FreeNAS/freenas e9bbcffsrc/middlewared/middlewared/plugins/directoryservices_ secrets.py, src/middlewared/middlewared/plugins/smb_ groupmap.py

Use domain sid from secrets.tdb for groupmap construction

This commit transitions from using runtime detection of domain
SID via winbindd requests to reading the stored domain SID
from the secrets.tdb file. During reboot and failover process
there was a window in which an unhealthy AD join could cause
a failure to resolve the domain admins SID and subsequently
trigger it to be removed from the group_mapping.tdb. This
change robustizes the groupmap setup by not requiring a
healthy AD state.

(cherry picked from commit e6fbe76f3b325db606f3eea68a5fa53a433f3f49)
DeltaFile
+63-0tests/directory_services/test_activedirectory_groupmap.py
+59-0src/middlewared/middlewared/pytest/unit/utils/test_sid.py
+35-0src/middlewared/middlewared/utils/sid.py
+4-11src/middlewared/middlewared/plugins/smb_/groupmap.py
+12-0src/middlewared/middlewared/plugins/directoryservices_/secrets.py
+173-115 files

FreeNAS/freenas ea634fasrc/middlewared/middlewared/plugins/directoryservices_ secrets.py, src/middlewared/middlewared/plugins/smb_ groupmap.py

NAS-140647 / 27.0.0-BETA.1 / Use domain sid from secrets.tdb for groupmap construction (#18719)

This commit transitions from using runtime detection of domain SID via
winbindd requests to reading the stored domain SID from the secrets.tdb
file. During reboot and failover process there was a window in which an
unhealthy AD join could cause a failure to resolve the domain admins SID
and subsequently trigger it to be removed from the group_mapping.tdb.
This change robustizes the groupmap setup by not requiring a healthy AD
state.
DeltaFile
+63-0tests/directory_services/test_activedirectory_groupmap.py
+59-0src/middlewared/middlewared/pytest/unit/utils/test_sid.py
+35-0src/middlewared/middlewared/utils/sid.py
+4-11src/middlewared/middlewared/plugins/smb_/groupmap.py
+12-0src/middlewared/middlewared/plugins/directoryservices_/secrets.py
+173-115 files

FreeBSD/src 51a80besecure/lib/libcrypto/man/man3 X509V3_EXT_print.3 Makefile

crypto/openssl: add new manpage from release 3.5.6

MFC after:      1 day (the security issues warrant a quick backport).
MFC with:       10a428653ee7216475f1ddce3fb4cbf1200319f8

(cherry picked from commit 9f7080ba6bcf18d013ae3b91dc9d92cfa731a8c0)
DeltaFile
+108-0secure/lib/libcrypto/man/man3/X509V3_EXT_print.3
+2-0secure/lib/libcrypto/man/man3/Makefile
+110-02 files

FreeBSD/src e2fcde7crypto/openssl CHANGES.md NEWS.md, crypto/openssl/doc/man1 openssl-ciphers.pod.in

MFV: crypto/openssl: update to 3.5.6

This change brings in version 3.5.6 of OpenSSL, which features
several security fixes (the highest of which is a MEDIUM severity
issue), as well as some miscellaneous feature updates.

Please see the release notes [1] for more details.

PS Apologies for the confusing merge commits -- I was testing out a
new automated update process and failed to catch the commit message
issues until after I pushed the change.

1. https://github.com/openssl/openssl/blob/openssl-3.5.6/NEWS.md

MFC after:      1 day (the security issues warrant a quick backport).
Merge commit 'ab5fc4ac933ff67bc800e774dffce15e2a541e90'

(cherry picked from commit 10a428653ee7216475f1ddce3fb4cbf1200319f8)
DeltaFile
+438-329crypto/openssl/doc/man1/openssl-ciphers.pod.in
+363-212crypto/openssl/CHANGES.md
+232-195crypto/openssl/NEWS.md
+152-213crypto/openssl/util/platform_symbols/windows-symbols.txt
+84-35crypto/openssl/doc/man3/SSL_CTX_set1_curves.pod
+109-1crypto/openssl/test/evp_extra_test.c
+1,378-985250 files not shown
+3,695-2,017256 files

FreeBSD/src 293c738secure/lib/libcrypto/man/man3 SSL_CTX_set1_curves.3 SSL_CONF_cmd.3, secure/lib/libcrypto/man/man7 property.7

crypto/openssl: update artifacts to match 3.5.6 release artifacts

A new manpage and any associated links will be added in the next commit.

