Aggregator

USN-8412-3: QEMU regression

4 days 8 hours ago
USN-8412-1 fixed vulnerabilities QEMU. On Ubuntu 20.04 LTS, the fix for CVE-2024-4467 was incomplete and prevented the creation of boot volumes from qcow2 images. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Felipe Franciosi, Raphael Norwitz, and Peter Turschmid discovered that the iSCSI block driver in QEMU incorrectly handled certain responses from an iSCSI server. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-1711) It was discovered that the iSCSI block driver in QEMU incorrectly handled certain memory operations, leading to a heap-based buffer over-read. An attacker could possibly use this issue to expose sensitive information from the host. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-11947) Ziming Zhang discovered that the SM501 display driver in QEMU contained an integer overflow. A local attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-12829) Gaoning Pan and Xingwei Li discovered that the USB xHCI controller implementation in QEMU contained an infinite loop. An attacker inside the guest could possibly use this issue to cause QEMU to hang, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2020-14394) Lei Sun discovered that QEMU incorrectly handled certain MemoryRegionOps objects, leading to a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2020-15469) Alexander Bulekov discovered that the e1000e network device implementation in QEMU contained a use-after-free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-15859) Ziming Zhang discovered that the XGMAC Ethernet controller in QEMU contained a buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-15863) Alexander Bulekov discovered that the SDHCI device emulation in QEMU contained a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-17380) Sergej Schumilo, Cornelius Aschermann, and Simon Wörner discovered that the USB xHCI controller implementation in QEMU did not check a return value, leading to a use-after-free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25084) Gaoning Pan, Yongkang Jia, and Yi Ren discovered that the USB OHCI controller implementation in QEMU contained a stack-based buffer over- read. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25624) It was discovered that the USB OHCI controller implementation in QEMU contained an infinite loop. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25625) Cheolwoo Myung discovered that the USB EHCI emulation in QEMU did not handle DMA memory map failures, leading to a reachable assertion. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-25723) Gaoning Pan discovered that the network device emulation in QEMU could be made to trigger an assertion failure when processing packets that lacked a valid layer 3 protocol. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-27617) Wenxiang Qian discovered that the ATAPI emulation in QEMU did not properly validate a buffer index, leading to an out-of-bounds read. An attacker inside the guest could possibly use this issue to expose sensitive information or cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. (CVE-2020-29443) Cheolwoo Myung discovered that the ESP SCSI emulation in QEMU contained a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2020-35504) Cheolwoo Myung discovered that the am53c974 SCSI host bus adapter emulation in QEMU contained a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2020-35505) It was discovered that the SDHCI controller emulation in QEMU contained out-of-bounds read and write issues. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3409) It was discovered that several network device emulations in QEMU contained an infinite loop when operating in loopback mode. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3416) Alexander Bulekov discovered that the floppy disk emulation in QEMU contained a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to expose sensitive information or cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3507) Remy Noel discovered that the USB redirector device emulation in QEMU performed an unbounded stack allocation when combining USB packets. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-3527) It was discovered that the QXL display device emulation in QEMU contained an integer overflow, leading to a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-4206) It was discovered that the QXL display device emulation in QEMU performed a double fetch of guest-controlled values, leading to a heap-based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-4207) It was discovered that the 9pfs server implementation in QEMU contained a race condition, leading to a use-after-free. A malicious 9p client could possibly use this issue to escalate privileges. This issue only affected Ubuntu 14.04 LTS. (CVE-2021-20181) Gaoning Pan discovered that the floppy disk emulation in QEMU contained a NULL pointer dereference. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20196) Gaoning Pan discovered that the vmxnet3 network device emulation in QEMU contained an integer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20203) It was discovered that the ARM Generic Interrupt Controller emulation in QEMU contained an out-of-bounds heap access. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20221) Alexander Bulekov, Cheolwoo Myung, Sergej Schumilo, Cornelius Aschermann, and Simon Wörner discovered that the e1000 network device emulation in QEMU contained an infinite loop. An attacker inside the guest could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. (CVE-2021-20257) It was discovered that the 9p passthrough file system implementation in QEMU did not prevent opening special files on the host. A malicious guest could possibly use this issue to escape the exported 9p tree. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-2861) It was discovered that the virtio crypto device emulation in QEMU did not properly validate certain buffer lengths, leading to a heap buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-3180) It was discovered that the built-in VNC server in QEMU contained a NULL pointer dereference when cleaning up a connection that failed during the handshake. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. (CVE-2023-3354) It was discovered that QEMU could incorrectly direct a guest I/O operation to disk offset 0 instead of the intended offset. An attacker inside the guest could possibly use this issue to read or overwrite sensitive data, potentially gaining control of the host. This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. (CVE-2023-5088) It was discovered that several virtio device emulations in QEMU did not properly guard against DMA reentrancy, leading to a double free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-3446) It was discovered that the SDHCI device emulation in QEMU contained a heap- based buffer overflow. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-3447) It was discovered that the QEMU disk image utility (qemu-img) did not properly handle certain crafted image files. An attacker could possibly use this issue to cause qemu-img to consume excessive resources or access an unintended external file, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2024-4467) Cyrille Chatras discovered that the LSI53C895A SCSI Host Bus Adapter emulation in QEMU contained a use-after-free. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2024-6519) It was discovered that the NBD server in QEMU contained an improper synchronization issue during socket closure. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-7409) It was discovered that the USB emulation in QEMU contained a reachable assertion. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. (CVE-2024-8354) It was discovered that QEMU incorrectly handled resources during the VNC WebSocket handshake, leading to a use-after-free. A remote attacker could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-11234) It was discovered that QEMU could be made to read out of bounds when reading VMDK images. An attacker could possibly use this issue to expose sensitive information or cause QEMU to crash, resulting in a denial of service. (CVE-2026-2243)

