FreeNAS/freenas 63f41a0src/middlewared/middlewared auth.py, src/middlewared/middlewared/plugins/service_/services base_interface.py base.py

NAS-141570 / 27.0.0-BETA.1 / typing hints for all services (#19215)
DeltaFile
+46-40src/middlewared/middlewared/auth.py
+28-28src/middlewared/middlewared/plugins/service_/services/pseudo/misc.py
+26-22src/middlewared/middlewared/plugins/service_/services/base_interface.py
+21-21src/middlewared/middlewared/plugins/service_/services/base.py
+20-20src/middlewared/middlewared/plugins/service_/services/iscsitarget.py
+19-15src/middlewared/middlewared/plugins/service_/services/dbus_router.py
+160-14620 files not shown
+239-21326 files

OPNSense/core 635f2e9src/opnsense/mvc/app/library/OPNsense/Core FileObject.php

mvc: FileObject: fix exception bug (#10442)

(cherry picked from commit 5c040197dfc4e4baa507de5c8bf714fe30ae68a6)
DeltaFile
+1-1src/opnsense/mvc/app/library/OPNsense/Core/FileObject.php
+1-11 files

OPNSense/core b601c16src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseField.php

mvc: guard BaseField::setNodes() against a list given for a scalar leaf (#10434)

(cherry picked from commit cde5f912b376be2962a9350613e225d579ef734e)
(cherry picked from commit 48d01e753973457942dbca408e04531b9917b5d3)
(cherry picked from commit a0a8e739570145b96b1adf73f8235ec479417f75)
DeltaFile
+6-4src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php
+6-41 files

OPNSense/core a0a8e73src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseField.php

mvc: BaseField: more of the same
DeltaFile
+1-1src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php
+1-11 files

LLVM/project 63d4b48clang/include/clang/Sema AnalysisBasedWarnings.h, clang/lib/Sema AnalysisBasedWarnings.cpp SemaDeclCXX.cpp

[LifetimeSafety] Analyze synthesized constructors for dangling NSDMIs (#206375)

A default member initializer can bind a view/pointer member to a
temporary that dies at the end of construction. This dangling field was
caught for user-written constructors but silently missed for implicit,
defaulted, and inheriting constructors, whose synthesized bodies never
reach IssueWarnings.

Add IssueLifetimeSafetyWarningsForImplicitFunction, called from
DefineImplicitDefaultConstructor and DefineInheritingConstructor, to run
the lifetime safety analysis on these synthesized bodies. Extract the
shared CFG build options into setLifetimeSafetyCFGBuildOptions, reused
by the TU-end analysis.

Assisted-by: Claude Opus 4.8
DeltaFile
+63-14clang/lib/Sema/AnalysisBasedWarnings.cpp
+49-0clang/test/Sema/LifetimeSafety/dangling-field-implicit-ctor.cpp
+8-0clang/lib/Sema/SemaDeclCXX.cpp
+5-0clang/include/clang/Sema/AnalysisBasedWarnings.h
+125-144 files

OPNSense/core 48d01e7src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes BaseField.php

mvc: BaseField: unify exception messages for previous
DeltaFile
+2-2src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/BaseField.php
+2-21 files

OPNSense/core b539bdcsrc/opnsense/mvc/app/models/OPNsense/Base/FieldTypes DescriptionField.php

mvc: DescriptionField: disable special and newline characters

This is only cosmetic and since the description is only used as a
label and not a note block this is fine (and could be overwridden
by the model if needed).

(cherry picked from commit d3c654f848284bcf8b510ea22df3e6ac90063387)
DeltaFile
+10-0src/opnsense/mvc/app/models/OPNsense/Base/FieldTypes/DescriptionField.php
+10-01 files

LLVM/project 3493adclldb/test/API/functionalities/data-formatter/data-formatter-stl/generic/vbool TestDataFormatterStdVBool.py

[lldb] Reduce output of TestDataFormatterStdVBool (#206444)

Tests should not be printing an unbounded amount of data, especially
when said data is the subject of corruption or misinterpretation by the
printer (the formatter, in this case).

