a/pkgtools-15.1-noarch-6.txz: Rebuilt.
makepkg: fix chown to avoid warning. Not sure how this one got missed for so
long. Thanks to lucabon.
d/cmake-3.27.1-x86_64-1.txz: Upgraded.
l/cfitsio-4.3.0-x86_64-1.txz: Upgraded.
n/curl-8.2.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
x/m17n-lib-1.8.3-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.htmlhttps://www.samba.org/samba/security/CVE-2023-3347.htmlhttps://www.samba.org/samba/security/CVE-2023-34966.htmlhttps://www.samba.org/samba/security/CVE-2023-34967.htmlhttps://www.samba.org/samba/security/CVE-2023-34968.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-2127https://www.cve.org/CVERecord?id=CVE-2023-3347https://www.cve.org/CVERecord?id=CVE-2023-34966https://www.cve.org/CVERecord?id=CVE-2023-34967https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/cmake-3.26.3-x86_64-1.txz: Upgraded.
l/zstd-1.5.5-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p15-x86_64-13.txz: Rebuilt.
Added ntpdate.8 manpage from Debian. Thanks to Stuart Winter.
a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/https://www.cve.org/CVERecord?id=CVE-2023-28755https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.htmlhttps://www.samba.org/samba/security/CVE-2023-0922.htmlhttps://www.samba.org/samba/security/CVE-2023-0614.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-0225https://www.cve.org/CVERecord?id=CVE-2023-0922https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/gptfdisk-1.0.9-x86_64-2.txz: Rebuilt.
Applied upstream patches to fix a crash and partition corruption caused by
the popt upgrade:
[PATCH] Updated guid.cc to deal with minor change in libuuid
[PATCH] Fix failure & crash of sgdisk when compiled with latest popt
[PATCH] Fix NULL dereference when duplicating string argument
Thanks to jloco.
d/cmake-3.25.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-24.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/cantor-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kfilemetadata-5.100.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kile-2.9.93-x86_64-22.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kitinerary-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/krita-5.1.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/okular-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
l/glib2-2.74.3-x86_64-1.txz: Upgraded.
l/poppler-22.12.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.40.6-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-1.txz: Upgraded.
xap/libnma-1.10.4-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.30.0-x86_64-1.txz: Upgraded.
