d/python-setuptools-73.0.1-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.70.1-x86_64-1.txz: Upgraded.
n/ModemManager-1.22.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.10-x86_64-1.txz: Upgraded.
n/epic5-2.4-x86_64-1.txz: Upgraded.
n/libqmi-1.34.0-x86_64-2.txz: Rebuilt.
Build against libqrtr-glib with -Dqrtr=true.
n/libqrtr-glib-1.2.2-x86_64-1.txz: Added.
ModemManager-1.22.0 needs libqmi to be linked with this.
x/xorg-server-21.1.13-x86_64-3.txz: Rebuilt.
Patched changing a type from unsigned long to unsigned long long which fixes
the black screen seen on 32-bit with the modesetting driver. Seems fine on
64-bit as well, so the patch is applied for all builds. The patch to default
to modesetting for Intel graphics is restored (and the one for nouveau is kept
as well).
Thanks to Lenard Spencer for reporting that nouveau was also hitting this.
Thanks to Petri Kaukasoina for the patch.
x/xorg-server-xephyr-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-3.txz: Rebuilt.
a/libbytesize-2.11-x86_64-1.txz: Upgraded.
d/python-setuptools-73.0.0-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-8.4.0-x86_64-1.txz: Upgraded.
n/epic5-2.2-x86_64-1.txz: Upgraded.
n/netatalk-3.2.7-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.13-x86_64-2.txz: Rebuilt.
On 32-bit, using the modesetting driver with Intel graphics is resulting in
a black screen (observed here with CoffeeLake-H GT2), so on 32-bit only let's
stop applying the patch that was making xorg-server use modesetting by
default. Thanks to LuckyCyborg and Petri Kaukasoina.
Fix build with gcc-14.2.
x/xorg-server-xephyr-21.1.13-x86_64-2.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-2.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-2.txz: Rebuilt.
xfce/xfce4-screenshooter-1.11.1-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.5-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.5-x86-1.txz: Upgraded.
d/python-setuptools-72.2.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.10.5-noarch-1.txz: Upgraded.
kde/okteta-0.26.16-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
n/lynx-2.9.2-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.9.5-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.14.0-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-7.0.2.
Thanks to Petri Kaukasoina.
extra/xv/xv-6.0.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/bash-5.2.032-x86_64-1.txz: Upgraded.
d/mercurial-6.8.1-x86_64-1.txz: Upgraded.
l/pipewire-1.2.2-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.3-x86_64-1.txz: Upgraded.
n/php-8.3.10-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.10
d/meson-1.5.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_36-x86_64-1.txz: Upgraded.
l/python-alabaster-1.0.0-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.11-x86_64-2.txz: Rebuilt.
[PATCH] nl80211: add extra-ies only if allowed by driver.
This fixes using broadcom-wl based adapters.
Thanks to Stuart Winter.
x/OpenCC-1.1.8-x86_64-1.txz: Upgraded.
x/xfs-1.2.2-x86_64-1.txz: Upgraded.
Well folks, we have some more interesting stuff in /testing now.
Our good friend LuckyCyborg posted a while back about our trials with
GRUB2, and that we were banging our heads against a wall for no reason
trying to bend GRUB2 with our 09_slackware_linux grub.d script instead
of changing our kernel/initrd naming scheme to vmlinux-6.10.1-generic
and initrd-6.10.1-generic.img. And, as is often the case, our friend is
exactly correct. Once we stopped trying to swim against the current, GRUB2
started behaving as it should.
The updates in /testing change the kernel naming scheme thusly, and modify
the geninitrd script in the mkinitrd package to also use this naming
scheme. And, of course, 09_slackware_linux is removed from GRUB2, and the
10_linux script is only lightly modified.
Because lilo and elilo work with the symlinks to the kernel and initrd,
they shouldn't care anout this change.
We've probably got 6.9.11 coming tomorrow. Unless I hear that I should stop
the presses on this change, it's likely that those kernels will be updated
using the new naming scheme and the mkinitrd and grub updates will be moved
into the main tree from /testing.
We'll stick with 6.9 in the main tree for now because I'm still encountering
suspend failure with the 6.10 kernel here.
Enjoy! :-)
a/kernel-firmware-20240723_b37d247-noarch-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-2.txz: Rebuilt.
l/libxml2-2.13.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix XXE protection in downstream code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-40896
(* Security fix *)
l/mozilla-nss-3.102.1-x86_64-1.txz: Upgraded.
l/nodejs-20.16.0-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-8.2.0-x86_64-1.txz: Upgraded.
l/v4l-utils-1.28.1-x86_64-1.txz: Upgraded.
n/c-ares-1.32.3-x86_64-1.txz: Upgraded.
n/curl-8.9.0-x86_64-1.txz: Upgraded.
n/htdig-3.2.0b6-x86_64-10.txz: Rebuilt.
Patch XSS vulnerability. Thanks to jayjwa.
Get this out of cgi-bin. Thanks to LuckyCyborg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2007-6110
(* Security fix *)
n/libtirpc-1.3.5-x86_64-1.txz: Upgraded.
extra/fltk/fltk-1.3.9-x86_64-2.txz: Rebuilt.
extra/tigervnc/tigervnc-1.13.1-x86_64-6.txz: Rebuilt.
Not sure why 1.14.0 isn't compiling, but we'll rebuild this for now.
testing/packages/grub-2.12-x86_64-12.txz: Upgraded.
Remove 09_slackware_linux.
10_linux: don't rename Slackware ;-)
This should configure the renamed kernel/initrd perfectly.
Perhaps 10_linux should no longer accept initrd.gz as a valid name?
For now it is accepted to avoid disrupting existing workflows.
testing/packages/kernel-generic-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.10.1-x86-1.txz: Upgraded.
testing/packages/kernel-huge-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-modules-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-source-6.10.1-noarch-1.txz: Upgraded.
testing/packages/mkinitrd-1.4.11-x86_64-35.txz: Upgraded.
geninitrd: create initrd with initrd-version-name.img filename.
Make compat symlinks by default.
Always add LVM (I've seen it mistakenly skipped... if we can get to the
bottom of that then we'll stop always adding it)
Add /etc/default/geninitrd for configuration.
Hey folks, we got a new glibc and are beginning the process of baking the new
default compile flags into the toolchain, the graphics stack, and whatever else
happens along. Enjoy! :-)
a/aaa_glibc-solibs-2.40-x86_64-1.txz: Upgraded.
a/libblockdev-3.1.1_1-x86_64-2.txz: Rebuilt.
Fix build against recent ext2fs.h. Thanks to shipujin.
a/xfsprogs-6.9.0-x86_64-1.txz: Upgraded.
ap/rpm-4.19.1.1-x86_64-3.txz: Rebuilt.
ap/slackpkg-15.0.10-noarch-4.txz: Rebuilt.
