OPNSense/core 8682ebasrc/opnsense/mvc/app/controllers/OPNsense/Firewall FilterController.php

Firewall: Rules: Adapt getAdvancedIds() to the sectioned form structure introduced in 3d9cccfe
DeltaFile
+4-4src/opnsense/mvc/app/controllers/OPNsense/Firewall/FilterController.php
+4-41 files

NetBSD/pkgsrc cP95tUkdoc CHANGES-2026

   doc: Updated net/py-stone to 3.5.0
VersionDeltaFile
1.4389+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc jU5l82mnet/py-stone distinfo Makefile

   py-stone: update to 3.5.0.

   Update PyPI publish OIDC role to repository-wide role name by @rhui-dbx in #367
   Fix packaging: SPDX license, drop ez_setup, ship complete test sdist (#368, #343) by @AndreyVMarkelov in #369
   Bump version to 3.5.0 by @AndreyVMarkelov in #371
VersionDeltaFile
1.13+4-4net/py-stone/distinfo
1.17+2-4net/py-stone/Makefile
+6-82 files

FreeBSD/ports ab97a05devel/bear distinfo Makefile.crates

devel/bear: Update to 4.1.5
DeltaFile
+73-113devel/bear/distinfo
+35-55devel/bear/Makefile.crates
+2-2devel/bear/Makefile
+1-1devel/bear/pkg-plist
+111-1714 files

LLVM/project ced9fa3clang/test/Interpreter emulated-tls.cpp

[clang][test] Fix emulated-tls.cpp failure on LoongArch (#208886)

The LoongArch backend does not support emulated TLS, so
mark the test as unsupported to fix the LoongArch buildbot
failure.

Failure: https://lab.llvm.org/staging/#/builders/20/builds/28875
DeltaFile
+3-0clang/test/Interpreter/emulated-tls.cpp
+3-01 files

NetBSD/pkgsrc Z26lT9ldoc TODO

   doc/TODO: add some

   + pkgconf-3.0.0, prometheus-3.13.1, rumdl-0.2.30, rust-1.97.0,
     tabiew-0.14.1.
VersionDeltaFile
1.27556+6-2doc/TODO
+6-21 files

LLVM/project e2223e6llvm/lib/Target/AArch64/GISel AArch64InstructionSelector.cpp, llvm/test/CodeGen/AArch64 shuffles.ll shuffle-slide-to-shift.ll

[AArch64][GlobalISel] Fold G_SHUFFLE to single-element TBL with zero elements. (#200938)

A TBL with out-of-range values will place zero into the respective
vector lane. Use this to generate a more efficient 1 operand TBL where
possible.
DeltaFile
+39-39llvm/test/CodeGen/AArch64/GlobalISel/select-shuffle-vector.mir
+45-7llvm/lib/Target/AArch64/GISel/AArch64InstructionSelector.cpp
+15-35llvm/test/CodeGen/AArch64/shuffles.ll
+14-33llvm/test/CodeGen/AArch64/shuffle-slide-to-shift.ll
+11-22llvm/test/CodeGen/AArch64/neon-bitwise-instructions.ll
+14-14llvm/test/CodeGen/AArch64/arm64-neon-aba-abd.ll
+138-1506 files not shown
+170-19312 files

LLVM/project b2f93b1offload/test/offloading/fortran declare-target-common-block-main.f90

[OpenMP][Offload] Fix flang offload test (#208829)

This PR attempts to address the remaining flang offload test failure
after https://github.com/llvm/llvm-project/pull/208617. Bot:
https://lab.llvm.org/buildbot/#/builders/67/builds/8412

The problem with is test is that `foo__l8` kernel was not linked into
device image without explicitly use the amdgpu-amd-amdhsa triple in the
compilation. It only happened to this specific test.

Local test results after fix:
```
Testing Time: 146.44s

 Total Discovered Tests: 3478
   Skipped          :   77 (2.21%)
   Unsupported      :  341 (9.80%)
   Passed           : 3055 (87.84%)
   Expectedly Failed:    5 (0.14%)
```
DeltaFile
+1-1offload/test/offloading/fortran/declare-target-common-block-main.f90
+1-11 files

LLVM/project 0730f68clang-tools-extra/clang-tidy/misc ConstCorrectnessCheck.cpp, clang-tools-extra/test/clang-tidy/checkers/misc const-correctness-values.cpp const-correctness-auto-parameters.cpp

[clang-tidy] make `misc-const-correctness` work with `auto` variables and lambdas (#157319)

Fixes #60789.

