FreeBSD/ports ae6d80dsecurity/vuxml/vuln 2026.xml

security/vuxml: Add png vulnerability

 * CVE-2026-25646
DeltaFile
+37-0security/vuxml/vuln/2026.xml
+37-01 files

Illumos/gate 5c277abusr/src/lib/pkcs11/pkcs11_softtoken/common softAESCrypt.c softEncryptUtil.c, usr/src/test/crypto-tests/tests/common cryptotest_pkcs.c cryptotest_kcf.c

17840 Add AES_GMAC Sign Verify support to PKCS#11
Reviewed by: Robert Mustacchi <rm+illumos at fingolfin.org>
Reviewed by: Dan McDonald <danmcd at edgecast.io>
Approved by: Patrick Mooney <pmooney at pfmooney.com>
DeltaFile
+88-17usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c
+61-28usr/src/test/crypto-tests/tests/modes/aes/gmac/aes_gmac_enc.c
+50-23usr/src/test/crypto-tests/tests/modes/aes/gmac/aes_gmac.c
+29-0usr/src/test/crypto-tests/tests/common/cryptotest_pkcs.c
+29-0usr/src/test/crypto-tests/tests/common/cryptotest_kcf.c
+11-6usr/src/lib/pkcs11/pkcs11_softtoken/common/softEncryptUtil.c
+268-7412 files not shown
+325-8418 files

Illumos/gate f51469cusr/src/common/crypto/modes gcm.c, usr/src/test/crypto-tests/tests/modes/aes/gmac aes_gmac.h nist-gmac-rsp2h.py

17709 aes: support GMAC input through standard mac interfaces
Reviewed by: Robert Mustacchi <rm+illumos at fingolfin.org>
Reviewed by: Dan McDonald <danmcd at edgecast.io>
Approved by: Patrick Mooney <pmooney at pfmooney.com>
DeltaFile
+1,908-0usr/src/test/crypto-tests/tests/modes/aes/gmac/aes_gmac.h
+243-68usr/src/common/crypto/modes/gcm.c
+221-0usr/src/test/crypto-tests/tests/modes/aes/gmac/nist-gmac-rsp2h.py
+153-0usr/src/test/crypto-tests/tests/modes/aes/gmac/aes_gmac_enc.c
+132-0usr/src/test/crypto-tests/tests/modes/aes/gmac/aes_gmac.c
+40-89usr/src/uts/common/crypto/io/aes.c
+2,697-15713 files not shown
+2,824-18519 files

LLVM/project 926abb3clang/lib/Analysis/LifetimeSafety FactsGenerator.cpp LiveOrigins.cpp, clang/test/Sema warn-lifetime-safety.cpp warn-lifetime-analysis-nocfg.cpp

UseFacts to consider only LValueToRValue and function calls
DeltaFile
+76-74clang/test/Sema/warn-lifetime-safety.cpp
+7-6clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
+9-3clang/lib/Analysis/LifetimeSafety/LiveOrigins.cpp
+1-1clang/test/Sema/warn-lifetime-analysis-nocfg.cpp
+93-844 files

LLVM/project 2419b5fclang/include/clang/Analysis/Analyses/LifetimeSafety FactsGenerator.h, clang/lib/Analysis/LifetimeSafety FactsGenerator.cpp

Improve liveness to detect more invaldiations
DeltaFile
+16-13clang/lib/Analysis/LifetimeSafety/FactsGenerator.cpp
+17-3clang/test/Sema/warn-lifetime-safety-invalidations.cpp
+4-4clang/include/clang/Analysis/Analyses/LifetimeSafety/FactsGenerator.h
+1-0clang/test/Sema/Inputs/lifetime-analysis.h
+38-204 files

OPNSense/plugins de4c98esecurity/q-feeds-connector pkg-descr, security/q-feeds-connector/src/opnsense/mvc/app/controllers/OPNsense/QFeeds/forms settings.xml

Security: Q-Feeds Connect - add new options as available in integrated blocklists (#5226)

* Security: Q-Feeds Connect - add new options as available in integrated blocklists, closes https://github.com/opnsense/plugins/issues/5197

This adds allowlists (regex patterns), source_nets Q-Feeds applies on, address to return and optional NXDOMAIN responses.

Please note this version is only compatible with current community versions, business edition installs will have to wait for 26.4.

