FreeNAS/freenas 0664552src/middlewared/middlewared/test/integration/assets two_factor_auth.py, src/middlewared/middlewared/utils/account authenticator.py

Fix missing 2FA account flag and re-enable STIG tests

AccountFlag.TWOFACTOR was set in _get_user_obj() based on
self.twofactor_user, which only becomes true after the PAM OATH
conversation runs -- i.e. it was always false at that point. As a
result 2FA web sessions never carried the '2FA' flag and
validate_stig() rejected every credential, blocking STIG
enablement. This is why the suite had been failing for months.

Set TWOFACTOR in authenticate_oath() on success instead, where
the second factor has actually been verified, mirroring how OTPW
is recorded. Drop the now-dead check from _get_user_obj().

Re-enable tests/stig test_01 and test_02 and restore the conftest
server setup. test_03 stays skipped: its auditd-event checks need
the auditd daemon (Debian auditd.service + tnaudit), which is
managed outside middleware.
DeltaFile
+86-66tests/stig/test_01_stig.py
+25-12src/middlewared/middlewared/test/integration/assets/two_factor_auth.py
+18-1tests/api2/test_authenticator_assurance_level.py
+8-2tests/stig/test_03_stig_auditing.py
+5-5src/middlewared/middlewared/utils/account/authenticator.py
+2-5tests/stig/conftest.py
+144-913 files not shown
+151-959 files

FreeBSD/ports 01104bdgraphics/Coin distinfo Makefile

graphics/Coin: update to 4.0.9

Release Notes:
  https://github.com/coin3d/coin/releases/tag/v4.0.9
DeltaFile
+3-3graphics/Coin/distinfo
+1-3graphics/Coin/Makefile
+1-1graphics/Coin/pkg-plist
+5-73 files

LLVM/project a9b492dllvm/lib/IR Verifier.cpp, llvm/test/Verifier masked-load-store.ll intrinsic-bad-arg-type.ll

[NFC][LLVM] Drop redundant verifier checks for masked load/stores (#204359)

All current verifier checks for masked load/store intrinsics are
redundant as they are covered by the generic intrinsic signature
verification. Drop them.

Rename verifier `intrinsic-bad-arg-type.ll` lit test to
`masked-load-store.ll` and extend it to cover cases corresponding to the
dropped checks to verify that generic intrinsic signature verification
will still flag them.
DeltaFile
+65-0llvm/test/Verifier/masked-load-store.ll
+0-25llvm/lib/IR/Verifier.cpp
+0-10llvm/test/Verifier/intrinsic-bad-arg-type.ll
+65-353 files

FreeBSD/ports f20ce5anet/liferea distinfo Makefile

net/liferea: update to 1.16.12

Release Notes:
  https://github.com/lwindolf/liferea/releases/tag/v1.16.12

(cherry picked from commit 0d6cd3b99c29c5089c4622d7c619c6182f45ed10)
DeltaFile
+3-3net/liferea/distinfo
+1-2net/liferea/Makefile
+4-52 files

LLVM/project 8cf8aa0llvm/test/CodeGen/AMDGPU amdgpu-inline.ll alloca.ll, llvm/test/Transforms/OpenMP custom_state_machines_pre_lto.ll spmdization_kernel_env_dep.ll

AMDGPU/Tests: Remove redundant explicit data layouts from AMDGPU tests (#203447)

These all look like either cargo culting of outdated requirements or
test cases that were not fully reduced. Since the data layout evolves
over time with new address spaces being added, it seems good practice to
avoid hard-coding it in tests that don't need it.
DeltaFile
+5-5llvm/test/CodeGen/AMDGPU/amdgpu-inline.ll
+4-4llvm/test/CodeGen/AMDGPU/alloca.ll
+3-3llvm/test/Transforms/OpenMP/custom_state_machines_pre_lto.ll
+2-2llvm/test/CodeGen/AMDGPU/amdgpu-alias-analysis.ll
+2-2llvm/test/CodeGen/AMDGPU/amdgpu.private-memory.ll
+1-2llvm/test/Transforms/OpenMP/spmdization_kernel_env_dep.ll
+17-1824 files not shown
+25-4230 files

LLVM/project 626cba7llvm/include/llvm/IR Intrinsics.td, llvm/lib/IR Verifier.cpp

[NFC][LLVM] Tighten overload types for `@llvm.get.active.lane.mask` (#204356)

Change return type to `llvm_any_vector_int_ty` and the 2 argument types
to `llvm_any_scalar_int_ty`.
DeltaFile
+11-1llvm/test/Verifier/get-active-lane-mask.ll
+2-8llvm/lib/IR/Verifier.cpp
+2-2llvm/include/llvm/IR/Intrinsics.td
+15-113 files

