a/aaa_libraries-15.1-x86_64-23.txz: Rebuilt.
Upgraded: libelf-0.190.so, libcares.so.2.9.0, libglib-2.0.so.0.7800.2,
libgmodule-2.0.so.0.7800.2, libgobject-2.0.so.0.7800.2,
libgthread-2.0.so.0.7800.2.
Added: libtiff.so.6.0.2, libtiffxx.so.6.0.2.
a/util-linux-2.39.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/ghostscript-10.02.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/rpm-4.19.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
e/emacs-29.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/bluedevil-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.27.10-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/drkonqi-5.27.10-x86_64-1.txz: Upgraded.
kde/gwenview-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kactivitymanagerd-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.27.10-x86_64-1.txz: Upgraded.
kde/kdecoration-5.27.10-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.27.10-x86_64-1.txz: Upgraded.
kde/kgamma5-5.27.10-x86_64-1.txz: Upgraded.
kde/khotkeys-5.27.10-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.27.10-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.27.10-x86_64-1.txz: Upgraded.
kde/kpipewire-5.27.10-x86_64-1.txz: Upgraded.
kde/krita-5.2.1-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.27.10-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.27.10-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.27.10-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.27.10-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/kwin-5.27.10-x86_64-1.txz: Upgraded.
kde/kwrited-5.27.10-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.27.10-x86_64-1.txz: Upgraded.
kde/libkscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/libksysguard-5.27.10-x86_64-1.txz: Upgraded.
kde/milou-5.27.10-x86_64-1.txz: Upgraded.
kde/okular-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/oxygen-5.27.10-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.27.10-noarch-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.27.10-x86_64-1.txz: Upgraded.
kde/powerdevil-5.27.10-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.27.10-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.27.10-x86_64-1.txz: Upgraded.
kde/systemsettings-5.27.10-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.27.10-x86_64-1.txz: Upgraded.
l/SDL2_image-2.6.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/djvulibre-3.5.28-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gd-2.3.3-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gdk-pixbuf2-2.42.10-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gegl-0.4.46-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/glib2-2.78.2-x86_64-1.txz: Upgraded.
l/gtk4-4.12.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/imagemagick-7.1.1_22-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms-1.19-x86_64-7.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms2-2.16-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libtiff-4.6.0-x86_64-1.txz: Upgraded.
Probably best to get this one out of the way...
From the release announcement:
Pay attention to the following warning:
This version removes a big number of utilities that have suffered from lack
of maintenance over the years and were the source of various reported
security issues. See "Removed functionality" below for the list of removed
utilities. Starting with libtiff v4.6.0, their source code, at this time,
will still be available in the source distribution, but they will no longer
be built by default, and issues related to them will no longer be accepted
in the libtiff bug tracker. The only remaining supported TIFF tools are
tiffinfo, tiffdump, tiffcp, tiffset and tiffsplit.
Shared library .so-version bump.
l/libwebp-1.3.2-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/netpbm-11.04.04-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/opencv-4.8.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/poppler-23.12.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/python-pillow-8.4.0-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/qt5-5.15.11_20231125_4765fa1d-x86_64-1.txz: Upgraded.
Compiled against libtiff-4.6.0.
l/sdl-1.2.15-x86_64-15.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
n/links-2.29-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
t/xfig-3.2.9-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/geeqie-2.1-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/gimp-2.10.36-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/sane-1.2.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/windowmaker-0.96.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xpaint-3.1.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xsane-0.999-x86_64-6.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
a/shadow-4.14.2-x86_64-2.txz: Rebuilt.
adduser: fixed chown syntax to silence warnings. Thanks to Stuart Winter.
l/gi-docgen-2023.3-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/python-smartypants-2.0.1-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
l/python-toml-0.10.2-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
l/python-typogrify-2.0.7-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
x/xdg-desktop-portal-1.18.2-x86_64-1.txz: Upgraded.
Thanks to 0XBF.
testing/packages/php-8.3.0-x86_64-1.txz: Added.
We have fresh 6.6 kernels in /testing! You may notice that on the 32-bit side
we have done away with the -smp labeled kernel packages, but it's actually the
other kernels that were retired -- the non-SMP, non-PAE ones. If you were
previously using kernel-generic-smp or kernel-huge-smp, you'll need to make
some adjustments to your bootloader setup to load kernel-generic or kernel-huge
instead. About the only non-obsolete CPUs that may have an issue with this are
the first generation Pentium M chips, which supported PAE but unfortunately did
not advertise this in the CPU flags. But these will support PAE if the kernel
option "forcepae" is appended at boot time. Enjoy! :-)
a/gettext-0.22.4-x86_64-1.txz: Upgraded.
a/kbd-2.6.3-x86_64-3.txz: Rebuilt.
Installed extra console fonts.
a/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.63-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-34.txz: Rebuilt.
Fix tests for including jfs/xfs repair tools. Thanks to regdub.
a/pkgtools-15.1-noarch-8.txz: Rebuilt.
Make vim the default vi choice.
ap/vim-9.0.2116-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.4-x86_64-1.txz: Upgraded.
d/git-2.43.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.63-x86-1.txz: Upgraded.
d/mercurial-6.6-x86_64-1.txz: Upgraded.
d/meson-1.3.0-x86_64-1.txz: Upgraded.
d/scons-4.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.63-noarch-1.txz: Upgraded.
l/readline-8.2.007-x86_64-1.txz: Upgraded.
n/c-ares-1.22.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.4-x86_64-1.txz: Upgraded.
x/libdrm-2.4.118-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.5.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
Thanks to zuriel for the taskbar icon fix on Wayland. :-)
For more information, see:
https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2023-50/https://www.cve.org/CVERecord?id=CVE-2023-6204https://www.cve.org/CVERecord?id=CVE-2023-6205https://www.cve.org/CVERecord?id=CVE-2023-6206https://www.cve.org/CVERecord?id=CVE-2023-6207https://www.cve.org/CVERecord?id=CVE-2023-6208https://www.cve.org/CVERecord?id=CVE-2023-6209https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
xap/vim-gvim-9.0.2116-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.6.2-x86-1.txz: Added.
testing/packages/kernel-huge-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-modules-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-source-6.6.2-noarch-1.txz: Added.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/pam-1.5.3-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
a/userspace-rcu-0.14.0-x86_64-2.txz: Rebuilt.
