Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-12.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz: Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz: Upgraded.
d/llvm-18.1.8-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded.
d/ruby-3.3.5-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz: Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz: Upgraded.
l/cryfs-0.10.3-x86_64-13.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz: Upgraded.
l/librsvg-2.58.5-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded.
l/netpbm-11.08.00-x86_64-1.txz: Upgraded.
l/opencv-4.10.0-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz: Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
n/openobex-1.7.2-x86_64-6.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
x/marisa-0.2.6-x86_64-11.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-47https://www.cve.org/CVERecord?id=CVE-2024-9392https://www.cve.org/CVERecord?id=CVE-2024-9393https://www.cve.org/CVERecord?id=CVE-2024-9394https://www.cve.org/CVERecord?id=CVE-2024-8900https://www.cve.org/CVERecord?id=CVE-2024-9396https://www.cve.org/CVERecord?id=CVE-2024-9397https://www.cve.org/CVERecord?id=CVE-2024-9398https://www.cve.org/CVERecord?id=CVE-2024-9399https://www.cve.org/CVERecord?id=CVE-2024-9400https://www.cve.org/CVERecord?id=CVE-2024-9401https://www.cve.org/CVERecord?id=CVE-2024-9402
(* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/btrfs-progs-6.11-x86_64-1.txz: Upgraded.
a/dracut-103-x86_64-1.txz: Added.
This is Red Hat's tool to generate an initramfs (aka initrd). Around here,
we try not to suffer from Not Invented Here Syndrome (some might say the
less we invent, the better ;-). It never hurts to have additional options,
and it even looks like our old friend David Cantrell is on the AUTHORS list.
I've had good luck here with:
dracut --hostonly --force /boot/initrd-6.10.11-generic.img
Thanks to Didier Spaier for convincing me to try it out.
a/gawk-5.3.1-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.11-x86_64-1.txz: Upgraded.
a/upower-1.90.6-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.11-x86-1.txz: Upgraded.
k/kernel-source-6.10.11-noarch-1.txz: Upgraded.
l/libtiff-4.7.0-x86_64-1.txz: Upgraded.
n/curl-8.10.1-x86_64-1.txz: Upgraded.
x/mesa-24.2.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240912_b9daf8c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.10-x86_64-1.txz: Upgraded.
The kernel modules are now bundled into this package.
a/kernel-huge-6.10.9-x86_64-1.txz: Removed.
So long, we won't miss you.
If you were actually using kernel-huge with one of the SCSI/SAS drivers that
were built in, you'll need to use kernel-generic and an initrd that contains
the needed drivers. Otherwise, just switch to kernel-generic. It'll be fine.
If unsure, make an initrd with geninitrd and have your bootloader use it.
a/kernel-modules-6.10.9-x86_64-1.txz: Removed.
Kernel modules are now bundled with the kernel-generic package.
a/libblockdev-3.2.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.10-x86-1.txz: Upgraded.
k/kernel-source-6.10.10-noarch-1.txz: Upgraded.
l/librsvg-2.58.4-x86_64-1.txz: Upgraded.
l/protobuf-28.1-x86_64-1.txz: Upgraded.
l/pygobject3-3.50.0-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.9.12-x86_64-1.txz: Upgraded.
n/nghttp3-1.5.0-x86_64-2.txz: Rebuilt.
Make sure the cmake files are installed to the correct location.
Thanks to fulalas.
x/ibus-table-1.17.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.10.9-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.9-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.9-x86_64-1.txz: Upgraded.
ap/texinfo-7.1.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.9-x86-1.txz: Upgraded.
d/python3-3.11.10-x86_64-1.txz: Upgraded.
This update fixes security issues:
Bundled libexpat was updated to 2.6.3.
Fix quadratic complexity in parsing "-quoted cookie values with backslashes
by http.cookies.
Fixed various false positives and false negatives in IPv4Address.is_private,
IPv4Address.is_global, IPv6Address.is_private, IPv6Address.is_global.
Fix urllib.parse.urlunparse() and urllib.parse.urlunsplit() for URIs with
path starting with multiple slashes and no authority.
Remove backtracking from tarfile header parsing for hdrcharset, PAX, and
GNU sparse headers.
email.utils.getaddresses() and email.utils.parseaddr() now return ('', '')
2-tuples in more situations where invalid email addresses are encountered
instead of potentially inaccurate values. Add optional strict parameter to
these two functions: use strict=False to get the old behavior, accept
malformed inputs. getattr(email.utils, 'supports_strict_parsing', False) can
be used to check if the strict paramater is available.
