LLVM/project fc7ad81llvm/lib/Transforms/InstCombine InstructionCombining.cpp, llvm/test/Transforms/InstCombine binop-select.ll

by Snehasish Kumar via GitHub on ⎇
[InstCombine][profcheck] Preserve !prof metadata when folding select. (#177707)

The new select `InstCombinerImpl::foldBinOpSelectBinOp` reuses the same
condition in the same BB as the original so the profile info can be
trivially copied over.
DeltaFile
+10-5llvm/test/Transforms/InstCombine/binop-select.ll
+9-3llvm/lib/Transforms/InstCombine/InstructionCombining.cpp
+0-1llvm/utils/profcheck-xfail.txt
+19-93 files

LLVM/project da3f293llvm/lib/Transforms/InstCombine InstructionCombining.cpp, llvm/test/Transforms/InstCombine branch.ll

by Snehasish Kumar via GitHub on ⎇
[InstCombine][profcheck] Propogate profile metadata when transforming br (X && !Y) to br (!X || Y) (#175939)

Updated visitBranchInst to propagate and swap !prof metadata when transforming br (X && !Y) to br (!X || Y).
DeltaFile
+21-13llvm/test/Transforms/InstCombine/branch.ll
+15-0llvm/lib/Transforms/InstCombine/InstructionCombining.cpp
+0-1llvm/utils/profcheck-xfail.txt
+36-143 files

FreeBSD/ports 91a172adevel/py-lxml distinfo Makefile

by Matthew Wener via Charlie Li (vishwin) on ⎇
devel/py-lxml: update to 6.0.2

Changelog: https://github.com/lxml/lxml/blob/lxml-6.0.2/CHANGES.txt

PR: 292775
(cherry picked from commit 727e59e39c663046776eb6c7ca786aa97681ca12)
DeltaFile
+3-3devel/py-lxml/distinfo
+1-1devel/py-lxml/Makefile
+4-42 files

HardenedBSD/src c460d3bcrypto/openssl/apps pkeyutl.c, crypto/openssl/apps/lib apps.c

by HardenedBSD Sync Services on ⎇
Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+28-27crypto/openssl/apps/lib/apps.c
+40-0lib/libsys/rfork_thread_gen.c
+18-21lib/libc/gen/posix_spawn.c
+18-18crypto/openssl/apps/pkeyutl.c
+34-0lib/libsys/pdrfork_thread_gen.c
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+164-7228 files not shown
+308-12334 files

HardenedBSD/src b8dd119lib/libc/gen posix_spawn.c, lib/libsys rfork_thread_gen.c pdrfork_thread_gen.c

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+40-0lib/libsys/rfork_thread_gen.c
+18-21lib/libc/gen/posix_spawn.c
+34-0lib/libsys/pdrfork_thread_gen.c
+0-5lib/libsys/i386/Symbol.sys.map
+0-5lib/libsys/amd64/Symbol.sys.map
+2-0lib/libsys/powerpc/Makefile.sys
+94-315 files not shown
+104-3111 files

HardenedBSD/src 9fb8ffausr.sbin/cron/cron cron.8

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+6-5usr.sbin/cron/cron/cron.8
+6-51 files

FreeBSD/ports 727e59edevel/py-lxml distinfo Makefile

by Matthew Wener via Charlie Li (vishwin) on ⎇
devel/py-lxml: update to 6.0.2

Changelog: https://github.com/lxml/lxml/blob/lxml-6.0.2/CHANGES.txt

PR: 292775
DeltaFile
+3-3devel/py-lxml/distinfo
+1-1devel/py-lxml/Makefile
+4-42 files

HardenedBSD/ports 2a19e63audio/din pkg-plist distinfo, audio/din/files patch-src_Makefile.am

by HardenedBSD Sync Services on ⎇
Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+42-0security/vuxml/vuln/2026.xml
+10-5audio/din/pkg-plist
+4-4audio/din/files/patch-src_Makefile.am
+3-3audio/din/distinfo
+1-2audio/din/Makefile
+60-145 files

LLVM/project adbbe85llvm/lib/CodeGen AssignmentTrackingAnalysis.cpp TargetInstrInfo.cpp, llvm/lib/CodeGen/GlobalISel LoadStoreOpt.cpp

by serge-sans-paille via GitHub on ⎇
[perf] Replace copy-assign by move-assign in llvm/lib/CodeGen/* (#178172)
DeltaFile
+2-2llvm/lib/CodeGen/AssignmentTrackingAnalysis.cpp
+1-1llvm/lib/CodeGen/GlobalISel/LoadStoreOpt.cpp
+1-1llvm/lib/CodeGen/SelectionDAG/SelectionDAG.cpp
+1-1llvm/lib/CodeGen/TargetInstrInfo.cpp
+5-54 files

