shared library (and other files, too) naming is very different between
python 2 and python 3 variants, this makes things harder than I would
like them to be.
Reported by: pkg-fallout
On FreeBSD sshfs does not seem to support the "-o password_stdin" option.
Work around this limitation by using security/sshpass. This should be considered
a temporary work around until a better solution is found.
With this fix sharing of files from the device should finally work.
PR: 25303
Submitted by: Stefan Rumetshofer <sterum77@gmail.com>
From https://www.kde.org/info/security/advisory-20190209-1.txt :
KDE Project Security Advisory
=============================
Title: kauth: Insecure handling of arguments in helpers
Risk Rating: Medium
CVE: CVE-2019-7443
Versions: KDE Frameworks < 5.55.0
Date: 9 February 2019
Overview
========
KAuth allows to pass parameters with arbitrary types to helpers running as root
over DBus. Certain types can cause crashes and trigger decoding arbitrary
images with dynamically loaded plugins.
Solution
========
Update to kauth >= 5.55.0
Or apply the following patch to kauth:
https://cgit.kde.org/kauth.git/commit/?id=fc70fb0161c1b9144d26389434d34dd135cd3f4a
Credits
=======
Thanks to Fabian Vogt for the report and Albert Astals Cid for the fix.
MFH: 2019Q1
Security: CVE-2019-7443
Bug fix release.
From ChangeLog: https://www.dynare.org/new-dynare-release/dynare-4.5.7-released
* The mex-file conducting the QZ decomposition erroneously applied the
qz_criterium to the square absolute value of eigenvalues instead of
the absolute value itself (as done in mjdgges.m and the AIM solver).
* In pathological cases, mode_compute=5 (newrat) might enter an infinite loop.
* discretionary_policy might erroneously state that the derivatives of the
objective function are non-zero if there are NaN present.
* Dynare++, when conducting the QZ decomposition, erroneously applied the
qz_criterium to the square absolute value of eigenvalues instead of the
absolute value itself.
* Dynare++: IRFs were incorrectly computed.
* dynare_sensitivity did not display the figures of irf_calibration, it only
stored them on the disk.
* Scatter plots generated by dynare_sensitivity did not correctly display
LaTeX names.
* Parameter updating via steady state files did not correctly work in case
of using [static]/[dynamic] equation tags.
* Memory leaks in k_order_pert (used by higher order stochastic simulations)
could lead to crashes.
* Predetermined variables were not properly set when used in model local
variables.
* Posterior moment computation did not correctly update the covariance matrix
of exogenous shocks during posterior sampling.
* Dynare was crashing with a cryptic message if a non estimated parameter was
initialized in the estimated_params_init block.
* The forecast command crashed if the model was declared as linear and
contained deterministic exogenous variables.
* Block decomposition is broken when used in conjunction with varexo_det.
* The model was not correctly specified when identification was run without
another stochastic command in the .mod file (e.g. estimation, stoch_simul, etc.).
* Realtime annualized shock decompositions added the wrong steady state value.
* mh_recover option crashed when using slice sampler.
* x-axis values in plots of moment restrictions were wrong for autocovariances.
Details:
- Introduce default OPTION PLAYLISTS
- New option PLAYLISTS depends on expat, which is in the default
package pulled in as a dependency via ffmpeg anyway
PR: 235520
Submitted by: freebsd@mosedal.net
MFH: 2019Q1
