BSD Commit Log Search

[lldb] Remove ConstString getters from FileSpec (#206802)

This finishes the removal of ConstString from FileSpec's interface. Note
that FileSpec is still _backed_ by ConstStrings, that will be changed in
a follow-up.

A non-goal for this change is to rewrite business logic, so I kept the
type of some variables as ConstString where a refactor would necessary
to change that. I converted printf-style formatting to formatv-style
formatting where required, and otherwise tried to leave callsites alone
to the extent that was possible.

[gn build] Port df108f91d5b8 (#206845)

[gn build] Port b74fc87d30d8 (#206844)

security/gnupg25: Remove expired port

2026-06-30 security/gnupg25: Will roll up into security/gnupg

[gn build] Port a96686a6c490 (#206843)

[gn build] Port 527c4e7e2baf (#206842)

emulators/supermodel: New port

A Sega Model 3 Arcade emulator

PR:             296011
Co-authored-by: Kenneth Raplee <kenrap at FreeBSD.org>
Approved by:    makc (mentor)

[flang][OpenMP][NFC] Move variant-matching context to semantics

Move FlangOMPContext from lower into semantics as the MLIR-independent
OmpVariantMatchContext. This enables reuse of the matcher for upcoming
semantic checks that can skip metadirective variant validation when a
variant cannot match the current target.

Assisted with copilot.

[gn build] Port 31340a9222bb (#206841)

cleanup: Remove expired databases/mysql96-*

2026-06-30 databases/mysql96-client: EOLed upstream, switch to newer version
2026-06-30 databases/mysql96-server: EOLed upstream, switch to newer version

Mk: unregister expired databases/mysql96-*

databases/mariadb106-client: remove epired port

databases/mariadb106-server: Remove expired port

2026-06-30 databases/mariadb106-server: End-of-Life approaching, please switch to 11.8 (or 11.4)

   Several enchancements and bug fixes to FEC driver.

   - Fix SRAM leak in fec_stop()
   - Skip busy wait link-poll on reset and recovery
   - Properly program muilticast hash filter
   - 802.3 full duplex flow control, advertise and honor received pause
   - Statistics exposed via if_stats
   - Accept VLAN frames

Mk: unregister expired databases/mariadb106

net/unison251: Remove expired port

2026-06-30 net/unison251: Legacy release unsupported by upstream

[lldb][NFC] Remove ConstString from remaining Breakpoint headers (#206823)

Mk: unregister expired www/*node25

www/*node25: remove expired port

[gn] port c2da3ace1beac5a7 (#206837)

[CIR] Skip int_to_bool when value is already bool (#206582)

A conversion to bool from a type whose representation is already boolean --
most commonly an enum with a `bool` underlying type -- reaches
`emitIntToBoolConversion`, which always emits `cir.cast int_to_bool`.  Since
[#205880](https://github.com/llvm/llvm-project/pull/205880) made such enums
load as `!cir.bool`, that cast now receives a `!cir.bool` source and the
`int_to_bool` verifier (which requires a `!cir.int` source) rejects the
module.  It shows up across the libcxx `std/` hash tests, whose shared
`poisoned_hash_helper.h` hashes an `enum : bool` by `static_cast`-ing it to
its underlying type.

The fix returns the value unchanged when it is already `!cir.bool`: a boolean
is its own truth value, so no conversion is needed.  The guard sits in
`emitIntToBoolConversion`, the choke point shared by the
`CK_IntegralToBoolean` cast path and the integer branch of
`emitConversionToBool`.  This is the cast-side companion to
[#205880](https://github.com/llvm/llvm-project/pull/205880), which handled
the load side.

    [2 lines not shown]

Empty commit to create PR on github.

