Make concurrent sys_msgrcv() wait until we finish message delivery. We
left acquired message in the queue while we are sleeping in msg_copyout().
Concurrent sys_msgrcv() could acquire and delete this message.
Reported-by: syzbot+c80235d951da9769a00f at syzkaller.appspotmail.com
Deduplicate skiplist, shortlist, and NCA retry handling
Introduce helpers functions for manipulating lists of strings, such as
the FQDNs in skiplist & shortlist, and rpkiNotify URLs used for batching
NCA retries.
OK tb@
Restore msgrcv(2) MSG_NOERROR/E2BIG error path. Silently truncate
message is not a good idea.
msgrcv(2) man page has E2BIG error description, no need for update.
ok millert
archivers/unrar: update to 7.23
Security fixes:
* heap overflow when reconstructing data from RAR5 recovery volumes
* a specially crafted RAR archive could create a symbolic link pointing
outside of the intended destination folder during extraction
Don't remove other elements in a RB_FOREACH_SAFE walk since that is not safe.
repo_move_valid() walks the tree with RB_FOREACH_SAFE() but it also calls
RB_REMOVE() via filepath_put() on an other element in a case where a
conflict is resolved. This results in a use-after-free if that element is
the next one in the tree (nfp). Instead of removing the present
conflicting node (ofp), replace the contents of it, free fp and swap fp
with ofp.
With and OK tb@
Rework the special case for CRL files when it comes to the entity_queue.
CRL are not accounted in the entity_queue, they are loaded together with
MFT files and passed back together as well. Instead of increasing
entity_queue skip the entity_queue decrease at the end of the function
for CRL files. This way goto done cases will account CRLs correctly as well.
OK tb@
iked: Store RADIUS-assigned IPv6 address in the IPv6 slot
The IPv6 branch of iked_radius_config() stored the address in the
IPv4 slot sa_rad_addr and tagged it AF_INET. Use sa_rad_addr6 and
AF_INET6 instead. Also exempt IKEV2_CFG_INTERNAL_IP6_ADDRESS from
the "use config rather than radius" check, as already done for IPv4.
ok yasuoka@