l/imagemagick-7.1.1_30-x86_64-1.txz: Upgraded.
l/libarchive-3.7.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:
f27c173d17https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
n/net-snmp-5.9.4-x86_64-3.txz: Rebuilt.
[PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp.
Thanks to walecha.
n/rsync-3.3.0-x86_64-1.txz: Upgraded.
x/xorg-sgml-doctools-1.12.1-x86_64-1.txz: Upgraded.
xap/gimp-2.10.36-x86_64-3.txz: Rebuilt.
[PATCH] QuitDialog: disconnect signal handler on dialog destroy.
This fixes a crash on quit.
Thanks to USUARIONUEVO.
xap/xlockmore-5.77-x86_64-1.txz: Upgraded.
a/pciutils-3.12.0-x86_64-1.txz: Upgraded.
l/pygobject-2.28.7-x86_64-10.txz: Rebuilt.
Build with PYTHON=python2 so that we don't have a call to unversioned python
in pygobject-codegen-2.0. Fixes building gimp from git.
Thanks to Petri Kaukasoina.
l/pygobject3-3.48.2-x86_64-1.txz: Upgraded.
x/libX11-1.8.9-x86_64-1.txz: Upgraded.
x/mtdev-1.1.7-x86_64-1.txz: Upgraded.
a/etc-15.1-x86_64-10.txz: Rebuilt.
Added nut user (218) and nut group (218).
a/genpower-1.0.5-x86_64-5.txz: Removed.
a/nut-2.8.2-x86_64-1.txz: Added.
This is a package to support uninterruptible power supplies, and replaces
the obsolete genpower package.
Thanks to V'yacheslav Stetskevych for the original SBo script.
a/sysvinit-scripts-15.1-noarch-16.txz: Rebuilt.
rc.M: start the NUT init scripts rc.nut-drvctl, rc.nut-upsd, and
rc.nut-upsmon. Remove the genpower block.
rc.6: support stopping the UPS inverter on the way down if we see
/etc/killpower. Remove the genpower block.
a/tcsh-6.24.12-x86_64-1.txz: Upgraded.
ap/man-db-2.12.1-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-1.txz: Upgraded.
ap/vim-9.1.0265-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.14-x86_64-1.txz: Upgraded.
d/nasm-2.16.02-x86_64-1.txz: Upgraded.
l/libproxy-0.5.5-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.5-x86_64-1.txz: Upgraded.
l/python-typing_extensions-4.11.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.16-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0265-x86_64-1.txz: Upgraded.
extra/bash-completion/bash-completion-2.13.0-noarch-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.13.1-x86_64-5.txz: Rebuilt.
Recompiled against xorg-server-21.1.12 to fix security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-31080https://www.cve.org/CVERecord?id=CVE-2024-31081https://www.cve.org/CVERecord?id=CVE-2024-31082https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
a/hwdata-0.381-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.25-x86_64-1.txz: Upgraded.
d/cmake-3.29.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.25-x86-1.txz: Upgraded.
d/llvm-18.1.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.25-noarch-1.txz: Upgraded.
kde/kstars-3.7.0-x86_64-1.txz: Upgraded.
l/enchant-2.6.9-x86_64-1.txz: Upgraded.
l/libclc-18.1.3-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.03-noarch-1.txz: Upgraded.
n/gnutls-3.8.5-x86_64-1.txz: Upgraded.
n/httpd-2.4.59-x86_64-1.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59https://www.cve.org/CVERecord?id=CVE-2024-27316https://www.cve.org/CVERecord?id=CVE-2024-24795https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
n/nghttp2-1.61.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57qhttps://www.kb.cert.org/vuls/id/421644https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
x/xdg-desktop-portal-1.18.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.24-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.24-x86-1.txz: Upgraded.
d/python3-3.11.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.24-noarch-1.txz: Upgraded.
-AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT n
-GCC11_NO_ARRAY_BOUNDS y
NUMA_BALANCING n -> y
+GCC10_NO_ARRAY_BOUNDS y
+NUMA_BALANCING_DEFAULT_ENABLED y
kde/libindi-2.0.7-x86_64-1.txz: Upgraded.
l/SDL2-2.30.2-x86_64-1.txz: Upgraded.
l/aom-3.8.2-x86_64-1.txz: Added.
Needed to add AV1 encode/decode support to ffmpeg.
Thanks to Andrew Strong.
l/dav1d-1.4.1-x86_64-1.txz: Added.
Needed to add AV1 decode support to ffmpeg.
l/ffmpeg-6.1.1-x86_64-2.txz: Rebuilt.
Patched to build with nv-codec-headers-12.2.72.0. Thanks to J_W.
Compiled against aom-3.8.2 and dav1d-1.4.1 for AV1 support.
Thanks to glennmcc.
l/gtk4-4.14.2-x86_64-1.txz: Upgraded.
n/whois-5.5.22-x86_64-1.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/MPlayer-20240403-x86_64-1.txz: Upgraded.
Compiled using --enable-libaom-lavc and --enable-libdav1d-lavc.
Thanks to glennmcc.
xap/pan-0.157-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/python-pip-24.0-x86_64-3.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
d/python2-2.7.18-x86_64-8.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
l/PyQt-builder-1.15.4-x86_64-3.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
l/python-installer-0.7.0-x86_64-3.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
ap/hplip-3.23.12-x86_64-4.txz: Rebuilt.
Add a few patches from Arch, including one to fix a Unicode error with the
sixext.py script that causes hp-setup to crash after detecting a printer.