Prefer gpg1 again. Going with the modern gpg with more dependencies was
a mistake in this case. (now we know why gnupg-1 is still around :-)
Thanks to Petri Kaukasoina.
d/binutils-2.42-x86_64-3.txz: Rebuilt.
d/cargo-vendor-filterer-0.5.14-x86_64-2.txz: Rebuilt.
d/cbindgen-0.26.0-x86_64-2.txz: Rebuilt.
d/ccache-4.10.2-x86_64-1.txz: Upgraded.
d/cmake-3.30.1-x86_64-2.txz: Rebuilt.
d/gcc-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-g++-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gdc-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gfortran-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gm2-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gnat-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-go-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-objc-14.1.0-x86_64-2.txz: Rebuilt.
d/libgccjit-14.1.0-x86_64-2.txz: Rebuilt.
d/libtool-2.4.7-x86_64-8.txz: Rebuilt.
d/parallel-20240722-noarch-1.txz: Upgraded.
d/pkg-config-0.29.2-x86_64-5.txz: Rebuilt.
d/python-setuptools-71.1.0-x86_64-1.txz: Upgraded.
d/ruby-3.3.4-x86_64-2.txz: Rebuilt.
d/rust-bindgen-0.69.4-x86_64-2.txz: Rebuilt.
d/strace-6.10-x86_64-1.txz: Upgraded.
d/subversion-1.14.3-x86_64-3.txz: Rebuilt.
e/emacs-29.4-x86_64-2.txz: Rebuilt.
l/PyQt-builder-1.16.4-x86_64-2.txz: Rebuilt.
l/PyQt5-5.15.11-x86_64-1.txz: Upgraded.
l/PyQt5_sip-12.15.0-x86_64-2.txz: Rebuilt.
l/argon2-20190702-x86_64-6.txz: Rebuilt.
l/ffmpeg-6.1.1-x86_64-5.txz: Rebuilt.
l/glibc-2.40-x86_64-1.txz: Upgraded.
This update fixes security issues:
nscd: Stack-based buffer overflow in netgroup cache.
nscd: Null pointer crash after notfound response.
nscd: netgroup cache may terminate daemon on memory allocation failure.
nscd: netgroup cache assumes NSS callback uses in-buffer strings.
These vulnerabilities were only present in the nscd binary.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-33599https://www.cve.org/CVERecord?id=CVE-2024-33600https://www.cve.org/CVERecord?id=CVE-2024-33601https://www.cve.org/CVERecord?id=CVE-2024-33602
(* Security fix *)
l/glibc-i18n-2.40-x86_64-1.txz: Upgraded.
l/glibc-profile-2.40-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.5-x86_64-2.txz: Rebuilt.
l/libcdio-paranoia-10.2+2.0.2-x86_64-1.txz: Upgraded.
l/libclc-18.1.8-x86_64-3.txz: Rebuilt.
l/libproxy-0.5.8-x86_64-1.txz: Upgraded.
l/lz4-1.10.0-x86_64-1.txz: Upgraded.
l/poppler-24.07.0-x86_64-2.txz: Rebuilt.
l/python-importlib_metadata-8.1.0-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.14_20240716_ae0c8451-x86_64-1.txz: Upgraded.
l/qt5-webkit-5.212.0_alpha4-x86_64-13.txz: Rebuilt.
l/qt6-6.7.2_20240610_3f005f1e-x86_64-3.txz: Rebuilt.
l/sip-6.8.6-x86_64-2.txz: Rebuilt.
l/spirv-llvm-translator-18.1.2-x86_64-2.txz: Rebuilt.
l/v4l-utils-1.28.0-x86_64-1.txz: Upgraded.
n/bind-9.18.28-x86_64-1.txz: Upgraded.
This update fixes security issues:
Remove SIG(0) support from named as a countermeasure for CVE-2024-1975.
qctx-zversion was not being cleared when it should have been leading to
an assertion failure if it needed to be reused.
An excessively large number of rrtypes per owner can slow down database query
processing, so a limit has been placed on the number of rrtypes that can be
stored per owner (node) in a cache or zone database. This is configured with
the new "max-rrtypes-per-name" option, and defaults to 100.
Excessively large rdatasets can slow down database query processing, so a
limit has been placed on the number of records that can be stored per
rdataset in a cache or zone database. This is configured with the new
"max-records-per-type" option, and defaults to 100.
Malicious DNS client that sends many queries over TCP but never reads
responses can cause server to respond slowly or not respond at all for other
clients.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-1975https://www.cve.org/CVERecord?id=CVE-2024-4076https://www.cve.org/CVERecord?id=CVE-2024-1737https://www.cve.org/CVERecord?id=CVE-2024-0760
(* Security fix *)
n/fetchmail-6.4.39-x86_64-1.txz: Upgraded.
n/obexftp-0.24.2-x86_64-13.txz: Rebuilt.
n/pinentry-1.3.1-x86_64-2.txz: Rebuilt.
n/wpa_supplicant-2.11-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.6-x86_64-3.txz: Rebuilt.
x/ibus-m17n-1.4.30-x86_64-1.txz: Upgraded.
x/libdrm-2.4.122-x86_64-2.txz: Rebuilt.
x/marisa-0.2.6-x86_64-10.txz: Rebuilt.
x/mesa-24.1.4-x86_64-2.txz: Rebuilt.
x/vulkan-sdk-1.3.275.0-x86_64-3.txz: Rebuilt.
xap/audacious-4.4-x86_64-2.txz: Rebuilt.
xap/audacious-plugins-4.4-x86_64-2.txz: Rebuilt.
xap/mozilla-thunderbird-128.0.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.0.1esr/releasenotes/
xap/xaos-4.3.2-x86_64-2.txz: Rebuilt.
extra/emacs-regular-build/emacs-29.4-x86_64-2_regular.txz: Rebuilt.
a/kernel-firmware-20240718_058deb9-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.10-x86_64-1.txz: Upgraded.
d/cmake-3.30.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.9.10-x86-1.txz: Upgraded.
d/python-setuptools-71.0.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.10-noarch-1.txz: Upgraded.
kde/labplot-2.11.1-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.6-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.06-noarch-1.txz: Upgraded.
n/httpd-2.4.62-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
The first CVE is for Windows, but the second one is an additional fix for
the source code disclosure regression when using AddType.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.62https://www.cve.org/CVERecord?id=CVE-2024-40898https://www.cve.org/CVERecord?id=CVE-2024-40725
(* Security fix *)
n/openvpn-2.6.12-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/openssl11-solibs-1.1.1za-x86_64-1.txz: Upgraded.
ap/vim-9.1.0595-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.5-x86_64-1.txz: Upgraded.
n/iproute2-6.10.0-x86_64-1.txz: Upgraded.
n/nftables-1.1.0-x86_64-1.txz: Upgraded.
n/openssl11-1.1.1za-x86_64-1.txz: Upgraded.
Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
were only available to subscribers to OpenSSL's premium extended support.
These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
The reported version number has been updated so that vulnerability scanners
calm down. All of these issues were considered to be of low severity.
We probably won't keep 1.1.1 in -current for long anyway, but might as well
patch it first. :-)
Thanks to Ken Zalewski for the patches!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5678https://www.cve.org/CVERecord?id=CVE-2024-0727https://www.cve.org/CVERecord?id=CVE-2024-2511https://www.cve.org/CVERecord?id=CVE-2024-4741https://www.cve.org/CVERecord?id=CVE-2024-5535
(* Security fix *)
x/mesa-24.1.4-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0595-x86_64-1.txz: Upgraded.
n/curl-8.8.0-x86_64-3.txz: Rebuilt.
Recompiled using --with-openssl-quic to enable HTTP3.
This is (unsurprisingly) considered experimental, but should be fine.
Thanks to marav.
Thanks for the Slackiversary wishes!
a/bcachefs-tools-1.9.4-x86_64-1.txz: Upgraded.
a/sysklogd-2.6.0-x86_64-1.txz: Upgraded.
l/dbus-python-1.3.2-x86_64-3.txz: Rebuilt.
Build with meson, which fixes pulseaudio's qpaeq.
Thanks to gmgf and USUARIONUEVO.
l/nodejs-20.15.1-x86_64-2.txz: Rebuilt.
