a/kernel-firmware-20241108_ad74054-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.7-x86_64-1.txz: Upgraded.
Unless disabled in /etc/default/geninitrd, automatically generate an initial
ramdisk upon package installation or upgrade.
a/mkinitrd-1.4.11-x86_64-46.txz: Rebuilt.
geninitrd: also accept /opt/sbin/geninitrd as an override.
Suggested by regdub.
Since the installer sends different args to the setup scripts, we can't use
$1 as the kernel file with setup.01.mkinitrd, so convert it into a variable
in geninitrd instead (if needed).
mkinitrd_command_generator.sh: pvdisplay will complain if there are any file
descriptors besides stdin, stdout, and stderr, which will always be true when
called from a package install script due to file locking. So send stderr from
the two calls to pvdisplay to /dev/null.
d/kernel-headers-6.11.7-x86-1.txz: Upgraded.
k/kernel-source-6.11.7-noarch-1.txz: Upgraded.
l/python-packaging-24.2-x86_64-1.txz: Upgraded.
n/iptables-1.8.11-x86_64-1.txz: Upgraded.
n/lftp-4.9.3-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.34-x86_64-1.txz: Upgraded.
x/xbacklight-1.2.4-x86_64-1.txz: Upgraded.
x/xf86-video-nouveau-1.0.18-x86_64-1.txz: Upgraded.
x/xrandr-1.5.3-x86_64-1.txz: Upgraded.
xfce/xfce4-weather-plugin-0.11.3-x86_64-1.txz: Upgraded.
extra/xf86-video-fbdev/xf86-video-fbdev-0.5.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/libblockdev-3.2.1-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-45.txz: Rebuilt.
/etc/default/geninitrd: Add AUTOGENERATE_INITRD variable for disabling
automatically generating the initrd when the kernel package is upgraded.
The hook to trigger this will be in the next kernel-generic package.
setup.01.mkinitrd: skip generating an initrd if we're called from the
kernel doinst.sh and AUTOGENERATE_INITRD=false.
geninitrd: Look for an override script called /usr/local/sbin/geninitrd,
not /usr/local/bin/geninitrd-custom. Thanks to GazL.
ap/mariadb-11.4.4-x86_64-2.txz: Rebuilt.
rc.mysqld: use mariadbd-safe, not mysqld_safe. Thanks to teoberi.
d/cmake-3.31.0-x86_64-1.txz: Upgraded.
l/expat-2.6.4-x86_64-1.txz: Upgraded.
This update fixes bugs and a security issue:
Fix crash within function XML_ResumeParser from a NULL pointer dereference
by disallowing function XML_StopParser to (stop or) suspend an unstarted
parser. A new error code XML_ERROR_NOT_STARTED was introduced to properly
communicate this situation.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-50602
(* Security fix *)
n/gpgme-1.24.0-x86_64-1.txz: Upgraded.
Added libqgpgmeqt6.
xap/ffmpegthumbnailer-2.2.3-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.4.2esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.4.2esr/releasenotes/
a/kernel-firmware-20241101_376de1f-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.6-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-42.txz: Rebuilt.
geninitrd: you can still point this at a kernel symlink, but by default it
will make initrd-${KERNEL_VERSION}.img for the newest kernel it finds in
the /boot directory.
a/pkgtools-15.1-noarch-16.txz: Rebuilt.
make-kernel-backup: don't make copies of any of the files, nor include an
initrd in the package. The only added "files" will be two symlinks,
vmlinuz-backup, and initrd-backup.img (if symlinks are enabled).
d/kernel-headers-6.11.6-x86-1.txz: Upgraded.
d/valgrind-3.24.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.11.6-noarch-1.txz: Upgraded.
l/fluidsynth-2.4.0-x86_64-1.txz: Upgraded.
l/gtk4-4.16.4-x86_64-1.txz: Upgraded.
l/libzip-1.11.2-x86_64-1.txz: Upgraded.
Fix performance regression in zip_stat introduced in 1.11.
l/spirv-llvm-translator-19.1.1-x86_64-1.txz: Upgraded.
n/uucp-1.07-x86_64-7.txz: Rebuilt.
Add some documentation. Thanks to jayjwa.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-34.txz: Rebuilt.
Upgraded: libcap.so.2.71, libelf-0.192.so, liblzma.so.5.6.3,
libcares.so.2.19.1, libexpat.so.1.9.3, libglib-2.0.so.0.8200.2,
libgmodule-2.0.so.0.8200.2, libgobject-2.0.so.0.8200.2,
libgthread-2.0.so.0.8200.2, libisl.so.23.4.0, libjson-c.so.5.4.0,
libpng16.so.16.44.0, libtiff.so.6.1.0, libtiffxx.so.6.1.0,
libunistring.so.5.2.0.
Removed: libboost_*.so.1.85.0.
Added (temporarily): libicudata.so.74.2, libicui18n.so.74.2,
libicuio.so.74.2, libicutest.so.74.2, libicutu.so.74.2,
libicuuc.so.74.2.
a/mkinitrd-1.4.11-x86_64-41.txz: Rebuilt.
remove-orphaned-initrds: simplify matching - initrd-${FOO}.img is considered
orphaned if there is no vmlinuz-${FOO} (the contents of $FOO are arbitrary).
a/pkgtools-15.1-noarch-15.txz: Rebuilt.
make-kernel-backup: if we are backing up vmlinuz-${FOO}, then also back up
initrd-${FOO}.img if it exists. Don't try to match specific fields.
a/xfsprogs-6.11.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
ap/mpg123-1.32.8-x86_64-1.txz: Upgraded.
ap/sqlite-3.46.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
d/mercurial-6.8.2-x86_64-1.txz: Upgraded.
d/python-pip-24.3.1-x86_64-1.txz: Upgraded.
kde/kdeplasma-addons-5.27.11-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
kde/kdewebkit-5.116.0-x86_64-1.txz: Removed.
