Add a new graphics protocol key, N=1, to request that transmitted
image/frame data is kept only in memory and not written to the graphics
disk cache file.
This is useful for transient high-frequency updates such as video-like
streams, where the latest frame is the only useful data and persisting
each frame to the disk cache causes unnecessary write traffic.
The implementation keeps the existing graphics cache abstraction intact:
memory-only entries can still be read back by animation, composition, and
frame coalescing paths. Only persistence to the disk cache file is skipped.
The default behavior is unchanged when N is omitted or set to zero.
Timing-safe comparisons:
- crypto.c: Replace memcmp with CRYPTO_memcmp for Secret equality,
require equal lengths before comparing
- remote_control.py: Constant-time password lookup to avoid leaking
valid passwords via dict hash timing
- file_transmission.py: Use hmac.compare_digest for bypass token
comparison instead of ==
Memory safety:
- child-monitor.c: Fix inverted condition in write_to_peer that
prevented memmove from ever executing on partial writes
- ibus_glfw.c: Null-terminate IBUS_ADDRESS copy to prevent string
overread when strlen >= PATH_MAX
- x11_window.c: Add NULL checks after realloc in clipboard/DnD
data handling (two sites)
- dnd.c: Cap accepted_mimes at 1MB to prevent unbounded growth,
fix realloc to not lose the original pointer on failure
- png-reader.c: Cast to size_t before multiplication to prevent
integer overflow on 32-bit platforms
Secrets hygiene:
- disk-cache.c: Zero encryption_key with explicit_bzero before free
Tar extraction hardening:
- tar.go: Validate hardlink targets against destination prefix to
prevent writing outside extraction directory
- tar.go: Strip setuid/setgid/sticky bits from extracted files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Avoids paying the XOR overhead on all cached data. Temp files opened
using O_TMPFILE are secure enough, as far as I know. Processes without
elevated privileges cannot read from them unless they inherit the file
descriptor.
Make coalescing of neighboring holes robust. Speed up hole finding.
Cost is we replace a single array tracking holes with three hashmaps
tracking size->[pos] pos->size and endpos->size.