a/aaa_libraries-15.1-x86_64-26.txz: Rebuilt.
Upgraded: libacl.so.1.1.2302, libattr.so.1.1.2502, liblzma.so.5.4.6,
libpcre2-8.so.0.12.0, libz.so.1.3.1, libcares.so.2.11.0,
libexpat.so.1.9.0, libffi.so.8.1.4, libglib-2.0.so.0.7800.4,
libgmodule-2.0.so.0.7800.4, libgobject-2.0.so.0.7800.4,
libgthread-2.0.so.0.7800.4, libidn.so.12.6.5, libidn2.so.0.4.0,
libpng16.so.16.41.0, libpsl.so.5.3.5, libtdb.so.1.4.10, libusb-1.0.so.0.4.0.
a/etc-15.1-x86_64-5.txz: Rebuilt.
Added UID 214 and GID 214 for avahi.
a/gettext-0.22.5-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-9.txz: Rebuilt.
setup.services: support rc.avahidaemon and rc.avahidnsconfd.
a/sysvinit-scripts-15.1-noarch-13.txz: Rebuilt.
rc.M: start (if executable) rc.avahidaemon and rc.avahidnsconfd.
ap/cups-2.4.7-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
ap/cups-filters-1.28.17-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
ap/hplip-3.23.12-x86_64-1.txz: Upgraded.
Compiled against avahi.
ap/xmltoman-0.6-x86_64-1.txz: Added.
This is needed to generate manpages for avahi.
d/distcc-3.4-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
d/gettext-tools-0.22.5-x86_64-1.txz: Upgraded.
l/avahi-20240220_dffd549-x86_64-1.txz: Added.
It was either this, or drop (or fork) hplip. We'll enjoy it in the long run.
Thanks to David Somero for the original build script, and to Robby Workman
for years of maintenance.
Signed-off-by: volkerdi
Acked-by: alienBOB
l/libdaemon-0.14-x86_64-1.txz: Added.
This is needed by avahi.
l/pipewire-1.0.3-x86_64-5.txz: Rebuilt.
Recompiled against avahi.
l/pulseaudio-17.0-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
n/NetworkManager-1.46.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.18-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
n/samba-4.19.5-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
xap/pidgin-2.14.12-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
xap/sane-1.2.1-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
extra/bash-completion/bash-completion-2.12.0-noarch-1.txz: Upgraded.
a/procps-ng-4.0.4-x86_64-1.txz: Upgraded.
a/shadow-4.14.4-x86_64-1.txz: Upgraded.
ap/man-pages-6.06-noarch-1.txz: Upgraded.
ap/vim-9.1.0098-x86_64-1.txz: Upgraded.
d/libgccjit-13.2.0-x86_64-1.txz: Added.
If we can ship GCC's D and Modula-2 support, then we can ship this.
We'll probably find a use for it. ;-)
Thanks to Didier Spaier for hints on the build script.
d/mercurial-6.6.3-x86_64-1.txz: Upgraded.
d/rust-1.76.0-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-1.txz: Upgraded.
l/openexr-3.2.2-x86_64-1.txz: Upgraded.
l/pango-1.51.2-x86_64-1.txz: Upgraded.
l/python-calver-2022.6.26-x86_64-1.txz: Added.
Needed for python-trove-classifiers. Thanks to lucabon.
n/openvpn-2.6.9-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0098-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Added.
Let's move this here since it's lagging behind the latest Rust.
a/kernel-firmware-20240208_fbef4d3-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.16-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.16-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.16-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.16-x86-1.txz: Upgraded.
k/kernel-source-6.6.16-noarch-1.txz: Upgraded.
-VIDEO_ATOMISP m
-VIDEO_ATOMISP_GC0310 n
-VIDEO_ATOMISP_GC2235 n
-VIDEO_ATOMISP_ISP2401 n
-VIDEO_ATOMISP_LM3554 n
-VIDEO_ATOMISP_MSRLIST_HELPER n
-VIDEO_ATOMISP_MT9M114 n
-VIDEO_ATOMISP_OV2722 n
-VIDEO_ATOMISP_OV5693 n
INTEL_ATOMISP y -> n
+INTEL_ATOMISP2_PM m
l/enchant-2.6.7-x86_64-1.txz: Upgraded.
l/libsecret-0.21.3-x86_64-1.txz: Upgraded.
l/libuv-1.48.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.76.0-x86_64-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
A test mass rebuild here didn't find any new failure-to-build-from-source, so
we'll go ahead and upgrade to the new glibc. Enjoy! :-)
a/aaa_glibc-solibs-2.39-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-36.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/cantor-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/kfilemetadata-5.114.0-x86_64-3.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/kile-2.9.93-x86_64-30.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/kitinerary-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/krita-5.2.2-x86_64-3.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/okular-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.02.0.
l/SDL2-2.30.0-x86_64-1.txz: Upgraded.
l/glibc-2.39-x86_64-1.txz: Upgraded.
This fixes a few __vsyslog_internal related overflows that could result in
an application crash or local privilege escalation.
The issues affected glibc 2.36 and newer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6246https://www.cve.org/CVERecord?id=CVE-2023-6779https://www.cve.org/CVERecord?id=CVE-2023-6780
(* Security fix *)
l/glibc-i18n-2.39-x86_64-1.txz: Upgraded.
l/glibc-profile-2.39-x86_64-1.txz: Upgraded.
l/pipewire-1.0.3-x86_64-1.txz: Upgraded.
l/poppler-24.02.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/ipset-7.20-x86_64-1.txz: Upgraded.
ap/nvme-cli-2.7.1-x86_64-1.txz: Upgraded.
l/libnvme-1.7.1-x86_64-1.txz: Added.
This is required by nvme-cli.
l/pipewire-1.0.2-x86_64-1.txz: Upgraded.
n/curl-8.6.0-x86_64-1.txz: Upgraded.
n/libmilter-8.18.1-x86_64-1.txz: Upgraded.
extra/sendmail/sendmail-8.18.1-x86_64-1.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1.txz: Upgraded.
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727https://www.cve.org/CVERecord?id=CVE-2023-6237https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
ap/diffstat-1.66-x86_64-1.txz: Upgraded.
ap/moc-2.6_alpha3-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
ap/vim-9.1.0061-x86_64-1.txz: Upgraded.
d/nv-codec-headers-12.1.14.0-x86_64-1.txz: Added.
Needed to build support for nvidia hardware decoders/encoders on newer GPUs.
gst-plugins-bad can use it too.
Thanks to Heinz Wiesinger.
kde/digikam-8.2.0-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/ffmpegthumbs-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/k3b-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/kfilemetadata-5.114.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/kpipewire-5.27.10-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/Imath-3.1.10-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.2.7.1-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/ffmpeg-6.1.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Added some new build options in the SlackBuild.
Use shaderc instead of glslang.
Build against libgcrypt to enable support for RTMP[E].
Enable support for lcms2.
Build against libass, libplacebo, and nv-codec-headers.
Thanks to Heinz Wiesinger.
l/gegl-0.4.46-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/gst-plugins-bad-free-1.22.9-x86_64-2.txz: Rebuilt.
Recompiled against libass-0.17.1.
l/gst-plugins-libav-1.22.9-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/libass-0.17.1-x86_64-1.txz: Added.
Adds ASS/SSA subtitle renderer (commonly used in the anime community).
adapted SlackBuild from SBo, original by Larry Hajali/Matteo Bernardini.
