Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865
This CVE was opened based on a 5 years old Github issue[1], and has been made
public recently. The CVE wasn't officially disputed (yet?), but based on
the description and the given PoC the application is working as expected.
The vulnerability description and the PoC basically configures proftpd to
accept maximum x connections, and then when the user tries to open x + 1
concurrent connections, it refuses new connections over the configured limit.
See also discussion in the Github issue.
I just put it on the ignore list.
[1]: https://github.com/proftpd/proftpd/issues/1298
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Add "Open with" right click item and dialog
- Add a command-line option for setting default sort method
- Add Ctrl+A accelerator for the treeview
- Add option to show file size in binary or decimal
- Cosmetic changes for search entry and delete dialog
- Fix Ctrl+H not always toggling hidden files
- Fix DE detection when launched from Electron apps
- Fix exo file manager lookup for non-existent keys
- Fix file manager lookup outside of Xfce
- Fix GNOME DE detection in Ubuntu
- Improve application menu appearance
- Improve default width for the sidebar
- Prepend the project root directory to sys.path
- Support running without Xfconf (no preference saving)
- Switch to using the super() method
- Use correct executable for elementary Files
- Translation Updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix releases. Note that there were no 42.3 and 42.4 releases.
42.6:
* Fix crash when pasting invalid clipboard data. CVE-2022-37290
42.5:
* Really fix the cropped compress format popover on X11
* Fix behavior inconsistencies with new tabs
* Fix memory leaks and missing signal disconnections
* Translation updates
42.2:
* Close broken link message dialog on response
* Fix crash when opening new window from pathbar
* Fix remote filesystem check
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
1.50.7:
* client: Prevent returning invalid mount cache entries
* dav: Fix authentication issues when DNS-SD URIs are used
* nfs: Fix IPv6 URI handling
* sftp/ftp: Ensure that is-symlink is always set to avoid warnings
* Translation updates
1.50.6:
* udisks2: Disconnect signal handlers to fix crashes when unmounting
* fuse: Include missing locale.h header
* Translation updates
1.50.5:
* smbbrowse: Fix empty device listing after unrelated mount failure
* udisks: Fix missing unmount notifications
* trash: Fix nfs4 and cifs monitoring
* smb: Allow renaming a file to the same name with a different case
* mtp: Emit delete event on device disconnection
* trash: Fix wrongly reported item-count
* Some other fixes and improvements
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
When gstreamer PACKAGECONFIG is enabled, packaging fails with the following error:
ERROR: gtk4-4.6.9-r0 do_package: QA Issue: gtk4: Files/directories were installed but not shipped in any package:
/usr/lib/gtk-4.0/4.0.0/media/libmedia-gstreamer.so
Fix it by packaging this file also.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
4.8.3:
* Adds support for more Pango font-variants
* Style updates to solarized-dark, solarized-light
* Language updates to lean, rst, c, gtk-doc, javascript, and json
* Translation updates
4.8.4:
* Style updates to kate, classic, tango
* Language updates to vala, python3, c, cuda, latex
* Add unit tests for language specs
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
4.6.9:
* GtkText:
- Prevent unexpected notify::direction emissions
* Wayland:
- Fix button masks
* X11:
- Fix some ordering problems with surface destruction
* Translation updates
4.6.8:
* Input:
- Fix problems with input method interactions that caused
dead keys not to work
* GtkText:
- Respect the no-emoji input hint fully
* GtkNotebook:
- Fix an infinite loop in accessibility code
- Event handling fixes
* GtkFileChooser:
- Restore ~ and .functionality
* GtkTreeView:
- Event handling fixes
* GtkTreeListModel:
- Prevent possible crashes with collapsed nodes
* GtkGridView:
- Fix issues with rubberband selection
* GtkEmojiChooser:
- Fix navigation with arrow keys when filtered
* GtkPopover:
- Fix problems with focus when dismissing popovers
- Fix problems with focusing editable labels in popovers
* GtkStackSidebar:
- Improve accessible presentation
* Wayland:
- Make gtk_launch_uri more robust
- Make monitor bounds handling more robust
- Prevent shrinking clients due to wrong toplevel bounds
* Flatpak:
- Fix file DND with the FileTransfer portal
* Translation updates
4.6.7:
* Miscellaneous memory leak fixes
* GtkTreeView:
- Fix a problem with DND
- Fix a problem with row selection
* GtkTreePopover:
- Support scrolling
* GtkGridView:
- Fix issues with rubberband selection
* GtkSnapshot:
- Make GtkSnapshot work from bindings
* X11:
- Fix preferred action for DND
* Windows:
- Fix DND
* Translation updates
4.6.6:
* Fix translations in GTKs own ui files
* Wayland:
- Fix a problem with the activation protocol
- Don't force the HighContrast icontheme
* Windows:
- Fix a problem with builtin icons if the
hicolor icontheme is not installed
* Translation updates
4.6.5:
* GtkFileChooser:
- Fix pasting text into the name field
* GtkText:
- Remove an assertion that is sometimes hit
* Wayland:
- Ensure that our cursor surfaces don't violate
protocol constraints
* Accessibility:
- Fix a problem in the accessibility tree
* Translation updates
4.6.4:
* GtkFileChooser:
- Fix select button sensitivity in select_folder mode
