CVE-2017-14160: Fix bounds check on very low sample rates.
CVE-2018-10392: Sanity check number of channels in setup.
These were committed upstream two years ago, but there has been no
release since.
Reported by: T.J. Townsend <tj@openbsd.org>
Security: 4200d5f5-b985-11ea-b08a-f8b156b6dcc8
These are all components abandoned upstream, and not developed
anymore.
All of these still depend on GTK2 and some on the already deprecated
x11-toolkits/libxfce4gui.
As you may know XFCE development has already dropped any support
for GTK2, so, unless these software packages are ported to GTK3 by
someone, they WILL be removed from the tree when XFCE 4.16 will be
released and ported.
Due to their status these ports could break for many reasons and
unless the fix is really trivial or patches are provided they will
be removed from the tree in case of breakage.
Further reasons for each of them follow.
xfce4-mixer:
Removed from XFCE in version 4.12, abandoned since, in 2015.
Uses outdated gstreamer 0.10.
xfce4-print:
Removed from XFCE after version 4.6, abandoned since, around 2009.
CUPS support broken since cups version 2.3.3 due to upstream interface
changes.
Already deprecated due to dependency on libxfce4gui.
xfce4-quicklauncher-plugin:
Unsupported after XFCE 4.4, around 2009.
Already deprecated due to dependency on libxfce4gui.
Unable to locate a source code repository.
xfce4-wmdock-plugin:
Last update in 2013.
Unable to locate a source code repository.
There are other components I'm not marking as DEPRECATED right now,
but please note I have doubts on their support status. These are
also still depending on GTK2 and it's unsure if they will be ported
to GTK3 and spared by the XFCE 4.16 update:
orage
xfce4-embed-plugin
xfce4-mailwatch-plugin
xfce4-equake-plugin
Other XFCE components in our tree still depending on GTK2 are
reasonably expected to be ported by upstream to GTK3 before 4.16
is released, or, in some cases have already been ported in their
repositories and/or development versions.
Tuesday, 23 June 2020. Today KDE releases a bugfix update to KDE Plasma 5,
versioned 5.19.2. Plasma 5.19 was released in June 2020 with many feature
refinements and new modules to complete the desktop experience.
This release adds a week's worth of new translations and fixes from KDE's
contributors. The bugfixes are typically small but important and include:
* Fix KRunner positioning on X11 with High DPI and Qt scaling on Plasma.
* Fix case of monitored service in startplasma's shutdown.
* KSysGuard: Expose better size hints.
Full changelog:
https://kde.org/announcements/plasma-5.19.1-5.19.2-changelog
Changes in this Version
Security
Fixed: Potential exploit in the OCB2 encryption (#4227)
ICE
Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)
GRPC
Fixed: Segmentation fault during murmur shutdown (#3938)
Server
Fixed: Possibility to circumvent max user-count in channel (#3880)
Fixed: Rate-limit implementation susceptible to time-underflow (#4004)
Fixed: OpenSSL error 140E0197 with Qt >= 5.12.2 (#4032)
Fixed: VersionCheck for SQL for when to use the WAL feature (#4163)
Fixed: Wrong database encoding that could lead to server-crash (#4220)
Fixed: DB crash due to primary key violation (now performs “UPSERT” to avoid this) (#4105)
Improved: The fields in the Version ProtoBuf message are now size-restricted in order to avoid attacks that can render another client unresponsive (#4101)
PR: 247379
GCC is still used on stable/11 and stable/12. It needs sys/types.h in lzh.h, because some types are not recognized.
Force newer compiler due to:
pfilesel.c:3312: error: #pragma GCC diagnostic not allowed inside functions
Because of libstdc++ ABI changes due to forcing new compiler, audio/libadplug and devel/libbinio in order for audio/ocp to build.
PR: 247377
Approved by: ehaupt (maintainer)
Security
Fixed: Potential exploit in the OCB2 encryption (#4227)
ICE
Fixed: Added missing UserKDFIterations field to UserInfo => Prevents getRegistration() from failing with enumerator out of range error (#3835)
GRPC
Fixed: Segmentation fault during murmur shutdown (#3938)
Client
Fixed: Crash when using multiple monitors (#3756)
FIxed: Don’t send empty message from clipboard via shortcut, if clipboard is empty (#3864)
Fixed: Talking indicator being able to freeze to indicate talking when self-muted (#4006)
Fixed: High CPU usage for update-check if update server not available (#4019)
Fixed: DBus getCurrentUrl returning empty string when not in root-channel (#4029)
Fixed: Small parts of whispering leaking out to normal talk (#4051)
Fixed: Last audio frame of normal talking sent to last whisper target instead when using VoiceActivation (#4050)
Fixed: LAN-icon not found in ConnectDialog (#4058)
Improved: Set maximal vertical size for User Volume Adjustment dialog (#3801)
Improved: Don’t send empty data to PulseAudio (#3316)
Improved: Use the SRV resolved port for UDP connections (#3820)
Improved: Manual Plugin UI (#3919)
Improved: Don’t start Jack server by default (#3990)
Improved: Overlay doesn’t hook into all other processes by default (#4041)
Improved: Wait longer before disconnecting from a server due to unanswered Ping-messages (#4123)
PR: 247379
MFH: 2020Q2
Tuesday, 16 June 2020. Today KDE releases a bugfix update to KDE Plasma 5,
versioned 5.19.1. Plasma 5.19 was released in June 2020 with many feature
refinements and new modules to complete the desktop experience.
This release adds a month's worth of new translations and fixes from KDE's
contributors. The bugfixes are typically small but important and include:
* Dr Konqi: Map neon in platform guessing.
* Battery applet not showing up in tray.
* Fix confirmLogout setting for SessionManagement.
Changelog:
https://kde.org/announcements/plasma-5.19.0-5.19.1-changelog
- Switch to purely CMake-based build, remove autotools-related
patches and Makefile knobs
- Force PLIST_SUB+=NLS="" temporarily while the proper fix is
being developed, to reduce the churn of the pkg-plist
- Do not force C++14 while C++11 is sufficient for the time being
- Do not hardcode Python version when building the manual page
PR: 246645
* Introduce additional default option AVAHI to make the use of the Avahi
libraries optional.
* Remove one patch and the whole patching via "post-patch" - both is no
longer needed.
* While I'm here: Prepare the port for Qt 5.15.0
Changelog:
https://github.com/supercollider/supercollider/releases/tag/Version-3.11.0
PR: 246320
Submitted by: shamaz.mazum@gmail.com
Approved by: Neal Nelson <ports@nicandneal.net> (maintainer)
MFH: 2020Q2 (blanket: unbreak broken port)