import UBI valgrind-3.26.0-5.el10

.gitignore

@@ -1 +1 @@
-valgrind-3.25.1.tar.bz2
+valgrind-3.26.0.tar.bz2

0001-Prepare-NEWS-for-branch-3.26-fixes.patch

@@ -1,19 +1,19 @@
-From 2e92839f77ad5b1e2db95887185eca3b4e70a4d5 Mon Sep 17 00:00:00 2001
+From 0f4968e8aaaacbb9700c09d88b20a195118f6ae4 Mon Sep 17 00:00:00 2001
 From: Mark Wielaard <mark@klomp.org>
-Date: Tue, 5 Aug 2025 22:05:30 +0200
-Subject: [PATCH 1/2] Prepare NEWS for branch 3.25.x fixes
+Date: Wed, 7 Jan 2026 15:11:59 +0100
+Subject: [PATCH 1/6] Prepare NEWS for branch 3.26 fixes
 
 ---
  NEWS | 12 ++++++++++++
  1 file changed, 12 insertions(+)
 
 diff --git a/NEWS b/NEWS
-index 741329a68170..5043e7008bf0 100644
+index fdeebfaead90..d176b0aa2ebe 100644
 --- a/NEWS
 +++ b/NEWS
 @@ -1,3 +1,15 @@
-+Branch 3.25.x
-+~~~~~~~~~~~~~
++Branch 3.26
++~~~~~~~~~~~
 +
 +* ==================== FIXED BUGS ====================
 +
@@ -24,9 +24,9 @@ index 741329a68170..5043e7008bf0 100644
 +where XXXXXX is the bug number as listed above.
 +
 +
- Release 3.25.1 (20 May 2025)
+ Release 3.26.0 (24 Oct 2025)
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
 -- 
-2.50.1
+2.52.0
 

0001-Refix-still_reachable-xml-closing-tag-and-add-testca.patch

@@ -0,0 +1,352 @@
+From a4e37741625163fe3e9fde5f21dc4d3e9167fd9a Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Thu, 29 Jan 2026 12:18:08 +0100
+Subject: [PATCH] Refix still_reachable xml closing tag and add testcases
+
+https://bugs.kde.org/show_bug.cgi?id=514613
+---
+ memcheck/mc_leakcheck.c                       | 16 ++--
+ memcheck/tests/Makefile.am                    | 14 ++-
+ memcheck/tests/nothing.c                      |  5 ++
+ memcheck/tests/nothing_xml.stderr.exp         |  0
+ memcheck/tests/nothing_xml.vgtest             |  4 +
+ memcheck/tests/simple_leak.c                  | 10 +++
+ memcheck/tests/simple_leak_xml.stderr.exp     |  0
+ memcheck/tests/simple_leak_xml.vgtest         |  4 +
+ memcheck/tests/simple_reachable.c             |  9 ++
+ .../tests/simple_reachable_xml.stderr.exp     |  0
+ memcheck/tests/simple_reachable_xml.vgtest    |  4 +
+ memcheck/tests/xmas_tree.cpp                  | 90 +++++++++++++++++++
+ memcheck/tests/xmas_tree_xml.stderr.exp       |  0
+ memcheck/tests/xmas_tree_xml.supp             |  7 ++
+ memcheck/tests/xmas_tree_xml.vgtest           |  4 +
+ 16 files changed, 162 insertions(+), 9 deletions(-)
+ create mode 100644 memcheck/tests/nothing.c
+ create mode 100644 memcheck/tests/nothing_xml.stderr.exp
+ create mode 100644 memcheck/tests/nothing_xml.vgtest
+ create mode 100644 memcheck/tests/simple_leak.c
+ create mode 100644 memcheck/tests/simple_leak_xml.stderr.exp
+ create mode 100644 memcheck/tests/simple_leak_xml.vgtest
+ create mode 100644 memcheck/tests/simple_reachable.c
+ create mode 100644 memcheck/tests/simple_reachable_xml.stderr.exp
+ create mode 100644 memcheck/tests/simple_reachable_xml.vgtest
+ create mode 100644 memcheck/tests/xmas_tree.cpp
+ create mode 100644 memcheck/tests/xmas_tree_xml.stderr.exp
+ create mode 100644 memcheck/tests/xmas_tree_xml.supp
+ create mode 100644 memcheck/tests/xmas_tree_xml.vgtest
+
+diff --git a/memcheck/mc_leakcheck.c b/memcheck/mc_leakcheck.c
+index 4df0b180d5d1..b0056b65bd3e 100644
+--- a/memcheck/mc_leakcheck.c
++++ b/memcheck/mc_leakcheck.c
+@@ -1768,23 +1768,23 @@ static void print_results(ThreadId tid, LeakCheckParams* lcp)
+       umsg_or_xml(VG_(clo_xml) ?
+                   "  <still_reachable>\n"
+                   "    <bytes>%'lu%s</bytes>\n"
+-                  "    <blocks>%'lu%s</blocks>\n"
+-                  "  </still_reachable>\n" :
++                  "    <blocks>%'lu%s</blocks>\n" :
+                   "   still reachable: %'lu%s bytes in %'lu%s blocks\n",
+                 MC_(bytes_reachable), 
+                 DBY (MC_(bytes_reachable), old_bytes_reachable), 
+                 MC_(blocks_reachable),
+                 DBL (MC_(blocks_reachable), old_blocks_reachable));
+-      for (i = 0; i < N_LEAK_CHECK_HEURISTICS; i++)
++      for (i = 0; i < N_LEAK_CHECK_HEURISTICS; i++) {
+          if (old_blocks_heuristically_reachable[i] > 0 
+              || MC_(blocks_heuristically_reachable)[i] > 0) {
+             umsg_or_xml(VG_(clo_xml) ? "" : "                      of which "
+                       "reachable via heuristic:\n");
+             break;
+          }
+-      for (i = 0; i < N_LEAK_CHECK_HEURISTICS; i++)
+-         if (old_blocks_heuristically_reachable[i] > 0 
+-             || MC_(blocks_heuristically_reachable)[i] > 0)
++      }
++      for (i = 0; i < N_LEAK_CHECK_HEURISTICS; i++) {
++         if (old_blocks_heuristically_reachable[i] > 0
++             || MC_(blocks_heuristically_reachable)[i] > 0) {
+             umsg_or_xml(VG_(clo_xml) ?
+                         "    <reachable_heuristic>\n"
+                         "      <kind>%ls</kind>\n"
+@@ -1800,7 +1800,9 @@ static void print_results(ThreadId tid, LeakCheckParams* lcp)
+                       MC_(blocks_heuristically_reachable)[i],
+                       DBL (MC_(blocks_heuristically_reachable)[i],
+                            old_blocks_heuristically_reachable[i]));
+-      if (VG_(clo_xml) && MC_(bytes_reachable)) {
++         }
++      }
++      if (VG_(clo_xml)) {
+          umsg_or_xml("  </still_reachable>\n");
+       }
+       umsg_or_xml(VG_(clo_xml) ?
+diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am
+index 4bdca487aa51..c8469f1265cb 100644
+--- a/memcheck/tests/Makefile.am
++++ b/memcheck/tests/Makefile.am
+@@ -307,6 +307,7 @@ EXTRA_DIST = \
+ 	new_nothrow.stderr.exp new_nothrow.vgtest \
+ 	new_override.stderr.exp new_override.stdout.exp new_override.vgtest \
+ 	noisy_child.vgtest noisy_child.stderr.exp noisy_child.stdout.exp \
++	nothing_xml.vgtest nothing_xml.stderr.exp \
+ 	null_socket.stderr.exp null_socket.vgtest \
+ 	origin1-yes.vgtest origin1-yes.stdout.exp origin1-yes.stderr.exp \
+ 		origin1-yes.stderr.exp-freebsd \
+@@ -403,6 +404,8 @@ EXTRA_DIST = \
+ 	    sigkill.stderr.exp-glibc-2.28 sigkill.vgtest \
+ 	signal2.stderr.exp signal2.stdout.exp signal2.vgtest \
+ 	sigprocmask.stderr.exp sigprocmask.stderr.exp2 sigprocmask.vgtest \
++	simple_leak_xml.vgtest simple_reachable_xml.vgtest \
++	simple_leak_xml.stderr.exp simple_reachable_xml.stderr.exp \
+ 	sized_delete.stderr.exp sized_delete.stderr.exp-x86 sized_delete.vgtest \
+ 	static_malloc.stderr.exp static_malloc.vgtest \
+ 	stpncpy.vgtest stpncpy.stderr.exp stpncpy.stdout.exp \
+@@ -478,6 +481,7 @@ EXTRA_DIST = \
+ 	wrapmallocstatic.vgtest wrapmallocstatic.stdout.exp \
+ 	wrapmallocstatic.stderr.exp \
+ 	writev1.stderr.exp writev1.stderr.exp-solaris writev1.vgtest \
++	xmas_tree_xml.vgtest xmas_tree_xml.supp xmas_tree_xml.stderr.exp \
+ 	xml1.stderr.exp xml1.stdout.exp xml1.vgtest xml1.stderr.exp-s390x-mvc
+ 
+ check_PROGRAMS = \
+@@ -539,6 +543,7 @@ check_PROGRAMS = \
+ 	mismatches new_override metadata \
+ 	nanoleak_supp nanoleak2 new_nothrow \
+ 	noisy_child \
++	nothing \
+ 	null_socket \
+ 	origin1-yes origin2-not-quite origin3-no \
+ 	origin4-many origin5-bz2 origin6-fp \
+@@ -556,7 +561,9 @@ check_PROGRAMS = \
+ 	sbfragment \
+ 	sendmsg \
+ 	sh-mem sh-mem-random \
+-	sigaltstack signal2 sigprocmask static_malloc sigkill \
++	sigaltstack signal2 sigprocmask \
++	simple_leak simple_reachable \
++	static_malloc sigkill \
+ 	strchr \
+ 	str_tester \
+ 	supp_unknown supp1 supp2 suppfree \
+@@ -575,7 +582,8 @@ check_PROGRAMS = \
+ 	wmemcmp \
+ 	wrap1 wrap2 wrap3 wrap4 wrap5 wrap6 wrap7 wrap7so.so wrap8 \
+ 	wrapmalloc wrapmallocso.so wrapmallocstatic \
+-	writev1
++	writev1 \
++	xmas_tree
+ 
+ if !SOLARIS_SUN_STUDIO_AS
+ # Sun Studio assembler fails on "IDENT too long"
+@@ -950,3 +958,5 @@ endif
+ writev1_CFLAGS		= $(AM_CFLAGS) @FLAG_W_NO_STRINGOP_OVERFLOW@ @FLAG_W_NO_STRINGOP_OVERREAD@
+ xml1_CFLAGS             = $(AM_CFLAGS) -D_GNU_SOURCE @FLAG_W_NO_UNINITIALIZED@ @FLAG_W_NO_USE_AFTER_FREE@
+ 
++xmas_tree_SOURCES	= xmas_tree.cpp
++xmas_tree_CXXFLAGS	= ${AM_CXXFLAGS} @FLAG_W_NO_UNINITIALIZED@
+diff --git a/memcheck/tests/nothing.c b/memcheck/tests/nothing.c
+new file mode 100644
+index 000000000000..2e424a58ded8
+--- /dev/null
++++ b/memcheck/tests/nothing.c
+@@ -0,0 +1,5 @@
++/* no errors, except Darwin */
++int main()
++{
++}
++
+diff --git a/memcheck/tests/nothing_xml.stderr.exp b/memcheck/tests/nothing_xml.stderr.exp
+new file mode 100644
+index 000000000000..e69de29bb2d1
+diff --git a/memcheck/tests/nothing_xml.vgtest b/memcheck/tests/nothing_xml.vgtest
+new file mode 100644
+index 000000000000..db2eca402af1
+--- /dev/null
++++ b/memcheck/tests/nothing_xml.vgtest
+@@ -0,0 +1,4 @@
++prereq: which xmllint > /dev/null
++prog: nothing
++args: | xmllint --noout -
++vgopts: --xml=yes --xml-fd=1
+diff --git a/memcheck/tests/simple_leak.c b/memcheck/tests/simple_leak.c
+new file mode 100644
+index 000000000000..b94dade4c24c
+--- /dev/null
++++ b/memcheck/tests/simple_leak.c
+@@ -0,0 +1,10 @@
++#include <stdlib.h>
++
++static void *p;
++
++int main ()
++{
++  p = malloc (1024);
++  p = NULL;
++}
++
+diff --git a/memcheck/tests/simple_leak_xml.stderr.exp b/memcheck/tests/simple_leak_xml.stderr.exp
+new file mode 100644
+index 000000000000..e69de29bb2d1
+diff --git a/memcheck/tests/simple_leak_xml.vgtest b/memcheck/tests/simple_leak_xml.vgtest
+new file mode 100644
+index 000000000000..9652b32764b8
+--- /dev/null
++++ b/memcheck/tests/simple_leak_xml.vgtest
+@@ -0,0 +1,4 @@
++prereq: which xmllint > /dev/null
++prog: simple_leak
++args: | xmllint --noout -
++vgopts: --xml=yes --xml-fd=1
+diff --git a/memcheck/tests/simple_reachable.c b/memcheck/tests/simple_reachable.c
+new file mode 100644
+index 000000000000..4fe1adaf4556
+--- /dev/null
++++ b/memcheck/tests/simple_reachable.c
+@@ -0,0 +1,9 @@
++#include <stdlib.h>
++
++static void *p;
++
++int main ()
++{
++  p = malloc (1024);
++}
++
+diff --git a/memcheck/tests/simple_reachable_xml.stderr.exp b/memcheck/tests/simple_reachable_xml.stderr.exp
+new file mode 100644
+index 000000000000..e69de29bb2d1
+diff --git a/memcheck/tests/simple_reachable_xml.vgtest b/memcheck/tests/simple_reachable_xml.vgtest
+new file mode 100644
+index 000000000000..a64cb2ac5d69
+--- /dev/null
++++ b/memcheck/tests/simple_reachable_xml.vgtest
+@@ -0,0 +1,4 @@
++prereq: which xmllint > /dev/null
++prog: simple_reachable
++args: | xmllint --noout -
++vgopts: --xml=yes --xml-fd=1
+diff --git a/memcheck/tests/xmas_tree.cpp b/memcheck/tests/xmas_tree.cpp
+new file mode 100644
+index 000000000000..680833b46dac
+--- /dev/null
++++ b/memcheck/tests/xmas_tree.cpp
+@@ -0,0 +1,90 @@
++#include <new>
++#include <cstdlib>
++#include <cstring>
++#include <unistd.h>
++#include "../memcheck.h"
++
++struct Ae
++{
++   virtual ~Ae()
++   {
++   }
++};
++struct Be
++{
++   virtual ~Be()
++   {
++   }
++};
++struct Ce : public Ae, public Be
++{
++   virtual ~Ce()
++   {
++   }
++};
++
++void* reachable;
++Be *interior;
++
++int suppress_me()
++{
++   int qqq;
++   if (qqq)
++       return 2;
++    return 1;
++}
++
++int main()
++{
++    std::align_val_t misalign(static_cast<std::align_val_t>(63U));
++    std::align_val_t align(static_cast<std::align_val_t>(64U));
++    std::align_val_t align2(static_cast<std::align_val_t>(32U));
++    std::size_t size(32);
++    std::size_t badsize(42);
++    std::nothrow_t tag;
++    int count{0};
++
++    char *mem = static_cast<char*>(operator new[](size, tag));
++    if (mem[31])
++        ++count;
++    if (mem[32])
++        ++count;
++    operator delete(mem, misalign, tag);
++
++    mem = static_cast<char*>(operator new(size, align, tag));
++    operator delete(mem, align2, tag);
++
++    mem = static_cast<char*>(malloc(20));
++    mem = static_cast<char*>(realloc(mem, 0));
++    delete mem;
++
++    mem = static_cast<char*>(operator new[](size));
++    memcpy(mem+10, mem+5, 10);
++    operator delete[](mem, badsize);
++
++    mem = static_cast<char*>(malloc(-1));
++
++    int fd{42};
++    int bad;
++    fd += bad;
++    fd -= bad;
++    char* buf{nullptr};
++    ++buf;
++    write(fd, buf, fd);
++
++    int zzz;
++    VALGRIND_CHECK_MEM_IS_DEFINED(&zzz, 4);
++
++    reachable = malloc(10);
++    mem = static_cast<char*>(malloc(20));
++
++    char* indirect = static_cast<char*>(malloc(30));
++    memcpy(&mem[8], &indirect, sizeof(indirect));
++    mem = nullptr;
++
++    count += suppress_me();
++
++    interior = new Ce;  // interior ptr.
++
++    return count;
++}
+diff --git a/memcheck/tests/xmas_tree_xml.stderr.exp b/memcheck/tests/xmas_tree_xml.stderr.exp
+new file mode 100644
+index 000000000000..e69de29bb2d1
+diff --git a/memcheck/tests/xmas_tree_xml.supp b/memcheck/tests/xmas_tree_xml.supp
+new file mode 100644
+index 000000000000..2643371609d3
+--- /dev/null
++++ b/memcheck/tests/xmas_tree_xml.supp
+@@ -0,0 +1,7 @@
++{
++   Hello, suppression World!
++   Memcheck:Cond
++   fun:_Z11suppress_mev
++   fun:main
++}
++
+diff --git a/memcheck/tests/xmas_tree_xml.vgtest b/memcheck/tests/xmas_tree_xml.vgtest
+new file mode 100644
+index 000000000000..5061ad12a466
+--- /dev/null
++++ b/memcheck/tests/xmas_tree_xml.vgtest
+@@ -0,0 +1,4 @@
++prereq: which xmllint > /dev/null
++prog: xmas_tree
++args: | xmllint --noout -
++vgopts: --xml=yes --xml-fd=1 --leak-check=full --suppressions=xmas_tree_xml.supp --leak-check-heuristics=multipleinheritance
+-- 
+2.52.0
+