- Fix some fallout from list model porting
* GtkListView, GtkColumnView:
- Optimize scrolling
* print-to-file:
- Handle nonexisting files better in the dialog
* Avoid infinite loops in size allocation
* CSS:
- Optimize a case of reparenting that is important in GtkListView
* GSK:
- Check for half-float support before using it
* Wayland:
- Ignore empty preedit updates This fixes a problem with
textview scrolling
- Freeze popups when hidden. This addresses a frame rate drop
* Translation updates
4.6.3:
* GtkOverlay:
- Bring back positional style classes
* GtkFileChooser:
- Prevent unwanted completion popups
- Fix small problems in save mode
- Fix buildable suport of GtkFileFilter
* GtkPopover:
- Fix button positions in right-to-left locales
* GtkLabel:
- Fix small issues with link handling
* Tooltips:
- Don't restrict the minimum tooltip length
* Theme:
- Don't use opacity for overlay scrollbars
- Fix selection text color in vertical spin buttons
* GSK:
- Accept textures that are generated by webkit
- Align offscreen rendering to the pixel grid
* Accessibility
- Fix a crash in startup when orca is running
* Input:
- Fix display changes in GtkIMMultiContext
- Fix activating on-screen keyboards
- Always propagate hold events in GtkEventControllerScroll
* Windows:
- Fix a critical warning in clipboard handling
- Report serial numbers for events
* MacOS:
- Prevent fullscreen transition reentrancy
* Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix release. Note that there were no other intermediate point releases
between these two versions.
Drop patch that is included in this release.
Release notes:
This release includes a fix for the broken GNOME Extensions link and
several translation updates.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Translation updates
- window: Use a normal menu for the popup menu
- regex: Fix path-less URL recognition
- Revert "regex: Workaround a PCRE bug resulting in not recognizing schemeless URLs"
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix releases.
Changelog:
42.9
====
* Misc. bug fixes and cleanups
42.8
====
* Lower OOM score of gnome-shell process
* Fixed crash
* Plugged leak
* Misc. bug fixes and cleanups
42.7
====
* Properly apply saved shortcuts inhibition permissions
* Don't let wayland popovers block overview
* Misc. bug fixes and cleanups
42.6
====
* Fix remembering inhibit-shortcut permission for multiple apps
* Forward TERMINAL input purpose to ibus
* Fix default keyboard layout during initial setup
* Fix tracking of newly installed apps
* Misc. bug fixes and cleanups
42.5
====
* Fix initial selection in switch-monitor popup on desktop
* Improve handling of recurring events
* Prevent SignalTracker from leaking objects
* Work around pipewire regression for screencasts
* Fix initial input source order
* Fixed crash
* Plugged leak
* Misc. bug fixes
42.4
====
* Fix adding suggestions from on-screen keyboard
* Allow extension updates with only Extension Manager installed
* Only load extensions that support the current session mode
* Fix logging in with realmd
* Tweak access portal dialog
* Improve overview animation performance
* Fix remembering set up bluetooth devices
* Plugged leak
* Misc. bug fixes and cleanups
42.3.1
======
* Fix regression in ibus support
* Make sure screenshot UI opens above dialogs
* Misc. bug fixes and cleanups
42.3
====
* Fix feedback when turning on a11y features by keyboard
* Fix OSD colors with light stylesheet
* Only close messages via delete key if they can be closed
* Fix screenshots when XDG directories are disabled
* Do not create systemd scope for D-Bus activated apps
* Improve high-contrast stylesheet
* Hide overview after 'Show Details' from app context menu
* Fix stylesheet papercuts
* Respect IM hint for candidates list in on-screen keyboard
* Fix edge case where windows stay dimmed after a modal is closed
* Improve Belgian on-screen keyboard layout
* Fix fallback ibus-daemon launching
* Misc. bug fixes
42.2
====
* Align space-padded times in world clocks
* Fix top bar menus on lock screen
* Fix on-screen keyboard gestures
* Fix focus tracking in magnifier on wayland
* Misc. bug fixes
42.1
====
* Limit unfullscreen gesture to not interfere with overview
* Properly hide the second (real) cursor when magnified
* Fix various style glitches
* Fix creating default application folders
* Fix switching monitor configuration
* Add Home/End keynav in app grid
* Handle monitor changes during startup animation
* Fix fractional timezone offsets in world clock
* Default to right text-align in RTL locales
* calendar: Fix alignment of world clocks header in RTL
* Rely on symbolic icons instead of 'HighContrast' icon theme
* Fix moving windows from secondary monitor to non-active workspace
* Make sure startup animation completes
* Fix Swiss on-screen keyboard layouts
* Add Austrian-German on-screen keyboard layout
* Fix on-screen keyboard in modal dialogs and lock screen
* Fix menus in pad OSD
* Sync default colors with libadwaita
* Fix grab regressions when entering overview
* Scale calendar with text size
* Allow more intermediate icon sizes in app grid
* Fixed crash
* Plugged memory leak
* Misc. bug fixes and cleanups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
- Translation updates
- Drop direct uses of GSlice
A11y-settings:
- Enable toolkit-accessibility when using the magnifier
Xsettings:
- Simplify fetching string for an enum value
- Remove direct mapping from gtk-im-module to Gtk/IMModule
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bug fix release.
