defguard, defguard-gateway, defguard-proxy: updated to 2.0.2
2.0.2:
SMTP OAuth configuration for Microsoft and Google
Bulk user actions
Synchronization of disabled Active Directory users
LDAP integration improvements
Synchronization of users only from specified groups in Microsoft directory synchronization
Security improvements to the Forward Auth functionality
Bug fixes and UX improvements
sysutils/eza: Update to 0.23.5
Changes since 0.23.4:
[0.23.5] - 2026-07-09
Bug Fixes
* Update cargo/nix deps
* Fix yaml icon
* Color code parsing in theme.yml
* Use secret GitHub token to avoid rate limiting
* Enable powertest tests in the CI
* Update integration tests
* Ignore extensions for directories when sorting
* Satisfy newer clippy and stabilise powertest.yaml
* Adapt Windows git2 path handling and refresh --help powertest
Documentation
[52 lines not shown]
more cleanup on close to avoid a use after free
In Linux, some driver specific cleanup is handled with the release
function pointer in struct file_operations.
For amdgpu, this was changed in Linux 6.16 from drm_release() to
amdgpu_drm_release(). Add a file_close function pointer to
struct drm_driver so we can call a function that does the same cleanup.
found by gnezdo@ with KASAN
ok gnezdo@
[AArch64] Clear kill flags from visitINSvi64lane (#209096)
If we replace a reg, we can have more uses meaning the kill flags are no
longer
valid. Make sure we remove them in case.
[SLP][NFC] Pre-commit tests for select IR-flag/metadata propagation (#208150)
Pre-commits regression tests for an upcoming SLPVectorizer fix (see
#207982). These IR shapes are currently vectorized by SLP, and the
vectorization is functionally correct but when a bundle of
scalar`select` instructions is vectorized, the resulting vector `select`
drops the fast-math flags (and other IR flags/metadata such as
`!unpredictable`) that were common to every scalar lane.
This NFC patch records the current (buggy) behavior so that the
follow-up fix's diff is limited to the behavioural change: `select_nnan`
currently loses `nnan` on the vectorized select, while
`select_not_all_nnan` (one lane missing `nnan`) correctly has none.
Co-authored-by: Ayush Rai <Ayush.Rai at amd.com>
[WebAssembly] Use generic pseudo_fmin/pseudo_fmax opcodes (#208454)
The pmin/pmax instructions are equivalent to these with operands
swapped.
The existing matching code for these instructions was incorrect, because
it failed to handle signed zeros and NaNs properly. You can't treat
strict and non-strict comparisons the same in this context.
[lld][ELF] Concatenate .gnu.build.attributes.* sections (#208737)
ld.bfd/ld.gold have been concatenating the GNU build attribute sections
since 2018:
https://gitlab.com/gnutools/binutils-gdb/-/commit/7d8a31665739412395f6dd370d2279acd322e78e
Do the same in LLD. These do not have a dedicated section type or flags,
so this is handled by the name-based logic. (Peculiarly, there used to
be SHF_GNU_BUILD_NOTE, but it was removed again.)
Not concatenating these results in a huge number of sections, which
breaks tools like `file`.
[PowerPC] Specify inlining behavior in TableGen (#206938)
Remove the custom areInlineCompatible() implementation and specify the
inlining behavior in TableGen instead.
I've tried to classify these to the best of my ability. Most features
stay at InlineDefault with the usual "caller can have more features than
callee" semantics. Tuning features are InlineIgnore. This includes all
the directive features, which, as far as I can tell, are only used for
tuning heuristics.
I also marked a few InlineMustMatch/InlineInverse, though I'm not
particularly confident on which ones are required to match.
libfetch: Reduce copying
Reduce the amount of copying we do when performing buffered reads.
MFC after: 1 week
Reviewed by: op
Differential Revision: https://reviews.freebsd.org/D58113
libfetch: Make fetch_ref an inline
Make fetch_ref() an inline and provide a fetch_deref().
MFC after: 1 week
Reviewed by: op
Differential Revision: https://reviews.freebsd.org/D57944
fetch: Stop setting an alarm
Now that fetchTimeout works reliably, setting an alarm is not only no
longer necessary but counterproductive, as it will trigger even if the
connection is not actually stalled but merely slow.