Thanks to truepatriot76.
d/Cython-3.0.10-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.13-x86_64-1.txz: Upgraded.
d/poke-4.0-x86_64-1.txz: Upgraded.
l/editorconfig-core-c-0.12.7-x86_64-1.txz: Upgraded.
l/jasper-4.2.3-x86_64-1.txz: Upgraded.
l/libical-3.0.18-x86_64-1.txz: Upgraded.
l/pango-1.52.2-x86_64-1.txz: Upgraded.
l/python-lxml-5.2.0-x86_64-1.txz: Upgraded.
l/wireplumber-0.5.1-x86_64-1.txz: Upgraded.
n/c-ares-1.28.1-x86_64-1.txz: Upgraded.
xap/blueman-2.4-x86_64-1.txz: Upgraded.
ap/undervolt-0.4.0-x86_64-1.txz: Upgraded.
kde/kig-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled to link with libboost_python311.so.1.84.0.
kde/kopeninghours-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled to link with libboost_python311.so.1.84.0. Thanks to gmgf.
a/xz-5.6.1-x86_64-3.txz: Rebuilt.
[PATCH] CMake: Fix sabotaged Landlock sandbox check.
We don't build with CMake (yet), but it doesn't hurt to apply this.
d/mercurial-6.7.2-x86_64-1.txz: Upgraded.
l/boost-1.84.0-x86_64-3.txz: Rebuilt.
Recompiled against python-3.11.8. Thanks to rinza.
l/python-pycparser-2.22-x86_64-1.txz: Upgraded.
l/python-pytz-2024.1-x86_64-2.txz: Removed.
No longer needed with python-3.11. Thanks to audriusk.
l/python-tomli-2.0.1-x86_64-2.txz: Removed.
No longer needed with python-3.11. Thanks to TommyC7 and audriusk.
n/c-ares-1.28.0-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.9-x86_64-1.txz: Upgraded.
extra/brltty/brltty-6.6-x86_64-4.txz: Rebuilt.
Don't install anything under /usr/local. Thanks to reddog83.
a/coreutils-9.5-x86_64-1.txz: Upgraded.
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
split --line-bytes with a mixture of very long and short lines no longer
overwrites the heap.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0684
(* Security fix *)
a/btrfs-progs-6.8-x86_64-1.txz: Upgraded.
a/gpm-1.20.7-x86_64-10.txz: Rebuilt.
Clean up the compile fix patch omitting the Emacs Lisp file.
Clean up and apply the weak-wgetch patch.
Build using the option --without-curses.
Thanks to qunying.
a/util-linux-2.40-x86_64-1.txz: Upgraded.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
d/rust-1.77.1-x86_64-1.txz: Upgraded.
l/fluidsynth-2.3.5-x86_64-1.txz: Upgraded.
l/protobuf-26.1-x86_64-1.txz: Upgraded.
l/python-build-1.2.1-x86_64-1.txz: Upgraded.
n/samba-4.20.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.4-x86_64-1.txz: Upgraded.
xap/seamonkey-2.53.18.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
a/shadow-4.15.1-x86_64-1.txz: Upgraded.
The main point of this release is to fix a bug that caused spurious error
messages about unknown login.defs configuration options.
a/sysvinit-3.09-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.3.25-x86_64-1.txz: Upgraded.
x/libX11-1.8.8-x86_64-1.txz: Upgraded.
x/libXmu-1.2.0-x86_64-1.txz: Upgraded.
x/lndir-1.0.5-x86_64-1.txz: Upgraded.
x/xf86-video-savage-2.4.1-x86_64-1.txz: Upgraded.
x/xman-1.2.0-x86_64-1.txz: Upgraded.
x/xorg-docs-1.7.3-noarch-1.txz: Upgraded.
e/emacs-29.3-x86_64-1.txz: Upgraded.
Emacs 29.3 is an emergency bugfix release intended to fix several security
vulnerabilities described below:
Arbitrary Lisp code is no longer evaluated as part of turning on Org mode.
This is for security reasons, to avoid evaluating malicious Lisp code.
New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp
programs should treat buffer contents with extra caution.
Gnus now treats inline MIME contents as untrusted. To get back previous
insecure behavior, 'untrusted-content' should be reset to nil in the buffer.
LaTeX preview is now by default disabled for email attachments. To get back
previous insecure behavior, set the variable 'org--latex-preview-when-risky'
to a non-nil value.
Org mode now considers contents of remote files to be untrusted.
Remote files are recognized by calling 'file-remote-p'.
(* Security fix *)
l/enchant-2.6.8-x86_64-1.txz: Upgraded.
l/gnu-efi-3.0.18-x86_64-1.txz: Upgraded.
l/libproxy-0.5.4-x86_64-2.txz: Rebuilt.
Rebuilt with -Dpacrunner-duktape=true. Thanks to gmgf.
l/libxkbcommon-1.7.0-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.4-x86_64-1.txz: Upgraded.
x/libpciaccess-0.18.1-x86_64-1.txz: Upgraded.
x/xdm-1.1.15-x86_64-1.txz: Upgraded.
x/xedit-1.2.4-x86_64-1.txz: Upgraded.
x/xload-1.2.0-x86_64-1.txz: Upgraded.
extra/emacs-regular-build/emacs-29.3-x86_64-1_regular.txz: Upgraded.
(* Security fix *)
ap/vim-9.1.0199-x86_64-1.txz: Upgraded.
Dropped python2 support. Thanks to Audrius Kažukauskas.
l/duktape-2.7.0-x86_64-1.txz: Added.
Needed by polkit.
l/gjs-1.80.1-x86_64-1.txz: Upgraded.
l/libdeflate-1.20-x86_64-1.txz: Upgraded.
l/mozjs102-102.15.1esr-x86_64-2.txz: Removed.
l/mozjs115-115.9.1esr-x86_64-1.txz: Upgraded.
l/polkit-123-x86_64-2.txz: Rebuilt.
