a/kernel-firmware-20210503_3f23f51-noarch-1.txz: Upgraded.
ap/mariadb-10.5.9-x86_64-1.txz: Upgraded.
Reverted to the latest stable release.
d/mercurial-5.8-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-8.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/cantor-21.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/kfilemetadata-5.81.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/kile-2.9.93-x86_64-8.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/kitinerary-21.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/krita-4.4.3-x86_64-4.txz: Rebuilt.
Recompiled against poppler-21.05.0.
kde/okular-21.04.0-x86_64-2.txz: Rebuilt.
Recompiled against poppler-21.05.0.
l/isl-0.24-x86_64-1.txz: Upgraded.
l/poppler-21.05.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/python-pygments-2.9.0-x86_64-1.txz: Upgraded.
n/ethtool-5.12-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-2.txz: Rebuilt.
Recompiled against the mariadb-10.5.9 shared libraries.
n/postfix-3.6.0-x86_64-2.txz: Rebuilt.
Recompiled against the mariadb-10.5.9 shared libraries.
xap/gparted-1.3.0-x86_64-1.txz: Upgraded.
testing/packages/mariadb-10.6.0-x86_64-1.txz: Upgraded.
Since this is still considered alpha and not production ready, we'll put it
in /testing for now. Unless you're using an Atom (or other 32-bit processor
affected by the illegal instruction issue) it's probably best to stick with
mariadb-10.5.9.
a/less-581.2-x86_64-1.txz: Upgraded.
ap/nano-5.7-x86_64-1.txz: Upgraded.
d/cmake-3.20.2-x86_64-1.txz: Upgraded.
n/httpd-2.4.47-x86_64-1.txz: Upgraded.
n/samba-4.14.4-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defect:
Negative idmap cache entries can cause incorrect group entries in the
Samba file server process token.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20254https://www.samba.org/samba/security/CVE-2021-20254.html
(* Security fix *)
extra/php8/php8-8.0.5-x86_64-1.txz: Upgraded.
n/bind-9.16.15-x86_64-1.txz: Upgraded.
This update fixes bugs and the following security issues:
A specially crafted GSS-TSIG query could cause a buffer overflow in the
ISC implementation of SPNEGO.
named crashed when a DNAME record placed in the ANSWER section during DNAME
chasing turned out to be the final answer to a client query.
Insufficient IXFR checks could result in named serving a zone without an SOA
record at the apex, leading to a RUNTIME_CHECK assertion failure when the
zone was subsequently refreshed. This has been fixed by adding an owner name
check for all SOA records which are included in a zone transfer.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214
(* Security fix *)
a/mkinitrd-1.4.11-x86_64-24.txz: Rebuilt.
Change mkinitrd shebang to #!/bin/bash. Thanks to mumahendras3.
Still, don't point /bin/sh at a shell other than bash.
Only include dm-snapshot if LVM is included. Thanks to j12i.
a/tcsh-6.22.04-x86_64-1.txz: Upgraded.
ap/mariadb-10.6.0-x86_64-1.txz: Upgraded.
Removed TokuDB stuff from rc.mysqld. Thanks to gsl.
This update fixes the illegal instruction regession on 32-bit with processors
that do not support SSE4.1 instructions.
Thanks to Noel and Charlie Wilder for reporting the issue upstream
and Matteo Bernardini for helping with the debugging.
And of course, thanks to the MariaDB upstream developers. :-)
d/gdb-10.2-x86_64-1.txz: Upgraded.
d/python-pip-21.1-x86_64-1.txz: Upgraded.
n/dnsmasq-2.85-x86_64-2.txz: Rebuilt.
rc.dnsmasq: display stop message. Thanks to vineetmehta.
rc.dnsmasq: kill by .pid file (or at least within the current namespace).
