Commit graph

3 commits

Author SHA1 Message Date
Patrick J Volkerding
767006b5b5 Fri Oct 18 22:51:09 UTC 2024
a/elilo-3.16-x86_64-17.txz:  Rebuilt.
  eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg.
ap/cups-browsed-2.1.0-x86_64-1.txz:  Upgraded.
  Removed support for legacy CUPS browsing and for LDAP
  Legacy CUPS browsing is not needed any more and, our implementation
  accepting any UDP packet on port 631, causes vulnerabilities, and
  our LDAP support is does not comly with RFC 7612 and is therefore
  limited. Fixes CVE-2024-47176 and CVE-2024-47850
  Default `BrowseRemoteProtocols` should not include `cups` protocol
  Works around CVE-2024-47176, the fix is the complete removal of
  legacy CUPS Browsing functionality.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47176
    https://www.cve.org/CVERecord?id=CVE-2024-47850
  (* Security fix *)
l/dav1d-1.5.0-x86_64-1.txz:  Upgraded.
l/gvfs-1.56.1-x86_64-1.txz:  Upgraded.
l/libcupsfilters-2.1.0-x86_64-1.txz:  Upgraded.
  `cfGetPrinterAttributes5()`: Validate response attributes before return
  The IPP print destination which we are querying can be corrupted or
  forged, so validate the response to strenghten security. Fixes
  CVE-2024-47076.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47076
  (* Security fix *)
l/libppd-2.1.0-x86_64-1.txz:  Upgraded.
  Prevent PPD generation based on invalid IPP response
  Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator,
  refactor make-and-model code, PPDize preset and template names,
  quote PPD localized strings. Fixes CVE-2024-47175.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2024-47175
  (* Security fix *)
l/python-MarkupSafe-3.0.2-x86_64-1.txz:  Upgraded.
l/python-psutil-6.1.0-x86_64-1.txz:  Upgraded.
x/fcitx5-qt-5.1.8-x86_64-1.txz:  Upgraded.
2024-10-19 01:29:44 +02:00
Patrick J Volkerding
9e8b1d12ae Wed May 22 18:57:13 UTC 2024
a/e2fsprogs-1.47.1-x86_64-1.txz:  Upgraded.
a/iniparser-4.2.2-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
a/ndctl-79-x86_64-2.txz:  Rebuilt.
  Recompiled against iniparser-4.2.2.
d/python-setuptools-70.0.0-x86_64-1.txz:  Upgraded.
kde/calligra-3.2.1-x86_64-39.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/cantor-23.08.5-x86_64-6.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/kfilemetadata-5.116.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/kile-2.9.93-x86_64-33.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/kitinerary-23.08.5-x86_64-4.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/krita-5.2.2-x86_64-9.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/okular-23.08.5-x86_64-4.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
kde/qqc2-desktop-style-5.116.1-x86_64-1.txz:  Upgraded.
l/hicolor-icon-theme-0.18-noarch-1.txz:  Upgraded.
l/libcupsfilters-2.0.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-24.05.0.
l/lmdb-0.9.33-x86_64-1.txz:  Upgraded.
l/poppler-24.05.0-x86_64-1.txz:  Upgraded.
  This seems to require C++20 now...
  Shared library .so-version bump.
l/python-requests-2.32.1-x86_64-1.txz:  Upgraded.
l/qt6-6.7.1_20240516_6977d02f-x86_64-1.txz:  Upgraded.
n/curl-8.8.0-x86_64-1.txz:  Upgraded.
n/openldap-2.6.8-x86_64-1.txz:  Upgraded.
x/xorg-server-xwayland-24.1.0-x86_64-1.txz:  Upgraded.
  Thanks to marav for the patch.
2024-05-22 22:54:38 +02:00
Patrick J Volkerding
ff95264870 Fri Apr 26 20:12:32 UTC 2024
a/kernel-firmware-20240426_fc21f47-noarch-1.txz:  Upgraded.
ap/cups-2.4.7-x86_64-3.txz:  Rebuilt.
  Rebuild using --with-rundir=/run/cups.
ap/cups-browsed-2.0.0-x86_64-1.txz:  Added.
  This is the CUPS/IPP print queue browser daemon, previously part of the
  cups-filters package.
ap/cups-filters-2.0.0-x86_64-1.txz:  Upgraded.
l/libarchive-3.7.4-x86_64-1.txz:  Upgraded.
l/libcupsfilters-2.0.0-x86_64-1.txz:  Added.
  This is required by cups-filters-2.0.0.
l/libppd-2.0.0-x86_64-1.txz:  Added.
  This is required by cups-filters-2.0.0.
l/libproxy-0.5.6-x86_64-1.txz:  Upgraded.
x/wayland-protocols-1.36-noarch-1.txz:  Upgraded.
xap/mozilla-firefox-125.0.2-x86_64-1.txz:  Upgraded.
xap/mozilla-thunderbird-125.0-x86_64-1.txz:  Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz:  Removed.
2024-04-26 23:57:49 +02:00