Currently, the check will never make `auto` variables `const`. Here's
the relevant bit of code:


https://github.com/llvm/llvm-project/blob/6b200e21adec0e28407def6fcb2e6c7359fd881b/clang-tools-extra/clang-tidy/misc/ConstCorrectnessCheck.cpp#L108-L110

Notice how the matcher's name is `AutoTemplateType`, but it has nothing
to do with templates. What it *was* intended to do, I'm not sure, but
excluding all `auto` variables can't be right.

For lambdas, this is the only justification I can find:


https://github.com/llvm/llvm-project/blob/36627e1724504d783dc1cbc466666516d28260e4/clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp#L30-L34


    [9 lines not shown]
DeltaFile
+37-7clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-values.cpp
+32-0clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-auto-parameters.cpp
+26-4clang-tools-extra/clang-tidy/misc/ConstCorrectnessCheck.cpp
+22-0clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-auto.cpp
+14-0clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-lambdas.cpp
+13-0clang-tools-extra/test/clang-tidy/checkers/misc/const-correctness-pointer-as-pointers.cpp
+144-117 files not shown
+176-1913 files

LLVM/project 616eec2clang/test/Interpreter emulated-tls.cpp

[𝘀𝗽𝗿] initial version

Created using spr 1.3.7
DeltaFile
+3-0clang/test/Interpreter/emulated-tls.cpp
+3-01 files

LLVM/project 4d58566llvm/lib/Target/AArch64/GISel AArch64LegalizerInfo.cpp, llvm/test/CodeGen/AArch64/GlobalISel legalize-shift.mir

[GlobalISel][AArch64] Improve legalization of shift amounts (#208676)

Fixes crashes when the shift amount type is already between s32 and s64,
but not s32 or s64.

The shift amount should have the same type with the shifted value for
the shift instructions, so add the same `widenScalarToNextPow2`
legalization that we apply to the shifted value, to the shift amount.

Fixes crashes in programs like:

    define i8 @test(i48 %a) {
    entry:
      %b = lshr i48 %a, 15
      %c = trunc i48 %b to i8
      ret i8 %c
    }

The new test crashes before this PR.
DeltaFile
+24-0llvm/test/CodeGen/AArch64/GlobalISel/legalize-shift.mir
+1-0llvm/lib/Target/AArch64/GISel/AArch64LegalizerInfo.cpp
+25-02 files

OPNSense/src 58af921sys/dev/ice ice_lib.c ice_adminq_cmd.h

ice(4): Add support for 40G maximal PMD speed

E823 backplane devices may support 40G as maximal PMD speed.
Extend port topology reading logic to handle this case.
While at that fix indentation according to FreeBSD style(9).

Signed-off-by: Krzysztof Galazka <krzysztof.galazka at intel.com>

Tested by:      gowtham.kumar.ks_intel.com
Approved by:    kbowling (mentor), erj (mentor)
Sponsored by:   Intel Corporation
MFC after:      1 week
Differential Revision:  https://reviews.freebsd.org/D53587

(cherry picked from commit c6212b7da110d82b1d0086ec525deb216993021e)
DeltaFile
+4-3sys/dev/ice/ice_lib.c
+1-0sys/dev/ice/ice_adminq_cmd.h
+5-32 files

FreeBSD/ports 80fa423german/wordpress distinfo, russian/wordpress distinfo

{german,russian}/wordpress: Regenerate distinfo

Upstream appears to have rerolled the tarballs to update the
translations. I compared the new tarballs with the previously
downloaded ones and confirmed that the translations are the only
differences.
DeltaFile
+3-3german/wordpress/distinfo
+3-3russian/wordpress/distinfo
+6-62 files

FreeBSD/ports 8a51429security/p11-kit distinfo pkg-plist

security/p11-kit: update to 0.26.4
DeltaFile
+3-3security/p11-kit/distinfo
+1-1security/p11-kit/pkg-plist
+1-1security/p11-kit/Makefile
+5-53 files

OPNSense/plugins b59cf8esecurity/intrusion-detection-content-at-antiphishing/src/opnsense/scripts/suricata/metadata/rules julioliraup-antiphing.xml

