textproc/languagetool: Harden HTTP server against OOM
A single pathological check request (e.g. a very long sentence hitting
the OpenNLP chunker) can exhaust the Java heap, leaving the JVM alive
but with its HTTP dispatcher thread dead. Make OutOfMemoryError fatal,
have daemon(8) restart the server after 10 seconds, and bound
per-request work in the sample configuration.
Sponsored by: The FreeBSD Foundation
[InstCombine] Fold fpto{u,s}i of int-cast fdiv into {u,s}div (#205853)
Fixes #205305.
Adds an InstCombine fold for the pattern `fpto{u,s}i (fdiv ({u,s}itofp
X), C)` to `{u,s}div X, C`.
Safe when
- Unsigned: C > 0 and the integer width N <= the FP mantissa width p.
- Signed: C != 0 and N - 1 <= p, excluding (X == INT_MIN, C == -1).
See linked issue for detailed reasoning.
security/py-kdcproxy: Add new Port
kdcproxy is a WSGI module for proxying Kerberos KDC requests over
HTTP and HTTPS. It is required by the upcoming FreeIPA server port.
WWW: https://github.com/latchset/kdcproxy
Sponsored by: Netzkommune GmbH
[InstCombine] Fold commuted add of udiv/urem by two (#206272) (#207462)
Fixes #206272.
`SimplifyAddWithRemainder` folds `(X / C0) * C1 + (X % C0) * C2`,
treating `and X, lowmask` as a remainder and `lshr X, N` as a division.
The commuted form `add (and X, C), (lshr X, N)` was missed because the
operand-order swap only recognized a real `urem`/`srem`.
Now the fold is tried with both operand orders instead of relying on
that swap. Verified with Alive2.
Supersedes #207249 (re-opened from the correct account; already
incorporates the both-operand-orders refactor suggested there by
nikic).
Prepared with AI assistance per the [LLVM AI Tool
Policy](https://llvm.org/docs/AIToolPolicy.html); not a "good first
issue".
[3 lines not shown]
[MC][NFC] Store SubTypeKV names as string table (#207580)
This moves the large SubTypeKV arrays to .rodata, as they no longer
contain the key pointers that need to be relocated.
Additionally, remove the largely redundant CPUNames arrays and integrate
the AArch64 aliases into the sorted string table. There was really no
need to introduce these 17 kiB arrays solely for including AArch64
aliases in help output.... (added in b6c22a4)
defflag M68K_MMU_CUSTOM. Checks for this were added a while ago, but
the defflag was missed. It's not expected to be used directly by
configus, but is there as something other MMU options can add as a
dependency.
net-im/(pidgin,libpurple): Remove SILC and make Evolution optional
The port of silc-toolkit was removed in 2025. Evolution is not required
to build Pidgin -- and is not necessary for many -- leave it optional,
defaulting to off (raise PORTREVISION).
games/battletanks: fix version detection against modern Python
- Use correct function to open files, file() is an old method,
which also makes version.replace() below work as intended
- Drop needless copy of env.Append(CPPDEFINES=['ENABLE_LUA'])
ports-mgmt/portlint: Update to 2.25.0
* fix: Warn on late use of macros in the rest of the Makefile [1]
* feat: Do not throw errors for metaports [2]
PR: 295710 [1]
Reported by: des [2]
doc: Update mail/roundcube and related pacakges to 1.6.17
mail/roundcube
mail/roundcube-plugin-enigma
mail/roundcube-plugin-password
mail/roundcube-plugin-zipdownload
mail/roundcube: update to 1.6.17
1.6.17 (2026-07-05)
* Enigma: Support automatic public key lookup (import) using HKP v1 protocol
(#5314)
* Enigma: Kolab WOAT Support (#8626)
* Security: Fix an infinite loop in TNEF (winmail.dat) decoder (#10193)
* Security: Fix various vulnerabilities in the password plugin using
session-injected username
* Security: Fix stored XSS via unescaped attachment MIME type on the
attachment-validation warning page [CVE-2026-54432]
* Security: Fix SSRF bypass via specific local address URLs - two new cases
[5 lines not shown]
Convert cloud sync to the typesafe service pattern
This commit adds changes to convert the cloud_sync plugin to the typesafe pattern: the cloudsync task service, its cloudsync.credentials sub-service, and the restore method now live in a lean cloud_sync/ package built on GenericTaskPathService/GenericCRUDService delegating to service parts, with Pydantic query/get_instance, @api_method(check_annotations=True), and call2/call_sync2 for in-process calls. The old cloud_sync.py monolith and the cloud_sync_/ directory are consolidated into that package.
It also types the shared cloud task layer that cloud_backup leans on. Every rclone provider (rclone/base.py and all rclone/remote/*) now takes a typed CredentialsEntry/CloudTaskAttributes instead of a dict, and the shared CloudTaskServiceMixin resolves credentials to a typed CredentialsEntry. With that in place the cloud_backup marshalling shims are gone: resolve_credentials is deleted and restic/init/sync/snapshot/restore thread the typed credential straight through.
One subtle point worth calling out: credentials are flattened for the rclone/restic config via a single expose_provider_config helper that dumps with mode="python" and stringifies URL fields, because model_dump(mode="json") masks Secret fields with the redaction string even when expose_secrets is set, which would otherwise hand rclone and restic masked keys.
The remaining in-process consumers are moved onto the typed surface too: the keychain SFTP used-by delegate, the usage backup/cloud stats, the SFTP-key keychain migration, and the cron template all use call2 and attribute access (the migration reads raw datastore rows since the legacy key_file attribute is no longer modelled).
[GlobalISel] Add or_and_and pattern from SelectionDAG (#204618)
This PR adds the `fold or (xor x, y), (x and/or y) --> or x, y` pattern
from SelectionDAG to GlobalISel.
Merge tag 'x86-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fix from Ingo Molnar:
- Prevent OOB access in the resctrl code while offlining
CPUs when Intel SNC (Sub-NUMA Clustering) is enabled
(Reinette Chatre)
* tag 'x86-urgent-2026-07-05' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86,fs/resctrl: Prevent out-of-bounds access while offlining CPU when SNC enabled