ChangeLog: http://www.repo.hu/projects/librnd/releases/changelog-3.2.2.txt
* Add: comment on BSD make in INSTALL
* Fix: use compatibility color component conversion for determining crosshair
color because component type and scaling differs between gtk2 and gtk4
* Add: compatibility macro for converting color component to 0..1
* Change: enable gtk4 plugin by default (but still prefer gtk2 if both gtk4 and
gtk2 are available)
* Add: compatibility macro for converting color component to 0..1
* Add: extdep on libgd
* Fix: missing gtk4_gl from the help text
* Fix: sensible default size for the export dialog
* Fix: when real xor is not available (e.g. on VAO), use 1-clr for all r;g;b so
that the base color is "inverted" like when xor is available
* Fix: detect inline before making decisions based on it
PR: 267863
Reported by: fuz@fuz.su (maintainer)
MFH: 2022Q4 (bugfix release)
(cherry picked from commit 8edd92b403)
ChangeLog: https://github.com/unfs3/unfs3/blob/master/NEWS
* include AFS support for better serving of files from AFS filesystems
* use svc_getreq_poll() when available
* fix serving files larger than 4GB from Windows
* better support for 64-bit systems
* fixes for macOS and Windows support
* fixes when cross compiling
* better support for exporting FAT filesystems
PR: 267848
Reported by: fuz@fuz.su (maintainer)
MFH: 2022Q4 (bugfix release)
(cherry picked from commit c6dc382584)
ChangeLog: https://sw.kovidgoyal.net/kitty/changelog/#detailed-list-of-changes
* Allow centering the background_image
* X11: Fix a regression in the previous release that caused pasting from GTK
based applications to have extra newlines
* Tab bar: Improve empty space management when some tabs have short titles,
allocate the saved space to the active tab
* Fix background_tint not applying to window margins and padding
* Wayland: Fix background image scaling using tiled mode on high DPI screens
* Wayland: Fix an abort when changing background colors with
wayland_titlebar_color set to background
* Update to Unicode 15.0
* GNOME Wayland: Fix a memory leak in gnome-shell when using client side
decorations
* Wayland: Mark windows in which a bell occurs as urgent on compositors that
support the xdg-activation protocol
* Allow passing null bytes through the system clipboard
* ssh kitten: Fix KITTY_PUBLIC_KEY not being encoded properly when transmitting
* Sessions: Allow controlling which OS Window is active via the
focus_os_window directive
* Wayland: Fix for bug in NVIDIA drivers that prevents transparency working
* Wayland: Fix for a bug that could cause kitty to become non-responsive when
using multiple OS windows in a single instance on some compositors
* Wayland: Fix for a bug preventing kitty from starting on Hyprland when using
a non-unit scale
* Wayland: Generate a XDG_ACTIVATION_TOKEN when opening URLs or running
programs in the background via the launch action
* Fix a regression that caused kitty not to restore SIGPIPE after python nukes
it when launching children. Affects bash which does not sanitize its signal
mask.
* Fix a use-after-free when handling fake mouse clicks and the action causes
windows to be removed/re-allocated
PR: 267209
Reported by: alexis.praga@proton.me (maintainer)
MFH: 2022Q4 (bugfixes)
(cherry picked from commit 0720e8460e)
Changelog:
Enhancements:
* Add backplane Ethernet interface types
* Add location selector to power feed form
* Use front/rear port colors in cable trace SVG
* Include "add module type" button on manufacturer view
* Add count of L2VPNs to tenant view
* Include device location under cable view
* Include request cookies when queuing a custom script
Bug Fixes:
* Ensure thread safety of change logging functions
* Correct UI display for azuread-v2-tenant-oauth2 SSO backend
* Fix bulk edit/delete buttons ad top of object lists
* Correct cookie paths when BASE_PATH is set
* Remove erroneous link for contact assignment count
* Fix dark mode coloring for data on device status page
* Populate tag selection list for service filter form
* Fix form widget styling on FHRP group form
* Fix cable creation links on power port view
https://github.com/netbox-community/netbox/releases/tag/v3.3.8
MFH: 2022Q4
(cherry picked from commit 5fb5c23fea)
Python is only needed in developer mode and only to regenerate already
provided files in lib/wind.
PR: 267814
Submitted by: jkim
Reported by: jkim
Fixes: a5523d807d
(cherry picked from commit 68dcf2c91f)
Three problems were discovered when building under poudriere or in
a clean jail.
1. Python is now a prerequisite.
2. liblockfile is now needed.
3. clang-format is needed for asn1_compile. Unfortunately the base llvm
does not install clang-format so we need install $LLVM_DEFAULT to get
this file.
PR: 267814
Reported by: many
Fixes: 83f79ba0e0
(cherry picked from commit a5523d807d)
Checking for VDPAU acceleration : x11 not found
Checking for VDPAU with OpenGL/X11 : vdpau not found
PR: 267816
Reported by: amdmi3
(cherry picked from commit 223e207711)
Hyprland is a dynamic tiling Wayland compositor based on wlroots that
doesn't sacrifice on its looks.