https://gitlab.gnome.org/GNOME/gnome-desktop/-/blob/42.10/NEWS
Changelog:
Version 42.10
- Updated translations
Version 42.9
- No changes
Version 42.8
- No changes
Version 42.7
- No changes
Version 42.6
- No changes
Version 42.5
- Translation updates
Version 42.4
- No changes
Version 42.3
- No changes
Version 42.2
- Don't try to use bubblewrap inside snaps
Version 42.1
- Fix build_gtk4 option
- Translation updates
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
These are bugfix releases.
(Note that there were no 42.6, 42.7 and 42.8 tags)
================
Version 42.10
================
- Fix monitor order in display settings
- Add 32:9 aspect ration in display settings
- Fix warning in user panel in initialization of avatar widget
- Updated translations
================
Version 42.9
================
- Updated translations
Network:
- Fix possible race in tests
================
Version 42.5
================
- Updated translations
- Added various accessibility labels
- Initialize locale early
About
- Don't load version.xml info we don't use
Applications
- Don't recurse into symlinks when clearing app cache
Color
- Fix crash when there's no device rows to show
Cellular
- Improve dbus error messaging
- Handle cases when SIM ID is not present
- Prevent duplicate entries in the SIM providers list
Keyboard
- Fix activation of input source toggle button
- Fix permission_acquired always returning FALSE
Mouse
- Set rows as actiavatable widgets
Network
- Fix crashes when EAP password is missing
- Fix wrong signal of SEA password visibility toggle
- Prevent crash when disconnecting wifi device
- Use mime-types for file chooser filtering TLS files
Online Accounts
- Fix crash when failing to find GOA helper executable
Power
- Prevent terminal from getting spammed with ALS logs
Printers
- Fix loading of UI resources
- Show empty-state when removing the last printer
Region
- Fix creating rows for locales without a country
- Fix critical when changing language
- Fix permission_acquired always returning FALSE
Search
- Fix reordering of list rows
Users
- Show a fallback avatar when failing to load one
Wifi
- Allow accessing settings of known wifi networks
================
Version 42.4
================
- Updated translations
Background
- Restore support for multiple file selection
- Allow more image formats
Display
- Fix primary monitor selection
Network
- Fix network profiles shown on wrong device
- Various crash fixes
Power
- Fix blank-screen settings not applying
- Fix "Power Button Behavior" setting not applying
User Accounts
- Disconnect fingerprint reading devices when closing dialog
Sharing
- Don't set remote-desktop password entry if pw_generate fails
- Don't assert if we can't find the widget for a profile
================
Version 42.3
================
- Updated translations
Display
- Use virtual clone modes when mirroring
Network
- Prevent crash by disconnecting device.
- Fix Wi-Fi network with "&" in name not appearing.
- Fix warning when panel closed.