Recompiled using --shared-nghttp3.
l/python-sphinx-7.4.4-x86_64-1.txz: Upgraded.
n/c-ares-1.32.2-x86_64-1.txz: Upgraded.
n/curl-8.8.0-x86_64-2.txz: Rebuilt.
Recompiled using --with-nghttp2=/usr and --with-nghttp3=/usr.
n/libnftnl-1.2.7-x86_64-1.txz: Upgraded.
n/nghttp3-1.4.0-x86_64-1.txz: Added.
Thanks to pbslxw and Lockywolf.
n/ntp-4.2.8p18-x86_64-5.txz: Rebuilt.
This is a bugfix release to fix a regression in ntp-4.2.8p18:
If the IPv6 link-local interface was not ready for binding on the first
attempt, ntpd would segfault in update_interfaces().
Thanks to Jonathan Woithe for the bug report and fix.
a/cracklib-2.10.0-x86_64-1.txz: Upgraded.
kde/digikam-8.4.0-x86_64-1.txz: Upgraded.
l/PyQt5_sip-12.15.0-x86_64-1.txz: Upgraded.
n/gnupg2-2.4.5-x86_64-2.txz: Rebuilt.
Make a /usr/bin/gpgv symlink to gpgv2. Thanks to GazL ;-)
n/netatalk-3.2.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.43-x86_64-1.txz: Upgraded.
n/netatalk-3.2.2-x86_64-2.txz: Rebuilt.
Build using -Dwith-pam-config-path=/etc/pam.d. Thanks to Petri Kaukasoina.
d/gdb-15.1-x86_64-1.txz: Upgraded.
n/openssh-9.8p1-x86_64-3.txz: Rebuilt.
As upstream refactors this into smaller binaries, we could easily run into
another update that causes an sshd lockout if the listener process isn't
restarted. So, let's try to prevent that. After the package is upgraded,
we'll use "sshd -t" to make sure that we have a sane configuration, and if
so then we'll restart the listener process automatically.
If you don't like this idea, you may turn it off in /etc/default/sshd.
n/wpa_supplicant-2.10-x86_64-5.txz: Rebuilt.
Use more normal permissions for the documentation and examples.
Thanks to Didier Spaier.
n/openssh-9.8p1-x86_64-2.txz: Rebuilt.
rc.sshd: also shut down sshd-session processes with "stop" function.
This shuts down connections cleanly instead of them having to time out.
Thanks to Petri Kaukasoina.
ap/sysstat-12.7.6-x86_64-1.txz: Upgraded.
d/cmake-3.30.0-x86_64-1.txz: Upgraded.
l/libass-0.17.3-x86_64-1.txz: Upgraded.
n/ca-certificates-20240703-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/gnutls-3.8.6-x86_64-1.txz: Upgraded.
n/netatalk-3.2.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Fixed security issues that could lead to a denial of service or the
execution of arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-38439https://www.cve.org/CVERecord?id=CVE-2024-38440https://www.cve.org/CVERecord?id=CVE-2024-38441
(* Security fix *)
n/p11-kit-0.25.4-x86_64-1.txz: Upgraded.
n/pinentry-1.3.1-x86_64-1.txz: Upgraded.
x/mesa-24.1.3-x86_64-1.txz: Upgraded.
ap/ksh93-1.0.9-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-42.txz: Rebuilt.
Recompiled against poppler-24.07.0.
kde/cantor-23.08.5-x86_64-8.txz: Rebuilt.
Recompiled against poppler-24.07.0.
kde/kfilemetadata-5.116.0-x86_64-4.txz: Rebuilt.
Recompiled against poppler-24.07.0.
kde/kile-2.9.93-x86_64-35.txz: Rebuilt.
Recompiled against poppler-24.07.0.
kde/kitinerary-23.08.5-x86_64-6.txz: Rebuilt.
Recompiled against poppler-24.07.0.
kde/krita-5.2.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.07.0.
kde/okular-23.08.5-x86_64-6.txz: Rebuilt.
Recompiled against poppler-24.07.0.
l/ffmpeg-6.1.1-x86_64-4.txz: Rebuilt.
Recompiled against libplacebo-7.349.0.
l/gdbm-1.24-x86_64-1.txz: Upgraded.
l/libplacebo-7.349.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/poppler-24.07.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-trove-classifiers-2024.7.2-x86_64-1.txz: Upgraded.
n/getmail-6.19.02-x86_64-1.txz: Upgraded.
n/httpd-2.4.60-x86_64-2.txz: Rebuilt.
This update is to fix a regression and to note security issues that were not
listed in the CHANGES file included with the source code.
Fixed a regression where a config file using AddType rather than AddHandler
could cause raw PHP files to be downloaded rather than processed.
Thanks to Nobby6.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.60https://www.cve.org/CVERecord?id=CVE-2024-39573https://www.cve.org/CVERecord?id=CVE-2024-38477https://www.cve.org/CVERecord?id=CVE-2024-38476https://www.cve.org/CVERecord?id=CVE-2024-38475https://www.cve.org/CVERecord?id=CVE-2024-38474https://www.cve.org/CVERecord?id=CVE-2024-38473https://www.cve.org/CVERecord?id=CVE-2024-38472https://www.cve.org/CVERecord?id=CVE-2024-36387
(* Security fix *)
xap/mpv-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against libplacebo-7.349.0.
a/sysvinit-scripts-15.1-noarch-20.txz: Rebuilt.
rc.M: fix typo when starting local LDAP name service daemon.
Thanks to tcanich.
ap/lxc-6.0.1-x86_64-2.txz: Rebuilt.
Update the ca-certificates as part of lxc-create.
l/gvfs-1.54.2-x86_64-1.txz: Upgraded.
l/wireplumber-0.5.5-x86_64-1.txz: Upgraded.
n/s-nail-14.9.25-x86_64-1.txz: Upgraded.
x/ibus-table-1.17.6-x86_64-1.txz: Upgraded.
a/grub-2.12-x86_64-6.txz: Rebuilt.
Added update-grub script. Thanks to LuckyCyborg.
Also add grub-update symlink.
Disable the submenus. Thanks to LuckyCyborg.
Also find initrd-${tag}-${version}.gz and initrd-${tag}.gz. Thanks to gwhl.
Support kernel symlinks/files named vmlinu[xz]-generic, vmlinu[xz]-custom,
and vmlinu[xz]-huge. Thanks to Petri Kaukasoina.
Enabled os-prober again. It works here, and (at least with lilo) we've always
been friendly to dual-booting. It's easy to disable if you don't like it.
Sorry to LuckyCyborg. ;-)
d/parallel-20240622-noarch-1.txz: Upgraded.
kde/qca-2.3.9-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_34-x86_64-1.txz: Upgraded.
n/NetworkManager-1.48.2-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p18-x86_64-4.txz: Rebuilt.
In ntp.conf, don't use direct logging to /var/log/ntp. Instead use the syslog
facility to avoid having to restart ntpd when the logs are rotated.
We'll still rotate /var/log/ntp if we see it, though.
Thanks to Petri Kaukasoina.
xap/NetworkManager-openvpn-1.12.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20240614_d95dff8-noarch-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-19.txz: Rebuilt.
rc.S: add special case for mounting root bcachefs partition(s).
Thanks to 0XBF.
ap/man-pages-6.9-noarch-1.txz: Upgraded.
l/libxslt-1.1.40-x86_64-2.txz: Rebuilt.
[PATCH] runtest: Print output causing failure.
[PATCH] tests: Fix tests for libxml2 fix.
