FreeBSD/ports 2f0c0banet/samba423 Makefile

net/samba423: Bump PORTREVISION

PR:     295130
Approved by:    samba (kiwi)
Sponsored by:   Klara, Inc.
DeltaFile
+1-0net/samba423/Makefile
+1-01 files

LLVM/project 58a639dclang-tools-extra/clang-tidy/hicpp HICPPTidyModule.cpp, clang-tools-extra/clang-tidy/tool check_alphabetical_order_test.py

[clang-tidy] Remove hicpp module [3/4] (#197076)

This is part three of removing the hicpp-* checks.

RFC:
https://discourse.llvm.org/t/rfc-regarding-the-current-status-of-hicpp-checks/89883

Part of https://github.com/llvm/llvm-project/issues/183462
DeltaFile
+16-11clang-tools-extra/docs/ReleaseNotes.rst
+0-24clang-tools-extra/clang-tidy/hicpp/HICPPTidyModule.cpp
+0-23clang-tools-extra/docs/clang-tidy/checks/hicpp/undelegated-constructor.rst
+10-10clang-tools-extra/test/clang-tidy/infrastructure/config-file.cpp
+10-6clang-tools-extra/clang-tidy/tool/check_alphabetical_order_test.py
+0-11clang-tools-extra/test/clang-tidy/checkers/hicpp/no-assembler-msvc.cpp
+36-8514 files not shown
+57-16720 files

LLVM/project ace5004clang/test/Headers wasm.c __clang_hip_math.hip, llvm/lib/Analysis ValueTracking.cpp

[ValueTracking] Handle sext, zext in computeConstantRange

Propagate constant ranges through sign extension, zero extension.
Extends the existing handling for truncations.
DeltaFile
+42-42clang/test/Headers/wasm.c
+57-0llvm/unittests/Analysis/ValueTrackingTest.cpp
+24-25clang/test/Headers/__clang_hip_math.hip
+17-4llvm/lib/Analysis/ValueTracking.cpp
+140-714 files

OPNSense/core 4c0a5b7src/etc/inc/plugins.inc.d captiveportal.inc, src/opnsense/service/templates/OPNsense/Captiveportal lighttpd-zone.conf

ditch proxy redirect, widen url match
DeltaFile
+0-38src/etc/inc/plugins.inc.d/captiveportal.inc
+2-2src/opnsense/service/templates/OPNsense/Captiveportal/lighttpd-zone.conf
+2-402 files

LLVM/project 51893b4llvm/lib/CodeGen MachineBlockPlacement.cpp

[MachineBlockPlacement] Fix use-after-erase (#197109)

`ComputedEdges.erase(FoundEdge)` invalidates `FoundEdge`, but the
function then returns `FoundEdge->second`. Read the bucket value into
a local before erasing.
DeltaFile
+6-5llvm/lib/CodeGen/MachineBlockPlacement.cpp
+6-51 files

OPNSense/core 5f73284src/opnsense/mvc/app/models/OPNsense/Ntpd/ACL ACL.xml

ntp: fix acl
DeltaFile
+6-6src/opnsense/mvc/app/models/OPNsense/Ntpd/ACL/ACL.xml
+6-61 files

LLVM/project e51bb36llvm/include/llvm/Analysis AliasAnalysis.h, llvm/lib/Analysis BasicAliasAnalysis.cpp AliasAnalysis.cpp

[AA] Respect potential synchronization effects of inline asm (#196965)

Respect potential synchronization effects of inline assembly calls on
not-yet-escaped memory.

We only do this if the call is both non-nosync and ModRefs "other"
memory. This is consistent with the atomic memory effects established in
https://github.com/llvm/llvm-project/pull/193768 and makes sure that
things like readonly/argmemonly continue to work as expected even for
frontends that do not emit nosync (which, right now, is all of them).

The limitation to inline asm should not actually exist: The issue
applies to all calls. This just fixes a particularly important case in a
targeted way. (The fact that inline asm memory barrier do not work as
expected is a problem for making optimizations of monotonic accesses
more aggressive, e.g. it caused issues for
https://github.com/llvm/llvm-project/pull/195015.)