Sanitize names in zipfile.Path to avoid infinite loops (gh-122905) without
breaking contents using legitimate characters.
Email headers with embedded newlines are now quoted on output. The generator
will now refuse to serialize (write) headers that are unsafely folded or
delimited; see verify_generated_headers.
For more information, see:
https://pythoninsider.blogspot.com/2024/09/python-3130rc2-3126-31110-31015-3920.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-28757https://www.cve.org/CVERecord?id=CVE-2024-45490https://www.cve.org/CVERecord?id=CVE-2024-45491https://www.cve.org/CVERecord?id=CVE-2024-45492https://www.cve.org/CVERecord?id=CVE-2024-7592https://www.cve.org/CVERecord?id=CVE-2024-4032https://www.cve.org/CVERecord?id=CVE-2015-2104https://www.cve.org/CVERecord?id=CVE-2024-6232https://www.cve.org/CVERecord?id=CVE-2023-27043https://www.cve.org/CVERecord?id=CVE-2024-8088https://www.cve.org/CVERecord?id=CVE-2024-6923
(* Security fix *)
k/kernel-source-6.10.9-noarch-1.txz: Upgraded.
TEE n -> m
+AMDTEE m
+AMD_PMF m
+AMD_PMF_DEBUG n
Thanks to nick8325 for the suggestion.
l/qt5-5.15.15_20240903_363456a6-x86_64-1.txz: Upgraded.
x/noto-emoji-2.042-noarch-1.txz: Added.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_glibc-solibs-2.40-x86_64-5.txz: Rebuilt.
a/kernel-firmware-20240828_335a1de-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.7-x86_64-1.txz: Upgraded.
a/userspace-rcu-0.14.1-x86_64-1.txz: Upgraded.
ap/man-db-2.13.0-x86_64-1.txz: Upgraded.
ap/screen-5.0.0-x86_64-1.txz: Upgraded.
ap/vim-9.1.0702-x86_64-1.txz: Upgraded.
d/cmake-3.30.3-x86_64-1.txz: Upgraded.
d/gcc-14.2.0-x86_64-2.txz: Rebuilt.
Merge in parts of alienBOB's multilib build script, generalize the script
to work with both --enable-multilib and --disable-multilib, and otherwise
clean things up. Go ahead and build it multilib on 64-bit, because why not?
It's worth the bit of bloat to no longer have this package need to be
maintained separately and kept in sync. Thanks to alienBOB.
d/gcc-g++-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gdc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gfortran-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gm2-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gnat-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-go-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-objc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-rust-14.2.0-x86_64-2.txz: Rebuilt.
d/kernel-headers-6.10.7-x86-1.txz: Upgraded.
d/python-setuptools-73.0.1-x86_64-1.txz: Rebuilt.
Reverted due to regression: breaks g-ir-scanner
k/kernel-source-6.10.7-noarch-1.txz: Upgraded.
l/glibc-2.40-x86_64-5.txz: Rebuilt.
Enable multilib on 64-bit. Thanks to alienBOB.
Note that Slackware 64-bit can now run a 32-bit "Hello World!" but there
are no immediate plans to add additional multilib support by default.
Maybe down the road when bare metal 32-bit support goes away.
l/glibc-i18n-2.40-x86_64-5.txz: Rebuilt.
l/glibc-profile-2.40-x86_64-5.txz: Rebuilt.
l/gtk4-4.15.6-x86_64-1.txz: Upgraded.
l/libssh-0.11.1-x86_64-1.txz: Upgraded.
l/protobuf-28.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-certifi-2024.8.30-x86_64-1.txz: Upgraded.
l/qt6-6.7.2_20240610_3f005f1e-x86_64-6.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/ca-certificates-20240830-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/mosh-1.4.0-x86_64-4.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/php-8.3.11-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.11
x/mesa-24.2.1-x86_64-1.txz: Upgraded.
Thanks to lucabon for the rust-bindgen patch.
xap/vim-gvim-9.1.0702-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/python-setuptools-73.0.1-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.70.1-x86_64-1.txz: Upgraded.
n/ModemManager-1.22.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.10-x86_64-1.txz: Upgraded.
n/epic5-2.4-x86_64-1.txz: Upgraded.
n/libqmi-1.34.0-x86_64-2.txz: Rebuilt.