Thanks to USUARIONUEVO.
n/ca-certificates-20240615-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
a/kernel-firmware-20240604_22643bb-noarch-1.txz: Upgraded.
a/less-657-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.3.1-x86_64-1.txz: Upgraded.
d/cmake-3.29.4-x86_64-1.txz: Upgraded.
l/poppler-24.06.0-x86_64-1.txz: Upgraded.
l/protobuf-27.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-zipp-3.19.2-x86_64-1.txz: Upgraded.
l/qt6-6.7.1_20240516_6977d02f-x86_64-2.txz: Rebuilt.
Recompiled against protobuf-27.0.
n/ca-certificates-20240604-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/mosh-1.4.0-x86_64-2.txz: Rebuilt.
Recompiled against protobuf-27.0.
n/openssl-3.3.1-x86_64-1.txz: Upgraded.
This update fixes bugs and one low severity security issue:
Calling the OpenSSL API function SSL_free_buffers may cause memory to be
accessed that was previously freed in some situations. Our investigations
indicate that this function is rarely used by applications.
For more information, see:
https://www.openssl.org/news/secadv/20240528.txthttps://www.cve.org/CVERecord?id=CVE-2024-4741
(* Security fix *)
a/findutils-4.10.0-x86_64-1.txz: Upgraded.
a/logrotate-3.22.0-x86_64-1.txz: Upgraded.
Thanks to opty for getting our changes accepted upstream.
a/sysvinit-scripts-15.1-noarch-18.txz: Rebuilt.
rc.M: start dnsmasq before ntpd. Thanks to lostintime.
d/git-2.45.2-x86_64-1.txz: Upgraded.
d/poke-4.1-x86_64-1.txz: Upgraded.
kde/fcitx5-configtool-5.1.6-x86_64-1.txz: Upgraded.
kde/kwin-5.27.11-x86_64-2.txz: Rebuilt.
Recompiled against wayland-1.23.0 since it seems they broke the ABI.
Let me know if anything else needs help.
kde/libindi-2.0.8-x86_64-1.txz: Upgraded.
l/mujs-1.3.4-x86_64-1.txz: Added.
l/python-zipp-3.19.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p18-x86_64-2.txz: Rebuilt.
rc.ntp: properly create the PID file on start.
Add /etc/default/ntp to configure ntpd startup options since some people are
needing to add -4 to avoid an error.
Thanks to rkelsen and teoberi.
x/fcitx5-5.1.10-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.6-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.4-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.4-x86_64-1.txz: Upgraded.
x/fcitx5-table-extra-5.1.6-x86_64-1.txz: Upgraded.
x/fcitx5-table-other-5.1.3-x86_64-1.txz: Upgraded.
x/libime-1.1.8-x86_64-1.txz: Upgraded.
x/xcb-imdkit-1.0.9-x86_64-1.txz: Upgraded.
xap/blueman-2.4.2-x86_64-1.txz: Upgraded.
xap/mpv-0.38.0-x86_64-3.txz: Rebuilt.
Recompiled against mujs-1.3.4.
d/luajit-2.0.1716656478-x86_64-1.txz: Added.
Thanks to Erik Falor.
n/proftpd-1.3.8b-x86_64-4.txz: Rebuilt.
Build with mod_wrap2 and mod_wrap2_file instead of mod_wrap, which has
problems with ipv6. Thanks to jayjwa.
xap/mpv-0.38.0-x86_64-2.txz: Rebuilt.
[PATCH 1/4] av_common: parent mp_get_lavf_demuxer contents to the list.
[PATCH 2/4] stream: implement get_protocols method for stream_lavf.
[PATCH 3/4] build: dynamically generate mpv.desktop file protocols.
[PATCH 4/4] stream_lavf: don't add ffmpeg bluray or dvd protocols.
Thanks to gmgf.
Build against luajit. Thanks to pm_a_cup_of_tea.
a/hwdata-0.383-noarch-1.txz: Upgraded.
a/pciutils-3.13.0-x86_64-1.txz: Upgraded.
d/ccache-4.10-x86_64-1.txz: Upgraded.
d/meson-1.4.1-x86_64-1.txz: Upgraded.
d/ruby-3.3.2-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.11.1-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.11.1-x86_64-1.txz: Upgraded.
kde/tokodon-23.08.5-x86_64-1.txz: Added.
l/libvpx-1.14.1-x86_64-1.txz: Upgraded.
l/python-requests-2.32.3-x86_64-1.txz: Upgraded.
n/NetworkManager-1.48.0-x86_64-1.txz: Upgraded.
n/getmail-6.19.00-x86_64-1.txz: Upgraded.
x/libevdev-1.13.2-x86_64-1.txz: Upgraded.
x/wayland-1.23.0-x86_64-1.txz: Upgraded.
xap/gnuplot-6.0.1-x86_64-1.txz: Upgraded.
xap/mpv-0.38.0-x86_64-1.txz: Added.
Evidently we need one more media player. ;-)
Thanks to John Vogel Corning, Andreas Guldstrand, and Christoph Willing.
ap/sqlite-3.46.0-x86_64-1.txz: Upgraded.
l/gvfs-1.54.1-x86_64-1.txz: Upgraded.
l/python-requests-2.32.2-x86_64-1.txz: Upgraded.
n/c-ares-1.29.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.8-x86_64-1.txz: Upgraded.
n/wsdd2-1.8.7-x86_64-1.txz: Added.
Needed by Samba to enable share discovery.
Thanks to mistfire and Tim Dickson.
a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
d/git-2.45.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002https://www.cve.org/CVERecord?id=CVE-2024-32004https://www.cve.org/CVERecord?id=CVE-2024-32020https://www.cve.org/CVERecord?id=CVE-2024-32021https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
d/strace-6.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
BCACHEFS_FS m -> y
CRYPTO_CHACHA20 m -> y
CRYPTO_LIB_CHACHA_GENERIC m -> y
CRYPTO_LIB_POLY1305_GENERIC m -> y
CRYPTO_POLY1305 m -> y
MITIGATION_GDS_FORCE y -> n
kde/wcslib-8.3-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
n/bind-9.18.27-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/less-654-x86_64-1.txz: Upgraded.
d/ninja-1.12.1-x86_64-1.txz: Upgraded.
n/whois-5.5.23-x86_64-1.txz: Upgraded.
Updated the .sc, .********* (.xn--yfro4i67o, Singapore)
and .********************************* (.xn--clchc0ea0b2g2a9gcd, Singapore)
TLD servers.
extra/bittornado/bittornado-0.3.18-noarch-3.txz: Removed.
Obsolete and based on python2.
l/libjpeg-turbo-3.0.3-x86_64-1.txz: Upgraded.
l/nodejs-20.13.1-x86_64-1.txz: Upgraded.
l/pipewire-1.0.6-x86_64-1.txz: Upgraded.
n/php-8.3.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.7
n/wireless-regdb-2024.05.08-x86_64-1.txz: Upgraded.
extra/bash-completion/bash-completion-2.14.0-noarch-1.txz: Upgraded.
a/aaa_libraries-15.1-x86_64-31.txz: Rebuilt.
Added: libncurses++w.so.6.5, libtic.so.6.5.
Upgraded: libformw.so.6.5, libmenuw.so.6.5, libncursesw.so.6.5,
libpanelw.so.6.5, libtinfo.so.6.5.
Removed (with compat symlinks made): libform.so.6.4, libmenu.so.6.4,
libncurses.so.6.4, libpanel.so.6.4.
a/aaa_terminfo-6.5-x86_64-1.txz: Upgraded.
l/ncurses-6.5-x86_64-1.txz: Upgraded.