MFC after:      1 day (the security issues warrant a quick backport).
MFC with:       10a428653ee7216475f1ddce3fb4cbf1200319f8

(cherry picked from commit 5254e16213ff1bb136ef24e0b0fe30625ac53563)
DeltaFile
+442-346secure/usr.bin/openssl/man/openssl-ciphers.1
+85-36secure/lib/libcrypto/man/man3/SSL_CTX_set1_curves.3
+56-48sys/crypto/openssl/aarch64/vpsm4_ex-armv8.S
+27-2secure/lib/libcrypto/man/man7/property.7
+9-11secure/lib/libcrypto/man/man3/SSL_CONF_cmd.3
+12-3secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3
+631-446903 files not shown
+1,654-1,424909 files

LLVM/project af209b6llvm/lib/Target/RISCV RISCVISelLowering.cpp, llvm/test/CodeGen/RISCV/rvv fixed-vectors-fp2i.ll fixed-vectors-i2fp.ll

[RISCV] Split LMUL=8 f16 fixed vector (s/u)ittofp/fpto(s/u)i before promoting. (#191568)

The conversion needs to be done by promoting to f32. If we're already at
LMUL=8, we need to split before we can promote.
DeltaFile
+118-0llvm/test/CodeGen/RISCV/rvv/fixed-vectors-fp2i.ll
+118-0llvm/test/CodeGen/RISCV/rvv/fixed-vectors-i2fp.ll
+6-6llvm/lib/Target/RISCV/RISCVISelLowering.cpp
+242-63 files

LLVM/project 4b2c155libcxx/docs/Status Cxx2cIssues.csv

[libc++][ranges][NFC] Mark LWG3947 as implemented (#191642)

Implemented in
https://github.com/llvm/llvm-project/commit/fc4661aa11a0e974f842e83346ff44609284a4ae
DeltaFile
+1-1libcxx/docs/Status/Cxx2cIssues.csv
+1-11 files

OpenBSD/ports MMTEXZAdevel/tbb/patches patch-cmake_compilers_GNU_cmake

   First step to fixing build on sparc64 from Brad Smith
VersionDeltaFile
1.3+14-1devel/tbb/patches/patch-cmake_compilers_GNU_cmake
+14-11 files

FreeBSD/src fcec95bsys/fs/nfsserver nfs_nfsdserv.c

nfs_nfsdsocket.c: Allow Copy/Clone from a read-only fs

For some server file system types, such as ZFS, a Copy/Clone
operation can be done across file systems of the same file
system type.

However, without this patch, the Copy/Clone will fail with
EROFS if the input file is on a read-only mounted file system.
This happens because Copy/Clone will try to do a VOP_SETATTR()
of atime to set the atime.

This patch pretends the VOP_SETATTR() of atime worked for
read-only file systems.  It fixes a problem when copying
files from a ZFS snapshot.

PR:     294010

(cherry picked from commit b5815ee99a015c6ac118d7e9646d0c95b72e9f2d)
DeltaFile
+22-3sys/fs/nfsserver/nfs_nfsdserv.c
+22-31 files

FreeBSD/src 2a97b49sys/fs/nfs nfs_var.h, sys/fs/nfsclient nfs_clport.c nfs_clstate.c

nfs_diskless: Add support for an NFSv4 root fs

Without this patch, diskless root NFS file systems
could only be mounted via NFSv3 (or NFSv2).
This patch adds the basic support needed to mount
a root fs via NFSv4.

