FreeBSD/ports 2eb75c6security/vuxml/vuln 2026.xml

security/vuxml: Update entry for Python CVE-2026-4519

Fixed in 3.14.4

PR:             294324
Security:       9fdad262-2e0f-11f1-88c7-00a098b42aeb
                / CVE-2026-4519
DeltaFile
+1-1security/vuxml/vuln/2026.xml
+1-11 files

FreeBSD/ports 955268blang/python314 pkg-plist Makefile, lang/python314/files patch-gh-146211-reject-CR_LF-in-HTTP-tunnel-request-headers patch-gh-146333-Fix-quadratic-regex-backtracking-in-configparser

lang/python314: Security update to 3.14.4

Add a -flto=full option, which can speed up the port build
in terms of wallclock time at the expense of overall more
CPU time.

Issue a warning that test_ssl will fail from pre-test
if DEBUG is enabled.

Changelog:      https://docs.python.org/release/3.14.4/whatsnew/changelog.html

PR:             294324

Which contains these security fixes:

pyexpat.c: Unbounded C recursion in conv_content_model causes crash
Security:       https://github.com/python/cpython/issues/145986
                / CVE-2026-4224


    [32 lines not shown]
DeltaFile
+108-0lang/python314/files/patch-gh-146211-reject-CR_LF-in-HTTP-tunnel-request-headers
+83-0lang/python314/files/patch-gh-146333-Fix-quadratic-regex-backtracking-in-configparser
+17-5lang/python314/pkg-plist
+12-6lang/python314/Makefile
+3-3lang/python314/distinfo
+1-1lang/python314/Makefile.version
+224-156 files

Linux/linux 35bdc19kernel workqueue.c

Merge tag 'wq-for-7.0-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq

Pull workqueue fix from Tejun Heo:
 "This is a fix for a stall which triggers on ordered workqueues when
  there are multiple inactive work items during workqueue property
  changes through sysfs, which doesn't happen that frequently.

  While really late, the fix is very low risk as it just repeats an
  operation which is already being performed:

   - Fix incomplete activation of multiple inactive works when
     unplugging a pool_workqueue, where the pending_pwqs list
     wasn't being updated for subsequent works"

* tag 'wq-for-7.0-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: Add pool_workqueue to pending_pwqs list when unplugging multiple inactive works
DeltaFile
+13-1kernel/workqueue.c
+13-11 files

LLVM/project 6ea4377libcxx/test/std/numerics/numeric.ops/numeric.ops.sat saturate_cast.pass.cpp saturating_cast.pass.cpp, llvm/lib/Target/AMDGPU GCNSchedStrategy.cpp

Rebase

Created using spr 1.3.7
DeltaFile
+2,253-17llvm/test/CodeGen/AMDGPU/freeze.ll
+0-394libcxx/test/std/numerics/numeric.ops/numeric.ops.sat/saturate_cast.pass.cpp
+394-0libcxx/test/std/numerics/numeric.ops/numeric.ops.sat/saturating_cast.pass.cpp
+385-0llvm/test/CodeGen/X86/apx/pr191368.ll
+157-138llvm/lib/Target/AMDGPU/GCNSchedStrategy.cpp
+140-150llvm/test/CodeGen/AMDGPU/load-global-i16.ll
+3,329-699234 files not shown
+8,456-3,789240 files

FreeBSD/src cd5ff4esys/net pfvar.h, sys/netpfil/pf pf.c

pf: use hashalloc(9) for key, id, src-node and udp-endpoint hashes

Reviewed by:            kp
Differential Revision:  https://reviews.freebsd.org/D56113
DeltaFile
+54-92sys/netpfil/pf/pf.c
+1-2sys/net/pfvar.h
+55-942 files

FreeBSD/src 87ef306sys/netinet tcp_lro.c

tcp lro: use hashalloc(9)

Reviewed by:            tuexen, rrs
Differential Revision:  https://reviews.freebsd.org/D56177
DeltaFile
+20-6sys/netinet/tcp_lro.c
+20-61 files

FreeBSD/src 9992eb4sys/net if_gif.c if_gif.h, sys/netinet in_gif.c

gif: use hashalloc(9)

Functional change is that on destruction INVARIANTS checks will run.  Also
the mask is no longer hardcoded, so makes it easier to make hash size a
tunable.