0002-Bug-503241-s390x-Support-z17-changes-to-the-NNPA-ins.patch

@@ -1,539 +0,0 @@
-From 2ad8efa8f31c7e8733e430dad4f93541797d6792 Mon Sep 17 00:00:00 2001
-From: Andreas Arnez <arnez@linux.ibm.com>
-Date: Wed, 25 Jun 2025 16:35:04 +0200
-Subject: [PATCH 2/2] Bug 503241 - s390x: Support z17 changes to the NNPA
- instruction
-
-This adds support for the NNPA enhancements that are implemented with z17.
-
-(cherry picked from commit 24b634e8ce04de70d4aa6c61a12149df223f9c68)
----
- NEWS                                    |   2 +
- coregrind/m_extension/extension-s390x.c | 346 ++++++++++++++----------
- 2 files changed, 209 insertions(+), 139 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 5043e7008bf0..4e6e6c6d2387 100644
---- a/NEWS
-+++ b/NEWS
-@@ -5,6 +5,8 @@ Branch 3.25.x
- 
- The following bugs have been fixed or resolved on this branch.
- 
-+503241  s390x: Support z17 changes to the NNPA instruction
-+
- To see details of a given bug, visit
-   https://bugs.kde.org/show_bug.cgi?id=XXXXXX
- where XXXXXX is the bug number as listed above.
-diff --git a/coregrind/m_extension/extension-s390x.c b/coregrind/m_extension/extension-s390x.c
-index 85b99ad08687..98b825d9b5d2 100644
---- a/coregrind/m_extension/extension-s390x.c
-+++ b/coregrind/m_extension/extension-s390x.c
-@@ -301,11 +301,17 @@ typedef enum {
-    S390_NNPA_MAX               = 0x15,
-    S390_NNPA_LOG               = 0x20,
-    S390_NNPA_EXP               = 0x21,
-+   S390_NNPA_SQRT              = 0x22,
-+   S390_NNPA_INVSQRT           = 0x23,
-    S390_NNPA_RELU              = 0x31,
-    S390_NNPA_TANH              = 0x32,
-    S390_NNPA_SIGMOID           = 0x33,
-    S390_NNPA_SOFTMAX           = 0x34,
-+   S390_NNPA_GELU              = 0x35,
-    S390_NNPA_BATCHNORM         = 0x40,
-+   S390_NNPA_MOMENTS           = 0x41,
-+   S390_NNPA_LAYERNORM         = 0x42,
-+   S390_NNPA_NORM              = 0x43,
-    S390_NNPA_MAXPOOL2D         = 0x50,
-    S390_NNPA_AVGPOOL2D         = 0x51,
-    S390_NNPA_LSTMACT           = 0x60,
-@@ -313,6 +319,9 @@ typedef enum {
-    S390_NNPA_CONVOLUTION       = 0x70,
-    S390_NNPA_MATMUL_OP         = 0x71,
-    S390_NNPA_MATMUL_OP_BCAST23 = 0x72,
-+   S390_NNPA_MATMUL_OP_BCAST1  = 0x73,
-+   S390_NNPA_TRANSFORM         = 0xf0,
-+   S390_NNPA_REDUCE            = 0xf1,
- } s390_nnpa_function_t;
- 
- /* Suported NNPA functions */
-@@ -321,30 +330,51 @@ static const ULong NNPA_functions[] = {
-     S390_SETBIT(S390_NNPA_SUB) | S390_SETBIT(S390_NNPA_MUL) |
-     S390_SETBIT(S390_NNPA_DIV) | S390_SETBIT(S390_NNPA_MIN) |
-     S390_SETBIT(S390_NNPA_MAX) | S390_SETBIT(S390_NNPA_LOG) |
--    S390_SETBIT(S390_NNPA_EXP) | S390_SETBIT(S390_NNPA_RELU) |
-+    S390_SETBIT(S390_NNPA_EXP) | S390_SETBIT(S390_NNPA_SQRT) |
-+    S390_SETBIT(S390_NNPA_INVSQRT) | S390_SETBIT(S390_NNPA_RELU) |
-     S390_SETBIT(S390_NNPA_TANH) | S390_SETBIT(S390_NNPA_SIGMOID) |
--    S390_SETBIT(S390_NNPA_SOFTMAX)),
--   (S390_SETBIT(S390_NNPA_BATCHNORM) | S390_SETBIT(S390_NNPA_MAXPOOL2D) |
--    S390_SETBIT(S390_NNPA_AVGPOOL2D) | S390_SETBIT(S390_NNPA_LSTMACT) |
--    S390_SETBIT(S390_NNPA_GRUACT) | S390_SETBIT(S390_NNPA_CONVOLUTION) |
--    S390_SETBIT(S390_NNPA_MATMUL_OP) |
--    S390_SETBIT(S390_NNPA_MATMUL_OP_BCAST23)),
-+    S390_SETBIT(S390_NNPA_SOFTMAX) | S390_SETBIT(S390_NNPA_GELU)),
-+   (S390_SETBIT(S390_NNPA_BATCHNORM) | S390_SETBIT(S390_NNPA_MOMENTS) |
-+    S390_SETBIT(S390_NNPA_LAYERNORM) | S390_SETBIT(S390_NNPA_NORM) |
-+    S390_SETBIT(S390_NNPA_MAXPOOL2D) | S390_SETBIT(S390_NNPA_AVGPOOL2D) |
-+    S390_SETBIT(S390_NNPA_LSTMACT) | S390_SETBIT(S390_NNPA_GRUACT) |
-+    S390_SETBIT(S390_NNPA_CONVOLUTION) | S390_SETBIT(S390_NNPA_MATMUL_OP) |
-+    S390_SETBIT(S390_NNPA_MATMUL_OP_BCAST23) |
-+    S390_SETBIT(S390_NNPA_MATMUL_OP_BCAST1)),
-+   0,
-+   (S390_SETBIT(S390_NNPA_TRANSFORM) | S390_SETBIT(S390_NNPA_REDUCE)),
- };
- 
- /* Supported parameter block formats */
- static const ULong NNPA_ipbf[] = {
--   (S390_SETBIT(0)),
-+   (S390_SETBIT(0) | S390_SETBIT(1)),
- };
- 
- /* Supported data types and data layout formats */
-+enum {
-+   S390_NNPA_TYPE_1     = 0, // data type 1 (16 bit)
-+   S390_NNPA_TYPE_BFP32 = 6,
-+   S390_NNPA_TYPE_INT8  = 8,
-+   S390_NNPA_TYPE_INT32 = 10,
-+};
-+
-+enum {
-+   S390_NNPA_4D_FEATURE_TENSOR = 0,
-+   S390_NNPA_4D_KERNEL_TENSOR  = 1,
-+   S390_NNPA_4D_WEIGHTS_TENSOR = 2,
-+   S390_NNPA_4D_GENERIC_TENSOR = 31,
-+};
-+
- static const ULong NNPA_dtypes_layouts[] = {
-    /* Data types */
--   (S390_SETBIT(0) | // data type 1 (16 bit)
-+   (S390_SETBIT(S390_NNPA_TYPE_1) | S390_SETBIT(S390_NNPA_TYPE_BFP32) |
-+    S390_SETBIT(S390_NNPA_TYPE_INT8) | S390_SETBIT(S390_NNPA_TYPE_INT32) |
- 
-     /* Data layout formats */
--    S390_SETBIT(32 + 0) | // 4D-feature tensor
--    S390_SETBIT(32 + 1)   // 4D-kernel tensor
--    ),
-+    S390_SETBIT(32 + S390_NNPA_4D_FEATURE_TENSOR) |
-+    S390_SETBIT(32 + S390_NNPA_4D_KERNEL_TENSOR) |
-+    S390_SETBIT(32 + S390_NNPA_4D_WEIGHTS_TENSOR) |
-+    S390_SETBIT(32 + S390_NNPA_4D_GENERIC_TENSOR)),
- };
- 
- static const ULong NNPA_conversions[] = {
-@@ -360,10 +390,15 @@ struct s390_NNPA_parms_qaf {
-    UInt  mdis;
-    ULong mts;
-    ULong conversions;
--   ULong reserved2[22];
-+   ULong reserved2;
-+   UInt  mdnis[4];
-+   struct {
-+      ULong reserved[19];
-+   } reserved3;
- };
- 
--struct s390_NNPA_tensor0 {
-+/* Tensor descriptor, common for all data-layout formats */
-+struct s390_NNPA_tensor {
-    UChar  layout;
-    UChar  dtype;
-    UShort reserved1;
-@@ -372,21 +407,21 @@ struct s390_NNPA_tensor0 {
-    ULong  address;
- };
- 
--struct s390_NNPA_parms0 {
--   ULong                    pbvn : 16;
--   ULong                    mvn : 8;
--   ULong                    ribm : 24;
--   ULong                    reserved0 : 15;
--   ULong                    cf : 1;
--   ULong                    reserved1[6];
--   ULong                    save_area_address;
--   struct s390_NNPA_tensor0 out[2];
--   struct s390_NNPA_tensor0 reserved2[2];
--   struct s390_NNPA_tensor0 in[3];
--   ULong                    reserved3[12];
--   UInt                     param[5];
--   UInt                     reserved4;
--   ULong                    reserved5[13];
-+/* Parameter block format 0 or 1 */
-+struct s390_NNPA_parms {
-+   ULong                   pbvn : 16;
-+   ULong                   mvn : 8;
-+   ULong                   ribm : 24;
-+   ULong                   reserved0 : 15;
-+   ULong                   cf : 1;
-+   ULong                   reserved1[6];
-+   ULong                   save_area_address;
-+   struct s390_NNPA_tensor out[2];
-+   struct s390_NNPA_tensor reserved2[2];
-+   struct s390_NNPA_tensor in[3];
-+   ULong                   reserved3[12];
-+   UInt                    param[16];
-+   ULong                   reserved4[8];
- };
- 
- enum {
-@@ -418,135 +453,145 @@ static const char* const s390_NNPA_errmsg_access[s390_NNPA_message_n] = {
- 
- struct s390_NNPA_mem_dimensions {
-    UChar layout;
--   ULong dim[5];  // total dimensions
--   ULong used[4]; // used dimensions, without padding
--   ULong step[5];
--   ULong last_dim4_size;
-+   ULong dim[4];
-+   ULong total_size;
-+   ULong used_sticks; // occupied sticks per next-higher dimension
-+   ULong stick_fill;
-+   ULong last_stick_fill;
- };
- 
--/* Determine the 5 dimensions used to represent the tensor data in memory */
-+/* Determine the dimensions used to represent the tensor data in memory */
- static enum ExtensionError
--NNPA_tensor0_size(const struct s390_NNPA_tensor0*  t,
--                  UInt                             msg_idx,
--                  struct s390_NNPA_mem_dimensions* out_md)
-+NNPA_tensor_size(const struct s390_NNPA_tensor*   t,
-+                 UInt                             msg_idx,
-+                 struct s390_NNPA_mem_dimensions* out_md)
- {
-    struct s390_NNPA_mem_dimensions md;
-    ULong                           elem_size;
-+   ULong                           eps;
- 
--   md.layout = t->layout;
--   if (t->dtype == 0)
-+   switch (t->dtype) {
-+   case S390_NNPA_TYPE_INT8:
-+      elem_size = 1;
-+      break;
-+   case S390_NNPA_TYPE_1:
-       elem_size = 2;
--   else
-+      break;
-+   case S390_NNPA_TYPE_BFP32:
-+   case S390_NNPA_TYPE_INT32:
-+      elem_size = 4;
-+      break;
-+   default:
-       return INSN_ERR(s390_NNPA_errmsg_dtype[msg_idx]);
-+   }
-+   eps = 128 / elem_size;
- 
-+   md.layout = t->layout;
-    switch (t->layout) {
--   case 0: // 4D-feature tensor
--      md.dim[0] = md.used[0] = t->dim4;
--      md.dim[1] = md.used[1] = (t->dim1 + 63) / 64;
--      md.dim[2] = md.used[2] = t->dim3;
--      md.dim[3]              = (t->dim2 + 31) / 32 * 32;
--      md.used[3]             = t->dim2;
--      md.dim[4]              = 64;
--      md.last_dim4_size      = elem_size * (t->dim1 % 64);
-+   case S390_NNPA_4D_FEATURE_TENSOR:
-+      md.dim[0]      = t->dim4;
-+      md.dim[1]      = (t->dim1 + eps - 1) / eps;
-+      md.used_sticks = t->dim2;
-+      goto common_tensor_dimensions;
-+   case S390_NNPA_4D_KERNEL_TENSOR:
-+      md.dim[0]      = (t->dim1 + eps - 1) / eps;
-+      md.dim[1]      = t->dim4;
-+      md.used_sticks = t->dim2;
-+      goto common_tensor_dimensions;
-+   case S390_NNPA_4D_WEIGHTS_TENSOR:
-+      elem_size *= 2;
-+      eps /= 2;
-+      md.dim[0]      = t->dim4;
-+      md.dim[1]      = (t->dim1 + eps - 1) / eps;
-+      md.used_sticks = (t->dim2 + 1) / 2;
-+   common_tensor_dimensions:
-+      md.dim[2]          = t->dim3;
-+      md.dim[3]          = (md.used_sticks + 31) / 32 * 32;
-+      md.stick_fill      = elem_size * (t->dim1 >= eps ? eps : t->dim1);
-+      md.last_stick_fill = elem_size * ((t->dim1 - 1) % eps + 1);
-       break;
--   case 1: // 4D-kernel tensor
--      md.dim[0] = md.used[0] = (t->dim1 + 63) / 64;
--      md.dim[1] = md.used[1] = t->dim4;
--      md.dim[2] = md.used[2] = t->dim3;
--      md.dim[3]              = (t->dim2 + 31) / 32 * 32;
--      md.used[3]             = t->dim2;
--      md.dim[4]              = 64;
--      md.last_dim4_size      = elem_size * (t->dim1 % 64);
-+   case S390_NNPA_4D_GENERIC_TENSOR:
-+      md.dim[0] = t->dim4;
-+      md.dim[1] = t->dim3;
-+      md.dim[2] = t->dim2;
-+      md.dim[3] = t->dim1;
-+      eps       = 1;
-       break;
-    default:
-       return INSN_ERR(s390_NNPA_errmsg_layout[msg_idx]);
-    }
--   md.step[4] = elem_size * md.dim[4];
--   md.step[3] = md.step[4] * md.dim[3];
--   md.step[2] = md.step[3] * md.dim[2];
