firewire: Fix watchdog_clock aliasing and fw_tl2xfer UAF race
Two bugs in the firewire bus layer that affect all consumers (
if_fwip, sbp):
watchdog_clock was a static local in firewire_watchdog(), shared across
all firewire_comm instances. With two controllers (e.g. built-in +
Thunderbolt Display), both advance the same counter, so the second
controller's 15-second boot-time timeout guard expires prematurely.
fw_tl2xfer() released tlabel_lock before returning the xfer pointer.
Reviewed by: zlei, adrian
Differential Revision: https://reviews.freebsd.org/D57496
archivers/py-pycdlib: New port
PyCdlib is a pure python library to parse, write (master), and create
ISO9660 files, suitable for writing to a CD or USB.
krb5: Fix null dereference in SPNEGO token processing
krb5 1.22.1 erroneously removed a check from get_negTokenResp() for
successful decoding of the mechListMIC field. Restore the check to
prevent a null pointer dereference.
Commit message details obtained from upstream commit.
Obtained from: Upstream commit 4ae75cded
MFC after: 3 days
krb5: Fix reachable assert when importing krb5 names
If a name token contains trailing garbage, error out from
krb5_gss_import_name() instead of crashing the process with an
assertion failure.
Commit message details obtained from upstream commit.
Obtained from: upstream commit 07818f1fd
Reported by: Aisle Research (Ze Sheng, Dmitrijs Trizna,
Luigino Camastra, Guido Vranken) to krb5-bugs
MFC after: 3 days
ipfilter: Fix ip_pptp_pxy (PPTP proxy) length underflow
A PPTP client sending a specially crafted PPTP message with a length
smaller than the already processed fixed header can panic the system.
This resultes in a negative remaining length (a large unsigned 16-bit
number).
Reported by: Yuxiang Yang, Yizhou Zhao, Ao Wang, Xuewei Feng, Qi Li,
and Ke Xu from Tsinghua University using GLM-5.1 from
Z.ai
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D57383
sysutils/mate-polkit: switch to GitHub release asset
Minor versions of 1.28.x are no longer published to the MATE mirror
and are only available on GitHub. Use USE_GITHUB=nodefault with a
release tarball instead of the auto-generated one, as recommended
by the porter's handbook.
pfsync: remove invalid panic
When we undefer a packet (when the peer acks the state) it's possible
that we don't find a corresponding pfsync_deferral. We panic here, but
that's actually something that can happen in normal operation:
- if we have too many deferred packets already (in pfsync_defer())
- if the deferral timed out (in pfsync_defer_tmo())
Remove this panic and document the scenarios where it might occur.
MFC after: 2 weeks
Sponsored by: Orange Business Services