MPlayer and gst-plugins-bad can use it too.
Thanks to Heinz Wiesinger.
l/libplacebo-6.338.2-x86_64-1.txz: Added.
Adds various hardware accelerated filters such as HDR -> SDR tone mapping.
adapted SlackBuild from SBo, original by Hunter Sezen/Christoph Willing.
Thanks to Heinz Wiesinger.
l/mlt-7.22.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/netpbm-11.05.02-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/pipewire-1.0.1-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
x/pixman-0.43.2-x86_64-1.txz: Upgraded.
xap/MPlayer-20240127-x86_64-1.txz: Upgraded.
Compiled against ffmpeg-6.1.1 and libass-0.17.1.
xap/audacious-plugins-4.3.1-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/ffmpegthumbnailer-2.2.2-x86_64-5.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/freerdp-2.11.5-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/ssr-0.4.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/vim-gvim-9.1.0061-x86_64-1.txz: Upgraded.
xap/xine-lib-1.2.13-x86_64-6.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/xscreensaver-6.08-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
extra/tigervnc/tigervnc-1.13.1-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
a/procps-ng-3.3.17-x86_64-3.txz: Rebuilt.
Add /etc/default/sysctl to support custom options for sysctl in rc.S.
Thanks to lostintime.
a/sysvinit-scripts-15.1-noarch-12.txz: Rebuilt.
rc.S: support /etc/default/sysctl for custom options.
Thanks to lostintime.
l/imagemagick-7.1.1_26-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-1.txz: Upgraded.
n/samba-4.19.4-x86_64-1.txz: Upgraded.
x/imake-1.0.10-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-10.txz: Rebuilt.
rc.M: Fix the name of the LDAP name service daemon (rc.nss-pam-ldap).
Thanks to 0XBF.
d/subversion-1.14.3-x86_64-1.txz: Upgraded.
l/libvisual-0.4.2-x86_64-1.txz: Upgraded.
l/libvisual-plugins-0.4.2-x86_64-1.txz: Upgraded.
l/netpbm-11.05.01-x86_64-1.txz: Upgraded.
xfce/thunar-4.18.9-x86_64-1.txz: Upgraded.
testing/packages/grub-2.12-x86_64-1.txz: Added.
l/libxml2-2.12.3-x86_64-2.txz: Rebuilt.
Rebuilt using the --with-legacy option (maximum ABI compatibility) and
--with-ftp option (functionality included by default in libxml2 2.9).
n/bluez-5.71-x86_64-1.txz: Upgraded.
This update fixes a security issue:
It may have been possible for an attacker within Bluetooth range to inject
keystrokes (and possibly execute commands) while devices were discoverable.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-45866
(* Security fix *)
x/compiz-0.8.18-x86_64-4.txz: Rebuilt.
Patched to work properly with libxml2-2.12.3.
Thanks to saxa.
We've gone ahead and moved the 6.6 kernel into the main tree. As previously
mentioned when this branch first appeared in /testing, on the 32-bit side
there are no longer any -smp labeled kernel packages, so if you were using
those previously, you'll need to switch to using to kernel-generic or
kernel-huge kernel, including the changes needed to your bootloader setup to
load this instead of the -smp labeled kernel. Also, if you happen to be using
a first generation Pentium M chip, you will need to append forcepae to your
kernel command-line options. Enjoy! :-)
a/kernel-firmware-20231211_f2e52a1-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.6-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.6-x86_64-1.txz: Upgraded.
ap/qpdf-11.6.4-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.6-x86-1.txz: Upgraded.
k/kernel-source-6.6.6-noarch-1.txz: Upgraded.
l/imagemagick-7.1.1_23-x86_64-1.txz: Upgraded.
l/libsecret-0.21.2-x86_64-1.txz: Upgraded.
Thanks to reddog83 and saxa.
l/zxing-cpp-2.2.1-x86_64-1.txz: Upgraded.
n/postfix-3.8.3-x86_64-2.txz: Rebuilt.
OpenSSL upstream says that major versions are ABI/API compatible, so stop
warning in the logs that they might not be.
Thanks to gildbg and Markus Wiesner.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-23.txz: Rebuilt.
Upgraded: libelf-0.190.so, libcares.so.2.9.0, libglib-2.0.so.0.7800.2,
libgmodule-2.0.so.0.7800.2, libgobject-2.0.so.0.7800.2,
libgthread-2.0.so.0.7800.2.
Added: libtiff.so.6.0.2, libtiffxx.so.6.0.2.
a/util-linux-2.39.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/ghostscript-10.02.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
ap/rpm-4.19.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
e/emacs-29.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/bluedevil-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-grub-5.27.10-x86_64-1.txz: Upgraded.
kde/breeze-gtk-5.27.10-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/drkonqi-5.27.10-x86_64-1.txz: Upgraded.
kde/gwenview-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kactivitymanagerd-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-cli-tools-5.27.10-x86_64-1.txz: Upgraded.
kde/kde-gtk-config-5.27.10-x86_64-1.txz: Upgraded.
kde/kdecoration-5.27.10-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.27.10-x86_64-1.txz: Upgraded.
kde/kgamma5-5.27.10-x86_64-1.txz: Upgraded.
kde/khotkeys-5.27.10-x86_64-1.txz: Upgraded.
kde/kinfocenter-5.27.10-x86_64-1.txz: Upgraded.
kde/kmenuedit-5.27.10-x86_64-1.txz: Upgraded.
kde/kpipewire-5.27.10-x86_64-1.txz: Upgraded.
kde/krita-5.2.1-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/kscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/kscreenlocker-5.27.10-x86_64-1.txz: Upgraded.
kde/ksshaskpass-5.27.10-x86_64-1.txz: Upgraded.
kde/ksystemstats-5.27.10-x86_64-1.txz: Upgraded.
kde/kwallet-pam-5.27.10-x86_64-1.txz: Upgraded.
kde/kwayland-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/kwin-5.27.10-x86_64-1.txz: Upgraded.
kde/kwrited-5.27.10-x86_64-1.txz: Upgraded.
kde/layer-shell-qt-5.27.10-x86_64-1.txz: Upgraded.
kde/libkscreen-5.27.10-x86_64-1.txz: Upgraded.
kde/libksysguard-5.27.10-x86_64-1.txz: Upgraded.
kde/milou-5.27.10-x86_64-1.txz: Upgraded.
kde/okular-23.08.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
kde/oxygen-5.27.10-x86_64-1.txz: Upgraded.
kde/oxygen-sounds-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-browser-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-desktop-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-disks-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-firewall-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-integration-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-nm-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-pa-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-sdk-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-systemmonitor-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-vault-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-5.27.10-x86_64-1.txz: Upgraded.
kde/plasma-workspace-wallpapers-5.27.10-noarch-1.txz: Upgraded.
kde/polkit-kde-agent-1-5.27.10-x86_64-1.txz: Upgraded.
kde/powerdevil-5.27.10-x86_64-1.txz: Upgraded.
kde/qqc2-breeze-style-5.27.10-x86_64-1.txz: Upgraded.
kde/sddm-kcm-5.27.10-x86_64-1.txz: Upgraded.
kde/systemsettings-5.27.10-x86_64-1.txz: Upgraded.
kde/xdg-desktop-portal-kde-5.27.10-x86_64-1.txz: Upgraded.
l/SDL2_image-2.6.3-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/djvulibre-3.5.28-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gd-2.3.3-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gdk-pixbuf2-2.42.10-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/gegl-0.4.46-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/glib2-2.78.2-x86_64-1.txz: Upgraded.
l/gtk4-4.12.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/imagemagick-7.1.1_22-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms-1.19-x86_64-7.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/lcms2-2.16-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libtiff-4.6.0-x86_64-1.txz: Upgraded.