--   md.step[1] = md.step[2] * md.dim[1];
--   md.step[0] = md.step[1] * md.dim[0]; // total size
--   *out_md    = md;
-+   md.total_size =
-+      elem_size * eps * md.dim[3] * md.dim[2] * md.dim[1] * md.dim[0];
-+   *out_md = md;
-    return ExtErr_OK;
- }
- 
--/* Determine the size of the non-pad elements in the last dimension */
--static ULong NNPA_mem_dim4_size(const struct s390_NNPA_mem_dimensions* md,
--                                ULong                                  d0,
--                                ULong                                  d1)
--{
--   switch (md->layout) {
--   case 0: // 4D-feature tensor
--      return d1 + 1 == md->dim[1] ? md->last_dim4_size : md->step[4];
--   case 1: // 4D-kernel tensor
--      return d0 + 1 == md->dim[0] ? md->last_dim4_size : md->step[4];
--   }
--   return 0;
--}
--
--static enum ExtensionError NNPA_pre_read_tensor0(
--   ThreadState* tst, UInt msg_idx, const struct s390_NNPA_tensor0* t)
-+/* Track a tensor's memory regions with PRE_MEM_READ or POST_MEM_WRITE */
-+static enum ExtensionError NNPA_track_tensor(ThreadState* tst,
-+                                             UInt         msg_idx,
-+                                             const struct s390_NNPA_tensor* t,
-+                                             Bool do_write)
- {
-    struct s390_NNPA_mem_dimensions md;
-    enum ExtensionError             ret;
-+   ULong                           addr = t->address;
- 
--   ret = NNPA_tensor0_size(t, msg_idx, &md);
-+   ret = NNPA_tensor_size(t, msg_idx, &md);
-    if (ret != ExtErr_OK)
-       return ret;
- 
--   for (ULong d0 = 0; d0 < md.used[0]; d0++) {
--      for (ULong d1 = 0; d1 < md.used[1]; d1++) {
--         for (ULong d2 = 0; d2 < md.used[2]; d2++) {
--            for (ULong d3 = 0; d3 < md.used[3]; d3++) {
--               ULong addr = t->address + d0 * md.step[1] + d1 * md.step[2] +
--                            d2 * md.step[3] + d3 * md.step[4];
--               ULong len = NNPA_mem_dim4_size(&md, d0, d1);
--               PRE_MEM_READ(tst, s390_NNPA_errmsg_access[msg_idx], addr, len);
-+   switch (md.layout) {
-+   case S390_NNPA_4D_FEATURE_TENSOR:
-+   case S390_NNPA_4D_KERNEL_TENSOR:
-+   case S390_NNPA_4D_WEIGHTS_TENSOR:
-+      for (ULong d0 = 0; d0 < md.dim[0]; d0++) {
-+         for (ULong d1 = 0; d1 < md.dim[1]; d1++) {
-+            ULong len;
-+            switch (md.layout) {
-+            case S390_NNPA_4D_FEATURE_TENSOR:
-+            case S390_NNPA_4D_WEIGHTS_TENSOR:
-+               len = d1 + 1 == md.dim[1] ? md.last_stick_fill : md.stick_fill;
-+               break;
-+            case S390_NNPA_4D_KERNEL_TENSOR:
-+               len = d0 + 1 == md.dim[0] ? md.last_stick_fill : md.stick_fill;
-+               break;
-             }
--         }
--      }
--   }
--   return ExtErr_OK;
--}
--
--static UWord NNPA_pre_write_tensor0(ThreadState*                    tst,
--                                    UInt                            msg_idx,
--                                    const struct s390_NNPA_tensor0* t)
--{
--   struct s390_NNPA_mem_dimensions md;
--   enum ExtensionError             ret;
--
--   ret = NNPA_tensor0_size(t, msg_idx, &md);
--   if (ret != ExtErr_OK)
--      return ret;
--
--   PRE_MEM_WRITE(tst, "NNPA(out_tensor)", t->address, md.step[0]);
--   return ExtErr_OK;
--}
--
--static void NNPA_post_write_tensor0(ThreadState*                    tst,
--                                    UInt                            msg_idx,
--                                    const struct s390_NNPA_tensor0* t)
--{
--   struct s390_NNPA_mem_dimensions md;
--   enum ExtensionError             ret;
--
--   ret = NNPA_tensor0_size(t, msg_idx, &md);
--   if (ret != ExtErr_OK)
--      return;
--
--   for (ULong d0 = 0; d0 < md.used[0]; d0++) {
--      for (ULong d1 = 0; d1 < md.used[1]; d1++) {
--         for (ULong d2 = 0; d2 < md.used[2]; d2++) {
--            for (ULong d3 = 0; d3 < md.used[3]; d3++) {
--               ULong addr = t->address + d0 * md.step[1] + d1 * md.step[2] +
--                            d2 * md.step[3] + d3 * md.step[4];
--               ULong len = NNPA_mem_dim4_size(&md, d0, d1);
--               POST_MEM_WRITE(tst, addr, len);
-+            for (ULong d2 = 0; d2 < md.dim[2]; d2++) {
-+               for (ULong d3 = 0; d3 < md.used_sticks; d3++) {
-+                  if (md.layout == S390_NNPA_4D_WEIGHTS_TENSOR &&
-+                      d3 == md.used_sticks - 1 && t->dim2 % 2 != 0) {
-+                     // even elements only
-+                     for (ULong i = 0; i < len - 1; i += 2) {
-+                        if (do_write) {
-+                           POST_MEM_WRITE(tst, addr + i, 1);
-+                        } else {
-+                           PRE_MEM_READ(tst, s390_NNPA_errmsg_access[msg_idx],
-+                                        addr + i, 1);
-+                        }
-+                     }
-+                  } else if (do_write) {
-+                     POST_MEM_WRITE(tst, addr, len);
-+                  } else {
-+                     PRE_MEM_READ(tst, s390_NNPA_errmsg_access[msg_idx], addr,
-+                                  len);
-+                  }
-+                  addr += 128;
-+               }
-+               addr += 128 * (md.dim[3] - md.used_sticks);
-             }
-          }
-       }
-+      break;
-+   case S390_NNPA_4D_GENERIC_TENSOR:
-+      if (do_write) {
-+         POST_MEM_WRITE(tst, t->address, md.total_size);
-+      } else {
-+         PRE_MEM_READ(tst, s390_NNPA_errmsg_access[msg_idx], t->address,
-+                      md.total_size);
-+      }
-+      break;
-    }
-+   return ExtErr_OK;
- }
- 
- static enum ExtensionError do_extension_NNPA(ThreadState* tst, ULong variant)
-@@ -571,16 +616,21 @@ static enum ExtensionError do_extension_NNPA(ThreadState* tst, ULong variant)
-                             NNPA_dtypes_layouts, sizeof(NNPA_dtypes_layouts));
-       s390_filter_functions(&parms->conversions, sizeof(ULong),
-                             NNPA_conversions, sizeof(NNPA_conversions));
-+      // Clear reserved fields
-+      parms->reserved1 = 0;
-+      parms->reserved2 = 0;
-+      parms->reserved3 = (__typeof__(parms->reserved3)){0};
-    } else {
--      struct s390_NNPA_parms0*      parms          = (void*)parms_addr;
--      const struct s390_NNPA_parms0 orig_parms     = *parms;
--      ULong                         save_area_size = 0;
--      UInt                          in_tensors;
--      UInt                          out_tensors;
-+      struct s390_NNPA_parms*      parms          = (void*)parms_addr;
-+      const struct s390_NNPA_parms orig_parms     = *parms;
-+      ULong                        save_area_size = 0;
-+      UInt                         in_tensors;
-+      UInt                         out_tensors;
-+      enum ExtensionError          retval;
- 
-       parms_len = 4096;
-       PRE_MEM_READ(tst, "NNPA(parms)", parms_addr,
--                   sizeof(struct s390_NNPA_parms0));
-+                   sizeof(struct s390_NNPA_parms));
-       if (parms->cf) {
-          PRE_MEM_READ(tst, "NNPA(parms.csb)", parms_addr + 512,
-                       parms_len - 512);
-@@ -594,28 +644,39 @@ static enum ExtensionError do_extension_NNPA(ThreadState* tst, ULong variant)
-       case S390_NNPA_DIV:
-       case S390_NNPA_MIN:
-       case S390_NNPA_MAX:
-+      case S390_NNPA_NORM:
-          in_tensors  = 2;
-          out_tensors = 1;
-          break;
-       case S390_NNPA_LOG:
-       case S390_NNPA_EXP:
-+      case S390_NNPA_SQRT:
-+      case S390_NNPA_INVSQRT:
-       case S390_NNPA_RELU:
-       case S390_NNPA_TANH:
-       case S390_NNPA_SIGMOID:
-+      case S390_NNPA_GELU:
-          in_tensors  = 1;
-          out_tensors = 1;
-          break;
-       case S390_NNPA_SOFTMAX:
-+      case S390_NNPA_REDUCE:
-          in_tensors     = 1;
-          out_tensors    = 1;
-          save_area_size = 8192;
-          break;
-       case S390_NNPA_BATCHNORM:
-+      case S390_NNPA_LAYERNORM:
-          in_tensors  = 3;
-          out_tensors = 1;
-          break;
-+      case S390_NNPA_MOMENTS:
-+         in_tensors  = 1;
-+         out_tensors = 2;
-+         break;
-       case S390_NNPA_MAXPOOL2D:
-       case S390_NNPA_AVGPOOL2D:
-+      case S390_NNPA_TRANSFORM:
-          in_tensors  = 1;
-          out_tensors = 1;
-          break;
-@@ -627,6 +688,7 @@ static enum ExtensionError do_extension_NNPA(ThreadState* tst, ULong variant)
-       case S390_NNPA_CONVOLUTION:
-       case S390_NNPA_MATMUL_OP:
-       case S390_NNPA_MATMUL_OP_BCAST23:
-+      case S390_NNPA_MATMUL_OP_BCAST1:
-          in_tensors  = 3;
-          out_tensors = 1;
-          break;
-@@ -635,16 +697,20 @@ static enum ExtensionError do_extension_NNPA(ThreadState* tst, ULong variant)
-       }
- 
-       for (UInt i = 0; i < in_tensors; i++) {
--         enum ExtensionError retval =
--            NNPA_pre_read_tensor0(tst, s390_NNPA_message_in + i, &parms->in[i]);
-+         retval = NNPA_track_tensor(tst, s390_NNPA_message_in + i,
-+                                    &parms->in[i], False);
-          if (retval != ExtErr_OK)
-             return retval;
-       }
-       for (UInt i = 0; i < out_tensors; i++) {
--         enum ExtensionError retval = NNPA_pre_write_tensor0(
--            tst, s390_NNPA_message_out + i, &parms->out[i]);
-+         UInt                            msg_idx = s390_NNPA_message_out + i;
-+         struct s390_NNPA_mem_dimensions md;
-+
-+         retval = NNPA_tensor_size(&parms->out[i], msg_idx, &md);
-          if (retval != ExtErr_OK)
-             return retval;
-+         PRE_MEM_WRITE(tst, s390_NNPA_errmsg_access[msg_idx],
-+                       parms->out[i].address, md.total_size);
-       }
-       if (save_area_size != 0) {
-          PRE_MEM_WRITE(tst, "NNPA(save_area)", parms->save_area_address,
-@@ -653,8 +719,10 @@ static enum ExtensionError do_extension_NNPA(ThreadState* tst, ULong variant)
-       cc = do_NNPA_insn(&gpr0, parms_addr);
-       if (cc == 0) {
-          for (UInt i = 0; i < out_tensors; i++) {
--            NNPA_post_write_tensor0(tst, s390_NNPA_message_out + i,
--                                    &orig_parms.out[i]);
-+            retval = NNPA_track_tensor(tst, s390_NNPA_message_out + i,
-+                                       &orig_parms.out[i], True);
-+            if (retval != ExtErr_OK)
-+               return retval;
-          }
-       }
-    }
--- 
-2.50.1
-

