micphy: Fill out mii_mpd_model in the sc struct.
The rest of the code expects this to be filled in and the driver
seems stable with this change (at least on my machine).
"ship it!" jmcneill@
Update to dhcpsd-0.0.7 with the following changes:
* Add support for Darwin / macOS
* dhcpsd: -w waits for dynmically created interfaces
* sanitize_rfc1035: return early on error at start
micphy: Apply errata workaround for KSZ9031
This fixes ethernet on an olimex a64 board, and should be pulled up
to -11, -10, -9...
Thanks jmcneill for pointing out the problem.
PR port-arm/60193: olimex a64 - no carrier with emac0 ethernet
Updated net/syncthing to 2.0.16
v.2.0.16
Fixes
fix(protocol): verify compressed message length before decompression by @calmh in #10595
fix(systemd): support overrides for syncOwnership by @Valloric in #10602
fix(systemd): add back chown allowed syscalls by @Valloric in #10605
Other
chore(config, connections): use same reconnection interval for QUIC and TCP (fixes #10507) by @marbens-arch in #10573
build(deps): update dependencies by @calmh in #10588
chore(sqlite): reduce max open connections, keep them open permanently (fixes #10592) by @calmh in #10596
v2.0.15
[128 lines not shown]
www/chromium: update to 147.0.7727.101
* 147.0.7727.101
This update includes 31 security fixes. Please see the
Chrome Security Page for more information.
[$90000][490170083] Critical CVE-2026-6296: Heap buffer overflow in ANGLE.
Reported by cinzinga on 2026-03-05
[$10000][493628982] Critical CVE-2026-6297: Use after free in Proxy.
Reported by heapracer on 2026-03-17
[TBD][495700484] Critical CVE-2026-6298: Heap buffer overflow in Skia.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-24
[N/A][497053588] Critical CVE-2026-6299: Use after free in Prerender.
Reported by Google on 2026-03-28
[TBD][497724498] Critical CVE-2026-6358: Use after free in XR.
Reported by Jihyeon Jeong (Compsec Lab, Seoul National University /
Research Intern) on 2026-03-30
[TBD][490251701] High CVE-2026-6359: Use after free in Video.
Reported by 86ac1f1587b71893ed2ad792cd7dde32 on 2026-03-06
[54 lines not shown]
firefox140: update to 140.10
Mozilla Foundation Security Advisory 2026-32
Security Vulnerabilities fixed in Firefox ESR 140.10
Announced
April 21, 2026
Impact
high
Products
Firefox ESR
Fixed in
Firefox ESR 140.10
#CVE-2026-6746: Use-after-free in the DOM: Core & HTML component
Reporter
Evyatar Ben Asher, Keane Lucas, Nicholas Carlini, Newton Cheng, Daniel Freeman, Alex Gaynor, and Joel Weinberger using Claude from Anthropic
[278 lines not shown]
ldns drill: updated to 1.9.0
1.9.0
* Make ldns_calc_keytag() available for CDNSKEY RR
Thanks tgreenx and pnax
* Make ldns_key_rr2ds() available for CDNSKEY RR
Thanks tgreenx
* Make ldns_rr_compare_{ds,ds_dnskey}() available for
CDS and CDNSKEY RRs. Thanks tgreenx
* Make drill trace use IPv6 when used with -6
Thanks Paul Radford
* Unquoted "value" rdata for CAA records fail to validate.
Follows the long string unquoted syntax from RFC8659, section 4.1.1.
* ldns-read-zone -u fails if a type is the only type in a
window and the type modulo 256 is equal to zero.
* Intermittent build failure with multi-job
builds (make -j).
* Add ldns-verify-zone -s option. It checks all signature results,
[29 lines not shown]
mimalloc: updated to 3.3.1
3.3.1
various bug and security fixes
3.3.0
initial support for github (binary) releases, fix visiting of full pages during collection (performance), fix THP alignment (performance), fix arm64 cross-compilation on Windows, enable guard pages in debug mode, always use uncommitted areas between arenas (security), enable static overloading of malloc etc. on Windows with the static CRT
