OPNSense/core b2d3674src/opnsense/mvc/app/controllers/OPNsense/Routing/Api GroupSettingsController.php, src/opnsense/mvc/app/models/OPNsense/Routing GatewayGroups.php Gateways.php

Merge remote-tracking branch 'origin/master' into kea-dynamic-poc
DeltaFile
+308-0src/opnsense/mvc/app/models/OPNsense/Routing/GatewayGroups.php
+0-288src/www/system_gateway_groups_edit.php
+0-221src/www/system_gateway_groups.php
+147-0src/opnsense/mvc/app/controllers/OPNsense/Routing/Api/GroupSettingsController.php
+2-121src/opnsense/mvc/app/models/OPNsense/Routing/Gateways.php
+83-0src/opnsense/mvc/app/views/OPNsense/Routing/groups.volt
+540-63023 files not shown
+903-73429 files

OPNSense/core 0bd2324src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv6.xml

Services: Kea DHCPv6: Clean up allocator and pd-allocator terminology (#10330)
DeltaFile
+6-5src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv6.xml
+6-51 files

OPNSense/core db642a0src/opnsense/mvc/app/views/OPNsense/Unbound dnsbl.volt, src/opnsense/mvc/app/views/layout_partials base_apply_button.volt

ui: SimpleActionButton tab exclusion (#10328)
DeltaFile
+8-19src/opnsense/mvc/app/views/OPNsense/Unbound/dnsbl.volt
+12-0src/opnsense/www/js/opnsense_ui.js
+3-0src/opnsense/mvc/app/views/layout_partials/base_apply_button.volt
+23-193 files

OPNSense/core 6188aa8src/opnsense/mvc/app/controllers/OPNsense/Kea/forms dialogSubnet4.xml, src/opnsense/mvc/app/models/OPNsense/Kea KeaDhcpv4.xml KeaDhcpv4.php

Services: Kea DHCP: Kea DHCPv4 - add subnet allocator field (#10327)

---------

Co-authored-by: Monviech <79600909+Monviech at users.noreply.github.com>
DeltaFile
+10-0src/opnsense/mvc/app/controllers/OPNsense/Kea/forms/dialogSubnet4.xml
+8-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.xml
+4-0src/opnsense/mvc/app/models/OPNsense/Kea/KeaDhcpv4.php
+22-03 files

LLVM/project c816a36llvm/test/Transforms/LoopVectorize scalable-first-order-recurrence.ll, llvm/test/Transforms/LoopVectorize/AArch64 sve-interleaved-masked-accesses.ll partial-reduce-chained.ll

[VPlan] Expand simple SCEVs directly to VPInstructions. (#189455)

Add initial simple SCEV expansion directly to VPInstructions. To start
with, just support expanding SCEV expressions for the vector step (VF *
UF). This requires expanding VScale, constants and multiply expressions.

This allows enables CSE for some redundant vscale calls as first step
and also enables expanding SCEV expressions in blocks other than the
header as follow-ups. For example, this could be useful to avoid some
code movement with https://github.com/llvm/llvm-project/pull/189372.
DeltaFile
+80-84llvm/test/Transforms/LoopVectorize/AArch64/sve-interleaved-masked-accesses.ll
+18-36llvm/test/Transforms/LoopVectorize/AArch64/partial-reduce-chained.ll
+15-30llvm/test/Transforms/LoopVectorize/AArch64/scalable-strict-fadd.ll
+14-28llvm/test/Transforms/LoopVectorize/RISCV/tail-folding-inloop-reduction.ll
+14-28llvm/test/Transforms/LoopVectorize/RISCV/tail-folding-reduction.ll
+12-24llvm/test/Transforms/LoopVectorize/scalable-first-order-recurrence.ll
+153-23085 files not shown
+467-69291 files

LLVM/project 0b1caa3llvm/lib/Target/ARM ARMInstrThumb2.td, llvm/lib/Target/ARM/AsmParser ARMAsmParser.cpp

[ARM] Reject unencodable Thumb2 LDRD/STRD post-index offsets (#197228)

Thumb2 post-index LDRD/STRD immediates are encoded as scaled-by-4
values. Without the Imm8s4 parser class, plain assembly can accept byte
offsets that cannot be represented exactly.

Reject those operands during asm matching so invalid input does not
reach later MC paths where debug builds assert and release builds can
silently encode the rounded-down value.

