a/pam-1.5.3-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
a/userspace-rcu-0.14.0-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
ap/mariadb-10.11.6-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Vulnerability allows high privileged attacker with network access via
multiple protocols to compromise the server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
(* Security fix *)
d/llvm-17.0.5-x86_64-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-3.txz: Rebuilt.
Only move the udev rule to /lib, don't grab libraries or pkgconfig files
from under /usr.
a/kbd-2.6.3-x86_64-1.txz: Upgraded.
Thanks to Robby Workman.
a/kernel-firmware-20231107_2340796-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.62-x86_64-1.txz: Upgraded.
ap/sudo-1.9.15p1-x86_64-1.txz: Upgraded.
This is a bugfix release:
Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
from being able to read the ldap.conf file.
d/kernel-headers-6.1.62-x86-1.txz: Upgraded.
k/kernel-source-6.1.62-noarch-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.0-x86_64-1.txz: Upgraded.
l/liburing-2.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.4.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
xap/xlockmore-5.74-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/gawk-5.3.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20231030_2b304bf-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.61-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.61-x86_64-1.txz: Upgraded.
-EXT2_FS_POSIX_ACL y
-EXT2_FS_SECURITY y
-EXT2_FS_XATTR y
-EXT3_FS_POSIX_ACL y
-EXT3_FS_SECURITY y
EXT2_FS y -> n
EXT3_FS y -> n
NLS_ISO8859_15 m -> y
SCSI_SMARTPQI m -> y
+EXT4_USE_FOR_EXT2 y
a/kernel-modules-6.1.61-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.61-x86-1.txz: Upgraded.
k/kernel-source-6.1.61-noarch-1.txz: Upgraded.
-EXT2_FS_POSIX_ACL y
-EXT2_FS_SECURITY y
-EXT2_FS_XATTR y
-EXT3_FS_POSIX_ACL y
-EXT3_FS_SECURITY y
EXT2_FS y -> n
EXT3_FS y -> n
NLS_ISO8859_1 m -> y
NLS_ISO8859_15 m -> y
NLS_UTF8 m -> y
SCSI_VIRTIO m -> y
+EXT4_USE_FOR_EXT2 y
kde/calligra-3.2.1-x86_64-35.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/cantor-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/fcitx5-configtool-5.1.2-x86_64-1.txz: Upgraded.
kde/kfilemetadata-5.111.0-x86_64-3.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/kile-2.9.93-x86_64-29.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/kitinerary-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/krita-5.2.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
kde/okular-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.11.0.
l/pipewire-0.3.84-x86_64-1.txz: Upgraded.
l/poppler-23.11.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/postfix-3.8.3-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.1-x86_64-1.txz: Upgraded.
x/libime-1.1.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/exfatprogs-1.2.2-x86_64-1.txz: Upgraded.
kde/digikam-8.1.0-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/gwenview-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/kfilemetadata-5.111.0-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/krename-5.0.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/krita-5.2.0-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/libkexiv2-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
l/QtAV-20220226_fdc613dc-x86_64-1.txz: Removed.
This is no longer used by digikam, so let's just remove it.
l/exiv2-0.28.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libsoup3-3.4.4-x86_64-1.txz: Upgraded.
n/c-ares-1.21.0-x86_64-1.txz: Upgraded.
n/gpgme-1.23.1-x86_64-1.txz: Upgraded.
n/nghttp2-1.58.0-x86_64-1.txz: Upgraded.
xap/geeqie-2.1-x86_64-3.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
a/kernel-firmware-20231024_4ee0175-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.60-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.60-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.60-x86_64-1.txz: Upgraded.
a/shadow-4.14.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.60-x86-1.txz: Upgraded.
k/kernel-source-6.1.60-noarch-1.txz: Upgraded.
Hey folks, if you've been following LQ you know I've talked before about
dropping the huge kernel and moving the distribution to use only the generic
kernel plus an initrd. After mulling this over for a few months, I think I
was looking at the problem in the wrong way. First of all, it's clear that
some Slackware users have been using the huge kernel all along, without an
initrd, and are (to say the least) unhappy about the prospect of a new
requirement to start using one. I've been recommending the generic kernel for
some time, and a major reason is that we've been using the same set of kernel
modules with two slightly different kernels. Because of this, there have
always been a few (generally seldom used) kernel modules that won't load into
the huge kernel. These are things that aren't built into the huge kernel, but
because of a difference in some kernel module dependency, they won't load.
