Don't let malicious or confused scsi tape devices cause reading or writing
outside a mode sense/select buffer.
Original diff from Stanislav Fort of aisle.com with additional paranoia for
negative values.
Tweaks and ok from kettenis@
Revert last commit, rev. 1.446.
The change introduced a regression where sockets get stuck in FIN_WAIT_2
and LAST_ACK.
Noticed by anton@ since regress/sys/net/pflow fails.
SECURITY update to cups-2.4.17.
- CVE-2026-27447: The scheduler treated local user and group names as case-insensitive.
- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory.
- CVE-2026-34980: The scheduler did not filter control characters from option values.
- CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string.
- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface.
- CVE-2026-39314: Fixed the range check for job password strings.
- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
SECURITY update to cups-2.4.17.
- CVE-2026-27447: The scheduler treated local user and group names as case-insensitive.
- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory.
- CVE-2026-34980: The scheduler did not filter control characters from option values.
- CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string.
- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface.
- CVE-2026-39314: Fixed the range check for job password strings.
- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
Update kakoune to latest release 2026.04.12. Based on diff from Lydia
Sobot ( chilledfrogs () disroot ! org ) who also takes maintainer -
thanks!
I added missing make update-patches and make update-plist.
Fix vmd(8) vionet reset race leading to broken networking.
A driver reset races with the device asynchronously notifying tx
and rx threads. The current design finishes the reset after the
threads pause and acknowledge the reset. This can clobber device
state because a driver doesn't need to wait before reconfiguring
the device. End result is device thinks it's in a blank slate while
driver thinks device is configured and device refuses to pass packets
thinking the driver isn't ready.
This removes that async reset design and ack message from the
threads. Reset occurs immediately while emulating the write to the
register. A generation counter is used to signal to tx and rx
threads that a reset occurred between they time they finished
processing virtqueues and the time they grabbed the write lock to
change interrupt state on the device so they can safely skip
raising irq lines.
Original bug reports by mbuhl@ and stsp@.
[4 lines not shown]
