For example, updating to 1.0.0-alpha.4 (aka 2021-09-14 snapshot)
is currently blocked by the following:
https://gitlab.gnome.org/GNOME/libadwaita/-/commit/ad09941a6ae4https://gitlab.gnome.org/World/Rust/libadwaita-rs/-/commit/45f6ac3e8e06
$ pkg install authenticator gnome-keyring-daemon
$ dbus-run-session sh
$ export $(gnome-keyring-daemon -r -d)
$ secret-tool store --label=Default foo bar
$ RUST_BACKTRACE=1 authenticator
<Click on Menu (hamburger button) then Providers (Ctrl+P)>
(<unknown>:1234): Gtk-CRITICAL **: Error building template class 'ProviderPage' for an instance of type 'ProviderPage': .:0:0 Invalid type 'AdwEnumValueObject'
thread 'main' panicked at 'assertion failed: !self.ptr.is_null()', gtk4-rs-13a8317a2ef8738362b9fa7f55a29dd5d3dbc459/gtk4/src/subclass/widget.rs:1147:13
stack backtrace:
0: rust_begin_unwind
1: core::panicking::panic_fmt
2: core::panicking::panic
3: <gtk4::subclass::widget::TemplateChild<T> as core::ops::deref::Deref>::deref
at gtk4-rs-13a8317a2ef8738362b9fa7f55a29dd5d3dbc459/gtk4/src/subclass/widget.rs:1147:13
4: authenticator::widgets::providers::page::ProviderPage::setup_widgets
at Authenticator-ba1894159358275be2765bc42ef89782a2d1d45d/src/widgets/providers/page.rs:415:9
5: <authenticator::widgets::providers::page:👿:ProviderPage as glib::subclass::object::ObjectImpl>::constructed
at Authenticator-ba1894159358275be2765bc42ef89782a2d1d45d/src/widgets/providers/page.rs:132:13
6: glib::subclass::object::constructed
at gtk3-rs-6e3c8739f9f5b8dc0a234f4a485e254574af5953/glib/src/subclass/object.rs:109:5
[...]
in preparation for the split in base of libtinfo and libncurses, clearly
specify when the packages should link against.
Note this also fixes the build with ports ncurses
ncurses from ports and futur ncurses in base differs from current
ncurses in base by the fact it is not providing a giant libncurses.so
but 2 libraries: libtinfo and libncurses, those information often needs
to be reported to the consumer port.
while here remove a now useless test for support of widechar ncurses in
base, all supported version of freebsd have it now.
This program allows to compare the performance of different POSIX
shells (e.g. sh, bash, dash, ksh, zsh, ...).
A number of sample scripts are included and can be easily extended to
cover more areas.
- Now builds itself using Dune (devel/ocaml-dune)
- Drop reference to Pervasives; it is deprecated
- Result is an alias to Stdlib.Result on OCaml 4.08+
Reported by: portscout (a while ago)
Lapo Luchini reports that run-time dependency on `security/ca_root_nss'
port is no longer needed starting with Golang version 1.17.
Notified by: portscout
I wasn't able to see my mistake based on the error "make validate"
gave me:
Traceback (most recent call last):
File "/usr/local/poudriere/ports/current-patched/security/vuxml/files/extra-validation.py", line 99, in <module>
if (re_invalid_package_name.search(name.text) is not None):
TypeError: expected string or bytes-like object
*** Error code 1
Thanks to Dan for the pointy hat save.
Reported by: Dan Langille
https://github.com/zeek/zeek/releases/tag/v4.0.4
This release fixes two vulnerabilities:
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause
it to crash. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability.
Other fixes:
- The highwayhash submodule was updated to fix a build failure on
FreeBSD 14.
- Packet sources that don't have a selectable file descriptor could
potentially prevent the network time from ever updating, which
would have adverse effects on the primary run loop such as
preventing timers from executing.
- Specific conditions in the run loop could lead RotationTimers
to get into an infinite loop.
- Specially crafted HTTP packets could avoid the HTTP analyzer.
- Zeekctl crashes using the zeekctl status command if the
StatusCmdShowAll option is set to 1 in zeekctl.cfg.
- The ignore_checksum_nets option does not work correctly if
configured with multiple subnets.
Reported by: Tim Wojtulewicz
Security: d4d21998-bdc4-4a09-9849-2898d9b41459
https://github.com/zeek/zeek/releases/tag/v4.0.4
- Paths from log stream make it into system() unchecked, potentially
leading to commands being run on the system unintentionally.
This requires either bad scripting or a malicious package to be
installed, and is considered low severity.
- Fix potential unbounded state growth in the PIA analyzer when
receiving a connection with either a large number of zero-length
packets, or one which continues ack-ing unseen segments. It is
possible to run Zeek out of memory in these instances and cause
it to crash. Due to the possibility of this happening with packets
received from the network, this is a potential DoS vulnerability.
