LLVM/project 10c0b42mlir/lib/Dialect/Linalg/IR LinalgOps.cpp, mlir/test/Dialect/Linalg canonicalize.mlir

[mlir][linalg] Add splat broadcast canonicalization pattern (#195980)

Add `linalg.broadcast` splat constant to `linalg.fill` canonicalization.

Assisted-by: Cursor (GPT-5.5)
DeltaFile
+45-0mlir/test/Dialect/Linalg/canonicalize.mlir
+31-1mlir/lib/Dialect/Linalg/IR/LinalgOps.cpp
+76-12 files

FreeBSD/src 1d0410fsbin/ping ping6.c

ping6: convert receive loop from pselect(2) to ppoll(2)

pselect(2) might overflow if the desciptor number is above
FD_SETSIZE and silently corrupt the stack. Switch to ppoll(2) so
the receive socket fd is no longer constrained by FD_SETSIZE.

Reported by:    Joshua Rogers of AISLE Research Team
Reviewed by:    markj
MFC after:      7 days
Differential Revision:  https://reviews.freebsd.org/D56721
DeltaFile
+6-4sbin/ping/ping6.c
+6-41 files

LLVM/project 8ac51bclibc/include stdio.yaml sched.yaml, libc/include/sys mman.yaml socket.yaml

[libc][NFC] Lowercase standard identifiers in YAML files (#198854)

Update YAML files to use lowercase identifiers for standards.

In header.py, canonical identifiers for standards are explicitly defined
in lowercase and mapped to their pretty names for display. This change
ensures that all YAML files use the lowercase identifiers (posix, linux,
bsd, gnu) expected by the header generation tool.

Assisted-by: Automated tooling, human reviewed.
DeltaFile
+21-21libc/include/sys/mman.yaml
+17-17libc/include/sys/socket.yaml
+17-17libc/include/stdio.yaml
+12-12libc/include/sched.yaml
+11-11libc/include/termios.yaml
+8-8libc/include/string.yaml
+86-8614 files not shown
+132-13220 files

OPNSense/src b3f06c1. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump version

Approved by:    so
DeltaFile
+26-0UPDATING
+1-1sys/conf/newvers.sh
+27-12 files

OPNSense/src 60f8236lib/libcasper/services/cap_net cap_net.c

cap_net: do not allow new limits to drop keys from the old ones

If the old limit had family/hosts/sockaddr set, the new limit must
have them too. Before, a missing key in the new limit was treated as
"allow any", which let a caller silently extend their limits.

Approved by:    so
Security:       FreeBSD-SA-26:24.cap_net
Security:       CVE-2026-45254
Reported by:    Joshua Rogers of AISLE Research Team
Reviewed by:    markj
MFC after:      1 day
Differential Revision:  https://reviews.freebsd.org/D56991

(cherry picked from commit d705a519525f2acae3c1efba11436ec6ee8aea0a)
(cherry picked from commit b79faca1c5964d89c125d02de35928b733041f3f)
DeltaFile
+31-0lib/libcasper/services/cap_net/cap_net.c
+31-01 files

OPNSense/src 7efe373usr.sbin/bsdconfig/share/media wlan.subr

bsdconfig: Make sure that SSID names are properly escaped

The f_menu_wpa_scan_results() function returns a list of networks
discovered by a scan.  The untrusted network names are evaluated in
f_dialog_menu_wireless_edit.  The quoting applied in
f_menu_wpa_scan_results() protects against evaluation of something like
"$(whoami)" but one can add single quotes to defeat that.

Pass the SSID names through f_shell_escape to work around this.  Escape
single quotes in f_dialog_wireless_edit() and f_menu_wireless_configs()
too for consistency.

I note that this module doesn't seem to actually work, see e.g.,
bugzilla PR 229883.

Approved by:    so
Security:       FreeBSD-SA-26:23.bsdinstall
Security:       CVE-2026-45255
Reported by:    Austin Ralls

    [2 lines not shown]
DeltaFile
+3-0usr.sbin/bsdconfig/share/media/wlan.subr
+3-01 files

OPNSense/src e13b397usr.sbin/bsdinstall/scripts wlanconfig

bsdinstall: Avoid invoking eval on the wlan SSID list

The wlanconfig utility is not careful about handling untrusted network
names, which can contain shell metacharacters.  Factor network selection
into a subroutine and use the `set -- "$@"` trick to build up a list of
positional parameters for bsddialog without evaluating them.