The ability of inline asm (with a `~{memory}` clobber) to synchronize
was explicitly specified in
https://github.com/llvm/llvm-project/pull/150191.
DeltaFile
+35-0llvm/test/Analysis/BasicAA/atomics.ll
+15-1llvm/lib/Analysis/BasicAliasAnalysis.cpp
+2-4llvm/lib/Analysis/AliasAnalysis.cpp
+5-0llvm/include/llvm/Analysis/AliasAnalysis.h
+57-54 files

LLVM/project c85f29fllvm/lib/Target/PowerPC PPCISelLowering.cpp, llvm/test/CodeGen/PowerPC pr175297.ll

[PowerPC] Fix types when emitting ppc_altivec_vupklsw (#187789)

When lowering BUILD_VECTOR, we produce this intrinsic node, but fail to
adjust the input/output types to ensure ISel works.
This patch simply adds the necessary bitcasts.

Fixes: https://github.com/llvm/llvm-project/issues/175297
DeltaFile
+92-0llvm/test/CodeGen/PowerPC/pr175297.ll
+4-1llvm/lib/Target/PowerPC/PPCISelLowering.cpp
+96-12 files

OPNSense/core a7f3400src/etc/inc interfaces.inc, src/www interfaces.php

interfaces: safeguard DHCPv4 settings against arbitrary command injection

Use interfaces_dhcp_safe() and interfaces_dhcp_split() to do damage
control on the more or less custom options that are being allowed to
inject into dhclient.conf.

Tested both basic and advanced mode with test data from previous tickets.
Basic mode should be fine as is.  For advanced mode it's impossible to
tell if there are more edge cases given the fact that it takes any type
of input, but we do want to deprecate this advanced part anyway in order
to give way to better structure and easier safeguarding.

Since interfaces_dhcp_split() now exists, unify the behaviour of request,
send, require and option modifiers.  The latter are being abused for
raw config options although they should just validate on the actual
modifier keywords.  For now we leave this as is but reject the "media"
keyworld which is the instrumental part of the exploit.

Also validate that the hostname is an actual hostname.

    [3 lines not shown]
DeltaFile
+126-122src/etc/inc/interfaces.inc
+3-0src/www/interfaces.php
+129-1222 files

OPNSense/core 9f201fesrc/opnsense/scripts/auth sync_user.php

system: properly escape username in sync_user.php command invoke

PR: GHSA-f59w-m967-9rf6
(cherry picked from commit f35e2bf385813d58db0601f0067c30bca74a62c2)
DeltaFile
+1-1src/opnsense/scripts/auth/sync_user.php
+1-11 files

OPNSense/core ba2239csrc/opnsense/service/templates/OPNsense/Dnsmasq dnsmasq.conf

dnsmasq: Ignore DHCP names for 'wpad' to fix CERT Vulnerability VU#598349 (#10292)

(cherry picked from commit d1a1f4a3fe16f02a08d9beae99cd13ce9e397961)
DeltaFile
+5-0src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
+5-01 files

OPNSense/core 10dd861src/etc/inc interfaces.inc, src/www interfaces.php

interfaces: safeguard DHCPv4 settings against arbitrary command injection

Use interfaces_dhcp_safe() and interfaces_dhcp_split() to do damage
control on the more or less custom options that are being allowed to
inject into dhclient.conf.

Tested both basic and advanced mode with test data from previous tickets.
Basic mode should be fine as is.  For advanced mode it's impossible to
tell if there are more edge cases given the fact that it takes any type
of input, but we do want to deprecate this advanced part anyway in order
to give way to better structure and easier safeguarding.

Since interfaces_dhcp_split() now exists, unify the behaviour of request,
send, require and option modifiers.  The latter are being abused for
raw config options although they should just validate on the actual
modifier keywords.  For now we leave this as is but reject the "media"
keyworld which is the instrumental part of the exploit.

Also validate that the hostname is an actual hostname.