The t2am_imm8s4_offset_asmoperand parser is updated to accommodate
constructs such as #-0 which preserve the negative sentinel on the zero.
DeltaFile
+20-0llvm/test/MC/ARM/thumb2-ldrd-strd-post-imm8s4-invalid.s
+4-4llvm/test/MC/ARM/thumb-diagnostics.s
+6-1llvm/lib/Target/ARM/AsmParser/ARMAsmParser.cpp
+1-0llvm/lib/Target/ARM/ARMInstrThumb2.td
+31-54 files

LLVM/project f10d02alibcxx/include/__mdspan extents.h

[libc++][mdspan][NFC] Simplify `std::extents` implementation (#196819)
DeltaFile
+18-43libcxx/include/__mdspan/extents.h
+18-431 files

FreeBSD/ports 53bd09fsecurity/vuxml/vuln 2026.xml

security/vuxml: Document MariaDB vulnerabilities
DeltaFile
+62-0security/vuxml/vuln/2026.xml
+62-01 files

LLVM/project 16bfe6allvm/include/llvm/Target TargetSelectionDAG.td, llvm/lib/Target/X86 X86InstrSSE.td X86InstrAVX512.td

[X86] Remove extra MOV after widening atomic store

This change adds patterns to optimize out an extra MOV present after
widening the atomic store. Covers <2 x i8> (SSE4.1+), <2 x i16>,
<4 x i8>, <2 x i32>, <2 x float>, <4 x i16>, <2 x ptr addrspace(270)>.
DeltaFile
+47-64llvm/test/CodeGen/X86/atomic-load-store.ll
+30-24llvm/test/CodeGen/X86/atomic-unordered.ll
+35-0llvm/include/llvm/Target/TargetSelectionDAG.td
+10-10llvm/lib/Target/X86/X86InstrSSE.td
+6-6llvm/lib/Target/X86/X86InstrAVX512.td
+1-1llvm/lib/Target/X86/X86ISelLowering.cpp
+129-1056 files

LLVM/project 56ed5ecflang/test/Driver intrinsic-module-path_per_target.f90

Double backslash under Windows
DeltaFile
+1-1flang/test/Driver/intrinsic-module-path_per_target.f90
+1-11 files

OPNSense/core f7c1d83src/etc/inc/plugins.inc.d kea.inc

Services: Kea DHCPv6: Always start the prefix watcher when DHCPv6 is enabled. A reservation with a prefix but without a configured pd_pool is also valid, it's more pragmatic to allow it than doing some complex validation gymnastics to prevent it. (#10329)
DeltaFile
+1-1src/etc/inc/plugins.inc.d/kea.inc
+1-11 files

NetBSD/pkgsrc vL3PQXimisc/getopt distinfo, misc/getopt/patches patch-gnu_getopt.c patch-gnu_getopt1.c

   getopt: Fix for modern C.
VersionDeltaFile
1.2+84-2misc/getopt/patches/patch-gnu_getopt.c
1.1+34-0misc/getopt/patches/patch-gnu_getopt1.c
1.1+15-0misc/getopt/patches/patch-gnu_getopt.h
1.12+6-4misc/getopt/distinfo
1.3+3-1misc/getopt/patches/patch-aa
1.4+3-1misc/getopt/patches/patch-ab
+145-86 files

LLVM/project 5e32211llvm/include/llvm/CodeGen/GlobalISel GIMatchTableExecutorImpl.h GIMatchTableExecutor.h, llvm/test/TableGen RegClassByHwMode.td

[GlobalISel] Replace `GIM_CheckFeatures` with `GIM_Try_CheckFeatures`

This has two benefits. First, it slightly reduces the size of the match table.
Secondly, if the target feature is not present, we can directly go to the fail
case, instead of having to do another loop of the interpreter, speeding up
rejection of rules that do not have the required target feature.

