d/mercurial-6.7.1-x86_64-1.txz: Upgraded.
d/rust-1.77.0-x86_64-1.txz: Upgraded.
l/cairomm1-1.18.0-x86_64-1.txz: Added.
Thanks to jloco.
l/glibmm2-2.78.1-x86_64-1.txz: Added.
Thanks to jloco.
l/gtkmm4-4.12.0-x86_64-1.txz: Added.
Thanks to jloco.
l/libclc-18.1.2-x86_64-1.txz: Upgraded.
l/pangomm-2.46.4-x86_64-1.txz: Upgraded.
l/pangomm2-2.50.2-x86_64-1.txz: Added.
Thanks to jloco.
n/openvpn-2.6.10-x86_64-1.txz: Upgraded.
x/libkkc-0.3.5-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/libkkc-data-0.2.7-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/marisa-0.2.6-x86_64-8.txz: Rebuilt.
Drop python2 support and rebuild marisa module for python3.
x/wayland-protocols-1.34-noarch-1.txz: Upgraded.
a/libblockdev-2.28-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/sysvinit-scripts-15.1-noarch-15.txz: Rebuilt.
rc.M: start rc.iceccd and rc.icecc-scheduler earlier.
a/util-linux-2.39.3-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/volume_key-0.3.12-x86_64-6.txz: Rebuilt.
Drop python2 support.
ap/man-pages-6.7-noarch-1.txz: Upgraded.
d/cmake-3.28.4-x86_64-1.txz: Upgraded.
d/llvm-18.1.2-x86_64-1.txz: Upgraded.
d/python2-2.7.18-x86_64-7.txz: Rebuilt.
Bundle the final python2 versions of pip and setuptools.
Drop the /usr/bin/python symlink.
d/python3-3.9.19-x86_64-1.txz: Upgraded.
Point the /usr/bin/python symlink at python3.9.
PEP 394 says we can do this, and in a world of ambigious shebangs, this
is probably the best of the available options.
This update also fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:
https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-52425https://www.cve.org/CVERecord?id=CVE-2024-0450https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
d/strace-6.8-x86_64-1.txz: Upgraded.
kde/kross-interpreters-23.08.5-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/libxml2-2.12.6-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/mozjs115-115.9.0esr-x86_64-2.txz: Rebuilt.
Fixed installed library name. Thanks to reddog83.
Fixed slack-desc. Thanks to r1w1s1.
l/phonon-4.12.0-x86_64-1.txz: Upgraded.
l/pilot-link-0.12.5-x86_64-17.txz: Rebuilt.
Drop python2 support.
l/python2-module-collection-2.7.18-x86_64-6.txz: Removed.
Good bye!
l/python2-pycairo-1.18.2-x86_64-1.txz: Added.
We'll need this (along with pygtk and pygobject) until we get gimp3.
Well, we could build gimp without python support, but I really don't think
that's the route we want to take.
n/bind-9.18.25-x86_64-1.txz: Upgraded.
n/crda-4.15-x86_64-1.txz: Removed.
The kernel is able to load from wireless-regdb directly. Obsolete.
n/getmail-6.18.14-x86_64-1.txz: Upgraded.
n/gpgme-1.23.2-x86_64-2.txz: Rebuilt.
Drop python2 support.
n/obexftp-0.24.2-x86_64-11.txz: Rebuilt.
Drop python2 support.
n/wireless-regdb-2024.01.23-x86_64-1.txz: Added.
Wireless regulatory database, previously bundled with crda.
x/ibus-1.5.29-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/libkkc-0.3.5-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/libkkc-data-0.2.7-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/xcb-proto-1.16.0-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/xpyb-1.3.1-x86_64-7.txz: Removed.
Nothing uses it, and it was never updated for python3. Removed as obsolete.
d/perl-5.38.2-x86_64-2.txz: Rebuilt.
Added IO-Tty-1.20, needed by mosh.
Upgraded: DBD-mysql-4.051, URI-5.27, XML-Parser-2.47, IO-Socket-SSL-2.085,
and Net-SSLeay-1.94.
kde/cantor-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/plasma-workspace-5.27.11-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/step-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
l/abseil-cpp-20240116.1-x86_64-1.txz: Added.
