ap/ksh93-20190416_7d7bba3e-x86_64-1.txz: Upgraded.
ap/sysstat-12.1.4-x86_64-1.txz: Upgraded.
l/gvfs-1.40.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/icu4c-64.2-x86_64-1.txz: Upgraded.
l/libcddb-1.3.2-x86_64-6.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/libcdio-2.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libcdio-paranoia-10.2+2.0.0-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
l/zstd-1.4.0-x86_64-1.txz: Upgraded.
n/dhcpcd-7.2.0-x86_64-1.txz: Upgraded.
n/dovecot-2.3.5.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Trying to login with 8bit username containing invalid UTF8 input causes
auth process to crash if auth policy is enabled. This could be used rather
easily to cause a DoS. Similar crash also happens during mail delivery
when using invalid UTF8 in From or Subject header when OX push
notification driver is used.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10691
(* Security fix *)
n/nghttp2-1.38.0-x86_64-1.txz: Upgraded.
n/openssh-8.0p1-x86_64-1.txz: Upgraded.
This release contains a mitigation for a weakness in the scp(1) tool
and protocol (CVE-2019-6111): when copying files from a remote system
to a local directory, scp(1) did not verify that the filenames that
the server sent matched those requested by the client. This could
allow a hostile server to create or clobber unexpected local files
with attacker-controlled content.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111
(* Security fix *)
xap/MPlayer-20190418-x86_64-1.txz: Upgraded.
Compiled against libcdio-2.1.0.
xap/audacious-plugins-3.10.1-x86_64-2.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
extra/pure-alsa-system/MPlayer-20190418-x86_64-1_alsa.txz: Upgraded.
Compiled against libcdio-2.1.0.
extra/pure-alsa-system/audacious-plugins-3.10.1-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libcdio-2.1.0.
ap/nano-4.1-x86_64-1.txz: Upgraded.
l/giflib-5.1.9-x86_64-2.txz: Rebuilt.
Restore GifQuantizeBuffer and other deprecated functions to the shared
library. Thanks to Skaendo.
l/glib2-2.60.1-x86_64-1.txz: Upgraded.
l/orc-0.4.29-x86_64-1.txz: Upgraded.
a/gawk-5.0.0-x86_64-1.txz: Upgraded.
ap/pamixer-1.4-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.70.0.
ap/vim-8.1.1157-x86_64-1.txz: Upgraded.
d/cmake-3.14.2-x86_64-1.txz: Upgraded.
e/emacs-26.2-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-30.txz: Rebuilt.
Recompiled against boost-1.70.0.
l/akonadi-1.13.0-x86_64-12.txz: Rebuilt.
Recompiled against boost-1.70.0.
l/boost-1.70.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Note: Boost now provides its own BoostConfig.cmake config file, and it may
not work with all existing code (here, calligra stumbled over it). At this
point it's not clear if the included cmake config files are buggy, or if
affected projects need to change something in order to use them, but there's
an easy workaround to use cmake's FindBoost.cmake (as was used previously).
Add this to the call to cmake from any affected project (if cmake fails with
an error: "No suitable build variant has been found."):
-DBoost_NO_BOOST_CMAKE=ON
n/libmbim-1.18.2-x86_64-1.txz: Upgraded.
n/nfs-utils-2.3.3-x86_64-3.txz: Rebuilt.
rc.nfsd: don't try to create the nfsv4recoverydir - the build script will
determine the directory to use and include it in the package.
rc.nfsd: drop 2.4 kernel support, and use better code for mounting the nfsd
filesystem.
Thanks to shasta.
x/libwacom-0.33-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.1157-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2019a-noarch-1.txz: Upgraded.
a/grub-2.02-x86_64-5.txz: Rebuilt.
Support F2FS filesystem. Thanks to Nille_kungen.
ap/cups-filters-1.22.5-x86_64-1.txz: Upgraded.
ap/itstool-2.0.6-x86_64-1.txz: Upgraded.
d/python-setuptools-41.0.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.60.1-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_39-x86_64-1.txz: Upgraded.
l/libcroco-0.6.13-x86_64-1.txz: Upgraded.
l/libnotify-0.7.8-x86_64-1.txz: Upgraded.
n/cifs-utils-6.9-x86_64-1.txz: Upgraded.
n/nfs-utils-2.3.3-x86_64-2.txz: Rebuilt.
Include recovery directory. Thanks to upnort.
n/samba-4.10.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
World writable files in Samba AD DC private/ dir.
Save registry file outside share as unprivileged user.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3870https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3880
(* Security fix *)
x/libva-2.4.1-x86_64-1.txz: Upgraded.
x/pixman-0.38.2-x86_64-1.txz: Upgraded.
xap/gimp-2.10.10-x86_64-1.txz: Upgraded.
ap/vim-8.1.1119-x86_64-1.txz: Upgraded.
l/openjpeg-2.3.1-x86_64-1.txz: Upgraded.
Includes many bug fixes (including security fixes).
(* Security fix *)
n/links-2.19-x86_64-1.txz: Upgraded.
n/stunnel-5.51-x86_64-1.txz: Upgraded.
n/wget-1.20.3-x86_64-1.txz: Upgraded.