Use duktape instead of mozjs102 as the JavaScript engine.
x/iceauth-1.0.10-x86_64-2.txz: Rebuilt.
It's never too early to build with --enable-year2038. Thanks to bigbadaboum.
xap/geeqie-2.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.9.1esr-x86_64-1.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-16/https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
xap/vim-gvim-9.1.0199-x86_64-1.txz: Upgraded.
Dropped python2 support. Thanks to Audrius Kažukauskas.
d/mercurial-6.7.1-x86_64-1.txz: Upgraded.
d/rust-1.77.0-x86_64-1.txz: Upgraded.
l/cairomm1-1.18.0-x86_64-1.txz: Added.
Thanks to jloco.
l/glibmm2-2.78.1-x86_64-1.txz: Added.
Thanks to jloco.
l/gtkmm4-4.12.0-x86_64-1.txz: Added.
Thanks to jloco.
l/libclc-18.1.2-x86_64-1.txz: Upgraded.
l/pangomm-2.46.4-x86_64-1.txz: Upgraded.
l/pangomm2-2.50.2-x86_64-1.txz: Added.
Thanks to jloco.
n/openvpn-2.6.10-x86_64-1.txz: Upgraded.
x/libkkc-0.3.5-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/libkkc-data-0.2.7-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/marisa-0.2.6-x86_64-8.txz: Rebuilt.
Drop python2 support and rebuild marisa module for python3.
x/wayland-protocols-1.34-noarch-1.txz: Upgraded.
a/libblockdev-2.28-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/sysvinit-scripts-15.1-noarch-15.txz: Rebuilt.
rc.M: start rc.iceccd and rc.icecc-scheduler earlier.
a/util-linux-2.39.3-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/volume_key-0.3.12-x86_64-6.txz: Rebuilt.
Drop python2 support.
ap/man-pages-6.7-noarch-1.txz: Upgraded.
d/cmake-3.28.4-x86_64-1.txz: Upgraded.
d/llvm-18.1.2-x86_64-1.txz: Upgraded.
d/python2-2.7.18-x86_64-7.txz: Rebuilt.
Bundle the final python2 versions of pip and setuptools.
Drop the /usr/bin/python symlink.
d/python3-3.9.19-x86_64-1.txz: Upgraded.
Point the /usr/bin/python symlink at python3.9.
PEP 394 says we can do this, and in a world of ambigious shebangs, this
is probably the best of the available options.
This update also fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:
https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-52425https://www.cve.org/CVERecord?id=CVE-2024-0450https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
d/strace-6.8-x86_64-1.txz: Upgraded.
kde/kross-interpreters-23.08.5-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/libxml2-2.12.6-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/mozjs115-115.9.0esr-x86_64-2.txz: Rebuilt.
Fixed installed library name. Thanks to reddog83.
Fixed slack-desc. Thanks to r1w1s1.
l/phonon-4.12.0-x86_64-1.txz: Upgraded.
l/pilot-link-0.12.5-x86_64-17.txz: Rebuilt.
Drop python2 support.
l/python2-module-collection-2.7.18-x86_64-6.txz: Removed.
Good bye!
l/python2-pycairo-1.18.2-x86_64-1.txz: Added.
We'll need this (along with pygtk and pygobject) until we get gimp3.
Well, we could build gimp without python support, but I really don't think
that's the route we want to take.
n/bind-9.18.25-x86_64-1.txz: Upgraded.
n/crda-4.15-x86_64-1.txz: Removed.
The kernel is able to load from wireless-regdb directly. Obsolete.
n/getmail-6.18.14-x86_64-1.txz: Upgraded.
n/gpgme-1.23.2-x86_64-2.txz: Rebuilt.
Drop python2 support.
n/obexftp-0.24.2-x86_64-11.txz: Rebuilt.
Drop python2 support.
n/wireless-regdb-2024.01.23-x86_64-1.txz: Added.
Wireless regulatory database, previously bundled with crda.
x/ibus-1.5.29-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/libkkc-0.3.5-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/libkkc-data-0.2.7-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/xcb-proto-1.16.0-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/xpyb-1.3.1-x86_64-7.txz: Removed.
Nothing uses it, and it was never updated for python3. Removed as obsolete.
d/perl-5.38.2-x86_64-2.txz: Rebuilt.
Added IO-Tty-1.20, needed by mosh.
Upgraded: DBD-mysql-4.051, URI-5.27, XML-Parser-2.47, IO-Socket-SSL-2.085,
and Net-SSLeay-1.94.
kde/cantor-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/plasma-workspace-5.27.11-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/step-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
l/abseil-cpp-20240116.1-x86_64-1.txz: Added.
Needed for protobuf and mosh.
l/libgnt-2.14.3-x86_64-2.txz: Rebuilt.
Build with -Dpython2=false. Thanks to USUARIONUEVO.
l/libqalculate-5.0.0-x86_64-2.txz: Rebuilt.
Shared library .so-version bump.
Thanks to gmgf.
l/protobuf-26.0-x86_64-1.txz: Added.
Needed for mosh.
n/mosh-1.4.0-x86_64-1.txz: Added.
Thanks to unInstance for cueing me in on this one.
n/pinentry-1.3.0-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.3.275.0-x86_64-2.txz: Rebuilt.
Build glslang with -DENABLE_OPT=Off. Thanks to F0nix.
La fheile Padraig sona dhaoibh!
Pionta Guinness, le do thoil. :-)
kde/digikam-8.3.0-x86_64-2.txz: Rebuilt.
