a/aaa_elflibs-15.0-x86_64-17.txz: Rebuilt.
Upgraded: libcap.so.2.28, libelf-0.178.so, libglib-2.0.so.0.6200.4,
libgmodule-2.0.so.0.6200.4, libgobject-2.0.so.0.6200.4,
libgthread-2.0.so.0.6200.4, libidn2.so.0.3.7, libpcre2-8.so.0.9.0,
libtdb.so.1.4.3.
Added: libffi.so.6.0.4, libffi.so.7.1.0.
a/file-5.38-x86_64-2.txz: Rebuilt.
Patched to fix ELF shared libraries misidentified as "statically linked."
a/kernel-firmware-20191220_6871bff-noarch-1.txz: Upgraded.
a/openssl10-solibs-1.0.2u-x86_64-1.txz: Upgraded.
(* Security fix *)
d/guile-2.2.6-x86_64-2.txz: Rebuilt.
Recompiled against libffi-3.3.
d/llvm-9.0.1-x86_64-1.txz: Upgraded.
Compiled against libffi-3.3.
d/python-2.7.17-x86_64-2.txz: Rebuilt.
Recompiled against libffi-3.3.
d/python3-3.7.6-x86_64-1.txz: Upgraded.
Compiled against libffi-3.3.
d/ruby-2.6.5-x86_64-2.txz: Rebuilt.
Recompiled against libffi-3.3.
l/glib2-2.62.4-x86_64-2.txz: Rebuilt.
Recompiled against libffi-3.3.
l/libffi-3.3-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libvpx-1.8.2-x86_64-1.txz: Upgraded.
l/pygobject-2.28.7-x86_64-4.txz: Rebuilt.
Recompiled against libffi-3.3.
l/pygobject3-3.34.0-x86_64-2.txz: Rebuilt.
Recompiled against libffi-3.3.
l/sip-4.19.20-x86_64-1.txz: Upgraded.
n/cifs-utils-6.10-x86_64-1.txz: Upgraded.
n/dhcpcd-8.1.3-x86_64-1.txz: Upgraded.
n/openssl10-1.0.2u-x86_64-1.txz: Upgraded.
This update fixes a low severity security issue:
Fixed an an overflow bug in the x86_64 Montgomery squaring procedure used in
exponentiation with 512-bit moduli.
For more information, see:
https://www.openssl.org/news/secadv/20191206.txthttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1551
(* Security fix *)
n/p11-kit-0.23.18.1-x86_64-2.txz: Rebuilt.
Recompiled against libffi-3.3.
extra/tigervnc/tigervnc-1.10.1-x86_64-1.txz: Upgraded.
From tigervnc.org: "This is a security release to fix a number of issues
that were found by Kaspersky Lab. These issues affect both the client and
server and could theoretically allow a malicious peer to take control
over the software on the other side. No working exploit is known at this
time, and the issues require the peer to first be authenticated. We still
urge users to upgrade when possible."
(* Security fix *)
a/usb_modeswitch-2.5.2-x86_64-2.txz: Rebuilt.
Seems there's a regression in usb_modeswitch-2.6.0, so let's revert to
usb_modeswitch-2.5.2 but keep the latest usb-modeswitch-data-20191128.
Thanks to Lockywolf.
l/fuse3-3.9.0-x86_64-2.txz: Rebuilt.
Install fuse.conf as fuse.conf.new. This won't prevent an existing config
file from being overwritten with this upgrade, but it will prevent that
from happening again moving forward. Thanks to chrisVV.
a/kernel-firmware-20191215_eefb5f7-noarch-1.txz: Upgraded.
a/mcelog-167-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-14.txz: Rebuilt.
Patched init to fix the case where -T and -C options are used with UUID=.
Thanks to davjohn and GazL.
ap/cups-filters-1.26.0-x86_64-1.txz: Upgraded.
d/re2c-1.3-x86_64-1.txz: Upgraded.
l/fuse3-3.9.0-x86_64-1.txz: Upgraded.
n/mutt-1.13.1-x86_64-1.txz: Upgraded.
ap/hplip-3.19.12-x86_64-1.txz: Upgraded.
ap/pamixer-1.4-x86_64-4.txz: Rebuilt.
