PR bin/60275 one more (should be the last) correction
It wasn't possible to do this, previously, but after the 3rd
in the sequence, we can (it should have been included with that one).
Never even look at gotsig[signo] in a vforked child - it will
be reflecting the state of the parent, not the child, so has
nothing to do with the child (this wasn't true until after the
3rd fix, which made sure that the child after a vfork doesn't
step on the parent's memory).
This will fix an unbelievably unlikely situation, where a
trapped signal arrives at the parent immediately before it
vforks() a child, which happens before the trap is executed.
Depending upon which of the various fixes (or none of them)
to this PR have been included various incorrect things might
have happened - the child might have processed the signal
trap instead of the parent, the signal might be lost, or even
[2 lines not shown]
(time/R-tzdb) Updated 0.4.0 to 0.5.0, fix build against R-4.6.0
# tzdb 0.5.0
* Updated the time zone database to 2025a (#37).
* Updated the embedded date library
(SHA 32ecb2ad24699963f6c58d74d74bcd8bf7e830a9) (#36, #40).
* cpp11 >=0.5.2 is now required.
* R >=4.0.0 is now required. This is consistent with the standards of the
tidyverse.
x86/efiboot: Put writable variables in .data, not .text.
And define them in the .c file where they're used; no need to have
extra unnecessary .S stuff just to define a global variable.
Based on patch by Paul Ripke to bootx64.efi, adapted for bootia32.efi
too.
PR kern/59151: efiboot hangs on new motherboard
Import unbound 1.25.1 (previous was 1.24.2)
Bug Fixes
Fix CVE-2026-33278, Possible remote code execution during DNSSEC validation.
Thanks to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-42944, Heap overflow and crash with multiple nsid, cookie,
padding EDNS options. Thanks to Qifan Zhang, Palo Alto Networks, for the
report.
Fix CVE-2026-42959, Crash during DNSSEC validation of malicious content. Thanks
to Qifan Zhang, Palo Alto Networks, for the report.
Fix CVE-2026-32792, Packet of death with DNSCrypt. Thanks to Andrew Griffiths
from 'calif.io' for the report.
Fix CVE-2026-40622, "Ghost domain name" variant. Thanks to Qifan Zhang, Palo
Alto Networks, for the report.
[25 lines not shown]