d/mercurial-5.4.2-x86_64-1.txz: Upgraded.
d/nasm-2.15.02-x86_64-1.txz: Upgraded.
l/glib2-2.64.4-x86_64-1.txz: Upgraded.
n/samba-4.12.5-x86_64-1.txz: Upgraded.
x/libXaw3dXft-1.6.2g-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-68.10.0-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.10.0/releasenotes/
a/kernel-firmware-20200629_1a0c0c2-noarch-1.txz: Upgraded.
ap/mariadb-10.5.4-x86_64-2.txz: Rebuilt.
rc.mysqld: stop the database by PID to avoid improperly stopping other
instances that were not started by this script. Thanks to denydias.
d/vala-0.48.7-x86_64-1.txz: Upgraded.
l/opusfile-0.12-x86_64-1.txz: Upgraded.
n/ca-certificates-20200630-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
x/libwacom-1.4.1-x86_64-1.txz: Upgraded.
a/haveged-1.9.13-x86_64-1.txz: Upgraded.
a/util-linux-2.35.2-x86_64-5.txz: Rebuilt.
Also fix chsh when linked with libreadline. Thanks to Karel Zak.
l/gtk+3-3.24.21-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.10.0esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.10.0/releasenotes/
(* Security fix *)
a/sysklogd-2.1.2-x86_64-1.txz: Upgraded.
Make sure to move the .new init script and config into place for this.
ap/undervolt-20200612_07d0c70-x86_64-1.txz: Added.
l/popt-1.18-x86_64-1.txz: Upgraded.
x/libglvnd-1.3.2-x86_64-1.txz: Upgraded.
x/libva-2.8.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.8.0-x86_64-1.txz: Upgraded.
ap/mariadb-10.5.4-x86_64-1.txz: Upgraded.
d/guile-3.0.4-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Looks like the previous bump was a mistake:
This release fixes the SONAME of libguile-3.0.so, which was erroneously
bumped in 3.0.3 compared to 3.0.2. Distributions are strongly
encouraged to use 3.0.4 instead of 3.0.3.
d/make-4.2.1-x86_64-7.txz: Rebuilt.
Recompiled against guile-3.0.4.
l/libjpeg-turbo-2.0.5-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fixed an issue in the PPM reader that caused a buffer overrun in cjpeg,
TJBench, or the `tjLoadImage()` function if one of the values in a binary
PPM/PGM input file exceeded the maximum value defined in the file's header
and that maximum value was less than 255.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13790
(* Security fix *)
n/ModemManager-1.14.0-x86_64-1.txz: Upgraded.
n/curl-7.71.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
curl overwrite local file with -J [111]
Partial password leak over DNS on HTTP redirect [48]
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169
(* Security fix *)
n/gnutls-3.6.14-x86_64-3.txz: Rebuilt.
Recompiled against guile-3.0.4.
n/mutt-1.14.5-x86_64-1.txz: Upgraded.
x/libwacom-1.4-x86_64-1.txz: Upgraded.
ap/man-db-2.9.3-x86_64-1.txz: Upgraded.
ap/mariadb-10.4.13-x86_64-3.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
ap/squashfs-tools-4.4-x86_64-2.txz: Rebuilt.
Added lz4 support. Thanks to Heinz Wiesinger.
d/ccache-3.7.10-x86_64-1.txz: Upgraded.
d/parallel-20200622-noarch-1.txz: Upgraded.
d/subversion-1.14.0-x86_64-2.txz: Rebuilt.
Use the system lz4 library. Thanks to Heinz Wiesinger.
l/imagemagick-7.0.10_21-x86_64-1.txz: Upgraded.
l/libarchive-3.4.3-x86_64-2.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
l/lz4-1.9.2-x86_64-1.txz: Added.
This is a new dependency for dovecot, libarchive, mariadb, rsync,
squashfs-tools, subversion, and zstd. Thanks to Heinz Wiesinger.
l/xxHash-0.7.3-x86_64-1.txz: Added.
This is a new dependency for rsync.
l/zstd-1.4.5-x86_64-2.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
n/dovecot-2.3.10.1-x86_64-2.txz: Rebuilt.
Recompiled to pick up lz4 support. Thanks to Heinz Wiesinger.
n/libmbim-1.24.0-x86_64-1.txz: Upgraded.
n/nfs-utils-2.5.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p15-x86_64-1.txz: Upgraded.
This release fixes one vulnerability: Associations that use CMAC
authentication between ntpd from versions 4.2.8p11/4.3.97 and
4.2.8p14/4.3.100 will leak a small amount of memory for each packet.
Eventually, ntpd will run out of memory and abort.
(* Security fix *)
n/rsync-3.2.1-x86_64-1.txz: Upgraded.