The conclusion that I've come to here is that rather than drop the huge
kernel, or slap a LOCALVERSION on it and provide a whole duplicate tree of
kernel modules especially for the huge kernel, it would be better to make the
generic kernel more huge, and minimize the differences between the two kernel
configs.
That's what I've done here.
Shown below are the differences between the previous generic kernel config
and the one shipping in this update. You'll notice that most of the popular
filesystems are built in. At this point the main difference it that the huge
kernel has a couple of dozen SCSI drivers built into it. The modules for those
drivers won't load into the huge kernel, but they're fully built in so that
doesn't matter. If you find any other modules that will not load into the huge
kernel, please make a note about it on LQ and I'll see what can be done.
So, tl;dr - what does this change mean?
Unless your root device is on SCSI, if you were able to use the huge kernel
without an initrd previously, you should now be able to use the generic
kernel without an initrd. The kernel is a bit bigger, but we probably have
enough RAM these days that it won't make a difference.
Enjoy! :-)
-CIFS_SMB_DIRECT n
9P_FS m -> y
9P_FSCACHE n -> y
BTRFS_FS m -> y
CIFS m -> y
CRYPTO_CMAC m -> y
CRYPTO_CRC32 m -> y
CRYPTO_XXHASH m -> y
CRYPTO_ZSTD m -> y
EFIVAR_FS m -> y
EXFAT_FS m -> y
EXT2_FS m -> y
EXT3_FS m -> y
EXT4_FS m -> y
F2FS_FS m -> y
FAILOVER m -> y
FAT_FS m -> y
FSCACHE m -> y
FS_ENCRYPTION_ALGS m -> y
FS_MBCACHE m -> y
HW_RANDOM_VIRTIO m -> y
ISO9660_FS m -> y
JBD2 m -> y
JFS_FS m -> y
LZ4HC_COMPRESS m -> y
LZ4_COMPRESS m -> y
MSDOS_FS m -> y
NETFS_SUPPORT m -> y
NET_9P m -> y
NET_9P_FD m -> y
NET_9P_VIRTIO m -> y
NET_FAILOVER m -> y
NFSD m -> y
NLS_CODEPAGE_437 m -> y
NTFS3_FS m -> y
NTFS_FS m -> y
PSTORE_LZ4_COMPRESS n -> m
PSTORE_LZO_COMPRESS n -> m
PSTORE_ZSTD_COMPRESS n -> y
QFMT_V2 m -> y
QUOTA_TREE m -> y
REISERFS_FS m -> y
RPCSEC_GSS_KRB5 m -> y
SMBFS m -> y
SQUASHFS m -> y
UDF_FS m -> y
VFAT_FS m -> y
VIRTIO_BALLOON m -> y
VIRTIO_BLK m -> y
VIRTIO_CONSOLE m -> y
VIRTIO_INPUT m -> y
VIRTIO_MMIO m -> y
VIRTIO_NET m -> y
VIRTIO_PCI m -> y
VIRTIO_PCI_LIB m -> y
VIRTIO_PCI_LIB_LEGACY m -> y
VIRTIO_PMEM m -> y
XFS_FS m -> y
ZONEFS_FS n -> m
ZSTD_COMPRESS m -> y
+NFS_FSCACHE y
+PSTORE_LZ4_COMPRESS_DEFAULT n
+PSTORE_LZO_COMPRESS_DEFAULT n
+PSTORE_ZSTD_COMPRESS_DEFAULT n
kde/plasma-workspace-5.27.9.1-x86_64-1.txz: Upgraded.
l/glib2-2.78.1-x86_64-1.txz: Upgraded.
l/netpbm-11.04.03-x86_64-1.txz: Upgraded.
l/newt-0.52.24-x86_64-1.txz: Upgraded.
n/gpgme-1.23.0-x86_64-1.txz: Upgraded.
n/p11-kit-0.25.1-x86_64-1.txz: Upgraded.