Probably best to get this one out of the way...
From the release announcement:
Pay attention to the following warning:
This version removes a big number of utilities that have suffered from lack
of maintenance over the years and were the source of various reported
security issues. See "Removed functionality" below for the list of removed
utilities. Starting with libtiff v4.6.0, their source code, at this time,
will still be available in the source distribution, but they will no longer
be built by default, and issues related to them will no longer be accepted
in the libtiff bug tracker. The only remaining supported TIFF tools are
tiffinfo, tiffdump, tiffcp, tiffset and tiffsplit.
Shared library .so-version bump.
l/libwebp-1.3.2-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/netpbm-11.04.04-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/opencv-4.8.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/poppler-23.12.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/python-pillow-8.4.0-x86_64-3.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/qt5-5.15.11_20231125_4765fa1d-x86_64-1.txz: Upgraded.
Compiled against libtiff-4.6.0.
l/sdl-1.2.15-x86_64-15.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
n/links-2.29-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
t/xfig-3.2.9-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/geeqie-2.1-x86_64-4.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/gimp-2.10.36-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/sane-1.2.1-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/windowmaker-0.96.0-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xpaint-3.1.4-x86_64-2.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
xap/xsane-0.999-x86_64-6.txz: Rebuilt.
Recompiled against libtiff-4.6.0.
l/libqalculate-4.9.0-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.95-x86_64-1.txz: Upgraded.
l/v4l-utils-1.26.0-x86_64-2.txz: Rebuilt.
Do not overwrite gconv-modules from glibc - instead, install it to
gconv-modules.d/v4l-utils.conf.
If your /usr/lib{,64}/gconv/gconv-modules was overwritten causing character
conversion errors, reinstall the glibc package to fix this.
Thanks to glennmcc.
n/php-8.3.0-x86_64-1.txz: Upgraded.
n/samba-4.19.3-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
An information leak vulnerability was discovered in Samba's LDAP server.
Due to missing access control checks, an authenticated but unprivileged
attacker could discover the names and preserved attributes of deleted objects
in the LDAP store. Upgrading to this package will not prevent this
information leak - if you are using Samba as an Active Directory Domain
Controller, you will need to follow the instructions in the samba.org link
given below.
For more information, see:
https://www.samba.org/samba/security/CVE-2018-14628.htmlhttps://www.cve.org/CVERecord?id=CVE-2018-14628
(* Security fix *)
x/libwacom-2.9.0-x86_64-1.txz: Upgraded.
a/shadow-4.14.2-x86_64-2.txz: Rebuilt.
adduser: fixed chown syntax to silence warnings. Thanks to Stuart Winter.
l/gi-docgen-2023.3-x86_64-1.txz: Added.
Thanks to Heinz Wiesinger.
l/python-smartypants-2.0.1-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
l/python-toml-0.10.2-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
l/python-typogrify-2.0.7-x86_64-1.txz: Added.
Needed for gi-docgen. Thanks to Heinz Wiesinger.
x/xdg-desktop-portal-1.18.2-x86_64-1.txz: Upgraded.
Thanks to 0XBF.
testing/packages/php-8.3.0-x86_64-1.txz: Added.
We have fresh 6.6 kernels in /testing! You may notice that on the 32-bit side
we have done away with the -smp labeled kernel packages, but it's actually the
other kernels that were retired -- the non-SMP, non-PAE ones. If you were
previously using kernel-generic-smp or kernel-huge-smp, you'll need to make
some adjustments to your bootloader setup to load kernel-generic or kernel-huge
instead. About the only non-obsolete CPUs that may have an issue with this are
the first generation Pentium M chips, which supported PAE but unfortunately did
not advertise this in the CPU flags. But these will support PAE if the kernel
option "forcepae" is appended at boot time. Enjoy! :-)
a/gettext-0.22.4-x86_64-1.txz: Upgraded.
a/kbd-2.6.3-x86_64-3.txz: Rebuilt.
Installed extra console fonts.
a/kernel-firmware-20231120_9552083-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.63-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.63-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-34.txz: Rebuilt.
Fix tests for including jfs/xfs repair tools. Thanks to regdub.
a/pkgtools-15.1-noarch-8.txz: Rebuilt.
Make vim the default vi choice.
ap/vim-9.0.2116-x86_64-1.txz: Upgraded.
d/gettext-tools-0.22.4-x86_64-1.txz: Upgraded.
d/git-2.43.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.63-x86-1.txz: Upgraded.
d/mercurial-6.6-x86_64-1.txz: Upgraded.
d/meson-1.3.0-x86_64-1.txz: Upgraded.
d/scons-4.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.63-noarch-1.txz: Upgraded.
l/readline-8.2.007-x86_64-1.txz: Upgraded.
n/c-ares-1.22.1-x86_64-1.txz: Upgraded.
n/nfs-utils-2.6.4-x86_64-1.txz: Upgraded.
x/libdrm-2.4.118-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.5.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
Thanks to zuriel for the taskbar icon fix on Wayland. :-)
For more information, see:
https://www.mozilla.org/en-US/firefox/115.5.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2023-50/https://www.cve.org/CVERecord?id=CVE-2023-6204https://www.cve.org/CVERecord?id=CVE-2023-6205https://www.cve.org/CVERecord?id=CVE-2023-6206https://www.cve.org/CVERecord?id=CVE-2023-6207https://www.cve.org/CVERecord?id=CVE-2023-6208https://www.cve.org/CVERecord?id=CVE-2023-6209https://www.cve.org/CVERecord?id=CVE-2023-6212
(* Security fix *)
xap/vim-gvim-9.0.2116-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.6-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-headers-6.6.2-x86-1.txz: Added.
testing/packages/kernel-huge-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-modules-6.6.2-x86_64-1.txz: Added.
testing/packages/kernel-source-6.6.2-noarch-1.txz: Added.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kbd-2.6.3-x86_64-1.txz: Upgraded.
Thanks to Robby Workman.
a/kernel-firmware-20231107_2340796-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.62-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.62-x86_64-1.txz: Upgraded.
ap/sudo-1.9.15p1-x86_64-1.txz: Upgraded.
This is a bugfix release:
Fixed a bug introduced in sudo 1.9.15 that prevented LDAP-based sudoers
from being able to read the ldap.conf file.
d/kernel-headers-6.1.62-x86-1.txz: Upgraded.
k/kernel-source-6.1.62-noarch-1.txz: Upgraded.
kde/plasma-wayland-protocols-1.11.0-x86_64-1.txz: Upgraded.
l/liburing-2.5-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.4.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.4.2/releasenotes/
xap/xlockmore-5.74-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/exfatprogs-1.2.2-x86_64-1.txz: Upgraded.
kde/digikam-8.1.0-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/gwenview-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/kfilemetadata-5.111.0-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/krename-5.0.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/krita-5.2.0-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
kde/libkexiv2-23.08.2-x86_64-2.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
l/QtAV-20220226_fdc613dc-x86_64-1.txz: Removed.