Please note that this update requires the new packages xxHash and lz4.
t/texlive-2020.200608-x86_64-1.txz: Upgraded.
Thanks to Johannes Schoepfer.
xap/blueman-2.1.3-x86_64-2.txz: Rebuilt.
As a matter of policy and since the rule already exists in
/usr/share/polkit-1/rules.d/, we should not install a rules file in /etc.
Note that since the file was installed as a .new, upgrading the package
will not remove it and it will need to be removed manually. It's harmless
if it remains, though.
Thanks to Robby Workman.
xap/network-manager-applet-1.18.0-x86_64-1.txz: Upgraded.
a/haveged-1.9.12-x86_64-1.txz: Upgraded.
a/kernel-firmware-20200619_3890db3-noarch-1.txz: Upgraded.
a/sysvinit-scripts-2.1-noarch-34.txz: Rebuilt.
rc.M: check for elogind first so that we can ignore a stale CK2 package.
ap/sudo-1.9.1-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.3.1-x86_64-1.txz: Upgraded.
l/desktop-file-utils-0.26-x86_64-1.txz: Upgraded.
n/mutt-1.14.4-x86_64-1.txz: Upgraded.
x/libinput-1.15.6-x86_64-1.txz: Upgraded.
x/xinit-1.4.1-x86_64-2.txz: Rebuilt.
When using elogind, start the session on the current console.
Thanks to alienBOB.
a/kernel-generic-5.4.47-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.47-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.47-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-2.1-noarch-33.txz: Rebuilt.
rc.M: add support for elogind. Thanks to alienBOB.
a/util-linux-2.35.2-x86_64-3.txz: Rebuilt.
/etc/pam.d/login: support pam_elogind.so. Thanks to alienBOB.
ap/sqlite-3.32.3-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.47-x86-1.txz: Upgraded.
d/rust-1.44.1-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.47-noarch-1.txz: Upgraded.
n/bind-9.16.4-x86_64-1.txz: Upgraded.
This update fixes two security issues:
It was possible to trigger an INSIST when determining whether a record would
fit into a TCP message buffer.
It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with
a particular zone content and query patterns.
For more information, see:
https://kb.isc.org/docs/cve-2020-8618https://kb.isc.org/docs/cve-2020-8619https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/shadow-4.8.1-x86_64-10.txz: Rebuilt.
system-auth: auth required pam_unix.so [...], otherwise the stack exits
before pam_gnome_keyring.so executes. Thanks to pyllyukko.
Get rid of "auth required pam_deny.so" which seems like a mistake.
Still pending: consider GazL's comments on moving stuff out of system-auth.
a/upower-0.9.23-x86_64-5.txz: Rebuilt.
Recompiled against libimobiledevice-20200615_4791a82 and libplist-2.2.0.
The renaming mess initiated by libplist required a rebuild on this one to
keep things consistent for now, but don't worry - we aren't going to be
sticking to this version for long or anything.
ap/hplip-3.20.6-x86_64-1.txz: Upgraded.
ap/usbmuxd-20200615_3daa1e9-x86_64-1.txz: Upgraded.
Compiled against libimobiledevice-20200615_4791a82 and libplist-2.2.0.
d/bison-3.6.4-x86_64-1.txz: Upgraded.
d/meson-0.54.3-x86_64-1.txz: Upgraded.
d/python-setuptools-47.3.0-x86_64-1.txz: Upgraded.
l/ffmpeg-4.3-x86_64-1.txz: Upgraded.
l/gvfs-1.44.1-x86_64-2.txz: Rebuilt.
Recompiled against libimobiledevice-20200615_4791a82 and libplist-2.2.0.
l/libgpod-0.8.3-x86_64-7.txz: Rebuilt.
Recompiled against libimobiledevice-20200615_4791a82 and libplist-2.2.0.
l/libimobiledevice-20200615_4791a82-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libplist-2.2.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libusbmuxd-20200615_c7d7d1a-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/fetchmail-6.4.8-x86_64-1.txz: Upgraded.
n/nftables-0.9.6-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/ffmpeg-4.3-x86_64-1_alsa.txz: Upgraded.
a/pam-1.4.0-x86_64-1.txz: Upgraded.
IMPORTANT NOTE: This update removes the pam_cracklib and pam_tally2 modules.
None of our current configuration files in /etc/pam.d/ use either of those,
but if the configuration files on your machine do you'll need to comment out
or remove those lines, otherwise you may experience login failures.
a/shadow-4.8.1-x86_64-9.txz: Rebuilt.
/etc/pam.d/system-auth: prefix lines that call pam_gnome_keyring.so with '-'
to avoid spamming the logs about failures.
a/sysvinit-scripts-2.1-noarch-32.txz: Rebuilt.
rc.S: create /var/run/faillock directory for pam_faillock(8).
a/util-linux-2.35.2-x86_64-2.txz: Rebuilt.