Needed for protobuf and mosh.
l/libgnt-2.14.3-x86_64-2.txz: Rebuilt.
Build with -Dpython2=false. Thanks to USUARIONUEVO.
l/libqalculate-5.0.0-x86_64-2.txz: Rebuilt.
Shared library .so-version bump.
Thanks to gmgf.
l/protobuf-26.0-x86_64-1.txz: Added.
Needed for mosh.
n/mosh-1.4.0-x86_64-1.txz: Added.
Thanks to unInstance for cueing me in on this one.
n/pinentry-1.3.0-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.3.275.0-x86_64-2.txz: Rebuilt.
Build glslang with -DENABLE_OPT=Off. Thanks to F0nix.
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
1d50b80cf3https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
ap/ghostscript-10.03.0-x86_64-1.txz: Upgraded.
This update addresses a security issue:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
(* Security fix *)
ap/lxc-4.0.12-x86_64-3.txz: Rebuilt.
lxc-slackware.in: include gnupg2 (not gnupg) for slackpkg.
ap/slackpkg-15.0.10-noarch-3.txz: Rebuilt.
core-functions.sh: use gpg2, not gpg.
d/Cython-3.0.9-x86_64-1.txz: Upgraded.
d/git-2.44.0-x86_64-2.txz: Rebuilt.
Include git-subtree. Thanks to gwhl.
d/llvm-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
kde/kdevelop-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/openexr-3.2.3-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-7.0.2-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.3.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240228_6609503f-x86_64-1.txz: Upgraded.
Compiled against llvm-18.1.0.
l/qt6-6.6.2_20240210_15b7e743-x86_64-3.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/spirv-llvm-translator-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/gnupg2-2.4.5-x86_64-1.txz: Upgraded.
n/libassuan-2.5.7-x86_64-1.txz: Upgraded.
n/postfix-3.9.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.2-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0 and spirv-llvm-translator-18.1.0.
isolinux/initrd.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
a/aaa_libraries-15.1-x86_64-26.txz: Rebuilt.
Upgraded: libacl.so.1.1.2302, libattr.so.1.1.2502, liblzma.so.5.4.6,
libpcre2-8.so.0.12.0, libz.so.1.3.1, libcares.so.2.11.0,
libexpat.so.1.9.0, libffi.so.8.1.4, libglib-2.0.so.0.7800.4,
libgmodule-2.0.so.0.7800.4, libgobject-2.0.so.0.7800.4,
libgthread-2.0.so.0.7800.4, libidn.so.12.6.5, libidn2.so.0.4.0,
libpng16.so.16.41.0, libpsl.so.5.3.5, libtdb.so.1.4.10, libusb-1.0.so.0.4.0.
a/etc-15.1-x86_64-5.txz: Rebuilt.
Added UID 214 and GID 214 for avahi.
a/gettext-0.22.5-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-9.txz: Rebuilt.
setup.services: support rc.avahidaemon and rc.avahidnsconfd.
a/sysvinit-scripts-15.1-noarch-13.txz: Rebuilt.
rc.M: start (if executable) rc.avahidaemon and rc.avahidnsconfd.
ap/cups-2.4.7-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
ap/cups-filters-1.28.17-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
ap/hplip-3.23.12-x86_64-1.txz: Upgraded.
Compiled against avahi.
ap/xmltoman-0.6-x86_64-1.txz: Added.
This is needed to generate manpages for avahi.
d/distcc-3.4-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
d/gettext-tools-0.22.5-x86_64-1.txz: Upgraded.
l/avahi-20240220_dffd549-x86_64-1.txz: Added.
It was either this, or drop (or fork) hplip. We'll enjoy it in the long run.
Thanks to David Somero for the original build script, and to Robby Workman
for years of maintenance.
Signed-off-by: volkerdi
Acked-by: alienBOB
l/libdaemon-0.14-x86_64-1.txz: Added.