tmux-3.7-3.fc43

4 days 11 hours ago
FEDORA-2026-5060f8da27 Packages in this update:
  • tmux-3.7-3.fc43
Update description:

update to 3.7, remove upstreamed patch

Upstream ChangeLog: https://raw.githubusercontent.com/tmux/tmux/3.7/CHANGES

CHANGES FROM 3.6b TO 3.7

Add floating panes. These are panes which sit above the layout ("tiled panes") like popups but unlike popups are not modal and behave like panes (so the same escape sequence support). Floating panes are created with the new-pane command, bound to * by default. This is an early release of this feature and they are relatively limited. Currently floating panes can only be moved and resized using the mouse. The default second status line (if status-format is set to 2) has changed to show a list of panes. Many obvious features are not yet available for floating panes (notably the ability to swap floating panes, resize them using resize-pane, change them between floating and tiles, and restore custom layouts with floating panes).

Mostly written by Michael Grant with help from Dane Jensen; testing and fixes from others.

Allow run-shell arguments after a shell command to be expanded as #{1}, #{2} and so on (from Rasmus Thystrup Karstensen in issue 5121).

Add -g to kill-session to kill all sessions in a session group (issue 5157 from github at jiku dot jp).

Tighten up read-only checks on attach-session, detach-client and switch-client so that a user should be able to only detach their own client (reported by John Walker).

Increase escape delay if the buffer contains a partial paste end, fixes issues with at least Windows Terminal (from jing dot empty at gmail.com issue 5088).

When mode-keys is set to vi, do not allow the cursor to go into the invisible extra cell to the right of the visible text; this is closer to what vi(1) does (from Max Vim in issue 5070).

Add a five second limit on pasting for terminals which mysteriously lose the end sequence if the paste is too big (that is, Terminal.app) (reported by Garri Djavadyan in issue 4527).

Show file open errors more sensibly (reported by Meriel Luna Mittelbach in issue 5081).

Update supported features list for Foot terminal (from Meriel Luna Mittelbach in issue 5079).

Turn off the "is this a paste" guessing if the terminal supports bracket pasting instead (issue 5031).

Check FIONREAD for all panes not just piped panes.

Add emacs-style recentre-top-bottom command to copy mode (issue 5053 from sinyax75 at gmail dot com).

Allow the indicator in tree mode to be customized by two new options: tree-mode-preview-format and tree-mode-preview-style.

Fix control client hang on exit after toggling no-output (issue 5049 from Aaron Campbell). Also various other control mode fixes.

Add support for line numbers in copy mode. There is a new copy-mode-line-numbers option which may be set to off, default (tmux's normal line numbering where 0 is the top visible line), absolute (first line in history is 1), relative (relative to the cursor) and hybrid (current line is absolute, others relative). Also adds copy-mode-line-number-style and copy-mode-current-line-number-style to set the style of the line numbers. When copy mode is entered with the mouse, line numbers stay off. From Leo Henon in issue 5025.

Make C-[ have the same bindings as Escape for terminals with extended keys where they are different (issue 5035 from Eric Nicolas).

Sanitize paste buffer names in paste_set and paste_rename (issue 5032 from Barrett Ruth).

Do not hang in run-shell when job_run fails (from Barrett Ruth in issue 5037).

Add ability to forward progress bar to outside terminal (issue 4972 from Eric Dorland).

Translate keypad keys to text in prompt input (from Barrett Ruth in issue 4996).

Sanitize pane titles and window and session names more consistently and strictly, prevents C0 characters and other invisible characters causing problems (reported by Chris Monardo in issue 4999).

Make clock visible on terminals without colours (from Manuel Einfalt in issue 5001).

Add detach to default session menu (suggested by Przemyslaw Sztoch).

Include window format variables for pane notifications (issue 5007 from Saul Nogueras).

Limit precision to 100 for formats to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. Also various other similar changes, mostly found by OSS-Fuzz.

Add WAYLAND_DISPLAY to default update-environment (issue 4965). Also some additional XDG_* variables (issue 5169).

Add -C flag to command-prompt to match display-message -C (do not freeze panes) (from Barrett Ruth in issue 4978).

Cache user from getpwuid because it can be very expensive on some platforms (from Ben Maurer in issue 4973).

Add remain-on-exit key to keep pane around until a key is pressed (from Michael Grant).

Add some new mouse ranges called "control0" to "control9" and use to add some mouse controls to the pane state line (from Dane Jensen with some bits from Michael Grant).

Handle OSC 9;4 progress bar sequence and store in format variables (from Eric Dorland in issue 4954).

Correctly size buffer used for parsing clipboard sequences (from Michal Majchrowicz).

Limit MSG_COMMAND argument to between 0 and 1000 to prevent a misbehaving client from crashing the server (from Michal Majchrowicz).