Relocated pkgconfig files.
ap/mariadb-10.11.6-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Vulnerability allows high privileged attacker with network access via
multiple protocols to compromise the server. Successful attacks of this
vulnerability can result in unauthorized ability to cause a hang or
frequently repeatable crash.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
(* Security fix *)
d/llvm-17.0.5-x86_64-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-3.txz: Rebuilt.
Only move the udev rule to /lib, don't grab libraries or pkgconfig files
from under /usr.
a/kbd-2.6.3-x86_64-1.txz: Upgraded.
Thanks to Robby Workman.
a/kernel-firmware-20231107_2340796-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.62-x86_64-1.txz: Upgraded.
ap/sudo-1.9.15p1-x86_64-1.txz: Upgraded.
This is a bugfix release:
Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
from being able to read the ldap.conf file.
d/kernel-headers-6.1.62-x86-1.txz: Upgraded.
k/kernel-source-6.1.62-noarch-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.0-x86_64-1.txz: Upgraded.
l/liburing-2.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.4.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
xap/xlockmore-5.74-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-firmware-20231024_4ee0175-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.60-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.60-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.60-x86_64-1.txz: Upgraded.
a/shadow-4.14.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.60-x86-1.txz: Upgraded.
k/kernel-source-6.1.60-noarch-1.txz: Upgraded.
Hey folks, if you've been following LQ you know I've talked before about
dropping the huge kernel and moving the distribution to use only the generic
kernel plus an initrd. After mulling this over for a few months, I think I
was looking at the problem in the wrong way. First of all, it's clear that
some Slackware users have been using the huge kernel all along, without an
initrd, and are (to say the least) unhappy about the prospect of a new
requirement to start using one. I've been recommending the generic kernel for
some time, and a major reason is that we've been using the same set of kernel
modules with two slightly different kernels. Because of this, there have
always been a few (generally seldom used) kernel modules that won't load into
the huge kernel. These are things that aren't built into the huge kernel, but
because of a difference in some kernel module dependency, they won't load.
The conclusion that I've come to here is that rather than drop the huge
kernel, or slap a LOCALVERSION on it and provide a whole duplicate tree of
kernel modules especially for the huge kernel, it would be better to make the
generic kernel more huge, and minimize the differences between the two kernel
configs.
That's what I've done here.
Shown below are the differences between the previous generic kernel config
and the one shipping in this update. You'll notice that most of the popular
filesystems are built in. At this point the main difference it that the huge
kernel has a couple of dozen SCSI drivers built into it. The modules for those
drivers won't load into the huge kernel, but they're fully built in so that
doesn't matter. If you find any other modules that will not load into the huge
kernel, please make a note about it on LQ and I'll see what can be done.
So, tl;dr - what does this change mean?
Unless your root device is on SCSI, if you were able to use the huge kernel
without an initrd previously, you should now be able to use the generic
kernel without an initrd. The kernel is a bit bigger, but we probably have
enough RAM these days that it won't make a difference.
Enjoy! :-)
-CIFS_SMB_DIRECT n
9P_FS m -> y
9P_FSCACHE n -> y
BTRFS_FS m -> y
CIFS m -> y
CRYPTO_CMAC m -> y
CRYPTO_CRC32 m -> y
CRYPTO_XXHASH m -> y
CRYPTO_ZSTD m -> y
EFIVAR_FS m -> y
EXFAT_FS m -> y
EXT2_FS m -> y
EXT3_FS m -> y
EXT4_FS m -> y
F2FS_FS m -> y
FAILOVER m -> y
FAT_FS m -> y
FSCACHE m -> y
FS_ENCRYPTION_ALGS m -> y
FS_MBCACHE m -> y
HW_RANDOM_VIRTIO m -> y
ISO9660_FS m -> y
JBD2 m -> y
JFS_FS m -> y
LZ4HC_COMPRESS m -> y
LZ4_COMPRESS m -> y
MSDOS_FS m -> y
NETFS_SUPPORT m -> y
NET_9P m -> y
NET_9P_FD m -> y
NET_9P_VIRTIO m -> y
NET_FAILOVER m -> y
NFSD m -> y
NLS_CODEPAGE_437 m -> y
NTFS3_FS m -> y
NTFS_FS m -> y
PSTORE_LZ4_COMPRESS n -> m
PSTORE_LZO_COMPRESS n -> m
PSTORE_ZSTD_COMPRESS n -> y
QFMT_V2 m -> y
QUOTA_TREE m -> y
REISERFS_FS m -> y
RPCSEC_GSS_KRB5 m -> y
SMBFS m -> y
SQUASHFS m -> y
UDF_FS m -> y
VFAT_FS m -> y
VIRTIO_BALLOON m -> y
VIRTIO_BLK m -> y
VIRTIO_CONSOLE m -> y
VIRTIO_INPUT m -> y
VIRTIO_MMIO m -> y
VIRTIO_NET m -> y
VIRTIO_PCI m -> y
VIRTIO_PCI_LIB m -> y
VIRTIO_PCI_LIB_LEGACY m -> y
VIRTIO_PMEM m -> y
XFS_FS m -> y
ZONEFS_FS n -> m
ZSTD_COMPRESS m -> y
+NFS_FSCACHE y
+PSTORE_LZ4_COMPRESS_DEFAULT n
+PSTORE_LZO_COMPRESS_DEFAULT n
+PSTORE_ZSTD_COMPRESS_DEFAULT n
kde/plasma-workspace-5.27.9.1-x86_64-1.txz: Upgraded.
l/glib2-2.78.1-x86_64-1.txz: Upgraded.
l/netpbm-11.04.03-x86_64-1.txz: Upgraded.
l/newt-0.52.24-x86_64-1.txz: Upgraded.
n/gpgme-1.23.0-x86_64-1.txz: Upgraded.
n/p11-kit-0.25.1-x86_64-1.txz: Upgraded.
n/php-8.2.12-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.2.12
x/xorg-server-21.1.9-x86_64-1.txz: Upgraded.
