slackware-current

mirror of git://slackware.nl/current.git synced 2024-12-26 09:58:59 +01:00

Author	SHA1	Message	Date
Patrick J Volkerding	767006b5b5	Fri Oct 18 22:51:09 UTC 2024 a/elilo-3.16-x86_64-17.txz: Rebuilt. eliloconfig: adapt to new naming and lack of huge kernel. Thanks to gildbg. ap/cups-browsed-2.1.0-x86_64-1.txz: Upgraded. Removed support for legacy CUPS browsing and for LDAP Legacy CUPS browsing is not needed any more and, our implementation accepting any UDP packet on port 631, causes vulnerabilities, and our LDAP support is does not comly with RFC 7612 and is therefore limited. Fixes CVE-2024-47176 and CVE-2024-47850 Default `BrowseRemoteProtocols` should not include `cups` protocol Works around CVE-2024-47176, the fix is the complete removal of legacy CUPS Browsing functionality. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47176 https://www.cve.org/CVERecord?id=CVE-2024-47850 (* Security fix ) l/dav1d-1.5.0-x86_64-1.txz: Upgraded. l/gvfs-1.56.1-x86_64-1.txz: Upgraded. l/libcupsfilters-2.1.0-x86_64-1.txz: Upgraded. `cfGetPrinterAttributes5()`: Validate response attributes before return The IPP print destination which we are querying can be corrupted or forged, so validate the response to strenghten security. Fixes CVE-2024-47076. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47076 ( Security fix ) l/libppd-2.1.0-x86_64-1.txz: Upgraded. Prevent PPD generation based on invalid IPP response Overtaken from CUPS 2.x: Validate IPP attributes in PPD generator, refactor make-and-model code, PPDize preset and template names, quote PPD localized strings. Fixes CVE-2024-47175. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-47175 ( Security fix *) l/python-MarkupSafe-3.0.2-x86_64-1.txz: Upgraded. l/python-psutil-6.1.0-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.8-x86_64-1.txz: Upgraded.	2024-10-19 01:29:44 +02:00
Patrick J Volkerding	6ffeb4181c	Thu Oct 10 22:42:17 UTC 2024 a/hostname-3.24-x86_64-1.txz: Upgraded. a/kernel-firmware-20241010_c410e4c-noarch-1.txz: Upgraded. a/kernel-generic-6.10.14-x86_64-1.txz: Upgraded. a/mkinitrd-1.4.11-x86_64-39.txz: Rebuilt. Symlink /boot/remove-orphaned-initrds into /usr/sbin to get it in the $PATH. a/pkgtools-15.1-noarch-14.txz: Rebuilt. Renamed kernel-backup to make-kernel-backup. We'll leave it in /boot where it's more likely to be noticed, but also add a symlink in /usr/sbin so that it's in the $PATH. Support /etc/default/make-kernel-backup. Test to see if $KERNEL_FILE is actually a Linux kernel. d/kernel-headers-6.10.14-x86-1.txz: Upgraded. k/kernel-source-6.10.14-noarch-1.txz: Upgraded. l/python-sphinx-8.1.0-x86_64-1.txz: Upgraded. l/python-sphinx_rtd_theme-3.0.1-x86_64-1.txz: Upgraded. n/c-ares-1.34.1-x86_64-1.txz: Upgraded. xap/mozilla-thunderbird-128.3.1esr-x86_64-1.txz: Upgraded. This release contains security fixes and improvements. For more information, see: https://www.mozilla.org/en-US/thunderbird/128.3.1esr/releasenotes/ (* Security fix ) isolinux/initrd.img: Rebuilt. kernels/: Upgraded. testing/packages/kernel-generic-6.11.3-x86_64-1.txz: Upgraded. testing/packages/kernel-headers-6.11.3-x86-1.txz: Upgraded. testing/packages/kernel-source-6.11.3-noarch-1.txz: Upgraded. usb-and-pxe-installers/usbboot.img: Rebuilt.	2024-10-11 01:59:58 +02:00