This seemed like a good opportunity to go over my notes and try to make this
SlackBuild at least defensible, if not correct. :-) The non-wide libraries
have all been purged and replaced with compatibility symlinks pointing to the
wide versions. Anything trying to use -lncurses (etc) will be redirected to
-lncursesw (etc) at compile time. Looks like nearly 50 packages are linked to
the non-wide libraries, but everything works this way.
Thanks to GazL who provided most of the suggestions used.
l/python-pyproject-hooks-1.1.0-x86_64-1.txz: Upgraded.
n/lynx-2.9.1-x86_64-1.txz: Upgraded.
x/xconsole-1.1.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-125.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/125.0.3/releasenotes/
l/PyQt-builder-1.16.2-x86_64-1.txz: Upgraded.
l/fribidi-1.0.14-x86_64-1.txz: Upgraded.
l/libarchive-3.7.3-x86_64-2.txz: Rebuilt.
Patched an out-of-bound error in the rar e8 filter that could allow for
the execution of arbitrary code.
Thanks to gmgf for the heads-up.
For more information, see:
https://github.com/advisories/GHSA-2jc9-36w4-pmqwhttps://www.cve.org/CVERecord?id=CVE-2024-26256
(* Security fix *)
n/bluez-5.75-x86_64-3.txz: Rebuilt.
[PATCH] shared/uhid: Fix crash if bt_uhid_destroy free replay structure.
Thanks to sombragris.
n/libgpg-error-1.49-x86_64-1.txz: Upgraded.
a/ed-1.20.2-x86_64-1.txz: Upgraded.
d/parallel-20240422-noarch-1.txz: Upgraded.
kde/krusader-2.8.1-x86_64-1.txz: Upgraded.
kde/ktextaddons-1.5.4-x86_64-1.txz: Upgraded.
l/libgusb-0.4.9-x86_64-1.txz: Upgraded.
n/nmap-7.95-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.9-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.4-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-gtk-5.1.3-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.3-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.3-x86_64-1.txz: Upgraded.
x/fcitx5-m17n-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.6-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-table-extra-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-table-other-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-unikey-5.1.4-x86_64-1.txz: Upgraded.
x/libime-1.1.7-x86_64-1.txz: Upgraded.
extra/emacs-regular-build/emacs-29.3-x86_64-2_regular.txz: Rebuilt.
This is a bugfix release.
Only build the X11/GTK+3 version. Use "emacs -nw" if you want to start it
in a terminal emulator in text mode, or rebuild if you really need to get
rid of the X11 dependency for some reason.
Build using --with-pdumper=auto. It seems that --with-dumping=unexec produces
a buggy Emacs here in the modern era, with symptoms such as "child signal FD:
Invalid argument". It's possible this had something to do with the reported
memory leaks as well.
Thanks to 3Tom for the bug report.
a/elogind-252.23-x86_64-3.txz: Rebuilt.
All right, it's time to stop the bleeding (edge). This has been verified as
the last working version of elogind, so we'll revert for now while moving the
newer sources into /testing. We didn't actually *need* the 255 branch for
libgudev (I was mistakenly under that impression), so this will be fine for
now. We'll keep an eye on upstream and move forward when things settle down.
d/vala-0.56.17-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.11-x86_64-1.txz: Upgraded.
l/gtk4-4.14.3-x86_64-1.txz: Upgraded.
l/polkit-124-x86_64-2.txz: Rebuilt.
Recompiled against elogind-252.23.
l/python-sphinx-7.3.7-x86_64-1.txz: Upgraded.
n/NetworkManager-1.46.0-x86_64-2.txz: Rebuilt.
Build with meson instead of autotools, since setting session_tracking to
elogind is ignored with autotools, and is set to consolekit instead.
While this didn't seem to make a difference in practice, better to get this
right now and rule it out as part of the issue.
Thanks to marav and LuckyCyborg for the options hints.
x/xdg-desktop-portal-1.18.4-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.6-x86_64-1.txz: Upgraded.
This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32041https://www.cve.org/CVERecord?id=CVE-2024-32039https://www.cve.org/CVERecord?id=CVE-2024-32040https://www.cve.org/CVERecord?id=CVE-2024-32458https://www.cve.org/CVERecord?id=CVE-2024-32459https://www.cve.org/CVERecord?id=CVE-2024-32460
(* Security fix *)
a/aaa_glibc-solibs-2.39-x86_64-2.txz: Rebuilt.
ap/vim-9.1.0346-x86_64-1.txz: Upgraded.
d/llvm-18.1.4-x86_64-1.txz: Upgraded.
d/nasm-2.16.03-x86_64-1.txz: Upgraded.
l/glibc-2.39-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
l/glibc-i18n-2.39-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.39-x86_64-2.txz: Rebuilt.
l/pycups-2.0.4-x86_64-1.txz: Upgraded.
l/python-hatchling-1.24.1-x86_64-1.txz: Upgraded.
l/python-sphinx-7.3.6-x86_64-1.txz: Upgraded.
n/bind-9.18.26-x86_64-1.txz: Upgraded.
This is a bugfix release.
xap/vim-gvim-9.1.0346-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_30-x86_64-1.txz: Upgraded.
l/libarchive-3.7.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:
f27c173d17https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
n/net-snmp-5.9.4-x86_64-3.txz: Rebuilt.
[PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp.
Thanks to walecha.
n/rsync-3.3.0-x86_64-1.txz: Upgraded.
x/xorg-sgml-doctools-1.12.1-x86_64-1.txz: Upgraded.
xap/gimp-2.10.36-x86_64-3.txz: Rebuilt.
[PATCH] QuitDialog: disconnect signal handler on dialog destroy.
This fixes a crash on quit.
Thanks to USUARIONUEVO.
xap/xlockmore-5.77-x86_64-1.txz: Upgraded.
a/hwdata-0.381-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.25-x86_64-1.txz: Upgraded.
d/cmake-3.29.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.25-x86-1.txz: Upgraded.
d/llvm-18.1.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.25-noarch-1.txz: Upgraded.
kde/kstars-3.7.0-x86_64-1.txz: Upgraded.
l/enchant-2.6.9-x86_64-1.txz: Upgraded.
l/libclc-18.1.3-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.03-noarch-1.txz: Upgraded.
n/gnutls-3.8.5-x86_64-1.txz: Upgraded.
n/httpd-2.4.59-x86_64-1.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59https://www.cve.org/CVERecord?id=CVE-2024-27316https://www.cve.org/CVERecord?id=CVE-2024-24795https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
n/nghttp2-1.61.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57qhttps://www.kb.cert.org/vuls/id/421644https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
x/xdg-desktop-portal-1.18.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/btrfs-progs-6.8-x86_64-1.txz: Upgraded.
a/gpm-1.20.7-x86_64-10.txz: Rebuilt.
Clean up the compile fix patch omitting the Emacs Lisp file.
Clean up and apply the weak-wgetch patch.
Build using the option --without-curses.
Thanks to qunying.
a/util-linux-2.40-x86_64-1.txz: Upgraded.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
d/rust-1.77.1-x86_64-1.txz: Upgraded.
l/fluidsynth-2.3.5-x86_64-1.txz: Upgraded.
l/protobuf-26.1-x86_64-1.txz: Upgraded.
l/python-build-1.2.1-x86_64-1.txz: Upgraded.
n/samba-4.20.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.4-x86_64-1.txz: Upgraded.
xap/seamonkey-2.53.18.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
d/mercurial-6.7.1-x86_64-1.txz: Upgraded.
d/rust-1.77.0-x86_64-1.txz: Upgraded.
l/cairomm1-1.18.0-x86_64-1.txz: Added.