This is no longer used by digikam, so let's just remove it.
l/exiv2-0.28.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libsoup3-3.4.4-x86_64-1.txz: Upgraded.
n/c-ares-1.21.0-x86_64-1.txz: Upgraded.
n/gpgme-1.23.1-x86_64-1.txz: Upgraded.
n/nghttp2-1.58.0-x86_64-1.txz: Upgraded.
xap/geeqie-2.1-x86_64-3.txz: Rebuilt.
Recompiled against exiv2-0.28.0.
a/lvm2-2.03.22-x86_64-1.txz: Upgraded.
kde/kstars-3.6.7-x86_64-1.txz: Upgraded.
It's time for KStars in Slackware to be less of a toy and more of a useful
tool. The required dependencies have been added for EKOS, the INDI client
included in KStars, which will allow for computer control of astronomy
devices. Additional deps and drivers may be required, but these are runtime
dependencies. See (for example) gpsd, libdc1394, libftdi1, libindi-libraries,
and libindi-drivers, all of which can be found on slackbuilds.org.
Huge thanks to Edward W. Koenig for the detailed writeup - it was extremely
helpful! :-) Here's a link to the article:
https://www.linuxgalaxy.org/kingbeowulf/astronomy-device-control-in-slackware-15-and-current/
kde/libindi-2.0.4-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
kde/libnova-0.15.0-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
Thanks to Chris Abela, Ryan P.C. McQuen, and Philip Lacroix.
kde/stellarsolver-2.5-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
kde/wcslib-8.1-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
l/LibRaw-0.21.1-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
A heap-buffer-overflow was found in raw2image_ex(int), which may lead to
application crash by maliciously crafted input file.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1729
(* Security fix *)
l/imagemagick-7.1.1_21-x86_64-1.txz: Upgraded.
l/libev-4.33-x86_64-1.txz: Added.
This is required by kstars-3.6.7.
As this package may have more general usage than just kstars, we'll put it
in the L series.
Thanks to AA ime Ramov and Matteo Bernardini.
l/vte-0.74.1-x86_64-1.txz: Upgraded.
a/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
ap/qpdf-11.6.2-x86_64-1.txz: Upgraded.
ap/vim-9.0.2009-x86_64-1.txz: Upgraded.
l/desktop-file-utils-0.27-x86_64-1.txz: Upgraded.
l/glibc-2.38-x86_64-2.txz: Rebuilt.
These glibc packages are the exact ones that were previously in /testing.
A test mass rebuild was done here finding no new FTBFS, so I think these
are good to go. :)
l/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
l/imagemagick-7.1.1_20-x86_64-1.txz: Upgraded.
l/libxkbcommon-1.6.0-x86_64-1.txz: Upgraded.
l/shared-mime-info-2.3-x86_64-1.txz: Upgraded.
n/c-ares-1.20.0-x86_64-1.txz: Upgraded.
n/libtirpc-1.3.4-x86_64-1.txz: Upgraded.
n/proftpd-1.3.8a-x86_64-1.txz: Upgraded.
n/whois-5.5.19-x86_64-1.txz: Upgraded.
Fixed english support for Japanese queries to not add again the /e argument
if it had already been provided by the user. (Closes: #1050171)
Added the .ye and .*************** (.xn--54b7fta0cc, Bangladesh) TLD servers.
Updated the .ba, .bb, .dk, .es, .gt, .jo, .ml, .mo, .pa, .pn, .sv, .uy,
.a+-la-r+-d+.n+, (.xn--mgbayh7gpa, Jordan) and .****** (.xn--mix891f, Macao)
TLD servers.
Upgraded the TLD URLs to HTTPS whenever possible.
Updated the charset for whois.jprs.jp.
Removed 3 new gTLDs which are no longer active.
Removed support for the obsolete as32 dot notation.
x/xterm-386-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.2009-x86_64-1.txz: Upgraded.
kde/krita-5.2.0-x86_64-1.txz: Upgraded.
l/fftw-3.3.10-x86_64-2.txz: Rebuilt.
Build and package missing FFTW3LibraryDepends.cmake.
This is needed for krita-5.2.0.
l/immer-0.8.1-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/lager-0.1.0-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/libunibreak-5.1-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
l/zug-0.1.0-x86_64-1.txz: Added.
This is needed for krita-5.2.0.
xap/network-manager-applet-1.34.0-x86_64-1.txz: Upgraded.
a/aaa_glibc-solibs-2.37-x86_64-3.txz: Rebuilt.
a/dialog-1.3_20231002-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.3-x86_64-1.txz: Upgraded.
d/llvm-17.0.2-x86_64-1.txz: Upgraded.
d/meson-1.2.2-x86_64-2.txz: Rebuilt.
[PATCH] Revert rust: apply global, project, and environment C args to bindgen.
This fixes building Mesa.
Thanks to lucabon and marav.
kde/calligra-3.2.1-x86_64-34.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/cantor-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kfilemetadata-5.110.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kile-2.9.93-x86_64-28.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/kitinerary-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/krita-5.1.5-x86_64-15.txz: Rebuilt.
Recompiled against poppler-23.10.0.
kde/okular-23.08.1-x86_64-2.txz: Rebuilt.
Recompiled against poppler-23.10.0.
l/glibc-2.37-x86_64-3.txz: Rebuilt.
l/glibc-i18n-2.37-x86_64-3.txz: Rebuilt.
Patched to fix the "Looney Tunables" vulnerability, a local privilege
escalation in ld.so. This vulnerability was introduced in April 2021
(glibc 2.34) by commit 2ed18c.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://www.cve.org/CVERecord?id=CVE-2023-4911
(* Security fix *)
l/glibc-profile-2.37-x86_64-3.txz: Rebuilt.
l/mozilla-nss-3.94-x86_64-1.txz: Upgraded.
l/poppler-23.10.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/NetworkManager-1.44.2-x86_64-1.txz: Upgraded.
n/irssi-1.4.5-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-gtk-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-m17n-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-table-extra-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-table-other-5.1.0-x86_64-1.txz: Upgraded.
x/fcitx5-unikey-5.1.1-x86_64-1.txz: Upgraded.
x/libX11-1.8.7-x86_64-1.txz: Upgraded.
This update fixes security issues:
libX11: out-of-bounds memory access in _XkbReadKeySyms().
libX11: stack exhaustion from infinite recursion in PutSubImage().
libX11: integer overflow in XCreateImage() leading to a heap overflow.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-43785https://www.cve.org/CVERecord?id=CVE-2023-43786https://www.cve.org/CVERecord?id=CVE-2023-43787
(* Security fix *)
x/libXpm-3.5.17-x86_64-1.txz: Upgraded.
This update fixes security issues:
libXpm: out of bounds read in XpmCreateXpmImageFromBuffer().
libXpm: out of bounds read on XPM with corrupted colormap.
For more information, see:
https://lists.x.org/archives/xorg-announce/2023-October/003424.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-43788https://www.cve.org/CVERecord?id=CVE-2023-43789
(* Security fix *)
testing/packages/aaa_glibc-solibs-2.38-x86_64-2.txz: Rebuilt.
testing/packages/glibc-2.38-x86_64-2.txz: Rebuilt.
Patched to fix the "Looney Tunables" vulnerability, a local privilege
escalation in ld.so. This vulnerability was introduced in April 2021
(glibc 2.34) by commit 2ed18c.
Thanks to Qualys Research Labs for reporting this issue.