Thanks to Petri Kaukasoina.
n/wireguard-tools-1.0.20210424-x86_64-1.txz: Upgraded.
x/fcitx-qt5-1.2.6-x86_64-1.txz: Upgraded.
a/pkgtools-15.0-noarch-39.txz: Rebuilt.
upgradepkg: revert change where $ROOT/sbin/installpkg is called instead of
/sbin/installpkg. Conceptually, this seemed like a nice change (but would
have also required removepkg to be called the same way), but it seems to
break an established expectation that the pkgtools can be used without them
actually being installed in $ROOT. Thanks to alienBOB.
a/sysvinit-scripts-15.0-noarch-2.txz: Rebuilt.
Use #!/bin/bash for these scripts so that bashisms don't cause script issues
if /bin/sh is some other shell. Thanks to mumahendras3.
rc.S: Use GazL's proposals for detecting/mounting /proc and /sys.
d/parallel-20210422-noarch-1.txz: Upgraded.
l/glib-networking-2.68.1-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.29-x86_64-1.txz: Upgraded.
x/igt-gpu-tools-1.26-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
Rebuild with pkgtools-15.0-noarch-39.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Rebuild with pkgtools-15.0-noarch-39.
ap/tmux-3.2-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.11_7-x86_64-1.txz: Upgraded.
l/librsvg-2.50.4-x86_64-1.txz: Upgraded.
n/cifs-utils-6.13-x86_64-1.txz: Upgraded.
n/snownews-1.7-x86_64-1.txz: Upgraded.
x/xorg-server-1.20.11-x86_64-1.txz: Upgraded.
Insufficient checks on the lengths of the XInput extension
ChangeFeedbackControl request can lead to out of bounds memory
accesses in the X server. These issues can lead to privilege
escalation for authorized clients on systems where the X server
is running privileged.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3472
(* Security fix *)
x/xorg-server-xephyr-1.20.11-x86_64-1.txz: Upgraded.
x/xorg-server-xnest-1.20.11-x86_64-1.txz: Upgraded.
x/xorg-server-xvfb-1.20.11-x86_64-1.txz: Upgraded.
x/xorg-server-xwayland-1.20.11-x86_64-1.txz: Upgraded.
a/kernel-generic-5.10.28-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.28-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.28-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.28-x86-1.txz: Upgraded.
k/kernel-source-5.10.28-noarch-1.txz: Upgraded.
DEVKMEM y -> n
Thanks to Jonathan Woithe for the suggestion.
l/pipewire-0.3.25-x86_64-1.txz: Upgraded.
n/libksba-1.5.1-x86_64-1.txz: Upgraded.
x/ibus-m17n-1.4.5-x86_64-1.txz: Upgraded.
x/libdrm-2.4.105-x86_64-1.txz: Upgraded.
x/mesa-21.0.2-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.12-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.12-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.12-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.12-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.12-noarch-1.txz: Upgraded.
DEVKMEM y -> n
Thanks to Jonathan Woithe for the suggestion.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/sysvinit-scripts-2.1-noarch-41.txz: Rebuilt.
rc.S: don't clear /var/run. Thanks to upnort.
kde/digikam-7.2.0-x86_64-2.txz: Rebuilt.
Recompiled against opencv-4.5.2 (apparently the ABI changed).
Thanks to etienne.
a/hwdata-0.346-noarch-1.txz: Upgraded.
a/kernel-firmware-20210405_af1ca28-noarch-1.txz: Upgraded.
d/Cython-0.29.22-x86_64-2.txz: Rebuilt.
Recompiled to fix building some programs that use Cython. It's possible
that this was due to an ABI bug that shipped in Python-3.9.3, but we'll
rebuild to be on the safe side.
Thanks to PiterPunk who noticed this issue on 32-bit.
d/python3-3.9.4-x86_64-1.txz: Upgraded.
This update reverts a change that introduced an unintentional ABI
incompatibility making some C extensions built with Python 3.9.0 - 3.9.2
crash with Python 3.9.3 on 32-bit systems.
d/ruby-3.0.1-x86_64-1.txz: Upgraded.