Fixed a buffer overflow vulnerability:
src/iri.c(do_conversion): Reallocate the output buffer to a larger
size if it is already full.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5953
(* Security fix *)
xap/vim-gvim-8.1.1119-x86_64-1.txz: Upgraded.
ap/ghostscript-9.27-x86_64-1.txz: Upgraded.
d/python-setuptools-40.9.0-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_37-x86_64-1.txz: Upgraded.
l/readline-8.0.000-x86_64-2.txz: Rebuilt.
Recompiled to link rlfe against the new libreadline. Thanks to Toutatis.
a/hwdata-0.322-noarch-1.txz: Upgraded.
a/kernel-firmware-20190402_67b7579-noarch-1.txz: Upgraded.
a/shadow-4.6-x86_64-2.txz: Rebuilt.
adduser: reprompt on invalid user input. Thanks to ttk.
ap/ghostscript-9.26-x86_64-2.txz: Rebuilt.
Fixes security issues:
A specially crafted PostScript file could have access to the file system
outside of the constrains imposed by -dSAFER.
Transient procedures can allow access to system operators, leading to
remote code execution.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3835https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3838https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6116
(* Security fix *)
d/vala-0.44.2-x86_64-1.txz: Upgraded.
l/glib-networking-2.60.1-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_36-x86_64-1.txz: Upgraded.
l/python-pillow-6.0.0-x86_64-1.txz: Upgraded.
n/wget-1.20.2-x86_64-1.txz: Upgraded.
Fixed an unspecified buffer overflow vulnerability.
(* Security fix *)
Saint Patrick was a gentleman
Who through strategy and stealth
Drove all the snakes from Ireland
Here's toasting to his health -
But not too many toastings
Lest you lose yourself, and then,
Forget the good Saint Patrick
And see all those snakes again.
a/eudev-3.2.7-x86_64-3.txz: Rebuilt.
Added tqmx86_wdt to watchdog.conf. Thanks to Robby Workman.
d/vala-0.44.1-x86_64-1.txz: Upgraded.
kde/ktorrent-4.3.1-x86_64-4.txz: Rebuilt.
Embed a copy of the GeoIP database since the download link no longer works.
l/glibmm-2.58.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.43-x86_64-1.txz: Upgraded.
x/imake-1.0.8-x86_64-1.txz: Upgraded.
x/libXdmcp-1.1.3-x86_64-1.txz: Upgraded.
x/libXext-1.3.4-x86_64-1.txz: Upgraded.
x/libXft-2.3.3-x86_64-1.txz: Upgraded.
x/libXmu-1.1.3-x86_64-1.txz: Upgraded.
x/libXrandr-1.5.2-x86_64-1.txz: Upgraded.
x/libXvMC-1.0.11-x86_64-1.txz: Upgraded.
x/libXxf86dga-1.1.5-x86_64-1.txz: Upgraded.
x/libxkbfile-1.1.0-x86_64-1.txz: Upgraded.
x/makedepend-1.0.6-x86_64-1.txz: Upgraded.
x/x11perf-1.6.1-x86_64-1.txz: Upgraded.
x/xf86-video-intel-20190301_6afed33b-x86_64-1.txz: Upgraded.
x/xf86-video-savage-20190128_8579718-x86_64-1.txz: Upgraded.
x/xf86-video-sis-20181217_22d3c79-x86_64-1.txz: Upgraded.
x/xtrans-1.4.0-noarch-1.txz: Upgraded.
ap/cgmanager-0.42-x86_64-1.txz: Upgraded.
d/cmake-3.14.0-x86_64-1.txz: Upgraded.
l/gexiv2-0.12.0-x86_64-1.txz: Upgraded.
l/gsettings-desktop-schemas-3.32.0-x86_64-2.txz: Rebuilt.
Don't override the system font defaults (especially with fonts that we don't
include). Thanks to Markus Wiesner.
l/libyaml-0.2.2-x86_64-1.txz: Upgraded.
l/libzip-1.5.2-x86_64-1.txz: Upgraded.
a/btrfs-progs-4.20.2-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1b-x86_64-1.txz: Upgraded.
ap/ddrescue-1.24-x86_64-1.txz: Upgraded.
ap/sqlite-3.27.2-x86_64-1.txz: Upgraded.
l/libssh-0.8.7-x86_64-1.txz: Upgraded.
l/talloc-2.1.16-x86_64-1.txz: Upgraded.
l/tdb-1.3.18-x86_64-1.txz: Upgraded.
l/tevent-0.9.39-x86_64-1.txz: Upgraded.
n/ca-certificates-20181210-noarch-2.txz: Rebuilt.
Use "c_rehash" rather than "openssl rehash" for compatibility with all
versions of OpenSSL.
n/epic5-2.1.1-x86_64-1.txz: Upgraded.
n/openssl-1.1.1b-x86_64-1.txz: Upgraded.
x/xorg-server-1.20.4-x86_64-1.txz: Upgraded.
x/xorg-server-xephyr-1.20.4-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.4-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.4-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-60.5.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/60.5.2/releasenotes/
a/glibc-solibs-2.29-x86_64-3.txz: Rebuilt.
ap/texinfo-6.6-x86_64-1.txz: Upgraded.
l/elfutils-0.176-x86_64-1.txz: Upgraded.
l/glibc-2.29-x86_64-3.txz: Rebuilt.
l/glibc-i18n-2.29-x86_64-3.txz: Rebuilt.