For more information, see:
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txthttps://www.cve.org/CVERecord?id=CVE-2023-4911
(* Security fix *)
testing/packages/glibc-i18n-2.38-x86_64-2.txz: Rebuilt.
testing/packages/glibc-profile-2.38-x86_64-2.txz: Rebuilt.
ap/mpg123-1.32.2-x86_64-1.txz: Upgraded.
l/cairo-1.18.0-x86_64-1.txz: Upgraded.
l/gtk4-4.12.3-x86_64-1.txz: Upgraded.
x/fonttosfnt-1.2.3-x86_64-1.txz: Upgraded.
xap/geeqie-2.1-x86_64-2.txz: Rebuilt.
Patched and recompiled against lua-5.4.6.
xap/mozilla-firefox-115.3.1esr-x86_64-1.txz: Upgraded.
This update contains a security fix.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.3.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/https://www.cve.org/CVERecord?id=CVE-2023-5217
(* Security fix *)
xfce/xfce4-panel-4.18.5-x86_64-1.txz: Upgraded.
testing/packages/aaa_glibc-solibs-2.38-x86_64-1.txz: Added.
testing/packages/glibc-2.38-x86_64-1.txz: Added.
Instead of building the deprecated glibc crypt library, bundle
libxcrypt-4.4.36 (both .so.1 compat version and .so.2 new API version).
testing/packages/glibc-i18n-2.38-x86_64-1.txz: Added.
testing/packages/glibc-profile-2.38-x86_64-1.txz: Added.
a/sysklogd-2.5.2-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.11-x86_64-1.txz: Upgraded.
l/adwaita-icon-theme-45.0-noarch-1.txz: Upgraded.
l/gsettings-desktop-schemas-45.0-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_16-x86_64-1.txz: Upgraded.
l/libdeflate-1.19-x86_64-1.txz: Upgraded.
l/libqalculate-4.8.1-x86_64-1.txz: Upgraded.
l/vte-0.74.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.17-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Validate data type in dalloc_value_for_key(). This flaw could allow a
malicious actor to cause Netatalk's afpd daemon to crash, or possibly to
execute arbitrary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-42464
(* Security fix *)
ap/vim-9.0.1903-x86_64-1.txz: Upgraded.
l/at-spi2-atk-2.38.0-x86_64-3.txz: Removed.
l/at-spi2-core-2.50.0-x86_64-1.txz: Upgraded.
This now includes the features from the former at-spi2-atk and atk packages.
l/atk-2.38.0-x86_64-1.txz: Removed.
l/cairo-1.17.6-x86_64-1.txz: Upgraded.
l/glib-networking-2.78.0-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.78.1-x86_64-1.txz: Upgraded.
l/json-glib-1.8.0-x86_64-1.txz: Upgraded.
l/libsoup3-3.4.3-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1903-x86_64-1.txz: Upgraded.
a/coreutils-9.3-x86_64-2.txz: Rebuilt.
Don't support AVX2 instructions for wc. Since it's possible to enable a
kernel option that causes the kernel to advertise AVX2 as available, but
leads to an illegal instruction if there's an attempt to actually use
AVX2 when old microcode is in use, this isn't reliable. Furthermore, wc
is used by the pkgtools and this sort of failure could lead to corruption
of the filesystem and/or package database. So, we'll disable this to be on
the safe side. Thanks to lancsuk for noticing this issue.
a/kernel-generic-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.48-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.48-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.48-x86-1.txz: Upgraded.
k/kernel-source-6.1.48-noarch-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/binutils-2.41-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-12.txz: Rebuilt.
Recompiled against binutils-2.41.
d/tree-sitter-0.20.8-x86_64-1.txz: Added.
This is a dependency for an interesting new feature of emacs-29.1.
e/emacs-29.1-x86_64-1.txz: Upgraded.
Compiled against tree-sitter-0.20.8. Grammar libraries for this can be
downloaded and installed from within Emacs - see the NEWS file for details.
l/gmp-6.3.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.1-x86_64-1.txz: Upgraded.
l/polkit-123-x86_64-1.txz: Upgraded.
a/kernel-firmware-20230707_d3f6606-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.39-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.39-x86_64-1.txz: Upgraded.
a/xfsprogs-6.4.0-x86_64-1.txz: Upgraded.
d/cmake-3.27.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.39-x86-1.txz: Upgraded.
k/kernel-source-6.1.39-noarch-1.txz: Upgraded.
l/mpfr-4.2.0p12-x86_64-1.txz: Upgraded.
n/bind-9.18.17-x86_64-1.txz: Upgraded.
n/curl-8.2.0-x86_64-1.txz: Upgraded.
This update fixes a security issue:
fopen race condition.
For more information, see:
https://curl.se/docs/CVE-2023-32001.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-32001
(* Security fix *)
n/dhcpcd-10.0.2-x86_64-1.txz: Upgraded.
n/openssh-9.3p2-x86_64-1.txz: Upgraded.
This update fixes a security issue:
ssh-agent(1) in OpenSSH between and 5.5 and 9.3p1 (inclusive): remote code
execution relating to PKCS#11 providers.
The PKCS#11 support ssh-agent(1) could be abused to achieve remote code
execution via a forwarded agent socket if the following conditions are met:
* Exploitation requires the presence of specific libraries on the victim
system.
* Remote exploitation requires that the agent was forwarded to an
attacker-controlled system.
Exploitation can also be prevented by starting ssh-agent(1) with an empty
PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring an allowlist that
contains only specific provider libraries.
This vulnerability was discovered and demonstrated to be exploitable by the
Qualys Security Advisory team.
Potentially-incompatible changes:
* ssh-agent(8): the agent will now refuse requests to load PKCS#11 modules
issued by remote clients by default. A flag has been added to restore the
previous behaviour: "-Oallow-remote-pkcs11".
For more information, see:
https://www.openssh.com/txt/release-9.3p2https://www.cve.org/CVERecord?id=CVE-2023-38408
(* Security fix *)
n/samba-4.18.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
When winbind is used for NTLM authentication, a maliciously crafted request
can trigger an out-of-bounds read in winbind and possibly crash it.
SMB2 packet signing is not enforced if an admin configured
"server signing = required" or for SMB2 connections to Domain Controllers
where SMB2 packet signing is mandatory.
An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
triggered by an unauthenticated attacker by issuing a malformed RPC request.
Missing type validation in Samba's mdssvc RPC service for Spotlight can be
used by an unauthenticated attacker to trigger a process crash in a shared
RPC mdssvc worker process.
As part of the Spotlight protocol Samba discloses the server-side absolute
path of shares and files and directories in search results.
For more information, see:
https://www.samba.org/samba/security/CVE-2022-2127.htmlhttps://www.samba.org/samba/security/CVE-2023-3347.htmlhttps://www.samba.org/samba/security/CVE-2023-34966.htmlhttps://www.samba.org/samba/security/CVE-2023-34967.htmlhttps://www.samba.org/samba/security/CVE-2023-34968.htmlhttps://www.cve.org/CVERecord?id=CVE-2022-2127https://www.cve.org/CVERecord?id=CVE-2023-3347https://www.cve.org/CVERecord?id=CVE-2023-34966https://www.cve.org/CVERecord?id=CVE-2023-34967https://www.cve.org/CVERecord?id=CVE-2023-34968
(* Security fix *)
xap/mozilla-firefox-115.0.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.0.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/tar-1.35-x86_64-1.txz: Upgraded.
x/mesa-23.2.0_rc1-x86_64-1.txz: Upgraded.