LLVM/project 2624d84llvm/lib/Target/RISCV RISCVInstrInfoZvfbf.td

by Craig Topper via GitHub on ⎇
[RISCV] Remove unnecessary 'let' from VFWMACCBF16_V. NFC (#178367)

earlyclobber and RVVConstraint are already handled in VWMAC_FV_V_F.
DeltaFile
+1-2llvm/lib/Target/RISCV/RISCVInstrInfoZvfbf.td
+1-21 files

LLVM/project b9070bbllvm/lib/Target/RISCV RISCVInstrFormatsC.td RISCVInstrInfoC.td

by Craig Topper via GitHub on ⎇
[RISCV] Add OPC_C0/C1/C2 named values to tablegen. NFC (#178325)

This adds named opcodes for the compressed instructions like we have for
the 32-bit instructions.
DeltaFile
+37-28llvm/lib/Target/RISCV/RISCVInstrFormatsC.td
+24-24llvm/lib/Target/RISCV/RISCVInstrInfoC.td
+9-9llvm/lib/Target/RISCV/RISCVInstrInfoZc.td
+8-8llvm/lib/Target/RISCV/RISCVInstrInfoXqci.td
+4-4llvm/lib/Target/RISCV/RISCVInstrInfoXwch.td
+2-2llvm/lib/Target/RISCV/RISCVInstrInfoXqccmp.td
+84-751 files not shown
+85-767 files

LLVM/project 094c65ellvm/docs AMDGPUUsage.rst

by Aaditya on ⎇
Modelled fmin/fmax similar to llvm.minimumnum/maximumnum
DeltaFile
+8-2llvm/docs/AMDGPUUsage.rst
+8-21 files

LLVM/project 14d4061llvm/docs AMDGPUUsage.rst

by Aaditya on ⎇
[AMDGPU] Update documentation for wave reduction intrinsics
DeltaFile
+70-4llvm/docs/AMDGPUUsage.rst
+70-41 files

LLVM/project c776e92clang/include/clang/Basic BuiltinsAMDGPU.td, clang/lib/CodeGen/TargetBuiltins AMDGPU.cpp

by Aaditya on ⎇
[AMDGPU] Add builtins for wave reduction intrinsics
DeltaFile
+84-0clang/test/CodeGenOpenCL/builtins-amdgcn.cl
+8-0clang/lib/CodeGen/TargetBuiltins/AMDGPU.cpp
+4-0clang/include/clang/Basic/BuiltinsAMDGPU.td
+96-03 files

LLVM/project f74346fllvm/lib/Target/AMDGPU SIISelLowering.cpp

by Aaditya on ⎇
Don't use the pseudo as a case label.
DeltaFile
+17-23llvm/lib/Target/AMDGPU/SIISelLowering.cpp
+17-231 files

LLVM/project c8b1ff9llvm/lib/Target/RISCV RISCVISelLowering.cpp

by Craig Topper via GitHub on ⎇
[RISCV] Hoist a duplicate setOperationAction to a common place. NFC (#178364)
DeltaFile
+2-4llvm/lib/Target/RISCV/RISCVISelLowering.cpp
+2-41 files

OPNSense/src c961e15. UPDATING, sys/conf newvers.sh

by Mark Johnston (markj) via Franco Fichtner on ⎇
Add UPDATING entries and bump patch version

Approved by:    so
DeltaFile
+14-0UPDATING
+1-1sys/conf/newvers.sh
+15-12 files

OPNSense/src 401deeccrypto/openssl/crypto/asn1 evp_asn1.c a_strex.c, crypto/openssl/crypto/bio bf_lbuf.c

by Gordon Tetlow (gordon) via Franco Fichtner on ⎇
openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:    so
Obtained from:  OpenSSL
Security:       FreeBSD-SA-26:01.openssl
Security:       CVE-2025-15467
Security:       CVE-2025-68160

    [6 lines not shown]
DeltaFile
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+20-0crypto/openssl/crypto/asn1/evp_asn1.c
+8-2crypto/openssl/crypto/modes/ocb128.c
+8-2crypto/openssl/crypto/pkcs12/p12_kiss.c
+4-2crypto/openssl/crypto/asn1/a_strex.c
+5-0crypto/openssl/crypto/pkcs12/p12_decr.c
+71-125 files not shown
+84-1811 files