Approved by:    so
Security:       FreeBSD-SA-26:23.bsdinstall
Security:       CVE-2026-45255
Reported by:    Austin Ralls
Reviewed by:    dteske, des, asiciliano
Differential Revision:  https://reviews.freebsd.org/D56973
DeltaFile
+31-16usr.sbin/bsdinstall/scripts/wlanconfig
+31-161 files

OPNSense/src 9bb455flib/libcasper/libcasper service.c libcasper_service.c, lib/libcasper/tests cap_main_test.c Makefile

libcasper: switch from select(2) to poll(2)

The previous implementation used FD_SET() on a stack-allocated fd_set,
which is an out-of-bounds write whenever the socket fd is >= FD_SETSIZE
(1024).

poll(2) takes an array indexed by slot rather than by fd value, so it
has no FD_SETSIZE limit.

Approved by:    so
Security:       FreeBSD-SA-26:22.libcasper
Security:       CVE-2026-39461
Reported by:    Joshua Rogers
Reviewed by:    markj
Differential Revision:  https://reviews.freebsd.org/D56695
DeltaFile
+105-83lib/libcasper/libcasper/service.c
+142-0lib/libcasper/tests/cap_main_test.c
+4-53lib/libcasper/libcasper/libcasper_service.c
+10-2lib/libcasper/tests/Makefile
+2-4lib/libcasper/libcasper/libcasper_impl.h
+263-1425 files

OPNSense/src ed2557csys/kern kern_sig.c, tests/sys/kern ptrace_test.c

ptrace: Fix validation of PT_SC_REMOTE arguments

- Fix an off-by-one in the system call number check.  A value of
  SYS_MAXSYSCALL was permitted.
- Validate the system call number after we've dealt with
  syscall(2)/__syscall(2), since they pass the syscall number as an
  argument.
- When the syscall number is for syscall(2) or __syscall(2), we must
  make sure that nargs > 0 to avoid an underflow when shifting arguments
  down.

Add regression tests.

Approved by:    so
Security:       FreeBSD-SA-26:21.ptrace
Security:       CVE-2026-45253
Fixes:          140ceb5d956b ("ptrace(2): add PT_SC_REMOTE remote syscall request")
Reported by:    Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li, and Ke Xu from Tsinghua University using GLM-5.1 from Z.ai
Reviewed by:    kib, emaste
Differential Revision:  https://reviews.freebsd.org/D56978
DeltaFile
+67-21tests/sys/kern/ptrace_test.c
+10-7sys/kern/kern_sig.c
+77-282 files

OPNSense/src 77b65f9sys/fs/fuse fuse_vnops.c fuse_ipc.h, tests/sys/fs/fusefs xattr.cc

fusefs: Handle buggy servers' LISTXATTR response

The fuse protocol requires server to respond to LISTXATTR with a
NUL-terminated string.  If they don't, report an error rather than
attempt to scan through uninitialized memory for a NUL.

Approved by:    so
Security:       FreeBSD-SA-26:20.fusefs
Security:       CVE-2026-45252
admbugs:        1039
Reported by:    Joshua Rogers
Sponsored by:   ConnectWise
DeltaFile
+73-0tests/sys/fs/fusefs/xattr.cc
+11-6sys/fs/fuse/fuse_vnops.c
+1-0sys/fs/fuse/fuse_ipc.h
+85-63 files

OPNSense/src 06e5f25sys/dev/netmap netmap_freebsd.c

netmap: Drain selinfo sleepers in nm_os_selinfo_uninit()

Approved by:    so
Security:       FreeBSD-SA-26:19.file
Security:       CVE-2026-45251
DeltaFile
+1-0sys/dev/netmap/netmap_freebsd.c
+1-01 files

OPNSense/src c121cc6sys/kern sys_procdesc.c, sys/sys procdesc.h

procdesc: Make sure to drain selinfo sleepers in procdesc_free()

Otherwise they are left on a freed list after procdesc_free() is called.
This can be exploited to elevate privileges.

Remove the PDF_SELECTED micro-optimization.  doselwakeup() is a no-op if
no one ever called selrecord() on the file description, so I see no
reason to complicate the code to avoid the call.

Add some regression tests.