Mothing uses this. Obsolete.
kde/konsole-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
kde/plasma-workspace-5.27.11.1-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/M2Crypto-0.42.0-x86_64-1.txz: Removed.
Nothing in Slackware has needed this since crda was removed, and very little
elsewhere does. Thanks to lucabon.
l/babl-0.1.110-x86_64-1.txz: Upgraded.
l/boost-1.86.0-x86_64-3.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/desktop-file-utils-0.28-x86_64-1.txz: Upgraded.
l/gspell-1.14.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/harfbuzz-10.0.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/icu4c-76.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libcap-2.71-x86_64-1.txz: Upgraded.
l/libical-3.0.18-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/libqalculate-5.3.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/liburing-2.8-x86_64-1.txz: Upgraded.
l/libvisio-0.1.8-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/mozjs128-128.3.1esr-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/nodejs-20.18.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/qt5-5.15.15_20241016_9f395e3b-x86_64-1.txz: Upgraded.
Compiled against icu4c-76.1.
l/qt5-webkit-5.212.0_alpha4-x86_64-13.txz: Removed.
Nothing uses this except kdewebkit, and nothing uses that.
Plus it is unmaintained, obsolete, and likely full of holes.
l/qt6-6.7.3_20240920_90e86aee-x86_64-4.txz: Rebuilt.
Recompiled against icu4c-76.1.
l/vte-0.78.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
n/dovecot-2.3.21.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
n/netatalk-4.0.3-x86_64-1.txz: Upgraded.
n/php-8.3.13-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
n/postfix-3.9.0-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
n/samba-4.21.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
n/tin-2.6.3-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
t/texlive-2024.240409-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
extra/brltty/brltty-6.7-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
extra/sendmail/sendmail-8.18.1-x86_64-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
extra/sendmail/sendmail-cf-8.18.1-noarch-2.txz: Rebuilt.
Recompiled against icu4c-76.1.
a/elilo-3.16-x86_64-18.txz: Rebuilt.
eliloconfig: if we don't find initrd-generic.img, try to fall back on
/boot/initrd.gz. Thanks to rworkman.
a/kernel-firmware-20241022_e1d9577-noarch-1.txz: Upgraded.
a/kernel-generic-6.11.5-x86_64-1.txz: Upgraded.
a/less-668-x86_64-1.txz: Upgraded.
a/openssl11-solibs-1.1.1zb-x86_64-1.txz: Upgraded.
a/sysvinit-3.11-x86_64-1.txz: Upgraded.
a/usbutils-018-x86_64-1.txz: Upgraded.
d/kernel-headers-6.11.5-x86-1.txz: Upgraded.
d/parallel-20241022-noarch-1.txz: Upgraded.
d/swig-4.3.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.11.5-noarch-1.txz: Upgraded.
l/libvisio-0.1.8-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.10.21.16-x86_64-1.txz: Upgraded.
n/openssl11-1.1.1zb-x86_64-1.txz: Upgraded.
Apply patch to fix a security issue:
Harden BN_GF2m_poly2arr against misuse.
This CVE was fixed by the 1.1.1zb release that is only available to
subscribers to OpenSSL's premium extended support. The patch was prepared
by backporting from the OpenSSL-3.0 repo. The reported version number has
been updated so that vulnerability scanners calm down.
Thanks to Ken Zalewski for the patch!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-9143
(* Security fix *)
xap/gucharmap-16.0.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.3.3esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.3.3esr/releasenotes/
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/meson-1.6.0-x86_64-1.txz: Upgraded.
kde/okteta-0.26.18-x86_64-1.txz: Upgraded.
l/gjs-1.82.1-x86_64-1.txz: Upgraded.
l/gspell-1.14.0-x86_64-1.txz: Added.
Pan has switched to this instead of gtkspell3.
Nothing else in Slackware uses gtkspell3 -- perhaps it should be removed?
l/vte-0.78.1-x86_64-1.txz: Upgraded.
n/nghttp2-1.64.0-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.33-x86_64-1.txz: Upgraded.
xap/pan-0.161-x86_64-1.txz: Upgraded.
xfce/mousepad-0.6.3-x86_64-1.txz: Upgraded.
a/os-prober-1.83-x86_64-3.txz: Rebuilt.
Fix the generated path to elilo.efi. Thanks to yancek and chris.willing.
l/python-sphinx-8.1.3-x86_64-1.txz: Upgraded.
l/qt6-6.7.3_20240920_90e86aee-x86_64-2.txz: Rebuilt.
[PATCH] ListView: fix countChanged not being emitted in certain cases.
n/samba-4.21.1-x86_64-1.txz: Upgraded.
a/dracut-105-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-22.txz: Rebuilt.
rc.6: add a hash -r after unmounting local partitions in case any directories
in the $PATH have gone away. Thanks to yars.
l/libarchive-3.7.7-x86_64-1.txz: Upgraded.
This update fixes bug and the following security issues:
gzip: prevent a hang when processing a malformed gzip inside a gzip.
tar: don't crash on truncated tar archives.
tar: fix two leaks in tar header parsing.