Add julioliraup antiphishing ruleset (#5547)

* Add julioliraup/Antiphishing ruleset

* Add julioliraup/Antiphishing ruleset on Suricata with .tar.gz #5536
DeltaFile
+5-7security/intrusion-detection-content-at-antiphishing/src/opnsense/scripts/suricata/metadata/rules/julioliraup-antiphing.xml
+5-71 files

OpenBSD/ports YwH2x08audio/mpd distinfo Makefile

   audio/mpd: update to 0.24.13.

   see https://raw.githubusercontent.com/MusicPlayerDaemon/MPD/v0.24.13/NEWS
VersionDeltaFile
1.78+2-2audio/mpd/distinfo
1.164+1-1audio/mpd/Makefile
+3-32 files

NetBSD/src yBGp810sys/arch/aarch64/aarch64 locore.S

   Make CPU_* macros available for locore_el2.S
VersionDeltaFile
1.106+38-37sys/arch/aarch64/aarch64/locore.S
+38-371 files

OpenBSD/ports tOzftoXgeo/mapserver distinfo Makefile

   geo/mapserver: MFC security update to 8.6.5.

   see https://mapserver.org/development/changelog/changelog-8-6.html#changes-from-8-6-4-to-8-6-5
   and https://github.com/MapServer/MapServer/releases/tag/rel-8-6-5 for
   the list of GHSA
VersionDeltaFile
1.44.2.3+2-2geo/mapserver/distinfo
1.111.2.3+1-1geo/mapserver/Makefile
+3-32 files

OpenBSD/ports xvZSmPygeo/mapserver distinfo Makefile

   geo/mapserver: security update to 8.6.5.

   see https://mapserver.org/development/changelog/changelog-8-6.html#changes-from-8-6-4-to-8-6-5
   and https://github.com/MapServer/MapServer/releases/tag/rel-8-6-5 for
   the list of GHSA
VersionDeltaFile
1.47+2-2geo/mapserver/distinfo
1.114+1-1geo/mapserver/Makefile
+3-32 files

LLVM/project 1a8a53forc-rt/lib/executor Logging.cpp, orc-rt/test/unit LoggingTest.cpp

[orc-rt] Hold log level names as uppercase (#208880)

orc_rt_log_Level_getName is used primarily in text prefixes (e.g. the
upcoming printf backend's "[orc-rt:General:LEVEL]"), where uppercase is
the intended rendering. Storing the names as uppercase lets the backend
use them directly without case conversion. orc_rt_log_Level_parse
performs a case-insensitive parse, so ORC_RT_LOG=info and similar still
work.

[orc-rt] Hold log level names as uppercase.

orc_rt_log_Level_getName is expected to be primarily used in
text-prefixes (e.g. in the upcoming printf backend), where it should be
printed as uppercase. Storing as uppercase in the first place will save
us a toupper conversion on each log call.
DeltaFile
+5-5orc-rt/test/unit/LoggingTest.cpp
+3-3orc-rt/lib/executor/Logging.cpp
+8-82 files

NetBSD/src Y2eEk4cexternal/gpl3/gdb/dist/gdb aarch64-netbsd-tdep.c

   whitespace
VersionDeltaFile
1.6+1-1external/gpl3/gdb/dist/gdb/aarch64-netbsd-tdep.c
+1-11 files

LLVM/project 9686a56llvm/tools/llvm-c-test echo.cpp

Address CI Failure. Add BSRType in llvm-c-test
DeltaFile
+2-0llvm/tools/llvm-c-test/echo.cpp
+2-01 files

FreeBSD/ports 2dc73acnet/keycloak pkg-plist distinfo

net/keycloak: Update 26.6.4 => 26.7.0 (4 CVEs)

Release Notes:
https://www.keycloak.org/2026/07/keycloak-2670-released

PR:             296639
Security:       CVE-2026-9796
Security:       CVE-2026-9689
Security:       CVE-2026-9798
Security:       CVE-2026-11986
Sponsored by:   UNIS Labs
MFH:            2026Q3

(cherry picked from commit 09811b980fb36c7e860930992b1242580fb76dd8)
DeltaFile
+20-20net/keycloak/pkg-plist
+3-3net/keycloak/distinfo
+1-1net/keycloak/Makefile
+24-243 files