/etc/pam.d/login: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
l/imagemagick-7.0.10_19-x86_64-1.txz: Upgraded.
l/libzip-1.7.1-x86_64-1.txz: Upgraded.
n/openssh-8.3p1-x86_64-2.txz: Rebuilt.
/etc/pam.d/sshd: change the example for locking an account for too many
failed login attempts to use pam_faillock instead of pam_tally2.
a/haveged-1.9.10-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.3-x86_64-2.txz: Rebuilt.
This version seems good, but we'll recompile it against alsa-lib-1.2.2 just
to be on the safe side.
d/patchelf-0.11-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.2-x86_64-1.txz: Upgraded.
Revert to this version of alsa-lib due to the pulseaudio daemon crashing in
some cases where multiple audio devices are present.
extra/pure-alsa-system/alsa-lib-1.2.2-x86_64-1_alsa.txz: Upgraded.
Revert to this version of alsa-lib due to the pulseaudio daemon crashing in
some cases where multiple audio devices are present.
a/hwdata-0.336-noarch-1.txz: Upgraded.
ap/man-db-2.9.2-x86_64-1.txz: Upgraded.
d/git-2.27.0-x86_64-1.txz: Upgraded.
d/perl-5.30.3-x86_64-1.txz: Upgraded.
Upgraded to IO-Socket-SSL-2.068.
d/strace-5.7-x86_64-1.txz: Upgraded.
l/libyaml-0.2.5-x86_64-1.txz: Upgraded.
n/ca-certificates-20200602-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/nghttp2-1.41.0-x86_64-1.txz: Upgraded.
This update fixes a security issue where an overly large HTTP/2 SETTINGS
frame payload causes a denial of service.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xrhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11080
(* Security fix *)
n/proftpd-1.3.6d-x86_64-1.txz: Upgraded.
This is a bugfix release:
Fixed issue with FTPS uploads of large files using TLSv1.3 (Issue #959).
x/intel-vaapi-driver-2.4.1-x86_64-1.txz: Upgraded.
ap/mpg123-1.26.0-x86_64-1.txz: Upgraded.
ap/sqlite-3.32.1-x86_64-1.txz: Upgraded.
l/keybinder-0.3.1-x86_64-2.txz: Removed.
l/keybinder3-3.0_0.3.2-x86_64-1.txz: Added.
n/krb5-1.18.2-x86_64-1.txz: Upgraded.
n/mutt-1.14.2-x86_64-1.txz: Upgraded.
xap/gnuplot-5.2.8-x86_64-2.txz: Rebuilt.
Rebuilt with Qt5 (uses anti-aliasing to improve the plot output).
extra/aspell-word-lists/aspell-pt-0.50_2-x86_64-5.txz: Removed.
extra/aspell-word-lists/aspell-pt_PT-20190329_0-x86_64-1.txz: Upgraded.
Thanks to sairum for the link to a better word list.
extra/aspell-word-lists/aspell-pt_PT-preao-20190329_0-x86_64-1.txz: Added.
Thanks to sairum for the link to a better word list.
extra/pure-alsa-system/mpg123-1.26.0-x86_64-1_alsa.txz: Upgraded.
l/libarchive-3.4.3-x86_64-1.txz: Upgraded.
l/python-six-1.15.0-x86_64-1.txz: Upgraded.
l/zstd-1.4.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-68.8.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.8.1/releasenotes/
d/Cython-0.29.19-x86_64-1.txz: Upgraded.
kde/kde-workspace-4.11.22-x86_64-9.txz: Rebuilt.
kde-np: by default, do not restrict passwordless login for UIDs below 1000,
but keep the option to do so in the file commented out.
l/ffmpeg-4.2.3-x86_64-1.txz: Upgraded.
l/iso-codes-4.5.0-noarch-1.txz: Upgraded.
l/v4l-utils-1.20.0-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/ffmpeg-4.2.3-x86_64-1_alsa.txz: Upgraded.
d/Cython-0.29.18-x86_64-1.txz: Upgraded.
kde/kde-workspace-4.11.22-x86_64-8.txz: Rebuilt.
Added /etc/pam.d/kde-np to fix KDM autologin.
Thanks to USUARIONUEVO for the bug report.
l/gnu-efi-3.0.12-x86_64-1.txz: Upgraded.
Greetings! After three months in /testing, the PAM merge into the main tree
is now complete. When updating, be sure to install the new pam, cracklib, and
libpwquality packages or you may find yourself locked out of your machine.
