Open Source Contributions

wasmtime#13383 Emit .eh_frame for System V unwind info in cranelift-object. Adds ObjectBuilder::unwind_info(bool) routing cranelift-codegen's UnwindInfo::SystemV through gimli's RelocateWriter into an object-crate section, supporting ELF and COFF. Closes a 6-year-old issue.

candle#3556 Cap allocations in the GGUF loader. Adds bounds checks for caller-controlled length fields, remaining-byte validation, a GGML_MAX_DIMS tensor dimension cap, and a recursion depth cap for nested array values.

tokio#8086 Implement UCred::pid on FreeBSD via getsockopt(LOCAL_PEERCRED) reading xucred.cr_pid. Splits DragonFly into its own module since its xucred has no PID field. Closes a 5-year-old issue.

hyper#4011 Case-insensitive trailer field matching per RFC 9110. Fixes HTTP/2 trailer header handling to comply with spec requirements for case-insensitive field names.

smoltcp#1126 TCP challenge ACK for duplicate ACKs in LAST-ACK state (RFC 9293 §3.10.7.4). Fixes silent discard of stale acknowledgments by sending a challenge ACK response.

smoltcp#1127 Check silent_until expiry in Meta::poll_at. Fixes 100% CPU spin when a DNS query times out with an unresolved neighbor by falling through to socket_poll_at once the silence period expires.

embassy#5598 Align ring buffer reads to ADC scan sequence length. Fixes channel value shifting after DMA overrun recovery in STM32 ADC ring-buffered mode.

vllm#44591 Batch Rust frontend auto-abort requests by engine before sending Abort messages. Reduces IPC round trips when many live streams are dropped at once while preserving inactive-request filtering and per-cause logging.

cilium/ebpf#1945 Add poller and eventRing interfaces for eBPF event handling. Extends the library's event processing capabilities for ring buffer operations.

rust-clippy#16402 Fixed false positive lint for proc-macro generated code. Prevents incorrect warnings on procedurally generated Rust code that would otherwise pass compilation.

nats-server Fix PROXY protocol parsing under required-TLS listeners. Removes the gate that skipped PROXY header parse when tls{} was required without allow_non_tls, letting the existing prebuffer replay overread bytes into the TLS handshake instead of dropping every connection.

mitmproxy#8046 Fix modify_body crash when replacement contains backslash sequences. Resolves crash in mitmproxy's body modification addon caused by unescaped backslash sequences in regex substitution.

pySigma#442 Fix chained boolean operators in condition expressions. Extracts all operands from pyparsing results and folds them into a left-associative binary tree, fixing silent drops in expressions like A or B or C.

RustPython#6661 Fixed set in-place operators with self argument. Resolves bug in Python set operations when operating on self (e.g., s |= s).

rapier#806 GeometricMean coefficient combine rule for friction simulation. Implements alternative friction model for more realistic physics simulation in the Rapier physics engine.

SigmaHQ/sigma#5899 Python base64 encoded inline command execution detection rules (Windows + Linux). High-confidence subset of existing python -c rule that matches base64.b64decode/b64encode calls to catch obfuscated reverse shells and droppers. T1059.006 + T1027.

floem#1025 Cache whitespace TextLayouts in editor paint. Performance optimization that caches text layout calculations for whitespace characters in the Floem UI framework.

cloudflare/agents#781 Fix: properly type tool error content in getAITools. Corrects TypeScript type definitions for error handling in Cloudflare's AI agent framework.

torchcvnn#106 Added input validation to normalization layers. Prevents runtime errors by validating tensor shapes and types in PyTorch complex-valued neural network library.