pmap: move userland xtab activate/deactivate into pmap_md_asid{,de}activate
pmap_segtab_{,de}activate() no longer calls pmap_md_xtab_{,de}activate()
Instead move the calls into
- pmap_tlb_asid_acquire()
- pmap_tlb_asid_deactivate()
respectively.
Rename xtab to asid at the same time so that the functions are now named
pmap_md_asid_{,de}activate(), and are provided as static inline to improve
code size.
On arm32 and aarch64 TTBR0 is disabled for the entire time that a userland
process in not pmap_activate()ed and only ever enabled if a userland
process is pmap_activate()ed. This results in less twiddling of the disable
bit, and no speculation window there incorrect TTBR0 walks can occur.
The last part makes GENERIC64_PMAPMI stable on Fusion on an M4 laptop.
libxmlb: update to 0.3.26.
Version 0.3.26
~~~~~~~~~~~~~~
Released: 2026-04-14
New Features:
- Parse CDATA as text (Milan Crha)
Bugfixes:
- Add bounds check to prevent OOB read in token index lookup (Richard Hughes)
- Do not write an invalid silo when more than 63 attrs on one node (Richard Hughes)
- No inotify for illumos and Solaris (Marcel Telka)
- Prevent stack overflow from unbounded recursion in export (Richard Hughes)
libsixel: update to 1.8.7r1.
Security fix for CVE-2026-33023 (GHSA-hr25-g2j6-qjw6), use-after-free in load_with_gdkpixbuf().
Thanks to @nicoppida
Security fix for CVE-2026-33018 (GHSA-w46f-jr9f-rgvp), use-after-free in load_gif().
Thanks to @nicoppida
Security fix for CVE-2026-33019 (GHSA-c854-ffg9-g72c), integer overflow that leads to out-of-bounds read in img2sixel.
Thanks to @nicoppida
Security fix for CVE-2026-33020 (GHSA-2xgm-4x47-2x2p), integer overflow in write_png_to_file() that leads to heap overflow.
Thanks to @nicoppida
Security fix for CVE-2026-33021 (GHSA-j6m5-2cc7-3whc), use-after-free in sixel_encoder_encode_bytes().
Thanks to @nicoppida
Security fix for #222, out-of-bounds memory access in packed pixel format copy path.
Thanks to @xyzzy42
[12 lines not shown]
*cups*: update to 2.4.17
Changes in CUPS v2.4.17 (2026-04-17)
------------------------------------
- CVE-2026-27447: The scheduler treated local user and group names as case-
insensitive.
- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS
directory.
- CVE-2026-34980: The scheduler did not filter control characters from option
values.
- CVE-2026-34979: The scheduler did not always allocate enough memory for a
job's options string.
- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the
loopback interface.
- CVE-2026-39314: Fixed the range check for job password strings.
- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
- The scheduler followed symbolic links when cleaning out its temporary
[28 lines not shown]
jsongrep: update to 0.9.0.
What's Changed
feat: add first github pages playground by @thomas9911 in #31
refactor(cli): --porcelain flag, make --count/ --depth mutually exclusive, --depth with query by @micahkepe in #32
jjui: update to 0.10.3.
This release includes new Lua customisation support, repo-local
configuration, preview sizing improvements, and a set of UI fixes.
There were also some internal changes around action routing and
rendering, so if something feels broken or behaves differently,
please let me know.
www/ruby-propshaft: update to 1.3.2
1.3.2 (2026-04-17)
What's Changed
* Add charset=utf-8 to Content-Type for CSS and HTML assets by @flavorjones
in #264
New Contributors
* @flavorjones made their first contribution in #265
OpenJPH: update to 0.27.0.
What's Changed
Add initial support for oss-fuzz by @palemieux in #249
Fix OSS-fuzz build by @palemieux in #250
Renamed file to avoid duplicate library names in custom builds. by @dlemstra in #252
Validate dimensions in the SIZ marker segment after reading it from a codestream by @palemieux in #253
Fix: Rule of 3/5/7 violation leads to possible use after free in inadvertent use of copy constructor /assignment. by @geo-ant in #242
Fix typo in the signature of get_tile_offset() by @palemieux in #254
Fix oss-fuzz build and improve documentation by @palemieux in #256
fix move special functions in mem in and outfile by @geo-ant in #258
Add support for CIFuzz by @palemieux in #259
Fix race condition in table initialization with multiple threads by @brechtvl in #243
Fix 32-bit ARM SIGBUS: align elastic allocator payload for coded_lists::buf by @cary-ilm in #262
Add Linux-ARM32 Build by @palemieux in #263
Extend fuzzing harness to add more reachability by @DavidKorczynski in #264
Fix ARM64EC builds by excluding ARM64EC from x64(_M_X64) detection on Windows by @navvyswethgraphics in #265
www/ruby-aws-sdk-core: update to 3.245.0
3.245.0 (2026-04-17)
* Feature - Updated Aws::STS::Client with the latest API changes.
* Feature - The STS client now supports configuring SigV4a through the auth
scheme preference setting. SigV4a uses asymmetric cryptography, enabling
customers using long-term IAM credentials to continue making STS API calls
even when a region is isolated from the partition leader.
* Issue - Explicitly set 0600 permissions on SSO/login cache files.