Reorganize host keys are represented internally so they can be built more easily (from Dane Jensen in issue 4953).

Add new fuzzers for command parsing, formats and styles (from David Korczynski in issue 4957). Also fix various issues shown from these.

Add bracket_paste_flag format flag (from George Nachman in issue 4951).

Use - for hyphens in tmux.1 to cause newer groff versions to render them correctly (from Keith Thompson in issue 4948).

Various minor code improvements and fixes from Pavel Lavrukhin (issue 4936 and others).

Use window options for cursor-style to avoid crash when no pane (from Arden Packeer in issue 4942).

Fix issue where popup window gets overwritten by background updates (from Conor Taylor in issue 4920).

Protect against overflow when scrollbar is off screen (from san65384 at gmail dot com in issue 4933).

Copy hyperlinks when redrawing popup so they do not vanish (from Antoine Gaudreau Simard in issue 4925).

Work around systemd killing panes early during system shutdown by creating dependencies from the panes to the service which started tmux (issue 4926 from Dmitry Torokhov).

Allow codepoint-widths to accept ranges (from san65384 at gmail dot com in issue 4930).

Add a short builtin help text for each mode accessible with C-h (based on code from Patrick Motard in issue 4751).

Draw message as one format, allowing prompts and messages to occupy only a portion of the status bar, overlaying the normal status content rather than replacing the entire line. A new message-format option now controls the entire message (like status-format). The message-style option now need to include "fill" in order to cover the whole width (the default has "fill=yellow"). From Conor Taylor in issue 4861.

Add next/previous variables for windows in W: loop (from Conor Taylor in issue 4856).

Various bug and memory leak fixes from Renaud Allard (issue 4916).

Add pane_pipe_pid with pipe file descriptor.

Make -c work with new-session -A (from Jody Frankowski in issue 4906).

Allow copy mode to work for readonly clients, except for copy commands (from Dane Jensen).

Pass paste buffer through vis(3) when pasting to prevent buffers containing for example the bracket end sequence causing issues, a new -S flag disables (reported by Mason Davis).

Add sorting (-O flag) and a custom format (-F) to list-keys (from Dane Jensen in issue 4845).

Add scroll-exit-on, scroll-exit-off, scroll-exit-toggle commands to copy mode (from xcdnlgd at hotmail dot com in issue 4884).

Respond to DECRQM 2026 (from David Turnbull in issue 4887) and various others (from Ayman Bagabas in issue 5118).

Fix various memory leaks reported by Huihui Huang (issue 4872).

Pass which clipboard is set through to the terminal (from Axel Lindskog in issue 4858).

Reuse extended entry when clearing RGB cell, to prevent memory growth when cells are repeatedly cleared (from Michael K Darling in issue 4862).

Do not write before buffer when parsing empty clipboard or palette replies, or try to allocate zero bytes with an empty clipboard sequence (reported by DongHan Kim).

Various bug fixes and code improvements from Conor Taylor (issue 4848).

Clear search counts when clearing marks in case of repeated search (reported by Daniel Pereira in issue 4817).

Make OSC 52 work in popups (from gogongxt at 163 dot com in issue 4797).

Refresh copy mode when style changes (from Josh Cooper in issue 4830).

Make sorting code common and add -O for sorting to the list commands (from Dane Jensen in issue 4813).

Do not treat cells as empty unless the background colour stays the same, fixes invisible clock in clock mode (reported by Theo Buehler).

When history-limit is changed, apply to existing panes, not just new ones (issue 4705).

Reevaluate menu and popup styles on each draw to allow them to change when options change (from Josh Cooper in issues 4828 and 4829).

Handle theme keys earlier so they are processed even if a popup is open (from Josh Cooper in issue 4827).

Fix window-size=latest not resizing on switch-client in session groups (from Ilya Grigoriev in issue 4818).

Add -e flag to command-prompt to close if empty (from Dane Jensen in issue 4812).

Correctly draw indicators when pane-border-indicators is set to both (reported by Ilya Grigoriev in issue 4780).

Remember last pane or type of location for double and triple clicks and correctly handle it changes between first and second or second and third (issue 47

tmux-3.7-2.fc44

4 days 11 hours ago
FEDORA-2026-20eaa64d75 Packages in this update:
  • tmux-3.7-2.fc44
Update description:

update to 3.7, remove upstreamed patch

Upstream ChangeLog: https://raw.githubusercontent.com/tmux/tmux/3.7/CHANGES

CHANGES FROM 3.6b TO 3.7

Add floating panes. These are panes which sit above the layout ("tiled panes") like popups but unlike popups are not modal and behave like panes (so the same escape sequence support). Floating panes are created with the new-pane command, bound to * by default. This is an early release of this feature and they are relatively limited. Currently floating panes can only be moved and resized using the mouse. The default second status line (if status-format is set to 2) has changed to show a list of panes. Many obvious features are not yet available for floating panes (notably the ability to swap floating panes, resize them using resize-pane, change them between floating and tiles, and restore custom layouts with floating panes).

Mostly written by Michael Grant with help from Dane Jensen; testing and fixes from others.

Allow run-shell arguments after a shell command to be expanded as #{1}, #{2} and so on (from Rasmus Thystrup Karstensen in issue 5121).

