security/dogtag-pki: Fix PKI version file path
Read share/pki/VERSION from LOCALBASE instead of the Linux
/usr/share/pki path.
Sponsored by: Netzkommune GmbH
[AArch64] Fix miscompilation due to integer overflow in immediate offset for stack store/load instructions with preserve_all (#207026)
Fix AArch64 framelowering bug exposed by a preserve_all function that
spills 30+ callee-saved registers: paired stp/ldp offsets overflows the
signed 7-bit immediate, fixed by spilling those registers as single
str/ldr instead.
AI Usage Disclosure
AI was used to help the:
- investigation process
- suggestion of solution
- suggestion of comment wordings
Fixes #204564
[analyzer] Fix invalid HTML nesting for popups at end of line (#207793)
The static analyzer's HTML reports contain misnested tags whenever a
variable with a `variable_popup` is the last token on a source line.
`AddLineNumber` inserts the row-closing `</td></tr>` with `InsertTextBefore`, which
places it in front of text previously inserted at the same offset. As a result,
the popup's closing `</table></span>` tags and the arrow anchor `</span>`
tags end up outside the table row. HTML parsers (jsoup, pup) and validators
reject the file from that point on.
Before:
<span class='variable'>b</td></tr><table
class='variable_popup'>...</table></span></span></span>
<img width="786" height="414" alt="image"
src="https://github.com/user-attachments/assets/023461ad-73e4-424e-a4fb-42faf7a945f0"
/>
[28 lines not shown]
[analyzer] Prevent inlining RAII ctors/dtors (#208729)
BlockInCriticalSectionChecker registers the pre-call for the RAII ctors
and Dtors - and also the raw 'lock' and 'unlock' handlers.
However, pre-call does not prevent inlining. This means that (in the
likely case of) that the body is present, the analyzer will model the
effect of the lock twice. This happens on libc++ unique_lock.
We really should have eval-called the ctor/dtor to avoid the inlining of
those, but here we are.
rdar://175814310
net/nfstrace: Fix build with json-c 0.19
json-c 0.19 added static inline accessors to <json-c/linkhash.h>,
which trigger -Wunused-function when building the bundled JSON
analyzer with -Werror.
Suppress the warning by adding -Wno-unused-function to CFLAGS.
Reported by: olgeni
Differential Revision: https://reviews.freebsd.org/D58135