Patrick J Volkerding	194d2d2fc5	Wed Oct 9 21:09:16 UTC 2024 a/dracut-104-x86_64-1.txz: Upgraded. d/cmake-3.30.5-x86_64-1.txz: Upgraded. d/subversion-1.14.4-x86_64-1.txz: Upgraded. l/mozjs128-128.3.1esr-x86_64-1.txz: Upgraded. l/openexr-3.3.1-x86_64-1.txz: Upgraded. l/python-charset-normalizer-3.4.0-x86_64-1.txz: Upgraded. x/fcitx5-5.1.11-x86_64-1.txz: Upgraded. x/fcitx5-anthy-5.1.5-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.1.7-x86_64-1.txz: Upgraded. x/fcitx5-hangul-5.1.5-x86_64-1.txz: Upgraded. x/fcitx5-kkc-5.1.5-x86_64-1.txz: Upgraded. x/fcitx5-m17n-5.1.2-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.7-x86_64-1.txz: Upgraded. x/fcitx5-unikey-5.1.5-x86_64-1.txz: Upgraded. x/libime-1.1.9-x86_64-1.txz: Upgraded. xap/mozilla-firefox-128.3.1esr-x86_64-1.txz: Upgraded. This update contains a critical security fix: Use-after-free in Animation timeline. "An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild." For more information, see: https://www.mozilla.org/en-US/firefox/128.3.1/releasenotes/ https://www.mozilla.org/security/advisories/mfsa2024-51/ https://www.cve.org/CVERecord?id=CVE-2024-9680 (* Security fix *)	2024-10-10 00:58:09 +02:00
Patrick J Volkerding	c9ced48b11	Tue Jul 23 18:54:25 UTC 2024 Hey folks, we got a new glibc and are beginning the process of baking the new default compile flags into the toolchain, the graphics stack, and whatever else happens along. Enjoy! :-) a/aaa_glibc-solibs-2.40-x86_64-1.txz: Upgraded. a/libblockdev-3.1.1_1-x86_64-2.txz: Rebuilt. Fix build against recent ext2fs.h. Thanks to shipujin. a/xfsprogs-6.9.0-x86_64-1.txz: Upgraded. ap/rpm-4.19.1.1-x86_64-3.txz: Rebuilt. ap/slackpkg-15.0.10-noarch-4.txz: Rebuilt. Prefer gpg1 again. Going with the modern gpg with more dependencies was a mistake in this case. (now we know why gnupg-1 is still around :-) Thanks to Petri Kaukasoina. d/binutils-2.42-x86_64-3.txz: Rebuilt. d/cargo-vendor-filterer-0.5.14-x86_64-2.txz: Rebuilt. d/cbindgen-0.26.0-x86_64-2.txz: Rebuilt. d/ccache-4.10.2-x86_64-1.txz: Upgraded. d/cmake-3.30.1-x86_64-2.txz: Rebuilt. d/gcc-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-g++-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-gdc-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-gfortran-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-gm2-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-gnat-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-go-14.1.0-x86_64-2.txz: Rebuilt. d/gcc-objc-14.1.0-x86_64-2.txz: Rebuilt. d/libgccjit-14.1.0-x86_64-2.txz: Rebuilt. d/libtool-2.4.7-x86_64-8.txz: Rebuilt. d/parallel-20240722-noarch-1.txz: Upgraded. d/pkg-config-0.29.2-x86_64-5.txz: Rebuilt. d/python-setuptools-71.1.0-x86_64-1.txz: Upgraded. d/ruby-3.3.4-x86_64-2.txz: Rebuilt. d/rust-bindgen-0.69.4-x86_64-2.txz: Rebuilt. d/strace-6.10-x86_64-1.txz: Upgraded. d/subversion-1.14.3-x86_64-3.txz: Rebuilt. e/emacs-29.4-x86_64-2.txz: Rebuilt. l/PyQt-builder-1.16.4-x86_64-2.txz: Rebuilt. l/PyQt5-5.15.11-x86_64-1.txz: Upgraded. l/PyQt5_sip-12.15.0-x86_64-2.txz: Rebuilt. l/argon2-20190702-x86_64-6.txz: Rebuilt. l/ffmpeg-6.1.1-x86_64-5.txz: Rebuilt. l/glibc-2.40-x86_64-1.txz: Upgraded. This update fixes security issues: nscd: Stack-based buffer overflow in netgroup cache. nscd: Null pointer crash after notfound response. nscd: netgroup cache may terminate daemon on memory allocation failure. nscd: netgroup cache assumes NSS callback uses in-buffer strings. These vulnerabilities were only present in the nscd binary. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-33599 https://www.cve.org/CVERecord?id=CVE-2024-33600 https://www.cve.org/CVERecord?id=CVE-2024-33601 https://www.cve.org/CVERecord?id=CVE-2024-33602 (* Security fix ) l/glibc-i18n-2.40-x86_64-1.txz: Upgraded. l/glibc-profile-2.40-x86_64-1.txz: Upgraded. l/gst-plugins-good-1.24.5-x86_64-2.txz: Rebuilt. l/libcdio-paranoia-10.2+2.0.2-x86_64-1.txz: Upgraded. l/libclc-18.1.8-x86_64-3.txz: Rebuilt. l/libproxy-0.5.8-x86_64-1.txz: Upgraded. l/lz4-1.10.0-x86_64-1.txz: Upgraded. l/poppler-24.07.0-x86_64-2.txz: Rebuilt. l/python-importlib_metadata-8.1.0-x86_64-1.txz: Upgraded. l/python-sphinx-7.4.7-x86_64-1.txz: Upgraded. l/qt5-5.15.14_20240716_ae0c8451-x86_64-1.txz: Upgraded. l/qt5-webkit-5.212.0_alpha4-x86_64-13.txz: Rebuilt. l/qt6-6.7.2_20240610_3f005f1e-x86_64-3.txz: Rebuilt. l/sip-6.8.6-x86_64-2.txz: Rebuilt. l/spirv-llvm-translator-18.1.2-x86_64-2.txz: Rebuilt. l/v4l-utils-1.28.0-x86_64-1.txz: Upgraded. n/bind-9.18.28-x86_64-1.txz: Upgraded. This update fixes security issues: Remove SIG(0) support from named as a countermeasure for CVE-2024-1975. qctx-zversion was not being cleared when it should have been leading to an assertion failure if it needed to be reused. An excessively large number of rrtypes per owner can slow down database query processing, so a limit has been placed on the number of rrtypes that can be stored per owner (node) in a cache or zone database. This is configured with the new "max-rrtypes-per-name" option, and defaults to 100. Excessively large rdatasets can slow down database query processing, so a limit has been placed on the number of records that can be stored per rdataset in a cache or zone database. This is configured with the new "max-records-per-type" option, and defaults to 100. Malicious DNS client that sends many queries over TCP but never reads responses can cause server to respond slowly or not respond at all for other clients. For more information, see: https://www.cve.org/CVERecord?id=CVE-2024-1975 https://www.cve.org/CVERecord?id=CVE-2024-4076 https://www.cve.org/CVERecord?id=CVE-2024-1737 https://www.cve.org/CVERecord?id=CVE-2024-0760 ( Security fix *) n/fetchmail-6.4.39-x86_64-1.txz: Upgraded. n/obexftp-0.24.2-x86_64-13.txz: Rebuilt. n/pinentry-1.3.1-x86_64-2.txz: Rebuilt. n/wpa_supplicant-2.11-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.6-x86_64-3.txz: Rebuilt. x/ibus-m17n-1.4.30-x86_64-1.txz: Upgraded. x/libdrm-2.4.122-x86_64-2.txz: Rebuilt. x/marisa-0.2.6-x86_64-10.txz: Rebuilt. x/mesa-24.1.4-x86_64-2.txz: Rebuilt. x/vulkan-sdk-1.3.275.0-x86_64-3.txz: Rebuilt. xap/audacious-4.4-x86_64-2.txz: Rebuilt. xap/audacious-plugins-4.4-x86_64-2.txz: Rebuilt. xap/mozilla-thunderbird-128.0.1esr-x86_64-1.txz: Upgraded. This is a bugfix release. For more information, see: https://www.mozilla.org/en-US/thunderbird/128.0.1esr/releasenotes/ xap/xaos-4.3.2-x86_64-2.txz: Rebuilt. extra/emacs-regular-build/emacs-29.4-x86_64-2_regular.txz: Rebuilt.	2024-07-23 22:50:05 +02:00