    [2 lines not shown]
DeltaFile
+126-122src/etc/inc/interfaces.inc
+3-0src/www/interfaces.php
+129-1222 files

OPNSense/core f35e2bfsrc/opnsense/scripts/auth sync_user.php

system: properly escape username in sync_user.php command invoke

PR: GHSA-f59w-m967-9rf6
DeltaFile
+1-1src/opnsense/scripts/auth/sync_user.php
+1-11 files

LLVM/project cc7353bllvm/test/MC/AMDGPU gfx13_asm_vop3.s gfx13_asm_vop3-fake16.s

[AMDGPU] Add VOP3 encoding for gfx13 (#196258)

Co-authored-by: Ivan Kosarev <ivan.kosarev at amd.com>
DeltaFile
+8,195-0llvm/test/MC/AMDGPU/gfx13_asm_vop3.s
+8,182-0llvm/test/MC/AMDGPU/gfx13_asm_vop3-fake16.s
+5,587-0llvm/test/MC/AMDGPU/gfx13_asm_vop3_dpp16.s
+5,574-0llvm/test/MC/AMDGPU/gfx13_asm_vop3_dpp16-fake16.s
+4,106-0llvm/test/MC/AMDGPU/gfx13_asm_vop3_from_vop1-fake16.s
+3,524-0llvm/test/MC/AMDGPU/gfx13_asm_vop3_dpp8.s
+35,168-010 files not shown
+39,596-29816 files

OPNSense/core d1a1f4asrc/opnsense/service/templates/OPNsense/Dnsmasq dnsmasq.conf

dnsmasq: Ignore DHCP names for 'wpad' to fix CERT Vulnerability VU#598349 (#10292)
DeltaFile
+5-0src/opnsense/service/templates/OPNsense/Dnsmasq/dnsmasq.conf
+5-01 files

LLVM/project 7fddf99clang/lib/AST/ByteCode Compiler.cpp, clang/test/AST/ByteCode fixed-point.cpp

[clang][bytecode] Pass correct QualType to getFixedPointSemantics() (#196952)

The expression type might be different, so pass the QualType we have at
hand.
DeltaFile
+5-0clang/test/AST/ByteCode/fixed-point.cpp
+1-1clang/lib/AST/ByteCode/Compiler.cpp
+6-12 files

LLVM/project 4ef1ef5llvm/test/TableGen aarch64-apple-tuning-features.td

[AArch64] Add a regression test for Apple tuning features(NFC) (#196792)

This patch adds a TableGen regression test that directly checks complete
featrure lists per generation for Apple CPUs, to guard against changes
that can break the <CPU,features> association if we lack indirect
coverage.
    
A followup patch should introduce generational delta encoding for Apple
tuning features that this test should help verify.
DeltaFile
+28-0llvm/test/TableGen/aarch64-apple-tuning-features.td
+28-01 files

LLVM/project 05f1fd3.github/workflows release-doxygen.yml

[github] Fix invalid local action invocation in release-doxygen workflow (#197107)

Fix the `Validate Input` step in `.github/workflows/release-doxygen.yml`
to use a valid local action invocation.

Before:
```yaml
- name: Validate Input
  ./.github/workflows/validate-release-version
  with:
    release-version: ${{ inputs.release-version }}
```