(* Security fix *)
l/python-sphinx-8.1.2-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.10.13-x86_64-1.txz: Upgraded.
x/bdftopcf-1.1.2-x86_64-1.txz: Upgraded.
x/fonttosfnt-1.2.4-x86_64-1.txz: Upgraded.
x/xcmsdb-1.0.7-x86_64-1.txz: Upgraded.
x/xf86-video-mach64-6.10.0-x86_64-1.txz: Upgraded.
x/xf86-video-mga-2.1.0-x86_64-1.txz: Upgraded.
x/xf86-video-r128-6.13.0-x86_64-1.txz: Upgraded.
x/xkbprint-1.0.7-x86_64-1.txz: Upgraded.
x/xmag-1.0.8-x86_64-1.txz: Upgraded.
x/xtrans-1.5.1-noarch-1.txz: Upgraded.
x/xwud-1.0.7-x86_64-1.txz: Upgraded.
a/hostname-3.24-x86_64-1.txz: Upgraded.
a/kernel-firmware-20241010_c410e4c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.14-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-39.txz: Rebuilt.
Symlink /boot/remove-orphaned-initrds into /usr/sbin to get it in the $PATH.
a/pkgtools-15.1-noarch-14.txz: Rebuilt.
Renamed kernel-backup to make-kernel-backup.
We'll leave it in /boot where it's more likely to be noticed, but also
add a symlink in /usr/sbin so that it's in the $PATH.
Support /etc/default/make-kernel-backup.
Test to see if $KERNEL_FILE is actually a Linux kernel.
d/kernel-headers-6.10.14-x86-1.txz: Upgraded.
k/kernel-source-6.10.14-noarch-1.txz: Upgraded.
l/python-sphinx-8.1.0-x86_64-1.txz: Upgraded.
l/python-sphinx_rtd_theme-3.0.1-x86_64-1.txz: Upgraded.
n/c-ares-1.34.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.3.1esr-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.3.1esr/releasenotes/
(* Security fix *)
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.3-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.3-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.3-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/dracut-104-x86_64-1.txz: Upgraded.
d/cmake-3.30.5-x86_64-1.txz: Upgraded.
d/subversion-1.14.4-x86_64-1.txz: Upgraded.
l/mozjs128-128.3.1esr-x86_64-1.txz: Upgraded.
l/openexr-3.3.1-x86_64-1.txz: Upgraded.
l/python-charset-normalizer-3.4.0-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.11-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.7-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-m17n-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.7-x86_64-1.txz: Upgraded.
x/fcitx5-unikey-5.1.5-x86_64-1.txz: Upgraded.
x/libime-1.1.9-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-128.3.1esr-x86_64-1.txz: Upgraded.
This update contains a critical security fix:
Use-after-free in Animation timeline.
"An attacker was able to achieve code execution in the content process by
exploiting a use-after-free in Animation timelines. We have had reports of
this vulnerability being exploited in the wild."
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.1/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-51/https://www.cve.org/CVERecord?id=CVE-2024-9680
(* Security fix *)
a/mkinitrd-1.4.11-x86_64-38.txz: Rebuilt.
/boot/remove-orphaned-initrds: this script will remove initrds found in /boot
if there is no matching kernel version found. This can be run manually or
added as a cron job to prevent unneeded initrds from filling up /boot.
a/pkgtools-15.1-noarch-13.txz: Rebuilt.
/boot/kernel-backup: with the huge kernel gone, this script seeks to fill the
gap by offering an easy way to make a backup kernel that will be picked up
by update-grub. It does this by creating entries in the pkgtools database
that protect a kernel, modules, and optionally an initrd from being removed
when the kernel-generic package is upgraded. See the script for details.
ap/rpm-4.20.0-x86_64-1.txz: Upgraded.
d/git-2.47.0-x86_64-1.txz: Upgraded.
l/python-MarkupSafe-3.0.1-x86_64-1.txz: Upgraded.
l/python-tomli-w-1.1.0-x86_64-1.txz: Upgraded.
n/cifs-utils-7.1-x86_64-1.txz: Upgraded.
n/netatalk-4.0.1-x86_64-1.txz: Upgraded.
Several ELF objects were found to have rpaths pointing into /tmp, a world
writable directory. This could have allowed a local attacker to launch denial
of service attacks or execute arbitrary code when the affected binaries are
run by placing crafted ELF objects in the /tmp rpath location. All rpaths with
an embedded /tmp path have been scrubbed from the binaries, and makepkg has
gained a lint feature to detect these so that they won't creep back in.
a/kernel-firmware-20241001_95bfe08-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.12-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-12.txz: Rebuilt.
makepkg: when looking for ELF objects with --remove-rpaths or
--remove-tmp-rpaths, avoid false hits on files containing 'ELF' as part
of the directory or filename.
Also warn about /tmp rpaths after the package is built.
ap/cups-2.4.11-x86_64-1.txz: Upgraded.
ap/cups-browsed-2.0.1-x86_64-2.txz: Rebuilt.
Mitigate security issue that could lead to a denial of service or
the execution of arbitrary code.
Rebuilt with --with-browseremoteprotocols=none to disable incoming
connections, since this daemon has been shown to be insecure. If you
actually use cups-browsed, be sure to install the new
/etc/cups/cups-browsed.conf.new containing this line:
BrowseRemoteProtocols none
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-47176
(* Security fix *)
d/kernel-headers-6.10.12-x86-1.txz: Upgraded.
d/llvm-18.1.8-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
d/luajit-2.1.1727621189-x86_64-1.txz: Upgraded.
d/ruby-3.3.5-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
k/kernel-source-6.10.12-noarch-1.txz: Upgraded.
kde/kimageformats-5.116.0-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/kio-extras-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/krita-5.2.5-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
kde/libindi-2.1.0-x86_64-1.txz: Upgraded.
l/cryfs-0.10.3-x86_64-13.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/espeak-ng-1.51.1-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/ffmpeg-7.1-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/gst-plugins-bad-free-1.24.8-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/imagemagick-7.1.1_38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/libgsf-1.14.53-x86_64-1.txz: Upgraded.
l/librsvg-2.58.5-x86_64-1.txz: Upgraded.
l/libvncserver-0.9.14-x86_64-3.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/mozjs128-128.3.0esr-x86_64-1.txz: Upgraded.
l/netpbm-11.08.00-x86_64-1.txz: Upgraded.
l/opencv-4.10.0-x86_64-3.txz: Rebuilt.