n/php-8.2.12-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.12
x/xorg-server-21.1.9-x86_64-1.txz: Upgraded.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-5367https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
x/xorg-server-xephyr-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.2.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
xap/mozilla-thunderbird-115.4.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/https://www.cve.org/CVERecord?id=CVE-2023-5721https://www.cve.org/CVERecord?id=CVE-2023-5732https://www.cve.org/CVERecord?id=CVE-2023-5724https://www.cve.org/CVERecord?id=CVE-2023-5725https://www.cve.org/CVERecord?id=CVE-2023-5726https://www.cve.org/CVERecord?id=CVE-2023-5727https://www.cve.org/CVERecord?id=CVE-2023-5728https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
xfce/thunar-4.18.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/lvm2-2.03.22-x86_64-1.txz: Upgraded.
kde/kstars-3.6.7-x86_64-1.txz: Upgraded.
It's time for KStars in Slackware to be less of a toy and more of a useful
tool. The required dependencies have been added for EKOS, the INDI client
included in KStars, which will allow for computer control of astronomy
devices. Additional deps and drivers may be required, but these are runtime
dependencies. See (for example) gpsd, libdc1394, libftdi1, libindi-libraries,
and libindi-drivers, all of which can be found on slackbuilds.org.
Huge thanks to Edward W. Koenig for the detailed writeup - it was extremely
helpful! :-) Here's a link to the article:
https://www.linuxgalaxy.org/kingbeowulf/astronomy-device-control-in-slackware-15-and-current/
kde/libindi-2.0.4-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
kde/libnova-0.15.0-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
Thanks to Chris Abela, Ryan P.C. McQuen, and Philip Lacroix.
kde/stellarsolver-2.5-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
kde/wcslib-8.1-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
l/LibRaw-0.21.1-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
application crash by maliciously crafted input file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1729
(* Security fix *)
l/imagemagick-7.1.1_21-x86_64-1.txz: Upgraded.
l/libev-4.33-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
As this package may have more general usage than just kstars, we'll put it
in the L series.
Thanks to AA ime Ramov and Matteo Bernardini.
l/vte-0.74.1-x86_64-1.txz: Upgraded.
kde/krita-5.2.0-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-2.txz: Rebuilt.
Build and package missing FFTW3LibraryDepends.cmake.
This is needed for krita-5.2.0.
l/immer-0.8.1-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/lager-0.1.0-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/libunibreak-5.1-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/zug-0.1.0-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
xap/network-manager-applet-1.34.0-x86_64-1.txz: Upgraded.
ap/vim-9.0.1903-x86_64-1.txz: Upgraded.
l/at-spi2-atk-2.38.0-x86_64-3.txz: Removed.
l/at-spi2-core-2.50.0-x86_64-1.txz: Upgraded.
This now includes the features from the former at-spi2-atk and atk packages.
l/atk-2.38.0-x86_64-1.txz: Removed.
l/cairo-1.17.6-x86_64-1.txz: Upgraded.
l/glib-networking-2.78.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.78.1-x86_64-1.txz: Upgraded.
l/json-glib-1.8.0-x86_64-1.txz: Upgraded.
l/libsoup3-3.4.3-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1903-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230906_ad03b85-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.52-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.52-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.52-x86-1.txz: Upgraded.
d/lua-5.4.6-x86_64-3.txz: Rebuilt.
Set MYCFLAGS rather than CFLAGS in the build script to keep the other
default CFLAGS in src/Makefile. This automatically sets -DLUA_USE_LINUX
as well as -DLUA_COMPAT_5_3.
d/mercurial-6.5.2-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.52-noarch-1.txz: Upgraded.
kde/alkimia-8.1.2-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-33.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/cantor-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kfilemetadata-5.109.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kile-2.9.93-x86_64-27.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/kitinerary-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/krita-5.1.5-x86_64-14.txz: Rebuilt.
Recompiled against poppler-23.09.0.
kde/ktextaddons-1.5.0-x86_64-1.txz: Upgraded.
kde/okular-23.08.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.09.0.
l/poppler-23.09.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/zstd-1.5.5-x86_64-3.txz: Rebuilt.
Fix library path in zstdTargets-release.cmake.
Thanks to Steven Voges and gian_d.
Use additional build options:
-DZSTD_BUILD_STATIC=OFF -DZSTD_PROGRAMS_LINK_SHARED=ON -DZSTD_LZ4_SUPPORT=ON
-DZSTD_LZMA_SUPPORT=ON -DZSTD_ZLIB_SUPPORT=ON
Thanks to USUARIONUEVO.
n/iproute2-6.5.0-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-5.txz: Rebuilt.