While here, improve the wording of the manual page's description of the
various options for setting a timeout.
MFC after: 1 week
Reviewed by: op
Differential Revision: https://reviews.freebsd.org/D57911
libfetch: Document fetchTimeout
Document the global fetchTimeout variable, now that it works reliably.
MFC after: 1 week
Reviewed by: op
Differential Revision: https://reviews.freebsd.org/D57910
libfetch: Apply timeout to connection attempts
Mark the socket non-blocking before connecting and poll for completion,
applying fetchTimeout if set.
MFC after: 1 week
Reviewed by: op
Differential Revision: https://reviews.freebsd.org/D57909
libfetch: Add read buffering
Previously, we would read FTP control connection messages and HTTP
reponse headers one character at a time. Now, we read as much as will
fit in our buffer and look for a newline. If there is data left over,
it will be reused by the next fetch_getln() call. This also requires
the addition of a fetch_bufread() which takes the buffer into account,
otherwise the start of the HTTP response body will be stuck in the
buffer after we read the last line of the header.
This should noticeably improve HTTP performance, especially for small
transfers.
MFC after: 1 week
Reviewed by: op
Differential Revision: https://reviews.freebsd.org/D57907
libfetch: Overhaul socket read / write
* Make fetch_ssl_read() and fetch_ssl_write() behave more like read(2)
and write(2), and drop fetch_socket_read() in favor of read(2).
* Don't request POLLERR, it's implied.
* Don't needlessly set errno, it's relatively costly.
* Always check for EAGAIN from writev(2), otherwise we will abort on a
short write instead of proceeding to poll(2).
* Always check for EAGAIN from poll(2) even though it can't happen on
FreeBSD; POSIX says it can, and it might in the future.
* Rewrite fetch_read() and fetch_writev() to be more similar to each
other. The main difference is that a partial read is treated as
success while a partial write is treated as failure.
[4 lines not shown]
tail: Allow repetitive or contraditory options
Unlike its GNU counterpart, our tail(1) has always errored out if given
repetitive or contradictory options, even prior to Keith Bostic's 1991
reimplementation. There is no good reason to continue to do so, not
even tradition, since many other commands (including head(1)) simply
apply the rightmost option in cases like this.
MFC after: 1 week
Reviewed by: allanjude, markj
Differential Revision: https://reviews.freebsd.org/D58192
[clang][NFC] move TokenKey to TokenKinds.h (#208867)
This patch moves the `TokenKey` enum closer to where it's actually used.
This is in preparation to generate it from tablegen once the definition
has been moved.
[RISCV] Fuse QC_E_LI to Loads/Store (#208134)
The QC Access relocations require the `qc.e.li` to be adjacent to its
load/store. This ensures that happens, and allows more relaxation
opportunities.
[orc-rt] Require ORC_RT_LOG format strings to be string literals (#209090)
os_log needs the format string as a literal (it builds format metadata
at the call site), while the none and printf backends accept a runtime
const char*. That mismatch let a non-literal format compile on
none/printf and fail only on an os_log build. Enforce the literal
requirement uniformly in the ORC_RT_LOG macro via an unevaluated
sizeof("" ...) check, so it is caught at the call site on every backend.
strawberry: updated to 1.2.23
1.2.23
Bugfixes
Fixed disabled widgets not appearing greyed out when a custom color set is in use
Fixed custom palette colors being selectable with the Breeze style, which doesn't support them
Fixed tab order in appearance settings
Fixed exclusive mode being selectable in backend settings when not supported by the current output
Fixed the fader not resuming after being paused
Fixed metadata (title, artist, album) from a radio stream track carrying over to the next track when its own tags are empty
Fixed a possible division by zero in the FHT spectrum analyzer
Fixed notifications not working on macOS by replacing the deprecated NSUserNotification API with UserNotifications
Fixed a possible hang on exit on macOS when a device lister was still running
Fixed Windows System Media Transport Controls image and timeline handling
Numerous stability, crash-safety and thread-safety fixes throughout the application
Enhancements
[4 lines not shown]
[orc-rt] Remove doxygen comments from logging implemenetation APIs (#209086)
These APIs are intended for internal consumption by the ORC runtime's
logging system: plain comments are more appropriate here than doxygen
comments.