After:
```yaml
- name: Validate Input
  uses: ./.github/workflows/validate-release-version
  with:
    release-version: ${{ inputs.release-version }}

    [9 lines not shown]
DeltaFile
+1-1.github/workflows/release-doxygen.yml
+1-11 files

OPNSense/core ae68650src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api AliasController.php

Firewall: Aliases - regression in https://github.com/opnsense/core/commit/c0569f86d5538b4312dd7fd8f8613664db8dbed7, closes https://github.com/opnsense/core/issues/10291
DeltaFile
+14-12src/opnsense/mvc/app/controllers/OPNsense/Firewall/Api/AliasController.php
+14-121 files

FreeBSD/ports 8e2222cnet/haproxy24 distinfo Makefile

net/haproxy24: update to version 2.4.35.
DeltaFile
+3-3net/haproxy24/distinfo
+1-1net/haproxy24/Makefile
+4-42 files

FreeBSD/ports dcd4659net/haproxy26 distinfo Makefile

net/haproxy26: update to version 2.6.29
DeltaFile
+3-3net/haproxy26/distinfo
+1-1net/haproxy26/Makefile
+4-42 files

FreeBSD/ports ae92d4cnet/haproxy28 distinfo Makefile

net/haproxy28: update to version 2.8.24.
DeltaFile
+3-3net/haproxy28/distinfo
+1-1net/haproxy28/Makefile
+4-42 files

FreeBSD/ports a1ec38dnet/haproxy30 distinfo Makefile

net/haproxy30: update to version 3.0.23.
DeltaFile
+3-3net/haproxy30/distinfo
+1-1net/haproxy30/Makefile
+4-42 files

FreeBSD/ports a4669cfnet/haproxy33 distinfo Makefile

net/haproxy33: update to version 3.3.10
DeltaFile
+3-3net/haproxy33/distinfo
+1-1net/haproxy33/Makefile
+4-42 files

FreeBSD/ports 64959e6net/haproxy distinfo Makefile

net/haproxy: update to version 3.2.19.
DeltaFile
+3-3net/haproxy/distinfo
+1-1net/haproxy/Makefile
+4-42 files

OPNSense/core a46153asrc/opnsense/scripts/firmware connection.sh config.sh

firmware: add repo configuration output to connectivity audit

This gives us a better insight on the way the system may be
misconfigured.  To avoid leaking subscription keys scrub them
via output_cmd() and see if they leak somewhere using the new
SUBSCRIPTION_GUARD replacement in the old read.sh place.

The reason for this is also that read.sh is not executing on
the command line so replacing earlier makes sense.

While here refactor the connection audit a bit so we don't
grab the hostname from the URL since we have a script for that.

(cherry picked from commit 989a4672cc17b7e1ca9770ecf39a249ac40b1995)
(cherry picked from commit 2d846e3667960d9cea4fc4f1f8fce2b33c14faab)
(cherry picked from commit eaac21152e45fb817661e73b02b0a5e23a778e33)
(cherry picked from commit f648476a665117e37f6693b55fdbc701677e33eb)
(cherry picked from commit aa27271b696f8564f66e506dd2c06b5f65d17fa2)
DeltaFile
+22-7src/opnsense/scripts/firmware/connection.sh
+4-2src/opnsense/scripts/firmware/config.sh
+5-1src/opnsense/scripts/firmware/read.sh
+31-103 files

OPNSense/core dc3f01fsrc/etc/rc.subr.d livemode

shell: use safe config iteration in live mode banner
DeltaFile
+8-9src/etc/rc.subr.d/livemode
+8-91 files

FreeBSD/ports 7e6185agraphics/xviewer Makefile distinfo

graphics/xviewer: update to 3.4.16

- explicitly define USE_GNOME=gdkpixbuf2xlib to match Linux Mint
  packaging
- include upstream commit for GIRepository-2.0 compatibility,
  especially after devel/libpeas1 update

PR: 292771
DeltaFile
+5-3graphics/xviewer/Makefile
+5-3graphics/xviewer/distinfo
+1-0graphics/xviewer/pkg-plist
+11-63 files

FreeBSD/ports 73ebef1audio/pragha Makefile, deskutils/gnome-planner Makefile

devel/libpeas1: bump LIB_DEPENDS consumers after ABI break update
DeltaFile
+1-1audio/pragha/Makefile
+1-1x11/budgie-desktop/Makefile
+1-1deskutils/gnome-planner/Makefile
+1-1www/midori/Makefile
+1-1deskutils/gnome-todo/Makefile
+1-1mail/geary/Makefile
+6-616 files not shown
+22-1422 files

LLVM/project 8789401clang/lib/AST/ByteCode Compiler.cpp, clang/test/AST/ByteCode arrays.cpp

[clang][bytecode] Fix a crash with invalid ArraySubscriptExprs (#196964)

In the attached test case, `arr` becomes the _index_, not the base,
which causes us later to run into issues because the index is a pointer
and not an integer.
DeltaFile
+8-0clang/test/AST/ByteCode/arrays.cpp
+1-1clang/lib/AST/ByteCode/Compiler.cpp
+9-12 files