Build against libqrtr-glib with -Dqrtr=true.
n/libqrtr-glib-1.2.2-x86_64-1.txz: Added.
ModemManager-1.22.0 needs libqmi to be linked with this.
x/xorg-server-21.1.13-x86_64-3.txz: Rebuilt.
Patched changing a type from unsigned long to unsigned long long which fixes
the black screen seen on 32-bit with the modesetting driver. Seems fine on
64-bit as well, so the patch is applied for all builds. The patch to default
to modesetting for Intel graphics is restored (and the one for nouveau is kept
as well).
Thanks to Lenard Spencer for reporting that nouveau was also hitting this.
Thanks to Petri Kaukasoina for the patch.
x/xorg-server-xephyr-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-3.txz: Rebuilt.
a/eudev-3.2.14-x86_64-2.txz: Rebuilt.
Add a few more modules to /lib/modprobe.d/watchdog.conf.
a/kmod-33-x86_64-1.txz: Upgraded.
ap/sc-im-0.8.4-x86_64-1.txz: Upgraded.
ap/scdoc-1.11.3-x86_64-1.txz: Added.
This is needed to build kmod-33.
d/luajit-2.1.1723675123-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.70.0-x86_64-1.txz: Upgraded.
l/librsvg-2.58.3-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-2.txz: Rebuilt.
Updated the subprojects and recompiled.
a/kernel-generic-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.5-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.5-x86-1.txz: Upgraded.
d/python-setuptools-72.2.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.10.5-noarch-1.txz: Upgraded.
kde/okteta-0.26.16-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
n/lynx-2.9.2-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.9.5-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.14.0-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-7.0.2.
Thanks to Petri Kaukasoina.
extra/xv/xv-6.0.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Enjoy your shiny new vmlinuz-6.9.11-generic!
Thanks again to LuckyCyborg for teaching me about the path of least resistance.
a/grub-2.12-x86_64-14.txz: Rebuilt.
Don't mention 09_slackware_linux in the /etc/default/grub comments.
a/kernel-generic-6.9.11-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.11-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.11-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-35.txz: Rebuilt.
d/kernel-headers-6.9.11-x86-1.txz: Upgraded.
d/rust-1.80.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.11-noarch-1.txz: Upgraded.
l/xapian-core-1.4.26-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20240718_058deb9-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.10-x86_64-1.txz: Upgraded.
d/cmake-3.30.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.9.10-x86-1.txz: Upgraded.
d/python-setuptools-71.0.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.10-noarch-1.txz: Upgraded.
kde/labplot-2.11.1-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.6-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.06-noarch-1.txz: Upgraded.
n/httpd-2.4.62-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
The first CVE is for Windows, but the second one is an additional fix for
the source code disclosure regression when using AddType.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.62https://www.cve.org/CVERecord?id=CVE-2024-40898https://www.cve.org/CVERecord?id=CVE-2024-40725
(* Security fix *)
n/openvpn-2.6.12-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Thanks for the Slackiversary wishes!
a/bcachefs-tools-1.9.4-x86_64-1.txz: Upgraded.
a/sysklogd-2.6.0-x86_64-1.txz: Upgraded.
l/dbus-python-1.3.2-x86_64-3.txz: Rebuilt.
Build with meson, which fixes pulseaudio's qpaeq.
Thanks to gmgf and USUARIONUEVO.
l/nodejs-20.15.1-x86_64-2.txz: Rebuilt.
Recompiled using --shared-nghttp3.
l/python-sphinx-7.4.4-x86_64-1.txz: Upgraded.
n/c-ares-1.32.2-x86_64-1.txz: Upgraded.
n/curl-8.8.0-x86_64-2.txz: Rebuilt.
Recompiled using --with-nghttp2=/usr and --with-nghttp3=/usr.
n/libnftnl-1.2.7-x86_64-1.txz: Upgraded.
n/nghttp3-1.4.0-x86_64-1.txz: Added.
Thanks to pbslxw and Lockywolf.
n/ntp-4.2.8p18-x86_64-5.txz: Rebuilt.
This is a bugfix release to fix a regression in ntp-4.2.8p18:
If the IPv6 link-local interface was not ready for binding on the first
attempt, ntpd would segfault in update_interfaces().