Otherwise, these changes should be completely transparent and you shouldn't
notice any obvious operational differences. Be careful if you make any changes
in /etc/pam.d/ - leaving an extra console logged in while testing PAM config
changes is a recommended standard procedure. Thanks again to Robby Workman,
Vincent Batts, Phantom X, and ivandi for help implementing this. It's not
done yet and there will be more fine-tuning of the config files, but now we
can move on to build some other updates. Enjoy!
a/cracklib-2.9.7-x86_64-1.txz: Added.
a/kernel-firmware-20200517_f8d32e4-noarch-1.txz: Upgraded.
a/libcgroup-0.41-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
a/libpwquality-1.4.2-x86_64-1.txz: Added.
a/lilo-24.2-x86_64-9.txz: Rebuilt.
Enable the "compact" option by default.
liloconfig: correctly set the root partition.
a/pam-1.3.1-x86_64-1.txz: Added.
a/shadow-4.8.1-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
a/utempter-1.2.0-x86_64-1.txz: Upgraded.
a/util-linux-2.35.1-x86_64-6.txz: Rebuilt.
Rebuilt to add PAM support.
a/xfsprogs-5.6.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
ap/at-3.2.1-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/cups-2.3.3-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/hplip-3.20.5-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/mariadb-10.4.13-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/screen-4.8.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/soma-3.3.0-noarch-1.txz: Upgraded.
Thanks to David Woodfall.
ap/sqlite-3.31.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
ap/sudo-1.9.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
ap/vim-8.2.0788-x86_64-1.txz: Upgraded.
d/bison-3.6.2-x86_64-1.txz: Upgraded.
d/meson-0.54.2-x86_64-1.txz: Upgraded.
d/python-setuptools-46.4.0-x86_64-1.txz: Upgraded.
d/vala-0.48.6-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-36.txz: Rebuilt.
Recompiled against icu4c-67.1.
kde/kde-workspace-4.11.22-x86_64-7.txz: Rebuilt.
Rebuilt to add PAM support.
l/ConsoleKit2-1.2.1-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
l/boost-1.73.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/gnome-keyring-3.36.0-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
l/harfbuzz-2.6.6-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/icu4c-67.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/imagemagick-7.0.10_13-x86_64-1.txz: Upgraded.
l/libcap-2.34-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
l/libical-3.0.8-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/libuv-1.38.0-x86_64-1.txz: Upgraded.
l/libvisio-0.1.7-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/polkit-0.116-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
l/qt-4.8.7-x86_64-16.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/qt5-5.13.2-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/qt5-webkit-5.212.0_alpha4-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/raptor2-2.0.15-x86_64-9.txz: Rebuilt.
Recompiled against icu4c-67.1.
l/system-config-printer-1.5.12-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
l/vte-0.60.2-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/cifs-utils-6.10-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/cyrus-sasl-2.1.27-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/dovecot-2.3.10.1-x86_64-1.txz: Upgraded.
Rebuilt to add PAM support.
Compiled against icu4c-67.1.
This update fixes several denial-of-service vulnerabilities.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10957https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10958https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10967
(* Security fix *)
n/mutt-1.14.1-x86_64-1.txz: Upgraded.
n/netatalk-3.1.12-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/netkit-rsh-0.17-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/nss-pam-ldapd-0.9.11-x86_64-1.txz: Added.
n/openssh-8.2p1-x86_64-3.txz: Rebuilt.
Rebuilt to add PAM support.
n/openvpn-2.4.9-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/pam-krb5-4.9-x86_64-1.txz: Added.
n/php-7.4.6-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/popa3d-1.0.3-x86_64-4.txz: Rebuilt.
Rebuilt to add PAM support.
n/postfix-3.5.2-x86_64-1.txz: Upgraded.
Compiled against icu4c-67.1.
n/ppp-2.4.8-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/proftpd-1.3.6c-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
n/samba-4.12.2-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
Recompiled against icu4c-67.1.
n/tin-2.4.4-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
n/vsftpd-3.0.3-x86_64-6.txz: Rebuilt.
Rebuilt to add PAM support.
t/texlive-2019.190626-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-67.1.
x/vulkan-sdk-1.2.135.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.11-x86_64-10.txz: Rebuilt.
Rebuilt to add PAM support.
x/xisxwayland-1-x86_64-1.txz: Added.
xap/sane-1.0.30-x86_64-1.txz: Upgraded.
This update fixes several security issues.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12867https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12862https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12863https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12865https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12861https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12864
(* Security fix *)
xap/vim-gvim-8.2.0788-x86_64-1.txz: Upgraded.
xap/xlockmore-5.63-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
xap/xscreensaver-5.44-x86_64-2.txz: Rebuilt.
Rebuilt to add PAM support.
extra/brltty/brltty-6.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-67.1.
extra/pure-alsa-system/qt5-5.13.2-x86_64-4_alsa.txz: Rebuilt.