OK, usually I won't use rc versions even in -current, but in this case I'm
going to. Some time ago my desktop machine with RS880 / Radeon HD 4290
graphics on the motherboard began acting up with the screen going black
for a few seconds before returning. This after an hour or so of uptime,
usually, then becoming more frequent with more uptime. Eventually I'd lose
mouse and/or keyboard too, and have to reboot. Here's a couple of errors
from dmesg:
[ 9942.677675] [drm:r600_ib_test [radeon]] *ERROR* radeon: fence wait
timed out.
[ 9942.677741] [drm:radeon_ib_ring_tests [radeon]] *ERROR* radeon: failed
testing IB on GFX ring (-110).
I also noticed that the backtrace started with ttm_bo_release, and seeing
this in recent kernel patches had been chalking this up to a kernel bug.
I *still* think it could be, and there are a bunch of kernel patches coming
soon to -stable from Alex Deucher that could address the underlying causes
(not for 6.1.39 though, unfortunately). Anyway, I'd recently figured out
that reverting Mesa sufficiently made the issue go away. And now it seems
this 23.2.0 release candidate also fixes the issue.
Yes, I could go search for the commits to cherry-pick, but we'll be moving
to mesa-23.2.0 when it's released, so we might as well start testing now.
l/freetype-2.13.1-x86_64-1.txz: Upgraded.
NOTE: Infinality mode has been removed. If you've enabled it in your
/etc/profile.d/freetype.{csh,sh} script, you'll need to make sure that
either all of the available choices are commented out, or enable one of
the two remaining choices.
a/btrfs-progs-6.3.2-x86_64-1.txz: Upgraded.
l/a52dec-0.8.0-x86_64-1.txz: Upgraded.
l/gjs-1.76.2-x86_64-1.txz: Upgraded.
x/libX11-1.8.6-x86_64-1.txz: Upgraded.
This update fixes buffer overflows in InitExt.c that could at least cause
the client to crash due to memory corruption.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-3138
(* Security fix *)
a/hwdata-0.371-noarch-1.txz: Upgraded.
ap/cups-2.4.3-x86_64-1.txz: Upgraded.
Fixed a heap buffer overflow in _cups_strlcpy(), when the configuration file
cupsd.conf sets the value of loglevel to DEBUG, that could allow a remote
attacker to launch a denial of service (DoS) attack, or possibly execute
arbirary code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32324
(* Security fix *)
d/git-2.41.0-x86_64-1.txz: Upgraded.
d/llvm-16.0.5-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-29.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kimageformats-5.106.0-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/kio-extras-23.04.1-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
kde/krita-5.1.5-x86_64-9.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/Imath-3.1.9-x86_64-1.txz: Upgraded.
Evidently the shared library .so-version bump in Imath-3.1.8 should not have
happened, so this update reverts it to the previous value.
l/gst-plugins-bad-free-1.22.3-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/imagemagick-7.1.1_11-x86_64-2.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/mozjs102-102.12.0esr-x86_64-1.txz: Upgraded.
l/openexr-3.1.7-x86_64-3.txz: Rebuilt.
Recompiled against Imath-3.1.9.
l/serf-1.3.10-x86_64-1.txz: Upgraded.
l/vte-0.72.2-x86_64-1.txz: Upgraded.
n/nettle-3.9.1-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p16-x86_64-1.txz: Upgraded.
This update fixes bugs and security issues.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-26551https://www.cve.org/CVERecord?id=CVE-2023-26552https://www.cve.org/CVERecord?id=CVE-2023-26553https://www.cve.org/CVERecord?id=CVE-2023-26554https://www.cve.org/CVERecord?id=CVE-2023-26555
(* Security fix *)
n/samba-4.18.3-x86_64-1.txz: Upgraded.
tcl/tclx-8.6.2-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.3-x86_64-1.txz: Upgraded.
x/libX11-1.8.5-x86_64-1.txz: Upgraded.
xap/gimp-2.10.34-x86_64-4.txz: Rebuilt.
Recompiled against Imath-3.1.9.
xfce/xfce4-pulseaudio-plugin-0.4.7-x86_64-1.txz: Upgraded.
a/elilo-3.16-x86_64-16.txz: Rebuilt.
eliloconfig: don't mess with mounting efivarfs. This should be handled by
rc.S, or by whatever the admin put in /etc/fstab.
a/kernel-firmware-20230523_1ba3519-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.30-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.30-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-5.txz: Rebuilt.
rc.S: mount efivarfs rw, may be overridden in /etc/default/efivarfs.
ap/sc-im-0.8.3-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.30-x86-1.txz: Upgraded.
d/parallel-20230522-noarch-1.txz: Upgraded.
k/kernel-source-6.1.30-noarch-1.txz: Upgraded.
l/enchant-2.4.0-x86_64-1.txz: Upgraded.
l/glib2-2.76.3-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.38-x86_64-1.txz: Upgraded.
l/qt5-5.15.9_20230523_245f369c-x86_64-1.txz: Upgraded.
This update fixes a security issue.
Qt-based clients may mismatch HSTS headers (Strict-Transport-Security),
which would prevent the client from switching to a secure HTTPS
connection as requested by a server.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32762
(* Security fix *)
n/curl-8.1.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
t/texlive-2023.230322-x86_64-3.txz: Rebuilt.
This update patches a security issue:
LuaTeX before 1.17.0 allows execution of arbitrary shell commands when
compiling a TeX file obtained from an untrusted source. This occurs
because luatex-core.lua lets the original io.popen be accessed. This also
affects TeX Live before 2023 r66984 and MiKTeX before 23.5.
Thanks to Johannes Schoepfer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-32700
(* Security fix *)
xap/mozilla-firefox-113.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/113.0.2/releasenotes/
xfce/libxfce4ui-4.18.4-x86_64-1.txz: Upgraded.
xfce/xfce4-panel-4.18.4-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/pam-1.5.3-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-2.txz: Rebuilt.
[PATCH] Merge pull request from GHSA-gpxc-v2m8-fr3x.
With execv() command line arguments are passed as separate strings and
not the full command line in a single string. This prevents arbitrary
command execution by escaping the quoting of the arguments in a job
with forged job title.
Thanks to marav.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-24805
(* Security fix *)
ap/vim-9.0.1569-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1569-x86_64-1.txz: Upgraded.
a/xz-5.4.3-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.9-x86_64-1.txz: Upgraded.
d/mercurial-6.4.3-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.9-x86_64-1.txz: Upgraded.
l/libssh-0.10.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
A NULL dereference during rekeying with algorithm guessing.
A possible authorization bypass in pki_verify_data_signature under
low-memory conditions.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-1667https://www.cve.org/CVERecord?id=CVE-2023-2283
(* Security fix *)
l/nodejs-20.1.0-x86_64-1.txz: Upgraded.
x/libXi-1.8.1-x86_64-1.txz: Upgraded.
d/git-2.40.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
By feeding specially crafted input to `git apply --reject`, a
path outside the working tree can be overwritten with partially
controlled contents (corresponding to the rejected hunk(s) from
the given patch).
When Git is compiled with runtime prefix support and runs without
translated messages, it still used the gettext machinery to
display messages, which subsequently potentially looked for
translated messages in unexpected places. This allowed for
malicious placement of crafted messages.