This is needed by avahi.
l/pipewire-1.0.3-x86_64-5.txz: Rebuilt.
Recompiled against avahi.
l/pulseaudio-17.0-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
n/NetworkManager-1.46.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.18-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
n/samba-4.19.5-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
xap/pidgin-2.14.12-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
xap/sane-1.2.1-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
extra/bash-completion/bash-completion-2.12.0-noarch-1.txz: Upgraded.
a/btrfs-progs-6.7.1-x86_64-1.txz: Upgraded.
a/ed-1.20.1-x86_64-1.txz: Upgraded.
a/shadow-4.14.5-x86_64-1.txz: Upgraded.
d/git-2.43.2-x86_64-1.txz: Upgraded.
d/meson-1.3.2-x86_64-1.txz: Upgraded.
d/tree-sitter-0.20.9-x86_64-1.txz: Upgraded.
e/emacs-29.2-x86_64-2.txz: Rebuilt.
Compiled with support for pdumper and native compilation.
The emacs-no-x11 binary has been dropped from the package because when
pdumper is used the support files need to be matched to a specific binary.
If you need a non-X console version of Emacs (or just want to reduce the
footprint) a traditional build is available in /extra.
Thanks to drgibbon who requested this long ago. :-)
Thanks to Didier Spaier for the sample build script.
l/libnvme-1.8-x86_64-1.txz: Upgraded.
xap/xlockmore-5.75-x86_64-1.txz: Upgraded.
extra/emacs-regular-build/emacs-29.2-x86_64-2_regular.txz: Added.
A "regular" build of Emacs like was previously in the main tree, with a
version supporting X11/GTK+3, and a non-X console version.
a/procps-ng-4.0.4-x86_64-1.txz: Upgraded.
a/shadow-4.14.4-x86_64-1.txz: Upgraded.
ap/man-pages-6.06-noarch-1.txz: Upgraded.
ap/vim-9.1.0098-x86_64-1.txz: Upgraded.
d/libgccjit-13.2.0-x86_64-1.txz: Added.
If we can ship GCC's D and Modula-2 support, then we can ship this.
We'll probably find a use for it. ;-)
Thanks to Didier Spaier for hints on the build script.
d/mercurial-6.6.3-x86_64-1.txz: Upgraded.
d/rust-1.76.0-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-1.txz: Upgraded.
l/openexr-3.2.2-x86_64-1.txz: Upgraded.
l/pango-1.51.2-x86_64-1.txz: Upgraded.
l/python-calver-2022.6.26-x86_64-1.txz: Added.
Needed for python-trove-classifiers. Thanks to lucabon.
n/openvpn-2.6.9-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0098-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Added.
Let's move this here since it's lagging behind the latest Rust.
ap/nvme-cli-2.7.1-x86_64-1.txz: Upgraded.
l/libnvme-1.7.1-x86_64-1.txz: Added.
This is required by nvme-cli.
l/pipewire-1.0.2-x86_64-1.txz: Upgraded.
n/curl-8.6.0-x86_64-1.txz: Upgraded.
n/libmilter-8.18.1-x86_64-1.txz: Upgraded.
extra/sendmail/sendmail-8.18.1-x86_64-1.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1.txz: Upgraded.
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727https://www.cve.org/CVERecord?id=CVE-2023-6237https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
ap/diffstat-1.66-x86_64-1.txz: Upgraded.
ap/moc-2.6_alpha3-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
ap/vim-9.1.0061-x86_64-1.txz: Upgraded.
d/nv-codec-headers-12.1.14.0-x86_64-1.txz: Added.
Needed to build support for nvidia hardware decoders/encoders on newer GPUs.
gst-plugins-bad can use it too.
Thanks to Heinz Wiesinger.
kde/digikam-8.2.0-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/ffmpegthumbs-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/k3b-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/kfilemetadata-5.114.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/kpipewire-5.27.10-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/Imath-3.1.10-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.2.7.1-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/ffmpeg-6.1.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Added some new build options in the SlackBuild.
Use shaderc instead of glslang.
Build against libgcrypt to enable support for RTMP[E].