Add -g to kill-session to kill all sessions in a session group (issue 5157 from github at jiku dot jp).

Tighten up read-only checks on attach-session, detach-client and switch-client so that a user should be able to only detach their own client (reported by John Walker).

Increase escape delay if the buffer contains a partial paste end, fixes issues with at least Windows Terminal (from jing dot empty at gmail.com issue 5088).

When mode-keys is set to vi, do not allow the cursor to go into the invisible extra cell to the right of the visible text; this is closer to what vi(1) does (from Max Vim in issue 5070).

Add a five second limit on pasting for terminals which mysteriously lose the end sequence if the paste is too big (that is, Terminal.app) (reported by Garri Djavadyan in issue 4527).

Show file open errors more sensibly (reported by Meriel Luna Mittelbach in issue 5081).

Update supported features list for Foot terminal (from Meriel Luna Mittelbach in issue 5079).

Turn off the "is this a paste" guessing if the terminal supports bracket pasting instead (issue 5031).

Check FIONREAD for all panes not just piped panes.

Add emacs-style recentre-top-bottom command to copy mode (issue 5053 from sinyax75 at gmail dot com).

Allow the indicator in tree mode to be customized by two new options: tree-mode-preview-format and tree-mode-preview-style.

Fix control client hang on exit after toggling no-output (issue 5049 from Aaron Campbell). Also various other control mode fixes.

Add support for line numbers in copy mode. There is a new copy-mode-line-numbers option which may be set to off, default (tmux's normal line numbering where 0 is the top visible line), absolute (first line in history is 1), relative (relative to the cursor) and hybrid (current line is absolute, others relative). Also adds copy-mode-line-number-style and copy-mode-current-line-number-style to set the style of the line numbers. When copy mode is entered with the mouse, line numbers stay off. From Leo Henon in issue 5025.

Make C-[ have the same bindings as Escape for terminals with extended keys where they are different (issue 5035 from Eric Nicolas).

Sanitize paste buffer names in paste_set and paste_rename (issue 5032 from Barrett Ruth).

Do not hang in run-shell when job_run fails (from Barrett Ruth in issue 5037).

Add ability to forward progress bar to outside terminal (issue 4972 from Eric Dorland).

Translate keypad keys to text in prompt input (from Barrett Ruth in issue 4996).

Sanitize pane titles and window and session names more consistently and strictly, prevents C0 characters and other invisible characters causing problems (reported by Chris Monardo in issue 4999).

Make clock visible on terminals without colours (from Manuel Einfalt in issue 5001).

Add detach to default session menu (suggested by Przemyslaw Sztoch).

Include window format variables for pane notifications (issue 5007 from Saul Nogueras).

Limit precision to 100 for formats to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. Also various other similar changes, mostly found by OSS-Fuzz.

Add WAYLAND_DISPLAY to default update-environment (issue 4965). Also some additional XDG_* variables (issue 5169).

Add -C flag to command-prompt to match display-message -C (do not freeze panes) (from Barrett Ruth in issue 4978).

Cache user from getpwuid because it can be very expensive on some platforms (from Ben Maurer in issue 4973).

Add remain-on-exit key to keep pane around until a key is pressed (from Michael Grant).

Add some new mouse ranges called "control0" to "control9" and use to add some mouse controls to the pane state line (from Dane Jensen with some bits from Michael Grant).

Handle OSC 9;4 progress bar sequence and store in format variables (from Eric Dorland in issue 4954).

Correctly size buffer used for parsing clipboard sequences (from Michal Majchrowicz).

Limit MSG_COMMAND argument to between 0 and 1000 to prevent a misbehaving client from crashing the server (from Michal Majchrowicz).

Reorganize host keys are represented internally so they can be built more easily (from Dane Jensen in issue 4953).

Add new fuzzers for command parsing, formats and styles (from David Korczynski in issue 4957). Also fix various issues shown from these.

Add bracket_paste_flag format flag (from George Nachman in issue 4951).

Use - for hyphens in tmux.1 to cause newer groff versions to render them correctly (from Keith Thompson in issue 4948).

Various minor code improvements and fixes from Pavel Lavrukhin (issue 4936 and others).

Use window options for cursor-style to avoid crash when no pane (from Arden Packeer in issue 4942).

Fix issue where popup window gets overwritten by background updates (from Conor Taylor in issue 4920).

Protect against overflow when scrollbar is off screen (from san65384 at gmail dot com in issue 4933).

Copy hyperlinks when redrawing popup so they do not vanish (from Antoine Gaudreau Simard in issue 4925).

Work around systemd killing panes early during system shutdown by creating dependencies from the panes to the service which started tmux (issue 4926 from Dmitry Torokhov).

Allow codepoint-widths to accept ranges (from san65384 at gmail dot com in issue 4930).

Add a short builtin help text for each mode accessible with C-h (based on code from Patrick Motard in issue 4751).

Draw message as one format, allowing prompts and messages to occupy only a portion of the status bar, overlaying the normal status content rather than replacing the entire line. A new message-format option now controls the entire message (like status-format). The message-style option now need to include "fill" in order to cover the whole width (the default has "fill=yellow"). From Conor Taylor in issue 4861.

Add next/previous variables for windows in W: loop (from Conor Taylor in issue 4856).