================
Version 42.2
================
- Updated translations
Applications
- Fix Snap permissions support failing to compile
- Fix CcInfoRow having the wrong parent
- Fix crash crash when switching between two apps
Background
- Make sure the size of the light/dark previews are the same
Keyboard
- Fix crash resetting all keyboard shortcuts
Network:
- Stop freeze when closing wired connection properties with Escape
Sharing
- Fix close button on Verify Encryption dialog
- Turn off RDP gsettings key when turning off RDP
Shell
- Initialise locale early
Sound
- Update theme correctly so other apps respond to change
================
Version 42.1
================
- Updated translations
Display
- Various small behavior improvements
- Fix monitor labels
Network
- Improve handling of VPN connections
Online Accounts
- Fix behavior of helper application on X11
- Fix changes to online accounts services not applying correctly
User Accounts
- Various small polishments
Wacom
- Properly translate various strings
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
ver 42.8:
This update fixes problems with some devices not disappearing from the list
of quick settings in GNOME Shell.
ver 42.7:
This version fixes bugs that stopped the Obex Push server from automatically
accepting files from paired devices and caused the device's Connection switch to
appear out of sync with the connection state. This version also contains build
fixes and updated translations.
ver 42.6:
This version fixes problems with icons for mice and tablets, updates status labels
to be dimmed by default, and contains updated translations.
ver 42.5:
This version fixes the pairing dialogue misbehaving for some Bluetooth Classic
keyboards, with the passkey disappearing after the first digit is typed.
ver 42.4:
This version switches the power state API added in version 42.3 to be backed
by the experimental PowerState property in bluetoothd. The API will not show
transitional states if the version of bluetoothd is too old.
The battery API now exports the battery information for all Bluetooth devices
listed in UPower, not just the ones re-exported from bluetoothd.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
1.72.3:
- Fix for crash after build against libffi 3.4.2 ported from the development
branch.
1.72.4:
- Various fixes ported from the development branch.
- Closed bugs and merge requests:
* log_set_writer_func is not safe to use
* Gnome-Shell 42 - crash after login (general protection fault)
* Static methods on classes from GObject introspection are now present on JS
classes that inherit from those classes.
* Enabling window-list extension causes gnome-shell to crash when running
"dconf update" as root
* Possible errors in cairo enums
* cairo.SVGSurface need finish() and flush() to finalize painting
* Handle transfer-none string return value from vfunc implemented in JS
* GJS freezes, program stops responding, error states Gtk4 EventController
GestureClick returns incorrect state- Gdk.ModifierType on mouse button press
in X11
* gnome-shell crashes on exit in js::gc::Cell::storeBuffer
* Memory leak with GError
* GVariant return values leaked
* GBytes's are leaked when passed as-is to a function
* Transformed GValues are leaking temporary instances
* GHash value infos are leaked
* "flat" arrays of GObject's are leaked
* Gjs console leaks invalid option errors
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Changelog:
build:
* Narrow the version to enable nautilus plugin
* Disable nautilus extension by default [NB: it is controlled by PACKAGECONFIG in meta-oe]]
comics:
* Avoid critical when pixbuf can't be rendered
* Better debug on archive error
* Fix crash that can happen if archive is damaged
* Still try to open broken comics
shell:
* Fix use-after-free on a modified document
* Use default color when annotation has no color
* recent-view: Update for new gnome-desktop API
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
These releases contain many bugfixes.
Changelog:
42.9
====
* Do not overwrite previously set offsets on attach
* Don't disable KMS modifiers on newer i915 systems
* Reduce memory bandwidth usage in some GPUs
* Fix pointer constrains with subsurfaces
* Fix partial updates on offscreen rotated screens
* Do not require a physical device to update pointer visibility
* Fix Xwayland focus regressions
42.8
====
* Skip resize effects for tiled windows during user grabs
* Disable direct scanout during drag-n-drop operations
* Ignore unmapped subsurfaces in direct scanout check
* Fix cursor disappearing over windows during grabs
* Fix cursor position in window screencasts
* Fix initialization of keyboard accessibility
* Don't allow window activation to break global grabs
* Fixed crashes
* Plugged leak
* Misc. bug fixes and cleanups
42.7
====
* Always send modifiers to clients if supported
* Make NVIDIA + gbm use atomic mode setting
* Disable client modifiers with amdgpu driver
* Handle stage view updates without allocation more gracefully
* Fix window screenshots being cut off at the bottom right
* Implement wl_output v3 and v4
* Fix recalculating viewport after window resize
* Fixed crashes
* Misc. bug fixes and cleanups
42.6
====
* Add quirk to work around issue with Mali GPUs
* Stop sending frame callbacks to minimized clients
* Fixed crashes
* Misc. bug fixes and cleanups
42.5
====
