Opened 5 weeks ago

Closed 4 weeks ago

Last modified 4 weeks ago

#15047 closed enhancement (fixed)

rxvt-unicode-9.26

Reported by: Douglas R. Reno Owned by: Bruce Dubbs
Priority: elevated Milestone: 10.2
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version

Change History (4)

comment:1 by Bruce Dubbs, 5 weeks ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Bruce Dubbs, 4 weeks ago

9.26 Fri May 14 19:14:14 CEST 2021

  • ev_iouring.c was wrongly required during compilation, and wrongly not packaged.

9.25 Fri May 14 15:51:36 CEST 2021

  • for the 17.5th anniversary, and because many distributions seem to remove rxvt in favour of urxvt, this release resurrects rclock as urclock.
  • add support for systemd socket-based activation
  • do not destruct perl on exit anymore: this might fail for a variety of reasons, and takes unneccessary time.
    • remove any macros from urxvtperl manpage(s)
  • the old bg image resources are now provided by the background extension, and perl is thus required for bg image support. No configuration change is needed: urxvt autoloads the background ext if any bg image resource/option is present (for OSC sequences to work you need to enable it explicity). The old bg image resources are also now deprecated; users are encouraged to switch to the new bg image interface (see man urxvt-background).
    • confirm-paste now checks for any ctlchars, not just newlines.
    • searchable scrollback will now ignore bracketed paste mode sequences
  • drop ISO 2022 locale support. ISO 2022 encodings are not supported in POSIX locales and clash with vt100 charset emulation (the luit program can be used as a substitute).
    • perl didn't parse rgba colours specified as an array correctly, only allowing 0 and 100% intensity for each component (this affected fill and tint).
    • when iterating over resources, urxvt will now try to properly handle multipart resources (such as "*background.expr"), for the benefit of autoloading perl extensions.
    • ESC G (query rxvt graphics mode) has been disabled due to security implications. The rxvt graphics mode was removed in rxvt-unicode 1.5, and no programs relying on being able to query the mode are known.
  • work around API change breakage in perl 5.28
  • improved security: rob nation's (obsolete) graphics mode queries no longer reply with linefeed in secure/default mode.
  • ISO 8613-3 direct colour SGR sequences
  • xterm focus reporting mode
  • xterm SGR mouse mode.
  • implement DECRQM.
  • add missing color index parameter to OSC 4 response.
  • in some window managers, if smart resize was enabled, urxvt erroneously moved the window on font change
  • fix urxvtd crash when using a background expression.
  • properly restore colors when using fading and reverse video is enabled while urxvt is focused and then disabled while it is not focused, or vice versa
  • fix high memory usage when an extension repeatedly hides and shows an overlay
    • expose priv_modes member and constants to perl extensions
    • fix a whole slew of const sillyness, unfortunately forced upon us by ISO C++.
    • update to libecb 0x00010006.
    • disable all thread support in ecb.h as we presumably don't need it.
    • slightly improve Makefile source dependencies.
    • work around bugs in newer Pod::Xhtml versions (flags incorrect formatting codes in xhtml/html sections but does not interpret correct ones).

comment:3 by Bruce Dubbs, 4 weeks ago

Resolution: fixed
Status: assignedclosed
1f75d527e4 Update to libqmi-1.28.4
88d804a369 Update to rxvt-unicode-9.26
71e5226723 Update to decorator-5.0.8 (Python module)

comment:4 by Douglas R. Reno, 4 weeks ago

Priority: normalelevated

A remote code execeution exploit has been posted to oss-security for rxvt-unicode. It appears to affect 9.22, so by updating to 9.26, we should be patched against this.

This exploit can be found here (not posting here because there are several curse words): https://seclists.org/oss-sec/2021/q2/145

Note: See TracTickets for help on using tickets.