At this time, the NFSv4 mount will only work if
the following is done on the NFS server configuration:
- The root directory specified in the "V4:" line in
  /etc/exports must be "/".  This is needed since the
  path to mount must be the same for NFSv3 and NFSv4.
- The NFS server must be configured to do both NFSv3
  and NFSv4, since the bootstrap code still uses NFSv3.
- The NFSv4 server must be configured with:
  vfs.nfs.enable_uidtostring=1
  vfs.nfsd.enable_stringtouid=1
  since the NFSv4 root fs cannot be running nfsuserd(8)
  when it is booting.  (This limitation may be removed

    [13 lines not shown]
DeltaFile
+25-12sys/nfs/nfs_diskless.c
+31-0sys/fs/nfsclient/nfs_clport.c
+15-2sys/fs/nfsclient/nfs_clstate.c
+5-2sys/fs/nfsclient/nfs_clvfsops.c
+2-1sys/fs/nfsclient/nfs_clrpcops.c
+1-0sys/fs/nfs/nfs_var.h
+79-176 files

FreeBSD/src 4beef6asys/fs/nfsserver nfs_nfsdserv.c

nfs_nfsdsocket.c: Allow Copy/Clone from a read-only fs

For some server file system types, such as ZFS, a Copy/Clone
operation can be done across file systems of the same file
system type.

However, without this patch, the Copy/Clone will fail with
EROFS if the input file is on a read-only mounted file system.
This happens because Copy/Clone will try to do a VOP_SETATTR()
of atime to set the atime.

This patch pretends the VOP_SETATTR() of atime worked for
read-only file systems.  It fixes a problem when copying
files from a ZFS snapshot.

PR:     294010

(cherry picked from commit b5815ee99a015c6ac118d7e9646d0c95b72e9f2d)
DeltaFile
+22-3sys/fs/nfsserver/nfs_nfsdserv.c
+22-31 files

LLVM/project 9ce0735clang-tools-extra/clang-doc Representation.cpp

Cleanup switch inconsistencies
DeltaFile
+35-27clang-tools-extra/clang-doc/Representation.cpp
+35-271 files

LLVM/project e3d7deeclang-tools-extra/clang-doc Representation.cpp Representation.h

Use copy constructor for ScopeChildren
DeltaFile
+26-29clang-tools-extra/clang-doc/Representation.cpp
+3-0clang-tools-extra/clang-doc/Representation.h
+29-292 files

Linux/linux f545904drivers/i2c/busses i2c-imx.c

Merge tag 'i2c-for-7.0-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux

Pull i2c fix from Wolfram Sang:

 - imx: set dma_slave_config to 0 and avoid uninitialized fields

* tag 'i2c-for-7.0-final' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
  i2c: imx: zero-initialize dma_slave_config for eDMA
DeltaFile
+1-1drivers/i2c/busses/i2c-imx.c
+1-11 files

HardenedBSD/src 0e7c5f5lib/msun/man fmaximum_num.3 fmaximum_mag.3, lib/msun/src s_fminimum_num.c s_fmaximum_num.c

Merge remote-tracking branch 'origin/hardened/current/master' into hardened/current/cross-dso-cfi
DeltaFile
+154-24usr.sbin/nfsd/nfsv4.4
+113-0lib/msun/man/fmaximum_num.3
+102-0lib/msun/man/fmaximum_mag.3
+76-2lib/msun/tests/fmaximum_fminimum_test.c
+76-0lib/msun/src/s_fminimum_num.c
+74-0lib/msun/src/s_fmaximum_num.c
+595-2625 files not shown
+1,359-10031 files

HardenedBSD/src f8f7261lib/msun/man fmaximum_num.3 fmaximum_mag.3, lib/msun/src s_fminimum_num.c s_fminimum_mag.c

Merge branch 'freebsd/current/main' into hardened/current/master
DeltaFile
+154-24usr.sbin/nfsd/nfsv4.4
+113-0lib/msun/man/fmaximum_num.3
+102-0lib/msun/man/fmaximum_mag.3
+76-2lib/msun/tests/fmaximum_fminimum_test.c
+76-0lib/msun/src/s_fminimum_num.c
+74-0lib/msun/src/s_fminimum_mag.c
+595-2625 files not shown
+1,359-10031 files