Approved by:    so
Security:       FreeBSD-SA-26:19.file
Security:       CVE-2026-45251
Reported by:    75Acol, Lexpl0it, fcgboy, and robinzeng2015
Reviewed by:    kib, oshogbo
Fixes:          cfb5f7686588 ("Add experimental support for process descriptors")
Differential Revision:  https://reviews.freebsd.org/D56887
DeltaFile
+128-0tests/sys/kern/procdesc.c
+3-7sys/kern/sys_procdesc.c
+2-0tests/sys/kern/Makefile
+0-1sys/sys/procdesc.h
+133-84 files

OPNSense/src dbcb565sys/kern kern_prot.c

setcred: Fix buffer overflow

Since groups is a pointer to a pointer to an array of gid_t, we should
use sizeof(**groups) or sizeof(gid_t) when calculating how much to
allocate and copy in.  We were using sizeof(*groups) instead, which
meant that on 64-bit platforms, we would allocate and copy in twice as
much as we should.  Unfortunately, in the smallgroups case, we copy
into a preallocated buffer which has the correct size, which means that
if sc_supp_groups_nb >= CRED_SMALLGROUPS_NB / 2, we overflow smallgroups.

This is a direct commit to stable/14.

Approved by:    so
Security:       FreeBSD-SA-26:18.setcred
Reported by:    Ryan of Calif.io
Fixes:          ddb3eb4efe55 ("New setcred() system call and associated MAC hooks")
DeltaFile
+2-2sys/kern/kern_prot.c
+2-21 files

OPNSense/src 19387ebusr.sbin/freebsd-update freebsd-update.sh

freebsd-update: Skip /etc/ssl/cert.pem

We already run `certctl rehash` at the end, there is no point in asking
users upgrading from 15.0 to 15.1 to manually merge the trust store.

Approved by:    so
Security:       FreeBSD-EN-26:13.freebsd-update
MFC after:      3 days
Reviewed by:    cperciva
Differential Revision:  https://reviews.freebsd.org/D57028

(cherry picked from commit 2509ddee9bdb2240ba2f622e3a55a98ebc2aa4ae)
(cherry picked from commit 7d9c1d3895b307085131f922d7e46a4812f04675)
DeltaFile
+1-1usr.sbin/freebsd-update/freebsd-update.sh
+1-11 files

OPNSense/src c15566c. UPDATING, sys/conf newvers.sh

Add UPDATING entries and bump version

Approved by:    so
DeltaFile
+5-0UPDATING
+1-1sys/conf/newvers.sh
+6-12 files

OPNSense/src 1ca7f34sbin/dhclient dhclient.c

dhclient: Improve server and filename validation

* Don't iterate over each string three times; once is enough.

* Reject control characters (anything below space) in addition to the
  double quote and backslash.

* If an unsafe character is encountered, discard the string instead of
  rejecting the entire lease.

* If backslashes are encountered in the file name option, convert them
  to forward slashes instead of rejecting the option.

* Tweak the warning messages a bit.  Looking through the rest of the
  code, it seems to me that notes generally end with a period while
  warnings generally don't.

Approved by:    so
Security:       FreeBSD-EN-26:11.dhclient

    [8 lines not shown]
DeltaFile
+54-21sbin/dhclient/dhclient.c
+54-211 files

OpenBSD/ports 7RlCD53x11/motif Makefile, x11/motif/patches patch-lib_Xm_EditresCom_c

   motif: switch from unsigned long * to CARD64 * to prepare for llvm22

   matthieu agrees with the approach
VersionDeltaFile
1.1+12-0x11/motif/patches/patch-lib_Xm_EditresCom_c
1.13+1-1x11/motif/Makefile
+13-12 files

FreeBSD/ports 260cd75devel/jetbrains-clion pkg-plist distinfo

devel/jetbrains-clion: update to 2026.1.1

Approved by:    maintainer timeout
DeltaFile
+6,112-3,030devel/jetbrains-clion/pkg-plist
+3-3devel/jetbrains-clion/distinfo
+1-1devel/jetbrains-clion/Makefile
+6,116-3,0343 files

FreeBSD/ports 76344f3databases/jetbrains-datagrip pkg-plist Makefile

databases/jetbrains-datagrip: Update to 2026.1.3
DeltaFile
+1,209-448databases/jetbrains-datagrip/pkg-plist
+45-33databases/jetbrains-datagrip/Makefile
+3-3databases/jetbrains-datagrip/distinfo
+1,257-4843 files

OpenBSD/ports yuZ3T79graphics/GraphicsMagick Makefile distinfo, graphics/GraphicsMagick/patches patch-configure

   Update to GraphicsMagick 1.3.47 to fix build with llvm22, ok Brad

   http://www.graphicsmagick.org/NEWS.html#may-13-2026
VersionDeltaFile
1.79+4-5graphics/GraphicsMagick/Makefile
1.37+2-2graphics/GraphicsMagick/distinfo
1.26+2-2graphics/GraphicsMagick/patches/patch-configure
1.32+3-0graphics/GraphicsMagick/pkg/PLIST
+11-94 files