Fixed internal version number.
l/harfbuzz-8.3.1-x86_64-1.txz: Upgraded.
l/libappindicator-12.10.0-x86_64-4.txz: Rebuilt.
Drop the python bindings.
l/mozilla-nss-3.99-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.2-x86_64-1.txz: Upgraded.
l/python-markdown-3.6-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.1-x86_64-1.txz: Upgraded.
l/qt5-5.15.13_20240314_6694e805-x86_64-1.txz: Upgraded.
d/mercurial-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.3.0-x86_64-1.txz: Upgraded.
l/libxml2-2.12.6-x86_64-1.txz: Upgraded.
n/php-8.3.4-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.4
n/proftpd-1.3.8b-x86_64-3.txz: Rebuilt.
Added mod_ldap. Thanks to Thom1b.
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
1d50b80cf3https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
a/dialog-1.3_20240307-x86_64-1.txz: Upgraded.
l/libpaper-2.2.3-x86_64-1.txz: Upgraded.
l/libqalculate-5.0.0-x86_64-1.txz: Upgraded.
l/pyparsing-3.1.2-x86_64-1.txz: Upgraded.
l/python-packaging-24.0-x86_64-1.txz: Upgraded.
n/openssh-9.7p1-x86_64-1.txz: Upgraded.
Future deprecation notice
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025 and compile-time disable it later this year.
n/wget-1.24.5-x86_64-1.txz: Upgraded.
x/iceauth-1.0.10-x86_64-1.txz: Upgraded.
x/libXaw-1.0.16-x86_64-1.txz: Upgraded.
xap/xaos-4.3.2-x86_64-1.txz: Upgraded.
ap/ghostscript-10.03.0-x86_64-1.txz: Upgraded.
This update addresses a security issue:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
(* Security fix *)
ap/lxc-4.0.12-x86_64-3.txz: Rebuilt.
lxc-slackware.in: include gnupg2 (not gnupg) for slackpkg.
ap/slackpkg-15.0.10-noarch-3.txz: Rebuilt.
core-functions.sh: use gpg2, not gpg.
d/Cython-3.0.9-x86_64-1.txz: Upgraded.
d/git-2.44.0-x86_64-2.txz: Rebuilt.
Include git-subtree. Thanks to gwhl.
d/llvm-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
kde/kdevelop-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/openexr-3.2.3-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-7.0.2-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.3.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240228_6609503f-x86_64-1.txz: Upgraded.
Compiled against llvm-18.1.0.
l/qt6-6.6.2_20240210_15b7e743-x86_64-3.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/spirv-llvm-translator-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/gnupg2-2.4.5-x86_64-1.txz: Upgraded.
n/libassuan-2.5.7-x86_64-1.txz: Upgraded.
n/postfix-3.9.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.2-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0 and spirv-llvm-translator-18.1.0.
isolinux/initrd.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
l/gst-plugins-bad-free-1.24.0-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.24.0-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.0-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.24.0-x86_64-1.txz: Upgraded.
l/gstreamer-1.24.0-x86_64-1.txz: Upgraded.
l/libnice-0.1.22-x86_64-1.txz: Upgraded.
l/opus-1.5.1-x86_64-1.txz: Upgraded.
l/pycairo-1.26.0-x86_64-2.txz: Rebuilt.
Build with meson so that the pkgconfig file is included. Thanks to jloco.
l/sof-firmware-2023.12.1-noarch-1.txz: Upgraded.
n/postfix-3.8.6-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.postfix.org/announcements/postfix-3.8.6.html
xap/mozilla-thunderbird-115.8.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
xap/x3270-4.3ga6-x86_64-1.txz: Upgraded.
xfce/xfce4-screensaver-4.18.3-x86_64-1.txz: Upgraded.
d/parallel-20240222-noarch-1.txz: Upgraded.
kde/krita-5.2.2-x86_64-4.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/accountsservice-23.13.9-x86_64-1.txz: Upgraded.
Thanks to reddog83.
l/libass-0.17.1-x86_64-2.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/libunibreak-6.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/orc-0.4.38-x86_64-1.txz: Upgraded.
l/python-requests-2.31.0-x86_64-1.txz: Upgraded.
l/python-urllib3-2.2.1-x86_64-1.txz: Upgraded.
l/qt6-6.6.2_20240210_15b7e743-x86_64-1.txz: Added.
n/wpa_supplicant-2.10-x86_64-3.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
xap/gparted-1.6.0-x86_64-1.txz: Upgraded.
a/mdadm-4.3-x86_64-1.txz: Upgraded.
a/pciutils-3.11.1-x86_64-1.txz: Upgraded.
d/swig-4.2.1-x86_64-1.txz: Upgraded.
l/LibRaw-0.21.2-x86_64-2.txz: Rebuilt.
Include the example programs (which are actually useful). Thanks to giomat.
l/imagemagick-7.1.1_29-x86_64-1.txz: Upgraded.
l/openjpeg-2.5.1-x86_64-1.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
l/pango-1.52.0-x86_64-1.txz: Upgraded.
x/sddm-0.21.0-x86_64-1.txz: Upgraded.
xap/x3270-4.3ga5-x86_64-1.txz: Upgraded.
a/etc-15.1-x86_64-7.txz: Rebuilt.
Don't leave {group,gshadow,passwd,shadow}.new laying around.