When renaming or deleting a section from a configuration file,
certain malicious configuration values may be misinterpreted as
the beginning of a new configuration section, leading to arbitrary
configuration injection.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-25652https://www.cve.org/CVERecord?id=CVE-2023-25815https://www.cve.org/CVERecord?id=CVE-2023-29007
(* Security fix *)
n/snownews-1.11-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-112.0.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/112.0.2/releasenotes/
xap/mozilla-thunderbird-102.10.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/102.10.1/releasenotes/
a/kernel-firmware-20230406_86da2ac-noarch-1.txz: Upgraded.
a/kernel-generic-6.1.23-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.23-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.23-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.23-x86-1.txz: Upgraded.
d/llvm-16.0.1-x86_64-1.txz: Upgraded.
k/kernel-source-6.1.23-noarch-1.txz: Upgraded.
l/SDL2-2.26.5-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_6-x86_64-1.txz: Upgraded.
l/isl-0.26-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-16.0.0-x86_64-2.txz: Rebuilt.
Looks like this is working now after some linking adjustments.
Thanks very much to lucabon!
x/mesa-23.0.1-x86_64-3.txz: Rebuilt.
x/xf86-input-wacom-1.2.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/cmake-3.26.3-x86_64-1.txz: Upgraded.
l/zstd-1.5.5-x86_64-1.txz: Upgraded.
n/ntp-4.2.8p15-x86_64-13.txz: Rebuilt.
Added ntpdate.8 manpage from Debian. Thanks to Stuart Winter.
a/kernel-generic-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-huge-6.1.22-x86_64-1.txz: Upgraded.
a/kernel-modules-6.1.22-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-32.txz: Rebuilt.
Add /lib/firmware directory to _initrd-tree.tar.gz. Thanks to walecha.
d/cmake-3.26.2-x86_64-1.txz: Upgraded.
d/kernel-headers-6.1.22-x86-1.txz: Upgraded.
d/llvm-16.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to Heinz Wiesinger for the assistance.
Compiled with -DLLVM_BUILD_LLVM_DYLIB=ON -DLLVM_LINK_LLVM_DYLIB=ON
-DCLANG_LINK_CLANG_DYLIB=ON.
I think we'll get 16.0.1 next week if we need to make any adjustments.
d/ruby-3.2.2-x86_64-1.txz: Upgraded.
This update fixes security issues:
ReDoS vulnerability in URI.
ReDoS vulnerability in Time.
For more information, see:
https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/https://www.cve.org/CVERecord?id=CVE-2023-28755https://www.cve.org/CVERecord?id=CVE-2023-28756
(* Security fix *)
k/kernel-source-6.1.22-noarch-1.txz: Upgraded.
kde/kdevelop-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0.
l/openexr-3.1.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.8_20230325_c1a3e988-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
l/spirv-llvm-translator-16.0.0-x86_64-1.txz: Upgraded.
Compiled against llvm-16.0.0.
Thanks to Heinz Wiesinger for finding the fix for -DBUILD_SHARED_LIBS=ON.
n/pssh-2.3.5-x86_64-1.txz: Upgraded.
n/samba-4.18.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
An incomplete access check on dnsHostName allows authenticated but otherwise
unprivileged users to delete this attribute from any object in the directory.
The Samba AD DC administration tool, when operating against a remote LDAP
server, will by default send new or reset passwords over a signed-only
connection.
The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential
attribute disclosure via LDAP filters was insufficient and an attacker may
be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
Installations with such secrets in their Samba AD should assume they have
been obtained and need replacing.
For more information, see:
https://www.samba.org/samba/security/CVE-2023-0225.htmlhttps://www.samba.org/samba/security/CVE-2023-0922.htmlhttps://www.samba.org/samba/security/CVE-2023-0614.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-0225https://www.cve.org/CVERecord?id=CVE-2023-0922https://www.cve.org/CVERecord?id=CVE-2023-0614
(* Security fix *)
x/mesa-23.0.1-x86_64-2.txz: Rebuilt.
Recompiled against llvm-16.0.0 and spirv-llvm-translator-16.0.0.
xap/seamonkey-2.53.16-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.16
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.68.2-x86_64-2.txz: Rebuilt.
Use the bundled LLVM rather than the system LLVM.
This version of Rust actually does compile with llvm-16.0.0, but since it
bundles LLVM 15 let's let it use that for now.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/glibc-zoneinfo-2023b-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
a/libbytesize-2.8-x86_64-1.txz: Upgraded.
a/tar-1.34-x86_64-3.txz: Rebuilt.
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use
of uninitialized memory for a conditional jump. Exploitation to change the
flow of control has not been demonstrated. The issue occurs in from_header
in list.c via a V7 archive in which mtime has approximately 11 whitespace
characters.
Thanks to marav for the heads-up.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48303
(* Security fix *)
ap/sqlite-3.41.2-x86_64-1.txz: Upgraded.
d/mercurial-6.4-x86_64-1.txz: Upgraded.
n/openvpn-2.6.2-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-23.1.0-x86_64-1.txz: Upgraded.
a/elilo-3.16-x86_64-15.txz: Rebuilt.
eliloconfig: drop support for old EFI vars interface.
Mount efivarfs on /sys/firmware/efi/efivars if we find that the directory
is empty.
d/indent-2.2.13-x86_64-1.txz: Upgraded.
d/scons-4.5.2-x86_64-1.txz: Upgraded.
x/libva-2.18.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-111.0.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/111.0.1/releasenotes/
xfce/xfce4-clipman-plugin-1.6.3-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.13.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Make sure efivarfs is mounted on UEFI systems.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Make sure efivarfs is mounted on UEFI systems.
l/glibmm-2.66.6-x86_64-1.txz: Upgraded.
n/postfix-3.7.4-x86_64-4.txz: Rebuilt.
Fixes warning about being compiled with a different version of OpenSSL.
Thanks to gildbg.
x/fcitx5-5.0.23-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.0.12-x86_64-2.txz: Rebuilt.
Patched to fix FTBFS. Thanks to nobodino and marav.
kde/digikam-7.10.0-x86_64-1.txz: Upgraded.
l/serf-1.3.9-x86_64-9.txz: Rebuilt.
Applied a patch from LFS to fix a build error in Subversion caused by serf
using internal OpenSSL API functions for its own use. Also fixes a crash bug
that happens due to a return value being invalid.
Thanks to lucabon.
x/xcb-imdkit-1.0.5-x86_64-1.txz: Upgraded.
Hey folks, just some more updates on the road to an eventual beta. :-)
At this point nothing remains linked with openssl-1.1.1 except for python2 and
modules, and vsftpd. I think nobody cares about trying to force python2 to use
openssl3... it's EOL but still a zombie, unfortunately. I have seen some
patches for vsftpd and intend to take a look at them. We've bumped PHP to 8.2
and just gone ahead and killed 8.0 and 8.1. Like 7.4, 8.0 is not compatible
with openssl3 and it doesn't seem worthwhile to try to patch it. And with 8.2
already out for several revisions, 8.1 does not seem particularly valuable.
If you make use of PHP you should be used to it being a moving target by now.
Enjoy, and let me know if anything isn't working right. Cheers!
a/aaa_libraries-15.1-x86_64-19.txz: Rebuilt.
