[SLP] Enable full non-power-of-2 vectorization by default
Default slp-vectorize-non-power-of-2 to true and broaden the set of
supported widths beyond NumElts + 1 == bit_ceil(NumElts) to include
small widths (<= 5), widths where NumElts - 1 is also non-power of two
(e.g. 6, 7, 10..15), and any width when the elements being vectorized
are themselves vectors (REVEC). Tweak gathered loads, stores, and
reduction support to the non-power-of-2 vector factors.
Reviewers: hiraditya, bababuck, RKSimon
Pull Request: https://github.com/llvm/llvm-project/pull/196825
usr.sbin/httpd: add cache controls for static files
Teach httpd to advertise static file revalidation by default with
Cache-Control: no-cache, preserving the existing Last-Modified and
If-Modified-Since flow; add a [no] static-cache-control directive for
opting out, and advertise Vary: Accept-Encoding whenever gzip-static is
enabled.
OK: claudio@
Add new-pane command, currently this is equivalent to split-window but
it will have minor differences for floating panes in future. Also add
-R/-s/-S/-k/-m flags to control border and style and behaviour, like
popups. GitHub issue 5027 from Dane Jensen.
ipfw: treat ipv6 address with zero mask as 'any'
Make the behaviour similar for both IPv4 and IPv6. Also add
the corresponding tests.
PR: 294733
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D56618
miniflux: update to 2.3.0.
Security
Only discoverable WebAuthn credentials (resident keys / passkeys) are supported for login.
Non-resident credentials can no longer be used for first-factor authentication to prevent username enumeration before password verification. They are intended for post-password MFA flows, which Miniflux does not currently support.
Persist WebAuthn backup eligibility/state and validated credential state after login.
Require POST requests for logout, feed refresh, and OAuth2 unlink actions.
Apply CSRF protection to all non-safe HTTP methods.
Add http.CrossOriginProtection middleware for the web UI.
Validate redirect URL schemes in HTMLRedirect to prevent unsafe redirects.
Restore URL scheme validation in templates for untrusted feed URLs.
Sanitize filenames in Content-Disposition headers to prevent header injection.
Reject empty OAuth2 state parameters when no authentication flow is in progress.
Allow configured private proxies while still enforcing private-network restrictions for direct requests and redirects.
Validate URI schemes case-insensitively according to RFC 3986.
Pin third-party GitHub Actions to immutable commit SHAs to reduce supply-chain risks.
Cap the maximum entry limit to 1000 across the UI, API, and storage layer.
[41 lines not shown]
Replace devel/kf5/kcalendarcore with its kf6 equivalent:
- it will break with the upcoming libical update
- nothing uses it in-tree
ok rsadowski@ (maintainer)
[CUF] Fix CompilerGeneratedNamesConversion renaming managed companion globals
CUFAddConstructor creates a companion pointer global (e.g. foo.managed.ptr)
for each non-allocatable managed variable. When CompilerGeneratedNamesConversion
ran after CUFAddConstructor, it replaced the dots with 'X',
so CUFOpConversionLate could no longer find the companion by name and fell back
to CUFGetDeviceAddress with the wrong host pointer, causing cudaErrorInvalidSymbol.
Fix: mark the companion global with a cuf.managed_ptr unit attribute in
CUFAddConstructor and skip it in CompilerGeneratedNamesConversionPass.
Co-authored-by: Claude Sonnet 4.6 <noreply at anthropic.com>
meta-pkgs/bulk-test-doxygen: import bulk-test-doxygen-20260517
Meta-package for testing doxygen updates.
Do not forget to turn on the 'doxygen' option when testing this.
usr.sbin/relayd: support multiple resolveble addresses.
relayd supports interface name, DNS hostname or interface group at
listen on but it binds only to the first discovered IP address which is
usually IPv4.
Here I changed parser to create a dedicated listener for each discovered
and confiugred on a local inerface address.
This means that listen on egress port 80 binds to all IPv4 and IPv6
addresses on the egress group.
OK: rsadowski@