This release includes a security fix:
XML round-trip vulnerability in REXML.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28965
(* Security fix *)
l/cryfs-0.10.3-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.11_6-x86_64-1.txz: Upgraded.
l/libqalculate-3.18.0-x86_64-1.txz: Upgraded.
ap/sqlite-3.35.3-x86_64-1.txz: Upgraded.
d/git-2.31.1-x86_64-1.txz: Upgraded.
d/re2c-2.1-x86_64-1.txz: Upgraded.
l/ffmpeg-4.3.2-x86_64-2.txz: Rebuilt.
libvpx-1.10.0 seems to have a changed ABI, so recompile against it.
l/gst-plugins-good-1.18.4-x86_64-2.txz: Rebuilt.
libvpx-1.10.0 seems to have a changed ABI, so recompile against it.
l/pango-1.48.4-x86_64-1.txz: Upgraded.
l/qt5-5.15.2-x86_64-7.txz: Rebuilt.
n/epic5-2.1.3-x86_64-1.txz: Upgraded.
x/libXaw-1.0.14-x86_64-1.txz: Upgraded.
x/xterm-367-x86_64-1.txz: Upgraded.
This update fixes a security issue:
xterm before Patch #366 allows remote attackers to execute arbitrary code or
cause a denial of service (segmentation fault) via a crafted UTF-8 combining
character sequence.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27135
(* Security fix *)
xap/xine-lib-1.2.11-x86_64-5.txz: Rebuilt.
libvpx-1.10.0 seems to have a changed ABI, so recompile against it.
xap/xpaint-3.1.3-x86_64-1.txz: Upgraded.
xap/xsnow-3.2.3-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-20.txz: Rebuilt.
mkinitrd_command_generator.sh: account for the mmc_block module having an
internal name of "mmcblk". Thanks to Andypoo.
ap/cups-filters-1.28.8-x86_64-1.txz: Upgraded.
l/expat-2.3.0-x86_64-1.txz: Upgraded.
l/libvpx-1.10.0-x86_64-1.txz: Upgraded.
l/netpbm-10.93.03-x86_64-1.txz: Upgraded.
n/pam-krb5-4.10-x86_64-1.txz: Upgraded.
a/btrfs-progs-5.11.1-x86_64-1.txz: Upgraded.
a/dialog-1.3_20210324-x86_64-1.txz: Upgraded.
a/kernel-generic-5.10.26-x86_64-1.txz: Upgraded.
a/kernel-huge-5.10.26-x86_64-1.txz: Upgraded.
a/kernel-modules-5.10.26-x86_64-1.txz: Upgraded.
a/openssl-solibs-1.1.1k-x86_64-1.txz: Upgraded.
d/kernel-headers-5.10.26-x86-1.txz: Upgraded.
d/rust-1.51.0-x86_64-1.txz: Upgraded.
e/emacs-27.2-x86_64-1.txz: Upgraded.
k/kernel-source-5.10.26-noarch-1.txz: Upgraded.
-ADI_AXI_ADC m
AD9467 m -> n
FONT_TER16x32 n -> y
n/openssl-1.1.1k-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fixed a problem with verifying a certificate chain when using the
X509_V_FLAG_X509_STRICT flag.
Fixed an issue where an OpenSSL TLS server may crash if sent a maliciously
crafted renegotiation ClientHello message from a client.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3450https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3449
(* Security fix *)
n/samba-4.14.2-x86_64-1.txz: Upgraded.
This is a security release in order to address the following defects:
Heap corruption via crafted DN strings.
Out of bounds read in AD DC LDAP server.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27840https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20277
(* Security fix *)
x/mesa-21.0.1-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/linux-5.11.x/kernel-generic-5.11.10-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.10-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.10-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.10-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.10-noarch-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/dialog-1.3_20210319-x86_64-2.txz: Rebuilt.