Thanks to Jonathan Woithe for the bug report and fix.
a/btrfs-progs-6.9.2-x86_64-1.txz: Upgraded.
a/grub-2.12-x86_64-10.txz: Rebuilt.
Fix initrd path when including microcode.
Hopefully we're about out of corner cases now.
Thanks to kaott, with honorable mention to gwhl.
a/kernel-firmware-20240622_cea56a5-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.7-x86_64-1.txz: Upgraded.
ap/lxc-6.0.1-x86_64-1.txz: Upgraded.
Add a few more packages to the lxc-slackware.in template:
ca-certificates, glibc-zoneinfo, libksba, openssl, perl.
Thanks to Ricardson Williams.
d/kernel-headers-6.9.7-x86-1.txz: Upgraded.
d/python-pip-24.1.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.7-noarch-1.txz: Upgraded.
kde/krita-5.2.3-x86_64-1.txz: Upgraded.
l/harfbuzz-9.0.0-x86_64-1.txz: Upgraded.
l/pipewire-1.2.0-x86_64-1.txz: Upgraded.
n/krb5-1.21.3-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fix vulnerabilities in GSS message token handling.
Fix a potential bad pointer free in krb5_cccol_have_contents().
Fix a memory leak in the macOS ccache type.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-37370https://www.cve.org/CVERecord?id=CVE-2024-37371
(* Security fix *)
x/libinput-1.26.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/less-656-x86_64-1.txz: Upgraded.
d/luajit-2.1.1716656478-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Stuart Winter.
kde/digikam-8.3.0-x86_64-3.txz: Rebuilt.
Recompiled against opencv-4.10.0.
kde/plasma-workspace-5.27.11-x86_64-2.txz: Rebuilt.
Reverted to working version, even though this is never a fix. ;-)
l/Mako-1.3.5-x86_64-1.txz: Upgraded.
l/frei0r-plugins-2.3.2-x86_64-3.txz: Rebuilt.
Recompiled against opencv-4.10.0.
l/gst-plugins-bad-free-1.24.4-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.10.0.
l/opencv-4.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-certifi-2024.6.2-x86_64-1.txz: Upgraded.
l/vte-0.76.3-x86_64-1.txz: Upgraded.
l/wireplumber-0.5.3-x86_64-1.txz: Upgraded.
x/libdrm-2.4.121-x86_64-1.txz: Upgraded.
d/luajit-2.0.1716656478-x86_64-1.txz: Added.
Thanks to Erik Falor.
n/proftpd-1.3.8b-x86_64-4.txz: Rebuilt.
Build with mod_wrap2 and mod_wrap2_file instead of mod_wrap, which has
problems with ipv6. Thanks to jayjwa.
xap/mpv-0.38.0-x86_64-2.txz: Rebuilt.
[PATCH 1/4] av_common: parent mp_get_lavf_demuxer contents to the list.
[PATCH 2/4] stream: implement get_protocols method for stream_lavf.
[PATCH 3/4] build: dynamically generate mpv.desktop file protocols.
[PATCH 4/4] stream_lavf: don't add ffmpeg bluray or dvd protocols.
Thanks to gmgf.
Build against luajit. Thanks to pm_a_cup_of_tea.
a/hwdata-0.383-noarch-1.txz: Upgraded.
a/pciutils-3.13.0-x86_64-1.txz: Upgraded.
d/ccache-4.10-x86_64-1.txz: Upgraded.
d/meson-1.4.1-x86_64-1.txz: Upgraded.
d/ruby-3.3.2-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.11.1-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.11.1-x86_64-1.txz: Upgraded.
kde/tokodon-23.08.5-x86_64-1.txz: Added.
l/libvpx-1.14.1-x86_64-1.txz: Upgraded.
l/python-requests-2.32.3-x86_64-1.txz: Upgraded.
n/NetworkManager-1.48.0-x86_64-1.txz: Upgraded.
n/getmail-6.19.00-x86_64-1.txz: Upgraded.
x/libevdev-1.13.2-x86_64-1.txz: Upgraded.
x/wayland-1.23.0-x86_64-1.txz: Upgraded.
xap/gnuplot-6.0.1-x86_64-1.txz: Upgraded.
xap/mpv-0.38.0-x86_64-1.txz: Added.