0002-Bug-511972-valgrind-3.26.0-tests-fail-to-build-on-up.patch

@@ -0,0 +1,125 @@
+From fc9cf49c2f2e0e2282b000557df80ce2f755f191 Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Wed, 12 Nov 2025 21:46:23 +0100
+Subject: [PATCH 2/6] Bug 511972 - valgrind-3.26.0 tests fail to build on
+ upcomig gcc-16: unrecognized command-line option
+ '-Wno-alloc-size-larger-than=18446744073709551615'
+
+Initial patch from Sergei Trofimovich, thanks.
+
+(cherry picked from commit 51c5973d9d1f096b9472df75638f2a53324fafed)
+---
+ NEWS                                     | 4 ++++
+ configure.ac                             | 4 ++--
+ memcheck/tests/Makefile.am               | 8 ++++----
+ memcheck/tests/amd64-freebsd/Makefile.am | 2 +-
+ memcheck/tests/amd64-linux/Makefile.am   | 2 +-
+ memcheck/tests/x86-freebsd/Makefile.am   | 2 +-
+ 6 files changed, 13 insertions(+), 9 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index d176b0aa2ebe..4e6cb3de9125 100644
+--- a/NEWS
++++ b/NEWS
+@@ -5,6 +5,10 @@ Branch 3.26
+ 
+ The following bugs have been fixed or resolved on this branch.
+ 
++511972  valgrind-3.26.0 tests fail to build on upcomig gcc-16:
++        unrecognized command-line option
++        '-Wno-alloc-size-larger-than=18446744073709551615'
++
+ To see details of a given bug, visit
+   https://bugs.kde.org/show_bug.cgi?id=XXXXXX
+ where XXXXXX is the bug number as listed above.
+diff --git a/configure.ac b/configure.ac
+index 371dcf235c7d..9d62a7d27a2c 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -2538,7 +2538,7 @@ fi
+ AC_DEFUN([AC_GCC_WARNING_SUBST_NO],[
+   AC_MSG_CHECKING([if gcc accepts -W$1])
+   safe_CFLAGS=$CFLAGS
+-  CFLAGS="-W$1 -Werror"
++  CFLAGS="-W$1 -Wno-$1 -Werror"
+   AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[;]])], [
+   AC_SUBST([$2], [-Wno-$1])
+   AC_MSG_RESULT([yes])], [
+@@ -2591,7 +2591,6 @@ AC_GCC_WARNING_SUBST_NO([unused-result], [FLAG_W_NO_UNUSED_RESULT])
+ AC_GCC_WARNING_SUBST_NO([infinite-recursion], [FLAG_W_NO_INFINITE_RECURSION])
+ AC_GCC_WARNING_SUBST_NO([deprecated], [FLAG_W_NO_DEPRECATED])
+ # OK for 32 and 64 bit
+-AC_GCC_WARNING_SUBST_NO([alloc-size-larger-than=18446744073709551615], [FLAG_W_NO_ALLOC_SIZE_LARGER_THAN])
+ AC_GCC_WARNING_SUBST_NO([alloc-size], [FLAG_W_NO_ALLOC_SIZE])
+ 
+ AC_GCC_WARNING_SUBST([write-strings], [FLAG_W_WRITE_STRINGS])
+@@ -2605,6 +2604,7 @@ AC_GCC_WARNING_SUBST([missing-parameter-type], [FLAG_W_MISSING_PARAMETER_TYPE])
+ AC_GCC_WARNING_SUBST([logical-op], [FLAG_W_LOGICAL_OP])
+ AC_GCC_WARNING_SUBST([enum-conversion], [FLAG_W_ENUM_CONVERSION])
+ AC_GCC_WARNING_SUBST([implicit-fallthrough=2], [FLAG_W_IMPLICIT_FALLTHROUGH])
++AC_GCC_WARNING_SUBST([alloc-size-larger-than=18446744073709551616], [FLAG_W_ALLOC_SIZE_LARGER_THAN])
+ 
+ # as above, C++ flags
+ AC_DEFUN([AC_GXX_WARNING_SUBST_NO],[
+diff --git a/memcheck/tests/Makefile.am b/memcheck/tests/Makefile.am
+index 920f262a68cf..4bdca487aa51 100644
+--- a/memcheck/tests/Makefile.am
++++ b/memcheck/tests/Makefile.am
+@@ -689,18 +689,18 @@ leak_cpp_interior_SOURCES	= leak_cpp_interior.cpp
+ 
+ # Suppress various gcc warnings which are correct, but for things
+ # we are actually testing for at runtime.
+-accounting_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@
++accounting_CFLAGS	= $(AM_CFLAGS) @FLAG_W_ALLOC_SIZE_LARGER_THAN@
+ badfree_CFLAGS		= $(AM_CFLAGS) @FLAG_W_NO_FREE_NONHEAP_OBJECT@
+-bug155125_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNUSED_RESULT@ @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@
++bug155125_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNUSED_RESULT@ @FLAG_W_ALLOC_SIZE_LARGER_THAN@
+ bug472219_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@
+-calloc_overflow_CFLAGS	= ${AM_CFLAGS} @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@
++calloc_overflow_CFLAGS	= ${AM_CFLAGS} @FLAG_W_ALLOC_SIZE_LARGER_THAN@
+ malloc_usable_CFLAGS	= ${AM_CFLAGS} @FLAG_W_NO_MAYBE_UNINITIALIZED@ @FLAG_W_NO_UNINITIALIZED@
+ mallinfo_CFLAGS		= $(AM_CFLAGS) -Wno-deprecated-declarations
+ if VGCONF_OS_IS_SOLARIS
+ mallinfo_LDADD = -lmalloc
+ endif
+ mallinfo2_CFLAGS	= $(AM_CFLAGS) -Wno-deprecated-declarations
+-malloc3_CFLAGS		= $(AM_CFLAGS) @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@ @FLAG_W_NO_ALLOC_SIZE@
++malloc3_CFLAGS		= $(AM_CFLAGS) @FLAG_W_ALLOC_SIZE_LARGER_THAN@ @FLAG_W_NO_ALLOC_SIZE@
+ sbfragment_CFLAGS	= $(AM_CFLAGS) -Wno-deprecated-declarations
+ if VGCONF_OS_IS_SOLARIS
+ sbfragment_LDADD = -lmalloc
+diff --git a/memcheck/tests/amd64-freebsd/Makefile.am b/memcheck/tests/amd64-freebsd/Makefile.am
+index 378446d4cf45..1eff95fce3b7 100644
+--- a/memcheck/tests/amd64-freebsd/Makefile.am
++++ b/memcheck/tests/amd64-freebsd/Makefile.am
+@@ -24,5 +24,5 @@ AM_CCASFLAGS += @FLAG_M64@
+ 
+ posix_fallocate_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@
+ posix_fadvise_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@
+-reallocarray_CFLAGS	= ${AM_CFLAGS} @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@
++reallocarray_CFLAGS	= ${AM_CFLAGS} @FLAG_W_ALLOC_SIZE_LARGER_THAN@
+ 
+diff --git a/memcheck/tests/amd64-linux/Makefile.am b/memcheck/tests/amd64-linux/Makefile.am
+index a3b5df5a6742..69a84ffdfc8f 100644
+--- a/memcheck/tests/amd64-linux/Makefile.am
++++ b/memcheck/tests/amd64-linux/Makefile.am
+@@ -32,5 +32,5 @@ AM_CCASFLAGS += @FLAG_M64@
+ 
+ defcfaexpr_SOURCES	= defcfaexpr.S
+ defcfaexpr_CFLAGS	= $(AM_CFLAGS) @FLAG_NO_PIE@ 
+-reallocarray_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@
++reallocarray_CFLAGS	= $(AM_CFLAGS) @FLAG_W_ALLOC_SIZE_LARGER_THAN@
+ scalar_CFLAGS = $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@
+diff --git a/memcheck/tests/x86-freebsd/Makefile.am b/memcheck/tests/x86-freebsd/Makefile.am
+index 8c48506c2be7..7839bb309588 100644
+--- a/memcheck/tests/x86-freebsd/Makefile.am
++++ b/memcheck/tests/x86-freebsd/Makefile.am
+@@ -23,4 +23,4 @@ AM_CCASFLAGS += @FLAG_M32@
+ 
+ posix_fallocate_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@
+ posix_fadvise_CFLAGS	= $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@
+-reallocarray_CFLAGS	= ${AM_CFLAGS} @FLAG_W_NO_ALLOC_SIZE_LARGER_THAN@
++reallocarray_CFLAGS	= ${AM_CFLAGS} @FLAG_W_ALLOC_SIZE_LARGER_THAN@
+-- 
+2.52.0
+

0003-Add-several-missing-syscall-hooks-to-ppc64-linux.patch

@@ -1,102 +0,0 @@
-From 5c912fcfaff2c7c34232562a118fa5722c6df995 Mon Sep 17 00:00:00 2001
-From: Martin Cermak <mcermak@redhat.com>
-Date: Fri, 8 Aug 2025 23:46:53 +0200
-Subject: [PATCH 3/3] Add several missing syscall hooks to ppc64-linux
-
-Specifically:
-
-sys_getrlimit
-sys_mincore
-sys_tkill
-sys_unshare
-sys_splice
-sys_tee
-sys_vmsplice
-sys_fanotify_init
-sys_fanotify_mark
-sys_kcmp
-sys_bpf
-
-https://bugs.kde.org/show_bug.cgi?id=508030
-(cherry picked from commit 4363549490ecaeaa6c3048beeb8c5edcec33ec06)
----
- NEWS                                      |  1 +
- coregrind/m_syswrap/syswrap-ppc64-linux.c | 14 +++++++++++---
- 2 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/NEWS b/NEWS
-index 4e6e6c6d2387..3eea6bb1b709 100644
---- a/NEWS
-+++ b/NEWS
-@@ -6,6 +6,7 @@ Branch 3.25.x
- The following bugs have been fixed or resolved on this branch.
- 
- 503241  s390x: Support z17 changes to the NNPA instruction
-+508030  Add several missing syscall hooks to ppc64-linux
- 
- To see details of a given bug, visit
-   https://bugs.kde.org/show_bug.cgi?id=XXXXXX
-diff --git a/coregrind/m_syswrap/syswrap-ppc64-linux.c b/coregrind/m_syswrap/syswrap-ppc64-linux.c
-index 007fa6336c0e..03a5e6a822c1 100644
---- a/coregrind/m_syswrap/syswrap-ppc64-linux.c
-+++ b/coregrind/m_syswrap/syswrap-ppc64-linux.c
-@@ -691,7 +691,7 @@ static SyscallTableEntry syscall_table[] = {
- // _____(__NR_sethostname,       sys_sethostname),        //  74
- 
-    GENX_(__NR_setrlimit,         sys_setrlimit),          //  75
--// _____(__NR_getrlimit,         sys_getrlimit),          //  76
-+   GENXY(__NR_getrlimit,         sys_getrlimit),          //  76
-    GENXY(__NR_getrusage,         sys_getrusage),          //  77
-    GENXY(__NR_gettimeofday,      sys_gettimeofday),       //  78
- // _____(__NR_settimeofday,      sys_settimeofday),       //  79
-@@ -847,9 +847,9 @@ static SyscallTableEntry syscall_table[] = {
-    LINXY(__NR_fcntl64,           sys_fcntl64),            // 204 !!!!?? 32bit only */
- 
-    GENX_(__NR_madvise,           sys_madvise),            // 205
--// _____(__NR_mincore,           sys_mincore),            // 206
-+   GENXY(__NR_mincore,           sys_mincore),            // 206
-    LINX_(__NR_gettid,            sys_gettid),             // 207
--// _____(__NR_tkill,             sys_tkill),              // 208
-+   LINXY(__NR_tkill,             sys_tkill),              // 208
-    LINX_(__NR_setxattr,          sys_setxattr),           // 209
- 
-    LINX_(__NR_lsetxattr,         sys_lsetxattr),          // 210
-@@ -934,6 +934,10 @@ static SyscallTableEntry syscall_table[] = {
- 
-    LINXY(__NR_pselect6,          sys_pselect6),           // 280
-    LINXY(__NR_ppoll,             sys_ppoll),              // 281
-+   LINX_(__NR_unshare,           sys_unshare),            // 282
-+   LINX_(__NR_splice,            sys_splice),             // 283
-+   LINX_(__NR_tee,               sys_tee),                // 284
-+   LINXY(__NR_vmsplice,          sys_vmsplice),           // 285
- 
-    LINXY(__NR_openat,            sys_openat),             // 286
-    LINX_(__NR_mkdirat,           sys_mkdirat),            // 287
-@@ -972,6 +976,8 @@ static SyscallTableEntry syscall_table[] = {
-    LINXY(__NR_preadv,            sys_preadv),           // 320
-    LINX_(__NR_pwritev,           sys_pwritev),          // 321
-    LINXY(__NR_rt_tgsigqueueinfo, sys_rt_tgsigqueueinfo),// 322
-+   LINXY(__NR_fanotify_init,     sys_fanotify_init),    // 323
-+   LINX_(__NR_fanotify_mark,     sys_fanotify_mark),    // 324
- 
-    LINXY(__NR_prlimit64,         sys_prlimit64),        // 325
-    LINXY(__NR_socket,            sys_socket),           // 326
-@@ -1001,6 +1007,7 @@ static SyscallTableEntry syscall_table[] = {
- 
-    LINXY(__NR_process_vm_readv,  sys_process_vm_readv), // 351
-    LINX_(__NR_process_vm_writev, sys_process_vm_writev),// 352
-+   LINX_(__NR_kcmp,              sys_kcmp),             // 354
- 
-    LINX_(__NR_sched_setattr,     sys_sched_setattr),    // 355
-    LINXY(__NR_sched_getattr,     sys_sched_getattr),    // 356
-@@ -1008,6 +1015,7 @@ static SyscallTableEntry syscall_table[] = {
- 
-    LINXY(__NR_getrandom,         sys_getrandom),        // 359
-    LINXY(__NR_memfd_create,      sys_memfd_create),     // 360
-+   LINXY(__NR_bpf,               sys_bpf),              // 361
- 
-    LINX_(__NR_execveat,          sys_execveat),         // 362
- 
--- 
-2.50.1
-

