ap/sqlite-3.46.0-x86_64-1.txz: Upgraded.
l/gvfs-1.54.1-x86_64-1.txz: Upgraded.
l/python-requests-2.32.2-x86_64-1.txz: Upgraded.
n/c-ares-1.29.0-x86_64-1.txz: Upgraded.
n/dhcpcd-10.0.8-x86_64-1.txz: Upgraded.
n/wsdd2-1.8.7-x86_64-1.txz: Added.
Needed by Samba to enable share discovery.
Thanks to mistfire and Tim Dickson.
a/etc-15.1-x86_64-12.txz: Rebuilt.
Remove less related profile variables from /etc/profile.
a/exfatprogs-1.2.3-x86_64-1.txz: Upgraded.
a/less-655-x86_64-2.txz: Rebuilt.
Create /etc/profile.d/less.{csh,sh} for less related profile variables.
By default, don't display the informational messages on the top line
of the output (this can be configured in less.{csh,sh}.
Don't attempt special handling of .log files as it breaks viewing a file
such as foo.log.bz2.
d/parallel-20240522-noarch-1.txz: Upgraded.
l/python-trove-classifiers-2024.5.22-x86_64-1.txz: Upgraded.
x/mesa-24.1.0-x86_64-1.txz: Upgraded.
x/xterm-392-x86_64-1.txz: Upgraded.
xap/pavucontrol-6.0-x86_64-1.txz: Upgraded.
a/bcachefs-tools-1.7.0-x86_64-1.txz: Added.
a/kernel-generic-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-huge-6.9.0-x86_64-2.txz: Upgraded.
a/kernel-modules-6.9.0-x86_64-2.txz: Upgraded.
d/git-2.45.1-x86_64-1.txz: Upgraded.
This update fixes security issues:
Recursive clones on case-insensitive filesystems that support symbolic
links are susceptible to case confusion that can be exploited to
execute just-cloned code during the clone operation.
Repositories can be configured to execute arbitrary code during local
clones. To address this, the ownership checks introduced in v2.30.3
are now extended to cover cloning local repositories.
Local clones may end up hardlinking files into the target repository's
object database when source and target repository reside on the same
disk. If the source repository is owned by a different user, then
those hardlinked files may be rewritten at any point in time by the
untrusted user.
When cloning a local source repository that contains symlinks via the
filesystem, Git may create hardlinks to arbitrary user-readable files
on the same filesystem as the target repository in the objects/
directory.
It is supposed to be safe to clone untrusted repositories, even those
unpacked from zip archives or tarballs originating from untrusted
sources, but Git can be tricked to run arbitrary code as part of the
clone.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32002https://www.cve.org/CVERecord?id=CVE-2024-32004https://www.cve.org/CVERecord?id=CVE-2024-32020https://www.cve.org/CVERecord?id=CVE-2024-32021https://www.cve.org/CVERecord?id=CVE-2024-32465
(* Security fix *)
d/kernel-headers-6.9.0-x86-2.txz: Upgraded.
d/strace-6.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.9.0-noarch-2.txz: Upgraded.
BCACHEFS_FS m -> y
CRYPTO_CHACHA20 m -> y
CRYPTO_LIB_CHACHA_GENERIC m -> y
CRYPTO_LIB_POLY1305_GENERIC m -> y
CRYPTO_POLY1305 m -> y
MITIGATION_GDS_FORCE y -> n
kde/wcslib-8.3-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.12-x86_64-1.txz: Upgraded.
ani: Reject files with multiple INA or IART chunks.
ani: Reject files with multiple anih chunks.
ani: validate chunk size.
Thanks to 0xvhp, pedrib, and Benjamin Gilbert.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2022-48622
(* Security fix *)
l/gtk+3-3.24.42-x86_64-1.txz: Upgraded.
n/bind-9.18.27-x86_64-1.txz: Upgraded.
This is a bugfix release.
n/popa3d-1.0.3-x86_64-8.txz: Rebuilt.
This is a bugfix release:
Build with AUTH_PAM, not AUTH_SHADOW.
Thanks to jayjwa.
x/xorg-server-xwayland-23.2.7-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/less-654-x86_64-1.txz: Upgraded.
d/ninja-1.12.1-x86_64-1.txz: Upgraded.
n/whois-5.5.23-x86_64-1.txz: Upgraded.
Updated the .sc, .********* (.xn--yfro4i67o, Singapore)
and .********************************* (.xn--clchc0ea0b2g2a9gcd, Singapore)
TLD servers.
extra/bittornado/bittornado-0.3.18-noarch-3.txz: Removed.