* Security: Q-Feeds Connect - update version and changelog
DeltaFile
+44-6security/q-feeds-connector/src/opnsense/scripts/unbound/blocklists/qfeeds_bl.py
+38-0security/q-feeds-connector/src/opnsense/mvc/app/controllers/OPNsense/QFeeds/forms/settings.xml
+16-0security/q-feeds-connector/src/opnsense/mvc/app/models/OPNsense/QFeeds/Connector.xml
+8-0security/q-feeds-connector/pkg-descr
+7-0security/q-feeds-connector/src/opnsense/mvc/app/views/OPNsense/QFeeds/index.volt
+7-0security/q-feeds-connector/src/opnsense/service/templates/OPNsense/QFeeds/qfeeds-blocklists.conf
+120-61 files not shown
+121-87 files

LLVM/project 083f00bmlir/include/mlir/IR BuiltinTypeInterfaces.td BuiltinAttributes.td, mlir/lib/AsmParser AttributeParser.cpp

Revert "[mlir][IR] Generalize `DenseElementsAttr` to custom element types" (#181692)

Reverts llvm/llvm-project#179122.

This PR broke the Windows build:
https://lab.llvm.org/buildbot/#/builders/207/builds/13576
DeltaFile
+1-124mlir/lib/AsmParser/AttributeParser.cpp
+92-25mlir/lib/IR/BuiltinAttributes.cpp
+0-87mlir/lib/IR/BuiltinTypes.cpp
+0-83mlir/test/IR/dense-elements-type-interface.mlir
+1-74mlir/include/mlir/IR/BuiltinTypeInterfaces.td
+13-32mlir/include/mlir/IR/BuiltinAttributes.td
+107-4258 files not shown
+119-57914 files

OPNSense/plugins 77f7055security/q-feeds-connector pkg-descr Makefile

Security: Q-Feeds Connect - update version and changelog
DeltaFile
+8-0security/q-feeds-connector/pkg-descr
+1-2security/q-feeds-connector/Makefile
+9-22 files

LLVM/project d789a23mlir/include/mlir/IR BuiltinTypeInterfaces.td BuiltinAttributes.td, mlir/lib/AsmParser AttributeParser.cpp

Revert "[mlir][IR] Generalize `DenseElementsAttr` to custom element types (#1…"

This reverts commit f13301084923ed131aaea7fbadb9307a76bb21f6.
DeltaFile
+1-124mlir/lib/AsmParser/AttributeParser.cpp
+92-25mlir/lib/IR/BuiltinAttributes.cpp
+0-87mlir/lib/IR/BuiltinTypes.cpp
+0-83mlir/test/IR/dense-elements-type-interface.mlir
+1-74mlir/include/mlir/IR/BuiltinTypeInterfaces.td
+13-32mlir/include/mlir/IR/BuiltinAttributes.td
+107-4258 files not shown
+119-57914 files

NetBSD/pkgsrc Q4tBDrcdoc CHANGES-2026

   Updated x11/py-qtgraph-qt5, devel/py-maturin
VersionDeltaFile
1.1161+3-1doc/CHANGES-2026
+3-11 files

LLVM/project 45d70cdllvm/include/llvm/Frontend/OpenMP OMP.h ConstructDecompositionT.h, llvm/lib/Frontend/OpenMP OMP.cpp

[flang][OpenMP] Make isPrivatizingClause version-sensitive

Some pre-existing clauses (e.g. use_device_ptr) are privatizing in
OpenMP 6.0, but not in 5.2. Make the check more accurate by considering
the effective spec version.
DeltaFile
+6-5llvm/include/llvm/Frontend/OpenMP/OMP.h
+1-1llvm/include/llvm/Frontend/OpenMP/ConstructDecompositionT.h
+1-1llvm/lib/Frontend/OpenMP/OMP.cpp
+8-73 files

NetBSD/pkgsrc CPVsi2ddevel/py-maturin distinfo Makefile

   py-maturin: updated to 1.12.2

   1.12.2

   * Fix: allow absolute paths for `--sbom-include`
VersionDeltaFile
1.49+4-4devel/py-maturin/distinfo
1.53+2-2devel/py-maturin/Makefile
+6-62 files

NetBSD/pkgsrc C9p3sKKdoc CHANGES-2026

   doc: Updated lang/janet to 1.41.1
VersionDeltaFile
1.1160+2-1doc/CHANGES-2026
+2-11 files