Go back to using the glibc.locale.no-archive.diff patch rather than the new
built-in no-archive locale target. Avoiding hardlinks is not worth 700MB of
useless bloat. Thanks to baldzhang.
l/glibc-profile-2.29-x86_64-3.txz: Rebuilt.
l/librsvg-2.44.13-x86_64-1.txz: Upgraded.
x/xf86-video-chips-1.4.0-x86_64-1.txz: Upgraded.
x/xf86-video-tdfx-1.5.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20190212_28f5f7d-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.21-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.21-x86_64-1.txz: Upgraded.
ap/lxc-2.0.9_d3a03247-x86_64-1.txz: Upgraded.
This update fixes a security issue where a malicious privileged container
could overwrite the host binary and thus gain root-level code execution on
the host. As the LXC project considers privileged containers to be unsafe
no CVE has been assigned for this issue for LXC. To prevent this attack,
LXC has been patched to create a temporary copy of the calling binary
itself when it starts or attaches to containers. To do this LXC creates an
anonymous, in-memory file using the memfd_create() system call and copies
itself into the temporary in-memory file, which is then sealed to prevent
further modifications. LXC then executes this sealed, in-memory file
instead of the original on-disk binary.
For more information, see:
https://seclists.org/oss-sec/2019/q1/119
(* Security fix *)
d/kernel-headers-4.19.21-x86-1.txz: Upgraded.
k/kernel-source-4.19.21-noarch-1.txz: Upgraded.
l/libbluray-1.1.0-x86_64-1.txz: Upgraded.
l/libcap-2.26-x86_64-2.txz: Rebuilt.
Don't ship static library.
l/xapian-core-1.4.10-x86_64-1.txz: Upgraded.
n/gnupg2-2.2.13-x86_64-1.txz: Upgraded.
n/irssi-1.2.0-x86_64-1.txz: Upgraded.
n/libassuan-2.5.3-x86_64-1.txz: Upgraded.
x/bitmap-1.0.9-x86_64-1.txz: Upgraded.
x/libXau-1.0.9-x86_64-1.txz: Upgraded.
x/pixman-0.38.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/hwdata-0.320-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.20-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.20-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.20-x86_64-1.txz: Upgraded.
a/mcelog-162-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.20-x86-1.txz: Upgraded.
d/opencl-headers-2.2-noarch-2.txz: Rebuilt.
Don't trigger "#pragma message" in cl_version.h when falling back on a
default version of OpenCL to target. Applications such as ffmpeg detect
this as an error and fail to compile.
k/kernel-source-4.19.20-noarch-1.txz: Upgraded.
l/ffmpeg-3.4.5-x86_64-2.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
Reenabled libsmbclient support.
l/gst-plugins-good-1.14.4-x86_64-2.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
l/libvpx-1.8.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/curl-7.64.0-x86_64-1.txz: Upgraded.
This release fixes the following security issues:
NTLM type-2 out-of-bounds buffer read.
NTLMv2 type-3 header stack buffer overflow.
SMTP end-of-response out-of-bounds read.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823
(* Security fix *)
n/samba-4.9.4-x86_64-2.txz: Rebuilt.
Added time.h to libsmbclient.h to fix ffmpeg compatibility.
Thanks to USUARIONUEVO.
xap/xine-lib-1.2.9-x86_64-4.txz: Rebuilt.
Recompiled against libvpx-1.8.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/glibc-solibs-2.29-x86_64-2.txz: Rebuilt.
d/opencl-headers-2.2-noarch-1.txz: Upgraded.
Thanks to Heinz Wiesinger.
l/glibc-2.29-x86_64-2.txz: Rebuilt.
l/glibc-i18n-2.29-x86_64-2.txz: Rebuilt.
Reverted en_US.UTF8 date(1) format back to 24 hour. I'm pretty sure that
the majority of people here in this locale will agree.
l/glibc-profile-2.29-x86_64-2.txz: Rebuilt.
a/bash-5.0.002-x86_64-2.txz: Rebuilt.
Rebuilt with --libdir=/usr/lib${LIBDIRSUFFIX}. Thanks to RandomTroll.
a/btrfs-progs-4.20.1-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-9.txz: Rebuilt.
Automatically generate an initial ramdisk from the installer.
Added 'geninitrd' script to generate an initial ramdisk for the kernel that
/boot/vmlinuz-generic (and/or /boot/vmlinuz-generic-smp) points to.
ap/man-db-2.8.5-x86_64-2.txz: Rebuilt.
Comment out all the options in /etc/profile.d/man-db.{csh,sh} and let the
user decide whether or not to choose anything.
d/python-pip-19.0.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.41.1-x86_64-1.txz: Upgraded.
n/dhcpcd-7.1.0-x86_64-1.txz: Upgraded.