Reviewed by:            ae
Differential Revision:  https://reviews.freebsd.org/D56176
DeltaFile
+21-6sys/netinet6/in6_gif.c
+21-6sys/netinet/in_gif.c
+0-21sys/net/if_gif.c
+0-4sys/net/if_gif.h
+42-374 files

FreeBSD/src adba114sys/netinet ip_input.c

netinet: use hashalloc(9) for IP address hash

While here, slightly restyle ip_vnet_init() and use sparse initializer for
pfil_head_args.  There is no functional change wrt to pfil(9) hook
registration.

Differential Revision:  https://reviews.freebsd.org/D56175
DeltaFile
+26-15sys/netinet/ip_input.c
+26-151 files

FreeBSD/src 8e1513dsys/netinet in_pcb.c in_pcb.h, sys/netinet6 in6_pcb.c

inpcb: use hashalloc(9)

While here remove ipi_lbgrouphashmask, as it is always has the same value
as ipi_porthashmask.

Differential Revision:  https://reviews.freebsd.org/D56174
DeltaFile
+30-22sys/netinet/in_pcb.c
+1-2sys/netinet/in_pcb.h
+1-1sys/netinet6/in6_pcb.c
+32-253 files

FreeBSD/src abf68d1share/man/man9 hashalloc.9 hashinit.9, sys/kern subr_hash.c

hash(9): introduce hashalloc()/hashfree() KPI

This is a more extendable version than traditional hashinit(9).  It allows
different kinds of slot headers with optional locks.

Implement traditional hashinit()/hashdestroy() on top of it.

Reviewed by:            pouria, gallatin
Differential Revision:  https://reviews.freebsd.org/D55904
DeltaFile
+350-54sys/kern/subr_hash.c
+314-0share/man/man9/hashalloc.9
+37-0sys/sys/hash.h
+8-1share/man/man9/hashinit.9
+2-0share/man/man9/Makefile
+711-555 files

LLVM/project 7c872e9llvm/test/Transforms/SLPVectorizer/X86 operand-reorder-with-copyables.ll

[SLP][NFC]Add a test with the reordering of the RHS/LHS operands for copyables, NFC



Reviewers: 

Pull Request: https://github.com/llvm/llvm-project/pull/191730
DeltaFile
+140-0llvm/test/Transforms/SLPVectorizer/X86/operand-reorder-with-copyables.ll
+140-01 files

FreeBSD/ports e800745devel/git-flow-next distinfo Makefile

devel/git-flow-next: Update to 1.1.0

- Added:
    - Push-option support for publish command (--push-option / -o)
    - Support for configurable hooks directory via gitflow.path.hooks
      and core.hooksPath

- Fixed
    - Validate remote exists before any state-changing delete operations
    - Validate remote before remote operations (publish, track, finish
      sync)
    - Check if remote exists before attempting to delete remote branch
    - Skip fetch when no remote is configured
    - Use empty commit instead of README.md when initializing empty
      repositories
    - Default to empty version tag prefix during init
    - Thread config correctly into tag creation step during finish

PR:             294446
DeltaFile
+5-5devel/git-flow-next/distinfo
+1-2devel/git-flow-next/Makefile
+6-72 files

NetBSD/pkgsrc JATOtjOmath/bc Makefile

   bc: fix libedit detection
VersionDeltaFile
1.19+8-2math/bc/Makefile
+8-21 files

FreeBSD/ports 102d61egames/prismlauncher distinfo Makefile

games/prismlauncher: Update to 11.0.1

Changelogs:
* https://prismlauncher.org/news/release-11
* https://prismlauncher.org/news/release-11.0.1

Port changes:
* Track changes to USES Java, prioritizing default Java and
  setting LWJGL version strictly to the latest game release only.
* Add new build dependency graphics/vulkan-headers.

