mvc: support verbose logging in run_migrations.php, closes https://github.com/opnsense/core/issues/9666
This might be practical for some other system tools eventually too, since Syslog() is our own wrapper, we can echo output to stdout when requested. By making the callout static, each component can still have its own logger instance (and verbose log to stdout)
usage: /usr/local/opnsense/mvc/script/run_migrations.php -v
[DTLTO][release/22.x] Add DTLTO LLVM release note
This adds a release note for DTLTO, summarizing the functional changes
introduced since the LLVM 21 release.
[DTLTO][NFC] Minor cleanups and improvements to DTLTO tests (#177282)
This change makes small, non-functional improvements to the DTLTO test
suite, including:
- Tightening+Regularizing FileCheck match expressions across tests
- Simplifying `signal.test` using more lit macro features
(cherry picked from commit 00fecbcf00f96e816608dcf8e82562e6aa272d21)
[DTLTO] Make temporary file handling consistent (#176807)
DTLTO emits temporary files to allow distribution of archive member
inputs.
It also emits temporary files from the ThinLTO backend, such as the
index files needed for each distributed ThinLTO backend compilation.
This change brings archive member temporary files into line with those
produced by the ThinLTO backend. They are now emitted in the same
location, warnings are emitted if they cannot be deleted, and they are
cleaned up on abnormal exit (e.g. Ctrl-C). All temporary files are
preserved when --save-temps is specified.
The existing signal-handling test has been extended to cover the full
set of DTLTO temporary files, and a new test has been added to exercise
temporary file handling in normal operation. Additionally, a minimal
test has been added to show the COFF behaviour.
[3 lines not shown]
[AMDGPU] Implement llvm.fptosi.sat and llvm.fptoui.sat (#174726)
Certain graphics APIs explicitly want the semantics of saturated
conversions, particularly w.r.t. edge cases like NaN. The underlying
hardware instructions (v_cvt_*) provide the expected behaviour so
llvm.fptosi.sat and llvm.fptoui.sat can be implemented directly.
Limitations:
- conversion to i64 is not handled (default expansion is used)
- v_cvt_u16_f16 and v_cvt_i16_f16 are not utilized (future work)
- scalar float is untested/unoptimized (future work)
[mlir][sparse] Implement missing BufferizableOpInterface methods for NewOp (#178423)
## Summary
Fixes crash when running `--eliminate-empty-tensors` on MLIR modules
containing `sparse_tensor.new` with a tensor input.
## Problem
The `sparse_tensor.new` operation was missing the
`bufferizesToMemoryRead`, `bufferizesToMemoryWrite`, and
`getAliasingValues` methods in its `BufferizableOpInterface`
implementation. This caused an `UNREACHABLE` crash with message
"bufferizesToMemoryRead not implemented".
## Solution
Implemented the missing methods in `NewOpInterface`:
- `bufferizesToMemoryRead`: returns `true` (reads from source tensor)
- `bufferizesToMemoryWrite`: returns `false` (doesn't write to source)
- `getAliasingValues`: returns empty (result is new allocation, not an
alias)
[5 lines not shown]
[MLIR][LLVM] Fix a crash in ensure-debug-info-scope-on-llvm-func (#178337)
This pass was not defensive enough about the presence of non-llvm
functions with call site locs.
dhcp/kea: Use hostdiscovery service as ndp source in kea_prefix_watcher script (#9648)
* Use hostdiscovery service as ndp source in kea_prefix_watcher script via list_hosts.py, only request IPv6 addresses, fall back to ndp when hostdiscovery is not running
Firewall: Rules [new]: normalize overload table between uuid and name (#9657)
* Firewall: Rules [new]: The mvc page stores the overload table as UUID, the legacy page as alias name. Turn UUID into alias name and vice versa during upload and download of rules, and then resolve it to a name before setting it in pf configuration.
* Firewall: Rules [new]: view, show translated value in the advanced field tooltip when possible, this will show the alias name instead of the UUID, fix upload bootgrid reload and hint the successful import with the change message
* Firewall: Rules [new]: There were error(s) loading the rules: /tmp/rules.debug:235: 'max-src-conn-rate' maximum rate must be < 4294967
[X86] Add baseline tests exposing invalid masked folds. (#178411)
This tests exposes invalid same-mask fold.
We need prevent folding the load into an "interleave‑type instruction",
because doing so removes the double mask application, which affects the
final result of the operation. For some instructions, folding the load
is simply invalid, even if the same mask is used. I have already
prepared a patch.
Few examples
```
EVEX.128.66.0F.WIG 67 /r VPACKUSWB xmm1{k1}{z}, xmm2, xmm3/m128
A: 00010203 7F000001 80000002 DEADBEEF
E : 00000000000000010000000200000003
D: 11111111222222223333333344444444
k = 0x0400
Masked_e = 00000000000000000000000000000000 (vmovdqu8{k}{z} Masked_e E)
res1 = 00000000000000000001000000000000 (VPACKUSWB D{k}{z}, A, E)
[27 lines not shown]
security/wazuh-agent: fix syntax error in opnsense-fw active response (#5174)
Fix critical syntax error in opnsense-fw active response script that prevents IPs from being added to the __wazuh_agent_drop alias.
## Problem
The script contains invalid Python syntax - a variable assignment inside a dictionary literal:
```python
"parameters":{
unique_key = "%s-%s" % (...) # Invalid Python syntax
"keys": [unique_key]
}
```
This causes the script to fail with a SyntaxError on all 'add' commands, meaning attacking IPs are never blocked.
## Changes
- Move unique_key assignment outside dictionary literal (fixes SyntaxError)
- Fix typo: 'even' -> 'event' in error message
- Add debug logging for easier troubleshooting
[3 lines not shown]
powerpc: explicitly cast the timebase printfs
This is causing compilation issues on powerpc:powerpc GENERIC.
(cherry picked from commit 03e4cc9fdeb2a6445f13cd41b471927a0f722fff)
powerpc: explicitly cast the timebase printfs
This is causing compilation issues on powerpc:powerpc GENERIC.
(cherry picked from commit 03e4cc9fdeb2a6445f13cd41b471927a0f722fff)