We'd left these as a reference in case new default entries were added so that
the admin could take a look at them and merge the new entries into the
existing files. But we've been merging them over automatically for quite some
time. The files contain no unique information and are sort of a footbullet.
ap/qpdf-11.9.0-x86_64-1.txz: Upgraded.
ap/vim-9.1.0136-x86_64-1.txz: Upgraded.
n/whois-5.5.21-x86_64-1.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/vim-gvim-9.1.0136-x86_64-1.txz: Upgraded.
xfce/xfce4-terminal-1.1.2-x86_64-2.txz: Rebuilt.
[PATCH] screen: Fix wrong assert.
Thanks to J_W.
[PATCH] prefs-dialog: Fix wrong assert.
Thanks to mario.
a/pkgtools-15.1-noarch-10.txz: Rebuilt.
setup.services: typo/syntax error fix. Thanks to gramaxo and pghvlaans.
a/xz-5.6.0-x86_64-1.txz: Upgraded.
ap/man-pages-6.06-noarch-2.txz: Rebuilt.
Restored the previously included posix pages, and added the posix "sh" page
since it's more correct than getting the ksh page for "sh".
Thanks to pghvlaans.
d/git-2.44.0-x86_64-1.txz: Upgraded.
kde/kdnssd-5.115.0-x86_64-2.txz: Rebuilt.
Recompiled to add Zeroconf support. (This one fooled me because it doesn't
actually link to any avahi libraries.)
Thanks to audriusk.
kde/kid3-3.9.5-x86_64-1.txz: Upgraded.
l/libpng-1.6.43-x86_64-1.txz: Upgraded.
l/libunistring-1.2-x86_64-1.txz: Upgraded.
n/libksba-1.6.6-x86_64-1.txz: Upgraded.
n/npth-1.7-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-7.txz: Rebuilt.
Use the bundled zlib to make the bundled lua happy. Thanks to sombragris.
a/dcron-4.5-x86_64-17.txz: Rebuilt.
run-parts.8: document skiping *.orig files. Thanks to metaed.
a/etc-15.1-x86_64-6.txz: Rebuilt.
Add support for nss-mdns to /etc/nsswitch.conf.
a/kernel-firmware-20240220_97b693d-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.18-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-5.txz: Rebuilt.
Don't specify --with-browseremoteprotocols=cups in order to get the default
values of cups and dnssd, which should enable discovering shared printers on
the network. We'll refrain from sharing your printer -- you'll need to change
that setting yourself. ;-)
Thanks to TurboBlaze.
ap/hplip-3.23.12-x86_64-2.txz: Rebuilt.
The new --disable-imageProcessor-build option doesn't do squat, so we'll hit
it with the good old patch again.
Thanks to Petri Kaukasoina and Stuart Winter.
d/kernel-headers-6.6.18-x86-1.txz: Upgraded.
k/kernel-source-6.6.18-noarch-1.txz: Upgraded.
l/gvfs-1.52.2-x86_64-2.txz: Rebuilt.
Added -Ddnssd=true option and recompiled against avahi.
l/libsecret-0.21.4-x86_64-1.txz: Upgraded.
n/c-ares-1.27.0-x86_64-1.txz: Upgraded.
n/libgpg-error-1.48-x86_64-1.txz: Upgraded.
n/nss-mdns-0.15.1-x86_64-1.txz: Added.
Needed for .local lookups. Thanks to Lockywolf.
xap/pidgin-2.14.13-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-26.txz: Rebuilt.
Upgraded: libacl.so.1.1.2302, libattr.so.1.1.2502, liblzma.so.5.4.6,
libpcre2-8.so.0.12.0, libz.so.1.3.1, libcares.so.2.11.0,
libexpat.so.1.9.0, libffi.so.8.1.4, libglib-2.0.so.0.7800.4,
libgmodule-2.0.so.0.7800.4, libgobject-2.0.so.0.7800.4,
libgthread-2.0.so.0.7800.4, libidn.so.12.6.5, libidn2.so.0.4.0,
libpng16.so.16.41.0, libpsl.so.5.3.5, libtdb.so.1.4.10, libusb-1.0.so.0.4.0.
a/etc-15.1-x86_64-5.txz: Rebuilt.
Added UID 214 and GID 214 for avahi.
a/gettext-0.22.5-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-9.txz: Rebuilt.
setup.services: support rc.avahidaemon and rc.avahidnsconfd.
a/sysvinit-scripts-15.1-noarch-13.txz: Rebuilt.
rc.M: start (if executable) rc.avahidaemon and rc.avahidnsconfd.
ap/cups-2.4.7-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
ap/cups-filters-1.28.17-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
ap/hplip-3.23.12-x86_64-1.txz: Upgraded.
Compiled against avahi.
ap/xmltoman-0.6-x86_64-1.txz: Added.
This is needed to generate manpages for avahi.
d/distcc-3.4-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
d/gettext-tools-0.22.5-x86_64-1.txz: Upgraded.
l/avahi-20240220_dffd549-x86_64-1.txz: Added.
It was either this, or drop (or fork) hplip. We'll enjoy it in the long run.
Thanks to David Somero for the original build script, and to Robby Workman
for years of maintenance.
Signed-off-by: volkerdi
Acked-by: alienBOB
l/libdaemon-0.14-x86_64-1.txz: Added.
This is needed by avahi.
l/pipewire-1.0.3-x86_64-5.txz: Rebuilt.
Recompiled against avahi.
l/pulseaudio-17.0-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
n/NetworkManager-1.46.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.18-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
n/samba-4.19.5-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
xap/pidgin-2.14.12-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
xap/sane-1.2.1-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
extra/bash-completion/bash-completion-2.12.0-noarch-1.txz: Upgraded.
a/ndctl-78-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.5-x86_64-1.txz: Upgraded.
l/libffi-3.4.6-x86_64-1.txz: Upgraded.
x/mesa-24.0.1-x86_64-2.txz: Rebuilt.
