Miroirs/slackware-current
1
0
Fork 0
mirror of git://slackware.nl/current.git synced 2024-12-31 10:28:29 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
1368 commits 8 branches 2371 tags 482 MiB
Commit graph

4 commits

Author SHA1 Message Date
Patrick J Volkerding
79e6c8efb8 Fri Aug 4 20:17:36 UTC 2023 
extra/php81/php81-8.1.22-x86_64-1_slack15.0.txz:  Upgraded.
  This update fixes a security issue:
  Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity
  loading in XML without enabling it).
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2023-3823
  (* Security fix *)
extra/rust-for-mozilla/rust-1.70.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 115.1.0 ESR and Thunderbird 115.1.0.
pasture/samba-4.15.13-x86_64-1_slack15.0.txz:  Added.
  We'll hang onto this just in case.
patches/packages/mozilla-firefox-115.1.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/115.1.0esr/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
    https://www.cve.org/CVERecord?id=CVE-2023-4045
    https://www.cve.org/CVERecord?id=CVE-2023-4046
    https://www.cve.org/CVERecord?id=CVE-2023-4047
    https://www.cve.org/CVERecord?id=CVE-2023-4048
    https://www.cve.org/CVERecord?id=CVE-2023-4049
    https://www.cve.org/CVERecord?id=CVE-2023-4050
    https://www.cve.org/CVERecord?id=CVE-2023-4052
    https://www.cve.org/CVERecord?id=CVE-2023-4054
    https://www.cve.org/CVERecord?id=CVE-2023-4055
    https://www.cve.org/CVERecord?id=CVE-2023-4056
    https://www.cve.org/CVERecord?id=CVE-2023-4057
  (* Security fix *)
patches/packages/mozilla-thunderbird-115.1.0-x86_64-1_slack15.0.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/115.1.0/releasenotes/
patches/packages/samba-4.18.5-x86_64-1_slack15.0.txz:  Upgraded.
  PLEASE NOTE: We are taking the unusual step of moving to the latest Samba
  branch because Windows has made changes that break Samba 4.15.x. The last
  4.15.x will be retained in /pasture as a fallback. There may be some
  required configuration changes with this, but we've kept using MIT Kerberos
  to try to have the behavior change as little as possible. Upgrade carefully.
  This update fixes security issues:
  When winbind is used for NTLM authentication, a maliciously crafted request
  can trigger an out-of-bounds read in winbind and possibly crash it.
  SMB2 packet signing is not enforced if an admin configured
  "server signing = required" or for SMB2 connections to Domain Controllers
  where SMB2 packet signing is mandatory.
  An infinite loop bug in Samba's mdssvc RPC service for Spotlight can be
  triggered by an unauthenticated attacker by issuing a malformed RPC request.
  Missing type validation in Samba's mdssvc RPC service for Spotlight can be
  used by an unauthenticated attacker to trigger a process crash in a shared
  RPC mdssvc worker process.
  As part of the Spotlight protocol Samba discloses the server-side absolute
  path of shares and files and directories in search results.
  For more information, see:
    https://www.samba.org/samba/security/CVE-2022-2127.html
    https://www.samba.org/samba/security/CVE-2023-3347.html
    https://www.samba.org/samba/security/CVE-2023-34966.html
    https://www.samba.org/samba/security/CVE-2023-34967.html
    https://www.samba.org/samba/security/CVE-2023-34968.html
    https://www.cve.org/CVERecord?id=CVE-2022-2127
    https://www.cve.org/CVERecord?id=CVE-2023-3347
    https://www.cve.org/CVERecord?id=CVE-2023-34966
    https://www.cve.org/CVERecord?id=CVE-2023-34967
    https://www.cve.org/CVERecord?id=CVE-2023-34968
  (* Security fix *)
 2023-08-05 13:30:38 +02:00
Patrick J Volkerding
23a0b53a62 Tue Sep 6 20:21:24 UTC 2022 
extra/rust-for-mozilla/rust-1.60.0-x86_64-1_slack15.0.txz:  Upgraded.