NetBSD/pkgsrc fvPqekBlang/janet distinfo PLIST

   janet: update to 1.41.1

   - Update file/write docstring
   - Improve messages on errors when loading the bundle script
   - Remove unused def
   - Disable MSVC runtime stack checks in janet_ffi_win64
   - shell: Prevent buggy moving zero column behavior
   - Update to macos-14 in ci
   - Apply :flycheck on def as well
   - Take 2: 9front port, using 9front's Native Porting/Posix Environment
   - Fix math/int-{max,min} docstrings
   - Fix unix sockets issue on FreeBSD
   - Use double-NULL
   - Update year in copyright disclaimer to 2026
   - Add omitted word "is" in docstrings
   - Document empty? more clearly.
   - Tweak some fiber-related docstrings
   - Document how to set local timezone for os/date and os/strftime.
   - Make peg-grammar available in all threads for peg/compile

    [2 lines not shown]
VersionDeltaFile
1.31+4-4lang/janet/distinfo
1.22+2-2lang/janet/PLIST
1.33+2-2lang/janet/Makefile
+8-83 files

NetBSD/pkgsrc yHNxqawx11/py-qtgraph-qt5 PLIST Makefile

   py-qtgraph-qt5: updated to 0.14.0

   0.14.0

   Highlights

   implement cuda OpenGL interops
   PColorMeshItem: implement opengl rendering
   Port PlotCurveItem experimental opengl codepath to shaders
   Remove MetaArray, MultiPlotItem and MultiPlotWidget
   Add Boxplot feature
   Unvendor very old colorama
   implement fill for connect="finite"
   Add legend double-click and legend sample click signals.
   pcmi: add support for OpenGL ES 3.0
   Bump min numpy to 1.25+
   Create FUNDING.yml

   API/Behavior Changes and Additions

    [148 lines not shown]
VersionDeltaFile
1.4+13-40x11/py-qtgraph-qt5/PLIST
1.22+8-4x11/py-qtgraph-qt5/Makefile
1.5+4-4x11/py-qtgraph-qt5/distinfo
+25-483 files

OpenBSD/ports lvLy66Zwayland/wf-recorder distinfo Makefile, wayland/wf-recorder/patches patch-src_main_cpp patch-src_frame-writer_cpp

   wayland/wf-recorder: update to 0.6.0

   see https://github.com/ammen99/wf-recorder/releases/tag/v0.6.0
VersionDeltaFile
1.2+0-28wayland/wf-recorder/patches/patch-src_main_cpp
1.2+4-0wayland/wf-recorder/pkg/PLIST
1.2+2-2wayland/wf-recorder/distinfo
1.4+1-1wayland/wf-recorder/Makefile
1.2+0-0wayland/wf-recorder/patches/patch-src_frame-writer_cpp
+7-315 files

OpenBSD/ports JysLx9Mdevel/visualvm Makefile, devel/visualvm/pkg PLIST

   devel/visualvm: remove deployed with precompiled rubbish

   noticed by ian@
VersionDeltaFile
1.5+0-45devel/visualvm/pkg/PLIST
1.6+2-0devel/visualvm/Makefile
+2-452 files

OpenBSD/ports Q2mjcJUsysutils Makefile

   +gemini-cli
VersionDeltaFile
1.774+1-0sysutils/Makefile
+1-01 files

FreeBSD/src f1f142clib/libsys open.2

open.2: grammar improvements

Submitted by:   matteo
Fixes:  5bcccc702b29a0e173a5916b001771dd7b280c7c
MFC after:      3 days
DeltaFile
+2-2lib/libsys/open.2
+2-21 files

OpenBSD/ports iV9JAGHsysutils/gemini-cli Makefile distinfo, sysutils/gemini-cli/pkg PLIST DESCR

   Initial revision
VersionDeltaFile
1.1+29,699-0sysutils/gemini-cli/pkg/PLIST
1.1+70-0sysutils/gemini-cli/Makefile
1.1+9-0sysutils/gemini-cli/pkg/DESCR
1.1+2-0sysutils/gemini-cli/distinfo
1.1.1.1+0-0sysutils/gemini-cli/Makefile
1.1.1.1+0-0sysutils/gemini-cli/distinfo
+29,780-02 files not shown
+29,780-08 files

OpenZFS/src 0f9564emodule/zfs dbuf.c

Simplify dnode_level_is_l2cacheable()

We should not dereference through dn_handle->dnh_dnode once we
already have a dnode pointer.  The result will be the same.

Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18212
DeltaFile
+1-2module/zfs/dbuf.c
+1-21 files

OpenZFS/src ba970ebmodule/zfs spa_misc.c dmu.c

Cleanup allocation class selection

- For multilevel gang blocks it seemed possible to fallback from
normal to special class, since they don't have proper object type,
and DMU_OT_NONE is a "metadata".  They should never fallback.
 - Fix possible inversion with zfs_user_indirect_is_special = 0,
when indirects written to normal vdev, while small data to special.
Make small indirect blocks also follow special_small_blocks there.
 - With special_small_blocks now applying to both files and ZVOLs,
make it apply to all non-metadata without extra checks, since there
are no other non-metadata types.

Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18208
DeltaFile
+16-26module/zfs/spa_misc.c
+1-3module/zfs/dmu.c
+17-292 files

LLVM/project 4831bf9mlir/lib/IR AffineExpr.cpp, mlir/test/IR affine-map.mlir

[MLIR] Fix bug in AffineExpr simplifyAdd (#181613)

Fix bug in AffineExpr simplifyAdd. This was leading to an incorrect
construction of affine expressions in certain cases; the expression was
being wrongly simplified to a modulo one.

Test cases for affine expr simplification by construction in
lib/IR/AffineExpr.cpp were earlier added to a transforms pass' tests;
add basic ones to test/IR/ while on this.
DeltaFile
+21-0mlir/test/IR/affine-map.mlir
+4-4mlir/lib/IR/AffineExpr.cpp
+25-42 files

LLVM/project 9b027c4clang/docs AMDGPUBuiltins.rst

resolve comments
DeltaFile
+35-10clang/docs/AMDGPUBuiltins.rst
+35-101 files

LLVM/project 1111bbdclang/docs AMDGPUBuiltins.rst

add a warning
DeltaFile
+5-0clang/docs/AMDGPUBuiltins.rst
+5-01 files

LLVM/project bdecc7bclang/docs AMDGPUBuiltins.rst

fix doc build error
DeltaFile
+3-3clang/docs/AMDGPUBuiltins.rst
+3-31 files

LLVM/project 3397798clang/docs AMDGPUBuiltins.rst index.rst

[RFC][Docs][Clang][AMDGPU] Add AMDGPU builtins documentation

Add comprehensive documentation for AMDGPU target-specific builtins
(`AMDGPUBuiltins.rst`) covering argument semantics, restrictions, and
lowering notes for all builtin families.

This documentation was generated by AI (Claude) by cross-referencing:
- `clang/include/clang/Basic/BuiltinsAMDGPU.td` (builtin definitions)
- `llvm/include/llvm/IR/IntrinsicsAMDGPU.td` (intrinsic definitions)
- `clang/lib/Sema/SemaAMDGPU.cpp` (argument validation/constraints)
- `clang/lib/CodeGen/TargetBuiltins/AMDGPU.cpp` (lowering logic)

I did my best to proofread the parts I'm familiar with, but it would be greatly
appreciated if more people could help review it as well.
DeltaFile
+1,807-0clang/docs/AMDGPUBuiltins.rst
+1-0clang/docs/index.rst
+1,808-02 files

LLVM/project d6cd6ccclang/docs AMDGPUBuiltins.rst

- further refine
- cross reference from AMD's official GPUOpen Machine-Readable ISA
- Improve readability for broader target audience
DeltaFile
+534-356clang/docs/AMDGPUBuiltins.rst
+534-3561 files

FreeBSD/src 7ab5e3fusr.sbin/bhyve pci_passthru.c

bhyve: Fix a misleading error message

The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.

Reviewed by:    jhb
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D55070
DeltaFile
+7-2usr.sbin/bhyve/pci_passthru.c
+7-21 files

FreeBSD/src c713540sys/amd64/vmm vmm_dev_machdep.c, sys/dev/vmm vmm_dev.c vmm_dev.h

vmm: Allow the use of PCI passthrough in a jail

After commit e11768e94787 ("vmm: Add PRIV_DRIVER checks for passthru
ioctls"), it is not possible to use PCI passthru from jails, as
PRIV_DRIVER is not granted to jails.  Apparently some users expect this
to work, understanding that jailing bhyve provides little security
benefit in this configuration.

I believe we should disable ppt access in jails even when allow.vmm is
configured.  To provide an escape hatch for users, add a new
allow.vmm_ppt jail configuration knob, and check it when handling ppt
ioctls in jails.  Also add a new PRIV_VMM_PPTDEV to replace the use of
PRIV_DRIVER.

PR:             292750
Reviewed by:    corvink
MFC after:      2 weeks
Sponsored by:   The FreeBSD Foundation
Sponsored by:   Klara, Inc.
Differential Revision:  https://reviews.freebsd.org/D55066
DeltaFile
+13-7sys/dev/vmm/vmm_dev.c
+7-7sys/amd64/vmm/vmm_dev_machdep.c
+11-0usr.sbin/jail/jail.8
+7-0sys/kern/kern_jail.c
+6-1sys/sys/priv.h
+1-1sys/dev/vmm/vmm_dev.h
+45-166 files