Patrick J Volkerding	167022426d	Mon Jun 10 19:23:44 UTC 2024 ap/stow-2.4.0-x86_64-1.txz: Added. Thanks to r1w1s1. ap/texinfo-7.1-x86_64-2.txz: Rebuilt. Recompiled against perl-5.40.0. ap/vim-9.1.0473-x86_64-1.txz: Upgraded. Compiled against perl-5.40.0. d/ccache-4.10-x86_64-2.txz: Rebuilt. Avoid downloading doctest.h at build time. Thanks to lucabon. d/perl-5.40.0-x86_64-1.txz: Upgraded. Upgraded: DBD-mysql-4.052, Path-Tiny-0.146, URI-5.28. d/subversion-1.14.3-x86_64-2.txz: Rebuilt. Recompiled against perl-5.40.0. kde/plasma-workspace-5.27.11.1-x86_64-2.txz: Rebuilt. [PATCH] Fix writing ICEAuthority file. l/glib2-2.80.3-x86_64-1.txz: Upgraded. l/imagemagick-7.1.1_33-x86_64-2.txz: Rebuilt. Recompiled against perl-5.40.0. l/pango-1.54.0-x86_64-1.txz: Upgraded. l/python-packaging-24.1-x86_64-1.txz: Upgraded. n/epic5-2.1.12-x86_64-9.txz: Rebuilt. Recompiled against perl-5.40.0. n/irssi-1.4.5-x86_64-3.txz: Rebuilt. Recompiled against perl-5.40.0. n/net-snmp-5.9.4-x86_64-5.txz: Rebuilt. Recompiled against perl-5.40.0. n/ntp-4.2.8p18-x86_64-3.txz: Rebuilt. Recompiled against perl-5.40.0. n/openldap-2.6.8-x86_64-2.txz: Rebuilt. Recompiled against perl-5.40.0. xap/hexchat-2.16.2-x86_64-3.txz: Rebuilt. Recompiled against perl-5.40.0. xap/pidgin-2.14.13-x86_64-2.txz: Rebuilt. Recompiled against perl-5.40.0. xap/rxvt-unicode-9.31-x86_64-3.txz: Rebuilt. Recompiled against perl-5.40.0. xap/vim-gvim-9.1.0473-x86_64-1.txz: Upgraded. Compiled against perl-5.40.0. xap/xscreensaver-6.09-x86_64-1.txz: Upgraded. xfce/xfce4-power-manager-4.18.4-x86_64-1.txz: Upgraded. xfce/xfce4-session-4.18.4-x86_64-1.txz: Upgraded.	2024-06-10 22:00:40 +02:00
Patrick J Volkerding	5e846dcebf	Sun Jun 9 18:41:17 UTC 2024 l/qt6-6.7.1_20240516_6977d02f-x86_64-3.txz: Rebuilt. Fixed config option: -DINSTALL_MKSPECSDIR=lib${LIBDIRSUFFIX}/qt6/mkspecs Thanks to USUARIONUEVO. x/fcitx5-qt-5.1.6-x86_64-2.txz: Rebuilt. Recompiled against qt6-6.7.1_20240516_6977d02f to fix segfaults. Thanks to rinza. x/mesa-24.1.1-x86_64-3.txz: Rebuilt. Don't allow amber drivers to overwrite modern ones. Thanks to LuckyCyborg. Bundle the subprojects instead of allowing them to download. xfce/xfce4-settings-4.18.5-x86_64-1.txz: Upgraded.	2024-06-09 21:04:22 +02:00
Patrick J Volkerding	388220eab9	Tue Apr 23 19:48:05 UTC 2024 a/ed-1.20.2-x86_64-1.txz: Upgraded. d/parallel-20240422-noarch-1.txz: Upgraded. kde/krusader-2.8.1-x86_64-1.txz: Upgraded. kde/ktextaddons-1.5.4-x86_64-1.txz: Upgraded. l/libgusb-0.4.9-x86_64-1.txz: Upgraded. n/nmap-7.95-x86_64-1.txz: Upgraded. x/fcitx5-5.1.9-x86_64-1.txz: Upgraded. x/fcitx5-anthy-5.1.4-x86_64-1.txz: Upgraded. x/fcitx5-chinese-addons-5.1.5-x86_64-1.txz: Upgraded. x/fcitx5-gtk-5.1.3-x86_64-1.txz: Upgraded. x/fcitx5-hangul-5.1.3-x86_64-1.txz: Upgraded. x/fcitx5-kkc-5.1.3-x86_64-1.txz: Upgraded. x/fcitx5-m17n-5.1.1-x86_64-1.txz: Upgraded. x/fcitx5-qt-5.1.6-x86_64-1.txz: Upgraded. x/fcitx5-sayura-5.1.2-x86_64-1.txz: Upgraded. x/fcitx5-table-extra-5.1.5-x86_64-1.txz: Upgraded. x/fcitx5-table-other-5.1.2-x86_64-1.txz: Upgraded. x/fcitx5-unikey-5.1.4-x86_64-1.txz: Upgraded. x/libime-1.1.7-x86_64-1.txz: Upgraded. extra/emacs-regular-build/emacs-29.3-x86_64-2_regular.txz: Rebuilt. This is a bugfix release. Only build the X11/GTK+3 version. Use "emacs -nw" if you want to start it in a terminal emulator in text mode, or rebuild if you really need to get rid of the X11 dependency for some reason. Build using --with-pdumper=auto. It seems that --with-dumping=unexec produces a buggy Emacs here in the modern era, with symptoms such as "child signal FD: Invalid argument". It's possible this had something to do with the reported memory leaks as well. Thanks to 3Tom for the bug report.	2024-04-23 22:34:04 +02:00
