a/kernel-firmware-20241203_06aea4d-noarch-1.txz: Upgraded.
a/kernel-generic-6.12.2-x86_64-1.txz: Upgraded.
a/shadow-4.16.0-x86_64-2.txz: Rebuilt.
d/cmake-3.31.2-x86_64-1.txz: Upgraded.
d/gdb-15.2-x86_64-3.txz: Rebuilt.
Removed files duplicated from binutils. Thanks to TommyC7 and gmgf.
d/kernel-headers-6.12.2-x86-1.txz: Upgraded.
k/kernel-source-6.12.2-noarch-1.txz: Upgraded.
l/libppd-2.1.0-x86_64-2.txz: Rebuilt.
Build without --enable-ppdc-utils. Thanks to TommyC7.
l/protobuf-29.1-x86_64-1.txz: Upgraded.
l/python-six-1.17.0-x86_64-1.txz: Upgraded.
l/sip-6.9.0-x86_64-1.txz: Upgraded.
n/postfix-3.9.1-x86_64-1.txz: Upgraded.
tcl/tcl-8.6.15-x86_64-2.txz: Rebuilt.
Rename sqlite3_analyzer to sqlite3_analyzer_tcl to avoid clobbering the ELF
binary in the sqlite package. Likewise, rename the Thread.3 man page to
Thread_tcl.3 so that we don't overwrite the one in the perl package.
Thanks to TommyC7.
x/fslsfonts-1.0.7-x86_64-1.txz: Upgraded.
x/libdrm-2.4.124-x86_64-1.txz: Upgraded.
x/libwacom-2.14.0-x86_64-1.txz: Upgraded.
x/mesa-24.3.1-x86_64-1.txz: Upgraded.
x/oclock-1.0.6-x86_64-1.txz: Upgraded.
x/transset-1.0.4-x86_64-1.txz: Upgraded.
x/xkbevd-1.1.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/elilo-3.16-x86_64-17.txz: Rebuilt.
eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg.
ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded.
Removed support for legacy CUPS browsing and for LDAP
Legacy CUPS browsing is not needed any more and, our implementation
accepting any UDP packet on port 631, causes vulnerabilities, and
our LDAP support is does not comly with RFC 7612 and is therefore
limited. Fixes CVE-2024-47176 and CVE-2024-47850
Default `BrowseRemoteProtocols` should not include `cups` protocol
Works around CVE-2024-47176, the fix is the complete removal of
legacy CUPS Browsing functionality.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176https://www.cve.org/CVERecord?id=CVE-2024-47850
(* Security fix *)
l/dav1d-1.5.0-x86_64-1.txz: Upgraded.
l/gvfs-1.56.1-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded.
`cfGetPrinterAttributes5()`: Validate response attributes before return
The IPP print destination which we are querying can be corrupted or
forged, so validate the response to strenghten security. Fixes
CVE-2024-47076.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47076
(* Security fix *)
l/libppd-2.1.0-x86_64-1.txz: Upgraded.
Prevent PPD generation based on invalid IPP response
Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator,
refactor make-and-model code, PPDize preset and template names,
quote PPD localized strings. Fixes CVE-2024-47175.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47175
(* Security fix *)
l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded.
l/python-psutil-6.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.
a/kernel-firmware-20240426_fc21f47-noarch-1.txz: Upgraded.
ap/cups-2.4.7-x86_64-3.txz: Rebuilt.
Rebuild using --with-rundir=/run/cups.
ap/cups-browsed-2.0.0-x86_64-1.txz: Added.
This is the CUPS/IPP print queue browser daemon, previously part of the
cups-filters package.
ap/cups-filters-2.0.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.4-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.0.0-x86_64-1.txz: Added.
This is required by cups-filters-2.0.0.
l/libppd-2.0.0-x86_64-1.txz: Added.
This is required by cups-filters-2.0.0.
l/libproxy-0.5.6-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.36-noarch-1.txz: Upgraded.
xap/mozilla-firefox-125.0.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-125.0-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Removed.
