n/php-7.2.15-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.8.20-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/ffmpeg-3.4.5-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
Reenabled libsmbclient support.
extra/pure-alsa-system/gst-plugins-good-1.14.4-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
extra/pure-alsa-system/xine-lib-1.2.9-x86_64-4_alsa.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
pasture/php-5.6.40-x86_64-1.txz: Upgraded.
Several security bugs have been fixed in this release:
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads
to use-after-free).
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
Mbstring:
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
Fixed bug #77371 (heap buffer overflow in mb regex functions -
compile_string_node).
Fixed bug #77381 (heap buffer overflow in multibyte match_at).
Fixed bug #77382 (heap buffer overflow due to incorrect length in
expand_case_fold_string).
Fixed bug #77385 (buffer overflow in fetch_token).
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).
For more information, see:
https://php.net/ChangeLog-5.php#5.6.40
(* Security fix *)
a/hwdata-0.320-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.20-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.20-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.20-x86_64-1.txz: Upgraded.
a/mcelog-162-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.20-x86-1.txz: Upgraded.
d/opencl-headers-2.2-noarch-2.txz: Rebuilt.
Don't trigger "#pragma message" in cl_version.h when falling back on a
default version of OpenCL to target. Applications such as ffmpeg detect
this as an error and fail to compile.
k/kernel-source-4.19.20-noarch-1.txz: Upgraded.
l/ffmpeg-3.4.5-x86_64-2.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
Reenabled libsmbclient support.
l/gst-plugins-good-1.14.4-x86_64-2.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
l/libvpx-1.8.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/curl-7.64.0-x86_64-1.txz: Upgraded.
This release fixes the following security issues:
NTLM type-2 out-of-bounds buffer read.
NTLMv2 type-3 header stack buffer overflow.
SMTP end-of-response out-of-bounds read.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
(* Security fix *)
n/samba-4.9.4-x86_64-2.txz: Rebuilt.
Added time.h to libsmbclient.h to fix ffmpeg compatibility.
Thanks to USUARIONUEVO.
xap/xine-lib-1.2.9-x86_64-4.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/linuxdoc-tools-0.9.73-x86_64-1.txz: Upgraded.
Upgraded to gtk-doc-1.29.
Upgraded to asciidoc-8.6.10.
Upgraded to perl-XML-SAX-1.00.
Thanks to Stuart Winter.
d/meson-0.49.2-x86_64-1.txz: Upgraded.
d/python-setuptools-40.8.0-x86_64-1.txz: Upgraded.
d/slacktrack-2.19-x86_64-1.txz: Upgraded.
Thanks to Stuart Winter.
l/imagemagick-6.9.10_26-x86_64-1.txz: Upgraded.
n/dovecot-2.3.4.1-x86_64-1.txz: Upgraded.
This update addresses security issues:
CVE-2019-3814: If imap/pop3/managesieve/submission client has trusted
certificate with missing username field (ssl_cert_username_field), under
some configurations Dovecot mistakenly trusts the username provided via
authentication instead of failing.
ssl_cert_username_field setting was ignored with external SMTP AUTH,
because none of the MTAs (Postfix, Exim) currently send the cert_username
field. This may have allowed users with trusted certificate to specify any
username in the authentication. This bug didn't affect Dovecot's
Submission service.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3814
(* Security fix *)
d/bison-3.3.2-x86_64-1.txz: Upgraded.
n/dovecot-2.3.4-x86_64-2.txz: Rebuilt.
Patched double free when used with MariaDB 10.3.x. Thanks to Thom1b.
x/xkeyboard-config-2.26-noarch-1.txz: Upgraded.
extra/bittorrent/bittorrent-4.4.0-noarch-4.txz: Removed.
a/glibc-solibs-2.29-x86_64-2.txz: Rebuilt.
d/opencl-headers-2.2-noarch-1.txz: Upgraded.
Thanks to Heinz Wiesinger.
l/glibc-2.29-x86_64-2.txz: Rebuilt.
l/glibc-i18n-2.29-x86_64-2.txz: Rebuilt.