Recompiled against icu4c-67.1.
isolinux/initrd.img: Rebuilt.
Added PAM libraries, security modules, and config files.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Added PAM libraries, security modules, and config files.
Hey folks, just a heads-up that PAM is about to be merged into the main tree.
We can't have it blocking other upgrades any longer. The config files could be
improved (adding support for pam_krb5 and pam_ldap, for example), but they'll
do for now. Have a good weekend, and enjoy these updates! :-)
a/aaa_elflibs-15.0-x86_64-23.txz: Rebuilt.
Upgraded: libcap.so.2.34, libelf-0.179.so, liblzma.so.5.2.5,
libglib-2.0.so.0.6400.2, libgmodule-2.0.so.0.6400.2,
libgobject-2.0.so.0.6400.2, libgthread-2.0.so.0.6400.2,
liblber-2.4.so.2.10.13, libldap-2.4.so.2.10.13, libpcre2-8.so.0.10.0.
Added temporarily in preparation for upgrading icu4c: libicudata.so.65.1,
libicui18n.so.65.1, libicuio.so.65.1, libicutest.so.65.1, libicutu.so.65.1,
libicuuc.so.65.1.
a/etc-15.0-x86_64-11.txz: Rebuilt.
/etc/passwd: Added ldap (UID 330).
/etc/group: Added ldap (GID 330).
a/kernel-generic-5.4.41-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.41-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.41-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-33.txz: Rebuilt.
setup.services: added support for rc.openldap and rc.openvpn.
ap/hplip-3.20.5-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.41-x86-1.txz: Upgraded.
d/python-setuptools-46.3.0-x86_64-1.txz: Upgraded.
d/python3-3.8.3-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.41-noarch-1.txz: Upgraded.
n/openldap-2.4.50-x86_64-1.txz: Added.
This is a complete OpenLDAP package with both client and server support.
Thanks to Giuseppe Di Terlizzi for help with the server parts.
n/openldap-client-2.4.50-x86_64-1.txz: Removed.
x/mesa-20.0.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/hplip-3.20.5-x86_64-1_pam.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/shadow-4.8.1-x86_64-6.txz: Rebuilt.
Include manpages for sulogin(8).
a/util-linux-2.35.1-x86_64-5.txz: Rebuilt.
ap/sysstat-12.3.3-x86_64-1.txz: Upgraded.
d/bison-3.6-x86_64-1.txz: Upgraded.
l/jansson-2.13.1-x86_64-1.txz: Upgraded.
n/NetworkManager-1.24.0-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.5-x86_64-1.txz: Upgraded.
testing/packages/PAM/shadow-4.8.1-x86_64-6_pam.txz: Rebuilt.
Include manpages for sulogin(8).
Use this version of /bin/su.
testing/packages/PAM/util-linux-2.35.1-x86_64-5_pam.txz: Rebuilt.
Don't use this version of /bin/su.
a/kernel-generic-5.4.39-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.39-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.39-x86_64-1.txz: Upgraded.
d/kernel-headers-5.4.39-x86-1.txz: Upgraded.
k/kernel-source-5.4.39-noarch-1.txz: Upgraded.
HUGETLBFS n -> y
JUMP_LABEL n -> y
+CGROUP_HUGETLB n
+HUGETLB_PAGE y
+STATIC_KEYS_SELFTEST n
Thanks to camerabambai.
l/libspectre-0.2.9-x86_64-1.txz: Upgraded.
l/pygobject3-3.36.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20200421_78c0348-noarch-1.txz: Upgraded.
a/kernel-generic-5.4.34-x86_64-1.txz: Upgraded.
a/kernel-huge-5.4.34-x86_64-1.txz: Upgraded.
a/kernel-modules-5.4.34-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1g-x86_64-1.txz: Upgraded.
d/git-2.26.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
With a crafted URL that contains a newline or empty host, or lacks
a scheme, the credential helper machinery can be fooled into
providing credential information that is not appropriate for the
protocol in use and host being contacted.
Unlike the vulnerability CVE-2020-5260 fixed in v2.17.4, the
credentials are not for a host of the attacker's choosing; instead,
they are for some unspecified host (based on how the configured
credential helper handles an absent "host" parameter).
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11008
(* Security fix *)
d/kernel-headers-5.4.34-x86-1.txz: Upgraded.
d/vala-0.48.4-x86_64-1.txz: Upgraded.
k/kernel-source-5.4.34-noarch-1.txz: Upgraded.
INFINIBAND_CXGB3 n -> m
INFINIBAND_IPOIB_CM n -> y
INFINIBAND_IPOIB_DEBUG_DATA n -> y
Thanks to Karl Magnus Kolstø.
l/M2Crypto-0.35.2-x86_64-4.txz: Rebuilt.