This update fixes security issues:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
Use-after-free bug in DestroyWindow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-5367https://www.cve.org/CVERecord?id=CVE-2023-5380
(* Security fix *)
x/xorg-server-xephyr-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-21.1.9-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.2.2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
OOB write in XIChangeDeviceProperty/RRChangeOutputProperty.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003430.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-5367
(* Security fix *)
xap/mozilla-thunderbird-115.4.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-47/https://www.cve.org/CVERecord?id=CVE-2023-5721https://www.cve.org/CVERecord?id=CVE-2023-5732https://www.cve.org/CVERecord?id=CVE-2023-5724https://www.cve.org/CVERecord?id=CVE-2023-5725https://www.cve.org/CVERecord?id=CVE-2023-5726https://www.cve.org/CVERecord?id=CVE-2023-5727https://www.cve.org/CVERecord?id=CVE-2023-5728https://www.cve.org/CVERecord?id=CVE-2023-5730
(* Security fix *)
xfce/thunar-4.18.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/lvm2-2.03.22-x86_64-1.txz: Upgraded.
kde/kstars-3.6.7-x86_64-1.txz: Upgraded.
It's time for KStars in Slackware to be less of a toy and more of a useful
tool. The required dependencies have been added for EKOS, the INDI client
included in KStars, which will allow for computer control of astronomy
devices. Additional deps and drivers may be required, but these are runtime
dependencies. See (for example) gpsd, libdc1394, libftdi1, libindi-libraries,
and libindi-drivers, all of which can be found on slackbuilds.org.
Huge thanks to Edward W. Koenig for the detailed writeup - it was extremely
helpful! :-) Here's a link to the article:
https://www.linuxgalaxy.org/kingbeowulf/astronomy-device-control-in-slackware-15-and-current/
kde/libindi-2.0.4-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
kde/libnova-0.15.0-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
Thanks to Chris Abela, Ryan P.C. McQuen, and Philip Lacroix.
kde/stellarsolver-2.5-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
kde/wcslib-8.1-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
l/LibRaw-0.21.1-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
application crash by maliciously crafted input file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1729
(* Security fix *)
l/imagemagick-7.1.1_21-x86_64-1.txz: Upgraded.
l/libev-4.33-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
As this package may have more general usage than just kstars, we'll put it
in the L series.
Thanks to AA ime Ramov and Matteo Bernardini.
l/vte-0.74.1-x86_64-1.txz: Upgraded.
a/util-linux-2.39.2-x86_64-2.txz: Rebuilt.
Copy /etc/pam.d/login to /etc/pam.d/remote. This is needed for /bin/login's
'-h' option, used (for example) by telnetd. If -h is used without
/etc/pam.d/remote, pam will not be configured properly, and /etc/securetty
will be ignored, possibly allowing root to login from a tty that is not
considered secure. Of course, the usual disclaimers about the security of
telnet/telnetd apply.
Thanks to HytronBG and Petri Kaukasoina.
(* Security fix *)
ap/qpdf-11.6.3-x86_64-1.txz: Upgraded.
d/llvm-17.0.3-x86_64-1.txz: Upgraded.
l/libjpeg-turbo-3.0.1-x86_64-1.txz: Upgraded.
l/tevent-0.16.0-x86_64-1.txz: Upgraded.
n/samba-4.19.2-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5568
(* Security fix *)
x/OpenCC-1.1.7-x86_64-1.txz: Upgraded.
xfce/xfconf-4.18.2-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.2-x86_64-1.txz: Upgraded.
l/cairo-1.18.0-x86_64-1.txz: Upgraded.
l/gtk4-4.12.3-x86_64-1.txz: Upgraded.
x/fonttosfnt-1.2.3-x86_64-1.txz: Upgraded.
xap/geeqie-2.1-x86_64-2.txz: Rebuilt.
Patched and recompiled against lua-5.4.6.
xap/mozilla-firefox-115.3.1esr-x86_64-1.txz: Upgraded.
This update contains a security fix.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
xfce/xfce4-panel-4.18.5-x86_64-1.txz: Upgraded.
testing/packages/aaa_glibc-solibs-2.38-x86_64-1.txz: Added.
testing/packages/glibc-2.38-x86_64-1.txz: Added.
Instead of building the deprecated glibc crypt library, bundle
libxcrypt-4.4.36 (both .so.1 compat version and .so.2 new API version).
testing/packages/glibc-i18n-2.38-x86_64-1.txz: Added.
testing/packages/glibc-profile-2.38-x86_64-1.txz: Added.
a/gettext-0.22.2-x86_64-1.txz: Upgraded.
ap/cups-2.4.7-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fixed Heap-based buffer overflow when reading Postscript in PPD files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-4504
(* Security fix *)
d/cmake-3.27.6-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.2-x86_64-1.txz: Upgraded.
l/dconf-editor-45.0.1-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.22.6-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.22.6-x86_64-1.txz: Upgraded.
l/gstreamer-1.22.6-x86_64-1.txz: Upgraded.
l/gtk4-4.12.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_17-x86_64-1.txz: Upgraded.
n/bind-9.18.19-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues:
Limit the amount of recursion that can be performed by isccc_cc_fromwire.
Fix use-after-free error in TLS DNS code when sending data.