Reverted en_US.UTF8 date(1) format back to 24 hour. I'm pretty sure that
the majority of people here in this locale will agree.
l/glibc-profile-2.29-x86_64-2.txz: Rebuilt.
a/mkinitrd-1.4.11-x86_64-11.txz: Rebuilt.
setup.01.mkinitrd: revert to the previous command line for
mkinitrd_command_generator.sh (the new one fails when called from the
installer).
a/bash-5.0.002-x86_64-2.txz: Rebuilt.
Rebuilt with --libdir=/usr/lib${LIBDIRSUFFIX}. Thanks to RandomTroll.
a/btrfs-progs-4.20.1-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-9.txz: Rebuilt.
Automatically generate an initial ramdisk from the installer.
Added 'geninitrd' script to generate an initial ramdisk for the kernel that
/boot/vmlinuz-generic (and/or /boot/vmlinuz-generic-smp) points to.
ap/man-db-2.8.5-x86_64-2.txz: Rebuilt.
Comment out all the options in /etc/profile.d/man-db.{csh,sh} and let the
user decide whether or not to choose anything.
d/python-pip-19.0.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.41.1-x86_64-1.txz: Upgraded.
n/dhcpcd-7.1.0-x86_64-1.txz: Upgraded.
a/kernel-generic-4.19.17-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.17-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.17-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.17-x86-1.txz: Upgraded.
d/scons-3.0.4-x86_64-1.txz: Upgraded.
d/vala-0.42.5-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.17-noarch-1.txz: Upgraded.
n/httpd-2.4.38-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused. [Hank Ibell]
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data. [Stefan Eissing]
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later. PR 63052. [Joe Orton]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190
(* Security fix *)
x/libdrm-2.4.97-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/btrfs-progs-4.20-x86_64-1.txz: Upgraded.
a/kernel-firmware-20190118_a8b75ca-noarch-1.txz: Upgraded.
a/sysvinit-scripts-2.1-noarch-26.txz: Rebuilt.
rc.S: Don't sleep for 3 seconds before mounting non-root filesystems. This
should not be needed once udev reports having settled all devices.
Let me know if I'm wrong. :-)
d/parallel-20190122-noarch-1.txz: Upgraded.
l/glib2-2.58.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.4-x86_64-1.txz: Upgraded.
l/librsvg-2.44.12-x86_64-1.txz: Upgraded.
l/python-packaging-19.0-x86_64-1.txz: Upgraded.
n/p11-kit-0.23.15-x86_64-1.txz: Upgraded.
x/libinput-1.12.6-x86_64-1.txz: Upgraded.
xfce/exo-0.12.4-x86_64-1.txz: Upgraded.
ap/qpdf-8.3.0-x86_64-1.txz: Upgraded.
l/argon2-20171227-x86_64-1.txz: Added.
This is a new dependency for the PHP package.
n/libmbim-1.18.0-x86_64-1.txz: Upgraded.
n/libqmi-1.22.0-x86_64-1.txz: Upgraded.
n/php-7.2.14-x86_64-1.txz: Upgraded.
Use --with-password-argon2. PHP now requires the new argon2 package.
a/hwdata-0.319-noarch-1.txz: Upgraded.
d/doxygen-1.8.14-x86_64-3.txz: Upgraded.
Reverted (for now) to avoid segfault in doxygen-1.8.15.
l/libwpg-0.3.3-x86_64-1.txz: Upgraded.
l/libxml2-2.9.9-x86_64-1.txz: Upgraded.
l/libxslt-1.1.33-x86_64-1.txz: Upgraded.
l/python-pillow-5.4.0-x86_64-1.txz: Upgraded.
x/xterm-342-x86_64-1.txz: Upgraded.
testing/packages/wpa_supplicant-2.7-x86_64-3.txz: Rebuilt.
Apply TLSv1 patch from Debian and make some config changes to fix
WPA2-Enterprise. Once we have some testing results on this we'll consider
moving it back into the main tree. Thanks to gablek.
a/coreutils-8.30-x86_64-4.txz: Rebuilt.
Added xterm-new to DIR_COLORS.
a/ed-1.15-x86_64-1.txz: Upgraded.
a/smartmontools-7.0-x86_64-1.txz: Upgraded.
a/sysvinit-2.93-x86_64-1.txz: Upgraded.
ap/diffutils-3.7-x86_64-1.txz: Upgraded.
ap/mc-4.8.22-x86_64-1.txz: Upgraded.
l/gexiv2-0.10.10-x86_64-1.txz: Upgraded.
l/libgphoto2-2.5.22-x86_64-1.txz: Upgraded.
l/libwpd-0.10.3-x86_64-1.txz: Upgraded.
x/xterm-341-x86_64-3.txz: Rebuilt.