Recompiled against boost-1.72.0.
ap/vim-8.2.0000-x86_64-1.txz: Upgraded.
d/bison-3.5-x86_64-1.txz: Upgraded.
kde/calligra-2.9.11-x86_64-33.txz: Rebuilt.
Recompiled against boost-1.72.0.
l/akonadi-1.13.0-x86_64-14.txz: Rebuilt.
Recompiled against boost-1.72.0.
l/boost-1.72.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/libssh-0.9.3-x86_64-1.txz: Upgraded.
This fixes a security issue (low impact according to upstream):
Unsanitized location in scp could lead to unwanted command execution.
In addition, the 0.9.3 release benefited from a security audit sponsored
by the Mozilla Open Source Support program. The audit results were used
to improve the overall security and code quality of libssh.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14889
(* Security fix *)
n/libqmi-1.24.2-x86_64-1.txz: Upgraded.
x/compiz-0.8.16.1-x86_64-1.txz: Upgraded.
x/mesa-19.3.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.2.0000-x86_64-1.txz: Upgraded.
ap/mariadb-10.4.11-x86_64-1.txz: Upgraded.
d/cmake-3.16.1-x86_64-1.txz: Upgraded.
d/git-2.24.1-x86_64-1.txz: Upgraded.
l/mozjs52-52.9.0esr-x86_64-2.txz: Removed.
This was used only by polkit-0.115.
l/mozjs60-60.9.0esr-x86_64-1.txz: Added.
This is needed for polkit-0.116.
l/polkit-0.116-x86_64-1.txz: Upgraded.
n/ModemManager-1.12.2-x86_64-1.txz: Upgraded.
xap/xine-ui-0.99.12-x86_64-1.txz: Upgraded.
l/dconf-0.34.0-x86_64-2.txz: Rebuilt.
Rebuilt using the sed replacements suggested by LFS. This fixes a
subsequent build of dconf-editor.
l/glib-networking-2.62.2-x86_64-1.txz: Upgraded.
n/samba-4.11.3-x86_64-1.txz: Upgraded.
This update fixes the following security issues:
Samba AD DC zone-named record Denial of Service in DNS management server.
DelegationNotAllowed was not enforced in protocol transition on Samba AD DC.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14861https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14870
(* Security fix *)
x/vulkan-sdk-1.1.126.0-x86_64-1.txz: Upgraded.
a/tcsh-6.22.02-x86_64-1.txz: Upgraded.
ap/vim-8.1.2391-x86_64-1.txz: Upgraded.
l/fuse3-3.8.0-x86_64-2.txz: Rebuilt.
rc.fuse3: Don't source /lib/lsb/init-functions unless it exists.
NOTE: FUSE seems to work fine without starting rc.fuse3, which it why it
isn't actually called from anywhere during system startup.
n/iw-5.4-x86_64-1.txz: Upgraded.
n/php-7.4.0-x86_64-2.txz: Rebuilt.
Rebuilt using --enable-gd=shared and --with-zip=shared.
Thanks to Matteo Bernardini.
xap/gv-3.7.4-x86_64-3.txz: Rebuilt.
Patched to fix save/print features when used with the latest ghostscript.
Added --enable-international build option.
Fixed broken whitespace in the bounding-box patch.
Thanks to Xsane.
xap/vim-gvim-8.1.2391-x86_64-1.txz: Upgraded.
n/bind-9.14.8-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Set a limit on the number of concurrently served pipelined TCP queries.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6477
(* Security fix *)
x/mesa-19.2.5-x86_64-1.txz: Upgraded.
ap/qpdf-9.1.0-x86_64-1.txz: Upgraded.
d/check-0.13.0-x86_64-1.txz: Added.
This is needed to build PulseAudio using Meson.
l/alsa-lib-1.2.1-x86_64-2.txz: Rebuilt.
Merge alsa-topology-conf-1.2.1 and alsa-ucm-conf-1.2.1 into the package.
l/pulseaudio-13.0-x86_64-2.txz: Rebuilt.