Evidently we need one more media player. ;-)
Thanks to John Vogel Corning, Andreas Guldstrand, and Christoph Willing.
a/sysvinit-scripts-15.1-noarch-17.txz: Rebuilt.
rc.S: enable swapping on a ZRAM device, configurable in /etc/default/zram.
rc.S, rc.6: Don't use mount -n option.
l/adwaita-icon-theme-46.2-noarch-1.txz: Upgraded.
l/adwaita-icon-theme-legacy-20240517_7642b10-noarch-1.txz: Added.
Thanks to reddog83.
l/enchant-2.8.0-x86_64-1.txz: Upgraded.
l/ffmpeg-6.1.1-x86_64-3.txz: Rebuilt.
Patched to fix AV1 VA-API dropping frames. Thanks to fulalas.
l/python-zipp-3.19.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-126.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/126.0.1/releasenotes/
isolinux/initrd.img: Rebuilt.
Add /sbin/zramctl.
rc.S: Set up some swap on a ZRAM device.
SeTpartitions: Support installing to bcachefs filesystems.
SeTpartitions: quit offering reiserfs which will be gone in Linux 6.10.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Add /sbin/zramctl.
rc.S: Set up some swap on a ZRAM device.
SeTpartitions: Support installing to bcachefs filesystems.
SeTpartitions: quit offering reiserfs which will be gone in Linux 6.10.
ap/sqlite-3.46.0-x86_64-1.txz: Upgraded.
l/gvfs-1.54.1-x86_64-1.txz: Upgraded.
l/python-requests-2.32.2-x86_64-1.txz: Upgraded.
n/c-ares-1.29.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.8-x86_64-1.txz: Upgraded.
n/wsdd2-1.8.7-x86_64-1.txz: Added.
Needed by Samba to enable share discovery.
Thanks to mistfire and Tim Dickson.
a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
d/git-2.45.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002https://www.cve.org/CVERecord?id=CVE-2024-32004https://www.cve.org/CVERecord?id=CVE-2024-32020https://www.cve.org/CVERecord?id=CVE-2024-32021https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
d/strace-6.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
BCACHEFS_FS m -> y
CRYPTO_CHACHA20 m -> y
CRYPTO_LIB_CHACHA_GENERIC m -> y
CRYPTO_LIB_POLY1305_GENERIC m -> y
CRYPTO_POLY1305 m -> y
MITIGATION_GDS_FORCE y -> n
kde/wcslib-8.3-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
n/bind-9.18.27-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/mercurial-6.7.3-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_32-x86_64-2.txz: Rebuilt.
Add INSTALL_BASE= to --with-perl-options= to fix perl modules installation
not honoring $LIBDIRSUFFIX since 7.1.1-30. Thanks to HQuest.
l/libqalculate-5.1.1-x86_64-1.txz: Upgraded.
l/nodejs-20.13.0-x86_64-1.txz: Upgraded.
l/python-typing_extensions-4.11.0-x86_64-1.txz: Removed.
No longer needed with the upgrade to python-setuptools_scm-8.1.0.
Thanks to audriusk for the reminder.
x/anthy-unicode-1.0.0.20240502-x86_64-1.txz: Upgraded.
a/kernel-firmware-20240426_fc21f47-noarch-1.txz: Upgraded.
ap/cups-2.4.7-x86_64-3.txz: Rebuilt.
Rebuild using --with-rundir=/run/cups.
ap/cups-browsed-2.0.0-x86_64-1.txz: Added.
This is the CUPS/IPP print queue browser daemon, previously part of the
cups-filters package.
ap/cups-filters-2.0.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.4-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.0.0-x86_64-1.txz: Added.
This is required by cups-filters-2.0.0.
l/libppd-2.0.0-x86_64-1.txz: Added.
This is required by cups-filters-2.0.0.
l/libproxy-0.5.6-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.36-noarch-1.txz: Upgraded.
xap/mozilla-firefox-125.0.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-125.0-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Removed.
l/imagemagick-7.1.1_29-x86_64-1.txz: Upgraded.
Revert to the previous ImageMagick because the latest one is destroying SVG
files if "identify" or "display" is used on them.
Thanks to pc2005.
a/etc-15.1-x86_64-10.txz: Rebuilt.
Added nut user (218) and nut group (218).
a/genpower-1.0.5-x86_64-5.txz: Removed.
a/nut-2.8.2-x86_64-1.txz: Added.
This is a package to support uninterruptible power supplies, and replaces
the obsolete genpower package.