Various bug and memory leak fixes from Renaud Allard (issue 4916).

Add pane_pipe_pid with pipe file descriptor.

Make -c work with new-session -A (from Jody Frankowski in issue 4906).

Allow copy mode to work for readonly clients, except for copy commands (from Dane Jensen).

Pass paste buffer through vis(3) when pasting to prevent buffers containing for example the bracket end sequence causing issues, a new -S flag disables (reported by Mason Davis).

Add sorting (-O flag) and a custom format (-F) to list-keys (from Dane Jensen in issue 4845).

Add scroll-exit-on, scroll-exit-off, scroll-exit-toggle commands to copy mode (from xcdnlgd at hotmail dot com in issue 4884).

Respond to DECRQM 2026 (from David Turnbull in issue 4887) and various others (from Ayman Bagabas in issue 5118).

Fix various memory leaks reported by Huihui Huang (issue 4872).

Pass which clipboard is set through to the terminal (from Axel Lindskog in issue 4858).

Reuse extended entry when clearing RGB cell, to prevent memory growth when cells are repeatedly cleared (from Michael K Darling in issue 4862).

Do not write before buffer when parsing empty clipboard or palette replies, or try to allocate zero bytes with an empty clipboard sequence (reported by DongHan Kim).

Various bug fixes and code improvements from Conor Taylor (issue 4848).

Clear search counts when clearing marks in case of repeated search (reported by Daniel Pereira in issue 4817).

Make OSC 52 work in popups (from gogongxt at 163 dot com in issue 4797).

Refresh copy mode when style changes (from Josh Cooper in issue 4830).

Make sorting code common and add -O for sorting to the list commands (from Dane Jensen in issue 4813).

Do not treat cells as empty unless the background colour stays the same, fixes invisible clock in clock mode (reported by Theo Buehler).

When history-limit is changed, apply to existing panes, not just new ones (issue 4705).

Reevaluate menu and popup styles on each draw to allow them to change when options change (from Josh Cooper in issues 4828 and 4829).

Handle theme keys earlier so they are processed even if a popup is open (from Josh Cooper in issue 4827).

Fix window-size=latest not resizing on switch-client in session groups (from Ilya Grigoriev in issue 4818).

Add -e flag to command-prompt to close if empty (from Dane Jensen in issue 4812).

Correctly draw indicators when pane-border-indicators is set to both (reported by Ilya Grigoriev in issue 4780).

Remember last pane or type of location for double and triple clicks and correctly handle it changes between first and second or second and third (issue 47

tmux-3.7-1.fc44

4 days 12 hours ago
FEDORA-2026-b53112053c Packages in this update:
  • tmux-3.7-1.fc44
Update description:

update to 3.7, remove upstreamed patch, handle tmux@service

Upstream ChangeLog: https://raw.githubusercontent.com/tmux/tmux/3.7/CHANGES

CHANGES FROM 3.6b TO 3.7

  • Add floating panes. These are panes which sit above the layout ("tiled panes") like popups but unlike popups are not modal and behave like panes (so the same escape sequence support). Floating panes are created with the new-pane command, bound to * by default.

This is an early release of this feature and they are relatively limited. Currently floating panes can only be moved and resized using the mouse. The default second status line (if status-format is set to 2) has changed to show a list of panes. Many obvious features are not yet available for floating panes (notably the ability to swap floating panes, resize them using resize-pane, change them between floating and tiles, and restore custom layouts with floating panes).

Mostly written by Michael Grant with help from Dane Jensen; testing and fixes from others.

  • Allow run-shell arguments after a shell command to be expanded as #{1}, #{2} and so on (from Rasmus Thystrup Karstensen in issue 5121).

  • Add -g to kill-session to kill all sessions in a session group (issue 5157 from github at jiku dot jp).

  • Tighten up read-only checks on attach-session, detach-client and switch-client so that a user should be able to only detach their own client (reported by John Walker).

  • Increase escape delay if the buffer contains a partial paste end, fixes issues with at least Windows Terminal (from jing dot empty at gmail.com issue 5088).

  • When mode-keys is set to vi, do not allow the cursor to go into the invisible extra cell to the right of the visible text; this is closer to what vi(1) does (from Max Vim in issue 5070).

  • Add a five second limit on pasting for terminals which mysteriously lose the end sequence if the paste is too big (that is, Terminal.app) (reported by Garri Djavadyan in issue 4527).

  • Show file open errors more sensibly (reported by Meriel Luna Mittelbach in issue 5081).

  • Update supported features list for Foot terminal (from Meriel Luna Mittelbach in issue 5079).

  • Turn off the "is this a paste" guessing if the terminal supports bracket pasting instead (issue 5031).

  • Check FIONREAD for all panes not just piped panes.

  • Add emacs-style recentre-top-bottom command to copy mode (issue 5053 from sinyax75 at gmail dot com).

  • Allow the indicator in tree mode to be customized by two new options: tree-mode-preview-format and tree-mode-preview-style.

  • Fix control client hang on exit after toggling no-output (issue 5049 from Aaron Campbell). Also various other control mode fixes.

