This pairs with xorg-server 21.1.23.

9 vulnerabilities is not something great to wake up to. :/

https://lists.x.org/archives/xorg-announce/2026-June/003702.html

The latest X.Org Server codebase vulnerabilities include:

    * Font Alias Stack-based Buffer Overflow
    * XSYNC Use-After-Free in miSyncDestroyFence()
    * XKB Key Types Stack-based Buffer Overflow
    * XKB SetMap Request Stack-based Buffer Overflow
    * XSYNC Use-After-Free in FreeCounter()
    * XSYNC Use-After-Free in SyncChangeCounter()
    * GLX ChangeDrawableAttributes Out-Of-Bounds Read/Write
    * CreateSaverWindow Use-After-Free Information Disclosure
    * DRI2 DRIGetBuffers/DRIGetBuffersWithFormat Out-Of-Bounds Write

@matthieu and the other xenocara devs are probably already working on
this in base.

Did:
cd /usr/ports/wayland/xwayland && make makesum update-plist update-patches port-lib-depends-check package test clean
cd /usr/ports/wayland/xwayland && cvs diff -uNp > /tmp/xwayland-24.1.12.diff

Comments, testing, and/or oks welcome.

Thank you all base and ports devs for all the recent update churn. Hope
this helps with patching.

May you all have a good one.
--
yaydn

• xwayland-24.1.12.diff (913B)