Recompiled against zlib-1.3 to fix lualatex.
Thanks to unInstance and marav.
x/ibus-libpinyin-1.15.4-x86_64-1.txz: Upgraded.
x/mesa-23.1.7-x86_64-1.txz: Upgraded.
xap/gnuplot-5.4.9-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/coreutils-9.3-x86_64-2.txz: Rebuilt.
Don't support AVX2 instructions for wc. Since it's possible to enable a
kernel option that causes the kernel to advertise AVX2 as available, but
leads to an illegal instruction if there's an attempt to actually use
AVX2 when old microcode is in use, this isn't reliable. Furthermore, wc
is used by the pkgtools and this sort of failure could lead to corruption
of the filesystem and/or package database. So, we'll disable this to be on
the safe side. Thanks to lancsuk for noticing this issue.
a/kernel-generic-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.48-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.48-x86-1.txz: Upgraded.
k/kernel-source-6.1.48-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230814_0e048b0-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.46-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.46-x86_64-1.txz: Upgraded.
ap/inxi-3.3.29_1-noarch-1.txz: Upgraded.
d/kernel-headers-6.1.46-x86-1.txz: Upgraded.
k/kernel-source-6.1.46-noarch-1.txz: Upgraded.
-ACPI_TINY_POWER_BUTTON n
ACPI_AC m -> y
ACPI_BATTERY m -> y
ACPI_BUTTON m -> y
ACPI_FAN m -> y
ACPI_THERMAL m -> y
kde/kirigami-addons-0.11.0-x86_64-1.txz: Upgraded.
n/bind-9.18.18-x86_64-1.txz: Upgraded.
n/httpd-2.4.57-x86_64-2.txz: Rebuilt.
rc.httpd: wait using pwait after stopping, fix usage to show force-restart.
Thanks to metaed.
n/net-snmp-5.9.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.6-x86_64-1.txz: Upgraded.
n/php-8.2.9-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Security issue with external entity loading in XML without enabling it.
Buffer mismanagement in phar_dir_read().
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3823https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3824
(* Security fix *)
x/xorg-server-xwayland-23.2.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.1.1/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-21.txz: Rebuilt.
Upgraded: libcap.so.2.69, liblzma.so.5.4.4, libboost*.so.1.82.0,
libglib-2.0.so.0.7600.4, libgmodule-2.0.so.0.7600.4, libgmp.so.10.5.0,
libgmpxx.so.4.7.0, libgobject-2.0.so.0.7600.4, libgthread-2.0.so.0.7600.4,
libjpeg.so.62.4.0, libpng16.so.16.40.0, libstdc++.so.6.0.32,
libtdb.so.1.4.9, libturbojpeg.so.0.3.0.
a/kernel-firmware-20230809_789aa81-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.45-x86_64-1.txz: Upgraded.
ap/pamixer-1.5-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.83.0.
d/kernel-headers-6.1.45-x86-1.txz: Upgraded.
k/kernel-source-6.1.45-noarch-1.txz: Upgraded.
kde/kig-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/kopeninghours-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/krita-5.1.5-x86_64-12.txz: Rebuilt.
Recompiled against boost-1.83.0.
l/boost-1.83.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
The shared libraries from the previous version will stick around in
the aaa_libraries package for at least a month.
l/cryfs-0.10.3-x86_64-9.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/fcitx5-chinese-addons-5.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/libime-1.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Thanks to Heinz Wiesinger for these added python packages to implement
PEP 427 and PEP 517! Python modules are phasing out setup.py in favor of
building wheels, and then using python-installer to install them. These
are the bits needed to make that happen.
l/python-build-0.10.0-x86_64-1.txz: Added.
l/python-flit-core-3.9.0-x86_64-1.txz: Added.
l/python-glad2-2.0.4-x86_64-1.txz: Added.
l/python-installer-0.7.0-x86_64-1.txz: Added.
l/python-lxml-4.9.3-x86_64-1.txz: Added.
l/python-pyproject-hooks-1.0.0-x86_64-1.txz: Added.
l/python-tomli-w-1.0.0-x86_64-1.txz: Added.
l/python-wheel-0.41.1-x86_64-1.txz: Added.
n/nftables-1.0.8-x86_64-2.txz: Rebuilt.