  • Add support for line numbers in copy mode. There is a new copy-mode-line-numbers option which may be set to off, default (tmux's normal line numbering where 0 is the top visible line), absolute (first line in history is 1), relative (relative to the cursor) and hybrid (current line is absolute, others relative). Also adds copy-mode-line-number-style and copy-mode-current-line-number-style to set the style of the line numbers. When copy mode is entered with the mouse, line numbers stay off. From Leo Henon in issue 5025.

  • Make C-[ have the same bindings as Escape for terminals with extended keys where they are different (issue 5035 from Eric Nicolas).

  • Sanitize paste buffer names in paste_set and paste_rename (issue 5032 from Barrett Ruth).

  • Do not hang in run-shell when job_run fails (from Barrett Ruth in issue 5037).

  • Add ability to forward progress bar to outside terminal (issue 4972 from Eric Dorland).

  • Translate keypad keys to text in prompt input (from Barrett Ruth in issue 4996).

  • Sanitize pane titles and window and session names more consistently and strictly, prevents C0 characters and other invisible characters causing problems (reported by Chris Monardo in issue 4999).

  • Make clock visible on terminals without colours (from Manuel Einfalt in issue 5001).

  • Add detach to default session menu (suggested by Przemyslaw Sztoch).

  • Include window format variables for pane notifications (issue 5007 from Saul Nogueras).

  • Limit precision to 100 for formats to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. Also various other similar changes, mostly found by OSS-Fuzz.

  • Add WAYLAND_DISPLAY to default update-environment (issue 4965). Also some additional XDG_* variables (issue 5169).

  • Add -C flag to command-prompt to match display-message -C (do not freeze panes) (from Barrett Ruth in issue 4978).

  • Cache user from getpwuid because it can be very expensive on some platforms (from Ben Maurer in issue 4973).

  • Add remain-on-exit key to keep pane around until a key is pressed (from Michael Grant).

  • Add some new mouse ranges called "control0" to "control9" and use to add some mouse controls to the pane state line (from Dane Jensen with some bits from Michael Grant).

  • Handle OSC 9;4 progress bar sequence and store in format variables (from Eric Dorland in issue 4954).

  • Correctly size buffer used for parsing clipboard sequences (from Michal Majchrowicz).

  • Limit MSG_COMMAND argument to between 0 and 1000 to prevent a misbehaving client from crashing the server (from Michal Majchrowicz).

  • Reorganize host keys are represented internally so they can be built more easily (from Dane Jensen in issue 4953).

  • Add new fuzzers for command parsing, formats and styles (from David Korczynski in issue 4957). Also fix various issues shown from these.

  • Add bracket_paste_flag format flag (from George Nachman in issue 4951).

  • Use - for hyphens in tmux.1 to cause newer groff versions to render them correctly (from Keith Thompson in issue 4948).

  • Various minor code improvements and fixes from Pavel Lavrukhin (issue 4936 and others).

  • Use window options for cursor-style to avoid crash when no pane (from Arden Packeer in issue 4942).

  • Fix issue where popup window gets overwritten by background updates (from Conor Taylor in issue 4920).

  • Protect against overflow when scrollbar is off screen (from san65384 at gmail dot com in issue 4933).

  • Copy hyperlinks when redrawing popup so they do not vanish (from Antoine Gaudreau Simard in issue 4925).

  • Work around systemd killing panes early during system shutdown by creating dependencies from the panes to the service which started tmux (issue 4926 from Dmitry Torokhov).

  • Allow codepoint-widths to accept ranges (from san65384 at gmail dot com in issue 4930).

  • Add a short builtin help text for each mode accessible with C-h (based on code from Patrick Motard in issue 4751).

  • Draw message as one format, allowing prompts and messages to occupy only a portion of the status bar, overlaying the normal status content rather than replacing the entire line. A new message-format option now controls the entire message (like status-format). The message-style option now need to include "fill" in order to cover the whole width (the default has "fill=yellow"). From Conor Taylor in issue 4861.

  • Add next/previous variables for windows in W: loop (from Conor Taylor in issue 4856).

  • Various bug and memory leak fixes from Renaud Allard (issue 4916).

  • Add pane_pipe_pid with pipe file descriptor.

  • Make -c work with new-session -A (from Jody Frankowski in issue 4906).

  • Allow copy mode to work for readonly clients, except for copy commands (from Dane Jensen).

  • Pass paste buffer through vis(3) when pasting to prevent buffers containing for example the bracket end sequence causing issues, a new -S flag disables (reported by Mason Davis).

  • Add sorting (-O flag) and a custom format (-F) to list-keys (from Dane Jensen in issue 4845).

  • Add scroll-exit-on, scroll-exit-off, scroll-exit-toggle commands to copy mode (from xcdnlgd at hotmail dot com in issue 4884).

  • Respond to DECRQM 2026 (from David Turnbull in issue 4887) and various others (from Ayman Bagabas in issue 5118).

  • Fix various memory leaks reported by Huihui Huang (issue 4872).

  • Pass which clipboard is set through to the terminal (from Axel Lindskog in issue 4858).

  • Reuse extended entry when clearing RGB cell, to prevent memory growth when cells are repeatedly cleared (from Michael K Darling in issue 4862).

  • Do not write before buffer when parsing empty clipboard or palette replies, or try to allocate zero bytes with an empty clipboard sequence (reported by DongHan Kim).

  • Various bug fixes and code improvements from Conor Taylor (issue 4848).