For more information, see:
https://kb.isc.org/docs/cve-2023-3341https://www.cve.org/CVERecord?id=CVE-2023-3341https://kb.isc.org/docs/cve-2023-4236https://www.cve.org/CVERecord?id=CVE-2023-4236
(* Security fix *)
n/stunnel-5.71-x86_64-1.txz: Upgraded.
x/mesa-23.1.8-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.2.1-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.2.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.2.3/releasenotes/
xap/seamonkey-2.53.17.1-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.17.1https://www.cve.org/CVERecord?id=CVE-2023-4863
(* Security fix *)
a/coreutils-9.3-x86_64-2.txz: Rebuilt.
Don't support AVX2 instructions for wc. Since it's possible to enable a
kernel option that causes the kernel to advertise AVX2 as available, but
leads to an illegal instruction if there's an attempt to actually use
AVX2 when old microcode is in use, this isn't reliable. Furthermore, wc
is used by the pkgtools and this sort of failure could lead to corruption
of the filesystem and/or package database. So, we'll disable this to be on
the safe side. Thanks to lancsuk for noticing this issue.
a/kernel-generic-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.48-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.48-x86-1.txz: Upgraded.
k/kernel-source-6.1.48-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/libcgroup-0.41-x86_64-11.txz: Rebuilt.
rc.cgconfig: set and use $CONFIG_DIR (/etc/cgconfig.d). Thanks to ZlatkO.
a/openssl-solibs-3.1.2-x86_64-2.txz: Rebuilt.
ap/vim-9.0.1697-x86_64-1.txz: Upgraded.
d/cmake-3.27.2-x86_64-1.txz: Upgraded.
l/fmt-10.1.0-x86_64-1.txz: Upgraded.
n/openssl-3.1.2-x86_64-2.txz: Rebuilt.
certwatch: use a persistent $STATEDIR. Thanks to ZlatkO.
xap/vim-gvim-9.0.1697-x86_64-1.txz: Upgraded.
a/aaa_libraries-15.1-x86_64-21.txz: Rebuilt.
Upgraded: libcap.so.2.69, liblzma.so.5.4.4, libboost*.so.1.82.0,
libglib-2.0.so.0.7600.4, libgmodule-2.0.so.0.7600.4, libgmp.so.10.5.0,
libgmpxx.so.4.7.0, libgobject-2.0.so.0.7600.4, libgthread-2.0.so.0.7600.4,
libjpeg.so.62.4.0, libpng16.so.16.40.0, libstdc++.so.6.0.32,
libtdb.so.1.4.9, libturbojpeg.so.0.3.0.
a/kernel-firmware-20230809_789aa81-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.45-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.45-x86_64-1.txz: Upgraded.
ap/pamixer-1.5-x86_64-7.txz: Rebuilt.
Recompiled against boost-1.83.0.
d/kernel-headers-6.1.45-x86-1.txz: Upgraded.
k/kernel-source-6.1.45-noarch-1.txz: Upgraded.
kde/kig-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/kopeninghours-23.04.3-x86_64-2.txz: Rebuilt.
Recompiled against boost-1.83.0.
kde/krita-5.1.5-x86_64-12.txz: Rebuilt.
Recompiled against boost-1.83.0.
l/boost-1.83.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
The shared libraries from the previous version will stick around in
the aaa_libraries package for at least a month.
l/cryfs-0.10.3-x86_64-9.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/fcitx5-chinese-addons-5.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
x/libime-1.0.17-x86_64-3.txz: Rebuilt.
Recompiled against boost-1.83.0.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/sdparm-1.12-x86_64-3.txz: Rebuilt.
Recompiled against sg3_utils-1.48.
a/udisks-1.0.5-x86_64-11.txz: Rebuilt.
Recompiled against sg3_utils-1.48. Does anything still need this?
ap/vim-9.0.1678-x86_64-1.txz: Upgraded.
Applied the last patch from Bram Moolenaar.
RIP Bram, and thanks for your great work on VIM and your kindness to the
orphan children in Uganda.
If you'd like to honor Bram with a donation to his charity, please visit:
https://iccf-holland.org/
d/mercurial-6.5.1-x86_64-1.txz: Upgraded.
d/vala-0.56.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.7.1-x86_64-1.txz: Upgraded.
kde/sddm-0.20.0-x86_64-2.txz: Rebuilt.
Eliminate duplicate log messages polluting the first virtual console.
l/gtk4-4.10.5-x86_64-1.txz: Upgraded.
l/gvfs-1.50.6-x86_64-1.txz: Upgraded.
l/libgpod-0.8.3-x86_64-12.txz: Rebuilt.
Recompiled against sg3_utils-1.48.
l/netpbm-11.03.02-x86_64-1.txz: Upgraded.
l/sg3_utils-1.48-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/speech-dispatcher-0.11.5-x86_64-1.txz: Upgraded.
n/gnutls-3.8.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.3-x86_64-2.txz: Rebuilt.
Move 99-nfs.rules to the proper directory. Thanks to Petri Kaukasoina.
xap/vim-gvim-9.0.1678-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-6.txz: Rebuilt.
makepkg: fix chown to avoid warning. Not sure how this one got missed for so
long. Thanks to lucabon.
d/cmake-3.27.1-x86_64-1.txz: Upgraded.
l/cfitsio-4.3.0-x86_64-1.txz: Upgraded.
n/curl-8.2.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
x/m17n-lib-1.8.3-x86_64-1.txz: Upgraded.
a/tar-1.35-x86_64-1.txz: Upgraded.
x/mesa-23.2.0_rc1-x86_64-1.txz: Upgraded.
OK, usually I won't use rc versions even in -current, but in this case I'm
going to. Some time ago my desktop machine with RS880 / Radeon HD 4290
graphics on the motherboard began acting up with the screen going black
for a few seconds before returning. This after an hour or so of uptime,
usually, then becoming more frequent with more uptime. Eventually I'd lose
mouse and/or keyboard too, and have to reboot. Here's a couple of errors
from dmesg:
[ 9942.677675] [drm:r600_ib_test [radeon]] *ERROR* radeon: fence wait
timed out.