Recompiled against openexr-3.3.0.
l/openexr-3.3.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-glad2-2.0.8-x86_64-1.txz: Upgraded.
l/python-pyproject-hooks-1.2.0-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.4-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
l/woff2-20231106_0f4d304-x86_64-2.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
n/openobex-1.7.2-x86_64-6.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
x/marisa-0.2.6-x86_64-11.txz: Rebuilt.
Remove rpaths from binaries.
(* Security fix *)
xap/gimp-2.10.38-x86_64-2.txz: Rebuilt.
Recompiled against openexr-3.3.0.
xap/mozilla-firefox-128.3.0esr-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/128.3.0/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-47https://www.cve.org/CVERecord?id=CVE-2024-9392https://www.cve.org/CVERecord?id=CVE-2024-9393https://www.cve.org/CVERecord?id=CVE-2024-9394https://www.cve.org/CVERecord?id=CVE-2024-8900https://www.cve.org/CVERecord?id=CVE-2024-9396https://www.cve.org/CVERecord?id=CVE-2024-9397https://www.cve.org/CVERecord?id=CVE-2024-9398https://www.cve.org/CVERecord?id=CVE-2024-9399https://www.cve.org/CVERecord?id=CVE-2024-9400https://www.cve.org/CVERecord?id=CVE-2024-9401https://www.cve.org/CVERecord?id=CVE-2024-9402
(* Security fix *)
xap/xlockmore-5.80-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/kernel-generic-6.11.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.11.1-x86-1.txz: Upgraded.
testing/packages/kernel-source-6.11.1-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/ispell-3.4.06-x86_64-3.txz: Rebuilt.
Get rid of hardcoded temporary path in munchlist.
l/boost-1.86.0-x86_64-2.txz: Rebuilt.
Get rid of hardcoded temporary paths in the cmake files.
Since these paths point to a location that an unprivileged user could
create and populate with files that could be picked up during a build,
it's possible this bug could be used for malicious purposes.
Thanks to jmacloue.
(* Security fix *)
l/fribidi-1.0.16-x86_64-1.txz: Upgraded.
n/php-8.3.12-x86_64-1.txz: Upgraded.
This update fixes security issues:
CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter
Injection Vulnerability).
CGI: Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is
bypassable due to the environment variable collision).
FPM: Fixed bug GHSA-865w-9rf3-2wh5 (Logs from children may be altered).
SAPI: Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form
data).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-8926https://www.cve.org/CVERecord?id=CVE-2024-8927https://www.cve.org/CVERecord?id=CVE-2024-9026https://www.cve.org/CVERecord?id=CVE-2024-8925
(* Security fix *)
x/vulkan-sdk-1.3.290.0-x86_64-2.txz: Rebuilt.
Get rid of hardcoded temporary path in volkTargets.cmake.
(* Security fix *)
a/dracut-103-x86_64-2.txz: Rebuilt.
Include /etc/dracut.conf.d/elogind.conf to handle uaccess rules correctly.
Thanks to LuckyCyborg.
l/cairo-1.18.2-x86_64-2.txz: Rebuilt.
[PATCH] cff: Don't fail if no local subs.
Fixes printing PDFs with CUPS. Thanks to pee_bee and reddog83.
l/glib2-2.82.1-x86_64-1.txz: Upgraded.
l/pipewire-1.2.4-x86_64-1.txz: Upgraded.
n/NetworkManager-1.48.10-x86_64-2.txz: Rebuilt.
Rebuilt to pick up the new plugin directory for ppp-2.5.1.
n/bind-9.20.2-x86_64-1.txz: Upgraded.
n/openssh-9.9p1-x86_64-1.txz: Upgraded.
Future deprecation notice: OpenSSH plans to remove support for the DSA
signature algorithm in early 2025. For now, this package retains DSA
support, but plan accordingly.
n/ppp-2.5.1-x86_64-1.txz: Upgraded.
n/rp-pppoe-4.0-x86_64-1.txz: Upgraded.
Upstream has removed "ancient crufty scripts," so see HOW-TO-CONNECT in the
documentation if you were using those to connect previously.
a/kernel-firmware-20240912_b9daf8c-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.10-x86_64-1.txz: Upgraded.
The kernel modules are now bundled into this package.
a/kernel-huge-6.10.9-x86_64-1.txz: Removed.
So long, we won't miss you.
If you were actually using kernel-huge with one of the SCSI/SAS drivers that
were built in, you'll need to use kernel-generic and an initrd that contains
the needed drivers. Otherwise, just switch to kernel-generic. It'll be fine.
If unsure, make an initrd with geninitrd and have your bootloader use it.
a/kernel-modules-6.10.9-x86_64-1.txz: Removed.