  Upgraded the Rust compiler for Firefox 102.2.0 and Thunderbird 102.2.1.
patches/packages/mozilla-firefox-102.2.0esr-x86_64-1_slack15.0.txz:  Upgraded.
  This update contains security fixes and improvements.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/102.2.0/releasenotes/
    https://www.mozilla.org/security/advisories/mfsa2022-34/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38473
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38476
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38477
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38478
  (* Security fix *)
patches/packages/mozilla-thunderbird-102.2.1-x86_64-1_slack15.0.txz:  Upgraded.
  This release contains security fixes and improvements.
  Some accounts may need to be reconfigured after moving from
  Thunderbird 91.13.0 to Thunderbird 102.2.1.
  For more information, see:
    https://www.mozilla.org/en-US/thunderbird/102.2.1/releasenotes/
    https://www.mozilla.org/en-US/security/advisories/mfsa2022-38/
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3033
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3032
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3034
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36059
  (* Security fix *)
patches/packages/vim-9.0.0396-x86_64-1_slack15.0.txz:  Upgraded.
  Fixed use after free.
  Thanks to marav for the heads-up.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3099
  (* Security fix *)
patches/packages/vim-gvim-9.0.0396-x86_64-1_slack15.0.txz:  Upgraded.
 2022-09-07 13:30:33 +02:00
Patrick J Volkerding
131d525a47 Thu Jan 27 22:43:13 UTC 2022 
a/aaa_libraries-15.0-x86_64-18.txz:  Rebuilt.
  Rebuilt to pick up the patched libexpat.so.1.8.3.
a/kernel-generic-5.15.17-x86_64-1.txz:  Upgraded.
a/kernel-huge-5.15.17-x86_64-1.txz:  Upgraded.
a/kernel-modules-5.15.17-x86_64-1.txz:  Upgraded.
a/lzlib-1.13-x86_64-1.txz:  Upgraded.
a/sysvinit-scripts-15.0-noarch-8.txz:  Rebuilt.
  rc.S: clear /var/lock/subsys before starting libcgroup services.
  Thanks to pyllyukko.
ap/pamixer-1.5-x86_64-2.txz:  Rebuilt.
  Recompiled against boost-1.78.0.
d/kernel-headers-5.15.17-x86-1.txz:  Upgraded.
k/kernel-source-5.15.17-noarch-1.txz:  Upgraded.
kde/kig-21.12.1-x86_64-2.txz:  Rebuilt.
  Recompiled against boost-1.78.0.
kde/kopeninghours-21.12.1-x86_64-2.txz:  Rebuilt.
  Recompiled against boost-1.78.0.
kde/krita-5.0.2-x86_64-2.txz:  Rebuilt.
  Recompiled against boost-1.78.0.
l/boost-1.78.0-x86_64-1.txz:  Upgraded.
  I hadn't planned to update this at such a late stage, but POV-Ray needs it
  and everything we ship builds fine against it. Thanks to bender647.
  Shared library .so-version bump.
l/cryfs-0.10.3-x86_64-4.txz:  Rebuilt.
  Recompiled against boost-1.78.0.
l/expat-2.4.3-x86_64-3.txz:  Rebuilt.
  Prevent integer overflow in doProlog.
  For more information, see:
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23990
  (* Security fix *)
l/netpbm-10.97.03-x86_64-1.txz:  Upgraded.
l/openexr-2.5.7-x86_64-5.txz:  Rebuilt.
  Recompiled against boost-1.78.0.
l/pipewire-0.3.44-x86_64-1.txz:  Upgraded.
n/fetchmail-6.4.27-x86_64-1.txz:  Upgraded.
n/libgpg-error-1.44-x86_64-1.txz:  Upgraded.
x/mesa-21.3.5-x86_64-1.txz:  Upgraded.
xap/mozilla-firefox-91.5.1esr-x86_64-1.txz:  Upgraded.