[ 9942.677741] [drm:radeon_ib_ring_tests [radeon]] *ERROR* radeon: failed
testing IB on GFX ring (-110).
I also noticed that the backtrace started with ttm_bo_release, and seeing
this in recent kernel patches had been chalking this up to a kernel bug.
I *still* think it could be, and there are a bunch of kernel patches coming
soon to -stable from Alex Deucher that could address the underlying causes
(not for 6.1.39 though, unfortunately). Anyway, I'd recently figured out
that reverting Mesa sufficiently made the issue go away. And now it seems
this 23.2.0 release candidate also fixes the issue.
Yes, I could go search for the commits to cherry-pick, but we'll be moving
to mesa-23.2.0 when it's released, so we might as well start testing now.
a/util-linux-2.39.1-x86_64-2.txz: Rebuilt.
Since libmount has dropped support for the traditional /etc/mtab file, if
we find one replace it with a symlink to /proc/mounts.
kde/digikam-8.0.0-x86_64-4.txz: Rebuilt.
Recompiled against opencv-4.8.0.
kde/kirigami-addons-0.9.0-x86_64-1.txz: Upgraded.
l/glib-networking-2.76.1-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.4-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.8.0.
l/gvfs-1.50.5-x86_64-1.txz: Upgraded.
l/libpaper-2.1.1-x86_64-1.txz: Upgraded.
l/libwebp-1.3.1-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.91-x86_64-1.txz: Upgraded.
l/netpbm-11.03.00-x86_64-1.txz: Upgraded.
l/opencv-4.8.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/bluez-5.67-x86_64-1.txz: Upgraded.
n/openresolv-3.13.2-noarch-1.txz: Upgraded.
n/p11-kit-0.25.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Make /etc/mtab a symlink to /proc/mounts. (I thought we did this before?)
Remove /etc/mounts symlink.
In rc.S, don't try to initialize /etc/mtab or fake mount /.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Make /etc/mtab a symlink to /proc/mounts. (I thought we did this before?)
Remove /etc/mounts symlink.
In rc.S, don't try to initialize /etc/mtab or fake mount /.
a/kernel-firmware-20230625_ee91452-noarch-2.txz: Rebuilt.
When building the package, install from the download directory rather than
moving the download directory to the destination directory first. Evidently
"cp -d foo foo" and "cat foo > foo" don't exactly behave the same. ;-)
Support a COMPRESSION= variable which may be set to xz or zstd to compress
the kernel modules. For now, we'll stick with uncompressed modules.
isolinux/initrd.img: Rebuilt.
Replaced corrupted firmware.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Replaced corrupted firmware.
ap/cups-2.4.6-x86_64-1.txz: Upgraded.
Fixed use-after-free when logging warnings in case of failures
in cupsdAcceptClient().
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-34241
(* Security fix *)
ap/sysstat-12.7.4-x86_64-1.txz: Upgraded.
d/mercurial-6.4.5-x86_64-1.txz: Upgraded.
l/libpng-1.6.40-x86_64-1.txz: Upgraded.
x/mesa-23.1.3-x86_64-1.txz: Upgraded.
a/userspace-rcu-0.14.0-x86_64-1.txz: Added.
This is needed by xfsprogs-6.3.0.
a/xfsprogs-6.3.0-x86_64-1.txz: Upgraded.
ap/xfsdump-3.1.12-x86_64-1.txz: Upgraded.
d/ccache-4.8.2-x86_64-1.txz: Upgraded.
a/dbus-1.14.8-x86_64-1.txz: Upgraded.
a/tree-2.1.1-x86_64-1.txz: Upgraded.
ap/cups-2.4.4-x86_64-1.txz: Upgraded.
This update is a hotfix for a segfault in cupsGetNamedDest(), when caller
tries to find the default destination and the default destination is not set
on the machine.
ap/ksh93-1.0.5_20230607_9b251344-x86_64-1.txz: Upgraded.
This is a bugfix and robustness enhancement release.
Thanks to McDutchie for the great work!
Thanks to pghvlaans for improvements to the build script.
ap/mariadb-10.11.4-x86_64-1.txz: Upgraded.
n/nghttp2-1.54.0-x86_64-1.txz: Upgraded.
a/elilo-3.16-x86_64-16.txz: Rebuilt.
eliloconfig: don't mess with mounting efivarfs. This should be handled by
rc.S, or by whatever the admin put in /etc/fstab.
a/kernel-firmware-20230523_1ba3519-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.30-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-5.txz: Rebuilt.
rc.S: mount efivarfs rw, may be overridden in /etc/default/efivarfs.
ap/sc-im-0.8.3-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.30-x86-1.txz: Upgraded.
d/parallel-20230522-noarch-1.txz: Upgraded.
k/kernel-source-6.1.30-noarch-1.txz: Upgraded.
l/enchant-2.4.0-x86_64-1.txz: Upgraded.
l/glib2-2.76.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.38-x86_64-1.txz: Upgraded.
l/qt5-5.15.9_20230523_245f369c-x86_64-1.txz: Upgraded.
This update fixes a security issue.
Qt-based clients may mismatch HSTS headers (Strict-Transport-Security),
which would prevent the client from switching to a secure HTTPS
connection as requested by a server.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32762
(* Security fix *)
n/curl-8.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
t/texlive-2023.230322-x86_64-3.txz: Rebuilt.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
xap/mozilla-firefox-113.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/
xfce/libxfce4ui-4.18.4-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/pam-1.5.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-2.txz: Rebuilt.
[PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
With execv() command line arguments are passed as separate strings and
not the full command line in a single string. This prevents arbitrary
command execution by escaping the quoting of the arguments in a job
with forged job title.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24805
(* Security fix *)
ap/vim-9.0.1569-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1569-x86_64-1.txz: Upgraded.
a/eudev-3.2.12-x86_64-1.txz: Upgraded.
ap/sqlite-3.42.0-x86_64-1.txz: Upgraded.
l/exiv2-0.27.6-x86_64-1.txz: Upgraded.