Enable support for lcms2.
Build against libass, libplacebo, and nv-codec-headers.
Thanks to Heinz Wiesinger.
l/gegl-0.4.46-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/gst-plugins-bad-free-1.22.9-x86_64-2.txz: Rebuilt.
Recompiled against libass-0.17.1.
l/gst-plugins-libav-1.22.9-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/libass-0.17.1-x86_64-1.txz: Added.
Adds ASS/SSA subtitle renderer (commonly used in the anime community).
adapted SlackBuild from SBo, original by Larry Hajali/Matteo Bernardini.
MPlayer and gst-plugins-bad can use it too.
Thanks to Heinz Wiesinger.
l/libplacebo-6.338.2-x86_64-1.txz: Added.
Adds various hardware accelerated filters such as HDR -> SDR tone mapping.
adapted SlackBuild from SBo, original by Hunter Sezen/Christoph Willing.
Thanks to Heinz Wiesinger.
l/mlt-7.22.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/netpbm-11.05.02-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/pipewire-1.0.1-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
x/pixman-0.43.2-x86_64-1.txz: Upgraded.
xap/MPlayer-20240127-x86_64-1.txz: Upgraded.
Compiled against ffmpeg-6.1.1 and libass-0.17.1.
xap/audacious-plugins-4.3.1-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/ffmpegthumbnailer-2.2.2-x86_64-5.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/freerdp-2.11.5-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/ssr-0.4.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/vim-gvim-9.1.0061-x86_64-1.txz: Upgraded.
xap/xine-lib-1.2.13-x86_64-6.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/xscreensaver-6.08-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
extra/tigervnc/tigervnc-1.13.1-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
a/sysvinit-scripts-15.1-noarch-10.txz: Rebuilt.
rc.M: Fix the name of the LDAP name service daemon (rc.nss-pam-ldap).
Thanks to 0XBF.
d/subversion-1.14.3-x86_64-1.txz: Upgraded.
l/libvisual-0.4.2-x86_64-1.txz: Upgraded.
l/libvisual-plugins-0.4.2-x86_64-1.txz: Upgraded.
l/netpbm-11.05.01-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.9-x86_64-1.txz: Upgraded.
testing/packages/grub-2.12-x86_64-1.txz: Added.
d/perl-5.38.1-x86_64-1.txz: Upgraded.
Upgraded: Authen-SASL-2.1700, IO-Socket-SSL-2.084, URI-5.21.
l/pipewire-1.0.0-x86_64-1.txz: Upgraded.
l/python-toml-0.10.2-x86_64-1.txz: Removed.
I'm told gi-docgen was ported to python-tomli earlier this year, so we don't
need this after all. Out it goes.
Thanks to Heinz Wiesinger.
l/v4l-utils-1.26.0-x86_64-1.txz: Upgraded.
xfce/xfce4-whiskermenu-plugin-2.8.2-x86_64-1.txz: Upgraded.
a/kernel-firmware-20231117_7124ce3-noarch-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.12-x86_64-1.txz: Upgraded.
kde/wcslib-8.2.1-x86_64-1.txz: Upgraded.
l/gtk4-4.12.4-x86_64-1.txz: Upgraded.
n/ca-certificates-20231117-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/openvpn-2.6.8-x86_64-1.txz: Upgraded.
n/socat-1.8.0.0-x86_64-1.txz: Upgraded.
x/ibus-1.5.29-x86_64-1.txz: Upgraded.
a/pam-1.5.3-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
a/userspace-rcu-0.14.0-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
ap/mariadb-10.11.6-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Vulnerability allows high privileged attacker with network access via
multiple protocols to compromise the server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
(* Security fix *)
d/llvm-17.0.5-x86_64-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-3.txz: Rebuilt.
Only move the udev rule to /lib, don't grab libraries or pkgconfig files
from under /usr.
d/rust-1.70.0-x86_64-3.txz: Rebuilt.