Obsolete and based on python2.
l/libjpeg-turbo-3.0.3-x86_64-1.txz: Upgraded.
l/nodejs-20.13.1-x86_64-1.txz: Upgraded.
l/pipewire-1.0.6-x86_64-1.txz: Upgraded.
n/php-8.3.7-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.7
n/wireless-regdb-2024.05.08-x86_64-1.txz: Upgraded.
extra/bash-completion/bash-completion-2.14.0-noarch-1.txz: Upgraded.
d/mercurial-6.7.3-x86_64-1.txz: Upgraded.
l/imagemagick-7.1.1_32-x86_64-2.txz: Rebuilt.
Add INSTALL_BASE= to --with-perl-options= to fix perl modules installation
not honoring $LIBDIRSUFFIX since 7.1.1-30. Thanks to HQuest.
l/libqalculate-5.1.1-x86_64-1.txz: Upgraded.
l/nodejs-20.13.0-x86_64-1.txz: Upgraded.
l/python-typing_extensions-4.11.0-x86_64-1.txz: Removed.
No longer needed with the upgrade to python-setuptools_scm-8.1.0.
Thanks to audriusk for the reminder.
x/anthy-unicode-1.0.0.20240502-x86_64-1.txz: Upgraded.
a/aaa_libraries-15.1-x86_64-31.txz: Rebuilt.
Added: libncurses++w.so.6.5, libtic.so.6.5.
Upgraded: libformw.so.6.5, libmenuw.so.6.5, libncursesw.so.6.5,
libpanelw.so.6.5, libtinfo.so.6.5.
Removed (with compat symlinks made): libform.so.6.4, libmenu.so.6.4,
libncurses.so.6.4, libpanel.so.6.4.
a/aaa_terminfo-6.5-x86_64-1.txz: Upgraded.
l/ncurses-6.5-x86_64-1.txz: Upgraded.
This seemed like a good opportunity to go over my notes and try to make this
SlackBuild at least defensible, if not correct. :-) The non-wide libraries
have all been purged and replaced with compatibility symlinks pointing to the
wide versions. Anything trying to use -lncurses (etc) will be redirected to
-lncursesw (etc) at compile time. Looks like nearly 50 packages are linked to
the non-wide libraries, but everything works this way.
Thanks to GazL who provided most of the suggestions used.
l/python-pyproject-hooks-1.1.0-x86_64-1.txz: Upgraded.
n/lynx-2.9.1-x86_64-1.txz: Upgraded.
x/xconsole-1.1.0-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-125.0.3-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.mozilla.org/en-US/firefox/125.0.3/releasenotes/
a/iniparser-4.2-x86_64-1.txz: Upgraded.
ap/hplip-3.23.12-x86_64-5.txz: Rebuilt.
Replace a single unicode space character in models.dat with an ASCII space
to prevent python3 from tripping over it in some cases. This seems to follow
the extreme programming motto of "do the simplest thing that could possibly
work", so we'll see if it does.
Thanks to pdags.
ap/jove-4.17.5.3-x86_64-1.txz: Upgraded.
l/enchant-2.7.2-x86_64-1.txz: Upgraded.
l/jasper-4.2.4-x86_64-1.txz: Upgraded.
l/libgtop-2.41.3-x86_64-1.txz: Upgraded.
l/mlt-7.24.0-x86_64-1.txz: Upgraded.
a/kernel-firmware-20240426_fc21f47-noarch-1.txz: Upgraded.
ap/cups-2.4.7-x86_64-3.txz: Rebuilt.
Rebuild using --with-rundir=/run/cups.
ap/cups-browsed-2.0.0-x86_64-1.txz: Added.
This is the CUPS/IPP print queue browser daemon, previously part of the
cups-filters package.
ap/cups-filters-2.0.0-x86_64-1.txz: Upgraded.
l/libarchive-3.7.4-x86_64-1.txz: Upgraded.
l/libcupsfilters-2.0.0-x86_64-1.txz: Added.
This is required by cups-filters-2.0.0.
l/libppd-2.0.0-x86_64-1.txz: Added.
This is required by cups-filters-2.0.0.
l/libproxy-0.5.6-x86_64-1.txz: Upgraded.
x/wayland-protocols-1.36-noarch-1.txz: Upgraded.
xap/mozilla-firefox-125.0.2-x86_64-1.txz: Upgraded.
xap/mozilla-thunderbird-125.0-x86_64-1.txz: Upgraded.
extra/rust-for-mozilla/rust-1.70.0-x86_64-4.txz: Removed.
l/PyQt-builder-1.16.2-x86_64-1.txz: Upgraded.
l/fribidi-1.0.14-x86_64-1.txz: Upgraded.
l/libarchive-3.7.3-x86_64-2.txz: Rebuilt.
Patched an out-of-bound error in the rar e8 filter that could allow for
the execution of arbitrary code.
Thanks to gmgf for the heads-up.