Kernel modules are now bundled with the kernel-generic package.
a/libblockdev-3.2.0-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.10-x86-1.txz: Upgraded.
k/kernel-source-6.10.10-noarch-1.txz: Upgraded.
l/librsvg-2.58.4-x86_64-1.txz: Upgraded.
l/protobuf-28.1-x86_64-1.txz: Upgraded.
l/pygobject3-3.50.0-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.9.12-x86_64-1.txz: Upgraded.
n/nghttp3-1.5.0-x86_64-2.txz: Rebuilt.
Make sure the cmake files are installed to the correct location.
Thanks to fulalas.
x/ibus-table-1.17.8-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/efibootmgr-18-x86_64-1.txz: Upgraded.
a/grub-2.12-x86_64-16.txz: Rebuilt.
Long ago, we began giving all the scripts in /etc/grub.d/ the .new treatment
to prevent local customizations from being overwritten with a package
upgrade. But, this no longer appears to be a good idea, especially if we're
ever going to offer the possibility to automate grub-install and grub-update.
So, we are no longer going to preserve the contents of these files when the
grub package is upgraded. We *will* however preserve the existing
permissions, so you'll be able to turn off scripts that you don't want
running, and you'll be able to make new scripts, or make edited and renamed
copies of the scripts shipped in this package, so there's no real loss of
functionality here.
It looks like 40_custom is intended to be locally edited, so we make an
exception and do not overwrite that one.
d/python-setuptools-74.1.2-x86_64-1.txz: Upgraded.
kde/okteta-0.26.17-x86_64-1.txz: Upgraded.
l/gobject-introspection-1.80.1-x86_64-2.txz: Rebuilt.
Fix running against python-setuptools-74.1.2:
[PATCH] giscanner: remove dependency on distutils.msvccompiler.
l/python-importlib_metadata-8.5.0-x86_64-1.txz: Upgraded.
n/curl-8.10.0-x86_64-1.txz: Upgraded.
l/aom-3.10.0-x86_64-1.txz: Upgraded.
l/libpcap-1.10.5-x86_64-1.txz: Upgraded.
This update fixes security issues:
Clean up sock_initaddress() and its callers to avoid double frees
in some cases.
Fix pcap_findalldevs_ex() not to crash if passed a file:// URL with a
path to a directory that cannot be opened.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-7256https://www.cve.org/CVERecord?id=CVE-2024-8006
(* Security fix *)
l/mozilla-nss-3.104-x86_64-1.txz: Upgraded.
n/tcpdump-4.99.5-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.37-noarch-1.txz: Upgraded.
a/aaa_glibc-solibs-2.40-x86_64-5.txz: Rebuilt.
a/kernel-firmware-20240828_335a1de-noarch-1.txz: Upgraded.
a/kernel-generic-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.7-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.7-x86_64-1.txz: Upgraded.
a/userspace-rcu-0.14.1-x86_64-1.txz: Upgraded.
ap/man-db-2.13.0-x86_64-1.txz: Upgraded.
ap/screen-5.0.0-x86_64-1.txz: Upgraded.
ap/vim-9.1.0702-x86_64-1.txz: Upgraded.
d/cmake-3.30.3-x86_64-1.txz: Upgraded.
d/gcc-14.2.0-x86_64-2.txz: Rebuilt.
Merge in parts of alienBOB's multilib build script, generalize the script
to work with both --enable-multilib and --disable-multilib, and otherwise
clean things up. Go ahead and build it multilib on 64-bit, because why not?
It's worth the bit of bloat to no longer have this package need to be
maintained separately and kept in sync. Thanks to alienBOB.
d/gcc-g++-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gdc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gfortran-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gm2-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-gnat-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-go-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-objc-14.2.0-x86_64-2.txz: Rebuilt.
d/gcc-rust-14.2.0-x86_64-2.txz: Rebuilt.
d/kernel-headers-6.10.7-x86-1.txz: Upgraded.
d/python-setuptools-73.0.1-x86_64-1.txz: Rebuilt.
Reverted due to regression: breaks g-ir-scanner
k/kernel-source-6.10.7-noarch-1.txz: Upgraded.
l/glibc-2.40-x86_64-5.txz: Rebuilt.
Enable multilib on 64-bit. Thanks to alienBOB.
Note that Slackware 64-bit can now run a 32-bit "Hello World!" but there
are no immediate plans to add additional multilib support by default.
Maybe down the road when bare metal 32-bit support goes away.
l/glibc-i18n-2.40-x86_64-5.txz: Rebuilt.
l/glibc-profile-2.40-x86_64-5.txz: Rebuilt.
l/gtk4-4.15.6-x86_64-1.txz: Upgraded.
l/libssh-0.11.1-x86_64-1.txz: Upgraded.
l/protobuf-28.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-certifi-2024.8.30-x86_64-1.txz: Upgraded.
l/qt6-6.7.2_20240610_3f005f1e-x86_64-6.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/ca-certificates-20240830-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
n/mosh-1.4.0-x86_64-4.txz: Rebuilt.
Recompiled against protobuf-28.0.
n/php-8.3.11-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.11
x/mesa-24.2.1-x86_64-1.txz: Upgraded.
Thanks to lucabon for the rust-bindgen patch.
xap/vim-gvim-9.1.0702-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
ap/vim-9.1.0686-x86_64-1.txz: Upgraded.
Build with --with-python3-stable-abi=no (which was the default until
recently). This fixes segfaults when python3 is used from vim.
