krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
MFC after: 3 days
krb5: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
MFC after: 3 days
ipfilter: Fix ip_pptp_pxy (PPTP proxy) length underflow
A PPTP client sending a specially crafted PPTP message with a length
smaller than the already processed fixed header can panic the system.
This resultes in a negative remaining length (a large unsigned 16-bit
number).
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.1 from
Z.ai
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57383
[Runtimes] Drop 'flang' from runtimes configure dependency (#198205)
Summary:
This PR cuts `flang` out of the core runtimes configure dependency. We
will need the runtimes infrastructure to handle `flang` module
generation, but this dependency poisons the entire dependency stack.
`flang` and `mlir` are by far the heavily parts of the LLVM stack and
for distribution we want to only build it when absolutely necessary,
which as of now is only to install flang module files.
The approach here is to simply remove the `flang` target from the core
dependency tree, but intead configure it for the top-level `module`
targets which are part of `all`. To make this work we need to pass
COMPILER_WORKS and set up a dummy location so that configuration passes.
it's a little backdoor, but this is an extremely important quality of
life improvement for LLVM distribution support.
[AMDGPU] Drop docs for invalid load-release and store-acquire operations
The LangRef says "release and acq_rel orderings are not valid on load
instructions" [for loads](https://llvm.org/docs/LangRef.html#load-instruction)
and "acquire and acq_rel orderings aren't valid on store instructions"
[for stores](https://llvm.org/docs/LangRef.html#store-instruction).
Providing them in textual IR is diagnosed with an error.
Therefore, we should not define semantics for these invalid constructs.
Part of LCOMPILER-2273.
Revert "[IR] Reject unhandled assume bundles and seperate them from normal attributes" (#202336)
Reverts llvm/llvm-project#197007
This causes an assertion failure.
NAS-141280 / 26.0.0-RC.1 / Skip STANDBY iSCSI work when local iscsitarget is stopped (by bmeagherix) (#19088)
iSCSI CRUD paths gated STANDBY-side reloads and ALUA settle-waits on
(iscsi.global.alua_enabled AND failover.remote_connected). Replace with
iscsi.alua.should_operate_on_standby, which additionally requires
service.started('iscsitarget')
----
Passing (extended) CI tests
[here](http://jenkins.eng.ixsystems.net:8080/job/tests/job/sharing_protocols_tests/2547/).
Original PR: https://github.com/truenas/middleware/pull/19082
Co-authored-by: bmeagherix <118192357+bmeagherix at users.noreply.github.com>
ipfw: add ability to run ipfw(8) binary with 15.0+ kernel module
After D46183 the KBI was changed and this made the upgrade procedure
to 15.0+ version a bit difficult, because the old binary can not load
firewall rules when the new kernel is loaded.
This commit adds the sbin/ipfw15 binary that uses new KBI, and then
original sbin/ipfw can detect new KBI and run the new binary instead.
PR: 291562
Reviewed by: jhb, glebius
Fixes: 4a77657cbc01
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D54763
[clang] Implement C2y stdc_memreverse8 and stdc_memreverse8u{8,16,32,64} builtins (#197358)
Implements the C2y <stdbit.h> memory reversal functions stdc_memreverse8
and stdc_memreverse8u{8,16,32,64}. The typed variants lower to
llvm.bswap and support constexpr evaluation.
NAS-141280 / 27.0.0-BETA.1 / Skip STANDBY iSCSI work when local iscsitarget is stopped (#19082)
iSCSI CRUD paths gated STANDBY-side reloads and ALUA settle-waits on
(iscsi.global.alua_enabled AND failover.remote_connected). Replace with
iscsi.alua.should_operate_on_standby, which additionally requires
service.started('iscsitarget')
(cherry picked from commit ebdd865af17ee5b39cb587a1549229895d665aee)
Synchronize timezone state across HA controllers
This commit fixes an issue where on HA systems, a timezone change on
the active controller did not fully propagate to the standby, leaving
its systemd-timedated cache stale until the next reboot.
The fix applies the timezone on both nodes from a shared helper, and
re-applies it on become-master so a promotion still converges when the
standby was down or disconnected during the update.
(cherry picked from commit 130318a2c0855d6f95d1e48c071edd6b03e173d2)
NAS-140972 / 27.0.0-BETA.1 / Synchronize timezone state across HA controllers (#18935)
This commit fixes an issue where on HA systems, a timezone change on the
active controller did not fully propagate to the standby, leaving its
systemd-timedated cache stale until the next reboot.
The fix applies the timezone on both nodes from a shared helper, and
re-applies it on become-master so a promotion still converges when the
standby was down or disconnected during the update.
[clang][Sema]fix crash of invalid friend declaration with storage-class specifier (#190597)
Fix an assertion failure in Sema::ActOnFriendTypeDecl when parsing an
invalid friend type declaration that incorrectly includes a
storage-class specifier (e.g., 'static', 'extern', 'register').
Root cause:
If the type specifier is marked as invalid, DeclSpec::Finish returns
early. However, even when the type specifier is invalid, some other
checks can still be performed instead of skipping everything.
This change allows necessary checks to proceed, preventing the
assertion in ActOnFriendTypeDecl and enabling proper error diagnostics.
Fixes: https://github.com/llvm/llvm-project/issues/186569
Co-authored-by: victorl <liuvicsen at gmail.com>