HardenedBSD/src 3475b12tests/sys/fs/fusefs read.cc

Merge branch 'freebsd/15-stable/main' into hardened/15-stable/main
DeltaFile
+5-5tests/sys/fs/fusefs/read.cc
+5-51 files

HardenedBSD/ports f67d3a4audio/songrec distinfo Makefile, devel/gitoxide distinfo

Merge branch 'freebsd/main' into hardenedbsd/main
DeltaFile
+867-597lang/rustpython/distinfo
+607-479audio/songrec/distinfo
+433-301lang/rustpython/Makefile
+308-246audio/songrec/Makefile
+249-217devel/gitoxide/distinfo
+165-163devel/snazy/distinfo
+2,629-2,003124 files not shown
+3,830-3,149130 files

LLVM/project 5347264lldb/source/Host/windows/PythonPathSetup PythonPathSetup.cpp, lldb/tools/lldb-dap RunInTerminal.cpp

[LLDB] Silence warnings when building on Windows (#191566)

Fixes a few warnings found while building the LLVM installer with
`llvm/utils/release/build_llvm_release.bat --x64 --version 23.0.0
--skip-checkout --local-python`.
DeltaFile
+4-1lldb/source/Host/windows/PythonPathSetup/PythonPathSetup.cpp
+1-1lldb/tools/lldb-dap/RunInTerminal.cpp
+1-0lldb/unittests/Platform/TestUtils.cpp
+6-23 files

LLVM/project 4fb5b78clang/cmake/caches Fuchsia-stage2.cmake

[CMake] Enable static libxml2 for Fuchsia toolchain (#191657)

We prefer statically linking all library dependencies.
DeltaFile
+2-0clang/cmake/caches/Fuchsia-stage2.cmake
+2-01 files

NetBSD/pkgsrc-wip 55dd1dcgurk distinfo cargo-depends.mk, gurk-rs distinfo cargo-depends.mk

gurk-rs: renamed from gurk to match upstream name

Some progress, still needs more overrides
DeltaFile
+2,011-0gurk-rs/distinfo
+0-1,734gurk/distinfo
+676-0gurk-rs/cargo-depends.mk
+0-584gurk/cargo-depends.mk
+49-0gurk-rs/Makefile
+0-37gurk/Makefile
+2,736-2,35513 files not shown
+2,847-2,39519 files

LLVM/project 88a8794clang-tools-extra/clang-doc Representation.cpp Representation.h

[clang-doc] Avoid merging into default Info types

When merging into arenas, the code assumed that all using a default
constructed info would be safe, since in the merge we replace any
differing data. However, that appears to be a risky assumption, due
to default initialized members participating in comparisons, and
other operations, leading the program to read garbage data in some
cases. Earlier patches added default initializers to these fields,
but we should prefer (which the old code used to do) to just start
with properly initialized and complete data from the start.

This patch updates the remaining Info types to have copy constructors
that support choosing the arena to allocate into. This is already the
strategy used in several places to avoid use after free bugs. Since
the handling is now uniform, we can simplify things a bit at the same
time and extract the cloning operation into a helper, making the logic
very clear.

This should avoid any potential pitfalls or missed cases that resulted
in the errors discover after landing #190054.
DeltaFile
+87-29clang-tools-extra/clang-doc/Representation.cpp
+6-0clang-tools-extra/clang-doc/Representation.h
+93-292 files

LLVM/project 49f8ad1clang-tools-extra/clang-doc Representation.cpp Representation.h, clang-tools-extra/clang-doc/tool ClangDocMain.cpp

Revert clang-doc arena merging patches

This is a set of squashed reverts of recen clang doc patches, since its
breaking something on Darwin builders:
https://lab.llvm.org/buildbot/#/builders/23/builds/19172

Revert "[clang-doc][nfc] Default initialize all StringRef members (#191641)"

This reverts commit 155b9b354c1d91661be9f6d0432a96e47cfc2700.