Thanks to jloco.
l/glibmm2-2.78.1-x86_64-1.txz: Added.
Thanks to jloco.
l/gtkmm4-4.12.0-x86_64-1.txz: Added.
Thanks to jloco.
l/libclc-18.1.2-x86_64-1.txz: Upgraded.
l/pangomm-2.46.4-x86_64-1.txz: Upgraded.
l/pangomm2-2.50.2-x86_64-1.txz: Added.
Thanks to jloco.
n/openvpn-2.6.10-x86_64-1.txz: Upgraded.
x/libkkc-0.3.5-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/libkkc-data-0.2.7-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/marisa-0.2.6-x86_64-8.txz: Rebuilt.
Drop python2 support and rebuild marisa module for python3.
x/wayland-protocols-1.34-noarch-1.txz: Upgraded.
a/libblockdev-2.28-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/sysvinit-scripts-15.1-noarch-15.txz: Rebuilt.
rc.M: start rc.iceccd and rc.icecc-scheduler earlier.
a/util-linux-2.39.3-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/volume_key-0.3.12-x86_64-6.txz: Rebuilt.
Drop python2 support.
ap/man-pages-6.7-noarch-1.txz: Upgraded.
d/cmake-3.28.4-x86_64-1.txz: Upgraded.
d/llvm-18.1.2-x86_64-1.txz: Upgraded.
d/python2-2.7.18-x86_64-7.txz: Rebuilt.
Bundle the final python2 versions of pip and setuptools.
Drop the /usr/bin/python symlink.
d/python3-3.9.19-x86_64-1.txz: Upgraded.
Point the /usr/bin/python symlink at python3.9.
PEP 394 says we can do this, and in a world of ambigious shebangs, this
is probably the best of the available options.
This update also fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:
https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-52425https://www.cve.org/CVERecord?id=CVE-2024-0450https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
d/strace-6.8-x86_64-1.txz: Upgraded.
kde/kross-interpreters-23.08.5-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/libxml2-2.12.6-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/mozjs115-115.9.0esr-x86_64-2.txz: Rebuilt.
Fixed installed library name. Thanks to reddog83.
Fixed slack-desc. Thanks to r1w1s1.
l/phonon-4.12.0-x86_64-1.txz: Upgraded.
l/pilot-link-0.12.5-x86_64-17.txz: Rebuilt.
Drop python2 support.
l/python2-module-collection-2.7.18-x86_64-6.txz: Removed.
Good bye!
l/python2-pycairo-1.18.2-x86_64-1.txz: Added.
We'll need this (along with pygtk and pygobject) until we get gimp3.
Well, we could build gimp without python support, but I really don't think
that's the route we want to take.
n/bind-9.18.25-x86_64-1.txz: Upgraded.
n/crda-4.15-x86_64-1.txz: Removed.
The kernel is able to load from wireless-regdb directly. Obsolete.
n/getmail-6.18.14-x86_64-1.txz: Upgraded.
n/gpgme-1.23.2-x86_64-2.txz: Rebuilt.
Drop python2 support.
n/obexftp-0.24.2-x86_64-11.txz: Rebuilt.
Drop python2 support.
n/wireless-regdb-2024.01.23-x86_64-1.txz: Added.
Wireless regulatory database, previously bundled with crda.
x/ibus-1.5.29-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/libkkc-0.3.5-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/libkkc-data-0.2.7-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/xcb-proto-1.16.0-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/xpyb-1.3.1-x86_64-7.txz: Removed.
Nothing uses it, and it was never updated for python3. Removed as obsolete.
d/perl-5.38.2-x86_64-2.txz: Rebuilt.
Added IO-Tty-1.20, needed by mosh.
Upgraded: DBD-mysql-4.051, URI-5.27, XML-Parser-2.47, IO-Socket-SSL-2.085,
and Net-SSLeay-1.94.
kde/cantor-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/plasma-workspace-5.27.11-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/step-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
l/abseil-cpp-20240116.1-x86_64-1.txz: Added.
Needed for protobuf and mosh.
l/libgnt-2.14.3-x86_64-2.txz: Rebuilt.
Build with -Dpython2=false. Thanks to USUARIONUEVO.
l/libqalculate-5.0.0-x86_64-2.txz: Rebuilt.
Shared library .so-version bump.
Thanks to gmgf.
l/protobuf-26.0-x86_64-1.txz: Added.
Needed for mosh.
n/mosh-1.4.0-x86_64-1.txz: Added.
Thanks to unInstance for cueing me in on this one.
n/pinentry-1.3.0-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.3.275.0-x86_64-2.txz: Rebuilt.
Build glslang with -DENABLE_OPT=Off. Thanks to F0nix.
d/mercurial-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.3.0-x86_64-1.txz: Upgraded.
l/libxml2-2.12.6-x86_64-1.txz: Upgraded.
n/php-8.3.4-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.4
n/proftpd-1.3.8b-x86_64-3.txz: Rebuilt.
Added mod_ldap. Thanks to Thom1b.
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
1d50b80cf3https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
ap/ghostscript-10.03.0-x86_64-1.txz: Upgraded.
This update addresses a security issue:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
(* Security fix *)
ap/lxc-4.0.12-x86_64-3.txz: Rebuilt.
lxc-slackware.in: include gnupg2 (not gnupg) for slackpkg.
ap/slackpkg-15.0.10-noarch-3.txz: Rebuilt.
core-functions.sh: use gpg2, not gpg.
d/Cython-3.0.9-x86_64-1.txz: Upgraded.
d/git-2.44.0-x86_64-2.txz: Rebuilt.
Include git-subtree. Thanks to gwhl.
d/llvm-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
kde/kdevelop-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/openexr-3.2.3-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-7.0.2-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.3.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240228_6609503f-x86_64-1.txz: Upgraded.
Compiled against llvm-18.1.0.
l/qt6-6.6.2_20240210_15b7e743-x86_64-3.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/spirv-llvm-translator-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/gnupg2-2.4.5-x86_64-1.txz: Upgraded.
n/libassuan-2.5.7-x86_64-1.txz: Upgraded.
n/postfix-3.9.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.2-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0 and spirv-llvm-translator-18.1.0.
isolinux/initrd.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
d/parallel-20240222-noarch-1.txz: Upgraded.
kde/krita-5.2.2-x86_64-4.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/accountsservice-23.13.9-x86_64-1.txz: Upgraded.
Thanks to reddog83.
l/libass-0.17.1-x86_64-2.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/libunibreak-6.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/orc-0.4.38-x86_64-1.txz: Upgraded.
l/python-requests-2.31.0-x86_64-1.txz: Upgraded.
l/python-urllib3-2.2.1-x86_64-1.txz: Upgraded.
l/qt6-6.6.2_20240210_15b7e743-x86_64-1.txz: Added.
n/wpa_supplicant-2.10-x86_64-3.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
xap/gparted-1.6.0-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-10.txz: Rebuilt.
setup.services: typo/syntax error fix. Thanks to gramaxo and pghvlaans.
a/xz-5.6.0-x86_64-1.txz: Upgraded.
ap/man-pages-6.06-noarch-2.txz: Rebuilt.
Restored the previously included posix pages, and added the posix "sh" page
since it's more correct than getting the ksh page for "sh".
Thanks to pghvlaans.
d/git-2.44.0-x86_64-1.txz: Upgraded.
kde/kdnssd-5.115.0-x86_64-2.txz: Rebuilt.
Recompiled to add Zeroconf support. (This one fooled me because it doesn't
actually link to any avahi libraries.)
