a/libblockdev-3.2.1-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-45.txz: Rebuilt.
/etc/default/geninitrd: Add AUTOGENERATE_INITRD variable for disabling
automatically generating the initrd when the kernel package is upgraded.
The hook to trigger this will be in the next kernel-generic package.
setup.01.mkinitrd: skip generating an initrd if we're called from the
kernel doinst.sh and AUTOGENERATE_INITRD=false.
geninitrd: Look for an override script called /usr/local/sbin/geninitrd,
not /usr/local/bin/geninitrd-custom. Thanks to GazL.
ap/mariadb-11.4.4-x86_64-2.txz: Rebuilt.
rc.mysqld: use mariadbd-safe, not mysqld_safe. Thanks to teoberi.
d/cmake-3.31.0-x86_64-1.txz: Upgraded.
l/expat-2.6.4-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fix crash within function XML_ResumeParser from a NULL pointer dereference
by disallowing function XML_StopParser to (stop or) suspend an unstarted
parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly
communicate this situation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-50602
(* Security fix *)
n/gpgme-1.24.0-x86_64-1.txz: Upgraded.
Added libqgpgmeqt6.
xap/ffmpegthumbnailer-2.2.3-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.4.2esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.4.2esr/releasenotes/
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
1d50b80cf3https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
a/hwdata-0.379-noarch-1.txz: Upgraded.
ap/inxi-3.3.33_1-noarch-1.txz: Upgraded.
ap/rpm-4.19.1.1-x86_64-1.txz: Upgraded.
kde/kstars-3.6.9-x86_64-1.txz: Upgraded.
l/enchant-2.6.5-x86_64-1.txz: Upgraded.
Reverted to non-broken version.
l/expat-2.6.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
l/orc-0.4.37-x86_64-1.txz: Upgraded.
l/pipewire-1.0.3-x86_64-2.txz: Rebuilt.
Use wireplumber-0.4.17, as the newer version's support for elogind seems to
be broken, and this prevents bluetooth from connecting properly.
Thanks to mistfire and rizitis.
x/libwacom-2.10.0-x86_64-1.txz: Upgraded.
xap/hexchat-2.16.2-x86_64-1.txz: Upgraded.
extra/xv/xv-5.0.0-x86_64-1.txz: Upgraded.