FreeBSD/ports 0d6cd3bnet/liferea distinfo Makefile

net/liferea: update to 1.16.12

Release Notes:
  https://github.com/lwindolf/liferea/releases/tag/v1.16.12
DeltaFile
+3-3net/liferea/distinfo
+1-1net/liferea/Makefile
+4-42 files

FreeBSD/ports 885c08fports-mgmt/packagekit Makefile distinfo

ports-mgmt/packagekit: Update to 1.3.6

(cherry picked from commit ec9fbfadfecdd11a08f8dec33554470d5a5f9082)
DeltaFile
+3-3ports-mgmt/packagekit/Makefile
+3-3ports-mgmt/packagekit/distinfo
+6-62 files

LLVM/project 39d83f9llvm/lib/Target/AArch64 AArch64ISelDAGToDAG.cpp, llvm/test/CodeGen/AArch64 fmaximumnum-fminimumnum-select.ll

[AArch64] Fix swapped operands in tryFoldCselToFMaxMin (#203230)

These swapped operands will treat nan the wrong way, make sure we only
use the matching direction when converting to fminnm/fmaxnm.
DeltaFile
+30-0llvm/test/CodeGen/AArch64/fmaximumnum-fminimumnum-select.ll
+0-4llvm/lib/Target/AArch64/AArch64ISelDAGToDAG.cpp
+30-42 files

FreeBSD/ports ec9fbfaports-mgmt/packagekit distinfo Makefile

ports-mgmt/packagekit: Update to 1.3.6
DeltaFile
+3-3ports-mgmt/packagekit/distinfo
+3-3ports-mgmt/packagekit/Makefile
+6-62 files

LLVM/project a71ca08llvm/lib/Target/RISCV RISCVISelLowering.cpp RISCVInstrInfoP.td

[RISCV][P-ext] Replace v4i8/v2i16 mul and v4i8 mulh patterns on RV32 with custom lowering. (#204382)

Instead of emitting 2 instructions from an isel pattern, custom lower to
PWMUL(S)(U)+SRL+TRUNC.

This only slightly reduces the number of isel patterns today, but we
will need the WMUL patterns for intrinsics. Exposing the SRL+TRUNC to
DAG combine may allow additional optimizations.

Assisted-by: Claude Sonnet 4.6
DeltaFile
+45-5llvm/lib/Target/RISCV/RISCVISelLowering.cpp
+22-15llvm/lib/Target/RISCV/RISCVInstrInfoP.td
+67-202 files

LLVM/project 2f6dedcutils/bazel/llvm-project-overlay/libc BUILD.bazel

[Bazel] Fixes 6bf6e39 (#204429)

This fixes 6bf6e39d3b07b2f7c6e83d1274deea15105f1b87.

Co-authored-by: Google Bazel Bot <google-bazel-bot at google.com>
DeltaFile
+24-0utils/bazel/llvm-project-overlay/libc/BUILD.bazel
+24-01 files

LLVM/project 6c91a41llvm/lib/Target/AMDGPU SIFoldOperands.cpp, llvm/test/CodeGen/AMDGPU fold-imm-pk64.mir

[AMDGPU] Prevent folding of immediates larger than 64 bit
DeltaFile
+19-0llvm/test/CodeGen/AMDGPU/fold-imm-pk64.mir
+7-1llvm/lib/Target/AMDGPU/SIFoldOperands.cpp
+26-12 files

LLVM/project cddebefllvm/lib/Analysis CtxProfAnalysis.cpp, llvm/test/Analysis/CtxProfAnalysis flatten-prethinlink-requires-guid-metadata.ll

[CtxProf] emit fatal usage error when flatten-prethinlink runs without guid metadata (#194383)

`ctx-prof-flatten-prethinlink` can call `AssignGUIDPass::getGUID()` on
defined functions even when the GUID metadata is missing. In that case,
LLVM currently asserts on missing `!guid` metadata.

Replace the assertion with `reportFatalUsageError()` so the pass fails
with a clear user-facing error, and add a regression test for invoking
only `ctx-prof-flatten-prethinlink`.