PR:             293576
Reported by:    Alexander Vereeken <Alexander88207 at protonmail.com> (maintainer)
Approved by:    vvd (co-mentor)
DeltaFile
+3-7games/prismlauncher/distinfo
+2-6games/prismlauncher/Makefile
+4-0games/prismlauncher/pkg-message
+1-1games/prismlauncher/pkg-plist
+10-144 files

FreeBSD/ports 2f009a8sysutils/containers-common distinfo Makefile

sysutils/containers-common: update skopeo to 1.22.1

Bump PORTREVISION.

PR:             294444
Approved by:    dfr (maintainer)

Sponsored by:   tipi.work
DeltaFile
+3-3sysutils/containers-common/distinfo
+2-2sysutils/containers-common/Makefile
+5-52 files

FreeBSD/ports 304feb3sysutils/skopeo distinfo Makefile

sysutils/skopeo: update: 1.22.0 -> 1.22.1

PR:             294444
Approved by:    dfr (maintainer)

Sponsored by:   tipi.work
DeltaFile
+3-3sysutils/skopeo/distinfo
+1-2sysutils/skopeo/Makefile
+4-52 files

FreeBSD/ports 4c42001graphics/vulkan-caps-viewer Makefile, graphics/vulkan-extension-layer Makefile

graphics/vulkan-{headers,loader}: Drop maintainership

PR:             294344
Reported by:    Atanu Biswas <atanubiswas484 at gmail.com> (maintainer)
Approved by:    osa (mentor)
DeltaFile
+1-1graphics/vulkan-caps-viewer/Makefile
+1-1graphics/vulkan-extension-layer/Makefile
+1-1graphics/vulkan-headers/Makefile
+1-1graphics/vulkan-loader/Makefile
+1-1graphics/vulkan-tools/Makefile
+1-1graphics/vulkan-utility-libraries/Makefile
+6-61 files not shown
+7-77 files

Linux/linux ab3dee2include/linux clockchips.h, kernel/time clockevents.c tick-broadcast.c

Merge tag 'timers-urgent-2026-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip

Pull timer fixes from Thomas Gleixner:
 "Two fixes for the time/timers subsystem:

   - Invert the inverted fastpath decision in check_tick_dependency(),
     which prevents NOHZ full to stop the tick. That's a regression
     introduced in the 7.0 merge window.

   - Prevent a unpriviledged DoS in the clockevents code, where user
     space can starve the timer interrupt by arming a timerfd or posix
     interval timer in a tight loop with an absolute expiry time in the
     past. The fix turned out to be incomplete and was was amended
     yesterday to make it work on some 20 years old AMD machines as
     well. All issues with it have been confirmed to be resolved by
     various reporters"

* tag 'timers-urgent-2026-04-12' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  clockevents: Prevent timer interrupt starvation
  tick/nohz: Fix inverted return value in check_tick_dependency() fast path
DeltaFile
+19-8kernel/time/clockevents.c
+7-1kernel/time/tick-broadcast.c
+2-1kernel/time/tick-sched.c
+2-0include/linux/clockchips.h
+1-0kernel/time/hrtimer.c
+1-0kernel/time/tick-common.c
+32-106 files

FreeBSD/ports 778bf1awww/py-webob Makefile distinfo, www/py-webob/files patch-docs_conf.py pyproject.toml.in

www/py-webob: upgrade to 1.8.9 and use PEP517.