Rebuilt with meson. This causes esound support to be dropped, but it's
likely that nobody will care.
l/pyparsing-2.4.5-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/alsa-lib-1.2.1-x86_64-2_alsa.txz: Rebuilt.
Merge alsa-topology-conf-1.2.1 and alsa-ucm-conf-1.2.1 into the package.
ap/alsa-utils-1.2.1-x86_64-1.txz: Upgraded.
l/alsa-lib-1.2.1-x86_64-1.txz: Upgraded.
l/alsa-plugins-1.2.1-x86_64-1.txz: Upgraded.
l/imagemagick-7.0.9_4-x86_64-1.txz: Upgraded.
extra/pure-alsa-system/alsa-lib-1.2.1-x86_64-1_alsa.txz: Upgraded.
extra/pure-alsa-system/alsa-plugins-1.2.1-x86_64-1_alsa.txz: Upgraded.
testing/packages/kernel-generic-5.4.0_rc7-x86_64-2.txz: Rebuilt.
testing/packages/kernel-headers-5.4.0_rc7-x86-2.txz: Rebuilt.
testing/packages/kernel-huge-5.4.0_rc7-x86_64-2.txz: Rebuilt.
testing/packages/kernel-modules-5.4.0_rc7-x86_64-2.txz: Rebuilt.
testing/packages/kernel-source-5.4.0_rc7-noarch-2.txz: Rebuilt.
CRYPTO_CRC32C_INTEL m -> y
Make modules before cleaning up the source tree. This does some magic in
Module.symvers that fixes building the NVIDIA kernel modules.
l/system-config-printer-1.5.12-x86_64-1.txz: Upgraded.
n/sshfs-3.6.0-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-68.2.2-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/68.2.2/releasenotes/
a/aaa_terminfo-6.1_20191026-x86_64-1.txz: Upgraded.
a/cryptsetup-2.2.2-x86_64-1.txz: Upgraded.
a/lvm2-2.03.06-x86_64-1.txz: Upgraded.
d/Cython-0.29.14-x86_64-1.txz: Upgraded.
l/ncurses-6.1_20191026-x86_64-1.txz: Upgraded.
Restore the --without-normal option to skip static libraries as used in 14.2.
Thanks to Richard Narron.
x/xterm-349-x86_64-2.txz: Rebuilt.
In /etc/app-defaults/XTerm, use terminus-medium instead of terminus-bold.
Thanks to igadoter.
a/aaa_elflibs-15.0-x86_64-14.txz: Rebuilt.
Upgraded: libglib-2.0.so.0.6200.2, libgmodule-2.0.so.0.6200.2,
libgobject-2.0.so.0.6200.2, libgthread-2.0.so.0.6200.2.
Added: libgomp.so.1.0.0.
a/kernel-firmware-20191029_4065643-noarch-1.txz: Upgraded.
a/kernel-generic-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-huge-4.19.81-x86_64-1.txz: Upgraded.
a/kernel-modules-4.19.81-x86_64-1.txz: Upgraded.
ap/sudo-1.8.29-x86_64-1.txz: Upgraded.
d/kernel-headers-4.19.81-x86-1.txz: Upgraded.
d/python-setuptools-41.6.0-x86_64-1.txz: Upgraded.
k/kernel-source-4.19.81-noarch-1.txz: Upgraded.
l/harfbuzz-2.6.3-x86_64-1.txz: Upgraded.
n/samba-4.11.2-x86_64-1.txz: Upgraded.
This update fixes bugs and these security issues:
Client code can return filenames containing path separators.
Samba AD DC check password script does not receive the full password.
User with "get changes" permission can crash AD DC LDAP server via dirsync.
For more information, see:
https://www.samba.org/samba/security/CVE-2019-10218.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10218https://www.samba.org/samba/security/CVE-2019-14833.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14833https://www.samba.org/samba/security/CVE-2019-14847.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14847
(* Security fix *)
x/libglvnd-1.2.0-x86_64-4.txz: Rebuilt.