Added av1dec,av1enc,and vp9dec to the list of codecs to support.
Thanks to fulalas and ZhaoLin1547.
a/btrfs-progs-6.7.1-x86_64-1.txz: Upgraded.
a/ed-1.20.1-x86_64-1.txz: Upgraded.
a/shadow-4.14.5-x86_64-1.txz: Upgraded.
d/git-2.43.2-x86_64-1.txz: Upgraded.
d/meson-1.3.2-x86_64-1.txz: Upgraded.
d/tree-sitter-0.20.9-x86_64-1.txz: Upgraded.
e/emacs-29.2-x86_64-2.txz: Rebuilt.
Compiled with support for pdumper and native compilation.
The emacs-no-x11 binary has been dropped from the package because when
pdumper is used the support files need to be matched to a specific binary.
If you need a non-X console version of Emacs (or just want to reduce the
footprint) a traditional build is available in /extra.
Thanks to drgibbon who requested this long ago. :-)
Thanks to Didier Spaier for the sample build script.
l/libnvme-1.8-x86_64-1.txz: Upgraded.
xap/xlockmore-5.75-x86_64-1.txz: Upgraded.
extra/emacs-regular-build/emacs-29.2-x86_64-2_regular.txz: Added.
A "regular" build of Emacs like was previously in the main tree, with a
version supporting X11/GTK+3, and a non-X console version.
a/procps-ng-4.0.4-x86_64-1.txz: Upgraded.
a/shadow-4.14.4-x86_64-1.txz: Upgraded.
ap/man-pages-6.06-noarch-1.txz: Upgraded.
ap/vim-9.1.0098-x86_64-1.txz: Upgraded.
d/libgccjit-13.2.0-x86_64-1.txz: Added.
If we can ship GCC's D and Modula-2 support, then we can ship this.
We'll probably find a use for it. ;-)
Thanks to Didier Spaier for hints on the build script.
d/mercurial-6.6.3-x86_64-1.txz: Upgraded.
d/rust-1.76.0-x86_64-1.txz: Upgraded.
l/gegl-0.4.48-x86_64-1.txz: Upgraded.
l/openexr-3.2.2-x86_64-1.txz: Upgraded.
l/pango-1.51.2-x86_64-1.txz: Upgraded.
l/python-calver-2022.6.26-x86_64-1.txz: Added.
Needed for python-trove-classifiers. Thanks to lucabon.
n/openvpn-2.6.9-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0098-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Added.
Let's move this here since it's lagging behind the latest Rust.
ap/mariadb-10.11.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://mariadb.com/kb/en/mariadb-10-11-7-release-notes/
l/gjs-1.76.3-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_28-x86_64-1.txz: Upgraded.
l/pipewire-1.0.3-x86_64-4.txz: Rebuilt.
Use cmp -s in doinst.sh. Thanks to Thom1b and Windu.
l/wireplumber-0.4.17-x86_64-2.txz: Rebuilt.
Use cmp -s in doinst.sh. Thanks to Thom1b and Windu.
n/dnsmasq-2.89-x86_64-2.txz: Rebuilt.
Added trust-anchors.conf and edited PREFIX in dnsmasq.conf to simplify
setting up DNSSEC. Thanks to marav.
xap/xsnow-3.7.8-x86_64-1.txz: Upgraded.
a/kernel-firmware-20240208_fbef4d3-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.16-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.16-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.16-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.16-x86-1.txz: Upgraded.
k/kernel-source-6.6.16-noarch-1.txz: Upgraded.
-VIDEO_ATOMISP m
-VIDEO_ATOMISP_GC0310 n
-VIDEO_ATOMISP_GC2235 n
-VIDEO_ATOMISP_ISP2401 n
-VIDEO_ATOMISP_LM3554 n
-VIDEO_ATOMISP_MSRLIST_HELPER n
-VIDEO_ATOMISP_MT9M114 n
-VIDEO_ATOMISP_OV2722 n
-VIDEO_ATOMISP_OV5693 n
INTEL_ATOMISP y -> n
+INTEL_ATOMISP2_PM m
l/enchant-2.6.7-x86_64-1.txz: Upgraded.
l/libsecret-0.21.3-x86_64-1.txz: Upgraded.
l/libuv-1.48.0-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
testing/packages/rust-1.76.0-x86_64-1.txz: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/hwdata-0.379-noarch-1.txz: Upgraded.
ap/inxi-3.3.33_1-noarch-1.txz: Upgraded.
ap/rpm-4.19.1.1-x86_64-1.txz: Upgraded.
kde/kstars-3.6.9-x86_64-1.txz: Upgraded.
l/enchant-2.6.5-x86_64-1.txz: Upgraded.
Reverted to non-broken version.
l/expat-2.6.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
Fix quadratic runtime issues with big tokens that can cause
denial of service.
Fix billion laughs attacks for users compiling *without* XML_DTD
defined (which is not common).
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52425https://www.cve.org/CVERecord?id=CVE-2023-52426
(* Security fix *)
l/orc-0.4.37-x86_64-1.txz: Upgraded.
l/pipewire-1.0.3-x86_64-2.txz: Rebuilt.
Use wireplumber-0.4.17, as the newer version's support for elogind seems to
be broken, and this prevents bluetooth from connecting properly.
Thanks to mistfire and rizitis.
x/libwacom-2.10.0-x86_64-1.txz: Upgraded.
xap/hexchat-2.16.2-x86_64-1.txz: Upgraded.
extra/xv/xv-5.0.0-x86_64-1.txz: Upgraded.
a/glibc-zoneinfo-2024a-noarch-1.txz: Upgraded.