We could do the same with CheckSimplePredicate but it's less used (only in the combiners I think)
so it is less of a priority.

```
FILE                                          OLD      NEW    DIFF%    SAME?
----                                      -------  -------    -----    -----
AArch64GenGlobalISel.inc                   192681   185938    -3,5%       no
AArch64GenPostLegalizeGICombiner.inc         4457     4457     0,0%      yes
AArch64GenPreLegalizeGICombiner.inc          9010     9009    -0,0%       no
AMDGPUGenGlobalISel.inc                    596402   568486    -4,7%       no
AMDGPUGenPostLegalizeGICombiner.inc          9240     9238    -0,0%       no
AMDGPUGenPreLegalizeGICombiner.inc           8987     8987     0,0%      yes

    [2 lines not shown]
DeltaFile
+27-31llvm/test/TableGen/GlobalISelEmitter/GlobalISelEmitter.td
+19-15llvm/include/llvm/CodeGen/GlobalISel/GIMatchTableExecutorImpl.h
+9-17llvm/test/TableGen/RegClassByHwMode.td
+10-8llvm/utils/TableGen/Common/GlobalISel/GlobalISelMatchTable.cpp
+4-8llvm/test/TableGen/GlobalISelEmitter/HwModes.td
+5-4llvm/include/llvm/CodeGen/GlobalISel/GIMatchTableExecutor.h
+74-831 files not shown
+75-857 files

LLVM/project 729a8e4clang/lib/Driver/ToolChains HIPAMD.cpp, clang/test/Driver hip-toolchain-no-rdc.hip spirv-amd-toolchain.c

[NFC][HIP][SPIRV] Revert the disablement of untyped ptrs (#198428)

This exposes issues in the translator, and is also not the path we're currently exercising, hence we should revert to the known good state.
DeltaFile
+1-1clang/lib/Driver/ToolChains/HIPAMD.cpp
+1-1clang/test/Driver/hip-toolchain-no-rdc.hip
+1-1clang/test/Driver/spirv-amd-toolchain.c
+3-33 files

FreeBSD/ports 2b5be5etextproc/md4c Makefile distinfo

textproc/md4c: Update 0.5.2.20240225 => 0.5.3, take maintainership

Changelog:
https://github.com/mity/md4c/blob/release-0.5.3/CHANGELOG.md

Commit log:
https://github.com/mity/md4c/compare/481fbfb...release-0.5.3

PR:             294864
Approved by:    Henrik Rosenke <rosenke at dssgmbh.de> (former maintainer, via xing.com profile)
Sponsored by:   UNIS Labs
MFH:            2026Q2

(cherry picked from commit c3be68827f9804f6769c6b11a09ccef7f65e5ec9)
DeltaFile
+5-3textproc/md4c/Makefile
+3-3textproc/md4c/distinfo
+2-2textproc/md4c/pkg-plist
+10-83 files

OPNSense/core d22b3aesrc/etc/inc/plugins.inc.d kea.inc

Services: Kea DHCPv6: Always start the prefix watcher when DHCPv6 is enabled. A reservation with a prefix but without a configured pd_pool is also valid, it's more pragmatic to allow it than doing some complex validation gymnastics to prevent it.
DeltaFile
+1-1src/etc/inc/plugins.inc.d/kea.inc
+1-11 files

FreeBSD/ports c3be688textproc/md4c Makefile distinfo

textproc/md4c: Update 0.5.2.20240225 => 0.5.3, take maintainership

Changelog:
https://github.com/mity/md4c/blob/release-0.5.3/CHANGELOG.md

Commit log:
https://github.com/mity/md4c/compare/481fbfb...release-0.5.3

PR:             294864
Approved by:    Henrik Rosenke <rosenke at dssgmbh.de> (former maintainer, via xing.com profile)
Sponsored by:   UNIS Labs
MFH:            2026Q2
DeltaFile
+5-3textproc/md4c/Makefile
+3-3textproc/md4c/distinfo
+2-2textproc/md4c/pkg-plist
+10-83 files

OPNSense/core 3d2fa55src/opnsense/www/js opnsense_ui.js

ui: allow multiple tabs, comma separated
DeltaFile
+2-2src/opnsense/www/js/opnsense_ui.js
+2-21 files

LLVM/project fea0bd0clang/lib/CodeGen/TargetBuiltins AMDGPU.cpp

[AMDGPU][Clang] Use ScopeModel in ProcessOrderScopeAMDGCN [NFC]
DeltaFile
+16-31clang/lib/CodeGen/TargetBuiltins/AMDGPU.cpp
+16-311 files

FreeBSD/ports dba86d8editors/gedit-plugins Makefile

editors/gedit-plugins: unbreak

The = comparison operater in *_DEPENDS= exects the PORTREVISION
to match exactly.  Instead use >=.

Remove BROKEN=
DeltaFile
+2-4editors/gedit-plugins/Makefile
+2-41 files

NetBSD/pkgsrc Prwp99rdoc CHANGES-2026

   Updated math/py-numpy, devel/py-stevedore
VersionDeltaFile
1.3115+3-1doc/CHANGES-2026
