[libunwind][PAC] Defang ptrauth's PC in valid CFI range abort
It turns out making the CFI check a release mode abort causes many,
if not the majority, of JITs to fail during unwinding as they do not
set up CFI sections for their generated code. As a result any JITs
that do nominally support unwinding (and catching) through their JIT
or assembly frames trip this abort.
rdar://170862047
ppsspp ppsspp-qt libretro-ppsspp: updated to 1.20.2
What's new in 1.20.2
Improved server list for ad hoc multiplayer, dynamically updated and you can now add/remove entries
Fix broken multitouch on iOS with OpenGL
Ad hoc relay connection improvements
Fix a lot of minor UI issues
Fix background image selection on Android and iOS
Fix file permission issue on iOS
Add a "hold" version of axis swap toggle
Fix regression in Gripshift
Fix crash on audio device switch on Windows
Fix timing glitches in gamepad input on Windows
And other assorted fixes.
Merge commit from fork
* Fix CSRF vulnerability in multiple API endpoints by enforcing POST-only requests
Several API actions executed state-changing backend operations while accepting
GET requests. Since CSRF validation in ApiControllerBase only applies to
POST/PUT/DELETE methods, these endpoints could be triggered via authenticated
CSRF requests.
This patch enforces POST-only access for the following actions:
- AliasUtilController::updateBogonsAction
- OverviewController::reloadInterfaceAction
- ServiceController::dnsblAction
- ServiceController::reconfigureGeneralAction
Non-POST requests now return HTTP 405 with Allow: POST.
* simplify POST enforcement to match project conventions
[9 lines not shown]
[libunwind][PAC] Defang ptrauth's PC in valid CFI range abort
It turns out making the CFI check a release mode abort causes many,
if not the majority, of JITs to fail during unwinding as they do not
set up CFI sections for their generated code. As a result any JITs
that do nominally support unwinding (and catching) through their JIT
or assembly frames trip this abort.
rdar://170862047
databases/postgresql*-*: Update to latest version
The PostgreSQL Global Development Group has released an update to all
supported versions of PostgreSQL, including 18.2, 17.8, 16.12, 15.16,
and 14.21. This release fixes 5 security vulnerabilities and over 65
bugs reported over the last several months.
Release notes:
https://www.postgresql.org/about/news/postgresql-182-178-1612-1516-and-1421-released-3235/https://www.postgresql.org/docs/release/
Security:
CVE-2026-2003: PostgreSQL oidvector discloses a few bytes of memory
CVE-2026-2004: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
CVE-2026-2005: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
CVE-2026-2006: PostgreSQL missing validation of multibyte character length executes arbitrary code
CVE-2026-2007: PostgreSQL pg_trgm heap buffer overflow writes pattern onto server memory
Remove postgresql13* since it is now EoL.
[2 lines not shown]
[DA] refactor bounds inference in exactSIVtest and exactRDIVtest (NFC) (#185719)
Replaces the `SmallVector`-based approach for computing the min/max of
affine domain bounds with `GetMaxOrMin` lambda returning `std::optional`
for better readability.
Previously, the code allocated a `SmallVector` to collect valid bounds
and relied on `smax(front(), back())` to handle the single-element case,
which may cause misunderstanding.
---------
Signed-off-by: Ruoyu Qiu <cabbaken at outlook.com>