowering for host reads from scalar module variables
with the `constant` attribute.
Host code can read and write CUDA constants, while kernels read the
device constant symbol. Flang keeps a host-visible value for scalar
constant host accesses and uses a device symbol for kernels.
After preserving the host declaration, scalar read-backs such as `x = c`
could still be lowered as device-to-host runtime copies, passing a host
pointer as the CUDA source. This change lowers those read-backs as
regular host load/store operations, while keeping the runtime update for
host-to-device assignments.
When releasing, read trace index before reference counter decrement.
When btrace(8) is active, refcounting is traced using an index field
to the dt(4) backend. When two CPU simultaneously decrement the
reference count, one could free the object while the other is still
reading the index. Move the load before the dec separated by a
membar. Crashes seen while testing an experimental diff from dlg@.
OK cludwig@
[AMDGPU] Refine i8 extractelement cost model (#203932)
Expand the cases when i8 extract elements are free. The extract elements
should be free when they are part of a sequence that extract multiple
consecutive elements the size of a register. This change enables the
SLPVectorizer to keep extract elements over more costly shufflevectors.
This PR also undoes a previous change that made insert element free, but
those require sequences of shift/or instructions so shouldn't be free.