Patrick J Volkerding	522fb53c22	Mon Aug 15 20:23:47 UTC 2022 a/etc-15.1-x86_64-2.txz: Rebuilt. Added support for $HOME/.profile.d/.{csh,sh} scripts. Thanks to Heinz Wiesinger. a/mcelog-188-x86_64-1.txz: Upgraded. kde/fcitx5-configtool-5.0.14-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. kde/fcitx5-theme-breeze-2.0.0-noarch-1.txz: Added. Thanks to Heinz Wiesinger. kde/kcm-fcitx-0.5.6-x86_64-4.txz: Removed. l/fmt-9.0.0-x86_64-1.txz: Added. Thanks to Steven Voges. l/librsvg-2.54.4-x86_64-2.txz: Rebuilt. Removed dangling symlink. Thanks to marav. n/rsync-3.2.5-x86_64-1.txz: Upgraded. Added some file-list safety checking that helps to ensure that a rogue sending rsync can't add unrequested top-level names and/or include recursive names that should have been excluded by the sender. These extra safety checks only require the receiver rsync to be updated. When dealing with an untrusted sending host, it is safest to copy into a dedicated destination directory for the remote content (i.e. don't copy into a destination directory that contains files that aren't from the remote host unless you trust the remote host). For more information, see: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29154 ( Security fix *) x/anthy-9100h-x86_64-4.txz: Removed. x/anthy-unicode-1.0.0.20211224-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx-4.2.9.8-x86_64-3.txz: Removed. x/fcitx-anthy-0.2.4-x86_64-1.txz: Removed. x/fcitx-configtool-0.4.10-x86_64-3.txz: Removed. x/fcitx-hangul-0.3.1-x86_64-3.txz: Removed. x/fcitx-kkc-0.1.4-x86_64-3.txz: Removed. x/fcitx-libpinyin-0.5.4-x86_64-2.txz: Removed. x/fcitx-m17n-0.2.4-x86_64-3.txz: Removed. x/fcitx-qt5-1.2.7-x86_64-1.txz: Removed. x/fcitx-sayura-0.1.2-x86_64-3.txz: Removed. x/fcitx-table-extra-0.3.8-x86_64-3.txz: Removed. x/fcitx-table-other-0.2.4-x86_64-3.txz: Removed. x/fcitx-unikey-0.2.7-x86_64-3.txz: Removed. x/fcitx5-5.0.18-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-anthy-5.0.12-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-chinese-addons-5.0.14-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-gtk-5.0.17-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-hangul-5.0.10-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-kkc-5.0.10-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-m17n-5.0.10-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-qt-5.0.14-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-sayura-5.0.8-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-table-extra-5.0.11-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-table-other-5.0.10-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/fcitx5-unikey-5.0.11-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/ibus-1.5.26-x86_64-2.txz: Rebuilt. Use correct path to kimpanel in ibus-autostart. Thanks to Lockywolf. x/ibus-anthy-1.5.14-x86_64-2.txz: Rebuilt. Recompiled against anthy-unicode-1.0.0.20211224. Thanks to Heinz Wiesinger. x/libime-1.0.13-x86_64-1.txz: Added. Thanks to Heinz Wiesinger. x/m17n-lib-1.8.0-x86_64-5.txz: Rebuilt. Rebuilt to drop the dependency on anthy-9100h. Thanks to Heinz Wiesinger. x/skkdic-20210919-noarch-1.txz: Upgraded. Thanks to Heinz Wiesinger. x/x11-skel-7.7-x86_64-9.txz: Rebuilt. Added imconfig script for selecting the input method. Thanks to Heinz Wiesinger. x/xcb-imdkit-1.0.3-x86_64-1.txz: Added. Thanks to Heinz Wiesinger.	2022-08-16 07:00:14 +02:00

8 commits