NetBSD/pkgsrc 79yxaePdoc CHANGES-2026

   Updated textproc/utf8-cpp, misc/py-trove-classifiers
VersionDeltaFile
1.3164+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc 9LaTzQemisc/py-trove-classifiers distinfo Makefile

   py-trove-classifiers: updated to 2026.5.20.19

   2026.5.20.19
   Add classifier for Django 6.1
VersionDeltaFile
1.48+4-4misc/py-trove-classifiers/distinfo
1.50+2-2misc/py-trove-classifiers/Makefile
+6-62 files

NetBSD/pkgsrc E5zEHtPtextproc/utf8-cpp distinfo Makefile

   utf8-cpp: updated to 4.1.1

   4.1.1
   Fix for 141, introduced in 4.1.0
VersionDeltaFile
1.19+4-4textproc/utf8-cpp/distinfo
1.18+2-2textproc/utf8-cpp/Makefile
+6-62 files

LLVM/project 1df5015llvm/lib/Target/ARM ARMLoadStoreOptimizer.cpp, llvm/test/CodeGen/ARM pr196779.ll

[ARM] Copy all flags when creating LDM (#197898)

This just adds the Operand instead of trying to handle flags
individually, similar to the AArch64LoadStoreOptimizer.

Fixes #196779
DeltaFile
+96-0llvm/test/CodeGen/ARM/pr196779.ll
+14-12llvm/lib/Target/ARM/ARMLoadStoreOptimizer.cpp
+110-122 files

NetBSD/src y0tR3OFsys/dev/scsipi atapi_wdc.c

   s/SET_FEATYRE/SET_FEATURES/ in comment.
VersionDeltaFile
1.142+3-3sys/dev/scsipi/atapi_wdc.c
+3-31 files

NetBSD/pkgsrc dKMnLgzlang/ruby40/patches patch-.bundle_gems_rdoc-7.0.3_lib_rdoc_encoding.rb

   lang/ruby40: remove a unused patch file
VersionDeltaFile
1.2+1-1lang/ruby40/patches/patch-.bundle_gems_rdoc-7.0.3_lib_rdoc_encoding.rb
+1-11 files

LLVM/project 348bde9clang/include/clang/Parse Parser.h, clang/lib/Parse ParseExprCXX.cpp ParseOpenACC.cpp

fix name diverge from main
DeltaFile
+5-5clang/lib/Parse/ParseExprCXX.cpp
+4-6clang/include/clang/Parse/Parser.h
+3-3clang/lib/Parse/ParseOpenACC.cpp
+12-143 files

LLVM/project 1229385compiler-rt/lib/builtins/cpu_model cpu_model.h AArch64CPUFeatures.inc, llvm/include/llvm/TargetParser AArch64CPUFeatures.inc

[compiler-rt][builtins] A few fixes cpu_model files (#198957)

- Fix typo in include guard with the word features
- Correct header in cpu_model.h header file and include guard after
  the file has been renamed
DeltaFile
+3-3compiler-rt/lib/builtins/cpu_model/cpu_model.h
+2-2llvm/include/llvm/TargetParser/AArch64CPUFeatures.inc
+2-2compiler-rt/lib/builtins/cpu_model/AArch64CPUFeatures.inc
+7-73 files

LLVM/project 15f3cf2llvm/lib/Support UnicodeNameToCodepointGenerated.cpp, llvm/test/CodeGen/AMDGPU llvm.amdgcn.av.load.b128.ll

Merge branch 'main' into users/bassiounix/clang/c2y/if-decl
DeltaFile
+23,873-20,923llvm/lib/Support/UnicodeNameToCodepointGenerated.cpp
+8,633-8,584llvm/test/CodeGen/Thumb2/mve-clmul.ll
+12,365-0llvm/test/CodeGen/AMDGPU/llvm.amdgcn.av.load.b128.ll
+1,243-8,768llvm/test/CodeGen/X86/vector-replicaton-i1-mask.ll
+3,436-2,769llvm/test/CodeGen/AMDGPU/GlobalISel/sdivrem.ll
+2,801-2,109llvm/test/CodeGen/AMDGPU/GlobalISel/udivrem.ll
+52,351-43,1534,181 files not shown
+282,730-143,1564,187 files

LLVM/project b59adaaclang/test/C/C2y n3267.c

add more positive tests
DeltaFile
+7-0clang/test/C/C2y/n3267.c
+7-01 files