FreeBSD/ports 09811b9net/keycloak pkg-plist distinfo

net/keycloak: Update 26.6.4 => 26.7.0 (4 CVEs)

Release Notes:
https://www.keycloak.org/2026/07/keycloak-2670-released

PR:             296639
Security:       CVE-2026-9796
Security:       CVE-2026-9689
Security:       CVE-2026-9798
Security:       CVE-2026-11986
Sponsored by:   UNIS Labs
MFH:            2026Q3
DeltaFile
+20-20net/keycloak/pkg-plist
+3-3net/keycloak/distinfo
+1-1net/keycloak/Makefile
+24-243 files

FreeNAS/freenas f686624src/middlewared/middlewared/plugins boot.py, src/middlewared/middlewared/plugins/boot __init__.py format.py

Convert boot plugin to typesafe pattern

## Problem
The boot service was old-style dict-based code spread across three files (boot.py, boot_/format.py, boot_/boot_loader.py) that all declared the same BootService, so the framework silently merged them into a CompoundService. None of it was type-checked end to end, and every in-process consumer reached it through untyped string middleware.call('boot.*').

## Solution
- Consolidate everything into a single plugins/boot/ package using the port pattern: a lean BootService in __init__.py that delegates to plain, fully type-annotated module functions in disks.py/format.py/pool_ops.py, with @api_method(check_annotations=True) public methods and @private stubs. boot.get_state now returns a BootGetState model; internal callers use a dict state helper so nothing breaks on attribute-vs-key access.
- Register boot in main.py's ServiceContainer and have it own boot.environment as a sub-service, replacing BootServicesContainer.
- Expose the boot-pool name/disks cache through accessor functions instead of a module global. This also fixes a latent bug where libvirt/cdrom.py imported the global at module load (before setup runs), bound it to None, and so never filtered the boot pool out of CDROM path validation.
- Convert every same-process boot.* string call to typed call2/call_sync2 across sysdataset, zfs_events, disk, failover, and the zpool/audit/tunable/update/system_advanced plugins, the alert sources, and the cron/fstab makos, keeping each site's sync/async flavour.
- Keep the private update_initramfs/format models in the plugin (check_model_module requires private-method models to live there, not in the api package) and import them lazily from consumers, otherwise pulling boot/__init__ into the early service-init chain deadlocks on a partially-initialised middlewared.service.
- Add plugins/boot/ to mypy.yml.
DeltaFile
+0-372src/middlewared/middlewared/plugins/boot.py
+250-0src/middlewared/middlewared/plugins/boot/__init__.py
+161-0src/middlewared/middlewared/plugins/boot/format.py
+148-0src/middlewared/middlewared/plugins/boot/pool_ops.py
+0-115src/middlewared/middlewared/plugins/boot_/format.py
+65-0src/middlewared/middlewared/plugins/boot/disks.py
+624-48732 files not shown
+751-58838 files

FreeBSD/ports 10be11fdevel/iaito distinfo Makefile, devel/iaito/files patch-Makefile patch-configure

devel/iaito: Update 6.0.8 => 6.1.8, fix build with new devel/radare2

Changelogs:
https://github.com/radareorg/iaito/releases/tag/6.1.0
https://github.com/radareorg/iaito/releases/tag/6.1.2
https://github.com/radareorg/iaito/releases/tag/6.1.4
https://github.com/radareorg/iaito/releases/tag/6.1.6
https://github.com/radareorg/iaito/releases/tag/6.1.8

- Refresh patches.

PR:             296680 296678
Sponsored by:   UNIS Labs
MFH:            2026Q3

(cherry picked from commit bdf13170b1c4c7aceffb13c6f6b087c0256f3d2a)
DeltaFile
+7-7devel/iaito/files/patch-Makefile
+3-3devel/iaito/distinfo
+2-2devel/iaito/files/patch-configure
+2-2devel/iaito/files/patch-src_lib__radare2.pri
+1-1devel/iaito/Makefile
+15-155 files

FreeNAS/freenas 68baaf3src/middlewared/middlewared/plugins boot.py, src/middlewared/middlewared/plugins/boot __init__.py format.py

Convert boot plugin to typesafe pattern

## Problem
The boot service was old-style dict-based code spread across three files (boot.py, boot_/format.py, boot_/boot_loader.py) that all declared the same BootService, so the framework silently merged them into a CompoundService. None of it was type-checked end to end, and every in-process consumer reached it through untyped string middleware.call('boot.*').

