--- dyld/dyld-1066.8/cache_builder/CacheDylib.cpp
+++ dyld/dyld-1162/cache_builder/CacheDylib.cpp
@@ -182,6 +182,17 @@
                 });
             });
         }
+
+        // Move to auth if __objc_const or __objc_data is present.
+        // This allows new method lists added by the category optimizer to be signed.
+        mf->forEachSection(^(const dyld3::MachOAnalyzer::SectionInfo &sectInfo, bool malformedSectionRange, bool &stop) {
+            if ( sectInfo.segInfo.segIndex != segmentIndexToSearch )
+                return;
+            if ( !strcmp(sectInfo.sectName, "__objc_const") || !strcmp(sectInfo.sectName, "__objc_data")) {
+                foundAuthFixup = true;
+                stop = true;
+            }
+        });
     });
 
     return foundAuthFixup;
@@ -191,7 +202,7 @@
                                      const CacheDylib& cacheDylib, std::string_view segmentName,
                                      objc_visitor::Visitor& objcVisitor)
 {
-    // <rdar://problem/66284631> Don't put __objc_const read-only memory as Swift has method lists we can't see
+    // rdar://113642480 (Swift has some mutable data in __objc_const)
     __block bool isBadSwiftLibrary = false;
     cacheDylib.inputMF->withFileLayout(diag, ^(const mach_o::Layout &layout) {
         if ( !layout.isSwiftLibrary() )
@@ -200,16 +211,6 @@
         isBadSwiftLibrary = layout.hasSection(segmentName, "__objc_const");
     });
     if ( isBadSwiftLibrary )
-        return false;
-
-    // <rdar://problem/69813664> _NSTheOneTruePredicate is incompatible with __DATA_CONST
-    if ( (cacheDylib.installName == "/System/Library/Frameworks/Foundation.framework/Foundation")
-        || (cacheDylib.installName == "/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation") )
-        return false;
-
-    // rdar://74112547 CF writes to kCFNull constant object
-    if ( (cacheDylib.installName == "/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation")
-        || (cacheDylib.installName == "/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation") )
         return false;
 
     // rdar://77149283 libcrypto.0.9.8.dylib writes to __DATA_CONST
@@ -627,7 +628,7 @@
 
 void CacheDylib::copyRawSegments(const BuilderConfig& config, Timer::AggregateTimer& timer)
 {
-    const bool log = false;
+    const bool log = config.log.printDebug;
 
     Timer::AggregateTimer::Scope timedScope(timer, "dylib copyRawSegments time");
 
@@ -1439,6 +1440,7 @@
     lsl::EphemeralAllocator allocator;
     __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config,
                                                                            objcSelectorOptimizer.selectorStringsChunk,
+                                                                           nullptr,
                                                                            nullptr);
 
     // Update every selector reference to point to the canonical selectors
@@ -1672,7 +1674,7 @@
     Timer::AggregateTimer::Scope timedScope(timer, "dylib convertObjCMethodListsToOffsets time");
 
     lsl::EphemeralAllocator allocator;
-    __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config, selectorStringsChunk, nullptr);
+    __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config, selectorStringsChunk, nullptr, nullptr);
 
     auto visitMethodList = ^(objc_visitor::MethodList objcMethodList) {
         // Skip pointer based method lists
@@ -1730,7 +1732,7 @@
     Timer::AggregateTimer::Scope timedScope(timer, "dylib sortObjCMethodLists time");
 
     lsl::EphemeralAllocator allocator;
-    __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config, selectorStringsChunk, nullptr);
+    __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config, selectorStringsChunk, nullptr, nullptr);
 
     auto visitMethodList = ^(objc_visitor::MethodList               objcMethodList,
                              std::optional<metadata_visitor::ResolvedValue> extendedMethodTypes) {
@@ -1872,7 +1874,7 @@
                                             Timer::AggregateTimer& timer,
                                             const ObjCStringsChunk* selectorStringsChunk)
 {
-    const bool logSelectors = false;
+    const bool logSelectors = config.log.printDebug;
 
     Timer::AggregateTimer::Scope timedScope(timer, "dylib optimizeLoadsFromConstants time");
 
@@ -2124,7 +2126,7 @@
     if ( !objcIMPCachesOptimizer.builder )
         return Error();
 
-    const bool log = false;
+    const bool log = config.log.printDebug;
 
     Timer::AggregateTimer::Scope timedScope(timer, "emitObjCIMPCaches time");
 
@@ -2141,7 +2143,7 @@
         return Error();
 
     lsl::EphemeralAllocator allocator;
-    __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config, nullptr, nullptr);
+    __block objc_visitor::Visitor objcVisitor = this->makeCacheObjCVisitor(config, nullptr, nullptr, nullptr);
 
     // Walk the classes in this dylib, and see if any have an IMP cache
     objcVisitor.forEachClassAndMetaClass(^(objc_visitor::Class& objcClass, bool& stopClass) {
@@ -2162,9 +2164,18 @@
         if ( objcClass.getMethodCachePropertiesVMAddr(objcVisitor).has_value() )
             return;
 