Append new app-defaults for XTerm rather than replacing the upstream file.
Use 'xterm' rather than 'xterm-new' for termName to avoid surprises, but
leave the other choice commented out.
Install XTerm as XTerm.new to avoid wiping out a locally modified file.
Still not sure we'll be able to stick with this as a default due to Terminus
possibly not being available on a remote X server. Sure looks nice though.
Thanks to GazL.
a/gzip-1.10-x86_64-1.txz: Upgraded.
a/lvm2-2.03.02-x86_64-1.txz: Upgraded.
a/os-prober-1.77-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-2.1-noarch-24.txz: Rebuilt.
rc.6: Don't umount /dev/shm or tmpfs mounts under /run as it causes long
warnings/timeouts at shutdown/reboot on systems using LVM.
Don't use --ignorelockingfailure when deactivating LVM.
l/gc-8.0.2-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_21-x86_64-1.txz: Upgraded.
l/libclc-20181127_1ecb16d-x86_64-1.txz: Upgraded.
l/librsvg-2.44.11-x86_64-1.txz: Upgraded.
l/zstd-1.3.8-x86_64-1.txz: Upgraded.
xap/blueman-2.0.7-x86_64-1.txz: Upgraded.
xap/xscreensaver-5.42-x86_64-1.txz: Upgraded.
xfce/xfce4-taskmanager-1.2.2-x86_64-1.txz: Upgraded.
a/kernel-generic-4.19.13-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.13-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.13-x86_64-1.txz: Upgraded.
d/doxygen-1.8.15-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.13-x86-1.txz: Upgraded.
k/kernel-source-4.19.13-noarch-1.txz: Upgraded.
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER y -> n
l/libsecret-0.18.7-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.6-x86_64-6.txz: Upgraded.
It seems we're not the only ones with broken WPA2-Enterprise support
with wpa_supplicant-2.7, so we'll fix it the same way as everyone else -
by reverting to wpa_supplicant-2.6 for now.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/wpa_supplicant-2.7-x86_64-2.txz: Upgraded.
Applied a patch from Gentoo to allow building CONFIG_IEEE80211X=y without
the experimental CONFIG_FILS=y option.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_elflibs-15.0-x86_64-3.txz: Rebuilt.
Moved libsigsegv.so.2 from /usr/lib{,64} to /lib{,64}.
Upgraded: libcap.so.2.26, libelf-0.175.so, libfuse.so.2.9.8,
libexpat.so.1.6.8, libglib-2.0.so.0.5800.2, libgmodule-2.0.so.0.5800.2,
libgobject-2.0.so.0.5800.2, libgthread-2.0.so.0.5800.2, libjpeg.so.62.3.0,
liblber-2.4.so.2.10.10, libldap-2.4.so.2.10.10, libpng16.so.16.36.0,
libstdc++.so.6.0.25, libtdb.so.1.3.16, libtiff.so.5.4.0,
libtiffxx.so.5.4.0, libturbojpeg.so.0.2.0.
ap/vim-8.1.0648-x86_64-1.txz: Upgraded.
d/nasm-2.14.02-x86_64-1.txz: Upgraded.
d/strace-4.26-x86_64-1.txz: Upgraded.
l/libsigsegv-2.12-x86_64-3.txz: Rebuilt.
Moved shared library into /lib{,64} to avoid problems when /usr is on a
separate partition. Thanks to TommyC7.