0003-readlink-proc-self-exe-overwrites-buffer-beyond-its-.patch

@@ -0,0 +1,520 @@
+From 7de247c998049db64c4df8cb8bc8e481493f3b8e Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Sat, 3 Jan 2026 18:24:34 +0100
+Subject: [PATCH 3/6] readlink("/proc/self/exe") overwrites buffer beyond its
+ return value
+
+https://bugs.kde.org/show_bug.cgi?id=514094
+
+Squashed cherry-picks:
+
+Solaris: set VG_(resolved_exename) in load_client()
+
+  Haven't needed it yet, but I would like to try using it in the
+  readlink syscall wrapper.
+
+(cherry picked from commit bf154d815a9fd7f4aaae97e31aa03cecf69448d4)
+
+Bug 514094 - readlink("/proc/self/exe") overwrites buffer beyond its return value
+
+  Used the reproducer as the basis for a test on Solaris and Linux.
+
+(cherry picked from commit 5c0f5e604bc3a4e8822ea59c488c123af6284afd)
+
+readlink[at] syswrap: limit copy to bufsiz when path is proc self exe
+
+(cherry picked from commit bd9edb8fcd0a8692d865e08fab2a573a4cde4c16)
+
+Regtest: add missing readlinkat_self files
+
+(cherry picked from commit 987034c44105cdc2f6f8d84751135d23bd5c37b6)
+
+regtest: fix warning
+
+  Added a nice const named variable then didn't use it
+
+(cherry picked from commit dae37ecd2692e0e5beba77c296c2648ebbf47637)
+
+Fix bug514094,vgtest typo in none/tests/Makefile.am
+
+(cherry picked from commit 294742a2d9f431fd2dcd73db161f67fb12ddd833)
+
+syswrap readlink and linux readlinkat: check that buf is accessible for proc self exe case
+
+  Also update the t testcases to cover this.
+
+(cherry picked from commit 8d8023d107699c7c2d97acf2dcb77bae71c0b1cf)
+
+solaris readlinkat: check that buf is accessible for proc self path a.out
+
+(cherry picked from commit 827a1b8c307a2eafa001788565e14af3445f2151)
+---
+ .gitignore                                    |  3 ++
+ NEWS                                          |  1 +
+ coregrind/m_initimg/initimg-solaris.c         |  9 ++++
+ coregrind/m_syswrap/syswrap-generic.c         | 29 +++++++----
+ coregrind/m_syswrap/syswrap-linux.c           | 28 +++++++----
+ coregrind/m_syswrap/syswrap-solaris.c         | 13 +++--
+ none/tests/Makefile.am                        |  3 ++
+ none/tests/bug514094.c                        | 48 +++++++++++++++++++
+ none/tests/bug514094.stderr.exp               |  2 +
+ none/tests/bug514094.vgtest                   |  2 +
+ none/tests/linux/Makefile.am                  |  3 ++
+ none/tests/linux/readlinkat_self.c            | 34 +++++++++++++
+ none/tests/linux/readlinkat_self.stderr.exp   |  2 +
+ none/tests/linux/readlinkat_self.vgtest       |  1 +
+ none/tests/solaris/Makefile.am                |  3 ++
+ none/tests/solaris/readlinkat_self.c          | 34 +++++++++++++
+ none/tests/solaris/readlinkat_self.stderr.exp |  2 +
+ none/tests/solaris/readlinkat_self.vgtest     |  1 +
+ 18 files changed, 194 insertions(+), 24 deletions(-)
+ create mode 100644 none/tests/bug514094.c
+ create mode 100644 none/tests/bug514094.stderr.exp
+ create mode 100644 none/tests/bug514094.vgtest
+ create mode 100644 none/tests/linux/readlinkat_self.c
+ create mode 100644 none/tests/linux/readlinkat_self.stderr.exp
+ create mode 100644 none/tests/linux/readlinkat_self.vgtest
+ create mode 100644 none/tests/solaris/readlinkat_self.c
+ create mode 100644 none/tests/solaris/readlinkat_self.stderr.exp
+ create mode 100644 none/tests/solaris/readlinkat_self.vgtest
+
+diff --git a/NEWS b/NEWS
+index 4e6cb3de9125..cca48f513138 100644
+--- a/NEWS
++++ b/NEWS
+@@ -8,6 +8,7 @@ The following bugs have been fixed or resolved on this branch.
+ 511972  valgrind-3.26.0 tests fail to build on upcomig gcc-16:
+         unrecognized command-line option
+         '-Wno-alloc-size-larger-than=18446744073709551615'
++514094  readlink("/proc/self/exe") overwrites buffer beyond its return value
+ 
+ To see details of a given bug, visit
+   https://bugs.kde.org/show_bug.cgi?id=XXXXXX
+diff --git a/coregrind/m_initimg/initimg-solaris.c b/coregrind/m_initimg/initimg-solaris.c
+index 79072f3a85df..bd2d822e5d20 100644
+--- a/coregrind/m_initimg/initimg-solaris.c
++++ b/coregrind/m_initimg/initimg-solaris.c
+@@ -94,6 +94,15 @@ static void load_client(/*OUT*/ExeInfo *info,
+       /*NOTREACHED*/
+    }
+    VG_(strcpy)(out_exe_name, exe_name);
++   if (VG_(resolved_exename) == NULL) {
++      HChar interp_name[VKI_PATH_MAX];
++      if (VG_(try_get_interp)(exe_name, interp_name, VKI_PATH_MAX)) {
++         exe_name = interp_name;
++      }
++      HChar resolved_name[VKI_PATH_MAX];
++      VG_(realpath)(exe_name, resolved_name);
++      VG_(resolved_exename) = VG_(strdup)("initimg-solaris.lc.1", resolved_name);
++   }
+ 
+    /* Set initial brk values. */
+    if (info->ldsoexec) {
+diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c
+index 37f312fe8f4b..f39dbcdba055 100644
+--- a/coregrind/m_syswrap/syswrap-generic.c
++++ b/coregrind/m_syswrap/syswrap-generic.c
+@@ -5060,20 +5060,16 @@ POST(sys_poll)
+ 
+ PRE(sys_readlink)
+ {
+-   FUSE_COMPATIBLE_MAY_BLOCK();
+    PRINT("sys_readlink ( %#" FMT_REGWORD "x(%s), %#" FMT_REGWORD "x, %llu )",
+          ARG1, (char*)(Addr)ARG1, ARG2, (ULong)ARG3);
+    PRE_REG_READ3(long, "readlink",
+                  const char *, path, char *, buf, int, bufsiz);
+    PRE_MEM_RASCIIZ( "readlink(path)", ARG1 );
+    PRE_MEM_WRITE( "readlink(buf)", ARG2,ARG3 );
+-}
+ 
+-POST(sys_readlink)
+-{
++   Bool fuse_may_block = True;
+ #if defined(VGO_linux) || defined(VGO_solaris)
+    {
+-      Word saved = SYSNO;
+ #if defined(VGO_linux)
+ #define PID_EXEPATH  "/proc/%d/exe"
+ #define SELF_EXEPATH "/proc/self/exe"
+@@ -5092,14 +5088,27 @@ POST(sys_readlink)
+       VG_(sprintf)(name, PID_EXEPATH, VG_(getpid)());
+       if (ML_(safe_to_deref)(arg1s, 1)
+           && (VG_STREQ(arg1s, name) || VG_STREQ(arg1s, SELF_EXEPATH))) {
+-         VG_(sprintf)(name, SELF_EXEFD, VG_(cl_exec_fd));
+-         SET_STATUS_from_SysRes( VG_(do_syscall3)(saved, (UWord)name, 
+-                                                  ARG2, ARG3));
++         HChar* out_name = (HChar*)ARG2;
++         SizeT res = VG_(strlen)(VG_(resolved_exename));
++         res = VG_MIN(res, ARG3);
++         if (ML_(safe_to_deref)(out_name, res)) {
++            VG_(strncpy)(out_name, VG_(resolved_exename), res);
++            SET_STATUS_Success(res);
++         } else {
++            SET_STATUS_Failure(VKI_EFAULT);
++         }
++         fuse_may_block = False;
+       }
+    }
+ #endif
+-   if (SUCCESS && RES > 0)
+-      POST_MEM_WRITE( ARG2, RES );
++
++   if (fuse_may_block)
++       FUSE_COMPATIBLE_MAY_BLOCK();
++}
++
++POST(sys_readlink)
++{
++   POST_MEM_WRITE( ARG2, RES );
+ }
+ 
+ PRE(sys_readv)
+diff --git a/coregrind/m_syswrap/syswrap-linux.c b/coregrind/m_syswrap/syswrap-linux.c
+index e8b200385b8f..f1970cd8be9f 100644
+--- a/coregrind/m_syswrap/syswrap-linux.c
++++ b/coregrind/m_syswrap/syswrap-linux.c
+@@ -6468,14 +6468,10 @@ PRE(sys_readlinkat)
+    ML_(fd_at_check_allowed)(SARG1, (const HChar*)ARG2, "readlinkat", tid, status);
+    PRE_MEM_RASCIIZ( "readlinkat(path)", ARG2 );
+    PRE_MEM_WRITE( "readlinkat(buf)", ARG3,ARG4 );
+-}
+ 
+-POST(sys_readlinkat)
+-{
++   Bool fuse_may_block = True;
+    HChar name[30];       // large enough
+-   Word  saved = SYSNO;
+ 
+-   // @todo PJF why is this done in POST and not in PRE?
+    /*
+     * Handle the case where readlinkat is looking at /proc/self/exe or
+     * /proc/<pid>/exe.
+@@ -6484,13 +6480,25 @@ POST(sys_readlinkat)
+    if (ML_(safe_to_deref)((void*)(Addr)ARG2, 1)
+        && (VG_(strcmp)((HChar *)(Addr)ARG2, name) == 0
+            || VG_(strcmp)((HChar *)(Addr)ARG2, "/proc/self/exe") == 0)) {
+-      VG_(sprintf)(name, "/proc/self/fd/%d", VG_(cl_exec_fd));
+-      SET_STATUS_from_SysRes( VG_(do_syscall4)(saved, ARG1, (UWord)name, 
+-                                               ARG3, ARG4));
++       HChar* out_name = (HChar*)ARG3;
++       SizeT res = VG_(strlen)(VG_(resolved_exename));
++       res = VG_MIN(res, ARG4);
++       if (ML_(safe_to_deref)(out_name, res)) {
++          VG_(strncpy)(out_name, VG_(resolved_exename), res);
++          SET_STATUS_Success(res);
++       } else {
++          SET_STATUS_Failure(VKI_EFAULT);
++       }
++       fuse_may_block = False;
+    }
+ 
+-   if (SUCCESS && RES > 0)
+-      POST_MEM_WRITE( ARG3, RES );
++   if (fuse_may_block)
++      FUSE_COMPATIBLE_MAY_BLOCK();
++}
++
++POST(sys_readlinkat)
++{
++   POST_MEM_WRITE( ARG3, RES );
+ }
+ 
+ PRE(sys_fchmodat)
+diff --git a/coregrind/m_syswrap/syswrap-solaris.c b/coregrind/m_syswrap/syswrap-solaris.c
+index 2665633f435f..57af54fdc3be 100644
+--- a/coregrind/m_syswrap/syswrap-solaris.c
++++ b/coregrind/m_syswrap/syswrap-solaris.c
+@@ -2295,7 +2295,6 @@ PRE(sys_readlinkat)
+    /* ssize_t readlinkat(int dfd, const char *path, char *buf,
+                          size_t bufsiz); */
+    HChar name[30];    // large enough
+-   Word saved = SYSNO;
+ 
+    /* Interpret the first argument as 32-bit value even on 64-bit architecture.
+       This is different from Linux, for example, where glibc sign-extends it. */
+@@ -2317,9 +2316,15 @@ PRE(sys_readlinkat)
+    if (ML_(safe_to_deref)((void*)ARG2, 1) &&
+        (!VG_(strcmp)((HChar*)ARG2, name) ||
+         !VG_(strcmp)((HChar*)ARG2, "/proc/self/path/a.out"))) {
+-      VG_(sprintf)(name, "/proc/self/path/%d", VG_(cl_exec_fd));
+-      SET_STATUS_from_SysRes(VG_(do_syscall4)(saved, dfd, (UWord)name, ARG3,
+-                                              ARG4));
++       HChar* out_name = (HChar*)ARG3;
++       SizeT res = VG_(strlen)(VG_(resolved_exename));
++       res = VG_MIN(res, ARG4);
++       if (ML_(safe_to_deref)(out_name, res)) {
++          VG_(strncpy)(out_name, VG_(resolved_exename), res);
++          SET_STATUS_Success(res);
++       } else {
++          SET_STATUS_Failure(VKI_EFAULT);
++       }
+    }
+ }
+ 
+diff --git a/none/tests/Makefile.am b/none/tests/Makefile.am
+index a95d66436df8..a5e03de77cbb 100644
+--- a/none/tests/Makefile.am
++++ b/none/tests/Makefile.am
+@@ -111,6 +111,7 @@ EXTRA_DIST = \
+ 	bug290061.vgtest bug290061.stderr.exp \
+ 	bug491394.vgtest bug491394.stderr.exp \
+ 	bug492678.vgtest bug492678.stderr.exp \
++	bug514094.vgtest bug514094.stderr.exp \
+ 	closeall.stderr.exp closeall.vgtest \
+ 	cmdline0.stderr.exp cmdline0.stdout.exp cmdline0.vgtest \
+ 	cmdline1.stderr.exp cmdline1.stdout.exp cmdline1.vgtest \
+@@ -287,6 +288,7 @@ check_PROGRAMS = \
+ 	bug129866 bug234814 \
+ 	bug290061 \
+ 	bug492678 \
++	bug514094 \
+ 	closeall coolo_strlen \
+ 	discard exec-sigmask execve faultstatus fcntl_setown \
+ 	fdleak_cmsg fdleak_creat fdleak_doubleclose0 fdleak_dup fdleak_dup2 \
+@@ -392,6 +394,7 @@ bug290061_LDFLAGS	= @FLAG_PIE@
+ bug491394_LDADD		= -lc
+ bug491394_LDFLAGS	= -nostdlib -static
+ bug491394_CFLAGS	= ${AM_CFLAGS} -Os
++bug514094_CFLAGS	= ${AM_CFLAGS} @FLAG_W_NO_STRINGOP_OVERFLOW@
+ execve_CFLAGS		= $(AM_CFLAGS) @FLAG_W_NO_NONNULL@
+ if VGCONF_OS_IS_SOLARIS
+ fcntl_setown_LDADD	= -lsocket -lnsl
+diff --git a/none/tests/bug514094.c b/none/tests/bug514094.c
+new file mode 100644
+index 000000000000..a62a6406b722
+--- /dev/null
++++ b/none/tests/bug514094.c
+@@ -0,0 +1,48 @@
++#include <stdio.h>
++#include <unistd.h>
++#include <string.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <assert.h>
++#include <limits.h>
++#include <errno.h>
++#include "../../config.h"
++
++int main(int argc, char** argv)
++{
++   char buf[PATH_MAX];
++   memset(buf, 0, PATH_MAX);
++#if defined(VGO_solaris)
++   int ret = readlink("/proc/self/path/a.out", buf, PATH_MAX);
++#else
++   // Linux, and maybe one day NetBSD
++   // other platforms excluded by .vgtest prereq
++   int ret = readlink("/proc/self/exe", buf, PATH_MAX);
++#endif
++   if (argc > 1) {
++      printf("ret = %d, buf = %.64s\n", ret, buf);
++   }
++   char resolved[PATH_MAX];
++   realpath(argv[0], resolved);
++   assert(strcmp(resolved, buf) == 0);
++
++   const size_t small_buf_size = 11;
++   char small_buf[small_buf_size];
++   memset(small_buf, '#', small_buf_size);
++#if defined(VGO_solaris)
++   ret = readlink("/proc/self/path/a.out", small_buf, 10);
++#else
++   ret = readlink("/proc/self/exe", small_buf, 10);
++#endif
++   assert(strncmp(resolved, small_buf, 10) == 0);
++   assert(small_buf[10] == '#');
++
++#if defined(VGO_solaris)
++   ret = readlink("/proc/self/path/a.out", (char*)1, 100);
++#else
++   ret = readlink("/proc/self/exe", (char*)1, 100);
++#endif
++   assert(ret == -1);
++   assert(errno = EFAULT);
++}
++
+diff --git a/none/tests/bug514094.stderr.exp b/none/tests/bug514094.stderr.exp
+new file mode 100644
+index 000000000000..139597f9cb07
+--- /dev/null
++++ b/none/tests/bug514094.stderr.exp
+@@ -0,0 +1,2 @@
++
++
+diff --git a/none/tests/bug514094.vgtest b/none/tests/bug514094.vgtest
+new file mode 100644
+index 000000000000..292428cb7696
+--- /dev/null
++++ b/none/tests/bug514094.vgtest
+@@ -0,0 +1,2 @@
++prereq: ../../tests/os_test solaris || ../../tests/os_test linux
++prog: bug514094
+diff --git a/none/tests/linux/Makefile.am b/none/tests/linux/Makefile.am
+index 55426e2b2664..3692c6ff1f2a 100644
+--- a/none/tests/linux/Makefile.am
++++ b/none/tests/linux/Makefile.am
+@@ -21,6 +21,7 @@ EXTRA_DIST = \
+ 	mremap6.stderr.exp mremap6.vgtest \
+ 	open_client.stderr.exp open_client.vgtest \
+ 	pthread-stack.stderr.exp pthread-stack.vgtest \
++	readlinkat_self.stderr.exp readlinkat_self.vgtest \
+ 	stack-overflow.stderr.exp stack-overflow.vgtest
+ 
+ check_PROGRAMS = \
+@@ -37,6 +38,7 @@ check_PROGRAMS = \
+ 	mremap5 \
+ 	mremap6 \
+ 	pthread-stack \
++	readlinkat_self \
+ 	stack-overflow
+ 
+ if HAVE_OPENAT2
+@@ -58,6 +60,7 @@ open_client_SOURCES = open_client.cpp
+ endif
+ clonev_LDADD = -lpthread
+ pthread_stack_LDADD = -lpthread
++readlinkat_self_CFLAGS = ${AM_CFLAGS} @FLAG_W_NO_STRINGOP_OVERFLOW@
+ 
+ stack_overflow_CFLAGS = $(AM_CFLAGS) @FLAG_W_NO_UNINITIALIZED@ \
+ 			@FLAG_W_NO_INFINITE_RECURSION@
+diff --git a/none/tests/linux/readlinkat_self.c b/none/tests/linux/readlinkat_self.c
+new file mode 100644
+index 000000000000..586581a0d966
+--- /dev/null
++++ b/none/tests/linux/readlinkat_self.c
+@@ -0,0 +1,34 @@
++#include <stdio.h>
++#include <unistd.h>
++#include <string.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <assert.h>
++#include <limits.h>
++#include <errno.h>
++#include "../../config.h"
++
++int main(int argc, char** argv)
++{
++   char buf[PATH_MAX];
++   memset(buf, 0, PATH_MAX);
++   int ret = readlinkat(99, "/proc/self/exe", buf, PATH_MAX);
++   if (argc > 1) {
++      printf("ret = %d, buf = %.64s\n", ret, buf);
++   }
++   char resolved[PATH_MAX];
++   realpath(argv[0], resolved);
++   assert(strcmp(resolved, buf) == 0);
++
++   const size_t small_buf_size = 11;
++   char small_buf[small_buf_size];
++   memset(small_buf, '#', small_buf_size);
++   ret = readlinkat(100, "/proc/self/exe", small_buf, 10);
++   assert(strncmp(resolved, small_buf, 10) == 0);
++   assert(small_buf[10] == '#');
++
++   ret = readlinkat(101, "/proc/self/exe", (char*)1, 100);
++   assert(ret == -1);
++   assert(errno = EFAULT);
++}
++
+diff --git a/none/tests/linux/readlinkat_self.stderr.exp b/none/tests/linux/readlinkat_self.stderr.exp
+new file mode 100644
+index 000000000000..139597f9cb07
+--- /dev/null
++++ b/none/tests/linux/readlinkat_self.stderr.exp
+@@ -0,0 +1,2 @@
++
++
+diff --git a/none/tests/linux/readlinkat_self.vgtest b/none/tests/linux/readlinkat_self.vgtest
+new file mode 100644
+index 000000000000..3b91da54c53d
+--- /dev/null
++++ b/none/tests/linux/readlinkat_self.vgtest
+@@ -0,0 +1 @@
++prog: readlinkat_self
+diff --git a/none/tests/solaris/Makefile.am b/none/tests/solaris/Makefile.am
+index 861c9ff56222..c488c782de6d 100644
+--- a/none/tests/solaris/Makefile.am
++++ b/none/tests/solaris/Makefile.am
+@@ -23,6 +23,7 @@ EXTRA_DIST = \
+ 	proc_psinfo.stderr.exp proc_psinfo.stdout.exp proc_psinfo.vgtest \
+ 	posix_spawn.stderr.exp posix_spawn.stdout.exp posix_spawn.vgtest \
+ 	pthread-stack.stderr.exp pthread-stack.vgtest \
++	readlinkat_self.stderr.exp readlinkat_self.vgtest \
+ 	reserve_sysstat_addr.map reserve_sysstat_addr.stderr.exp reserve_sysstat_addr.vgtest \
+ 	reserve_sysstat_zone_addr.map reserve_sysstat_zone_addr.stderr.exp reserve_sysstat_zone_addr.vgtest \
+ 	resolv.stdout.exp resolv.stderr.exp resolv.vgtest \
+@@ -47,6 +48,7 @@ check_PROGRAMS = \
+ 	proc_psinfo \
+ 	posix_spawn \
+ 	pthread-stack \
++	readlinkat_self \
+ 	resolv \
+ 	sigresend \
+ 	stack_overflow \
+@@ -57,6 +59,7 @@ AM_CFLAGS   += $(AM_FLAG_M3264_PRI)
+ AM_CXXFLAGS += $(AM_FLAG_M3264_PRI)
+ 
+ pthread_stack_LDADD = -lpthread
++readlinkat_self_CFLAGS = ${AM_CFLAGS} @FLAG_W_NO_STRINGOP_OVERFLOW@
+ resolv_LDADD = -lresolv
+ stack_overflow_CFLAGS = ${AM_CFLAGS} @FLAG_W_NO_INFINITE_RECURSION@
+ stack_prot_LDFLAGS = -Wl,-M,/usr/lib/ld/map.noexstk
+diff --git a/none/tests/solaris/readlinkat_self.c b/none/tests/solaris/readlinkat_self.c
+new file mode 100644
+index 000000000000..ca60834aeb5e
+--- /dev/null
++++ b/none/tests/solaris/readlinkat_self.c
+@@ -0,0 +1,34 @@
++#include <stdio.h>
++#include <unistd.h>
++#include <string.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <assert.h>
++#include <limits.h>
++#include <errno.h>
++#include "../../config.h"
++
++int main(int argc, char** argv)
++{
++   char buf[PATH_MAX];
++   memset(buf, 0, PATH_MAX);
++   int ret = readlinkat(99, "/proc/self/path/a.out", buf, PATH_MAX);
++   if (argc > 1) {
++      printf("ret = %d, buf = %.64s\n", ret, buf);
++   }
++   char resolved[PATH_MAX];
++   realpath(argv[0], resolved);
++   assert(strcmp(resolved, buf) == 0);
++
++   const size_t small_buf_size = 11;
++   char small_buf[small_buf_size];
++   memset(small_buf, '#', small_buf_size);
++   ret = readlinkat(100, "/proc/self/path/a.out", small_buf, 10);
++   assert(strncmp(resolved, small_buf, 10) == 0);
++   assert(small_buf[10] == '#');
++
++   ret = readlinkat(101, "/proc/self/path/a.out", (char*)1, 100);
++   assert(ret == -1);
++   assert(errno = EFAULT);
++}
++
+diff --git a/none/tests/solaris/readlinkat_self.stderr.exp b/none/tests/solaris/readlinkat_self.stderr.exp
+new file mode 100644
+index 000000000000..139597f9cb07
+--- /dev/null
++++ b/none/tests/solaris/readlinkat_self.stderr.exp
+@@ -0,0 +1,2 @@
++
++
+diff --git a/none/tests/solaris/readlinkat_self.vgtest b/none/tests/solaris/readlinkat_self.vgtest
+new file mode 100644
+index 000000000000..3b91da54c53d
+--- /dev/null
++++ b/none/tests/solaris/readlinkat_self.vgtest
+@@ -0,0 +1 @@
++prog: readlinkat_self
+-- 
+2.52.0
+