Applied upstream patches to fix EGL/eglplatform.h.
x/xorg-server-1.20.5-x86_64-3.txz: Rebuilt.
#define EGL_NO_X11 to fix glamor build against libglvnd-1.2.0.
x/xorg-server-xephyr-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xnest-1.20.5-x86_64-3.txz: Rebuilt.
x/xorg-server-xvfb-1.20.5-x86_64-3.txz: Rebuilt.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/getty-ps-2.1.0b-x86_64-4.txz: Removed.
a/lha-114i-x86_64-2.txz: Removed.
Removed due to vague licensing terms.
a/lhasa-0.3.1-x86_64-1.txz: Added.
This is an extraction-only LHA utility with an OSI approved license.
a/shadow-4.7-x86_64-2.txz: Rebuilt.
Added /etc/environment.new to fix "sudo -i" noise.
ap/lm_sensors-3.6.0-x86_64-1.txz: Upgraded.
ap/vim-8.1.2174-x86_64-1.txz: Upgraded.
l/netpbm-10.88.00-x86_64-1.txz: Upgraded.
n/ca-certificates-20191018-noarch-1.txz: Upgraded.
n/samba-4.11.1-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.2174-x86_64-1.txz: Upgraded.
xap/xfractint-20.04p13-x86_64-2.txz: Removed.
xap/xv-3.10a-x86_64-9.txz: Removed.
extra/getty-ps/getty-ps-2.1.0b-x86_64-4.txz: Rebuilt.
Moved here from the A series due to commercial use restrictions.
extra/xfractint/xfractint-20.04p14-x86_64-1.txz: Upgraded.
Moved here from the XAP series due to commercial use restrictions.
extra/xv/xv-3.10a-x86_64-9.txz: Rebuilt.
Moved here from the XAP series due to non-commercial use shareware license.
ap/sudo-1.8.28-x86_64-1.txz: Upgraded.
Fixed a bug where an sudo user may be able to run a command as root when
the Runas specification explicitly disallows root access as long as the
ALL keyword is listed first.
For more information, see:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
(* Security fix *)
a/pkgtools-15.0-noarch-24.txz: Rebuilt.
installpkg: support --no-overwrite option for upgradepkg's second install
pass. Don't use this option directly unless you have a good reason.
upgradepkg: call installpkg with --no-overwrite for the second install pass.
This cuts the drive writes for a package upgrade almost in half so we can
be kinder to SSDs.
ap/nano-4.5-x86_64-1.txz: Upgraded.
l/gmime-3.2.4-x86_64-1.txz: Upgraded.
l/gnu-efi-3.0.10-x86_64-1.txz: Upgraded.
l/gtk+3-3.24.12-x86_64-1.txz: Upgraded.
testing/packages/rust-1.38.0-x86_64-2.txz: Rebuilt.
The package size here has been put on a tremendous diet.
Thanks to Andrew Clemons and Willy Sudiarto Raharjo for help with this.
Compile test results:
firefox-68.1.0esr: fail
firefox-69.0.2: pass
seamonkey-2.49.5: pass
thunderbird-68.1.1: fail
a/haveged-1.9.8-x86_64-1.txz: Upgraded.
ap/screen-4.7.0-x86_64-1.txz: Upgraded.
ap/vim-8.1.2108-x86_64-1.txz: Upgraded.
d/rust-1.37.0-x86_64-1.txz: Upgraded.
Reverting to rust-1.37.0 after verified reports that the newer Rust is
unable to compile Firefox or Thunderbird. There are some patches for this
appearing in the repos, but they are extensive changes that don't look like
they could be cherry-picked. Hey, at least this Rust version works and is
not bloated. :) Moving forward we'll be testing new versions of Rust to
make sure that they can compile the sources that we need Rust for before
merging them into the tree. Firefox has been verified to build here with
rust-1.37.0 and gcc/g++ from gcc-9.2.0 or clang/clang++ from llvm-9.0.0.
l/libcap-ng-0.7.10-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.2108-x86_64-1.txz: Upgraded.
d/llvm-9.0.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
Thanks to orbea for getting this working and cleaning up the build script.
d/vala-0.46.2-x86_64-1.txz: Upgraded.
l/imagemagick-6.9.10_67-x86_64-1.txz: Upgraded.