You should reset it

NAS-141553 / 26.0.0-RC.1 / Handle Basic auth Docker registries (#19229)

## Summary

Private Docker registries that authenticate with **htpasswd / HTTP Basic
auth** crash the Apps image update checker. The 401 handler in
`apps_images/client.py` assumes every `WWW-Authenticate` challenge is a
Docker **Bearer/token** flow and unconditionally calls
`_get_token(**auth_data)`. A `Basic` challenge carries no `scope` (and
no token endpoint), so `parse_auth_header()` returns a dict without
`scope` and the call raises `TypeError:
ContainerRegistryClientMixin._get_token() missing 1 required positional
argument: 'scope'`. Because that `TypeError` is not a `CallError`, it
escapes the per-image guard in `check_update()`, aborts the entire image
sweep, and recurs as "Task exception was never retrieved" (82
occurrences in the reporter's debug on 25.10.4).

Reported in NAS-141553. Distinct from NAS-141149: that fix threaded
stored credentials into the existing Bearer path but did not add

    [56 lines not shown]

[CIR] Lower add/sub-with-carry builtins (#206598)

[CIR] Lower add/sub-with-carry builtins (#206598)

The multiprecision add/sub-with-carry builtins -- `__builtin_addc{b,s,,l,ll}`
and `__builtin_subc{b,s,,l,ll}` -- were stubbed with errorNYI in CIRGen, so
any translation unit that uses them fails to compile. They are used by
128-bit fallback arithmetic in libraries such as libfmt (its
`uint128_fallback` add path calls `__builtin_addcll`).

The lowering mirrors classic CodeGen in `CGBuiltin.cpp`: emit two chained
checked-overflow operations (`sum1 = x +/- y`, then `result = sum1 +/-
carryin`), OR the two overflow flags for the carry-out, widen that to the
operand type, and store it through the carry-out pointer. CIR already has
the checked-overflow ops that `__builtin_add_overflow` uses
(`AddOverflowOp` / `SubOverflowOp`), so this reuses that path rather than
adding anything new.

The new `builtin-multiprecision.c` exercises add and sub across i8/i32/i64
and checks both the CIR ops and the lowered unsigned
`uadd`/`usub.with.overflow` form against classic CodeGen.

net/tun2socks: New port: Tunnel TCP/UDP traffic through a SOCKS5/HTTP proxy via TUN interface

tun2socks creates a TUN network interface that tunnels TCP and UDP
traffic through a SOCKS5, HTTP, Shadowsocks, or Relay proxy.  It is
powered by gVisor's userspace TCP/IP stack and supports gateway mode
for transparent proxying of other devices on the network.

Features include IPv4/IPv6 support, multiple proxy protocols with
authentication, a REST API for runtime statistics, and cross-platform
compatibility with Linux, macOS, FreeBSD, OpenBSD, and Windows.

WWW:            https://github.com/xjasonlyu/tun2socks
Submitted by:   Dasun Nimantha Perera <dasun4 at pm.me>
PR:             294135
MFH:            2026Q2

(cherry picked from commit 66277d2e719a210080b23b797cf2a08cd3c6c0b8)

Add UPDATING entries and bump version

Approved by:    so

iconv: Fix a stack buffer overflow in _ISO2022_sputwchar()

In the ISO2022-CN encoding, characters may require at least seven bytes,
and MB_LEN_MAX==6 is insufficient.  From code inspection,
_ISO2022_sputwchar() can emit 10 bytes in the worst case, so use that to
size buffers.

Add a regression test.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Security:       CVE-2026-58082
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57950

iconv: Fix a buffer overflow in the HZ encoding

wcrtomb may store up to 2 2-byte escape sequences to the state buffer in
addition to the character itself.  In the worst case, a 3-byte heap
overflow is possible.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Security:       CVE-2026-58081
Reviewed by:    kevans
Differential Revision:  https://reviews.freebsd.org/D57949

iconv(3): Draft some automatic tests.

Based on a report by Nick Wellnhofer.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Reviewed by:    markj, kevans
Differential Revision:  https://reviews.freebsd.org/D57948

iconv(3): Fix problems in various encodings

Fix null pointer dereference with HZ8 encoding.

Fix output buffer overrun in UTF-7, VIQR, ZW encodings.

Approved by:    so
Security:       FreeBSD-SA-26:49.iconv
Security:       CVE-2026-58081
Reviewed by:    markj, kevans
Differential Revision:  https://reviews.freebsd.org/D57947