Thanks to audriusk.
d/luajit-2.1.1724232689-x86_64-1.txz: Upgraded.
d/parallel-20240822-noarch-1.txz: Upgraded.
l/gst-plugins-bad-free-1.24.7-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.24.7-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.7-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.24.7-x86_64-1.txz: Upgraded.
l/gstreamer-1.24.7-x86_64-1.txz: Upgraded.
l/nodejs-20.17.0-x86_64-1.txz: Upgraded.
l/pipewire-1.2.3-x86_64-1.txz: Upgraded.
n/bind-9.18.29-x86_64-1.txz: Upgraded.
n/nfs-utils-2.7.1-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-128.1.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.1.1esr/releasenotes/
xap/vim-gvim-9.1.0686-x86_64-1.txz: Upgraded.
d/python-setuptools-73.0.1-x86_64-1.txz: Upgraded.
d/rust-bindgen-0.70.1-x86_64-1.txz: Upgraded.
n/ModemManager-1.22.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.10-x86_64-1.txz: Upgraded.
n/epic5-2.4-x86_64-1.txz: Upgraded.
n/libqmi-1.34.0-x86_64-2.txz: Rebuilt.
Build against libqrtr-glib with -Dqrtr=true.
n/libqrtr-glib-1.2.2-x86_64-1.txz: Added.
ModemManager-1.22.0 needs libqmi to be linked with this.
x/xorg-server-21.1.13-x86_64-3.txz: Rebuilt.
Patched changing a type from unsigned long to unsigned long long which fixes
the black screen seen on 32-bit with the modesetting driver. Seems fine on
64-bit as well, so the patch is applied for all builds. The patch to default
to modesetting for Intel graphics is restored (and the one for nouveau is kept
as well).
Thanks to Lenard Spencer for reporting that nouveau was also hitting this.
Thanks to Petri Kaukasoina for the patch.
x/xorg-server-xephyr-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-3.txz: Rebuilt.
a/libbytesize-2.11-x86_64-1.txz: Upgraded.
d/python-setuptools-73.0.0-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-8.4.0-x86_64-1.txz: Upgraded.
n/epic5-2.2-x86_64-1.txz: Upgraded.
n/netatalk-3.2.7-x86_64-1.txz: Upgraded.
x/xorg-server-21.1.13-x86_64-2.txz: Rebuilt.
On 32-bit, using the modesetting driver with Intel graphics is resulting in
a black screen (observed here with CoffeeLake-H GT2), so on 32-bit only let's
stop applying the patch that was making xorg-server use modesetting by
default. Thanks to LuckyCyborg and Petri Kaukasoina.
Fix build with gcc-14.2.
x/xorg-server-xephyr-21.1.13-x86_64-2.txz: Rebuilt.
x/xorg-server-xnest-21.1.13-x86_64-2.txz: Rebuilt.
x/xorg-server-xvfb-21.1.13-x86_64-2.txz: Rebuilt.
xfce/xfce4-screenshooter-1.11.1-x86_64-1.txz: Upgraded.
a/kernel-generic-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-huge-6.10.5-x86_64-1.txz: Upgraded.
a/kernel-modules-6.10.5-x86_64-1.txz: Upgraded.
d/kernel-headers-6.10.5-x86-1.txz: Upgraded.
d/python-setuptools-72.2.0-x86_64-1.txz: Upgraded.
k/kernel-source-6.10.5-noarch-1.txz: Upgraded.
kde/okteta-0.26.16-x86_64-1.txz: Upgraded.
n/dovecot-2.3.21.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
A large number of address headers in email resulted in excessive CPU usage.
Abnormally large email headers are now truncated or discarded, with a limit
of 10MB on a single header and 50MB for all the headers of all the parts of
an email.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-23184https://www.cve.org/CVERecord?id=CVE-2024-23185
(* Security fix *)
n/lynx-2.9.2-x86_64-1.txz: Upgraded.
x/mesa-24.2.0-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.9.5-x86_64-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.14.0-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-7.0.2.
Thanks to Petri Kaukasoina.
extra/xv/xv-6.0.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/bash-5.2.032-x86_64-1.txz: Upgraded.
d/mercurial-6.8.1-x86_64-1.txz: Upgraded.
l/pipewire-1.2.2-x86_64-1.txz: Upgraded.
l/spirv-llvm-translator-18.1.3-x86_64-1.txz: Upgraded.
n/php-8.3.10-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.10
d/meson-1.5.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_36-x86_64-1.txz: Upgraded.
l/python-alabaster-1.0.0-x86_64-1.txz: Upgraded.
n/wpa_supplicant-2.11-x86_64-2.txz: Rebuilt.
[PATCH] nl80211: add extra-ies only if allowed by driver.
This fixes using broadcom-wl based adapters.
Thanks to Stuart Winter.
x/OpenCC-1.1.8-x86_64-1.txz: Upgraded.
x/xfs-1.2.2-x86_64-1.txz: Upgraded.
Well folks, we have some more interesting stuff in /testing now.
Our good friend LuckyCyborg posted a while back about our trials with
GRUB2, and that we were banging our heads against a wall for no reason
trying to bend GRUB2 with our 09_slackware_linux grub.d script instead
of changing our kernel/initrd naming scheme to vmlinux-6.10.1-generic
and initrd-6.10.1-generic.img. And, as is often the case, our friend is
exactly correct. Once we stopped trying to swim against the current, GRUB2
started behaving as it should.
The updates in /testing change the kernel naming scheme thusly, and modify
the geninitrd script in the mkinitrd package to also use this naming
scheme. And, of course, 09_slackware_linux is removed from GRUB2, and the
10_linux script is only lightly modified.
Because lilo and elilo work with the symlinks to the kernel and initrd,
they shouldn't care anout this change.
We've probably got 6.9.11 coming tomorrow. Unless I hear that I should stop
the presses on this change, it's likely that those kernels will be updated
using the new naming scheme and the mkinitrd and grub updates will be moved
into the main tree from /testing.