OPNSense/src 163ae89tests/sys/kern jail_lookup_root.c Makefile

by Mark Johnston (markj) via Franco Fichtner on ⎇
tests: Add a regression test for commit 7587f6d4840f8

Approved by:    so
Reviewed by:    kib
MFC after:      2 weeks
Differential Revision:  https://reviews.freebsd.org/D50533

(cherry picked from commit a5dac34f6e98c47bd7cb1946e39cc45432e167a8)
(cherry picked from commit f56b66f1260a33e49c65bbc05213ec8267978a93)
DeltaFile
+171-0tests/sys/kern/jail_lookup_root.c
+2-0tests/sys/kern/Makefile
+173-02 files

OPNSense/src 6f7cf6bsys/sys namei.h

by Konstantin Belousov (kib) via Franco Fichtner on ⎇
namei: clear internal flags in NDREINIT()

same as it is done for NDRESTART()

Approved by:    so
Fixes:  e05e33041c252
Reported and tested by: pho
Reviewed by:    markj
Sponsored by:   The FreeBSD Foundation

(cherry picked from commit 58b2bd33aff71c0268d99d63e9c83f6544d3beb3)
(cherry picked from commit 53963866f7088dd96f6d56169e6b4fb899277306)
DeltaFile
+1-0sys/sys/namei.h
+1-01 files

OPNSense/src 81eacb8sys/kern vfs_vnops.c

by Mark Johnston (markj) via Franco Fichtner on ⎇
vfs: Don't clobber namei flags in vn_open_cred()

Otherwise NAMEILOOKUP is cleared.  More generally it seems quite
surprising that the flags set by vn_open_cred() callers are not
automatically preserved.  Modify open2nameif() such that it takes
already-set namei flags into account.

Approved by:    so
Reviewed by:    olce, kib
Fixes:          7587f6d4840f ("namei: Make stackable filesystems check harder for jail roots")
Differential Revision:  https://reviews.freebsd.org/D50531

(cherry picked from commit e05e33041c252dc236939683c01ca4b7b083562c)
(cherry picked from commit a66767844690dfd82e14df2d22bd9bc40e46546b)
DeltaFile
+14-8sys/kern/vfs_vnops.c
+14-81 files

OPNSense/src 0b5aa71sys/kern vfs_cache.c

by Mark Johnston (markj) via Franco Fichtner on ⎇
vfs cache: Add NAMEILOOKUP to the whitelist of fastpath lookup flags

Otherwise the lockless name lookup path is inadvertently disabled since
NAMEILOOKUP isn't recognized.

Approved by:    so
Reviewed by:    olce, kib
Fixes:          7587f6d4840f ("namei: Make stackable filesystems check harder for jail roots")
Differential Revision:  https://reviews.freebsd.org/D50532

(cherry picked from commit f4158953007f557061d91f99d2374d48d8376cc6)
(cherry picked from commit 031cd548775c26314e6ae9cad35b01c5ab1aea6c)
DeltaFile
+1-1sys/kern/vfs_cache.c
+1-11 files

OPNSense/src ec57109sys/kern vfs_cache.c

by Mark Johnston (markj) via Franco Fichtner on ⎇
namei: Remove a now-unused variable

Approved by:    so
Reported by:    bapt
Fixes:          7587f6d4840f ("namei: Make stackable filesystems check harder for jail roots")

(cherry picked from commit 14ec281a09d7818def2083ef0c3e28f8101f4268)
(cherry picked from commit 3f4efe392b7039686057838d723a2d43ae144be5)
DeltaFile
+1-3sys/kern/vfs_cache.c
+1-31 files

OPNSense/src 3d1e822sys/fs/nullfs null_vnops.c, sys/fs/unionfs union_vnops.c

by Mark Johnston (markj) via Franco Fichtner on ⎇
namei: Make stackable filesystems check harder for jail roots

Suppose a process has its cwd pointing to a nullfs directory, where the
lower directory is also visible in the jail's filesystem namespace.
Suppose that the lower directory vnode is moved out from under the
nullfs mount.  The nullfs vnode still shadows the lower vnode, and
dotdot lookups relative to that directory will instantiate new nullfs
vnodes outside of the nullfs mountpoint, effectively shadowing the lower
filesystem.

This phenomenon can be abused to escape a chroot, since the nullfs
vnodes instantiated by these dotdot lookups defeat the root vnode check
in vfs_lookup(), which uses vnode pointer equality to test for the
process root.