Fixed the installation of rls and added rust-analyzer (the successor to rls)
and rust-demangler. Thanks to Heinz Wiesinger.
l/enchant-2.6.2-x86_64-1.txz: Upgraded.
l/gexiv2-0.14.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
l/libsigc++3-3.6.0-x86_64-1.txz: Upgraded.
l/vid.stab-1.1.1-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.23-x86_64-1.txz: Upgraded.
testing/packages/rust-1.73.0-x86_64-2.txz: Rebuilt.
Fixed the installation of rls and added rust-analyzer (the successor to rls)
and rust-demangler. Thanks to Heinz Wiesinger.
a/util-linux-2.39.2-x86_64-2.txz: Rebuilt.
Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
'-h' option, used (for example) by telnetd. If -h is used without
/etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
will be ignored, possibly allowing root to login from a tty that is not
considered secure. Of course, the usual disclaimers about the security of
telnet/telnetd apply.
Thanks to HytronBG and Petri Kaukasoina.
(* Security fix *)
ap/qpdf-11.6.3-x86_64-1.txz: Upgraded.
d/llvm-17.0.3-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-3.0.1-x86_64-1.txz: Upgraded.
l/tevent-0.16.0-x86_64-1.txz: Upgraded.
n/samba-4.19.2-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5568
(* Security fix *)
x/OpenCC-1.1.7-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.2-x86_64-1.txz: Upgraded.
a/aaa_glibc-solibs-2.37-x86_64-3.txz: Rebuilt.
a/dialog-1.3_20231002-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.3-x86_64-1.txz: Upgraded.
d/llvm-17.0.2-x86_64-1.txz: Upgraded.
d/meson-1.2.2-x86_64-2.txz: Rebuilt.
[PATCH] Revert rust: apply global, project, and environment C args to bindgen.
This fixes building Mesa.
Thanks to lucabon and marav.
kde/calligra-3.2.1-x86_64-34.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/cantor-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kfilemetadata-5.110.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kile-2.9.93-x86_64-28.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kitinerary-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/krita-5.1.5-x86_64-15.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/okular-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
l/glibc-2.37-x86_64-3.txz: Rebuilt.
l/glibc-i18n-2.37-x86_64-3.txz: Rebuilt.
Patched to fix the "Looney Tunables" vulnerability, a local privilege
escalation in ld.so. This vulnerability was introduced in April 2021
(glibc 2.34) by commit 2ed18c.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://www.cve.org/CVERecord?id=CVE-2023-4911
(* Security fix *)
l/glibc-profile-2.37-x86_64-3.txz: Rebuilt.
l/mozilla-nss-3.94-x86_64-1.txz: Upgraded.
l/poppler-23.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.44.2-x86_64-1.txz: Upgraded.
n/irssi-1.4.5-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-gtk-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-m17n-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-table-extra-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-table-other-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-unikey-5.1.1-x86_64-1.txz: Upgraded.
x/libX11-1.8.7-x86_64-1.txz: Upgraded.
This update fixes security issues:
libX11: out-of-bounds memory access in _XkbReadKeySyms().
libX11: stack exhaustion from infinite recursion in PutSubImage().
libX11: integer overflow in XCreateImage() leading to a heap overflow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-43785https://www.cve.org/CVERecord?id=CVE-2023-43786https://www.cve.org/CVERecord?id=CVE-2023-43787
(* Security fix *)
x/libXpm-3.5.17-x86_64-1.txz: Upgraded.
This update fixes security issues:
libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
libXpm: out of bounds read on XPM with corrupted colormap.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-43788https://www.cve.org/CVERecord?id=CVE-2023-43789
(* Security fix *)
testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
testing/packages/glibc-2.38-x86_64-2.txz: Rebuilt.