+        MachOFile::PointerMetaData PMD;
+        if ( config.layout.hasAuthRegion && (objcIMPCachesOptimizer.libobjcImpCachesVersion >= 4) ) {
+            PMD.diversity         = 0x9cff; // hash of "originalPreoptCache"
+            PMD.high8             = 0;
+            PMD.authenticated     = 1;
+            PMD.key               = 2;     // DA
+            PMD.usesAddrDiversity = 1;
+        }
+
         // Set the "vtable" to point to the cache
         CacheVMAddress impCacheVMAddr = objcIMPCachesOptimizer.impCachesChunk->cacheVMAddress + impCacheOffset;
-        objcClass.setMethodCachePropertiesVMAddr(objcVisitor, VMAddress(impCacheVMAddr.rawValue()));
+        objcClass.setMethodCachePropertiesVMAddr(objcVisitor, VMAddress(impCacheVMAddr.rawValue()), PMD);
 
         // Tell the slide info emitter to slide this location
         metadata_visitor::ResolvedValue vtableField = objcClass.getMethodCachePropertiesField(objcVisitor);
@@ -2741,7 +2752,9 @@
 
 void CacheDylib::addObjcSegments(Diagnostics& diag, Timer::AggregateTimer& timer,
                                  const ObjCHeaderInfoReadOnlyChunk* headerInfoReadOnlyChunk,
+                                 const ObjCImageInfoChunk* imageInfoChunk,
                                  const ObjCProtocolHashTableChunk* protocolHashTableChunk,
+                                 const ObjCPreAttachedCategoriesChunk* preAttachedCategoriesChunk,
                                  const ObjCHeaderInfoReadWriteChunk* headerInfoReadWriteChunk,
                                  const ObjCCanonicalProtocolsChunk* canonicalProtocolsChunk)
 {
@@ -2754,16 +2767,18 @@
     // Find the ranges for OBJC_RO and OBJC_RW
 
     // Read-only
-    // Note these asserts are just to make sure we use the correct
-    static_assert(Chunk::Kind::objcHeaderInfoRO < Chunk::Kind::objcStrings);
+    // Note these asserts are just to make sure we use the correct chunks for the start/end
+    static_assert(Chunk::Kind::objcHeaderInfoRO < Chunk::Kind::objcImageInfo);
+    static_assert(Chunk::Kind::objcImageInfo < Chunk::Kind::objcStrings);
     static_assert(Chunk::Kind::objcStrings < Chunk::Kind::objcSelectorsHashTable);
     static_assert(Chunk::Kind::objcSelectorsHashTable < Chunk::Kind::objcClassesHashTable);
     static_assert(Chunk::Kind::objcClassesHashTable < Chunk::Kind::objcProtocolsHashTable);
     static_assert(Chunk::Kind::objcProtocolsHashTable < Chunk::Kind::objcIMPCaches);
+    static_assert(Chunk::Kind::objcIMPCaches < Chunk::Kind::objcPreAttachedCategories);
 
     CacheFileOffset readOnlyFileOffset = headerInfoReadOnlyChunk->subCacheFileOffset;
     CacheVMAddress readOnlyVMAddr = headerInfoReadOnlyChunk->cacheVMAddress;
-    CacheVMSize readOnlyVMSize = (protocolHashTableChunk->cacheVMAddress + protocolHashTableChunk->cacheVMSize) - readOnlyVMAddr;
+    CacheVMSize readOnlyVMSize = (preAttachedCategoriesChunk->cacheVMAddress + preAttachedCategoriesChunk->cacheVMSize) - readOnlyVMAddr;
 
 
     // Read-write
@@ -2788,7 +2803,8 @@
 
 objc_visitor::Visitor CacheDylib::makeCacheObjCVisitor(const BuilderConfig& config,
                                                        const Chunk* selectorStringsChunk,
-                                                       const ObjCCanonicalProtocolsChunk* canonicalProtocolsChunk) const
+                                                       const ObjCCanonicalProtocolsChunk* canonicalProtocolsChunk,
+                                                       const ObjCPreAttachedCategoriesChunk* categoriesChunk) const
 {
     // Get the segment ranges.  We need this as the dylib's segments are in different buffers, not in VM layout
     std::vector<metadata_visitor::Segment> cacheSegments;
@@ -2829,6 +2845,19 @@
         segment.startVMAddr = VMAddress(canonicalProtocolsChunk->cacheVMAddress.rawValue());
         segment.endVMAddr   = VMAddress((canonicalProtocolsChunk->cacheVMAddress + canonicalProtocolsChunk->cacheVMSize).rawValue());
         segment.bufferStart = canonicalProtocolsChunk->subCacheBuffer;
+
+        // Cache segments never have a chained format. They always use the Fixup struct
+        segment.onDiskDylibChainedPointerFormat = { };
+
+        cacheSegments.push_back(std::move(segment));
+    }
+
+    // Add the categories data chunk too.  That way we can resolve references which land on it
+    if ( categoriesChunk != nullptr ) {
+        metadata_visitor::Segment segment;
+        segment.startVMAddr = VMAddress(categoriesChunk->cacheVMAddress.rawValue());
+        segment.endVMAddr   = VMAddress((categoriesChunk->cacheVMAddress + categoriesChunk->cacheVMSize).rawValue());
+        segment.bufferStart = categoriesChunk->subCacheBuffer;
 
         // Cache segments never have a chained format. They always use the Fixup struct
         segment.onDiskDylibChainedPointerFormat = { };