fir crashing with scalable TypeSizes
From 537f3d3a7588d226b86590f97c4401107585e1ce Mon Sep 17 00:00:00 2001
From: Jakob Koschel <jakobkoschel at google.com>
Date: Thu, 5 Mar 2026 01:11:44 +0100
Subject: [PATCH] [SafeStack] Fix crashing with scalable TypeSizes (#180547)
On e.g. aarch64 the TypeSize of scalar types can have a size that is not
known at compile time.
Currently when safestack occurs those it simply crashes as described in
https://github.com/llvm/llvm-project/issues/175868.
Provide a separate executable file for syslogd parent.
syslogd(8) forks and execs its parent process to keep privileged
parts separated. This parent process can be easily implemented as
a separate program. It gets its own main() and minimal debug logging
functions. The splitted parent process image is smaller, especially
without additional libs.
Use additional directories to build both parts. The rcctl script
has to be adopted, as the parent process has a different name.
OK deraadt@
fix a crash on aarch64 with scalable TypeSizes
From 537f3d3a7588d226b86590f97c4401107585e1ce Mon Sep 17 00:00:00 2001
From: Jakob Koschel <jakobkoschel at google.com>
Date: Thu, 5 Mar 2026 01:11:44 +0100
Subject: [PATCH] [SafeStack] Fix crashing with scalable TypeSizes (#180547)
On e.g. aarch64 the TypeSize of scalar types can have a size that is not
known at compile time.
Currently when safestack occurs those it simply crashes as described in
https://github.com/llvm/llvm-project/issues/175868.
Implement mwx_mac_tx_free() for MT7921 and add some extra bits to
mwx_txwi_put(). With this MT7921 is able to connect to an open WIFI.
This commit was done over mwx(4) with a MT7921
update to caddy-2.11.4
https://github.com/caddyserver/caddy/releases/tag/v2.11.3https://github.com/caddyserver/caddy/releases/tag/v2.11.4
Security-related patches may be breaking if your application relies on
the buggy behaviors:
caddyhttp: Normalize Windows backslashes in path matcher
rewrite: Prevent placeholder re-expansion in injected query
templates: Improved stripHTML action to more reliably remove malformed HTML
caddyhttp: Ignore header fields with underscores to prevent collisions
isakmpd(8): Fix NULL dereference in message_alloc_reply() callers
message_alloc_reply() dereferences the returned pointer of
message_alloc() without a NULL check. Add one so callers can handle
the failure.
Also add NULL checks at both call sites in exchange.c.
test & ok sthen
isakmpd(8): Fix possible unaligned 32 bit read
When validating IPsec SPIs in a DELETE message, access to the
32 bit SPI value might be unaligned. On platforms requiring strict
alignment, this would cause termination of isakmpd by signal.
To avoid this, memcpy(3) the SPI value to a local variable.
test & ok sthen
isakmpd(8): Validate DELETE payload SPI array size [2/2]
Similar to message_validate_delete() also validate in
ipsec_handle_leftover_payload() that the provided number of SPIs
actually fit in the payload. This is redundant as we already would
bail out in message_validate_delete().
test & ok sthen
isakmpd(8): Validate DELETE payload SPI array size [1/2]
The number of SPIs provided in a DELETE message is not properly
validated. This might cause a read beyond the message end. However,
the outside read is limited to 4 bytes for IPsec SAs and 16 bytes
for ISAKMP SAs. A crash is possible, but seems unlikely to me.
test & ok sthen