Don't package typing-3.7.4.1 for python3.
l/netpbm-10.90.01-x86_64-1.txz: Upgraded.
n/openssl-1.1.1g-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fixed segmentation fault in SSL_check_chain() that could be exploited by a
malicious peer in a Denial of Service attack.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1967
(* Security fix *)
x/libva-2.7.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/PAM/openvpn-2.4.9-x86_64-1_pam.txz: Upgraded.
This update fixes a security issue:
Fix illegal client float. Thanks to Lev Stipakov.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
(* Security fix *)
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/python-2.7.17-x86_64-2.txz: Removed.
d/python2-2.7.18-x86_64-1.txz: Added.
OK, I know a few people got excited seeing python-2 removed in the previous
entry, but it's just being renamed to python2 for consistency with the
python3 package. It's DOA though, and is the final release of the already EOL
python 2 branch (a "commemorative" release as they say in the announcement).
l/M2Crypto-0.35.2-x86_64-3.txz: Rebuilt.
Added python3 modules. Thanks to sombragris and ponce.
l/harfbuzz-2.6.5-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_7-x86_64-1.txz: Upgraded.
l/libuv-1.37.0-x86_64-1.txz: Upgraded.
l/libyaml-0.2.4-x86_64-1.txz: Upgraded.
l/oniguruma-6.9.5-x86_64-1.txz: Upgraded.
x/pixman-0.40.0-x86_64-1.txz: Upgraded.
ap/rpm-4.15.1-x86_64-3.txz: Rebuilt.
Dropped python2 modules.
l/libcaca-0.99.beta19-x86_64-6.txz: Rebuilt.
Dropped python2 modules.
l/libuv-1.36.0-x86_64-1.txz: Upgraded.
l/libwebp-1.1.0-x86_64-2.txz: Rebuilt.
Dropped python2 modules.
l/python-distro-1.4.0-x86_64-2.txz: Rebuilt.
Dropped python2 modules.
l/python-docutils-0.16-x86_64-2.txz: Rebuilt.
Replace /usr/bin scripts with python3 versions.
l/system-config-printer-1.5.12-x86_64-3.txz: Rebuilt.
Dropped python2 modules.
n/openvpn-2.4.9-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix illegal client float. Thanks to Lev Stipakov.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11810
(* Security fix *)
extra/xf86-video-nouveau-blacklist/xf86-video-nouveau-blacklist-1.0-noarch-1.txz: Added.
If it is easier for people using slackpkg to leave xf86-video-nouveau
installed and change the name of this package from xf86-video-nouveau to
xf86-video-nouveau-blacklist with a $VERSION of 1.0, then so be it.
extra/xf86-video-nouveau-blacklist/xf86-video-nouveau-blacklist-noarch-1.txz: Removed.
a/xfsprogs-5.6.0-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.18-x86_64-2.txz: Rebuilt.
Fixed the version number embedded in pkg-config files and elsewhere.
Thanks to davjohn for the bug report.
n/bind-9.16.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
DNS rebinding protection was ineffective when BIND 9 is configured as a
forwarding DNS server. Found and responsibly reported by Tobias Klein.
[GL #1574]
(* Security fix *)
a/gawk-5.1.0-x86_64-1.txz: Upgraded.
a/gettext-0.20.2-x86_64-1.txz: Upgraded.
d/gettext-tools-0.20.2-x86_64-1.txz: Upgraded.
d/git-2.26.1-x86_64-1.txz: Upgraded.
This update fixes a security issue:
With a crafted URL that contains a newline in it, the credential helper
machinery can be fooled to give credential information for a wrong host.
The attack has been made impossible by forbidding a newline character in
any value passed via the credential protocol. Credit for finding the
vulnerability goes to Felix Wilhelm of Google Project Zero.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5260
(* Security fix *)
l/glib-networking-2.64.2-x86_64-1.txz: Upgraded.
l/libsecret-0.20.3-x86_64-1.txz: Upgraded.
n/php-7.4.5-x86_64-1.txz: Upgraded.
x/xorgproto-2020.1-x86_64-1.txz: Upgraded.
xap/audacious-4.0.2-x86_64-1.txz: Upgraded.
xap/audacious-plugins-4.0.2-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/audacious-plugins-4.0.2-x86_64-1_alsa.txz: Upgraded.
d/cmake-3.17.1-x86_64-1.txz: Upgraded.
l/glib2-2.64.2-x86_64-1.txz: Upgraded.
l/libssh-0.9.4-x86_64-1.txz: Upgraded.
Fixed possible DoS in client and server when handling AES-CTR keys
with OpenSSL.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1730
(* Security fix *)
d/bison-3.5.4-x86_64-1.txz: Upgraded.
kde/k3b-2.0.3-x86_64-7.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
l/gobject-introspection-1.64.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_4-x86_64-1.txz: Upgraded.
l/libdvdnav-6.1.0-x86_64-2.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
Who bumps an .soname and only boosts the version number by 0.0.1?