PR:             ports/293851
Approved by:    maintainer (nivit@)
DeltaFile
+20-7www/py-webob/Makefile
+14-2www/py-webob/files/patch-docs_conf.py
+7-0www/py-webob/files/pyproject.toml.in
+3-3www/py-webob/distinfo
+44-124 files

FreeBSD/ports 03b0241multimedia/plexmediaserver-plexpass distinfo Makefile

multimedia/plexmediaserver-plexpass: Update 1.43.0.10389 => 1.43.1.10611

Changelog:
https://forums.plex.tv/t/plex-media-server/30447/703

PR:             294419
Sponsored by:   UNIS Labs
DeltaFile
+3-3multimedia/plexmediaserver-plexpass/distinfo
+2-2multimedia/plexmediaserver-plexpass/Makefile
+5-52 files

FreeBSD/ports 1b02c41multimedia/plexmediaserver distinfo Makefile

multimedia/plexmediaserver: Update 1.43.0.10492 => 1.43.1.10611

Changelog:
https://forums.plex.tv/t/plex-media-server/30447/705

PR:             294418
Sponsored by:   UNIS Labs
DeltaFile
+3-3multimedia/plexmediaserver/distinfo
+2-2multimedia/plexmediaserver/Makefile
+5-52 files

LLVM/project a7b4e7bllvm/lib/Transforms/Utils CallGraphUpdater.cpp, llvm/test/Transforms/Inline inline-history-dead-function.ll

[CallGraphUpdater] Replace dead function in metadata with null instead of poison

Assisted-by: claude-4.6-opus
DeltaFile
+29-0llvm/test/Transforms/Inline/inline-history-dead-function.ll
+6-1llvm/lib/Transforms/Utils/CallGraphUpdater.cpp
+35-12 files

FreeBSD/doc eae9a0awebsite/content/en/status/report-2026-01-2026-03 audio.adoc

Status/2026Q1/audio.adoc: Add report

Sponsored by:   The FreeBSD Foundation
Reviewed by:    salvadore
Differential Revision:  https://reviews.freebsd.org/D56292
DeltaFile
+26-0website/content/en/status/report-2026-01-2026-03/audio.adoc
+26-01 files

LLVM/project 47e77fallvm/include/llvm/Analysis ValueTracking.h, llvm/lib/Analysis ValueTracking.cpp BasicAliasAnalysis.cpp

ValueTracking: Use SimplifyQuery for computeKnownConstantRange

Does introduce new context passing in a few of the updated contexts.
DeltaFile
+23-28llvm/lib/Analysis/ValueTracking.cpp
+20-20llvm/lib/Transforms/Vectorize/VectorCombine.cpp
+18-10llvm/unittests/Analysis/ValueTrackingTest.cpp
+4-3llvm/lib/Transforms/Utils/SimplifyCFG.cpp
+4-3llvm/lib/Analysis/BasicAliasAnalysis.cpp
+1-4llvm/include/llvm/Analysis/ValueTracking.h
+70-684 files not shown
+79-7410 files

LLVM/project 0ab10d1llvm/lib/Analysis ValueTracking.cpp, llvm/test/Transforms/InstCombine known-range-frexp-exp.ll

ValueTracking: Handle frexp exp in computeKnownConstantRange (#191282)
DeltaFile
+136-0llvm/test/Transforms/InstCombine/known-range-frexp-exp.ll
+29-1llvm/lib/Analysis/ValueTracking.cpp
+165-12 files

LLVM/project 183660dllvm/lib/Transforms/Vectorize SLPVectorizer.cpp, llvm/test/Transforms/SLPVectorizer/X86 phi-operand-gathered-loads.ll

[SLP] Fix GEP cost computation for load vectorization cost estimates

Pass Instruction::Load instead of Instruction::GetElementPtr to
getGEPCosts in isMaskedLoadCompress and CheckForShuffledLoads.
These call sites estimate costs for wide contiguous loads and sub-vector
load patterns, not for masked gather pointer vector formation. Using
Instruction::GetElementPtr incorrectly triggered the gather-style cost
path, which computes vector GEP formation costs. Since the call sites
already add scalarization overhead for pointer vector building
separately, this led to double-counting of pointer costs and inaccurate
vectorization decisions.

