SECURITY update to cups-2.4.17.
- CVE-2026-27447: The scheduler treated local user and group names as case-insensitive.
- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory.
- CVE-2026-34980: The scheduler did not filter control characters from option values.
- CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string.
- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface.
- CVE-2026-39314: Fixed the range check for job password strings.
- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
SECURITY update to cups-2.4.17.
- CVE-2026-27447: The scheduler treated local user and group names as case-insensitive.
- CVE-2026-34978: The RSS notifier could write outside the scheduler's RSS directory.
- CVE-2026-34980: The scheduler did not filter control characters from option values.
- CVE-2026-34979: The scheduler did not always allocate enough memory for a job's options string.
- CVE-2026-34990: The scheduler incorrectly allowed local certificates over the loopback interface.
- CVE-2026-39314: Fixed the range check for job password strings.
- CVE-2026-39316: Fixed a printer subscription bug in the scheduler.
- CVE-2026-NNNNN: Fixed a SNMP string conversion bug in the backends.
Update kakoune to latest release 2026.04.12. Based on diff from Lydia
Sobot ( chilledfrogs () disroot ! org ) who also takes maintainer -
thanks!
I added missing make update-patches and make update-plist.
Fix vmd(8) vionet reset race leading to broken networking.
A driver reset races with the device asynchronously notifying tx
and rx threads. The current design finishes the reset after the
threads pause and acknowledge the reset. This can clobber device
state because a driver doesn't need to wait before reconfiguring
the device. End result is device thinks it's in a blank slate while
driver thinks device is configured and device refuses to pass packets
thinking the driver isn't ready.
This removes that async reset design and ack message from the
threads. Reset occurs immediately while emulating the write to the
register. A generation counter is used to signal to tx and rx
threads that a reset occurred between they time they finished
processing virtqueues and the time they grabbed the write lock to
change interrupt state on the device so they can safely skip
raising irq lines.
Original bug reports by mbuhl@ and stsp@.
[4 lines not shown]
Attempt to load the right device tree from the riscv64-specmit-dtb
firmware package on SpacemiT K1 boards. The only viable way to do this
seems to be basing this on the "model" property of the root node of
the device tree provided by the device. This is still a bit of a guess
since the Milk-V Jupiter advertises itself as "spacemit k1-x evb board"
and the Banana Pi BPI-F3 seems to say it is a "spacemit k1-x deb1 board".
ok jca@
If you use the floppy, fw_update for some drivers will not work, you will
have to figure out the names of the missing firmwares and request them
manually.
The pci strings in the kernel have become too large, and I'm being told I
may not shorten them.
If you use the floppy, fw_update for some drivers will not work, you will
have to figure out the names of the missing firmwares and request them
manually.
The pci strings in the kernel have become too large, and I'm being told I
may not shorten them.
route_output() can not use the info struct late in its function
since the rtm struct that populated it was freed around the
rtm_report() call. In that case access to info.rti_info[RTAX_DST]
is a use-after-free. Cache the address family before handling the
route message so that the route_input call can use this value instead.
Report from Bruce Dang of Calif.io
OK deraadt@
Refine unveil(2) usage.
* Process man.conf(5) early before unveil(2) because it needs realpath(3).
* Rather than unveiling the whole file system for reading and execution,
only reveal the manpaths actually needed for reading, and /usr/share/locale/
if needed, and only reveal the pager binary for execution.
* Only reveal the whole file system for reading if input file names
are listed individually on the command line.
* Rather than unveiling /tmp unconditionally, only do so when it is
actually needed for the pager.
* When -O outfilename or -O tagfilename is specified, rather than
unveiling the current working directory for writing, only unveil
the specific filenames needed.
Using some feedback from deraadt@, in particular reducing the number
of vnodes that are held, and avoiding use of the "unveil" pledge(2).
Prepare for refining unveil(2) usage by providing a function manpath_unveil()
that makes the manpath directories accessible. Soon to be used by man(1),
spropos(1), and makewhatis(8).