This package provides the latest timezone updates.
n/ca-certificates-20240203-noarch-1.txz: Upgraded.
This update provides the latest CA certificates to check for the
authenticity of SSL connections.
x/ibus-libpinyin-1.15.7-x86_64-1.txz: Upgraded.
x/xdg-utils-1.2.0-noarch-1.txz: Upgraded.
A test mass rebuild here didn't find any new failure-to-build-from-source, so
we'll go ahead and upgrade to the new glibc. Enjoy! :-)
a/aaa_glibc-solibs-2.39-x86_64-1.txz: Upgraded.
kde/calligra-3.2.1-x86_64-36.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/cantor-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/kfilemetadata-5.114.0-x86_64-3.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/kile-2.9.93-x86_64-30.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/kitinerary-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/krita-5.2.2-x86_64-3.txz: Rebuilt.
Recompiled against poppler-24.02.0.
kde/okular-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against poppler-24.02.0.
l/SDL2-2.30.0-x86_64-1.txz: Upgraded.
l/glibc-2.39-x86_64-1.txz: Upgraded.
This fixes a few __vsyslog_internal related overflows that could result in
an application crash or local privilege escalation.
The issues affected glibc 2.36 and newer.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-6246https://www.cve.org/CVERecord?id=CVE-2023-6779https://www.cve.org/CVERecord?id=CVE-2023-6780
(* Security fix *)
l/glibc-i18n-2.39-x86_64-1.txz: Upgraded.
l/glibc-profile-2.39-x86_64-1.txz: Upgraded.
l/pipewire-1.0.3-x86_64-1.txz: Upgraded.
l/poppler-24.02.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/ipset-7.20-x86_64-1.txz: Upgraded.
ap/nvme-cli-2.7.1-x86_64-1.txz: Upgraded.
l/libnvme-1.7.1-x86_64-1.txz: Added.
This is required by nvme-cli.
l/pipewire-1.0.2-x86_64-1.txz: Upgraded.
n/curl-8.6.0-x86_64-1.txz: Upgraded.
n/libmilter-8.18.1-x86_64-1.txz: Upgraded.
extra/sendmail/sendmail-8.18.1-x86_64-1.txz: Upgraded.
sendmail through 8.17.2 allows SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation technique to inject e-mail
messages with a spoofed MAIL FROM address, allowing bypass of an SPF
protection mechanism. This occurs because sendmail supports <LF>.<CR><LF>
but some other popular e-mail servers do not. This is resolved in 8.18 and
later versions with 'o' in srv_features.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-51765
(* Security fix *)
extra/sendmail/sendmail-cf-8.18.1-noarch-1.txz: Upgraded.
a/lzip-1.24-x86_64-1.txz: Upgraded.
a/openssl-solibs-3.2.1-x86_64-1.txz: Upgraded.
ap/alsa-utils-1.2.11-x86_64-1.txz: Upgraded.
ap/sqlite-3.45.1-x86_64-1.txz: Upgraded.
d/binutils-2.42-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/cmake-3.28.2-x86_64-1.txz: Upgraded.
d/oprofile-1.4.0-x86_64-13.txz: Rebuilt.
Recompiled against binutils-2.42.
d/strace-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.2.0-x86_64-5.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/alsa-lib-1.2.11-x86_64-1.txz: Upgraded.
l/libpng-1.6.42-x86_64-1.txz: Upgraded.
Fixed the implementation of the macro function png_check_sig().
This was an API regression, introduced in libpng-1.6.41.
Reported by Matthieu Darbois.
l/lmdb-0.9.32-x86_64-1.txz: Upgraded.
l/neon-0.33.0-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-3.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-4.txz: Rebuilt.
Recompiled against libpng-1.6.42.
l/talloc-2.4.2-x86_64-1.txz: Upgraded.
l/tdb-1.4.10-x86_64-1.txz: Upgraded.
l/tevent-0.16.1-x86_64-1.txz: Upgraded.
n/openldap-2.6.7-x86_64-1.txz: Upgraded.
n/openssl-3.2.1-x86_64-1.txz: Upgraded.
This update fixes possible denial-of-service security issues:
A file in PKCS12 format can contain certificates and keys and may come from
an untrusted source. The PKCS12 specification allows certain fields to be
NULL, but OpenSSL did not correctly check for this case. A fix has been
applied to prevent a NULL pointer dereference that results in OpenSSL
crashing. If an application processes PKCS12 files from an untrusted source
using the OpenSSL APIs then that application will be vulnerable to this
issue prior to this fix.
OpenSSL APIs that were vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().
When function EVP_PKEY_public_check() is called on RSA public keys,
a computation is done to confirm that the RSA modulus, n, is composite.
For valid RSA keys, n is a product of two or more large primes and this
computation completes quickly. However, if n is an overly large prime,
then this computation would take a long time.
An application that calls EVP_PKEY_public_check() and supplies an RSA key
obtained from an untrusted source could be vulnerable to a Denial of Service
attack.
The function EVP_PKEY_public_check() is not called from other OpenSSL
functions however it is called from the OpenSSL pkey command line
application. For that reason that application is also vulnerable if used
with the "-pubin" and "-check" options on untrusted data.
To resolve this issue RSA keys larger than OPENSSL_RSA_MAX_MODULUS_BITS will
now fail the check immediately with an RSA_R_MODULUS_TOO_LARGE error reason.
Fix excessive time spent in DH check / generation with large Q parameter
value.