We'll stick with 6.9 in the main tree for now because I'm still encountering
suspend failure with the 6.10 kernel here.
Enjoy! :-)
a/kernel-firmware-20240723_b37d247-noarch-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-2.txz: Rebuilt.
l/libxml2-2.13.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix XXE protection in downstream code.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-40896
(* Security fix *)
l/mozilla-nss-3.102.1-x86_64-1.txz: Upgraded.
l/nodejs-20.16.0-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-8.2.0-x86_64-1.txz: Upgraded.
l/v4l-utils-1.28.1-x86_64-1.txz: Upgraded.
n/c-ares-1.32.3-x86_64-1.txz: Upgraded.
n/curl-8.9.0-x86_64-1.txz: Upgraded.
n/htdig-3.2.0b6-x86_64-10.txz: Rebuilt.
Patch XSS vulnerability. Thanks to jayjwa.
Get this out of cgi-bin. Thanks to LuckyCyborg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2007-6110
(* Security fix *)
n/libtirpc-1.3.5-x86_64-1.txz: Upgraded.
extra/fltk/fltk-1.3.9-x86_64-2.txz: Rebuilt.
extra/tigervnc/tigervnc-1.13.1-x86_64-6.txz: Rebuilt.
Not sure why 1.14.0 isn't compiling, but we'll rebuild this for now.
testing/packages/grub-2.12-x86_64-12.txz: Upgraded.
Remove 09_slackware_linux.
10_linux: don't rename Slackware ;-)
This should configure the renamed kernel/initrd perfectly.
Perhaps 10_linux should no longer accept initrd.gz as a valid name?
For now it is accepted to avoid disrupting existing workflows.
testing/packages/kernel-generic-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-headers-6.10.1-x86-1.txz: Upgraded.
testing/packages/kernel-huge-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-modules-6.10.1-x86_64-1.txz: Upgraded.
testing/packages/kernel-source-6.10.1-noarch-1.txz: Upgraded.
testing/packages/mkinitrd-1.4.11-x86_64-35.txz: Upgraded.
geninitrd: create initrd with initrd-version-name.img filename.
Make compat symlinks by default.
Always add LVM (I've seen it mistakenly skipped... if we can get to the
bottom of that then we'll stop always adding it)
Add /etc/default/geninitrd for configuration.
Hey folks, we got a new glibc and are beginning the process of baking the new
default compile flags into the toolchain, the graphics stack, and whatever else
happens along. Enjoy! :-)
a/aaa_glibc-solibs-2.40-x86_64-1.txz: Upgraded.
a/libblockdev-3.1.1_1-x86_64-2.txz: Rebuilt.
Fix build against recent ext2fs.h. Thanks to shipujin.
a/xfsprogs-6.9.0-x86_64-1.txz: Upgraded.
ap/rpm-4.19.1.1-x86_64-3.txz: Rebuilt.
ap/slackpkg-15.0.10-noarch-4.txz: Rebuilt.
Prefer gpg1 again. Going with the modern gpg with more dependencies was
a mistake in this case. (now we know why gnupg-1 is still around :-)
Thanks to Petri Kaukasoina.
d/binutils-2.42-x86_64-3.txz: Rebuilt.
d/cargo-vendor-filterer-0.5.14-x86_64-2.txz: Rebuilt.
d/cbindgen-0.26.0-x86_64-2.txz: Rebuilt.
d/ccache-4.10.2-x86_64-1.txz: Upgraded.
d/cmake-3.30.1-x86_64-2.txz: Rebuilt.
d/gcc-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-g++-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gdc-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gfortran-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gm2-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-gnat-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-go-14.1.0-x86_64-2.txz: Rebuilt.
d/gcc-objc-14.1.0-x86_64-2.txz: Rebuilt.
d/libgccjit-14.1.0-x86_64-2.txz: Rebuilt.
d/libtool-2.4.7-x86_64-8.txz: Rebuilt.
d/parallel-20240722-noarch-1.txz: Upgraded.
d/pkg-config-0.29.2-x86_64-5.txz: Rebuilt.
d/python-setuptools-71.1.0-x86_64-1.txz: Upgraded.
d/ruby-3.3.4-x86_64-2.txz: Rebuilt.
d/rust-bindgen-0.69.4-x86_64-2.txz: Rebuilt.
d/strace-6.10-x86_64-1.txz: Upgraded.
d/subversion-1.14.3-x86_64-3.txz: Rebuilt.
e/emacs-29.4-x86_64-2.txz: Rebuilt.
l/PyQt-builder-1.16.4-x86_64-2.txz: Rebuilt.
l/PyQt5-5.15.11-x86_64-1.txz: Upgraded.
l/PyQt5_sip-12.15.0-x86_64-2.txz: Rebuilt.
l/argon2-20190702-x86_64-6.txz: Rebuilt.
l/ffmpeg-6.1.1-x86_64-5.txz: Rebuilt.
l/glibc-2.40-x86_64-1.txz: Upgraded.
This update fixes security issues:
nscd: Stack-based buffer overflow in netgroup cache.
nscd: Null pointer crash after notfound response.
nscd: netgroup cache may terminate daemon on memory allocation failure.
nscd: netgroup cache assumes NSS callback uses in-buffer strings.