Install /etc/dialogrc as /etc/dialogrc.new. This won't protect the file with
this update, but it will moving forward. Thanks to Tonus.
l/libsigc++3-3.0.6-x86_64-1.txz: Added.
x/libinput-1.17.1-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-87.0-x86_64-2.txz: Rebuilt.
Pass --enable-optimize to let the build handle optimizations (apparently
which optimizations work best differs throughout the tree). Don't pass
optimization options in CFLAGS/CXXFLAGS. Build with --enable-rust-simd
since upstream's binary releases do.
xap/mozilla-thunderbird-78.9.0-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/78.9.0/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2021-12/https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23981https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23982https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23984https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23987
(* Security fix *)
testing/packages/linux-5.11.x/kernel-generic-5.11.9-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-headers-5.11.9-x86-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-huge-5.11.9-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-modules-5.11.9-x86_64-1.txz: Upgraded.
testing/packages/linux-5.11.x/kernel-source-5.11.9-noarch-1.txz: Upgraded.
-ADI_AXI_ADC m
AD9467 m -> n
FONT_TER16x32 n -> y
ap/slackpkg-15.0.1-noarch-1.txz: Upgraded.
Tweak default blacklist file's help text (thanks, dive).
Fix display of blacklisted packages.
Tweaks to slack-desc.
Note that kernel-headers should not be blacklisted.
Added Lithuania mirrors (Totoro-kun on LQ).
Fix exit code for pending updates (dive).
Avoid matching txz/tgz etc extension when blacklisting (dive).
Use https for all slackpkg homepage links.
Update mirror files (14.2 -> 15.0).
Add blacklist to search option.
Move applyblacklist to end of makelist().
Clarify how to blacklist duplicate packages.
Fix new-config dialog.
Reduce false positives in DOUBLEFILES detection.
Remove spaces in awk..
More blacklisting fixups (see full commit msg).
Escape plus signs in blacklist regex.
Convert ${ROOT}/${WORKDIR} > ${WORKDIR} (dive).
Convert ${ROOT}/${CONF} -> ${CONF} and tweak blacklists (dive).
Further fixup/enhancement to blacklisting issues.
Fix "slackpkg blacklist" so that it shows blacklist again.
Fixup internal blacklist handling.
Use ERE for sanity_check() function (David Woodfall).
Remove "slackpkg blacklist" from manual pages.
Fix aaa_elflibs --> aaa_libraries in sample blacklist file (mozes).
Split aarch64 and arm mirrors into separate files (mozes).
Allow new-config after slackpkg upgrade itself (PiterPUNK).
Modify blacklist regex line ending.
Thanks to Robby Workman.
ap/sqlite-3.35.2-x86_64-1.txz: Upgraded.
kde/kid3-3.8.6-x86_64-1.txz: Upgraded.
l/glib2-2.66.8-x86_64-1.txz: Upgraded.
l/pango-1.48.3-x86_64-2.txz: Rebuilt.
Eliminate dangling symlink. Thanks to upnort.
n/bind-9.16.13-x86_64-1.txz: Upgraded.
n/links-2.22-x86_64-1.txz: Upgraded.
n/network-scripts-15.0-noarch-14.txz: Rebuilt.
Fix discrepancies between rc.inet1.conf versions.
Move configuration of SLACC before DHCP.
Don't bring up a bridge interface if it will be brought up later by IP config.
Fix a typo in br_open when configuring IFOPTS: i->1.
Add SLAAC security and privacy options.
Fix typo of 'default'.
Added debugging output around new SLAAC enhancements.
Move enabling RA before SLAAC security section. Thanks to davjohn on LQ.
Fix domain name validation checks. Thanks to xbeastx74 on LQ for the report.
Thanks to Darren "Tadgy" Austin and Robby Workman.
n/wireless_tools-30.pre9-x86_64-5.txz: Rebuilt.
rc.wireless: don't leave interfaces in up state as it prevents SLAAC.