This test is currently failing on the matrix bots, with the result that
close to 3GB of text is produced.
DeltaFile
+3-2lldb/test/API/functionalities/data-formatter/data-formatter-stl/generic/vbool/TestDataFormatterStdVBool.py
+3-21 files

LLVM/project eacdbf9llvm/lib/Target/AArch64 AArch64Processors.td AArch64Subtarget.cpp, llvm/test/Transforms/LoopVectorize/AArch64 interleaving-load-store.ll

[AArch64] Remove FeatureMaxInterleaveFactor4 from neoverse-v3ae (#190166)

This CPU has 2 vector pipelines, and even though unrolling can sometimes
be beneficial on its own, we usually set the interleaving factor to the
number of vector pipelines. Remove FeatureMaxInterleaveFactor4 so that
the default of 2 is used.
DeltaFile
+95-1llvm/test/Transforms/LoopVectorize/AArch64/interleaving-load-store.ll
+2-3llvm/lib/Target/AArch64/AArch64Processors.td
+1-0llvm/lib/Target/AArch64/AArch64Subtarget.cpp
+98-43 files

FreeBSD/ports 5ecd0a6www/authelia Makefile, www/authelia/files authelia.in

www/authelia: enable secret mode to fetch secrets from files

Authelia provides the functionality using go templates so screts must
not be part of the config file, but can be read from external files.

That makes handling of keys more more convinient, like:
```
identity_providers:
  oidc:
    jwks:
      - key: {{ secret "/usr/local/etc/authelia/private_ecdsa.pem" | mindent 10 "|" | msquote }}
      - key: {{ secret "/usr/local/etc/authelia/private_rsa.pem" | mindent 10 "|" | msquote }}
```

Authelia must be started for this with the template filter which that commit
adds.

PR:             295354
Approved by:    yuri (maintainer, timeout)
DeltaFile
+1-1www/authelia/Makefile
+1-1www/authelia/files/authelia.in
+2-22 files

LLVM/project bb6551ellvm/lib/Target/RISCV/GISel RISCVLegalizerInfo.cpp, llvm/test/CodeGen/RISCV/GlobalISel atomicrmw-and-or-xor.ll legalizer-info-validation.mir

[RISCV][GlobalISel] Legalize G_ATOMICRMW_AND/OR/XOR (#205540)

Add legalization support for G_ATOMICRMW_AND, G_ATOMICRMW_OR, and
G_ATOMICRMW_XOR in the RISC-V GlobalISel legalizer. These operations are
grouped with G_ATOMIC_CMPXCHG and G_ATOMICRMW_ADD since they share the
same type signature and legalization behavior:

- With the A extension, the operations are legal at XLEN width.
- Without the A extension, they are lowered to the appropriate
__atomic_fetch_{and,or,xor}_N libcalls.
- Sub-XLEN operations are clamped to XLEN before instruction selection;
the actual memory access size is preserved in the MMO so that
Zabha-enabled targets can select byte/halfword AMO instructions (e.g.
amoand.b, amoor.h).

Tests are added for the legalizer, instruction selection, and end-to-end
assembly output for both RV32 and RV64.
DeltaFile
+3,268-0llvm/test/CodeGen/RISCV/GlobalISel/atomicrmw-and-or-xor.ll
+368-0llvm/test/CodeGen/RISCV/GlobalISel/legalizer/legalize-atomicrmw-and-or-xor-rv64.mir
+275-0llvm/test/CodeGen/RISCV/GlobalISel/legalizer/legalize-atomicrmw-and-or-xor-rv32.mir
+9-6llvm/test/CodeGen/RISCV/GlobalISel/legalizer-info-validation.mir
+3-1llvm/lib/Target/RISCV/GISel/RISCVLegalizerInfo.cpp
+3,923-75 files

LLVM/project b36b993libc/include string.yaml, libc/src/string strcpy_s.cpp strcpy_s.h

[libc] Annex K: strcpy_s

This patch adds Annex K's `strcpy_s`.
DeltaFile
+138-0libc/test/src/string/strcpy_s_test.cpp
+74-0libc/src/string/strcpy_s.cpp
+27-0libc/src/string/strcpy_s.h
+19-0libc/src/string/CMakeLists.txt
+13-0libc/test/src/string/CMakeLists.txt
+9-0libc/include/string.yaml
+280-05 files not shown
+285-011 files

OPNSense/core b34ad01src/etc/inc/plugins.inc.d openvpn.inc ipsec.inc, src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes GroupField.php

firewall: unify group names

The defaults in GroupField are still a bit weird as we are showing them
even though their mandatory path is from *_interfaces() plugin registration.