But please note: that has never been a recommended configuration (it was
always a bad idea prone to corner-case bugs), and with basically everyone
else moving everything into /usr, no upstream is developing with this
scenario in mind these days. Some of the problems caused by separate /usr
are simply not possibly to fix in a straightforward fashion. Consider it a
completely unsupported configuration choice. While it's not my style to
make the installer refuse to allow it, I won't be bending over backwards
to try to fix bugs related to this in the future. If I recall properly,
the original rationale was to make it possible for /usr to reside on a
shared network partition, which might have made sense back when 40MB was
a typical hard drive size. I can think of no good rationale now (and no,
I don't think making /usr read-only helps security in any tangible way).
n/wget-1.20.1-x86_64-1.txz: Upgraded.
x/xf86-video-chips-1.3.0-x86_64-1.txz: Upgraded.
x/xf86-video-neomagic-1.3.0-x86_64-1.txz: Upgraded.
x/xterm-341-x86_64-1.txz: Upgraded.
xap/audacious-3.10.1-x86_64-1.txz: Upgraded.
xap/audacious-plugins-3.10.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.0648-x86_64-1.txz: Upgraded.
a/coreutils-8.30-x86_64-3.txz: Rebuilt.
Support tmux terms in DIR_COLORS. Thanks to qunying.
a/grep-3.3-x86_64-1.txz: Upgraded.
a/kernel-generic-4.19.12-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.12-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.12-x86_64-1.txz: Upgraded.
a/sed-4.7-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.12-x86-1.txz: Upgraded.
d/rust-1.31.1-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.12-noarch-1.txz: Upgraded.
l/graphite2-1.3.13-x86_64-1.txz: Upgraded.
l/harfbuzz-2.3.0-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_19-x86_64-1.txz: Upgraded.
l/lmdb-0.9.23-x86_64-1.txz: Upgraded.
l/v4l-utils-1.16.3-x86_64-1.txz: Upgraded.
n/netatalk-3.1.12-x86_64-1.txz: Upgraded.
Netatalk before 3.1.12 is vulnerable to an out of bounds write in
dsi_opensess.c. This is due to lack of bounds checking on attacker
controlled data. A remote unauthenticated attacker can leverage
this vulnerability to achieve arbitrary code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1160
(* Security fix *)
n/openldap-client-2.4.47-x86_64-1.txz: Upgraded.
n/samba-4.9.4-x86_64-1.txz: Upgraded.
x/intel-vaapi-driver-2.3.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/grep-3.2-x86_64-1.txz: Upgraded.
a/sed-4.6-x86_64-1.txz: Upgraded.
d/vala-0.42.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-60.4.0-x86_64-1.txz: Upgraded.
This is a bugfix release. For more information, see:
https://www.mozilla.org/en-US/thunderbird/60.4.0/releasenotes/
pasture/php-5.6.39-x86_64-1.txz: Upgraded.
Several security bugs have been fixed in this release:
Segfault when using convert.quoted-printable-encode filter.
Null pointer dereference in imap_mail.
imap_open allows to run arbitrary shell commands via mailbox parameter.
PharData always creates new files with mode 0666.
Heap Buffer Overflow (READ: 4) in phar_parse_pharfile.
For more information, see:
https://php.net/ChangeLog-5.php#5.6.39
(* Security fix *)
a/btrfs-progs-v4.19.1-x86_64-1.txz: Upgraded.
a/dbus-1.12.12-x86_64-1.txz: Upgraded.
ap/cups-2.2.10-x86_64-1.txz: Upgraded.
ap/cups-filters-1.21.5-x86_64-1.txz: Upgraded.
ap/hplip-3.18.12-x86_64-1.txz: Upgraded.
d/mercurial-4.8.1-x86_64-1.txz: Upgraded.
d/rust-1.31.0-x86_64-1.txz: Upgraded.
l/libpng-1.6.36-x86_64-1.txz: Upgraded.
l/python-idna-2.8-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p12-x86_64-5.txz: Rebuilt.
Fixed logrotate file. Thanks to allend and rworkman.
n/php-7.2.13-x86_64-1.txz: Upgraded.
This is a security release which also contains several minor bug fixes.
For more information, see:
https://php.net/ChangeLog-7.php#7.2.13
(* Security fix *)
n/wpa_supplicant-2.7-x86_64-1.txz: Upgraded.
x/mesa-18.3.0-x86_64-1.txz: Upgraded.
x/xf86-video-i740-1.4.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-60.3.3-x86_64-1.txz: Upgraded.
This is a bugfix release. For more information, see:
https://www.mozilla.org/en-US/thunderbird/60.3.3/releasenotes/
xfce/thunar-volman-0.9.1-x86_64-1.txz: Upgraded.