Fix this by extending nullfs and unionfs to perform the same check,
exploiting the fact that the passed componentname is embedded in a
nameidata structure to avoid changing the VOP_LOOKUP interface.  That
is, add a flag to indicate that containerof can be used to get the full

    [13 lines not shown]
DeltaFile
+30-11sys/kern/vfs_lookup.c
+18-10sys/fs/nullfs/null_vnops.c
+21-0sys/fs/unionfs/union_vnops.c
+1-10sys/kern/vfs_cache.c
+4-1sys/sys/namei.h
+74-325 files

OPNSense/src 8b81e03sys/fs/nullfs null_vnops.c

by Konstantin Belousov (kib) via Franco Fichtner on ⎇
nullfs lookup: cn_flags is 64bit

Approved by:    so

(cherry picked from commit 89549c2348170921cc4270ac95bfabfd78d42739)
(cherry picked from commit 2013ad7490f2a80d3b3260d9811422bbd25a915e)
DeltaFile
+3-3sys/fs/nullfs/null_vnops.c
+3-31 files

OPNSense/src bb4385bsys/vm vm_fault.c

by Konstantin Belousov (kib) via Franco Fichtner on ⎇
vm_fault: only rely on PG_ZERO when the page was newly allocated

Approved by:    so
Security:       FreeBSD-EN-26:03.vm

(cherry picked from commit cff67bc43df14d492ccc08ec92fddceadd069953)
(cherry picked from commit 99f641267d449f26a2e13449964f29d17897c29f)
DeltaFile
+5-1sys/vm/vm_fault.c
+5-11 files

OPNSense/src 60d8992sys/vm vm_object.c

by Konstantin Belousov (kib) via Franco Fichtner on ⎇
vm_object_page_remove(): clear pager even if there is no resident pages

Approved by:    so
Security:       FreeBSD-EN-26:03.vm

(cherry picked from commit 72a447d0bc768c7fe8a9c972f710c75afebd581b)
(cherry picked from commit feac4c32a5f87434a17a804d8148cea78f81ebea)
DeltaFile
+2-1sys/vm/vm_object.c
+2-11 files

OPNSense/src 7958956sys/arm64/arm64 exec_machdep.c

by Andrew Turner (andrew) via Franco Fichtner on ⎇
arm64: Correctly align the SVE signal context

The SVE signal context needs to be correctly aligned. Fix this by
creating a new macro to calculate the needed size to provide this
alignment, and use it when setting and checking the saved SVE signal
context.

Approved by:    so
Security:       FreeBSD-EN-26:02.arm64
Reported by:    cperciva
Reviewed by:    cperciva, markj
Sponsored by:   Arm Ltd
Differential Revision:  https://reviews.freebsd.org/D54396

(cherry picked from commit a9e77eb7016df70723c208fc09fbd01ec23a732d)
(cherry picked from commit bcd6bb8067d13d28d13a309e32818cda9e0d29ff)
DeltaFile
+9-5sys/arm64/arm64/exec_machdep.c
+9-51 files

OPNSense/src fac137b. UPDATING, sys/conf newvers.sh

by Mark Johnston (markj) via Franco Fichtner on ⎇
Add UPDATING entries and bump patch version

Approved by:    so
DeltaFile
+14-0UPDATING
+1-1sys/conf/newvers.sh
+15-12 files

OPNSense/src 7ca64abcrypto/openssl/crypto/asn1 evp_asn1.c a_strex.c, crypto/openssl/crypto/bio bf_lbuf.c

by Gordon Tetlow (gordon) via Franco Fichtner on ⎇
openssl: Fix multiple vulnerabilities

This is a rollup commit from upstream to fix:
  Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)
  Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)
  Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)
  Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)
  Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)
  NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)
  Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)
  ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

See https://openssl-library.org/news/secadv/ for additional details.

Approved by:    so
Obtained from:  OpenSSL
Security:       FreeBSD-SA-26:01.openssl
Security:       CVE-2025-15467
Security:       CVE-2025-68160

    [6 lines not shown]
DeltaFile
+26-6crypto/openssl/crypto/bio/bf_lbuf.c
+20-0crypto/openssl/crypto/asn1/evp_asn1.c
+8-2crypto/openssl/crypto/modes/ocb128.c
+8-2crypto/openssl/crypto/pkcs12/p12_kiss.c
+4-2crypto/openssl/crypto/asn1/a_strex.c
+5-0crypto/openssl/crypto/pkcs12/p12_decr.c
+71-125 files not shown
+84-1811 files