Thanks to audriusk.
kde/kid3-3.9.5-x86_64-1.txz: Upgraded.
l/libpng-1.6.43-x86_64-1.txz: Upgraded.
l/libunistring-1.2-x86_64-1.txz: Upgraded.
n/libksba-1.6.6-x86_64-1.txz: Upgraded.
n/npth-1.7-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-7.txz: Rebuilt.
Use the bundled zlib to make the bundled lua happy. Thanks to sombragris.
a/dcron-4.5-x86_64-17.txz: Rebuilt.
run-parts.8: document skiping *.orig files. Thanks to metaed.
a/etc-15.1-x86_64-6.txz: Rebuilt.
Add support for nss-mdns to /etc/nsswitch.conf.
a/kernel-firmware-20240220_97b693d-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.18-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-5.txz: Rebuilt.
Don't specify --with-browseremoteprotocols=cups in order to get the default
values of cups and dnssd, which should enable discovering shared printers on
the network. We'll refrain from sharing your printer -- you'll need to change
that setting yourself. ;-)
Thanks to TurboBlaze.
ap/hplip-3.23.12-x86_64-2.txz: Rebuilt.
The new --disable-imageProcessor-build option doesn't do squat, so we'll hit
it with the good old patch again.
Thanks to Petri Kaukasoina and Stuart Winter.
d/kernel-headers-6.6.18-x86-1.txz: Upgraded.
k/kernel-source-6.6.18-noarch-1.txz: Upgraded.
l/gvfs-1.52.2-x86_64-2.txz: Rebuilt.
Added -Ddnssd=true option and recompiled against avahi.
l/libsecret-0.21.4-x86_64-1.txz: Upgraded.
n/c-ares-1.27.0-x86_64-1.txz: Upgraded.
n/libgpg-error-1.48-x86_64-1.txz: Upgraded.
n/nss-mdns-0.15.1-x86_64-1.txz: Added.
Needed for .local lookups. Thanks to Lockywolf.
xap/pidgin-2.14.13-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-26.txz: Rebuilt.
Upgraded: libacl.so.1.1.2302, libattr.so.1.1.2502, liblzma.so.5.4.6,
libpcre2-8.so.0.12.0, libz.so.1.3.1, libcares.so.2.11.0,
libexpat.so.1.9.0, libffi.so.8.1.4, libglib-2.0.so.0.7800.4,
libgmodule-2.0.so.0.7800.4, libgobject-2.0.so.0.7800.4,
libgthread-2.0.so.0.7800.4, libidn.so.12.6.5, libidn2.so.0.4.0,
libpng16.so.16.41.0, libpsl.so.5.3.5, libtdb.so.1.4.10, libusb-1.0.so.0.4.0.
a/etc-15.1-x86_64-5.txz: Rebuilt.
Added UID 214 and GID 214 for avahi.
a/gettext-0.22.5-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-9.txz: Rebuilt.
setup.services: support rc.avahidaemon and rc.avahidnsconfd.
a/sysvinit-scripts-15.1-noarch-13.txz: Rebuilt.
rc.M: start (if executable) rc.avahidaemon and rc.avahidnsconfd.
ap/cups-2.4.7-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
ap/cups-filters-1.28.17-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
ap/hplip-3.23.12-x86_64-1.txz: Upgraded.
Compiled against avahi.
ap/xmltoman-0.6-x86_64-1.txz: Added.
This is needed to generate manpages for avahi.
d/distcc-3.4-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
d/gettext-tools-0.22.5-x86_64-1.txz: Upgraded.
l/avahi-20240220_dffd549-x86_64-1.txz: Added.
It was either this, or drop (or fork) hplip. We'll enjoy it in the long run.
Thanks to David Somero for the original build script, and to Robby Workman
for years of maintenance.
Signed-off-by: volkerdi
Acked-by: alienBOB
l/libdaemon-0.14-x86_64-1.txz: Added.
This is needed by avahi.
l/pipewire-1.0.3-x86_64-5.txz: Rebuilt.
Recompiled against avahi.
l/pulseaudio-17.0-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
n/NetworkManager-1.46.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.18-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
n/samba-4.19.5-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
xap/pidgin-2.14.12-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
xap/sane-1.2.1-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
extra/bash-completion/bash-completion-2.12.0-noarch-1.txz: Upgraded.
ap/mariadb-10.11.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-11-7-release-notes/
l/gjs-1.76.3-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_28-x86_64-1.txz: Upgraded.
l/pipewire-1.0.3-x86_64-4.txz: Rebuilt.
Use cmp -s in doinst.sh. Thanks to Thom1b and Windu.
l/wireplumber-0.4.17-x86_64-2.txz: Rebuilt.
Use cmp -s in doinst.sh. Thanks to Thom1b and Windu.
n/dnsmasq-2.89-x86_64-2.txz: Rebuilt.
Added trust-anchors.conf and edited PREFIX in dnsmasq.conf to simplify
setting up DNSSEC. Thanks to marav.
xap/xsnow-3.7.8-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2024a-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
n/ca-certificates-20240203-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
x/ibus-libpinyin-1.15.7-x86_64-1.txz: Upgraded.
x/xdg-utils-1.2.0-noarch-1.txz: Upgraded.
ap/nvme-cli-2.7.1-x86_64-1.txz: Upgraded.
l/libnvme-1.7.1-x86_64-1.txz: Added.
This is required by nvme-cli.
l/pipewire-1.0.2-x86_64-1.txz: Upgraded.
n/curl-8.6.0-x86_64-1.txz: Upgraded.
n/libmilter-8.18.1-x86_64-1.txz: Upgraded.
extra/sendmail/sendmail-8.18.1-x86_64-1.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1.txz: Upgraded.
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727https://www.cve.org/CVERecord?id=CVE-2023-6237https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
a/procps-ng-3.3.17-x86_64-3.txz: Rebuilt.
Add /etc/default/sysctl to support custom options for sysctl in rc.S.
Thanks to lostintime.
a/sysvinit-scripts-15.1-noarch-12.txz: Rebuilt.
rc.S: support /etc/default/sysctl for custom options.
Thanks to lostintime.
l/imagemagick-7.1.1_26-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-1.txz: Upgraded.
n/samba-4.19.4-x86_64-1.txz: Upgraded.
x/imake-1.0.10-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2023d-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
l/libsass-3.6.6-x86_64-1.txz: Upgraded.
n/postfix-3.8.4-x86_64-1.txz: Upgraded.
Security: this release adds support to defend against an email spoofing
attack (SMTP smuggling) on recipients at a Postfix server. Sites
concerned about SMTP smuggling attacks should enable this feature on
Internet-facing Postfix servers. For compatibility with non-standard
clients, Postfix by default excludes clients in mynetworks from this
countermeasure.
The recommended settings are:
# Optionally disconnect remote SMTP clients that send bare newlines,
# but allow local clients with non-standard SMTP implementations
# such as netcat, fax machines, or load balancer health checks.
#
smtpd_forbid_bare_newline = yes
smtpd_forbid_bare_newline_exclusions = $mynetworks
The smtpd_forbid_bare_newline feature is disabled by default.
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
We've gone ahead and moved the 6.6 kernel into the main tree. As previously
mentioned when this branch first appeared in /testing, on the 32-bit side
there are no longer any -smp labeled kernel packages, so if you were using
those previously, you'll need to switch to using to kernel-generic or
kernel-huge kernel, including the changes needed to your bootloader setup to
load this instead of the -smp labeled kernel. Also, if you happen to be using
a first generation Pentium M chip, you will need to append forcepae to your
kernel command-line options. Enjoy! :-)
a/kernel-firmware-20231211_f2e52a1-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.6-x86_64-1.txz: Upgraded.
ap/qpdf-11.6.4-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.6-x86-1.txz: Upgraded.
k/kernel-source-6.6.6-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_23-x86_64-1.txz: Upgraded.
l/libsecret-0.21.2-x86_64-1.txz: Upgraded.