  This is a bugfix release.
  For more information, see:
    https://www.mozilla.org/en-US/firefox/91.5.1/releasenotes/
  (* Security fix *)
extra/rust-for-mozilla/rust-1.54.0-x86_64-4.txz:  Rebuilt.
  Removed duplicated libLLVM shared library.
isolinux/initrd.img:  Rebuilt.
kernels/*:  Upgraded.
usb-and-pxe-installers/usbboot.img:  Rebuilt.
 2022-01-28 08:59:57 +01:00
Patrick J Volkerding
ac00706594 Mon Dec 27 23:06:00 UTC 2021 
The --enable-systemd-logind change to xorg-server that caused resume from
suspend regressions (and others) has been reverted, and in retrospect it was
a bad idea to take it at that point, but it had appeared as if it wouldn't
cause problems in the case where Xorg was running as root. Oh well, lesson
learned. But the build script has been enhanced to make it easy to build
rootless versions of the xorg-server packages. Just do this:
  ROOTLESSX=YES ./x11.SlackBuild xserver xorg-server
Depending on your GPU, this could work for your use case with no problems.
Also, I've gone ahead and taken a couple of shared library version bumps since
the projects (opencv and poppler) have decent track records as far as not
introducing regressions, and if there are any, we've got time to test and fix.
I'm still avoiding some things that aren't as trusted in that regard, and will
likely continue to do so. :-)
ap/cups-filters-1.28.10-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/ark-21.12.0-x86_64-2.txz:  Rebuilt.
  Applied upstream patches:
  [PATCH] Fix extraction "Dolphin Actions" not abiding "Open destination
  folder after extracting" setting.
  [PATCH] Do not highlight file after compression.
  Thanks to ctrlaltca.
kde/calligra-3.2.1-x86_64-15.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/cantor-21.12.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/digikam-7.4.0-x86_64-2.txz:  Rebuilt.
  Recompiled against opencv-4.5.5.
kde/kfilemetadata-5.89.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/kile-2.9.93-x86_64-15.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/kitinerary-21.12.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/krita-5.0.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
kde/okular-21.12.0-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
l/gegl-0.4.34-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
l/gst-plugins-bad-free-1.18.5-x86_64-3.txz:  Rebuilt.
  Recompiled against opencv-4.5.5.
l/imagemagick-7.1.0_19-x86_64-1.txz:  Upgraded.
l/mlt-7.4.0-x86_64-1.txz:  Upgraded.
l/opencv-4.5.5-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
l/poppler-21.12.0-x86_64-1.txz:  Upgraded.
  Shared library .so-version bump.
n/fetchmail-6.4.26-x86_64-1.txz:  Upgraded.
n/tin-2.6.1-x86_64-1.txz:  Upgraded.
x/ibus-anthy-1.5.14-x86_64-1.txz:  Upgraded.
x/xorg-server-1.20.14-x86_64-2.txz:  Rebuilt.
  Recompiled using these options:
  --enable-suid-wrapper --enable-install-setuid --disable-systemd-logind.
x/xorg-server-xephyr-1.20.14-x86_64-2.txz:  Rebuilt.
x/xorg-server-xnest-1.20.14-x86_64-2.txz:  Rebuilt.
x/xorg-server-xvfb-1.20.14-x86_64-2.txz:  Rebuilt.
xap/geeqie-1.6-x86_64-4.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
xap/gimp-2.10.30-x86_64-2.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
xfce/tumbler-4.16.0-x86_64-4.txz:  Rebuilt.
  Recompiled against poppler-21.12.0.
extra/rust-for-mozilla/rust-1.54.0-x86_64-3.txz:  Added.
  This is an alternate version of Rust that may be useful for compiling
  software from Mozilla since using the very latest Rust often won't
  compile, or produces an unstable build.
 2021-12-28 08:59:56 +01:00