## Solution
- Consolidate everything into a single plugins/boot/ package using the port pattern: a lean BootService in __init__.py that delegates to plain, fully type-annotated module functions in disks.py/format.py/pool_ops.py, with @api_method(check_annotations=True) public methods and @private stubs. boot.get_state now returns a BootGetState model; internal callers use a dict state helper so nothing breaks on attribute-vs-key access.
- Register boot in main.py's ServiceContainer and have it own boot.environment as a sub-service, replacing BootServicesContainer.
- Expose the boot-pool name/disks cache through accessor functions instead of a module global. This also fixes a latent bug where libvirt/cdrom.py imported the global at module load (before setup runs), bound it to None, and so never filtered the boot pool out of CDROM path validation.
- Convert every same-process boot.* string call to typed call2/call_sync2 across sysdataset, zfs_events, disk, failover, and the zpool/audit/tunable/update/system_advanced plugins, the alert sources, and the cron/fstab makos, keeping each site's sync/async flavour.
- Keep the private update_initramfs/format models in the plugin (check_model_module requires private-method models to live there, not in the api package) and import them lazily from consumers, otherwise pulling boot/__init__ into the early service-init chain deadlocks on a partially-initialised middlewared.service.
- Add plugins/boot/ to mypy.yml.
DeltaFile
+0-372src/middlewared/middlewared/plugins/boot.py
+250-0src/middlewared/middlewared/plugins/boot/__init__.py
+161-0src/middlewared/middlewared/plugins/boot/format.py
+152-0src/middlewared/middlewared/plugins/boot/pool_ops.py
+0-115src/middlewared/middlewared/plugins/boot_/format.py
+63-0src/middlewared/middlewared/plugins/boot/disks.py
+626-48732 files not shown
+753-58838 files

FreeBSD/ports bdf1317devel/iaito distinfo Makefile, devel/iaito/files patch-Makefile patch-configure

devel/iaito: Update 6.0.8 => 6.1.8, fix build with new devel/radare2

Changelogs:
https://github.com/radareorg/iaito/releases/tag/6.1.0
https://github.com/radareorg/iaito/releases/tag/6.1.2
https://github.com/radareorg/iaito/releases/tag/6.1.4
https://github.com/radareorg/iaito/releases/tag/6.1.6
https://github.com/radareorg/iaito/releases/tag/6.1.8

- Refresh patches.

PR:             296680 296678
Sponsored by:   UNIS Labs
MFH:            2026Q3
DeltaFile
+7-7devel/iaito/files/patch-Makefile
+3-3devel/iaito/distinfo
+2-2devel/iaito/files/patch-configure
+2-2devel/iaito/files/patch-src_lib__radare2.pri
+1-1devel/iaito/Makefile
+15-155 files

LLVM/project 184d97bclang/docs ReleaseNotes.md

[Clang] [Docs] Add release note for expansion statements (#208878)

This was supposed to be part of the original patch, but we lost it
because I didn't pay enough attention when I was merging the release
notes after the migration from RST -> MD (I deleted the RST file but
forgot to move the release note to the MD file...)
DeltaFile
+3-0clang/docs/ReleaseNotes.md
+3-01 files

LLVM/project 445fc8bclang/test/OpenMP teams_distribute_parallel_for_simd_if_openmp52_codegen.cpp, llvm/docs LangRef.rst LangRef.md

Merge branch 'main' into users/aokblast/lldb/set_error
DeltaFile
+20,241-21,265llvm/test/CodeGen/AMDGPU/amdgcn.bitcast.1024bit.ll
+0-33,206llvm/docs/LangRef.rst
+30,305-0llvm/docs/LangRef.md
+8,882-7,730llvm/test/MC/AMDGPU/gfx12_asm_vopc.s
+6,601-5,921llvm/test/CodeGen/AMDGPU/GlobalISel/legalize-llvm.amdgcn.image.sample.a16.ll
+12,190-0clang/test/OpenMP/teams_distribute_parallel_for_simd_if_openmp52_codegen.cpp
+78,219-68,1224,709 files not shown
+410,515-329,4234,715 files