17840 Add AES_GMAC Sign Verify support to PKCS#11
Reviewed by: Robert Mustacchi <rm+illumos at fingolfin.org>
Reviewed by: Dan McDonald <danmcd at edgecast.io>
Approved by: Patrick Mooney <pmooney at pfmooney.com>
17709 aes: support GMAC input through standard mac interfaces
Reviewed by: Robert Mustacchi <rm+illumos at fingolfin.org>
Reviewed by: Dan McDonald <danmcd at edgecast.io>
Approved by: Patrick Mooney <pmooney at pfmooney.com>
Security: Q-Feeds Connect - add new options as available in integrated blocklists (#5226)
* Security: Q-Feeds Connect - add new options as available in integrated blocklists, closes https://github.com/opnsense/plugins/issues/5197
This adds allowlists (regex patterns), source_nets Q-Feeds applies on, address to return and optional NXDOMAIN responses.
Please note this version is only compatible with current community versions, business edition installs will have to wait for 26.4.
* Security: Q-Feeds Connect - update version and changelog
[flang][OpenMP] Make isPrivatizingClause version-sensitive
Some pre-existing clauses (e.g. use_device_ptr) are privatizing in
OpenMP 6.0, but not in 5.2. Make the check more accurate by considering
the effective spec version.
janet: update to 1.41.1
- Update file/write docstring
- Improve messages on errors when loading the bundle script
- Remove unused def
- Disable MSVC runtime stack checks in janet_ffi_win64
- shell: Prevent buggy moving zero column behavior
- Update to macos-14 in ci
- Apply :flycheck on def as well
- Take 2: 9front port, using 9front's Native Porting/Posix Environment
- Fix math/int-{max,min} docstrings
- Fix unix sockets issue on FreeBSD
- Use double-NULL
- Update year in copyright disclaimer to 2026
- Add omitted word "is" in docstrings
- Document empty? more clearly.
- Tweak some fiber-related docstrings
- Document how to set local timezone for os/date and os/strftime.
- Make peg-grammar available in all threads for peg/compile
[2 lines not shown]
py-qtgraph-qt5: updated to 0.14.0
0.14.0
Highlights
implement cuda OpenGL interops
PColorMeshItem: implement opengl rendering
Port PlotCurveItem experimental opengl codepath to shaders
Remove MetaArray, MultiPlotItem and MultiPlotWidget
Add Boxplot feature
Unvendor very old colorama
implement fill for connect="finite"
Add legend double-click and legend sample click signals.
pcmi: add support for OpenGL ES 3.0
Bump min numpy to 1.25+
Create FUNDING.yml
API/Behavior Changes and Additions
[148 lines not shown]
Simplify dnode_level_is_l2cacheable()
We should not dereference through dn_handle->dnh_dnode once we
already have a dnode pointer. The result will be the same.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18212
Cleanup allocation class selection
- For multilevel gang blocks it seemed possible to fallback from
normal to special class, since they don't have proper object type,
and DMU_OT_NONE is a "metadata". They should never fallback.
- Fix possible inversion with zfs_user_indirect_is_special = 0,
when indirects written to normal vdev, while small data to special.
Make small indirect blocks also follow special_small_blocks there.
- With special_small_blocks now applying to both files and ZVOLs,
make it apply to all non-metadata without extra checks, since there
are no other non-metadata types.
Reviewed-by: Brian Behlendorf <behlendorf1 at llnl.gov>
Signed-off-by: Alexander Motin <alexander.motin at TrueNAS.com>
Closes #18208
[MLIR] Fix bug in AffineExpr simplifyAdd (#181613)
Fix bug in AffineExpr simplifyAdd. This was leading to an incorrect
construction of affine expressions in certain cases; the expression was
being wrongly simplified to a modulo one.
Test cases for affine expr simplification by construction in
lib/IR/AffineExpr.cpp were earlier added to a transforms pass' tests;
add basic ones to test/IR/ while on this.
[RFC][Docs][Clang][AMDGPU] Add AMDGPU builtins documentation
Add comprehensive documentation for AMDGPU target-specific builtins
(`AMDGPUBuiltins.rst`) covering argument semantics, restrictions, and
lowering notes for all builtin families.
This documentation was generated by AI (Claude) by cross-referencing:
- `clang/include/clang/Basic/BuiltinsAMDGPU.td` (builtin definitions)
- `llvm/include/llvm/IR/IntrinsicsAMDGPU.td` (intrinsic definitions)
- `clang/lib/Sema/SemaAMDGPU.cpp` (argument validation/constraints)
- `clang/lib/CodeGen/TargetBuiltins/AMDGPU.cpp` (lowering logic)
I did my best to proofread the parts I'm familiar with, but it would be greatly
appreciated if more people could help review it as well.
bhyve: Fix a misleading error message
The ioctl might fail because it's run in a jail which doesn't have
permission to invoke ppt ioctls.
Reviewed by: jhb
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55070
vmm: Allow the use of PCI passthrough in a jail
After commit e11768e94787 ("vmm: Add PRIV_DRIVER checks for passthru
ioctls"), it is not possible to use PCI passthru from jails, as
PRIV_DRIVER is not granted to jails. Apparently some users expect this
to work, understanding that jailing bhyve provides little security
benefit in this configuration.
I believe we should disable ppt access in jails even when allow.vmm is
configured. To provide an escape hatch for users, add a new
allow.vmm_ppt jail configuration knob, and check it when handling ppt
ioctls in jails. Also add a new PRIV_VMM_PPTDEV to replace the use of
PRIV_DRIVER.
PR: 292750
Reviewed by: corvink
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D55066
