www/nginx-devel: Update to 1.31.0
Changes with nginx 1.31.0 13 May
2026
*) Security: when using the "proxy_set_body" directive, an attacker
might inject data in the proxied request to an HTTP/2 backend
(CVE-2026-42926).
Thanks to Mufeed VH of Winfunc Research.
*) Security: a heap memory buffer overflow might occur in a worker
process while handling a specially crafted request by
ngx_http_rewrite_module, potentially resulting in arbitrary code
execution (CVE-2026-42945).
Thanks to Leo Lin.
*) Security: a heap memory buffer overread might occur in a worker
process while handling a specially crafted response by
ngx_http_scgi_module or ngx_http_uwsgi_module, allowing an
[69 lines not shown]
[CIR] Route lambda and thunk aggregate returns through return slot (#197572)
Two related forwarding-call paths -- the captureless lambda
static-invoker `emitForwardingCallToLambda` in `CIRGenClass.cpp` and
vtable thunk emission `emitCallAndReturnForThunk` in
`CIRGenVTables.cpp` -- both forward a callee's return value up to
their own caller. When the callee returns an aggregate, both must
bind their `ReturnValueSlot` to `returnValue` so the result lands in
the function's return slot directly, and both must emit a
`cir.return` that loads from it.
The lambda path was leaving the slot empty, materializing a
temporary, and then asking `emitReturnOfRValue` to aggregate-copy it
into `returnValue`. For non-trivial aggregates (e.g.
`std::basic_string`) this hits the "Trying to aggregate-copy a type
without a trivial copy/move constructor" assertion in
`emitAggregateCopy`. The thunk path was already binding the slot
but never emitted the follow-up `cir.return`, so
`LexicalScope::emitImplicitReturn` ended the function with
[14 lines not shown]
NAS-141095 / 27.0.0-BETA.1 / Sweep orphaned container runtime mounts at startup (#18977)
## Context
The most recent `truenas_pylibvirt` change
([truenas/truenas_pylibvirt#49](https://github.com/truenas/truenas_pylibvirt/pull/49))
fixed a regression where an unprivileged container (`ISOLATED` idmap)
with a `FilesystemDevice` whose source is a parent ZFS dataset with
auto-mounted child datasets failed to start with `EINVAL` during
`MS_BIND` — libvirt-LXC's hard-coded non-recursive bind hits the locked
submounts produced by ZFS auto-mounts in the less-privileged user
namespace. The fix stages the source via `open_tree()` →
`mount_setattr(MS_SLAVE, AT_RECURSIVE)` → `move_mount()` before libvirt
sees it, rewriting the source to
`/run/truenas_containers/devices/<uuid>/<slug>`. It also introduces
`DomainManagers.reconcile_runtime_state()` for sweeping orphaned runtime
state, which the middleware must call once at process startup.
This PR wires that startup hook into middleware and adds end-to-end
regression coverage so the bug can't silently come back.
devel/bacon: update to 3.23.0
- scroll_anchor decides whether the scroll initially sticks with the first item (most common setting),
with the last one, or to show most recent output lines unless there are errors in which case it show
first items (by default in run jobs with auto) - Fix #384
If you're using an old bacon.toml file, you may want to add scroll_anchor="auto" to jobs running
the compiled executable.
- show_command_error_code job parameter, which is true in default cargo run job - Fix #435
When calling a lint or compilation tool, the exit status is usually not interesting: many tools report
an error (i.e. a non zero code) as soon as there's an error, or even a warning (eg miri).
That's why the error code isn't shown in bacon when there are also warnings, errors or test failures.
But sometimes you do want to see such error, eg when running not just the compiler/linter but the program
you're writing as in bacon run. In such case, you should set show_command_error_code=true.
- fix a log message from the rodio library leaking to the interface - Fix #437 - Thanks @c-git
When a user requires the ignoring of some/folder, they usually wants to ignore the content of that folder.
So now we also generate a pattern with added /** when it seems relevant. - Fix #438
[SLP] Properly select base pointer for reordered strided loads (#198592)
Prior to supporting strided stores, strided stores were used as an
optimization for reversed stores. This logic was left over from that,
updated so that the pointer is only adjusted in the case of reversed
stores.
[flang][OpenMP][NFC] Share declare mapper helpers for iterator modifier lowering
Move mapper lookup and implicit default mapper creation into reusable
OpenMP lowering helpers so regular map lowering and iterator-generated
map entries can use the same resolution path.
This prepares Flang iterator modifier lowering for map and motion clauses
without changing the generated IR for existing non-iterator maps.