  • Clear search counts when clearing marks in case of repeated search (reported by Daniel Pereira in issue 4817).

  • Make OSC 52 work in popups (from gogongxt at 163 dot com in issue 4797).

  • Refresh copy mode when style changes (from Josh Cooper in issue 4830).

  • Make sorting code common and add -O for sorting to the list commands (from Dane Jensen in issue 4813).

  • Do not treat cells as empty unless the background colour stays the same, fixes invisible clock in clock mode (reported by Theo Buehler).

  • When history-limit is changed, apply to existing panes, not just new ones (issue 4705).

  • Reevaluate menu and popup styles on each draw to allow them to change when options change (from Josh Cooper in issues 4828 and 4829).

  • Handle theme keys earlier so they are processed even if a popup is open (from Josh Cooper in issue 4827).

  • Fix window-size=latest not resizing on switch-client in session groups (from Ilya Grigoriev in issue 4818).

  • Add -e flag to command-prompt to close if empty (from Dane Jensen in issue 4812).

  • Correctly draw indicators when pane-border-indicators is set to both (reported by Ilya Grigoriev in issue 4780).

  • Remember last pane or type of location for double and triple clicks and correctly handle it changes between first and second or second and third (issue 47

tmux-3.7-2.fc43

4 days 12 hours ago
FEDORA-2026-97e03de9c2 Packages in this update:
  • tmux-3.7-2.fc43
Update description:

update to 3.7, remove upstreamed patch, handle tmux@service

Upstream ChangeLog: https://raw.githubusercontent.com/tmux/tmux/3.7/CHANGES

CHANGES FROM 3.6b TO 3.7

  • Add floating panes. These are panes which sit above the layout ("tiled panes") like popups but unlike popups are not modal and behave like panes (so the same escape sequence support). Floating panes are created with the new-pane command, bound to * by default.

This is an early release of this feature and they are relatively limited. Currently floating panes can only be moved and resized using the mouse. The default second status line (if status-format is set to 2) has changed to show a list of panes. Many obvious features are not yet available for floating panes (notably the ability to swap floating panes, resize them using resize-pane, change them between floating and tiles, and restore custom layouts with floating panes).

Mostly written by Michael Grant with help from Dane Jensen; testing and fixes from others.

  • Allow run-shell arguments after a shell command to be expanded as #{1}, #{2} and so on (from Rasmus Thystrup Karstensen in issue 5121).

  • Add -g to kill-session to kill all sessions in a session group (issue 5157 from github at jiku dot jp).

  • Tighten up read-only checks on attach-session, detach-client and switch-client so that a user should be able to only detach their own client (reported by John Walker).

  • Increase escape delay if the buffer contains a partial paste end, fixes issues with at least Windows Terminal (from jing dot empty at gmail.com issue 5088).

  • When mode-keys is set to vi, do not allow the cursor to go into the invisible extra cell to the right of the visible text; this is closer to what vi(1) does (from Max Vim in issue 5070).

  • Add a five second limit on pasting for terminals which mysteriously lose the end sequence if the paste is too big (that is, Terminal.app) (reported by Garri Djavadyan in issue 4527).

  • Show file open errors more sensibly (reported by Meriel Luna Mittelbach in issue 5081).

  • Update supported features list for Foot terminal (from Meriel Luna Mittelbach in issue 5079).

  • Turn off the "is this a paste" guessing if the terminal supports bracket pasting instead (issue 5031).

  • Check FIONREAD for all panes not just piped panes.

  • Add emacs-style recentre-top-bottom command to copy mode (issue 5053 from sinyax75 at gmail dot com).

  • Allow the indicator in tree mode to be customized by two new options: tree-mode-preview-format and tree-mode-preview-style.

  • Fix control client hang on exit after toggling no-output (issue 5049 from Aaron Campbell). Also various other control mode fixes.

  • Add support for line numbers in copy mode. There is a new copy-mode-line-numbers option which may be set to off, default (tmux's normal line numbering where 0 is the top visible line), absolute (first line in history is 1), relative (relative to the cursor) and hybrid (current line is absolute, others relative). Also adds copy-mode-line-number-style and copy-mode-current-line-number-style to set the style of the line numbers. When copy mode is entered with the mouse, line numbers stay off. From Leo Henon in issue 5025.

  • Make C-[ have the same bindings as Escape for terminals with extended keys where they are different (issue 5035 from Eric Nicolas).

  • Sanitize paste buffer names in paste_set and paste_rename (issue 5032 from Barrett Ruth).

  • Do not hang in run-shell when job_run fails (from Barrett Ruth in issue 5037).

  • Add ability to forward progress bar to outside terminal (issue 4972 from Eric Dorland).

  • Translate keypad keys to text in prompt input (from Barrett Ruth in issue 4996).

  • Sanitize pane titles and window and session names more consistently and strictly, prevents C0 characters and other invisible characters causing problems (reported by Chris Monardo in issue 4999).

  • Make clock visible on terminals without colours (from Manuel Einfalt in issue 5001).

  • Add detach to default session menu (suggested by Przemyslaw Sztoch).

  • Include window format variables for pane notifications (issue 5007 from Saul Nogueras).

  • Limit precision to 100 for formats to stop silly formats from running out of memory, reported by z1281552865 at gmail dot com. Also various other similar changes, mostly found by OSS-Fuzz.