0004-Linux-DRD-suppression-add-an-entry-for-__is_decorate.patch

@@ -0,0 +1,46 @@
+From 4a1d79be47ead6918053f649f66107b8d8df4310 Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Mon, 1 Dec 2025 08:12:30 +0100
+Subject: [PATCH 4/6] Linux DRD suppression: add an entry for
+ __is_decorate_maps_enabled
+
+Seen on Fedora 43
+
+(cherry picked from commit cfc8b0706a9a0fbf05525a0ce142e2bf4cc53fed)
+---
+ drd/tests/std_thread2.supp | 7 +++++++
+ glibc-2.X-drd.supp.in      | 6 ++++++
+ 2 files changed, 13 insertions(+)
+
+diff --git a/drd/tests/std_thread2.supp b/drd/tests/std_thread2.supp
+index 40741b06f889..39a201da9af7 100644
+--- a/drd/tests/std_thread2.supp
++++ b/drd/tests/std_thread2.supp
+@@ -98,3 +98,10 @@
+    drd:ConflictingAccess
+    fun:__set_vma_name
+ }
++
++{
++   drd-libc-__is_decorate_maps_enabled
++   drd:ConflictingAccess
++   fun:__is_decorate_maps_enabled
++}
++
+diff --git a/glibc-2.X-drd.supp.in b/glibc-2.X-drd.supp.in
+index 419ff2256c92..6866904470d6 100644
+--- a/glibc-2.X-drd.supp.in
++++ b/glibc-2.X-drd.supp.in
+@@ -369,3 +369,9 @@
+    fun:_dl_exception_create_format
+ }
+ 
++{
++   drd-libc-__is_decorate_maps_enabled
++   drd:ConflictingAccess
++   fun:__is_decorate_maps_enabled
++}
++
+-- 
+2.52.0
+

0005-Linux-Helgrind-add-a-suppression-for-_dl_allocate_tl.patch

@@ -0,0 +1,30 @@
+From c080f583dc41a779d339ffd2a08863bd05a80904 Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Mon, 1 Dec 2025 08:18:56 +0100
+Subject: [PATCH 5/6] Linux Helgrind: add a suppression for
+ _dl_allocate_tls_init
+
+Seen on Fedora 43 amd64
+
+(cherry picked from commit b599858486bb7db6d2ff3e6ddc4e7f71791d393d)
+---
+ glibc-2.X-helgrind.supp.in | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/glibc-2.X-helgrind.supp.in b/glibc-2.X-helgrind.supp.in
+index 9b1ef9ae485b..61d4e1d724d0 100644
+--- a/glibc-2.X-helgrind.supp.in
++++ b/glibc-2.X-helgrind.supp.in
+@@ -356,3 +356,9 @@
+    obj:/usr/lib/*/libnss_mdns4*.so.*
+ }
+ 
++{
++   helgrind---_dl_allocate_tls_init
++   Helgrind:Race
++   fun:mempcpy
++   fun:_dl_allocate_tls_init
++}
+-- 
+2.52.0
+