Thanks to reddog83 and saxa.
l/zxing-cpp-2.2.1-x86_64-1.txz: Upgraded.
n/postfix-3.8.3-x86_64-2.txz: Rebuilt.
OpenSSL upstream says that major versions are ABI/API compatible, so stop
warning in the logs that they might not be.
Thanks to gildbg and Markus Wiesner.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-23.txz: Rebuilt.
Upgraded: libelf-0.190.so, libcares.so.2.9.0, libglib-2.0.so.0.7800.2,
libgmodule-2.0.so.0.7800.2, libgobject-2.0.so.0.7800.2,
libgthread-2.0.so.0.7800.2.
Added: libtiff.so.6.0.2, libtiffxx.so.6.0.2.
a/util-linux-2.39.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/ghostscript-10.02.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/rpm-4.19.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
e/emacs-29.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/bluedevil-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.27.10-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/drkonqi-5.27.10-x86_64-1.txz: Upgraded.
kde/gwenview-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kactivitymanagerd-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.27.10-x86_64-1.txz: Upgraded.
kde/kdecoration-5.27.10-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.27.10-x86_64-1.txz: Upgraded.
kde/kgamma5-5.27.10-x86_64-1.txz: Upgraded.
kde/khotkeys-5.27.10-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.27.10-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.27.10-x86_64-1.txz: Upgraded.
kde/kpipewire-5.27.10-x86_64-1.txz: Upgraded.
kde/krita-5.2.1-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.27.10-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.27.10-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.27.10-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.27.10-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/kwin-5.27.10-x86_64-1.txz: Upgraded.
kde/kwrited-5.27.10-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.27.10-x86_64-1.txz: Upgraded.
kde/libkscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/libksysguard-5.27.10-x86_64-1.txz: Upgraded.
kde/milou-5.27.10-x86_64-1.txz: Upgraded.
kde/okular-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/oxygen-5.27.10-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.27.10-noarch-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.27.10-x86_64-1.txz: Upgraded.
kde/powerdevil-5.27.10-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.27.10-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.27.10-x86_64-1.txz: Upgraded.
kde/systemsettings-5.27.10-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.27.10-x86_64-1.txz: Upgraded.
l/SDL2_image-2.6.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/djvulibre-3.5.28-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gd-2.3.3-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gdk-pixbuf2-2.42.10-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gegl-0.4.46-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/glib2-2.78.2-x86_64-1.txz: Upgraded.
l/gtk4-4.12.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/imagemagick-7.1.1_22-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms-1.19-x86_64-7.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms2-2.16-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libtiff-4.6.0-x86_64-1.txz: Upgraded.
Probably best to get this one out of the way...
From the release announcement:
Pay attention to the following warning:
This version removes a big number of utilities that have suffered from lack
of maintenance over the years and were the source of various reported
security issues. See "Removed functionality" below for the list of removed
utilities. Starting with libtiff v4.6.0, their source code, at this time,
will still be available in the source distribution, but they will no longer
be built by default, and issues related to them will no longer be accepted
in the libtiff bug tracker. The only remaining supported TIFF tools are
tiffinfo, tiffdump, tiffcp, tiffset and tiffsplit.
Shared library .so-version bump.
l/libwebp-1.3.2-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/netpbm-11.04.04-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/opencv-4.8.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/poppler-23.12.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/python-pillow-8.4.0-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/qt5-5.15.11_20231125_4765fa1d-x86_64-1.txz: Upgraded.
Compiled against libtiff-4.6.0.
l/sdl-1.2.15-x86_64-15.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
n/links-2.29-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
t/xfig-3.2.9-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/geeqie-2.1-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/gimp-2.10.36-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/sane-1.2.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/windowmaker-0.96.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xpaint-3.1.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xsane-0.999-x86_64-6.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libqalculate-4.9.0-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.95-x86_64-1.txz: Upgraded.
l/v4l-utils-1.26.0-x86_64-2.txz: Rebuilt.
Do not overwrite gconv-modules from glibc - instead, install it to
gconv-modules.d/v4l-utils.conf.
If your /usr/lib{,64}/gconv/gconv-modules was overwritten causing character
conversion errors, reinstall the glibc package to fix this.
Thanks to glennmcc.
n/php-8.3.0-x86_64-1.txz: Upgraded.
n/samba-4.19.3-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted objects
in the LDAP store. Upgrading to this package will not prevent this
information leak - if you are using Samba as an Active Directory Domain
Controller, you will need to follow the instructions in the samba.org link
given below.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14628.htmlhttps://www.cve.org/CVERecord?id=CVE-2018-14628
(* Security fix *)
x/libwacom-2.9.0-x86_64-1.txz: Upgraded.
a/lvm2-2.03.23-x86_64-1.txz: Upgraded.
l/nodejs-20.10.0-x86_64-1.txz: Upgraded.
n/php-8.2.13-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.13
We have fresh 6.6 kernels in /testing! You may notice that on the 32-bit side
we have done away with the -smp labeled kernel packages, but it's actually the
other kernels that were retired -- the non-SMP, non-PAE ones. If you were
previously using kernel-generic-smp or kernel-huge-smp, you'll need to make
some adjustments to your bootloader setup to load kernel-generic or kernel-huge
instead. About the only non-obsolete CPUs that may have an issue with this are
the first generation Pentium M chips, which supported PAE but unfortunately did
not advertise this in the CPU flags. But these will support PAE if the kernel
option "forcepae" is appended at boot time. Enjoy! :-)
a/gettext-0.22.4-x86_64-1.txz: Upgraded.
a/kbd-2.6.3-x86_64-3.txz: Rebuilt.
Installed extra console fonts.
a/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.63-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-34.txz: Rebuilt.
Fix tests for including jfs/xfs repair tools. Thanks to regdub.
a/pkgtools-15.1-noarch-8.txz: Rebuilt.
Make vim the default vi choice.
ap/vim-9.0.2116-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.4-x86_64-1.txz: Upgraded.
d/git-2.43.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.63-x86-1.txz: Upgraded.
d/mercurial-6.6-x86_64-1.txz: Upgraded.
d/meson-1.3.0-x86_64-1.txz: Upgraded.
d/scons-4.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.63-noarch-1.txz: Upgraded.
l/readline-8.2.007-x86_64-1.txz: Upgraded.
n/c-ares-1.22.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.4-x86_64-1.txz: Upgraded.
x/libdrm-2.4.118-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.5.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
Thanks to zuriel for the taskbar icon fix on Wayland. :-)
For more information, see:
https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2023-50/https://www.cve.org/CVERecord?id=CVE-2023-6204https://www.cve.org/CVERecord?id=CVE-2023-6205https://www.cve.org/CVERecord?id=CVE-2023-6206https://www.cve.org/CVERecord?id=CVE-2023-6207https://www.cve.org/CVERecord?id=CVE-2023-6208https://www.cve.org/CVERecord?id=CVE-2023-6209https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
xap/vim-gvim-9.0.2116-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.6.2-x86-1.txz: Added.
testing/packages/kernel-huge-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-modules-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-source-6.6.2-noarch-1.txz: Added.
usb-and-pxe-installers/usbboot.img: Rebuilt.