Convert display-panes away from an overlay and into a mode. This is
another step on the road of getting rid of overlays altogether (they are
full of special cases; popups and menus are to go also eventually). We
lose some of the styling of borders but gain the ability to run
display-panes in another pane (perhaps not hugely useful but one never
knows). The -b flag goes away as no longer useful.
drop RDEP on gobject-introspection, actually only needed as a BDEP
(message says "Run-time dependency" but aja@ points me at this being done
automatically by meson gnome.generate_gir).
add MODTCL_VERSION=8.6 to redis/bsd, stu@ is planning to change the
default to 9 and tests in this version of redis have "package require
tcl 8.5" (which is >=8.5, <9).
redis/main tests fail in the same way with Tcl 9 as they do with 8.5
and 8.6.
Use SHA1Final() in libskey.
S/KEY requires hash output in little endian form, while SHA-1 produces big
endian output. Rather than using SHA1Pad() and then reaching into the SHA-1
state directly, use SHA1Final() and then convert to little endian using
be32toh/htole32.
ok claudio@ millert@ tb@
import ports/geo/pmtiles, ok landry
PMTiles is a single-file archive format for tiled data. A PMTiles
archive can be self-hosted, or hosted on a commodity storage platform
such as S3, and enables low-cost, zero-maintenance map applications
that are free of a custom tile backend or third party provider.
This package provides the pmtiles CLI command, which works with local
tilesets on disk, or remotely (e.g. with archives on cloud storage, even
in private buckets). File operations include displaying basic information,
extracting an archive containing just your chosen zoom levels and/or area
from a larger file (e.g. those at https://maps.protomaps.com/builds/),
merging disjoint files together, uploading to cloud storage, etc.
Some applications (like MapLibre GL JS) are able to use pmtiles files
directly (fetching sections via HTTP Range requests); some others want
a server providing an industry-standard "ZXY" API to fetch rendered
tiles: pmtiles can provide this over HTTP.
Fix X.509 constraints URI host parsing.
An authority in a URI is only terminated by a slash, question mark or hash,
however the current code also included colons. This allows a specically
crafted userinfo to bypass name constraints host checks. Additionally, IPv6
literals may only be specified when enclosed with square brackets, which is
not enforced.
Rewrite parts of the host and IP parsing code to be more strict, fixing
both of these issues in the process.
Thanks to Jack Lloyd for reporting the userinfo bypass.
ok tb@
rearrange databases/redis into databases/redis/bsd (currently still 6.2.22)
and databases/redis/main (8.x; AGPL and other restrictive licenses).
main/ unlinked for now, due to tests failing (every time, but usually in
different places) with "Executing test client: couldn't open socket:
address already in use."
Handle allocation failure and track correct mbuf length in IPComp.
In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
not checked. The mbuf chain could be too short, but the expected
length is returned as result. Then ipcomp_input() will not set
m->m_pkthdr.len to the actual length of the mbuf chain. This only
affects decompression, other cases do not need additional memory
for enlarging.
from bluhm@; OK deraadt@
IPComp decompression must not overflow mbuf cluster.
Check after decompressing an IPComp packet, that the content fits
into a mbuf cluster. m_copyback() assumes that it can allocate a
single mbuf cluster to enlarge the mbuf chain. That means the
decompressed data must not exceed MAXMCLBYTES. Prevent panic:
m_clget: request for 67948 byte cluster.
from bluhm@; reported by Homura Akemi, SecBuddyF, Tencent KeenLab; OK mvs@
IPsec AH must contain replay counter.
Before reading the replay counter from packet header in ah_input(),
[10 lines not shown]
Handle allocation failure and track correct mbuf length in IPComp.
In swcr_compdec() m_copyback(M_NOWAIT) may fail, but the error is
not checked. The mbuf chain could be too short, but the expected
length is returned as result. Then ipcomp_input() will not set
m->m_pkthdr.len to the actual length of the mbuf chain. This only
affects decompression, other cases do not need additional memory
for enlarging.
from bluhm@; OK deraadt@
IPComp decompression must not overflow mbuf cluster.
Check after decompressing an IPComp packet, that the content fits
into a mbuf cluster. m_copyback() assumes that it can allocate a
single mbuf cluster to enlarge the mbuf chain. That means the
decompressed data must not exceed MAXMCLBYTES. Prevent panic:
m_clget: request for 67948 byte cluster.
from bluhm@; reported by Homura Akemi, SecBuddyF, Tencent KeenLab; OK mvs@
IPsec AH must contain replay counter.
Before reading the replay counter from packet header in ah_input(),
[10 lines not shown]
Run monitor exabgp session on new IP 10.12.57.5.
10.12.57.2 is used in test1 and since exabgp retries immediatly the
idleHoldTime of that peer goes up quickly and blocks further connects.
Before this worked since bgpd sent the notification and the error count
was not increased and with this immediate retries were possible.