Recompiled against openssl-3.0.8: libcups.so.2, libcurl.so.4.8.0,
libldap.so.2.0.200, libssh2.so.1.0.1.
a/cryptsetup-2.6.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/kmod-30-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
a/openssl-solibs-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
a/openssl11-solibs-1.1.1t-x86_64-1.txz: Added.
ap/cups-2.4.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/hplip-3.20.5-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/lxc-4.0.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/mariadb-10.6.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/qpdf-11.3.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
ap/sudo-1.9.13p3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cargo-vendor-filterer-0.5.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/cvs-1.11.23-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/git-2.39.2-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/perl-5.36.0-x86_64-5.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/python3-3.9.16-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/ruby-3.2.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/rust-1.66.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
d/scons-4.5.1-x86_64-1.txz: Upgraded.
kde/falkon-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
kde/kitinerary-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/M2Crypto-0.38.0-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/SDL2-2.26.4-x86_64-1.txz: Upgraded.
l/gst-plugins-bad-free-1.22.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libarchive-3.6.2-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libevent-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libimobiledevice-20211124_2c6121d-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libssh2-1.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/libvncserver-0.9.14-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/mlt-7.14.0-x86_64-1.txz: Upgraded.
l/neon-0.32.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/nodejs-19.7.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/opusfile-0.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pipewire-0.3.66-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pulseaudio-16.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/pycurl-7.44.1-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qca-2.3.5-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
l/qt5-5.15.8_20230304_d8b881f0-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
l/serf-1.3.9-x86_64-8.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/alpine-2.26-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/bind-9.18.12-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/curl-7.88.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/cyrus-sasl-2.1.28-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/dovecot-2.3.20-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/epic5-2.1.12-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/fetchmail-6.4.37-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/htdig-3.2.0b6-x86_64-9.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/httpd-2.4.56-x86_64-1.txz: Upgraded.
This update fixes two security issues:
HTTP Response Smuggling vulnerability via mod_proxy_uwsgi.
HTTP Request Smuggling attack via mod_rewrite and mod_proxy.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.56https://www.cve.org/CVERecord?id=CVE-2023-27522https://www.cve.org/CVERecord?id=CVE-2023-25690
(* Security fix *)
NOTE: This package is compiled against openssl-3.0.8.
n/irssi-1.4.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/krb5-1.20.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lftp-4.9.2-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/links-2.28-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/lynx-2.9.0dev.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/mutt-2.2.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/net-snmp-5.9.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/netatalk-3.1.14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/nmap-7.93-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ntp-4.2.8p15-x86_64-12.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openldap-2.6.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssh-9.2p1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/openssl-3.0.8-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/openssl11-1.1.1t-x86_64-1.txz: Added.
n/openvpn-2.6.0-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/php-8.2.3-x86_64-1.txz: Upgraded.
Compiled against openssl-3.0.8.
n/pidentd-3.0.19-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/popa3d-1.0.3-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/postfix-3.7.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/ppp-2.4.9-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/proftpd-1.3.8-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/rsync-3.2.7-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/s-nail-14.9.24-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/samba-4.18.0-x86_64-1.txz: Upgraded.
Build with the bundled Heimdal instead of the system MIT Kerberos.
Thanks again to rpenny.
n/slrn-1.0.3a-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/snownews-1.9-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/socat-1.7.4.4-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/stunnel-5.69-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/tcpdump-4.99.3-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wget-1.21.3-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
n/wpa_supplicant-2.10-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/freerdp-2.10.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gftp-2.9.1b-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/gkrellm-2.3.11-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/hexchat-2.16.1-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/sane-1.0.32-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/x3270-4.0ga14-x86_64-3.txz: Rebuilt.
Recompiled against openssl-3.0.8.
xap/xine-lib-1.2.13-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
y/bsd-games-2.17-x86_64-4.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/php80/php80-8.0.28-x86_64-1.txz: Removed.
extra/php81/php81-8.1.16-x86_64-1.txz: Removed.
extra/rust-for-mozilla/rust-1.60.0-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-8.17.1-x86_64-7.txz: Rebuilt.
Recompiled against openssl-3.0.8.
extra/sendmail/sendmail-cf-8.17.1-noarch-7.txz: Rebuilt.
testing/packages/rust-1.67.1-x86_64-2.txz: Rebuilt.
Recompiled against openssl-3.0.8.
testing/packages/samba-4.17.5-x86_64-2.txz: Removed.
a/aaa_libraries-15.1-x86_64-18.txz: Rebuilt.
Upgraded: libcap.so.2.67, libelf-0.189.so, libzstd.so.1.5.4,
libcares.so.2.6.0, libglib-2.0.so.0.7400.6, libgmodule-2.0.so.0.7400.6,
libgobject-2.0.so.0.7400.6, libgthread-2.0.so.0.7400.6, libtdb.so.1.4.8.
Removed: libnsl-2.36.so, libboost*.so.1.80.0.
Added: libnsl.so.3.0.0.
a/grep-3.9-x86_64-1.txz: Upgraded.
a/pam-1.5.2-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
a/quota-4.09-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
ap/linuxdoc-tools-0.9.82-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
ap/vorbis-tools-1.4.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/cvs-1.11.23-x86_64-8.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/perl-5.36.0-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/python2-2.7.18-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/python3-3.9.16-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
d/subversion-1.14.2-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
kde/kio-5.103.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
kde/kopete-22.12.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/libasyncns-0.8-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/libnsl-2.0.0-x86_64-1.txz: Upgraded.
Deprecated NIS+ code has been removed.
Sorry for so many rebuilds due to (of all things) an NIS support library,
but we had to get this out of the way eventually.
Shared library .so-version bump.
l/libnss_nis-3.1-x86_64-4.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
l/loudmouth-1.5.4-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/autofs-5.1.8-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/epic5-2.1.12-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/irssi-1.4.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/net-snmp-5.9.3-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/netatalk-3.1.14-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/ntp-4.2.8p15-x86_64-11.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openldap-2.6.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openssh-9.2p1-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/openvpn-2.6.0-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/postfix-3.7.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/ppp-2.4.9-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/procmail-3.24-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/proftpd-1.3.8-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/rpcbind-1.2.6-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/socat-1.7.4.4-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/stunnel-5.69-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/tcp_wrappers-7.6-x86_64-7.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/tftp-hpa-5.2-x86_64-9.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/uucp-1.07-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/vsftpd-3.0.5-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
n/yptools-4.2.3-x86_64-6.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
Upgraded to ypserv-4.2.
xap/gftp-2.9.1b-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/pidgin-2.14.12-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/rxvt-unicode-9.26-x86_64-5.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xine-lib-1.2.13-x86_64-3.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xine-ui-0.99.14-x86_64-2.txz: Rebuilt.
Recompiled against libnsl-2.0.0.
xap/xscreensaver-6.06-x86_64-2.txz: Rebuilt.
ap/vim-9.0.1337-x86_64-1.txz: Upgraded.
OK, so the upstream runtime update didn't fix sh syntax highlighting, so we
patched it. Thanks to marav.
Also, we needed this version number. ;-)
d/autoconf-archive-2023.02.20-noarch-1.txz: Upgraded.
l/babl-0.1.100-x86_64-1.txz: Upgraded.
l/gegl-0.4.42-x86_64-1.txz: Upgraded.
x/ibus-1.5.28-x86_64-1.txz: Upgraded.
x/ibus-libpinyin-1.15.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.0.1337-x86_64-1.txz: Upgraded.