It supports multiple layouts, fancy effects, has a very flexible IPC
model allowing for a lot of customization, and more.
https://hyprland.org/
(cherry picked from commit cfe9880ad4)
(cherry picked from commit e33fe42001)
(cherry picked from commit 8167387ada)
(cherry picked from commit 1a0475fd8c)
(cherry picked from commit 29a6705bfb)
(cherry picked from commit f43b454e75)
(cherry picked from commit 9d09359dba)
(cherry picked from commit 83c0ff9dd1)
(cherry picked from commit 7b0aa0c16c)
(cherry picked from commit d16353f0cc)
This upgrade fixes multiple security vulnerabilities.
The following issues are patched:
- CVE-2022-42898 PAC parse integer overflows
- CVE-2022-3437 Overflows and non-constant time leaks in DES{,3} and arcfour
- CVE-2021-44758 NULL dereference DoS in SPNEGO acceptors
- CVE-2022-44640 Heimdal KDC: invalid free in ASN.1 codec
Note that CVE-2022-44640 is a severe vulnerability, possibly a 10.0
on the Common Vulnerability Scoring System (CVSS) v3, as we believe
it should be possible to get an RCE on a KDC, which means that
credentials can be compromised that can be used to impersonate
anyone in a realm or forest of realms.
Heimdal's ASN.1 compiler generates code that allows specially
crafted DER encodings of CHOICEs to invoke the wrong free function
on the decoded structure upon decode error. This is known to impact
the Heimdal KDC, leading to an invalid free() of an address partly
or wholly under the control of the attacker, in turn leading to a
potential remote code execution (RCE) vulnerability.
This error affects the DER codec for all extensible CHOICE types
used in Heimdal, though not all cases will be exploitable. We have
not completed a thorough analysis of all the Heimdal components
affected, thus the Kerberos client, the X.509 library, and other
parts, may be affected as well.
This bug has been in Heimdal's ASN.1 compiler since 2005, but it may
only affect Heimdal 1.6 and up. It was first reported by Douglas
Bagnall, though it had been found independently by the Heimdal
maintainers via fuzzing a few weeks earlier.
While no zero-day exploit is known, such an exploit will likely be
available soon after public disclosure.
- CVE-2019-14870: Validate client attributes in protocol-transition
- CVE-2019-14870: Apply forwardable policy in protocol-transition
- CVE-2019-14870: Always lookup impersonate client in DB
Reported by: so (philip)
Approved by: so (philip)
Security: Many, see above
Sponsored by: so (philip)
(cherry picked from commit 83f79ba0e0)
krb5-118 was desupported by MIT when krb5-120 was released. CVE-2022-42898
now requires its accelerated removal from the tree. It is now
flagged IGNORE until its removal on Nov 30, 2022.
Security: CVE-2022-42898
(cherry picked from commit c49050564f)
Topic: Vulnerabilities in PAC parsing
CVE-2022-42898: integer overflow vulnerabilities in PAC parsing
SUMMARY
=======
Three integer overflow vulnerabilities have been discovered in the MIT
krb5 library function krb5_parse_pac().
IMPACT
======
An authenticated attacker may be able to cause a KDC or kadmind
process to crash by reading beyond the bounds of allocated memory,
creating a denial of service. A privileged attacker may similarly be
able to cause a Kerberos or GSS application service to crash.
On a 32-bit platform, an authenticated attacker may be able to cause
heap corruption in a KDC or kadmind process, possibly leading to
remote code execution. A privileged attacker may similarly be able to
cause heap corruption in a Kerberos or GSS application service running
on a 32-bit platform.
An attacker with the privileges of a cross-realm KDC may be able to
extract secrets from a KDC process's memory by having them copied into
the PAC of a new ticket.
AFFECTED SOFTWARE
=================
Kerberos and GSS application services using krb5-1.8 or later are
affected. kadmind in krb5-1.8 or later is affected. The krb5-1.20
KDC is affected. The krb5-1.8 through krb5-1.19 KDC is affected when
using the Samba or FreeIPA KDB modules.
REFERENCES
==========
This announcement is posted at:
https://web.mit.edu/kerberos/advisories/MITKRB5-SA-2022-001.txt
This announcement and related security advisories may be found on the
MIT Kerberos security advisory page at:
https://web.mit.edu/kerberos/advisories/index.html
The main MIT Kerberos web page is at:
https://web.mit.edu/kerberos/index.html
CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42898
Security: CVE-2022-42898
(cherry picked from commit de40003bfd)
The type real_t is float on ARM but double on other platforms. Pepper
in a bunch of extra casts to make clang happy.
The alternative of making real_t a double on ARM does not work.
PR: 267442
Approved by: maintainer timeout, >2 weeks
MFH: 2022Q4
(cherry picked from commit 835b479670)
Update 3rd party module ngx_http_lua_module to 0.10.22 otherwise nginx
fails to start with the following error message:
nginx: [alert] failed to load the 'resty.core' module
(https://github.com/openresty/lua-resty-core); ensure you are using an
OpenResty release from https://openresty.org/en/download.html (reason:
/usr/local/share/lua/5.1/resty/core/base.lua:23: ngx_http_lua_module
0.10.22 required) in /usr/local/etc/nginx/nginx.conf:76
This has been broken for almost two weeks, use the
"Trivial and tested build and runtime fixes" blanket from 22.8.1 of the
committers guide to prevent more people from breaking their production
setups. nginx-devel already has version 0.10.22 of the module.
PR: 267418
(cherry picked from commit 48a7ce510a)