Reviewers: hiraditya, RKSimon

Pull Request: https://github.com/llvm/llvm-project/pull/191728
DeltaFile
+16-6llvm/test/Transforms/SLPVectorizer/X86/phi-operand-gathered-loads.ll
+5-7llvm/lib/Transforms/Vectorize/SLPVectorizer.cpp
+21-132 files

FreeBSD/ports a1cbb77sysutils/awslim distinfo Makefile, sysutils/awslim/files go.sum modules.txt

sysutils/awslim: Update to 0.6.13

ChangeLog:      https://github.com/fujiwara/awslim/releases/tag/v0.6.13
Approved by:    hrs (mentor, blanket)
DeltaFile
+856-840sysutils/awslim/files/go.sum
+464-420sysutils/awslim/files/modules.txt
+428-420sysutils/awslim/files/go.mod
+42-0sysutils/awslim/files/patch-all-services.yaml
+5-5sysutils/awslim/distinfo
+4-4sysutils/awslim/Makefile
+1,799-1,6896 files

LLVM/project 6c77981llvm/examples/Kaleidoscope/BuildingAJIT/Chapter3 KaleidoscopeJIT.h, llvm/examples/Kaleidoscope/BuildingAJIT/Chapter4 KaleidoscopeJIT.h

[ORC] Move MemoryAccess ownership out of ExecutorProcessControl. (#191715)

Similar to the DylibManager change in e55fb5de0f9, this removes an
unnecessary coupling between ExecutorProcessControl and MemoryAccess,
allowing clients to select MemoryAccess implementations independently.

To simplify the transition, the
ExecutorProcessControl::createDefaultMemoryAccess method will return an
instance of whatever MemoryAccess the ExecutorProcessControl
implementation had been using previously.
DeltaFile
+21-31llvm/lib/ExecutionEngine/Orc/SimpleRemoteEPC.cpp
+15-13llvm/lib/ExecutionEngine/Orc/EPCIndirectionUtils.cpp
+11-11llvm/include/llvm/ExecutionEngine/Orc/EPCIndirectionUtils.h
+12-2llvm/examples/Kaleidoscope/BuildingAJIT/Chapter3/KaleidoscopeJIT.h
+12-2llvm/examples/Kaleidoscope/BuildingAJIT/Chapter4/KaleidoscopeJIT.h
+4-9llvm/include/llvm/ExecutionEngine/Orc/SimpleRemoteEPC.h
+75-6812 files not shown
+138-9818 files

LLVM/project 8113b98llvm/lib/Transforms/InstCombine InstCombineCompares.cpp, llvm/test/Transforms/InstCombine icmp-umax-notx.ll

[InstCombine] Missed fold: umax(x, C) > ~x -> x < 0 (#189396)

fix : https://github.com/llvm/llvm-project/issues/187648

Fix the missed optimization for 
`icmp ugt (umax(x, C)), ~x` and `icmp ult (umax(x, C)), ~x`

Alive2 proof:
https://alive2.llvm.org/ce/z/dDNJ2m
https://alive2.llvm.org/ce/z/X633UX
DeltaFile
+43-0llvm/test/Transforms/InstCombine/icmp-umax-notx.ll
+22-1llvm/lib/Transforms/InstCombine/InstCombineCompares.cpp
+65-12 files

FreeBSD/ports 7834604net/asterisk22 distinfo Makefile, net/asterisk22/files patch-build__tools_make__xml__documentation

net/asterisk22: Update 22.8.2 → 22.9.0

Changelog:
https://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-22.9.0.html

PR:             294412
Sponsored by:   FLEX-IT LLC
Sponsored by:   UNIS Labs
DeltaFile
+39-5net/asterisk22/files/patch-build__tools_make__xml__documentation
+5-5net/asterisk22/distinfo
+2-3net/asterisk22/Makefile
+1-0net/asterisk22/pkg-plist
+47-134 files