+3-11 files

NetBSD/pkgsrc mJoK6Cidevel/py-stevedore distinfo Makefile

   py-stevedore: updated to 5.8.0

   5.8.0

   * typing: Correct type of Extension.plugin argument
   * tox: Use new constraints option
   * pre-commit: Bump dependencies
   * Update packaging configuration
   * ruff: Configure hacking as external linter
   * Update master for stable/2026.1
   * Remove unused Makefile for doc
VersionDeltaFile
1.20+4-4devel/py-stevedore/distinfo
1.28+2-2devel/py-stevedore/Makefile
+6-62 files

OPNSense/core 88200basrc/opnsense/www/js opnsense_ui.js

missing semicolon
DeltaFile
+1-1src/opnsense/www/js/opnsense_ui.js
+1-11 files

NetBSD/pkgsrc kY0Zj7Umath/py-numpy distinfo Makefile

   py-numpy: updated to 2.4.6

   2.4.6

   MAINT: Prepare 2.4.x for further development
   BUG: Fix regression in ``arr.conj()``
   BUG: ``np.linalg.svd(..., hermitian=True)`` returns non-unitary...
VersionDeltaFile
1.115+4-4math/py-numpy/distinfo
1.152+2-2math/py-numpy/Makefile
+6-62 files

NetBSD/pkgsrc 73TQZorwww/palemoon distinfo, www/palemoon/patches patch-platform_media_libvpx_config_linux_arm64_vpx__config.h

   palemoon: Fix build on NetBSD/aarch64.

   Needs pulling up.
VersionDeltaFile
1.3+17-26www/palemoon/patches/patch-platform_media_libvpx_config_linux_arm64_vpx__config.h
1.43+2-1www/palemoon/distinfo
+19-272 files

OPNSense/core b72be86src/opnsense/mvc/app/views/OPNsense/Unbound dnsbl.volt, src/opnsense/mvc/app/views/layout_partials base_apply_button.volt

ui: SimpleActionButton tab exclusion
DeltaFile
+8-19src/opnsense/mvc/app/views/OPNsense/Unbound/dnsbl.volt
+11-0src/opnsense/www/js/opnsense_ui.js
+3-0src/opnsense/mvc/app/views/layout_partials/base_apply_button.volt
+22-193 files

Dreckly/dreckly 5500dafwww/palemoon distinfo, www/palemoon/patches patch-platform_media_libvpx_config_linux_arm64_vpx__config.h

palemoon: Fix build on NetBSD/aarch64
DeltaFile
+20-0www/palemoon/patches/patch-platform_media_libvpx_config_linux_arm64_vpx__config.h
+1-0www/palemoon/distinfo
+21-02 files

LLVM/project 9d62e96llvm/include/llvm/IR Operator.h InstrTypes.h, llvm/lib/IR Instructions.cpp Operator.cpp

[IR] Store fast-math flags in subclasses of Instruction (#191190)

Move fast-math flags out from `Value`, because we are out of space of
`Value::SubclassOptionalData` and it is incompatible with other
optimization flags like `nneg`.
FP variant for `call/select/phi` is not introduced, because of
`mutateType`, it may change the type of the `Instruction` instance,
which may cause UB.

RFC:
https://discourse.llvm.org/t/rfc-store-fast-math-flags-in-subclasses-of-instruction/
DeltaFile
+20-64llvm/include/llvm/IR/Operator.h
+65-2llvm/include/llvm/IR/InstrTypes.h
+47-13llvm/lib/IR/Instructions.cpp
+23-0llvm/lib/IR/Operator.cpp
+9-7llvm/include/llvm/IR/Instructions.h
+6-6llvm/include/llvm/IR/Instruction.def
+170-921 files not shown
+172-927 files

OpenBSD/ports AZxJh0uwww/py-requests distinfo Makefile

   update to py3-requests-2.34.2
VersionDeltaFile
1.45+2-2www/py-requests/distinfo
1.75+1-1www/py-requests/Makefile
+3-32 files

FreeBSD/src 8b10555sbin/ipfw ipfw2.c, sys/netpfil/ipfw ip_fw2.c

ipfw: fix IPv6 flow label matching

* do not require just only ip6 proto for flow-id opcode in ipfw(8).
  ipv6-icmp, tcp, udp should be fine too.
* fix off-by-one bug leading to out-of-bounds read.
* apply IPV6_FLOWLABEL_MASK before comparison in flow6id_match(),
  so flow-id opcode will match a specified flow label. No need to
  take protocol version and traffic class into account.
* add the test to verify that opcode is working correctly.

Reviewed by:    pouria
Obtained from:  Yandex LLC
Differential Revision:  https://reviews.freebsd.org/D56869

(cherry picked from commit 3d39eadcdeb301e95abdc94b1ad5d1255fa0f446)
DeltaFile
+78-0tests/sys/netpfil/ipfw/ipv6-flow-id.sh
+12-1tests/sys/netpfil/common/pft_ping.py
+1-4sbin/ipfw/ipfw2.c
+3-1sys/netpfil/ipfw/ip_fw2.c
+1-0tests/sys/netpfil/ipfw/Makefile
+95-65 files