Ah, the old safe looking update with an soname bump and breaking API changes
strikes again. We'll revert to this until the fallout has settled down.
l/nodejs-20.2.0-x86_64-1.txz: Upgraded.
a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/https://www.cve.org/CVERecord?id=CVE-2023-28755https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.htmlhttps://www.samba.org/samba/security/CVE-2023-0922.htmlhttps://www.samba.org/samba/security/CVE-2023-0614.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-0225https://www.cve.org/CVERecord?id=CVE-2023-0922https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/glibc-zoneinfo-2023b-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
a/libbytesize-2.8-x86_64-1.txz: Upgraded.
a/tar-1.34-x86_64-3.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
ap/sqlite-3.41.2-x86_64-1.txz: Upgraded.
d/mercurial-6.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.2-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.1.0-x86_64-1.txz: Upgraded.
a/coreutils-9.2-x86_64-2.txz: Rebuilt.
Don't link with OpenSSL's libcrypto, as it creates problems on machines that
don't yet have openssl3 installed when /bin/sort suddenly depends upon
libcrypto.so.3. Worked fine without this previously, so it shouldn't really
make any difference. There's also a configure option to use the kernel's
crypto routines if available, but for now we'll skip this.
Thanks to rahrah.
a/kernel-firmware-20230320_bcdcfbc-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.21-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.21-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.21-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.21-x86-1.txz: Upgraded.
k/kernel-source-6.1.21-noarch-1.txz: Upgraded.
l/adwaita-icon-theme-44.0-noarch-1.txz: Upgraded.
n/gpgme-1.19.0-x86_64-1.txz: Upgraded.
n/links-2.29-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-1.txz: Upgraded.
Thanks to Johannes Schoepfer.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/elilo-3.16-x86_64-15.txz: Rebuilt.
eliloconfig: drop support for old EFI vars interface.
Mount efivarfs on /sys/firmware/efi/efivars if we find that the directory
is empty.
d/indent-2.2.13-x86_64-1.txz: Upgraded.
d/scons-4.5.2-x86_64-1.txz: Upgraded.
x/libva-2.18.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-111.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/111.0.1/releasenotes/
xfce/xfce4-clipman-plugin-1.6.3-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.13.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Make sure efivarfs is mounted on UEFI systems.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Make sure efivarfs is mounted on UEFI systems.
Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt.
Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added.
ap/cups-2.4.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz: Upgraded.
kde/falkon-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz: Upgraded.
l/neon-0.32.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56https://www.cve.org/CVERecord?id=CVE-2023-27522https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz: Added.
n/openvpn-2.6.0-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz: Upgraded.
Build with the bundled Heimdal instead of the system MIT Kerberos.
Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz: Removed.
extra/php81/php81-8.1.16-x86_64-1.txz: Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz: Removed.
a/aaa_libraries-15.1-x86_64-18.txz: Rebuilt.
Upgraded: libcap.so.2.67, libelf-0.189.so, libzstd.so.1.5.4,
libcares.so.2.6.0, libglib-2.0.so.0.7400.6, libgmodule-2.0.so.0.7400.6,
libgobject-2.0.so.0.7400.6, libgthread-2.0.so.0.7400.6, libtdb.so.1.4.8.
Removed: libnsl-2.36.so, libboost*.so.1.80.0.
Added: libnsl.so.3.0.0.
a/grep-3.9-x86_64-1.txz: Upgraded.
a/pam-1.5.2-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
a/quota-4.09-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
ap/linuxdoc-tools-0.9.82-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
ap/vorbis-tools-1.4.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/cvs-1.11.23-x86_64-8.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/perl-5.36.0-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/python2-2.7.18-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/python3-3.9.16-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/subversion-1.14.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
kde/kio-5.103.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
kde/kopete-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/libasyncns-0.8-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/libnsl-2.0.0-x86_64-1.txz: Upgraded.
Deprecated NIS+ code has been removed.
Sorry for so many rebuilds due to (of all things) an NIS support library,
but we had to get this out of the way eventually.
Shared library .so-version bump.
l/libnss_nis-3.1-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/loudmouth-1.5.4-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/autofs-5.1.8-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/epic5-2.1.12-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/irssi-1.4.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/net-snmp-5.9.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/netatalk-3.1.14-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/ntp-4.2.8p15-x86_64-11.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openldap-2.6.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openssh-9.2p1-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openvpn-2.6.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/postfix-3.7.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/ppp-2.4.9-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/procmail-3.24-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/proftpd-1.3.8-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/rpcbind-1.2.6-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/socat-1.7.4.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/stunnel-5.69-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/tcp_wrappers-7.6-x86_64-7.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/tftp-hpa-5.2-x86_64-9.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/uucp-1.07-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/vsftpd-3.0.5-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/yptools-4.2.3-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
Upgraded to ypserv-4.2.
xap/gftp-2.9.1b-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/pidgin-2.14.12-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/rxvt-unicode-9.26-x86_64-5.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xine-lib-1.2.13-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xine-ui-0.99.14-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xscreensaver-6.06-x86_64-2.txz: Rebuilt.
a/btrfs-progs-6.2-x86_64-2.txz: Rebuilt.
Rebuilt to link btrfs-convert to libreiserfscore. Thanks to Didier Spaier.
a/reiserfsprogs-3.6.27-x86_64-5.txz: Rebuilt.
Add shared library and devel files. Thanks to Didier Spaier.
a/pkgtools-15.1-noarch-4.txz: Rebuilt.
makepkg: also let xz decide how many threads to use on ARM platforms aarch64
and riscv64. Thanks to Stuart Winter.
installpkg: fix reversed test for if a --threads option was given. It appears
that it's been wrong for years but since xz didn't support threaded
decompression yet it wasn't noticed.
a/xz-5.4.1-x86_64-2.txz: Rebuilt.