These vulnerabilities were only present in the nscd binary.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-33599https://www.cve.org/CVERecord?id=CVE-2024-33600https://www.cve.org/CVERecord?id=CVE-2024-33601https://www.cve.org/CVERecord?id=CVE-2024-33602
(* Security fix *)
l/glibc-i18n-2.40-x86_64-1.txz: Upgraded.
l/glibc-profile-2.40-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.5-x86_64-2.txz: Rebuilt.
l/libcdio-paranoia-10.2+2.0.2-x86_64-1.txz: Upgraded.
l/libclc-18.1.8-x86_64-3.txz: Rebuilt.
l/libproxy-0.5.8-x86_64-1.txz: Upgraded.
l/lz4-1.10.0-x86_64-1.txz: Upgraded.
l/poppler-24.07.0-x86_64-2.txz: Rebuilt.
l/python-importlib_metadata-8.1.0-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.7-x86_64-1.txz: Upgraded.
l/qt5-5.15.14_20240716_ae0c8451-x86_64-1.txz: Upgraded.
l/qt5-webkit-5.212.0_alpha4-x86_64-13.txz: Rebuilt.
l/qt6-6.7.2_20240610_3f005f1e-x86_64-3.txz: Rebuilt.
l/sip-6.8.6-x86_64-2.txz: Rebuilt.
l/spirv-llvm-translator-18.1.2-x86_64-2.txz: Rebuilt.
l/v4l-utils-1.28.0-x86_64-1.txz: Upgraded.
n/bind-9.18.28-x86_64-1.txz: Upgraded.
This update fixes security issues:
Remove SIG(0) support from named as a countermeasure for CVE-2024-1975.
qctx-zversion was not being cleared when it should have been leading to
an assertion failure if it needed to be reused.
An excessively large number of rrtypes per owner can slow down database query
processing, so a limit has been placed on the number of rrtypes that can be
stored per owner (node) in a cache or zone database. This is configured with
the new "max-rrtypes-per-name" option, and defaults to 100.
Excessively large rdatasets can slow down database query processing, so a
limit has been placed on the number of records that can be stored per
rdataset in a cache or zone database. This is configured with the new
"max-records-per-type" option, and defaults to 100.
Malicious DNS client that sends many queries over TCP but never reads
responses can cause server to respond slowly or not respond at all for other
clients.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-1975https://www.cve.org/CVERecord?id=CVE-2024-4076https://www.cve.org/CVERecord?id=CVE-2024-1737https://www.cve.org/CVERecord?id=CVE-2024-0760
(* Security fix *)
n/fetchmail-6.4.39-x86_64-1.txz: Upgraded.
n/obexftp-0.24.2-x86_64-13.txz: Rebuilt.
n/pinentry-1.3.1-x86_64-2.txz: Rebuilt.
n/wpa_supplicant-2.11-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.6-x86_64-3.txz: Rebuilt.
x/ibus-m17n-1.4.30-x86_64-1.txz: Upgraded.
x/libdrm-2.4.122-x86_64-2.txz: Rebuilt.
x/marisa-0.2.6-x86_64-10.txz: Rebuilt.
x/mesa-24.1.4-x86_64-2.txz: Rebuilt.
x/vulkan-sdk-1.3.275.0-x86_64-3.txz: Rebuilt.
xap/audacious-4.4-x86_64-2.txz: Rebuilt.
xap/audacious-plugins-4.4-x86_64-2.txz: Rebuilt.
xap/mozilla-thunderbird-128.0.1esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/128.0.1esr/releasenotes/
xap/xaos-4.3.2-x86_64-2.txz: Rebuilt.
extra/emacs-regular-build/emacs-29.4-x86_64-2_regular.txz: Rebuilt.
a/kernel-firmware-20240718_058deb9-noarch-1.txz: Upgraded.
a/kernel-generic-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-huge-6.9.10-x86_64-1.txz: Upgraded.
a/kernel-modules-6.9.10-x86_64-1.txz: Upgraded.
d/cmake-3.30.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.9.10-x86-1.txz: Upgraded.
d/python-setuptools-71.0.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.10-noarch-1.txz: Upgraded.
kde/labplot-2.11.1-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.6-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.06-noarch-1.txz: Upgraded.
n/httpd-2.4.62-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
The first CVE is for Windows, but the second one is an additional fix for
the source code disclosure regression when using AddType.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.62https://www.cve.org/CVERecord?id=CVE-2024-40898https://www.cve.org/CVERecord?id=CVE-2024-40725
(* Security fix *)
n/openvpn-2.6.12-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/openssl11-solibs-1.1.1za-x86_64-1.txz: Upgraded.
ap/vim-9.1.0595-x86_64-1.txz: Upgraded.
l/python-sphinx-7.4.5-x86_64-1.txz: Upgraded.
n/iproute2-6.10.0-x86_64-1.txz: Upgraded.
n/nftables-1.1.0-x86_64-1.txz: Upgraded.
n/openssl11-1.1.1za-x86_64-1.txz: Upgraded.
Apply patches to fix CVEs that were fixed by the 1.1.1{x,y,za} releases that
were only available to subscribers to OpenSSL's premium extended support.
These patches were prepared by backporting commits from the OpenSSL-3.0 repo.
The reported version number has been updated so that vulnerability scanners
calm down. All of these issues were considered to be of low severity.
We probably won't keep 1.1.1 in -current for long anyway, but might as well
patch it first. :-)
Thanks to Ken Zalewski for the patches!
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-5678https://www.cve.org/CVERecord?id=CVE-2024-0727https://www.cve.org/CVERecord?id=CVE-2024-2511https://www.cve.org/CVERecord?id=CVE-2024-4741https://www.cve.org/CVERecord?id=CVE-2024-5535
(* Security fix *)
x/mesa-24.1.4-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0595-x86_64-1.txz: Upgraded.