Revert "[clang-doc] Initialize StringRef members in Info types (#191637)"

This reverts commit 489dab3827b255d21ea38b1e3f45ddb08bd10a87.

Revert "[clang-doc] Initialize member variable (#191570)"

This reverts commit 5d64a44a84af31f9e99d42cccffa4f01c0be2e0b.

Revert "[clang-doc] Merge data into persistent memory (#190056)"

    [6 lines not shown]
DeltaFile
+29-272clang-tools-extra/clang-doc/Representation.cpp
+23-60clang-tools-extra/clang-doc/Representation.h
+25-25clang-tools-extra/clang-doc/tool/ClangDocMain.cpp
+77-3573 files

LLVM/project 36f5db2clang-tools-extra/clang-doc Representation.cpp

fix formatting
DeltaFile
+21-13clang-tools-extra/clang-doc/Representation.cpp
+21-131 files

HardenedBSD/ports ec01825textproc/diff-so-fancy distinfo Makefile

textproc/diff-so-fancy: Update 1.4.8 => 1.4.10

Approved by:            db@, yuri@ (Mentors, implicit)
DeltaFile
+3-3textproc/diff-so-fancy/distinfo
+1-1textproc/diff-so-fancy/Makefile
+4-42 files

FreeBSD/ports ec01825textproc/diff-so-fancy distinfo Makefile

textproc/diff-so-fancy: Update 1.4.8 => 1.4.10

Approved by:            db@, yuri@ (Mentors, implicit)
DeltaFile
+3-3textproc/diff-so-fancy/distinfo
+1-1textproc/diff-so-fancy/Makefile
+4-42 files

NetBSD/pkgsrc 9ktBWmEnews/trn distinfo Makefile, news/trn/patches patch-ac patch-term.h

   make this build again
VersionDeltaFile
1.10+48-21news/trn/patches/patch-ac
1.1+14-0news/trn/patches/patch-term.h
1.19+3-2news/trn/distinfo
1.55+3-1news/trn/Makefile
+68-244 files

LLVM/project 5348f7bllvm/lib/Analysis LoopPass.cpp

formatting

Created using spr 1.3.7
DeltaFile
+1-2llvm/lib/Analysis/LoopPass.cpp
+1-21 files

LLVM/project ff32c0aclang/lib/CodeGen BackendUtil.cpp, llvm/test/CodeGen/AArch64 ragreedy-csr.ll

[𝘀𝗽𝗿] changes to main this commit is based on

Created using spr 1.3.7

[skip ci]
DeltaFile
+257-94llvm/test/Transforms/LoopStrengthReduce/X86/bin_power.ll
+111-116llvm/test/CodeGen/AArch64/ragreedy-csr.ll
+70-37llvm/test/Transforms/LoopStrengthReduce/X86/normalization-during-scev-expansion.ll
+34-37llvm/test/CodeGen/X86/lsr-addrecloops.ll
+34-22llvm/test/Transforms/LoopStrengthReduce/X86/postinc-iv-used-by-urem-and-udiv.ll
+54-1clang/lib/CodeGen/BackendUtil.cpp
+560-30741 files not shown
+784-43047 files

LLVM/project ee6829dclang/lib/CodeGen BackendUtil.cpp, llvm/test/CodeGen/AArch64 ragreedy-csr.ll

[𝘀𝗽𝗿] initial version

Created using spr 1.3.7
DeltaFile
+257-94llvm/test/Transforms/LoopStrengthReduce/X86/bin_power.ll
+111-116llvm/test/CodeGen/AArch64/ragreedy-csr.ll
+70-37llvm/test/Transforms/LoopStrengthReduce/X86/normalization-during-scev-expansion.ll
+34-37llvm/test/CodeGen/X86/lsr-addrecloops.ll
+34-22llvm/test/Transforms/LoopStrengthReduce/X86/postinc-iv-used-by-urem-and-udiv.ll
+54-1clang/lib/CodeGen/BackendUtil.cpp
+560-30742 files not shown
+787-43648 files