Reduce default verbosity from V_WARNING to V_ERROR to avoid sending non-fatal
memory usage information to stderr.
kde/plasma-wayland-protocols-1.10.0-x86_64-1.txz: Upgraded.
l/exiv2-0.27.6-x86_64-1.txz: Upgraded.
l/tdb-1.4.8-x86_64-1.txz: Upgraded.
x/igt-gpu-tools-1.27.1-x86_64-1.txz: Upgraded.
x/libX11-1.8.3-x86_64-2.txz: Rebuilt.
[PATCH] Fix a9e845 and 797755 Allow X*IfEvent() to reenter libX11
Thanks to marav.
a/kernel-firmware-20230117_7e4f0ed-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.7-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-3.txz: Rebuilt.
installpkg: allow xz to use all the available CPU threads.
makepkg: by default, allow xz to determine how many threads to use. However,
on 32-bit platforms default to 2 threads since we were using this before. If
allowed to decide, xz seems to only want to use a single thread on 32-bit.
ap/nano-7.2-x86_64-1.txz: Upgraded.
ap/sudo-1.9.12p2-x86_64-1.txz: Upgraded.
This update fixes a flaw in sudo's -e option (aka sudoedit) that could allow
a malicious user with sudoedit privileges to edit arbitrary files.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-22809
(* Security fix *)
d/kernel-headers-6.1.7-x86-1.txz: Upgraded.
k/kernel-source-6.1.7-noarch-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.10-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
We're going to go ahead and jump to the 6.1.4 kernel, in spite of the fact
that a kernel bisect identified the patch that was preventing 32-bit from
booting here on a Thinkpad X1E:
------
From 2e479b3b82c49bfb9422274c0a9c155a41caecb7 Mon Sep 17 00:00:00 2001
From: Michael Kelley <mikelley@microsoft.com>
Date: Wed, 16 Nov 2022 10:41:24 -0800
Subject: [PATCH] x86/ioremap: Fix page aligned size calculation in
__ioremap_caller()
commit 4dbd6a3e90e03130973688fd79e19425f720d999 upstream.
Current code re-calculates the size after aligning the starting and
ending physical addresses on a page boundary. But the re-calculation
also embeds the masking of high order bits that exceed the size of
the physical address space (via PHYSICAL_PAGE_MASK). If the masking
removes any high order bits, the size calculation results in a huge
value that is likely to immediately fail.
Fix this by re-calculating the page-aligned size first. Then mask any
high order bits using PHYSICAL_PAGE_MASK.
Fixes: ffa71f33a820 ("x86, ioremap: Fix incorrect physical address handling in
PAE mode")
------
The non-SMP non-PAE 32-bit kernel is fine even without the patch revert.
The PAE kernel also works fine with this patch reverted without any need
to revert ffa71f33a820 (the patch that this one is supposed to fix). The
machine's excessive (for 32-bit) amount of physical RAM (64GB) might also
be a factor here considering the PAE kernel works on all the other machines
around here without reverting this patch.
The patch is reverted only on 32-bit. Upstream report still pending.
Enjoy! :-)
a/kernel-generic-6.1.4-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.4-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.4-x86_64-1.txz: Upgraded.
a/tree-2.1.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.4-x86-1.txz: Upgraded.
k/kernel-source-6.1.4-noarch-1.txz: Upgraded.
l/gvfs-1.50.3-x86_64-1.txz: Upgraded.
l/hunspell-1.7.2-x86_64-1.txz: Upgraded.
l/libnice-0.1.21-x86_64-1.txz: Upgraded.
n/tin-2.6.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/sysvinit-scripts-15.1-noarch-3.txz: Rebuilt.
rc.6: support an optional rc.firewall_shutdown script. Most firewall scripts
don't need a formal shutdown, but in some cases it can be useful. If your
rc.firewall script supports a stop parameter, the shutdown script should just
contain "/etc/rc.d/rc.firewall stop", or rc.firewall_shutdown could also be
a symlink to the rc.firewall script in that case. But how the script works
is (like the rc.firewall script support) completely up to the admin.
Thanks to metaed for the suggestion.
Please note that contrary to the request, I placed this *after* the network
is shut down to avoid removing firewall protection while the interfaces are
still active. Whether it'll work in this place for metaed's (or anyone
else's) needs, I'm not sure. It's a start. Feel free to weigh in on the LQ
thread if you have any ideas for improvement, but the goal here is to keep
this support as simple and flexible as possible.
d/nasm-2.16-x86_64-1.txz: Upgraded.
d/parallel-20221222-noarch-1.txz: Upgraded.
n/bind-9.18.10-x86_64-1.txz: Upgraded.
n/curl-7.87.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.6.1-x86_64-1.txz: Upgraded.
This release contains a security fix and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.6.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2022-54/https://www.cve.org/CVERecord?id=CVE-2022-46874
(* Security fix *)
xfce/xfce4-screenshooter-1.10.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_55-x86_64-2.txz: Rebuilt.
Rebuilt to fix dng.so module that was mistakenly compiled against the new
LibRaw that we don't yet include.
a/gptfdisk-1.0.9-x86_64-2.txz: Rebuilt.
Applied upstream patches to fix a crash and partition corruption caused by
the popt upgrade:
[PATCH] Updated guid.cc to deal with minor change in libuuid
[PATCH] Fix failure & crash of sgdisk when compiled with latest popt
[PATCH] Fix NULL dereference when duplicating string argument
Thanks to jloco.
d/cmake-3.25.1-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-24.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/cantor-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kfilemetadata-5.100.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kile-2.9.93-x86_64-22.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/kitinerary-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/krita-5.1.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
kde/okular-22.08.3-x86_64-2.txz: Rebuilt.