Fixed --disable-opencl configure option. Thanks to Markus Wiesner for the
bug report and to upstream for the quick fix.
n/NetworkManager-1.20.4-x86_64-1.txz: Upgraded.
n/gnutls-3.6.10-x86_64-1.txz: Upgraded.
x/freeglut-3.2.1-x86_64-1.txz: Upgraded.
x/libglvnd-1.1.1-x86_64-2.txz: Upgraded.
Reverted to this version since I'm seeing some errors linking with Mesa
libraries with the newer one. Thanks to nobodino for the bug report.
x/mesa-19.2.0-x86_64-2.txz: Rebuilt.
Recompiled against llvm-9.0.0 and libglvnd-1.1.1.
x/xf86-video-vmware-13.3.0-x86_64-3.txz: Rebuilt.
Recompiled against llvm-9.0.0.
a/f2fs-tools-1.13.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
ap/rpm-4.15.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
d/rust-1.38.0-x86_64-1.txz: Upgraded.
It seems that rust-1.38.0 builds fewer shared objects causing the package
size to bloat to almost double. I held this back overnight to compile some
modified builds to see if the old build behavior could be restored but
didn't have any luck, so I'll put this out as-is for now. Any help debloating
this package would be appreciated. Note that it also had to be bootstrapped
from the official binaries using LOCAL_BOOTSTRAP=NO. That's not all that
unusual for Rust, but perhaps that's another problem...
l/fribidi-1.0.7-x86_64-1.txz: Upgraded.
l/fuse3-3.7.0-x86_64-1.txz: Upgraded.
n/fetchmail-6.4.1-x86_64-1.txz: Upgraded.
a/mkinitrd-1.4.11-x86_64-13.txz: Rebuilt.
Add libargon2 and libgcc_s for cryptsetup LUKS2 support.
Add jfs (thanks to gus3 on LQ) and xfs (thanks to klipkyle on LQ) repair
tools to initrd if those filesystems are used.
Support PARTUUID in mkinitrd_command_generator.sh (thanks to luvr on LQ).
Fixes and enhancements to docs suggested on LQ.
Thanks to Robby Workman.
a/sysvinit-2.96-x86_64-1.txz: Upgraded.
ap/vim-8.1.2022-x86_64-1.txz: Upgraded.
d/bison-3.4.2-x86_64-1.txz: Upgraded.
d/ccache-3.7.4-x86_64-1.txz: Upgraded.
d/icecream-1.3-x86_64-1.txz: Upgraded.
d/meson-0.51.2-x86_64-2.txz: Rebuilt.
Fix meson configure crash. Thanks to orbea.
l/dbus-python-1.2.12-x86_64-1.txz: Upgraded.
l/pulseaudio-13.0-x86_64-1.txz: Upgraded.
l/python-certifi-2019.9.11-x86_64-1.txz: Upgraded.
x/libwacom-1.0-x86_64-1.txz: Upgraded.
xap/vim-gvim-8.1.2022-x86_64-1.txz: Upgraded.
l/dbus-python-1.2.10-x86_64-1.txz: Upgraded.
l/glib2-2.60.7-x86_64-1.txz: Upgraded.
l/librsvg-2.44.15-x86_64-1.txz: Upgraded.
l/pyparsing-2.4.2-x86_64-1.txz: Upgraded.
n/samba-4.10.8-x86_64-1.txz: Upgraded.
This update addresses a security issue:
On a Samba SMB server for all versions of Samba from 4.9.0 clients are
able to escape outside the share root directory if certain
configuration parameters set in the smb.conf file.
For more information, see:
https://www.samba.org/samba/security/CVE-2019-10197.htmlhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10197
(* Security fix *)
a/logrotate-3.15.1-x86_64-1.txz: Upgraded.
l/libnl3-3.5.0-x86_64-1.txz: Upgraded.
l/v4l-utils-1.16.7-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-68.1.0esr-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/68.1.0/releasenotes/