Anyway, sorry to drop the ball a second time. I'll try to avoid this.
Thanks to gmgf for the bug report.
n/fetchmail-6.4.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.4.4-x86_64-1.txz: Upgraded.
xap/MPlayer-20200103-x86_64-2.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
xap/windowmaker-0.95.9-x86_64-1.txz: Upgraded.
xap/xine-lib-1.2.10-x86_64-2.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
extra/pure-alsa-system/MPlayer-20200103-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
extra/pure-alsa-system/xine-lib-1.2.10-x86_64-2_alsa.txz: Rebuilt.
Recompiled against libdvdread-6.1.1.
kde/calligra-2.9.11-x86_64-34.txz: Rebuilt.
Recompiled against glew-2.2.0.
The libGLEW.so.2.2 .soname (rather than libGLEW.so.2) gets me every time.
Thanks to marrowsuck for the bug report.
l/libdvdread-6.1.1-x86_64-1.txz: Upgraded.
x/mesa-20.0.4-x86_64-2.txz: Rebuilt.
Recompiled against glew-2.2.0.
ap/lsof-4.93.2-x86_64-2.txz: Rebuilt.
Fixed the manpage. Thanks to kaott.
ap/sc-7.16-x86_64-7.txz: Rebuilt.
Brought back the classic SC. Thanks to dive.
d/Cython-0.29.16-x86_64-1.txz: Upgraded.
d/mercurial-5.3.2-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.17-x86_64-1.txz: Upgraded.
n/dhcpcd-8.1.7-x86_64-1.txz: Upgraded.
n/iproute2-5.6.0-x86_64-1.txz: Upgraded.
x/libdrm-2.4.101-x86_64-1.txz: Upgraded.
x/mesa-20.0.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.6.1esr-x86_64-1.txz: Upgraded.
This release contains critical security fixes and improvements.
"Under certain conditions, when running the nsDocShell destructor, a race
condition can cause a use-after-free. We are aware of targeted attacks in
the wild abusing this flaw."
"Under certain conditions, when handling a ReadableStream, a race condition
can cause a use-after-free. We are aware of targeted attacks in the wild
abusing this flaw."
For more information, see:
https://www.mozilla.org/en-US/firefox/68.6.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6819https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6820
(* Security fix *)
a/dialog-1.3_20200327-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1f-x86_64-1.txz: Upgraded.
ap/nano-4.9.1-x86_64-1.txz: Upgraded.
l/elfutils-0.179-x86_64-1.txz: Upgraded.
n/gnutls-3.6.13-x86_64-1.txz: Upgraded.
This update fixes a security issue:
libgnutls: Fix a DTLS-protocol regression (caused by TLS1.3 support),
since 3.6.3. The DTLS client would not contribute any randomness to the
DTLS negotiation, breaking the security guarantees of the DTLS protocol.
[GNUTLS-SA-2020-03-31, CVSS: high]
(* Security fix *)
n/httpd-2.4.43-x86_64-1.txz: Upgraded.
n/openssl-1.1.1f-x86_64-1.txz: Upgraded.
a/lvm2-2.03.09-x86_64-1.txz: Upgraded.
d/guile-3.0.2-x86_64-1.txz: Upgraded.
l/glib-networking-2.64.1-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.16-x86_64-1.txz: Upgraded.
l/gvfs-1.44.1-x86_64-1.txz: Upgraded.
l/librsvg-2.48.1-x86_64-1.txz: Upgraded.
l/vte-0.60.1-x86_64-1.txz: Upgraded.
xap/audacious-4.0-x86_64-3.txz: Rebuilt.
Also support GTK+ interface, including a .desktop file for it.
xap/audacious-plugins-4.0-x86_64-3.txz: Rebuilt.
Rebuilt with --enable-gtk.
extra/pure-alsa-system/audacious-plugins-4.0-x86_64-3_alsa.txz: Rebuilt.
Rebuilt with --enable-gtk.
extra/pure-alsa-system/qt5-5.13.2-x86_64-3_alsa.txz: Added.
n/curl-7.69.1-x86_64-3.txz: Rebuilt.
Removed --with-ca-bundle=/usr/share/curl/ca-bundle.crt and
added --without-ca-bundle. Thanks to drgibbon and Willy Sudiarto Raharjo.
l/glibmm-2.64.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_2-x86_64-1.txz: Upgraded.
l/libcue-2.2.1-x86_64-1.txz: Added.