Recompiled against poppler-22.12.0.
l/glib2-2.74.3-x86_64-1.txz: Upgraded.
l/poppler-22.12.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.40.6-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-1.txz: Upgraded.
xap/libnma-1.10.4-x86_64-1.txz: Upgraded.
xap/network-manager-applet-1.30.0-x86_64-1.txz: Upgraded.
a/bash-5.2.012-x86_64-1.txz: Upgraded.
a/less-612-x86_64-1.txz: Upgraded.
a/tcsh-6.24.02-x86_64-1.txz: Upgraded.
ap/vim-9.0.0942-x86_64-1.txz: Upgraded.
d/make-4.4-x86_64-2.txz: Rebuilt.
[SV 63307] Spawn children with the default disposition of sigpipe.
Thanks to nobodino.
d/ruby-3.1.3-x86_64-1.txz: Upgraded.
This release includes a security fix:
HTTP response splitting in CGI.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-33621
(* Security fix *)
l/pipewire-0.3.61-x86_64-1.txz: Upgraded.
n/ipset-7.16-x86_64-1.txz: Upgraded.
x/fcitx5-5.0.21-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0942-x86_64-1.txz: Upgraded.
a/gawk-5.2.1-x86_64-1.txz: Upgraded.
a/rpm2tgz-1.2.2-x86_64-7.txz: Rebuilt.
Take rpmoffset fixes from Gentoo.
Thanks to allend.
d/ccache-4.7.4-x86_64-1.txz: Upgraded.
d/meson-0.64.1-x86_64-1.txz: Upgraded.
d/parallel-20221122-noarch-1.txz: Upgraded.
kde/fcitx5-configtool-5.0.16-x86_64-1.txz: Upgraded.
l/SDL2-2.26.0-x86_64-1.txz: Upgraded.
l/glib2-2.74.1-x86_64-2.txz: Rebuilt.
[PATCH 1/2] Revert "Handling collision between standard i/o file descriptors
and newly created ones."
[PATCH 2/2] glib-unix: Add test to make sure g_unix_open_pipe will intrude
standard range.
Thanks to marav.
l/newt-0.52.22-x86_64-1.txz: Upgraded.
l/pipewire-0.3.60-x86_64-2.txz: Rebuilt.
[PATCH] alsa: force playback start when buffer is full.
Thanks to marav.
tcl/tcl-8.6.13-x86_64-1.txz: Upgraded.
tcl/tk-8.6.13-x86_64-1.txz: Upgraded.
x/libglvnd-1.6.0-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.30-noarch-1.txz: Upgraded.
xap/blueman-2.3.5-x86_64-1.txz: Upgraded.
a/tree-2.0.4-x86_64-1.txz: Upgraded.
l/freecell-solver-6.8.0-x86_64-1.txz: Upgraded.
l/speech-dispatcher-0.11.3-x86_64-1.txz: Upgraded.
n/rsync-3.2.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
Notably, this addresses some regressions caused by the file-list validation
fix in rsync-3.2.5.
Thanks to llgar.
a/iniparser-4.1-x86_64-1.txz: Added.
This is needed by ndctl.
a/ndctl-74-x86_64-1.txz: Upgraded.
l/libical-3.0.15-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-102.3.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.3.2/releasenotes/
a/bash-5.2.000-x86_64-1.txz: Upgraded.
ap/vim-9.0.0594-x86_64-1.txz: Upgraded.
Fixed stack-based buffer overflow.
Thanks to marav for the heads-up.
In addition, Mig21 pointed out an issue where the defaults.vim file might
need to be edited for some purposes as its contents will override the
settings in the system-wide vimrc. Usually this file is replaced whenever
vim is upgraded, which in those situations would be inconvenient for the
admin. So, I've added support for a file named defaults.vim.custom which
(if it exists) will be used instead of the defaults.vim file shipped in
the package and will persist through upgrades.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3296
(* Security fix *)
l/fluidsynth-2.3.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.0_49-x86_64-1.txz: Upgraded.
l/libcap-2.66-x86_64-1.txz: Upgraded.
l/netpbm-10.99.03-x86_64-1.txz: Upgraded.
l/readline-8.2.000-x86_64-1.txz: Upgraded.
l/xapian-core-1.4.21-x86_64-1.txz: Upgraded.
n/dnsmasq-2.87-x86_64-1.txz: Upgraded.
Fix write-after-free error in DHCPv6 server code.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934
(* Security fix *)
x/xterm-373-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.0594-x86_64-1.txz: Upgraded.
a/quota-4.09-x86_64-1.txz: Upgraded.
d/parallel-20220922-noarch-1.txz: Upgraded.
l/jemalloc-5.3.0-x86_64-2.txz: Rebuilt.
Fixed version numbers in jemalloc.h. Thanks to Markus Wiesner.
n/ca-certificates-20220922-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
testing/packages/rust-1.64.0-x86_64-1.txz: Added.
We've found ourselves in a situation where Thunderbird requires the Rust
compiler in /extra, and Firefox requires the one in the main tree (and
can't use this one until Firefox 107 sometime in November), so we'll just
park this here until we can use it.
a/aaa_libraries-15.1-x86_64-10.txz: Rebuilt.
Upgraded: liblzma.so.5.2.6, libpng16.so.16.38.0, libslang.so.2.3.3.
Removed: libboost_*.so.1.79.0.
Use ldconfig to activate the libraries as they might be needed by install
scripts (or to chroot to the install partition from the installer).
Thanks to Stuart Winter.
a/kernel-generic-5.19.9-x86_64-1.txz: Upgraded.
a/kernel-huge-5.19.9-x86_64-1.txz: Upgraded.
a/kernel-modules-5.19.9-x86_64-1.txz: Upgraded.
ap/qpdf-11.1.0-x86_64-1.txz: Upgraded.
d/kernel-headers-5.19.9-x86-1.txz: Upgraded.
k/kernel-source-5.19.9-noarch-1.txz: Upgraded.
l/libpng-1.6.38-x86_64-1.txz: Upgraded.
l/pipewire-0.3.58-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.