  • Add WAYLAND_DISPLAY to default update-environment (issue 4965). Also some additional XDG_* variables (issue 5169).

  • Add -C flag to command-prompt to match display-message -C (do not freeze panes) (from Barrett Ruth in issue 4978).

  • Cache user from getpwuid because it can be very expensive on some platforms (from Ben Maurer in issue 4973).

  • Add remain-on-exit key to keep pane around until a key is pressed (from Michael Grant).

  • Add some new mouse ranges called "control0" to "control9" and use to add some mouse controls to the pane state line (from Dane Jensen with some bits from Michael Grant).

  • Handle OSC 9;4 progress bar sequence and store in format variables (from Eric Dorland in issue 4954).

  • Correctly size buffer used for parsing clipboard sequences (from Michal Majchrowicz).

  • Limit MSG_COMMAND argument to between 0 and 1000 to prevent a misbehaving client from crashing the server (from Michal Majchrowicz).

  • Reorganize host keys are represented internally so they can be built more easily (from Dane Jensen in issue 4953).

  • Add new fuzzers for command parsing, formats and styles (from David Korczynski in issue 4957). Also fix various issues shown from these.

  • Add bracket_paste_flag format flag (from George Nachman in issue 4951).

  • Use - for hyphens in tmux.1 to cause newer groff versions to render them correctly (from Keith Thompson in issue 4948).

  • Various minor code improvements and fixes from Pavel Lavrukhin (issue 4936 and others).

  • Use window options for cursor-style to avoid crash when no pane (from Arden Packeer in issue 4942).

  • Fix issue where popup window gets overwritten by background updates (from Conor Taylor in issue 4920).

  • Protect against overflow when scrollbar is off screen (from san65384 at gmail dot com in issue 4933).

  • Copy hyperlinks when redrawing popup so they do not vanish (from Antoine Gaudreau Simard in issue 4925).

  • Work around systemd killing panes early during system shutdown by creating dependencies from the panes to the service which started tmux (issue 4926 from Dmitry Torokhov).

  • Allow codepoint-widths to accept ranges (from san65384 at gmail dot com in issue 4930).

  • Add a short builtin help text for each mode accessible with C-h (based on code from Patrick Motard in issue 4751).

  • Draw message as one format, allowing prompts and messages to occupy only a portion of the status bar, overlaying the normal status content rather than replacing the entire line. A new message-format option now controls the entire message (like status-format). The message-style option now need to include "fill" in order to cover the whole width (the default has "fill=yellow"). From Conor Taylor in issue 4861.

  • Add next/previous variables for windows in W: loop (from Conor Taylor in issue 4856).

  • Various bug and memory leak fixes from Renaud Allard (issue 4916).

  • Add pane_pipe_pid with pipe file descriptor.

  • Make -c work with new-session -A (from Jody Frankowski in issue 4906).

  • Allow copy mode to work for readonly clients, except for copy commands (from Dane Jensen).

  • Pass paste buffer through vis(3) when pasting to prevent buffers containing for example the bracket end sequence causing issues, a new -S flag disables (reported by Mason Davis).

  • Add sorting (-O flag) and a custom format (-F) to list-keys (from Dane Jensen in issue 4845).

  • Add scroll-exit-on, scroll-exit-off, scroll-exit-toggle commands to copy mode (from xcdnlgd at hotmail dot com in issue 4884).

  • Respond to DECRQM 2026 (from David Turnbull in issue 4887) and various others (from Ayman Bagabas in issue 5118).

  • Fix various memory leaks reported by Huihui Huang (issue 4872).

  • Pass which clipboard is set through to the terminal (from Axel Lindskog in issue 4858).

  • Reuse extended entry when clearing RGB cell, to prevent memory growth when cells are repeatedly cleared (from Michael K Darling in issue 4862).

  • Do not write before buffer when parsing empty clipboard or palette replies, or try to allocate zero bytes with an empty clipboard sequence (reported by DongHan Kim).

  • Various bug fixes and code improvements from Conor Taylor (issue 4848).

  • Clear search counts when clearing marks in case of repeated search (reported by Daniel Pereira in issue 4817).

  • Make OSC 52 work in popups (from gogongxt at 163 dot com in issue 4797).

  • Refresh copy mode when style changes (from Josh Cooper in issue 4830).

  • Make sorting code common and add -O for sorting to the list commands (from Dane Jensen in issue 4813).

  • Do not treat cells as empty unless the background colour stays the same, fixes invisible clock in clock mode (reported by Theo Buehler).

  • When history-limit is changed, apply to existing panes, not just new ones (issue 4705).

  • Reevaluate menu and popup styles on each draw to allow them to change when options change (from Josh Cooper in issues 4828 and 4829).

  • Handle theme keys earlier so they are processed even if a popup is open (from Josh Cooper in issue 4827).

  • Fix window-size=latest not resizing on switch-client in session groups (from Ilya Grigoriev in issue 4818).

  • Add -e flag to command-prompt to close if empty (from Dane Jensen in issue 4812).

  • Correctly draw indicators when pane-border-indicators is set to both (reported by Ilya Grigoriev in issue 4780).

  • Remember last pane or type of location for double and triple clicks and correctly handle it changes between first and second or second and third (issue 47