If we need the value 10 we should make it the implicit default and also
add the default to the group interface registration (or not at all).

GroupField could read them correctly from config.xml...

PR: https://www.reddit.com/r/opnsense/comments/1ucvh2y/is_there_a_way_to_change_the_openvpn_group/

(cherry picked from commit 553f7dfe68e4b9d679f9c01691738f64cdcf458e)
(cherry picked from commit 6a19c92af85468a910e4ce685bf5c9d52021ee4e)
DeltaFile
+3-3src/opnsense/mvc/app/models/OPNsense/Firewall/FieldTypes/GroupField.php
+1-1src/etc/inc/plugins.inc.d/openvpn.inc
+1-1src/etc/inc/plugins.inc.d/ipsec.inc
+5-53 files

OPNSense/core d2c071csrc/opnsense/mvc/app/controllers/OPNsense/Firewall/forms dialogNptRule.xml, src/opnsense/mvc/app/models/OPNsense/Firewall Filter.php

firewall: allow WAN as "associated interface" for NPTv6 #10413

(cherry picked from commit aa27c069589dbbc9f2f26e7f6150069949f63bc2)
DeltaFile
+13-5src/opnsense/mvc/app/models/OPNsense/Firewall/Filter.php
+1-1src/opnsense/mvc/app/controllers/OPNsense/Firewall/forms/dialogNptRule.xml
+14-62 files

OPNSense/core ccb9f96src/opnsense/mvc/app/models/OPNsense/OpenVPN OpenVPN.xml

openvpn: clean up these option values

Push flags not always mention "push" in label but their
context is clear and keys do not change so simplify.

(cherry picked from commit a9dee3dcff89be9ecd2985ebe590e79ad0bdf01f)
DeltaFile
+32-32src/opnsense/mvc/app/models/OPNsense/OpenVPN/OpenVPN.xml
+32-321 files

FreeBSD/ports e22ea14dns/dnsdist distinfo Makefile

dns/dnsdist: Security update 2.0.6 => 2.0.7

While here, pet portfmt.

Changelog:
https://www.dnsdist.org/changelog.html#change-2.0.7
Security Advisory:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

PR:             296314
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2
Security:       CVE-2026-40011
Security:       CVE-2026-42004
Security:       CVE-2026-42005
Security:       CVE-2026-40208
Security:       CVE-2026-40209
Security:       CVE-2026-40210

    [3 lines not shown]
DeltaFile
+3-3dns/dnsdist/distinfo
+3-2dns/dnsdist/Makefile
+6-52 files

LLVM/project 69d00a8llvm/lib/Target/X86 X86ISelDAGToDAG.h X86.h

[X86][NFC] Remove X86ISelDAGToDAG.h (#206372)

For all the other passes, we have just been putting them inside X86.h,
and this is also what I plan to do for other targets. A separate header
does not make much sense.
DeltaFile
+0-25llvm/lib/Target/X86/X86ISelDAGToDAG.h
+6-0llvm/lib/Target/X86/X86.h
+0-1llvm/lib/Target/X86/X86CodeGenPassBuilder.cpp
+0-1llvm/lib/Target/X86/X86ISelDAGToDAG.cpp
+6-274 files

FreeBSD/ports 5a459b7dns/dnsdist distinfo Makefile

dns/dnsdist: update to v2.0.6

PR:     295515
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    tremere at cainites.net (maintainer)

(cherry picked from commit 9df447a2af2400984d1f068c7d3bed36da348e55)
DeltaFile
+3-3dns/dnsdist/distinfo
+1-1dns/dnsdist/Makefile
+4-42 files

OPNSense/core 1314d06src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml

kea: v6 linter pass

(cherry picked from commit 1f08ea963ecab1380d76bcb9d79b4ed53cdd525e)
DeltaFile
+33-33src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+33-331 files

FreeNAS/freenas 9529578src/middlewared/middlewared auth.py, src/middlewared/middlewared/plugins/service_/services base_interface.py base.py

typing hints for all services
DeltaFile
+46-40src/middlewared/middlewared/auth.py
+28-28src/middlewared/middlewared/plugins/service_/services/pseudo/misc.py
+26-22src/middlewared/middlewared/plugins/service_/services/base_interface.py
+21-21src/middlewared/middlewared/plugins/service_/services/base.py
+20-20src/middlewared/middlewared/plugins/service_/services/iscsitarget.py
+19-15src/middlewared/middlewared/plugins/service_/services/dbus_router.py
+160-14620 files not shown
+239-21326 files

OPNSense/core 1b089ffsrc/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml

kea: v4 option values changes for linter

(cherry picked from commit 50fa3fd8e344be3a83706a44d22b70f4fde87586)
DeltaFile
+27-27src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+27-271 files

FreeBSD/ports 248c4f9dns/dnsdist Makefile distinfo

dns/dnsdist: Security update 2.0.6 => 2.0.7

While here, pet portfmt.