[clang][deps] Simplify VFS overlays (#197785)
Instead of operating on on-disk files, the scanner can be made to
operate on in-memory buffers and module names. This is facilitated by
changes to the command line and the VFS, where an imaginary file is
injected (mainly to make the driver happy). Currently, this is
implemented by functions external to the worker that take its base VFS,
wrap it with an overlay VFS, and pass it back to the worker. Since the
worker _needs_ to operate on top of the base VFS, it performs a sanity
check like so:
```c++
#ifndef NDEBUG
bool SawDepFS = false;
OverlayFS->visit(
[&](llvm::vfs::FileSystem &VFS) { SawDepFS |= &VFS == DepFS.get(); });
assert(SawDepFS && "OverlayFS not based on DepFS");
#endif
```
[6 lines not shown]
Merge tag 'ata-7.1-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/libata/linux
Pull ata fixes from Niklas Cassel:
- Make sure that the issuing of a deferred non-NCQ command via
workqueue feature is only used when mixing NCQ and non-NCQ commands
to the same link (i.e. return value ATA_DEFER_LINK), and nothing
else. This way we will not incorrectly try to use the feature for
e.g. PATA drivers
- The deferred non-NCQ command was stored in a per-port struct. When
using Port Multipliers with FIS-Based Switching, we would thus
needlessly defer commands to all other links. Store the deferred QC
in a per-link struct, such that Port Multipliers with FBS will get
the same performance as before
- The issuing of a deferred non-NCQ command via workqueue feature broke
support for Port Multipliers using Command-Based Switching. The
issuing of a deferred non-NCQ command via workqueue feature is not
[8 lines not shown]
crypto(4): Nix spurious mutex_exit; add missing bounds checks.
Consistently use `foo = kmem_alloc(n * sizeof(*foo), ...)' instead of
`sizeof(struct whatever_foo_is)'. Makes it easier for a reader to
notice a discrepancy this way.
Move CRYPTODEV_OPS_MAX to cryptodev_internal.h so it can be used by
the compat ocryptodev.c shims too. I think this is waaaaaaaaaaaaay
too high, by the way. For example, it looks like qat(4) puts a limit
of 16384 on the number of sessions. Other devices like hifn(4) look
like they're limited to numbers of sessions ranging from 2 to around
256.
PR kern/60281: crypto(4): bugs in reference counting and test
[Clang] Default to async unwind tables for amdgcn (#183148)
To avoid codegen changes when enabling debug-info (see
https://bugs.llvm.org/show_bug.cgi?id=37240) we want to
enable unwind tables by default.
There is some pessimization in post-prologepilog scheduling, and a
general solution to the problem of CFI_INSTRUCTION-as-scheduling-barrier
should be explored.
Change-Id: I83625875966928c7c4411cd7b95174dc58bda25a
Fix MSVC template parsing error in SerializationFormat (#196571)
This commit fixes a hard compilation error on Windows (when building with
Clang's MSVC compatibility mode) and a subsequent access violation that
occurred during Windows CI testing.
Root Causes:
1. When compiling with `-fms-compatibility`, Clang's two-phase template
lookup fails to resolve function-local static variables (`SavedSerialize`
and `SavedDeserialize`) captured by a local class (`ConcreteCodec`) inside
an uninstantiated template. It incorrectly assumes they are members of a
dependent base class.
2. Originally, `TypedSerializerFn` and `DeserializerFn` were typed as
`llvm::function_ref`. Storing these in static variables created dangling
pointers, as `function_ref` is a non-owning wrapper that only referenced
the temporaries decaying on the constructor's stack, causing an 0xC0000005
access violation on x64 Windows.
The Fix:
[11 lines not shown]
[LifetimeSafety] Expand diagnostic list that enables analysis (#198599)
Now, when any lifetime safety related diagnostic is not ignored, we run
the analysis.
No tests were added since this does not add new functionality.
[NVPTX] Constant fold clusterDim when reqnctapercluster is specified (#195967)
This is a follow-up of https://github.com/llvm/llvm-project/pull/191575.
Currently, NVPTX cannot fold the `cluster_nctaid.x/y/z` and
`cluster_nctarank` intrinsic calls into const values when
`reqnctapercluster` is specified, which prevents the code from further
optimization.
Therefore, in this change, we extend the `NVVMIntrRange` pass to:
- Tighten `cluster_nctaid.x/y/z` intrinsic calls to one value range,
which can be const folded in later InstCombine pass
- Tighten `cluster_nctarank` intrinsic calls to one value range when
`cluster_dim` is specified
- Tighten `cluster_ctaid.x/y/z` range attributes to use per-dimension
`cluster_dim` bounds
[clang-format] Harden annotation of operator keywords (#196768)
The star was already annotated as TT_PointerOrReference, just overwrite
it for the sake of not crashing. Also remove the annotation above, since
that would always be overwritten (or at least I don't see when not, and
there's no failed test).
Fixes #196054.
Require explicit yield in iterator op
Remove the implicit terminator trait from omp.iterator so iterator
modifiers must explicitly yield the value used to form the iterated list.
Add and update verfier and test accordingly.