0006-Disable-linux-madvise-MADV_GUARD_INSTALL.patch

@@ -0,0 +1,95 @@
+From dbdfc2b4522bb210786bddbc16e3ad855d5fa62a Mon Sep 17 00:00:00 2001
+From: Mark Wielaard <mark@klomp.org>
+Date: Wed, 7 Jan 2026 22:20:49 +0100
+Subject: [PATCH 6/6] Disable linux madvise MADV_GUARD_INSTALL
+
+glibc 2.42+ (with linux 6.13+) uses MADV_GUARD_INSTALL to setup stack
+guard pages. valgrind currently isn't able to track this and such
+guard pages also don't show up in /proc maps (only in /proc pagemap
+since linux 6.14). For now valgrind fails a madvise MADV_GUARD_INSTALL
+syscall with EINVAL. This causes glibc to fall back to mprotect
+PROT_NONE which valgrind is able to track.
+
+https://bugs.kde.org/show_bug.cgi?id=511717
+
+(cherry picked from commit 19a34d1d9376f459cf0a19feb39ea4ab27690390)
+---
+ NEWS                                  | 14 ++++++++++++++
+ coregrind/m_syswrap/syswrap-generic.c | 10 ++++++++++
+ include/vki/vki-linux.h               |  7 +++++++
+ 3 files changed, 31 insertions(+)
+
+diff --git a/NEWS b/NEWS
+index cca48f513138..28409915e1a1 100644
+--- a/NEWS
++++ b/NEWS
+@@ -1,6 +1,18 @@
+ Branch 3.26
+ ~~~~~~~~~~~
+ 
++* ==================== CORE CHANGES ===================
++
++* linux madvise MADV_GUARD_INSTALL unsupported
++
++  glibc 2.42+ (with linux 6.13+) uses MADV_GUARD_INSTALL to setup
++  stack guard pages. valgrind currently isn't able to track this and
++  such guard pages also don't show up in /proc maps (only in /proc
++  pagemap since linux 6.14). For now valgrind fails a madvise
++  MADV_GUARD_INSTALL syscall with EINVAL. This causes glibc to fall
++  back to mprotect PROT_NONE which valgrind is able to track.
++  See also https://bugs.kde.org/show_bug.cgi?id=514297
++
+ * ==================== FIXED BUGS ====================
+ 
+ The following bugs have been fixed or resolved on this branch.
+@@ -8,6 +20,8 @@ The following bugs have been fixed or resolved on this branch.
+ 511972  valgrind-3.26.0 tests fail to build on upcomig gcc-16:
+         unrecognized command-line option
+         '-Wno-alloc-size-larger-than=18446744073709551615'
++511717  gdbserver (valgrind_read_memory) the 'impossible' happened:
++        Killed by fatal signal (SIGSEGV)
+ 514094  readlink("/proc/self/exe") overwrites buffer beyond its return value
+ 
+ To see details of a given bug, visit
+diff --git a/coregrind/m_syswrap/syswrap-generic.c b/coregrind/m_syswrap/syswrap-generic.c
+index f39dbcdba055..668acc4605a8 100644
+--- a/coregrind/m_syswrap/syswrap-generic.c
++++ b/coregrind/m_syswrap/syswrap-generic.c
+@@ -3112,6 +3112,16 @@ PRE(sys_madvise)
+                         ARG1, ARG2, SARG3);
+    PRE_REG_READ3(long, "madvise",
+                  unsigned long, start, vki_size_t, length, int, advice);
++   /* Ugly hack to try to bypass the problem of guard pages not being
++      understood by valgrind aspace manager.
++      By making the syscall fail, we expect glibc to fallback
++      on implementing guard pages with mprotect PROT_NONE to ensure
++      the valgrind address space manager is not confused wrongly
++      believing the guard page is rw. */
++#ifdef VKI_MADV_GUARD_INSTALL
++   if (ARG3 == VKI_MADV_GUARD_INSTALL)
++      SET_STATUS_Failure( VKI_EINVAL );
++#endif
+ }
+ 
+ #if HAVE_MREMAP
+diff --git a/include/vki/vki-linux.h b/include/vki/vki-linux.h
+index 3f9272f4d18e..96c181a85775 100644
+--- a/include/vki/vki-linux.h
++++ b/include/vki/vki-linux.h
+@@ -1364,6 +1364,13 @@ struct  vki_seminfo {
+ #define VKI_MREMAP_MAYMOVE	1
+ #define VKI_MREMAP_FIXED	2
+ 
++//----------------------------------------------------------------------
++// Common madvise flags mman-common.h
++//----------------------------------------------------------------------
++
++#define VKI_MADV_GUARD_INSTALL 102
++#define VKI_MADV_GUARD_REMOVE  103
++
+ //----------------------------------------------------------------------
+ // From linux-2.6.31-rc4/include/linux/futex.h
+ //----------------------------------------------------------------------
+-- 
+2.52.0
+

0007-Bug-514613-Unclosed-leak_summary-still_reachable-tag.patch

@@ -0,0 +1,41 @@
+From 0a95412527ecba22cdb0f96a905a7a5ce45a14bc Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Thu, 15 Jan 2026 08:44:52 +0100
+Subject: [PATCH 7/8] Bug 514613 - Unclosed leak_summary/still_reachable tag in
+ xml output
+
+(cherry picked from commit 758b0f55e878fd7bd9dcd1ff3e74f10a7a00a771)
+---
+ NEWS                    | 1 +
+ memcheck/mc_leakcheck.c | 3 ++-
+ 2 files changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 28409915e1a1..164218c14e76 100644
+--- a/NEWS
++++ b/NEWS
+@@ -23,6 +23,7 @@ The following bugs have been fixed or resolved on this branch.
+ 511717  gdbserver (valgrind_read_memory) the 'impossible' happened:
+         Killed by fatal signal (SIGSEGV)
+ 514094  readlink("/proc/self/exe") overwrites buffer beyond its return value
++514613  Unclosed leak_summary/still_reachable tag in xml output
+ 
+ To see details of a given bug, visit
+   https://bugs.kde.org/show_bug.cgi?id=XXXXXX
+diff --git a/memcheck/mc_leakcheck.c b/memcheck/mc_leakcheck.c
+index 586bff448bfb..4df0b180d5d1 100644
+--- a/memcheck/mc_leakcheck.c
++++ b/memcheck/mc_leakcheck.c
+@@ -1768,7 +1768,8 @@ static void print_results(ThreadId tid, LeakCheckParams* lcp)
+       umsg_or_xml(VG_(clo_xml) ?
+                   "  <still_reachable>\n"
+                   "    <bytes>%'lu%s</bytes>\n"
+-                  "    <blocks>%'lu%s</blocks>\n" :
++                  "    <blocks>%'lu%s</blocks>\n"
++                  "  </still_reachable>\n" :
+                   "   still reachable: %'lu%s bytes in %'lu%s blocks\n",
+                 MC_(bytes_reachable), 
+                 DBY (MC_(bytes_reachable), old_bytes_reachable), 
+-- 
+2.52.0
+

0008-Bug-514206-Assertion-sr_isError-sr-failed-mmap-fd-po.patch

@@ -0,0 +1,45 @@
+From 2ddba5ddc12312386b019b4a785c80ce8633ba57 Mon Sep 17 00:00:00 2001
+From: Paul Floyd <pjfloyd@wanadoo.fr>
+Date: Tue, 20 Jan 2026 07:44:31 +0100
+Subject: [PATCH 8/8] Bug 514206 - Assertion '!sr_isError(sr)' failed - mmap fd
+ points to an open descriptor to a PCI device
+
+(cherry picked from commit 38609f9b87eb6908a4a04ed5882db337edaec765)
+---
+ NEWS                              | 2 ++
+ coregrind/m_debuginfo/debuginfo.c | 5 ++++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/NEWS b/NEWS
+index 164218c14e76..a09cf7e1bba3 100644
+--- a/NEWS
++++ b/NEWS
+@@ -23,6 +23,8 @@ The following bugs have been fixed or resolved on this branch.
+ 511717  gdbserver (valgrind_read_memory) the 'impossible' happened:
+         Killed by fatal signal (SIGSEGV)
+ 514094  readlink("/proc/self/exe") overwrites buffer beyond its return value
++514206  Assertion '!sr_isError(sr)' failed - mmap fd points to an open
++        descriptor to a PCI device
+ 514613  Unclosed leak_summary/still_reachable tag in xml output
+ 
+ To see details of a given bug, visit
+diff --git a/coregrind/m_debuginfo/debuginfo.c b/coregrind/m_debuginfo/debuginfo.c
+index 18152b9e25e4..196fe8d98811 100644
+--- a/coregrind/m_debuginfo/debuginfo.c
++++ b/coregrind/m_debuginfo/debuginfo.c
+@@ -1177,8 +1177,11 @@ ULong VG_(di_notify_mmap)( Addr a, Bool allow_SkFileV, Int use_fd )
+     * --20208-- WARNING: Serious error when reading debug info
+     * --20208-- When reading debug info from /proc/xen/privcmd:
+     * --20208-- can't read file to inspect ELF header
++    *
++    * Also PCI devices, see bug 514206
+     */
+-   if (VG_(strncmp)(filename, "/proc/xen/", 10) == 0)
++   if (VG_(strncmp)(filename, "/proc/xen/", 10) == 0 ||
++       VG_(strncmp)(filename, "/sys/devices/pci", 16) == 0)
+       return 0;
+ 
+    if (debug)
+-- 
+2.52.0
+

ppc64-strcmp-ld.patch

@@ -1,87 +0,0 @@
-diff --git a/coregrind/m_redir.c b/coregrind/m_redir.c
-index 63172b971..857f910cb 100644
---- a/coregrind/m_redir.c
-+++ b/coregrind/m_redir.c
-@@ -1508,6 +1508,12 @@ void VG_(redir_initialise) ( void )
-          NULL /* not mandatory - so why bother at all? */
-          /* glibc-2.5 (FC6, ppc64) seems fine without it */
-       );
-+
-+      add_hardwired_spec(
-+         "ld64.so.2", "strcmp",
-+         (Addr)&VG_(ppc64_linux_REDIR_FOR_strcmp),
-+         NULL
-+      );
-    }
- 
- #  elif defined(VGP_arm_linux)
-diff --git a/coregrind/m_trampoline.S b/coregrind/m_trampoline.S
-index 2c2cc0dc2..5e1f2f147 100644
---- a/coregrind/m_trampoline.S
-+++ b/coregrind/m_trampoline.S
-@@ -602,8 +602,52 @@ VG_(ppc64_linux_REDIR_FOR_strchr):
-         .long 0
-         .byte 0,0,0,0,0,0,0,0
- .L1end:
--
- 	
-+	/* this function is written using the "dotless" ABI convention */
-+	.align 2
-+	.globl VG_(ppc64_linux_REDIR_FOR_strcmp)
-+#if !defined VGP_ppc64be_linux || _CALL_ELF == 2
-+        /* Little Endian uses ELF version 2 */
-+        .type VG_(ppc64_linux_REDIR_FOR_strcmp),@function
-+VG_(ppc64_linux_REDIR_FOR_strcmp):
-+#else
-+        /* Big Endian uses ELF version 1 */
-+	.section        ".opd","aw"
-+	.align 3
-+VG_(ppc64_linux_REDIR_FOR_strcmp):
-+	.quad   .L.VG_(ppc64_linux_REDIR_FOR_strcmp),.TOC.@tocbase,0
-+	.previous
-+	.size	VG_(ppc64_linux_REDIR_FOR_strcmp), \
-+			.LFE0-.L.VG_(ppc64_linux_REDIR_FOR_strcmp)
-+	.type	VG_(ppc64_linux_REDIR_FOR_strcmp), @function
-+
-+.L.VG_(ppc64_linux_REDIR_FOR_strcmp):
-+#endif
-+#if _CALL_ELF == 2
-+0:      addis        2,12,.TOC.-0b@ha
-+        addi         2,2,.TOC.-0b@l
-+        .localentry  VG_(ppc64_linux_REDIR_FOR_strcmp), .-VG_(ppc64_linux_REDIR_FOR_strcmp)
-+#endif
-+.LFB0:
-+        .cfi_startproc
-+        li 10,0
-+.L3:
-+        lbzx 8,3,10
-+        lbzx 9,4,10
-+        cmpwi 0,8,0
-+        beq 0,.L2
-+        cmpw 0,8,9
-+        addi 10,10,1
-+        beq 0,.L3
-+.L2:
-+        subf 3,9,8
-+        extsw 3,3
-+        blr
-+        .long 0
-+        .byte 0,0,0,0,0,0,0,0
-+        .cfi_endproc
-+.LFE0:
-+
- .global VG_(trampoline_stuff_end)
- VG_(trampoline_stuff_end):
- 
-diff --git a/coregrind/pub_core_trampoline.h b/coregrind/pub_core_trampoline.h
-index 11d791df7..92b4fc67b 100644
---- a/coregrind/pub_core_trampoline.h
-+++ b/coregrind/pub_core_trampoline.h
-@@ -97,6 +97,7 @@ extern void* VG_(ppc32_linux_REDIR_FOR_strchr)( void*, Int );
- #if defined(VGP_ppc64be_linux) || defined(VGP_ppc64le_linux)
- extern Addr  VG_(ppc64_linux_SUBST_FOR_rt_sigreturn);
- extern UInt  VG_(ppc64_linux_REDIR_FOR_strlen)( void* );
-+extern UInt  VG_(ppc64_linux_REDIR_FOR_strcmp)( void*, void* );
- extern void* VG_(ppc64_linux_REDIR_FOR_strchr)( void*, Int );
- /* A label (sans dot) marking the ultra-magical return stub via which
-    all redirected and wrapped functions are made to "return" on

sources

@@ -1 +1 @@
-SHA512 (valgrind-3.25.1.tar.bz2) = 6a474d58730274c57d6ca012ffd3226d393d6507cd57bf46c3b26c87a0cba84e3c8cfc84c8c76e50041861e98baba7b9613490faef4212d082845581d08af351
+SHA512 (valgrind-3.26.0.tar.bz2) = 80ebf9197be602fdd4aad0e9277e6ef2fd25ede9cecb6e6d159f6f062c13f62ad907c6b6e7000e82b3404d8b4f9e7bf15813f60d9fed414c7b713a4280c82898

valgrind-3.26.0-some-Wl-z-now.patch

@@ -1,34 +1,28 @@
-commit d3c977726064ba09fed6dfc7daf22b16824c97b4
-Author: Mark Wielaard <mark@klomp.org>
-Date:   Fri May 24 18:24:56 2019 +0200
-
-    Add -Wl,-z,now to some binaries.
-
 diff --git a/auxprogs/Makefile.am b/auxprogs/Makefile.am
-index 1b7842b..e211eec 100644
+index 2b8703cf1a63..8cb828b85c57 100644
 --- a/auxprogs/Makefile.am
 +++ b/auxprogs/Makefile.am
-@@ -32,7 +32,7 @@ valgrind_listener_SOURCES = valgrind-listener.c
+@@ -50,7 +50,7 @@ valgrind_listener_SOURCES = valgrind-listener.c
  valgrind_listener_CPPFLAGS  = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind
- valgrind_listener_CFLAGS    = $(AM_CFLAGS_PRI) -fstack-protector-strong
+ valgrind_listener_CFLAGS    = $(AM_CFLAGS_PRI) -fhosted -fstack-protector-strong
  valgrind_listener_CCASFLAGS = $(AM_CCASFLAGS_PRI)
 -valgrind_listener_LDFLAGS   = $(AM_CFLAGS_PRI)
 +valgrind_listener_LDFLAGS   = $(AM_CFLAGS_PRI) -Wl,-z,now
  if VGCONF_PLATVARIANT_IS_ANDROID
  valgrind_listener_CFLAGS    += -static
  endif
-@@ -51,7 +51,7 @@ valgrind_di_server_SOURCES   = valgrind-di-server.c
+@@ -69,7 +69,7 @@ valgrind_di_server_SOURCES   = valgrind-di-server.c
  valgrind_di_server_CPPFLAGS  = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind
- valgrind_di_server_CFLAGS    = $(AM_CFLAGS_PRI) -fstack-protector-strong
+ valgrind_di_server_CFLAGS    = $(AM_CFLAGS_PRI) -fhosted -fstack-protector-strong
  valgrind_di_server_CCASFLAGS = $(AM_CCASFLAGS_PRI)
 -valgrind_di_server_LDFLAGS   = $(AM_CFLAGS_PRI)
 +valgrind_di_server_LDFLAGS   = $(AM_CFLAGS_PRI) -Wl,-z,now
  if VGCONF_PLATVARIANT_IS_ANDROID
  valgrind_di_server_CFLAGS    += -static
  endif
-@@ -86,7 +86,7 @@ getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_SOURCES   = getoff.c
+@@ -104,7 +104,7 @@ getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_SOURCES   = getoff.c
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CPPFLAGS  = $(AM_CPPFLAGS_@VGCONF_PLATFORM_PRI_CAPS@)
- getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fstack-protector-strong
+ getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fhosted -fstack-protector-strong
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CCASFLAGS = $(AM_CCASFLAGS_PRI)
 -getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@
 +getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@ -Wl,-z,now
@@ -36,21 +30,21 @@ index 1b7842b..e211eec 100644
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDADD = $(LDADD) -ldl
  endif
 diff --git a/coregrind/Makefile.am b/coregrind/Makefile.am
-index 3c73210..fb6b7bb 100644
+index 0bcb4a4f423f..59fc48052e50 100644
 --- a/coregrind/Makefile.am
 +++ b/coregrind/Makefile.am
-@@ -57,7 +57,7 @@ RANLIB = ${LTO_RANLIB}
+@@ -64,7 +64,7 @@ RANLIB = ${LTO_RANLIB}
  valgrind_CPPFLAGS  = $(AM_CPPFLAGS_PRI)
- valgrind_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong
+ valgrind_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fhosted -fstack-protector-strong
  valgrind_CCASFLAGS = $(AM_CCASFLAGS_PRI)
 -valgrind_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@
 +valgrind_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@ -Wl,-z,now
  # If there is no secondary platform, and the platforms include x86-darwin,
  # then the primary platform must be x86-darwin.  Hence:
  if ! VGCONF_HAVE_PLATFORM_SEC
-@@ -104,7 +104,7 @@
+@@ -106,7 +106,7 @@ endif
  vgdb_CPPFLAGS  = $(AM_CPPFLAGS_PRI) $(GDB_SCRIPTS_DIR)
- vgdb_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong
+ vgdb_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fhosted -fstack-protector-strong
  vgdb_CCASFLAGS = $(AM_CCASFLAGS_PRI)
 -vgdb_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@
 +vgdb_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@ -Wl,-z,now

valgrind-3.26.0-some-stack-protector.patch

@@ -1,45 +1,48 @@
-commit b73fb7a614e1b5d60af23fb0752b5cead995e02e
-Author: Mark Wielaard <mark@klomp.org>
-Date:   Sun Apr 14 00:30:05 2019 +0200
-
-    Remove no-stack-protector, add stack-protector-strong to some.
-
 diff --git a/auxprogs/Makefile.am b/auxprogs/Makefile.am
-index 56cc5ef..1b7842b 100644
+index d96e7fd0a968..2b8703cf1a63 100644
 --- a/auxprogs/Makefile.am
 +++ b/auxprogs/Makefile.am
-@@ -30,7 +30,7 @@ bin_PROGRAMS = valgrind-listener valgrind-di-server
+@@ -48,7 +48,7 @@ bin_PROGRAMS = valgrind-listener valgrind-di-server
  
  valgrind_listener_SOURCES = valgrind-listener.c
  valgrind_listener_CPPFLAGS  = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind
--valgrind_listener_CFLAGS    = $(AM_CFLAGS_PRI)
-+valgrind_listener_CFLAGS    = $(AM_CFLAGS_PRI) -fstack-protector-strong
+-valgrind_listener_CFLAGS    = $(AM_CFLAGS_PRI) -fhosted
++valgrind_listener_CFLAGS    = $(AM_CFLAGS_PRI) -fhosted -fstack-protector-strong
  valgrind_listener_CCASFLAGS = $(AM_CCASFLAGS_PRI)
  valgrind_listener_LDFLAGS   = $(AM_CFLAGS_PRI)
  if VGCONF_PLATVARIANT_IS_ANDROID
-@@ -49,7 +49,7 @@ endif
+@@ -67,7 +67,7 @@ endif
  
  valgrind_di_server_SOURCES   = valgrind-di-server.c
  valgrind_di_server_CPPFLAGS  = $(AM_CPPFLAGS_PRI) -I$(top_srcdir)/coregrind
--valgrind_di_server_CFLAGS    = $(AM_CFLAGS_PRI)
-+valgrind_di_server_CFLAGS    = $(AM_CFLAGS_PRI) -fstack-protector-strong
+-valgrind_di_server_CFLAGS    = $(AM_CFLAGS_PRI) -fhosted
++valgrind_di_server_CFLAGS    = $(AM_CFLAGS_PRI) -fhosted -fstack-protector-strong
  valgrind_di_server_CCASFLAGS = $(AM_CCASFLAGS_PRI)
  valgrind_di_server_LDFLAGS   = $(AM_CFLAGS_PRI)
  if VGCONF_PLATVARIANT_IS_ANDROID
-@@ -84,7 +84,7 @@ endif
+@@ -102,7 +102,7 @@ endif
  
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_SOURCES   = getoff.c
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CPPFLAGS  = $(AM_CPPFLAGS_@VGCONF_PLATFORM_PRI_CAPS@)
--getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@)
-+getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fstack-protector-strong
+-getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fhosted
++getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_PRI_CAPS@) -fhosted -fstack-protector-strong
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_CCASFLAGS = $(AM_CCASFLAGS_PRI)
  getoff_@VGCONF_ARCH_PRI@_@VGCONF_OS@_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@
  if HAVE_DLINFO_RTLD_DI_TLS_MODID
+@@ -119,7 +119,7 @@ endif
+ if VGCONF_HAVE_PLATFORM_SEC
+ getoff_@VGCONF_ARCH_SEC@_@VGCONF_OS@_SOURCES   = getoff.c
+ getoff_@VGCONF_ARCH_SEC@_@VGCONF_OS@_CPPFLAGS  = $(AM_CPPFLAGS_@VGCONF_PLATFORM_SEC_CAPS@)
+-getoff_@VGCONF_ARCH_SEC@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_SEC_CAPS@) -fhosted
++getoff_@VGCONF_ARCH_SEC@_@VGCONF_OS@_CFLAGS    = $(AM_CFLAGS_@VGCONF_PLATFORM_SEC_CAPS@) -fhosted -fstack-protector-strong
+ getoff_@VGCONF_ARCH_SEC@_@VGCONF_OS@_CCASFLAGS = $(AM_CCASFLAGS_SEC)
+ getoff_@VGCONF_ARCH_SEC@_@VGCONF_OS@_LDFLAGS   = $(AM_CFLAGS_SEC)
+ if HAVE_DLINFO_RTLD_DI_TLS_MODID
 diff --git a/configure.ac b/configure.ac
-index f8c798b..ccc8f52 100755
+index 90fafaf1c557..84a3d22c5bff 100644
 --- a/configure.ac
 +++ b/configure.ac
-@@ -2352,24 +2352,24 @@
+@@ -2764,24 +2764,24 @@ AC_LANG(C)
  AM_CONDITIONAL([HAVE_ALIGNED_CXX_ALLOC], [test x$ac_have_aligned_cxx_alloc = xyes])
  
  # does this compiler support -fno-stack-protector ?
@@ -82,24 +85,24 @@ index f8c798b..ccc8f52 100755
  
  # does this compiler support -finline-functions ?
 diff --git a/coregrind/Makefile.am b/coregrind/Makefile.am
-index 94030fd..3c73210 100644
+index 4ead1542b0c7..0bcb4a4f423f 100644
 --- a/coregrind/Makefile.am
 +++ b/coregrind/Makefile.am
-@@ -55,7 +55,7 @@ AR = ${LTO_AR}
+@@ -62,7 +62,7 @@ AR = ${LTO_AR}
  RANLIB = ${LTO_RANLIB}
  
  valgrind_CPPFLAGS  = $(AM_CPPFLAGS_PRI)
--valgrind_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS)
-+valgrind_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong
+-valgrind_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fhosted
++valgrind_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fhosted -fstack-protector-strong
  valgrind_CCASFLAGS = $(AM_CCASFLAGS_PRI)
  valgrind_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@
  # If there is no secondary platform, and the platforms include x86-darwin,
-@@ -102,7 +102,7 @@
+@@ -104,7 +104,7 @@ vgdb_SOURCES += vgdb-invoker-freebsd.c
  endif
  
  vgdb_CPPFLAGS  = $(AM_CPPFLAGS_PRI) $(GDB_SCRIPTS_DIR)
--vgdb_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS)
-+vgdb_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fstack-protector-strong
+-vgdb_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fhosted
++vgdb_CFLAGS    = $(AM_CFLAGS_PRI) $(LTO_CFLAGS) -fhosted -fstack-protector-strong
  vgdb_CCASFLAGS = $(AM_CCASFLAGS_PRI)
  vgdb_LDFLAGS   = $(AM_CFLAGS_PRI) @LIB_UBSAN@
  if VGCONF_PLATVARIANT_IS_ANDROID

valgrind.spec

@@ -2,8 +2,8 @@
 
 Summary: Dynamic analysis tools to detect memory or thread bugs and profile
 Name: %{?scl_prefix}valgrind
-Version: 3.25.1
-Release: 3%{?dist}
+Version: 3.26.0
+Release: 5%{?dist}
 Epoch: 1
 
 # This ignores licenses that are only found in the test or perf sources
@@ -12,7 +12,7 @@ Epoch: 1
 # a license specifier is in coregrind/m_main.c for some Hacker's Delight
 # public domain code, which is only compiled into Darwin binaries, which
 # we don't create. Also some subpackages have their own license tags.
-License: GPL-2.0-or-later AND bzip2-1.0.6 AND GFDL-1.2-or-later AND (GPL-2.0-or-later AND LGPL-2.0-or-later) AND (GPL-2.0-or-later AND ISC) AND (GPL-2.0-or-later AND Unlicense) AND (GPL-2.0-or-later AND Zlib) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later AND BSD-3-Clause) AND (GPL-2.0-or-later AND (MIT OR NCSA)) AND CMU-Mach AND (GPL-2.0-or-later AND X11 AND BSD-3-Clause) AND X11 AND (GPL-2.0-or-later AND LGPL-2.0-or-later) AND (GPL-2.0-or-later AND (GPL-2.0-or-later OR MPL-2.0)) AND (GPL-2.0-or-later WITH Autoconf-exception-generic) AND (GPL-3.0-or-later WITH Autoconf-exception-generic-3.0) AND FSFULLR AND FSFAP AND FSFUL AND FSFULLRWD
+License: GPL-3.0-or-later AND bzip2-1.0.6 AND (GPL-3.0-or-later AND LGPL-2.0-or-later) AND (GPL-3.0-or-later AND ISC) AND (GPL-3.0-or-later AND Unlicense) AND (GPL-3.0-or-later AND Zlib) AND (GPL-3.0-or-later WITH GCC-exception-2.0) AND (LGPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-3.0-or-later AND BSD-3-Clause) AND (GPL-3.0-or-later AND (MIT OR NCSA)) AND CMU-Mach AND (GPL-3.0-or-later AND X11 AND BSD-3-Clause) AND X11 AND (GPL-3.0-or-later AND LGPL-2.0-or-later) AND (GPL-2.0-or-later WITH Autoconf-exception-generic) AND (GPL-3.0-or-later WITH Autoconf-exception-generic-3.0) AND FSFULLR AND FSFAP AND FSFUL AND FSFULLRWD
 URL: https://www.valgrind.org/
 
 # Are we building for a Software Collection?
@@ -80,19 +80,23 @@ Patch1: valgrind-3.9.0-cachegrind-improvements.patch
 Patch2: valgrind-3.9.0-ldso-supp.patch
 
 # Add some stack-protector
-Patch3: valgrind-3.16.0-some-stack-protector.patch
+Patch3: valgrind-3.26.0-some-stack-protector.patch
 
 # Add some -Wl,z,now.
-Patch4: valgrind-3.16.0-some-Wl-z-now.patch
+Patch4: valgrind-3.26.0-some-Wl-z-now.patch
 
-# VALGRIND_3_25_BRANCH patches
-Patch5: 0001-Prepare-NEWS-for-branch-3.25.x-fixes.patch
-Patch6: 0002-Bug-503241-s390x-Support-z17-changes-to-the-NNPA-ins.patch
-Patch7: 0003-Add-several-missing-syscall-hooks-to-ppc64-linux.patch
+# VALGRIND_3_26_BRANCH patches
+Patch5: 0001-Prepare-NEWS-for-branch-3.26-fixes.patch
+Patch6: 0002-Bug-511972-valgrind-3.26.0-tests-fail-to-build-on-up.patch
+Patch7: 0003-readlink-proc-self-exe-overwrites-buffer-beyond-its-.patch
+Patch8: 0004-Linux-DRD-suppression-add-an-entry-for-__is_decorate.patch
+Patch9: 0005-Linux-Helgrind-add-a-suppression-for-_dl_allocate_tl.patch
+Patch10: 0006-Disable-linux-madvise-MADV_GUARD_INSTALL.patch
+Patch11: 0007-Bug-514613-Unclosed-leak_summary-still_reachable-tag.patch
+Patch12: 0008-Bug-514206-Assertion-sr_isError-sr-failed-mmap-fd-po.patch
 
-# Proposed upstream patches
-# https://bugs.kde.org/show_bug.cgi?id=508145
-Patch101: ppc64-strcmp-ld.patch
+# Refix for https://bugs.kde.org/show_bug.cgi?id=514613
+Patch100: 0001-Refix-still_reachable-xml-closing-tag-and-add-testca.patch
 
 BuildRequires: make
 BuildRequires: glibc-devel
@@ -223,7 +227,7 @@ Documentation in html and pdf, plus man pages for valgrind tools and scripts.
 
 %package scripts
 Summary: Scripts for post-processing valgrind tool output
-License: GPL-2.0-or-later
+License: GPL-3.0-or-later AND (GPL-3.0-or-later OR MPL-2.0)
 # Most scripts can be used as is for post-processing a valgrind tool run.
 # But callgrind_control uses vgdb.
 Recommends: %{?scl_prefix}valgrind-gdb = %{epoch}:%{version}-%{release}
@@ -233,7 +237,7 @@ Perl and Python scripts for post-processing valgrind tool output.
 
 %package gdb
 Summary: Tools for integrating valgrind and gdb
-License: GPL-2.0-or-later
+License: GPL-3.0-or-later
 Requires: %{?scl_prefix}valgrind = %{epoch}:%{version}-%{release}
 # vgdb can be used without gdb, just to control valgrind.
 # But normally you use it together with both valgrind and gdb.
@@ -276,8 +280,13 @@ Valgrind User Manual for details.
 %patch -P5 -p1
 %patch -P6 -p1
 %patch -P7 -p1
+%patch -P8 -p1
+%patch -P9 -p1
+%patch -P10 -p1
+%patch -P11 -p1
+%patch -P12 -p1
 
-%patch -P101 -p1
+%patch -P100 -p1
 
 %build
 # LTO triggers undefined symbols in valgrind.  But valgrind has a
@@ -482,6 +491,7 @@ echo ===============END TESTING===============
 %{_bindir}/valgrind-di-server
 %{_bindir}/valgrind-listener
 %{_bindir}/vgdb
+%{_bindir}/vgstack
 # gdb register descriptions
 %{_libexecdir}/valgrind/*.xml
 %{_datadir}/gdb/auto-load/valgrind-monitor.py
@@ -517,6 +527,28 @@ echo ===============END TESTING===============
 %endif
 
 %changelog
+* Thu Jan 29 2026 Mark Wielaard <mjw@redhat.com> - 3.26.0-5
+- Add 0001-Refix-still_reachable-xml-closing-tag-and-add-testca.patch
+
+* Tue Jan 27 2026 Mark Wielaard <mjw@redhat.com> - 3.26.0-4
+- Add VALGRIND_3_26_BRANCH patches
+  - 0001-Prepare-NEWS-for-branch-3.26-fixes.patch
+  - 0002-Bug-511972-valgrind-3.26.0-tests-fail-to-build-on-up.patch
+  - 0003-readlink-proc-self-exe-overwrites-buffer-beyond-its-.patch
+  - 0004-Linux-DRD-suppression-add-an-entry-for-__is_decorate.patch
+  - 0005-Linux-Helgrind-add-a-suppression-for-_dl_allocate_tl.patch
+  - 0006-Disable-linux-madvise-MADV_GUARD_INSTALL.patch
+  - 0007-Bug-514613-Unclosed-leak_summary-still_reachable-tag.patch
+  - 0008-Bug-514206-Assertion-sr_isError-sr-failed-mmap-fd-po.patch
+
+* Tue Nov  4 2025 Mark Wielaard <mjw@redhat.com> - 3.26.0-1
+- Valgrind 3.26.0 final
+- Remove all VALGRIND_3_25_BRANCH and proposed upstream patches
+- Refresh some-stack-protector and some-Wl-z-now patches.
+- Add vgstack to valgrind-gdb.
+- Update License to GPL-3.0-or-later
+- Clarify License of valgrind-scripts.
+
 * Mon Aug 18 2025 Mark Wielaard <mjw@redhat.com> - 3.25.1-3
 - Add ppc64-strcmp-ld.patch
 - Add 0003-Add-several-missing-syscall-hooks-to-ppc64-linux.patch