Changelog:
https://www.dnsdist.org/changelog.html#change-2.0.7
Security Advisory:
https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-09.html

PR:             296314
Reported by:    Jordan Ostreff <jordan at ostreff.info>
Approved by:    osa, vvd (Mentors, implicit)
MFH:            2026Q2
Security:       CVE-2026-40011
Security:       CVE-2026-42004
Security:       CVE-2026-42005
Security:       CVE-2026-40208
Security:       CVE-2026-40209
Security:       CVE-2026-40210
Security:       CVE-2026-40211
DeltaFile
+4-3dns/dnsdist/Makefile
+3-3dns/dnsdist/distinfo
+7-62 files

LLVM/project 56385afllvm/test/CodeGen/NVPTX atomicrmw-sm70.ll atomicrmw-sm60.ll, llvm/test/CodeGen/PowerPC fminimum-fmaximum.ll

[CodeGen] Fix legalization of minimum/maximum (#206097)

FMINIMUM/FMAXIMUM legalization uses IS_FPCLASS for the signed zero
fixup. However, if IS_FPCLASS needs to be expanded, this requires the
corresponding integer type to be legal, which it often isn't.

Fix this in the same way as FMINIMUMNUM/FMAXIMUMNUM expansion does, by
rounding to float before performing the IS_FPCLASS if necessary.

However, the way the check is performed is a bit different: Here we use
`LHS == RHS ? (isPosZero(LHS) ? LHS : RHS) : Max` for the Max case,
while FMAXIMUMNUM uses `Max == 0.0 ? (isPosZero(LHS) ? LHS : Max) :
Max`.

The reason for the difference is that the variant based on equality is
correct without any additional pre-conditions, while the one based on
the zero check requires equal values to be handled in a specific way
before reaching the zero fixup. (It might make sense to always use the
approach using equality, but that results in a massive additional test

    [11 lines not shown]
DeltaFile
+362-248llvm/test/CodeGen/X86/fminimum-fmaximum.ll
+224-264llvm/test/CodeGen/NVPTX/atomicrmw-sm70.ll
+224-264llvm/test/CodeGen/NVPTX/atomicrmw-sm60.ll
+456-0llvm/test/CodeGen/X86/fminimum-fmaximum-i686.ll
+206-250llvm/test/CodeGen/NVPTX/math-intrins.ll
+122-204llvm/test/CodeGen/PowerPC/fminimum-fmaximum.ll
+1,594-1,2306 files not shown
+1,797-1,39512 files

LLVM/project 985bb1amlir/lib/Dialect/MemRef/Transforms ElideReinterpretCast.cpp, mlir/test/Dialect/MemRef elide-reinterpret-cast.mlir

[memref] Simplify loads from `reinterpret_casts` preserving non-unit dims (#202683)

Extend `memref.load` rewriting from `memref.reinterpret_cast` introduced
in [#188459](https://github.com/llvm/llvm-project/pull/188459) to handle
unit-dimension insertion/removal with multiple preserved non-unit
dimensions. This generalization addresses patterns in the MLGO regalloc
model.