Thanks to V'yacheslav Stetskevych for the original SBo script.
a/sysvinit-scripts-15.1-noarch-16.txz: Rebuilt.
rc.M: start the NUT init scripts rc.nut-drvctl, rc.nut-upsd, and
rc.nut-upsmon. Remove the genpower block.
rc.6: support stopping the UPS inverter on the way down if we see
/etc/killpower. Remove the genpower block.
a/tcsh-6.24.12-x86_64-1.txz: Upgraded.
ap/man-db-2.12.1-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-1.txz: Upgraded.
ap/vim-9.1.0265-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.14-x86_64-1.txz: Upgraded.
d/nasm-2.16.02-x86_64-1.txz: Upgraded.
l/libproxy-0.5.5-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.5-x86_64-1.txz: Upgraded.
l/python-typing_extensions-4.11.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.16-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0265-x86_64-1.txz: Upgraded.
extra/bash-completion/bash-completion-2.13.0-noarch-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.13.1-x86_64-5.txz: Rebuilt.
Recompiled against xorg-server-21.1.12 to fix security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-31080https://www.cve.org/CVERecord?id=CVE-2024-31081https://www.cve.org/CVERecord?id=CVE-2024-31082https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
a/hwdata-0.381-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.25-x86_64-1.txz: Upgraded.
d/cmake-3.29.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.25-x86-1.txz: Upgraded.
d/llvm-18.1.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.25-noarch-1.txz: Upgraded.
kde/kstars-3.7.0-x86_64-1.txz: Upgraded.
l/enchant-2.6.9-x86_64-1.txz: Upgraded.
l/libclc-18.1.3-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.03-noarch-1.txz: Upgraded.
n/gnutls-3.8.5-x86_64-1.txz: Upgraded.
n/httpd-2.4.59-x86_64-1.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59https://www.cve.org/CVERecord?id=CVE-2024-27316https://www.cve.org/CVERecord?id=CVE-2024-24795https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
n/nghttp2-1.61.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57qhttps://www.kb.cert.org/vuls/id/421644https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
x/xdg-desktop-portal-1.18.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.24-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.24-x86-1.txz: Upgraded.
d/python3-3.11.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.24-noarch-1.txz: Upgraded.
-AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT n
-GCC11_NO_ARRAY_BOUNDS y
NUMA_BALANCING n -> y
+GCC10_NO_ARRAY_BOUNDS y
+NUMA_BALANCING_DEFAULT_ENABLED y
kde/libindi-2.0.7-x86_64-1.txz: Upgraded.
l/SDL2-2.30.2-x86_64-1.txz: Upgraded.
l/aom-3.8.2-x86_64-1.txz: Added.
Needed to add AV1 encode/decode support to ffmpeg.
Thanks to Andrew Strong.
l/dav1d-1.4.1-x86_64-1.txz: Added.
Needed to add AV1 decode support to ffmpeg.
l/ffmpeg-6.1.1-x86_64-2.txz: Rebuilt.
Patched to build with nv-codec-headers-12.2.72.0. Thanks to J_W.
Compiled against aom-3.8.2 and dav1d-1.4.1 for AV1 support.
Thanks to glennmcc.
l/gtk4-4.14.2-x86_64-1.txz: Upgraded.
n/whois-5.5.22-x86_64-1.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/MPlayer-20240403-x86_64-1.txz: Upgraded.
Compiled using --enable-libaom-lavc and --enable-libdav1d-lavc.
Thanks to glennmcc.
xap/pan-0.157-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/xz-5.6.1-x86_64-3.txz: Rebuilt.
[PATCH] CMake: Fix sabotaged Landlock sandbox check.
We don't build with CMake (yet), but it doesn't hurt to apply this.
d/mercurial-6.7.2-x86_64-1.txz: Upgraded.
l/boost-1.84.0-x86_64-3.txz: Rebuilt.
Recompiled against python-3.11.8. Thanks to rinza.
l/python-pycparser-2.22-x86_64-1.txz: Upgraded.
l/python-pytz-2024.1-x86_64-2.txz: Removed.
No longer needed with python-3.11. Thanks to audriusk.
l/python-tomli-2.0.1-x86_64-2.txz: Removed.
No longer needed with python-3.11. Thanks to TommyC7 and audriusk.
n/c-ares-1.28.0-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.9-x86_64-1.txz: Upgraded.
extra/brltty/brltty-6.6-x86_64-4.txz: Rebuilt.
Don't install anything under /usr/local. Thanks to reddog83.