imgact_elf: handle unaligned phdrs
Althought non-compliant, there are binaries which have the phdrs placed
unaligned in the image. Since we have the code to allocate memory for
off-page phdrs, the same code path can be used to handle unaligned
phdrs.
Relax the requirement for both the activated image and interpreter.
PR: 295629
Reviewed by: emaste, markj, olce
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D57498
loader.efi: Fix when staging moves late
Prior to this commit, we'd compute the page tables and have the last
entries point to the staging area. We'd then add some more metadata to
the image and boot. This assumed the staging area didn't need to move
for this last bit of data.
However, if we go over the staging limit, when we copyin new data, we
grow the staging area, usually be moving it to a lower address. This
overage usually happens when we're loading modules and so things work
out nicely. Sometimes we're close to the limit, and we need to do this
growing inside bi_load, after we've computed the page table, making the
page table wrong, and the code we jump to random rather than the btext
routine we normally start at.
To fix this, move computation of the table (but not its allocation) to
after bi_load, but before we call the trampoline.
This problem was most observed when loading microcode for many peole,
[19 lines not shown]
security/krb5-12?: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
(cherry picked from commit 8854e0201abe6c8292d0360c23a8be7201240016)
security/krb5-122: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
src commit efb5c07f91c5
(cherry picked from commit cfb473892e7ff64daa2ea4f3fdc63768eaed66d3)
security/krb5-devel: update to the latest MIT/KRB5 github commit
Support for OpenSSL 1.1.1 has been removed by upstream in this update.
(cherry picked from commit 1f29b1929b8217b102eeb2d2ce3ca836801622d4)
security/krb5-12?: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
MFH: 2026Q2
security/krb5-122: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
src commit efb5c07f91c5
MFH: 2026Q2
sysutils/iocage: Fix build and runtime issues
This switches the build to pyproject.yml and hatchling to avoid
various setuptools issues.
It adds a workaround for problems with py-click, which
prevented some command line options from working properly
(especially formatting output for scripting using '-h').
While there, import small github hosted patch into the tree.
PR: 295084, 295723
Reported by: andreas at turriff.net, echoxxzz at gmail.com
firewire: Fix watchdog_clock aliasing and fw_tl2xfer UAF race
Two bugs in the firewire bus layer that affect all consumers (
if_fwip, sbp):
watchdog_clock was a static local in firewire_watchdog(), shared across
all firewire_comm instances. With two controllers (e.g. built-in +
Thunderbolt Display), both advance the same counter, so the second
controller's 15-second boot-time timeout guard expires prematurely.
fw_tl2xfer() released tlabel_lock before returning the xfer pointer.
Reviewed by: zlei, adrian
Differential Revision: https://reviews.freebsd.org/D57496
archivers/py-pycdlib: New port
PyCdlib is a pure python library to parse, write (master), and create
ISO9660 files, suitable for writing to a CD or USB.
krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
MFC after: 3 days
krb5: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
MFC after: 3 days