Correctly generate nftables Python module using PEP 427/517 method.
Thanks to marav.
n/openssh-9.4p1-x86_64-1.txz: Upgraded.
d/binutils-2.41-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-12.txz: Rebuilt.
Recompiled against binutils-2.41.
d/tree-sitter-0.20.8-x86_64-1.txz: Added.
This is a dependency for an interesting new feature of emacs-29.1.
e/emacs-29.1-x86_64-1.txz: Upgraded.
Compiled against tree-sitter-0.20.8. Grammar libraries for this can be
downloaded and installed from within Emacs - see the NEWS file for details.
l/gmp-6.3.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.1-x86_64-1.txz: Upgraded.
l/polkit-123-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230724_59fbffa-noarch-1.txz: Upgraded.
AMD microcode updated to fix a use-after-free in AMD Zen2 processors.
From Tavis Ormandy's annoucement of the issue:
"The practical result here is that you can spy on the registers of other
processes. No system calls or privileges are required.
It works across virtual machines and affects all operating systems.
I have written a poc for this issue that's fast enough to reconstruct
keys and passwords as users log in."
For more information, see:
https://seclists.org/oss-sec/2023/q3/59https://www.cve.org/CVERecord?id=CVE-2023-20593
(* Security fix *)
a/kernel-generic-6.1.41-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.41-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.41-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.41-x86-1.txz: Upgraded.
k/kernel-source-6.1.41-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.1.40-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.40-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.40-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.40-x86-1.txz: Upgraded.
k/kernel-source-6.1.40-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_14-x86_64-1.txz: Upgraded.
n/whois-5.5.18-x86_64-1.txz: Upgraded.
Updated the .ga TLD server.
Added new recovered IPv4 allocations.
Removed the delegation of 43.0.0.0/8 to JPNIC.
Removed 12 new gTLDs which are no longer active.
Improved the man page source, courtesy of Bjarni Ingi Gislason.
Added the .edu.za SLD server.
Updated the .alt.za SLD server.
Added the -ru and -su NIC handles servers.
x/glu-9.0.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.htmlhttps://www.samba.org/samba/security/CVE-2023-3347.htmlhttps://www.samba.org/samba/security/CVE-2023-34966.htmlhttps://www.samba.org/samba/security/CVE-2023-34967.htmlhttps://www.samba.org/samba/security/CVE-2023-34968.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-2127https://www.cve.org/CVERecord?id=CVE-2023-3347https://www.cve.org/CVERecord?id=CVE-2023-34966https://www.cve.org/CVERecord?id=CVE-2023-34967https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/userspace-rcu-0.14.0-x86_64-1.txz: Added.
This is needed by xfsprogs-6.3.0.
a/xfsprogs-6.3.0-x86_64-1.txz: Upgraded.
ap/xfsdump-3.1.12-x86_64-1.txz: Upgraded.
d/ccache-4.8.2-x86_64-1.txz: Upgraded.
a/elilo-3.16-x86_64-16.txz: Rebuilt.
eliloconfig: don't mess with mounting efivarfs. This should be handled by
rc.S, or by whatever the admin put in /etc/fstab.
a/kernel-firmware-20230523_1ba3519-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.30-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-5.txz: Rebuilt.
rc.S: mount efivarfs rw, may be overridden in /etc/default/efivarfs.
ap/sc-im-0.8.3-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.30-x86-1.txz: Upgraded.
d/parallel-20230522-noarch-1.txz: Upgraded.
k/kernel-source-6.1.30-noarch-1.txz: Upgraded.
l/enchant-2.4.0-x86_64-1.txz: Upgraded.
l/glib2-2.76.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.38-x86_64-1.txz: Upgraded.
l/qt5-5.15.9_20230523_245f369c-x86_64-1.txz: Upgraded.
This update fixes a security issue.
Qt-based clients may mismatch HSTS headers (Strict-Transport-Security),
which would prevent the client from switching to a secure HTTPS
connection as requested by a server.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32762
(* Security fix *)
n/curl-8.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
t/texlive-2023.230322-x86_64-3.txz: Rebuilt.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
xap/mozilla-firefox-113.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/
xfce/libxfce4ui-4.18.4-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.