Take interface down at exit from rc.wireless. Thanks to davjohn.
x/libgee-0.20.4-x86_64-1.txz: Upgraded.
a/kernel-firmware-20210315_3568f96-noarch-1.txz: Upgraded.
ap/sudo-1.9.6-x86_64-1.txz: Upgraded.
d/cmake-3.19.7-x86_64-1.txz: Upgraded.
d/python-setuptools-54.1.2-x86_64-1.txz: Upgraded.
d/rust-1.50.0-x86_64-1.txz: Upgraded.
l/libcap-2.49-x86_64-1.txz: Upgraded.
l/python-urllib3-1.26.4-x86_64-1.txz: Upgraded.
l/qt5-5.15.2-x86_64-6.txz: Rebuilt.
Rebuilt with -proprietary-codecs and -webengine-proprietary-codecs. When
combined with -webengine-ffmpeg (use system ffmpeg), this doesn't actually
build any proprietary codecs, but allows them to be used if they happen to
be built into the system ffmpeg. Thanks to alienBOB.
xap/mozilla-firefox-86.0.1-x86_64-1.txz: Upgraded.
When we first moved Slackware to the Firefox ESR channel, the motivation
was to keep Firefox secure while delaying a requirement for Rust at build
time. Of course, eventually that ESR version reached EOL and we had to
introduce Rust into Slackware 14.2 in order to continue providing updates.
Eventually that also ran into roadblocks as Firefox required first newer
C/C++ compilers, and then finally a newer libstdc++. To continue, we'd
have had to bump GCC to a much newer version, making other maintenance
difficult or impossible. At this point, the latest Firefox has no additional
dependencies beyond those of the ESR version, and it's unlikely that it
will be any more difficult to keep it maintained. I think we all want the
Slackware 15.0 release to be as good as possible, and most users will be
better served if we resume following the latest desktop releases.
Thanks to LuckyCyborg who can always be counted on to give me a friendly
kick in the rear end. :-) Thanks also to ponce for the updated gkrust patch.
d/rust-1.49.0-x86_64-1.txz: Upgraded.
Until we can figure out why audio crashes if we compile Firefox using
rust-1.50.0, it's probably better to stick with this version.
xap/mozilla-firefox-78.8.0esr-x86_64-3.txz: Rebuilt.
Recompiled with rust-1.49.0 to prevent crashing on any tab with audio.
a/acl-2.3.0-x86_64-1.txz: Upgraded.
a/attr-2.5.0-x86_64-1.txz: Upgraded.
ap/hplip-3.20.5-x86_64-3.txz: Rebuilt.
Switched to hplip-3.20.5 to fix regressions in the hp-plugin subsystem.
Patched to use is_alive() rather than the deprecated isAlive().
Thanks to Andypoo.
Newer versions than 3.20.6 require avahi. We'll stick with this version
for now and leave the decision about whether we love HP more than we hate
avahi for another day.
d/doxygen-1.9.1-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-78.8.0esr-x86_64-2.txz: Rebuilt.
Rebuilt with --enable-system-nss and --enable-system-nspr. Thanks to franzen.
xap/mozilla-thunderbird-78.8.1-x86_64-2.txz: Rebuilt.
Rebuilt with --enable-system-nss, --enable-system-nspr, and
--disable-debug-symbols. Thanks to franzen.
xap/seamonkey-2.53.6-x86_64-3.txz: Rebuilt.
Rebuilt with --enable-system-nss and --enable-system-nspr. Thanks to franzen.
xfce/exo-4.16.1-x86_64-1.txz: Upgraded.
ap/vim-8.2.2585-x86_64-1.txz: Upgraded.
d/git-2.30.2-x86_64-1.txz: Upgraded.
l/python-dnspython-2.1.0-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
l/python-markdown-3.3.4-x86_64-1.txz: Added.
This is needed by samba-4.14.0.
n/samba-4.14.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.2585-x86_64-1.txz: Upgraded.
xfce/elementary-xfce-0.15.2-x86_64-1.txz: Upgraded.