Fixes #194185
DeltaFile
+7-0llvm/test/Analysis/CtxProfAnalysis/flatten-prethinlink-requires-guid-metadata.ll
+2-1llvm/lib/Analysis/CtxProfAnalysis.cpp
+9-12 files

LLVM/project 25836afllvm/lib/Target/NVPTX NVPTXAsmPrinter.cpp NVPTXAsmPrinter.h, llvm/test/CodeGen/NVPTX packed-aggr.ll

Revert `[NVPTX] Properly emit narrow ptrtoint in aggregate initializers. (#201217)` (#204418)

Revert c625725b06987f05e8742df291da082a964dab03 (#201217) along with
build fix d84819d39e3103f92ad9b375cea7864280f3325c (#204380) due to test
failures in global-ordering.ll mentioned here:
https://github.com/llvm/llvm-project/pull/201217#issuecomment-4734212548
DeltaFile
+8-13llvm/lib/Target/NVPTX/NVPTXAsmPrinter.cpp
+1-14llvm/lib/Target/NVPTX/NVPTXAsmPrinter.h
+0-11llvm/test/CodeGen/NVPTX/packed-aggr.ll
+9-383 files

FreeBSD/doc e4c42e5website/content/ru administration.adoc

website/ru: Update administration.adoc

Update to EN 330f3334ef9c8d16824a874fdf3d296376b50f3f
Improve wording
DeltaFile
+34-32website/content/ru/administration.adoc
+34-321 files

FreeBSD/ports 6fc83bewww/tomcat-native2 distinfo Makefile

www/tomcat-native2: Update to 2.0.15

Changelog:      https://tomcat.apache.org/native-doc/miscellaneous/changelog.html#2.0.15
DeltaFile
+3-3www/tomcat-native2/distinfo
+1-2www/tomcat-native2/Makefile
+4-52 files

LLVM/project 500fc93libc/src/__support/FPUtil double_double.h, libc/src/__support/math hypot.h CMakeLists.txt

[libc][math] Implement fast path for double precision hypot function. (#204292)

Compute `hypot(x, y) = sqrt(x^2 + y^2)` in double-double with relative
errors < 2^-102.
Using the approximation:
```
  a = maximum_mag(x, y);
  b = minimum_mag(x, y);
  (hi, lo) ~ a^2 + b^2;
  r_hi = sqrt(hi);
  r_lo = (a + b - r_hi^2) * (0.5 / r_hi)
  ------
  r_hi + r_lo ~ sqrt(x^2 + y^2).
```

Performance benchmark with CORE-MATH:

Before the patch:
```

    [24 lines not shown]
DeltaFile
+160-1libc/src/__support/math/hypot.h
+24-5libc/src/__support/FPUtil/double_double.h
+6-0libc/src/__support/math/CMakeLists.txt
+190-63 files

FreeBSD/ports d53b3b3www/tomcat-native distinfo Makefile

www/tomcat-native: Update to 1.3.8

Changelog:      https://tomcat.apache.org/native-1.3-doc/miscellaneous/changelog.html#1.3.8
DeltaFile
+3-3www/tomcat-native/distinfo
+1-2www/tomcat-native/Makefile
+4-52 files

FreeBSD/ports 3926c09security/vuxml/vuln 2026.xml

security/vuxml: fix NGINX entry again

That's what happens when you're not focused.
Edit the entry again, since it's for nginx-devel

Sponsored by:   Netzkommune GmbH
DeltaFile
+2-2security/vuxml/vuln/2026.xml
+2-21 files

LLVM/project 5eeaf89llvm/lib/Transforms/InstCombine InstructionCombining.cpp, llvm/test/Transforms/InstCombine assume-cache-update.ll

[InstCombine] Register manually created assumes in the AssumptionCache. (#204416)

Instructions inserted via Result->insertInto() bypassing the IRBuilder
inserter that would otherwise register new @llvm.assume calls in the
AssumptionCache.

Register the assume when inserting such a Result, mirroring what the
IRBuilder inserter does.

PR: https://github.com/llvm/llvm-project/pull/204416
DeltaFile
+13-0llvm/test/Transforms/InstCombine/assume-cache-update.ll
+4-0llvm/lib/Transforms/InstCombine/InstructionCombining.cpp
+17-02 files

FreeBSD/ports 687dc27java/sigar Makefile

java/sigar: remove run_depends

this port is only used as a library
the final application decides what JDK is used
by removing RUN_DEPENDS we prevent installing an unused extra openjdk

Approved-by:    no maintainer
DeltaFile
+2-2java/sigar/Makefile
+2-21 files

FreeBSD/ports b7b4119databases/mongodb70 Makefile distinfo, databases/mongodb70/files patch-src_third__party_mozjs_gen-config.sh patch-src_third__party_mozjs_scripts_gen-config.sh

databases/mongodb70: 7.0.35

Release notes:
https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.35---june-9--2026

- gen-config.sh is move to scripts/gen-config.sh
- Patch added to circumvent these errors:
src/mongo/util/net/openssl_init.cpp:247:51: error: no member named 'opensslPrimaryDRBGReseedMaxRequests' in namespace 'mongo::crypto'
src/mongo/util/net/openssl_init.cpp:249:45: error: no member named 'opensslPrimaryDRBGReseedMaxTime' in namespace 'mongo::crypto'
- disabled PATCH_FILE for python3.12, didn't apply
- other patches just got a refresh

Security:       CVE-2026-9740
Security:       CVE-2026-9741
Security:       CVE-2026-9746
Security:       CVE-2026-9747
Security:       CVE-2026-9748
Security:       CVE-2026-9749
Security:       CVE-2026-9750

    [3 lines not shown]
DeltaFile
+0-45databases/mongodb70/files/patch-src_third__party_mozjs_gen-config.sh
+45-0databases/mongodb70/files/patch-src_third__party_mozjs_scripts_gen-config.sh
+40-0databases/mongodb70/files/patch-src_mongo_util_net_openssl__init.cpp
+9-10databases/mongodb70/Makefile
+5-5databases/mongodb70/distinfo
+4-4databases/mongodb70/files/extrapatch-src_third__party_mozjs_SConscript
+103-641 files not shown
+105-667 files

FreeBSD/src 61e2ffdlib/libusb libusb.h

libusb: Sync libusb_class_code with upstream

This reflects the difference from the upstream libusb code.
See: https://github.com/libusb/libusb/blob/master/libusb/libusb.h

Reviewed by:    adrian
Event:          BSDCan 2026
Sponsored by:   The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57620
DeltaFile
+5-0lib/libusb/libusb.h
+5-01 files

LLVM/project 9d26a19lldb/packages/Python/lldbsuite/test/make WASI.rules

[lldb][test] Don't export all symbols when building Wasm test inferiors (#204426)

WASI.rules linked test inferiors with -Wl,--export-all and the
reactor-style -Wl,--no-entry. I cargo-culted them and neither flag is
needed as our test inferiors all have a main and crt1 provided _start.

The --export-all flag was also harmful: for a no-argument main(),
wasi-libc renames the user's main to __original_main and emits a small
`main` trampoline. The --export-all flag caused that trampoline to an
exported `main` symbol, so `break main` resolved to two locations.

Drop both flags but keep --allow-undefined for inferiors that reference
runtime-provided symbols.
DeltaFile
+0-2lldb/packages/Python/lldbsuite/test/make/WASI.rules
+0-21 files

FreeBSD/ports 174ff3fsecurity/vuxml/vuln 2026.xml

security/vuxml: fix NGINX entry

Fix NGINX entry

Sponsored by:   Netzkommune GmbH
DeltaFile
+1-1security/vuxml/vuln/2026.xml
+1-11 files

FreeNAS/freenas 44e59dctests/stig test_01_stig.py

Yet another fix
DeltaFile
+12-5tests/stig/test_01_stig.py
+12-51 files

LLVM/project 9db7cd5llvm/include/llvm/ProfileData SampleProfWriter.h SampleProfReader.h, llvm/unittests/ProfileData SampleProfTest.cpp

[ProfileData] Add traits for on-disk function offset hash table (NFC) (#202110)

This patch introduces serialization helper classes (traits) for the
on-disk chained hash table that will be used to index function offsets
in the SecFuncOffsetTable section:

- FuncOffsetHashTableWriterInfo (in SampleProfWriter.h) for writing.
- FuncOffsetHashTableInfo (in SampleProfReader.h) for reading.

These traits map a 64-bit function name GUID to a 32-bit byte offset
pointing into the SecLBRProfile section. This index structure is
intended to replace the flat layout of the SecFuncOffsetTable section
in the upcoming v104 format. This will allow the compiler to query the
offset of a function sample without having to parse the entire
SecFuncOffsetTable section at startup.

While these two trait classes share identical boilerplate for type
definitions and key comparison, they are kept separate to maintain
clean interface separation between the reader and writer headers. We

    [9 lines not shown]
DeltaFile
+47-0llvm/include/llvm/ProfileData/SampleProfWriter.h
+44-0llvm/unittests/ProfileData/SampleProfTest.cpp
+43-0llvm/include/llvm/ProfileData/SampleProfReader.h
+134-03 files

FreeBSD/ports cb3db82security/vuxml/vuln 2026.xml

security/vuxml: add entry for NGINX

Add entry for NGINX

Sponsored by:   Netzkommune GmbH
DeltaFile
+45-0security/vuxml/vuln/2026.xml
+45-01 files

OpenBSD/ports rmNsHEemeta/tor-browser Makefile, www/tor-browser Makefile.inc

   Tor Browser: update to 15.0.16
VersionDeltaFile
1.125+6-6www/tor-browser/browser/distinfo
1.130+2-2meta/tor-browser/Makefile
1.71+2-2www/tor-browser/noscript/distinfo
1.205+1-1www/tor-browser/browser/Makefile
1.127+1-1www/tor-browser/Makefile.inc
1.78+1-1www/tor-browser/noscript/Makefile
+13-136 files