## Example

Before:
```mlir
%view = memref.reinterpret_cast %src
  to offset: [0], sizes: [33, 1, 1, 40], strides: [40, 40, 40, 1]
  : memref<1x33x40xf32> to memref<33x1x1x40xf32,
      strided<[40, 40, 40, 1]>>

%v = memref.load %view[%i, %c0, %c0, %j]
  : memref<33x1x1x40xf32, strided<[40, 40, 40, 1]>>

    [29 lines not shown]
DeltaFile
+244-127mlir/test/Dialect/MemRef/elide-reinterpret-cast.mlir
+81-149mlir/lib/Dialect/MemRef/Transforms/ElideReinterpretCast.cpp
+325-2762 files

FreeBSD/ports 0e4ab96archivers/plakar distinfo Makefile

archivers/plakar: update to 1.1.3

Changes:        https://github.com/PlakarKorp/plakar/releases
PR:             296059
Approved by:    maintainer (timeout)
DeltaFile
+5-5archivers/plakar/distinfo
+1-2archivers/plakar/Makefile
+6-72 files

NetBSD/pkgsrc Rle91Modoc CHANGES-2026

   Updated devel/py-boltons, mail/py-checkdmarc
VersionDeltaFile
1.4115+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc DsGHgFAmail/py-checkdmarc distinfo Makefile

   py-checkdmarc: updated to 5.17.3

   5.17.3

   Changed

   Narrow the advisory SPF record size check to catch only UnicodeError (raised when a record can't be encoded to UTF-8) instead of swallowing every exception, and log the skip at debug level
   Replace the remaining broad except Exception handlers across the package with the specific exception types each block can recover from, so unexpected programming errors surface instead of being masked. As a result, intentional record-validation errors (e.g. MultipleSPFRTXTRecords, MTASTSRecordInWrongLocation) now propagate as their own types rather than being converted to a generic "record not found" error
   Modernize type annotations to PEP 604 syntax (X | None and X | Y instead of Optional[X] and Union[X, Y]) throughout the package

   Fixed

   Declare the supported Python floor with the correct requires-python key (the previous python_requires key is not recognized in a PEP 621 [project] table, so the published metadata advertised no minimum and pip would install on end-of-life Python versions where the modern type-alias syntax fails). Also add per-version Python classifiers for 3.10–3.14

   5.17.2

   Fixed

   Discard TXT records with leading whitespace instead of treating them as valid SPF records, since RFC 7208 section 4.5 requires a record to begin with exactly v=spf1

    [4 lines not shown]
VersionDeltaFile
1.32+4-4mail/py-checkdmarc/distinfo
1.34+2-2mail/py-checkdmarc/Makefile
+6-62 files

FreeBSD/ports c15f12fsecurity/vuxml/vuln 2026.xml

security/vuxml: Document dns/dnsdist vulnerabilities

PR:             296314
Approved by:    osa, vvd (Mentors, implicit)
DeltaFile
+49-0security/vuxml/vuln/2026.xml
+49-01 files

NetBSD/pkgsrc nbDP4kPdevel/py-boltons distinfo Makefile

   py-boltons: updated to 26.0.0

   26.0.0

   - Added [`funcutils.once`][funcutils.once] decorator for one-time function execution
   - Added [`strutils.human_readable_list`][strutils.human_readable_list] for formatting lists as human-readable strings
   - Extended [`iterutils.partition`][iterutils.partition] to accept multiple predicates
   - Added `cache` option to [`iterutils.remap`][iterutils.remap] and [`iterutils.research`][iterutils.research]
   - Fixed [`iterutils.split`][iterutils.split] `maxsplit=0` wrapping source object instead of its values
   - Fixed [`listutils.BarrelList`][listutils.BarrelList] `insert()` raising `IndexError` on large negative indices (now clamps like built-in `list`)
   - Fixed [`listutils.BarrelList`][listutils.BarrelList] `sort()` with multiple internal lists
   - Fixed [`dictutils.OrderedMultiDict`][dictutils.OrderedMultiDict] equality comparison against plain mappings
   - Fixed [`strutils.bytes2human`][strutils.bytes2human] rollover at exact powers of 1024
   - Fixed [`tbutils.ParsedException.from_string`][tbutils.ParsedException] `IndexError` on truncated tracebacks
   - Fixed [`tableutils.Table.to_text`][tableutils.Table] column sizing
   - Fixed [`strutils.html2text`][strutils.html2text] handling
   - Added Python 3.14 support
VersionDeltaFile
1.11+4-4devel/py-boltons/distinfo
1.12+2-3devel/py-boltons/Makefile
+6-72 files

FreeBSD/ports 5e6522fsysutils/gitlab-registry distinfo Makefile

sysutils/gitlab-registry: update to 4.40.2

Changes:        https://gitlab.com/gitlab-org/container-registry/-/releases
DeltaFile
+5-5sysutils/gitlab-registry/distinfo
+1-2sysutils/gitlab-registry/Makefile
+6-72 files