Applications that use the functions DH_generate_key() to generate an
X9.42 DH key may experience long delays. Likewise, applications that use
DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
Where the key or parameters that are being checked have been obtained from
an untrusted source this may lead to a Denial of Service.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0727https://www.cve.org/CVERecord?id=CVE-2023-6237https://www.cve.org/CVERecord?id=CVE-2023-5678
(* Security fix *)
xap/MPlayer-20240130-x86_64-1.txz: Upgraded.
Fixed build script to exit on errors.
Patched to build against gettext-0.22.4.
Thanks to Matteo Bernardini.
xap/xine-lib-1.2.13-x86_64-7.txz: Rebuilt.
Recompiled against libpng-1.6.42.
ap/diffstat-1.66-x86_64-1.txz: Upgraded.
ap/moc-2.6_alpha3-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
ap/vim-9.1.0061-x86_64-1.txz: Upgraded.
d/nv-codec-headers-12.1.14.0-x86_64-1.txz: Added.
Needed to build support for nvidia hardware decoders/encoders on newer GPUs.
gst-plugins-bad can use it too.
Thanks to Heinz Wiesinger.
kde/digikam-8.2.0-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/ffmpegthumbs-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/k3b-23.08.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/kfilemetadata-5.114.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
kde/kpipewire-5.27.10-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/Imath-3.1.10-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.2.7.1-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/ffmpeg-6.1.1-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Added some new build options in the SlackBuild.
Use shaderc instead of glslang.
Build against libgcrypt to enable support for RTMP[E].
Enable support for lcms2.
Build against libass, libplacebo, and nv-codec-headers.
Thanks to Heinz Wiesinger.
l/gegl-0.4.46-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/gst-plugins-bad-free-1.22.9-x86_64-2.txz: Rebuilt.
Recompiled against libass-0.17.1.
l/gst-plugins-libav-1.22.9-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/libass-0.17.1-x86_64-1.txz: Added.
Adds ASS/SSA subtitle renderer (commonly used in the anime community).
adapted SlackBuild from SBo, original by Larry Hajali/Matteo Bernardini.
MPlayer and gst-plugins-bad can use it too.
Thanks to Heinz Wiesinger.
l/libplacebo-6.338.2-x86_64-1.txz: Added.
Adds various hardware accelerated filters such as HDR -> SDR tone mapping.
adapted SlackBuild from SBo, original by Hunter Sezen/Christoph Willing.
Thanks to Heinz Wiesinger.
l/mlt-7.22.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/netpbm-11.05.02-x86_64-1.txz: Upgraded.
l/opencv-4.9.0-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/pipewire-1.0.1-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-3.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
x/pixman-0.43.2-x86_64-1.txz: Upgraded.
xap/MPlayer-20240127-x86_64-1.txz: Upgraded.
Compiled against ffmpeg-6.1.1 and libass-0.17.1.
xap/audacious-plugins-4.3.1-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/ffmpegthumbnailer-2.2.2-x86_64-5.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/freerdp-2.11.5-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/ssr-0.4.4-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/vim-gvim-9.1.0061-x86_64-1.txz: Upgraded.
xap/xine-lib-1.2.13-x86_64-6.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
xap/xscreensaver-6.08-x86_64-2.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
extra/tigervnc/tigervnc-1.13.1-x86_64-4.txz: Rebuilt.
Recompiled against ffmpeg-6.1.1.
l/SDL2_mixer-2.8.0-x86_64-1.txz: Upgraded.
l/glib2-2.78.4-x86_64-1.txz: Upgraded.
l/mozilla-nss-3.97-x86_64-1.txz: Upgraded.
n/postfix-3.8.5-x86_64-1.txz: Upgraded.
Security (inbound SMTP smuggling): with "smtpd_forbid_bare_newline
= normalize" (default "no" for Postfix < 3.9), the Postfix
SMTP server requires the standard End-of-DATA sequence
<CR><LF>.<CR><LF>, and otherwise allows command or message
content lines ending in the non-standard <LF>, processing
them as if the client sent the standard <CR><LF>.
The alternative setting, "smtpd_forbid_bare_newline = reject"
will reject any command or message that contains a bare
<LF>, and is more likely to cause problems with legitimate
clients.
For backwards compatibility, local clients are excluded by
default with "smtpd_forbid_bare_newline_exclusions =
$mynetworks".
For more information, see:
https://www.postfix.org/smtp-smuggling.html
(* Security fix *)
a/mcelog-197-x86_64-1.txz: Upgraded.
ap/qpdf-11.8.0-x86_64-1.txz: Upgraded.
kde/qca-2.3.8-x86_64-1.txz: Upgraded.
l/enchant-2.6.5-x86_64-1.txz: Upgraded.
n/iproute2-6.7.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-115.6.1-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.thunderbird.net/en-US/thunderbird/115.6.1/releasenotes/
a/procps-ng-3.3.17-x86_64-3.txz: Rebuilt.
Add /etc/default/sysctl to support custom options for sysctl in rc.S.
Thanks to lostintime.
a/sysvinit-scripts-15.1-noarch-12.txz: Rebuilt.
rc.S: support /etc/default/sysctl for custom options.
Thanks to lostintime.
l/imagemagick-7.1.1_26-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240103_b8fd1448-x86_64-1.txz: Upgraded.
n/samba-4.19.4-x86_64-1.txz: Upgraded.
x/imake-1.0.10-x86_64-1.txz: Upgraded.
a/sysvinit-scripts-15.1-noarch-11.txz: Rebuilt.
rc.S: Don't attempt to edit /etc/motd unless it exists, it is writable, and
the first line starts with "Linux <wrong kernel version>."
Thanks to lostintime.
kde/okteta-0.26.15-x86_64-1.txz: Upgraded.
l/at-spi2-core-2.50.1-x86_64-1.txz: Upgraded.