* Improve heuristics for adding fallback monitor modes
* Fixed crash
* Misc. bug fixes and cleanups
42.4
====
* screencast: Set correct stride when using dmabufs
* Fix glitches in apps using subsurfaces
* Reduce client work when entering overview
* Highlight actors becoming reactive under the pointer
* Fall back to ARGB if XRGB is not supported
* Support direct scanout on GPUs without modifiers support
* Fix registering as X11 window manager if GDK_BACKEND is set
* Fixed crash
* Plugged leak
* Misc. bug fixes and cleanups
42.3
====
* wayland: Fix rotation transform
* Fix dma-buf screencast regression
* Fix monitor mirroring in some cases
* Fixed crash
* Plugged leak
42.2
====
* Don't use direct scanout for transparent windows
* Fix initialization of privacy mode in displays that support it
* Fix --replace again
* Improve picking a window for direct scanout
* Do not allow windows to steal focus when the shell has a grab
* Fix night light without GAMMA_LUT property
* Fixed crash
* Misc. bug fixes
42.1
====
* Send correct LEAVE events when entering windows
* Be more forgiving with wrongly sized clients
* Add ClutterInputCapabilities enum and device property
* Fall back if COPY_MODE_SECONDARY_GPU fails to init
* Fix missing root window properties after XWayland start
* wayland/shm: Add support for ABGR8888 and XBGR8888 formats
* Keep actors dirty if a redraw was queued up during paint()
* Fix overview painting of shaped texture with layer snippets
* Survive missing GAMMA_LUT KMS property
* Record current event when going through event filters
* Pass events to pointer a11y before going through filters
* Update cursor when scaled or transformed
* Fix screen cast when DMA buffer fails or can't be used
* Repick when pointer actor goes unmapped
* Improve IM support
* Allow using dumb buffers for cursor sprites
* wayland/dma-buf: Only advertise supported formats
* Fix screen cast cursor metadata with unthrottled input
* Fixed crashes
* Plugged memory leak
* Misc. bug fixes and cleanups
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
setuptools.patch
removed since it's included in 3.8.5.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cc532b9d4e)
Shortlog:
python: Replace distutils with setuptools
sanlock: fix memory leak of lockspace renewal_history
sanlock: fix pthread_create error check
Revert "sanlock: Shrink thread pool when there is no work"
sanlock: fix pthread_create error paths
sanlock: acquire should ignore unused options str
sanlock: use helper to set max_sectors_kb
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix releases.
Changelog:
2.10.4:
- Servers offering certificate variants of hostkey algorithms
(eg ssh-rsa-cert-v01@openssh.com) could not have their host
keys verified by Paramiko clients, as it only ever considered
non-cert key types for that part of connection handshaking.
This has been fixed.
- PKey instances’ __eq__ did not have the usual safety guard in
place to ensure they were being compared to another PKey object,
causing occasional spurious BadHostKeyException (among other
things). This has been fixed.
- Update camelCase method calls against the threading module to
be snake_case; this and related tweaks should fix some deprecation
warnings under Python 3.10.
2.10.5:
- Windows-native SSH agent support as merged in 2.10 could encounter
Errno 22 OSError exceptions in some scenarios (eg server not cleanly
closing a relevant named pipe). This has been worked around and
should be less problematic.
- OpenSSH 7.7 and older has a bug preventing it from understanding
how to perform SHA2 signature verification for RSA certificates
(specifically certs - not keys), so when we added SHA2 support it
broke all clients using RSA certificates with these servers. This
has been fixed in a manner similar to what OpenSSH’s own client
does: a version check is performed and the algorithm used is
downgraded if needed.
- Align signature verification algorithm with OpenSSH re: zero-padding
signatures which don’t match their nominal size/length. This shouldn’t
affect most users, but will help Paramiko-implemented SSH servers
handle poorly behaved clients such as PuTTY.
2.10.6:
- Raise SSHException explicitly when blank private key data is loaded,
instead of the natural result of IndexError. This should help more
bits of Paramiko or Paramiko-adjacent codebases to correctly handle
this class of error.
- Update SSHClient so it explicitly closes its wrapped socket object
upon encountering socket errors at connection time. This should help
somewhat with certain classes of memory leaks, resource warnings,
and/or errors (though we hasten to remind everyone that Client and
Transport have their own .close() methods for use in non-error
situations!).
https://www.paramiko.org/changelog.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Bugfix release.
Changelog:
- Use LVM PV format current_size in LVMVolumeGroupDevice._remove
- Correctly set vg_name after adding/removing a PV from a VG
- Do not crash when changing disklabel on disks with active devices
- ActionDestroyDevice should not obsolete ActionRemoveMember
- Correctly set compression and deduplication for existing VDO pools
- Correctly cancel configure actions in cancel()
- Set partition flags after setting parted filesystem
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Gyorgy Sarvari
Wang Mingyu
Ankur Tyagi