The initial use for this is adding CUE support to audacious-plugins.
l/libdvdnav-6.1.0-x86_64-1.txz: Upgraded.
l/libdvdread-6.1.0-x86_64-1.txz: Upgraded.
xap/audacious-4.0-x86_64-1.txz: Upgraded.
xap/audacious-plugins-4.0-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/audacious-plugins-4.0-x86_64-1_alsa.txz: Upgraded.
Don't bother with 5.4.26 folks, just wait for the next one. Trust me.
a/tcsh-6.22.02-x86_64-2.txz: Rebuilt.
Fixed merging history from multiple shells. Thanks to jmccue.
a/xz-5.2.5-x86_64-1.txz: Upgraded.
d/git-2.25.2-x86_64-1.txz: Upgraded.
l/glibmm-2.64.1-x86_64-1.txz: Upgraded.
n/bind-9.16.1-x86_64-1.txz: Upgraded.
n/dovecot-2.3.10-x86_64-2.txz: Rebuilt.
x/libinput-1.15.4-x86_64-1.txz: Upgraded.
x/mesa-20.0.2-x86_64-1.txz: Upgraded.
testing/packages/PAM/dovecot-2.3.10-x86_64-2_pam.txz: Rebuilt.
Recompiled using --with-pam. Thanks to HQuest.
a/aaa_elflibs-15.0-x86_64-22.txz: Rebuilt.
Upgraded: libcap.so.2.33, libncurses.so.6.2, libncursesw.so.6.2,
libpcre.so.1.2.12, libpcreposix.so.0.0.7, libtinfo.so.6.2, libform.so.6.2,
libformw.so.6.2, libglib-2.0.so.0.6400.1, libgmodule-2.0.so.0.6400.1,
libgobject-2.0.so.0.6400.1, libgthread-2.0.so.0.6400.1,
liblber-2.4.so.2.10.12, libldap-2.4.so.2.10.12, libmenu.so.6.2,
libmenuw.so.6.2, libpanel.so.6.2, libpanelw.so.6.2, libstdc++.so.6.0.28.
a/xfsprogs-5.5.0-x86_64-1.txz: Upgraded.
ap/sudo-1.8.31p1-x86_64-1.txz: Upgraded.
This is a bugfix release:
Sudo once again ignores a failure to restore the RLIMIT_CORE resource limit,
as it did prior to version 1.8.29. Linux containers don't allow RLIMIT_CORE
to be set back to RLIM_INFINITY if we set the limit to zero, even for root,
which resulted in a warning from sudo.
d/help2man-1.47.13-x86_64-1.txz: Upgraded.
d/perl-5.30.2-x86_64-1.txz: Upgraded.
Also upgraded to Devel-CheckLib-1.14, DBI-1.643, and IO-Socket-SSL-2.067.
n/ModemManager-1.12.8-x86_64-1.txz: Upgraded.
n/bluez-5.54-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.2.131.2-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.64.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.10_0-x86_64-1.txz: Upgraded.
l/libical-3.0.8-x86_64-1.txz: Upgraded.
l/librsvg-2.48.0-x86_64-1.txz: Upgraded.
l/libsoup-2.70.0-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.51-x86_64-1.txz: Upgraded.
xap/libnma-1.8.28-x86_64-1.txz: Added.
This is the NetworkManager GUI client library, which was previously
provided by network-manager-applet. It's now a standalone project, and
is required by network-manager-applet and other NetworkManager frontends.
xap/network-manager-applet-1.16.0-x86_64-1.txz: Upgraded.
This requires the new libnma package.
a/cryptsetup-2.3.0-x86_64-2.txz: Rebuilt.
Include some additional documentation. Thanks to regdub.
a/sdparm-1.11-x86_64-1.txz: Upgraded.
ap/moc-2.5.2-x86_64-6.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
l/glib-networking-2.64.0-x86_64-1.txz: Upgraded.
l/glib2-2.64.0-x86_64-1.txz: Upgraded.
l/gvfs-1.44.0-x86_64-1.txz: Upgraded.
l/libnl-1.1.4-x86_64-3.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
l/tdb-1.4.3-x86_64-3.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
l/tevent-0.10.2-x86_64-3.txz: Rebuilt.
Fixed docs permissions. Thanks to regdub.
n/bind-9.16.0-x86_64-3.txz: Rebuilt.
Applied upstream patch to fix a discrepancy in the quota code that can
result in a situation where the count is not properly decremented in
some cases.
n/dovecot-2.3.10-x86_64-1.txz: Upgraded.
n/rp-pppoe-3.13-x86_64-2.txz: Rebuilt.
This needed a rebuild for ppp-2.4.8. Thanks to regdub.
x/libinput-1.15.3-x86_64-1.txz: Upgraded.
testing/packages/PAM/dovecot-2.3.10-x86_64-1_pam.txz: Upgraded.
