vmd(8): remove config parsing TOCTOU with disk parsing.
When vmd parses vm.conf, it's inspecting any provided disk images
to determine the disk format (raw or qcow) if left unspecified.
This is a big TOCTOU because nothing prevents these files from
changing between vmd startup and vm launch.
This change defers detection to vm launch time and tracks the disk
format as an enum instead of an int to make things more interpretable.
ok hshoexer@
Update to Xwayland 24.1.10
This release contains the fixes for the following issues:
* CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap()
* CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom()
* CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence()
* CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap()
* CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes()
Additionally, it contains a number of other various fixes from the stable
xwayland-24.1 branch
Update to Xwayland 24.1.10
This release contains the fixes for the following issues:
* CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap()
* CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom()
* CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence()
* CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap()
* CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes()
Additionally, it contains a number of other various fixes from the stable
xwayland-24.1 branch
Clear the pointer in tm data structures before passing them to
unprivileged side. Prevents address information leak.
Reported by Systopia Team, thanks!
ok deraadt@ (for the previous version).
update to timescaledb-2.26.2, from Mark Patruck, looks good to maintainer
(this is the version that was tested with the zabbix update that went in
a few days ago)
vmd(8): zero potential heap pointers before IPC.
vmd sends two large structs over an ipc socket after fork+exec:
vmd_vm and virtio_dev.
Both have heap pointers from being put in TAILQs in the parent
process and both carry some used for setting up imsg event channels.
Zero all these things before send to be safe and not leak deatils
on the parent's address space.
Issue raised by Systopia Team.
ok hshoexer@
Merge fixes from upstream for multiple Xserver issues:
* CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap()
* CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom()
* CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence()
* CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap()
* CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes()
from matthieu@
this is errata/7.7/034_xserver.patch.sig
Merge fixes from upstream for multiple Xserver issues:
* CVE-2026-33999: XKB Integer Underflow in XkbSetCompatMap()
* CVE-2026-34000: XKB Out-of-bounds Read in CheckSetGeom()
* CVE-2026-34001: XSYNC Use-after-free in miSyncTriggerFence()
* CVE-2026-34002: XKB Out-of-bounds read in CheckModifierMap()
* CVE-2026-34003: XKB Buffer overflow in CheckKeyTypes()
from matthieu@
this is errata/7.8/028_xserver.patch.sig
Tweak cmake files to avoid build errors on archs without SIMD support
This is nicer than hardcoding in the port a list of archs with/without
SIMD. Add an url to this 3.1.x-specific fix, master has more changes
in this area.
Prompted by a diff from matthieu@, ok tb@