Patched to fix the "Looney Tunables" vulnerability, a local privilege
escalation in ld.so. This vulnerability was introduced in April 2021
(glibc 2.34) by commit 2ed18c.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://www.cve.org/CVERecord?id=CVE-2023-4911
(* Security fix *)
testing/packages/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
testing/packages/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
a/gettext-0.22.2-x86_64-1.txz: Upgraded.
ap/cups-2.4.7-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fixed Heap-based buffer overflow when reading Postscript in PPD files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4504
(* Security fix *)
d/cmake-3.27.6-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.2-x86_64-1.txz: Upgraded.
l/dconf-editor-45.0.1-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.22.6-x86_64-1.txz: Upgraded.
l/gstreamer-1.22.6-x86_64-1.txz: Upgraded.
l/gtk4-4.12.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_17-x86_64-1.txz: Upgraded.
n/bind-9.18.19-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Limit the amount of recursion that can be performed by isccc_cc_fromwire.
Fix use-after-free error in TLS DNS code when sending data.
For more information, see:
https://kb.isc.org/docs/cve-2023-3341https://www.cve.org/CVERecord?id=CVE-2023-3341https://kb.isc.org/docs/cve-2023-4236https://www.cve.org/CVERecord?id=CVE-2023-4236
(* Security fix *)
n/stunnel-5.71-x86_64-1.txz: Upgraded.
x/mesa-23.1.8-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.2.1-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.2.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
xap/seamonkey-2.53.17.1-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.17.1https://www.cve.org/CVERecord?id=CVE-2023-4863
(* Security fix *)
a/sysklogd-2.5.2-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.11-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-45.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-45.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_16-x86_64-1.txz: Upgraded.
l/libdeflate-1.19-x86_64-1.txz: Upgraded.
l/libqalculate-4.8.1-x86_64-1.txz: Upgraded.
l/vte-0.74.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.17-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Validate data type in dalloc_value_for_key(). This flaw could allow a
malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
execute arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42464
(* Security fix *)
ap/ksh93-1.0.7-x86_64-1.txz: Upgraded.
d/cmake-3.27.5-x86_64-1.txz: Upgraded.
d/python3-3.9.18-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fixed an issue where instances of ssl.SSLSocket were vulnerable to a bypass
of the TLS handshake and included protections (like certificate verification)
and treating sent unencrypted data as if it were post-handshake TLS encrypted
data. Security issue reported by Aapo Oksman; patch by Gregory P. Smith.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-40217
(* Security fix *)
l/gvfs-1.52.0-x86_64-1.txz: Upgraded.
l/mozjs102-102.15.1esr-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21-x86_64-1.txz: Upgraded.
x/ibus-table-1.17.3-x86_64-1.txz: Upgraded.
x/igt-gpu-tools-1.28-x86_64-1.txz: Upgraded.
x/libva-2.20.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.20.0-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.18-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230906_ad03b85-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.52-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.52-x86-1.txz: Upgraded.
d/lua-5.4.6-x86_64-3.txz: Rebuilt.
Set MYCFLAGS rather than CFLAGS in the build script to keep the other
default CFLAGS in src/Makefile. This automatically sets -DLUA_USE_LINUX
as well as -DLUA_COMPAT_5_3.
d/mercurial-6.5.2-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.52-noarch-1.txz: Upgraded.
kde/alkimia-8.1.2-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-33.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/cantor-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kfilemetadata-5.109.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kile-2.9.93-x86_64-27.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kitinerary-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/krita-5.1.5-x86_64-14.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/ktextaddons-1.5.0-x86_64-1.txz: Upgraded.
kde/okular-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
l/poppler-23.09.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/zstd-1.5.5-x86_64-3.txz: Rebuilt.
Fix library path in zstdTargets-release.cmake.
Thanks to Steven Voges and gian_d.
Use additional build options:
-DZSTD_BUILD_STATIC=OFF -DZSTD_PROGRAMS_LINK_SHARED=ON -DZSTD_LZ4_SUPPORT=ON
-DZSTD_LZMA_SUPPORT=ON -DZSTD_ZLIB_SUPPORT=ON
Thanks to USUARIONUEVO.
n/iproute2-6.5.0-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-5.txz: Rebuilt.
Recompiled against zlib-1.3 to fix lualatex.
Thanks to unInstance and marav.
x/ibus-libpinyin-1.15.4-x86_64-1.txz: Upgraded.
x/mesa-23.1.7-x86_64-1.txz: Upgraded.
xap/gnuplot-5.4.9-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