For more information, see:
https://github.com/advisories/GHSA-2jc9-36w4-pmqwhttps://www.cve.org/CVERecord?id=CVE-2024-26256
(* Security fix *)
n/bluez-5.75-x86_64-3.txz: Rebuilt.
[PATCH] shared/uhid: Fix crash if bt_uhid_destroy free replay structure.
Thanks to sombragris.
n/libgpg-error-1.49-x86_64-1.txz: Upgraded.
a/ed-1.20.2-x86_64-1.txz: Upgraded.
d/parallel-20240422-noarch-1.txz: Upgraded.
kde/krusader-2.8.1-x86_64-1.txz: Upgraded.
kde/ktextaddons-1.5.4-x86_64-1.txz: Upgraded.
l/libgusb-0.4.9-x86_64-1.txz: Upgraded.
n/nmap-7.95-x86_64-1.txz: Upgraded.
x/fcitx5-5.1.9-x86_64-1.txz: Upgraded.
x/fcitx5-anthy-5.1.4-x86_64-1.txz: Upgraded.
x/fcitx5-chinese-addons-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-gtk-5.1.3-x86_64-1.txz: Upgraded.
x/fcitx5-hangul-5.1.3-x86_64-1.txz: Upgraded.
x/fcitx5-kkc-5.1.3-x86_64-1.txz: Upgraded.
x/fcitx5-m17n-5.1.1-x86_64-1.txz: Upgraded.
x/fcitx5-qt-5.1.6-x86_64-1.txz: Upgraded.
x/fcitx5-sayura-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-table-extra-5.1.5-x86_64-1.txz: Upgraded.
x/fcitx5-table-other-5.1.2-x86_64-1.txz: Upgraded.
x/fcitx5-unikey-5.1.4-x86_64-1.txz: Upgraded.
x/libime-1.1.7-x86_64-1.txz: Upgraded.
extra/emacs-regular-build/emacs-29.3-x86_64-2_regular.txz: Rebuilt.
This is a bugfix release.
Only build the X11/GTK+3 version. Use "emacs -nw" if you want to start it
in a terminal emulator in text mode, or rebuild if you really need to get
rid of the X11 dependency for some reason.
Build using --with-pdumper=auto. It seems that --with-dumping=unexec produces
a buggy Emacs here in the modern era, with symptoms such as "child signal FD:
Invalid argument". It's possible this had something to do with the reported
memory leaks as well.
Thanks to 3Tom for the bug report.
a/elogind-255.4_r2-x86_64-2.txz: Rebuilt.
OK, this is looking good enough to return to the main tree now.
Thanks to hamkg, ctrlaltca, and rizitis for helping to debug the sleep issues
with upstream, and to Sven Eden for the upstream fixes. I've changed the
default sleep mode from s2idle to deep as s2idle still locks up most of the
systems I've tried it on. Eventually we'll probably have to swallow this pill
though (more notes on that in the SlackBuild).
It didn't seem like recompiling polkit again was necessary, but correct me if
I'm wrong about that.
l/imagemagick-7.1.1_31-x86_64-1.txz: Upgraded.
l/python-hatchling-1.24.2-x86_64-1.txz: Upgraded.
l/vte-0.76.1-x86_64-1.txz: Upgraded.
l/wireplumber-0.5.2-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.7-x86_64-1.txz: Upgraded.
This release eliminates a bunch of issues detected during oss-fuzz runs.
(* Security fix *)
a/elogind-252.23-x86_64-3.txz: Rebuilt.
All right, it's time to stop the bleeding (edge). This has been verified as
the last working version of elogind, so we'll revert for now while moving the
newer sources into /testing. We didn't actually *need* the 255 branch for
libgudev (I was mistakenly under that impression), so this will be fine for
now. We'll keep an eye on upstream and move forward when things settle down.
d/vala-0.56.17-x86_64-1.txz: Upgraded.
l/gdk-pixbuf2-2.42.11-x86_64-1.txz: Upgraded.
l/gtk4-4.14.3-x86_64-1.txz: Upgraded.
l/polkit-124-x86_64-2.txz: Rebuilt.
Recompiled against elogind-252.23.
l/python-sphinx-7.3.7-x86_64-1.txz: Upgraded.
n/NetworkManager-1.46.0-x86_64-2.txz: Rebuilt.
Build with meson instead of autotools, since setting session_tracking to
elogind is ignored with autotools, and is set to consolekit instead.
While this didn't seem to make a difference in practice, better to get this
right now and rule it out as part of the issue.
Thanks to marav and LuckyCyborg for the options hints.
x/xdg-desktop-portal-1.18.4-x86_64-1.txz: Upgraded.
xap/freerdp-2.11.6-x86_64-1.txz: Upgraded.
This release is a security release and addresses multiple issues:
[Low] OutOfBound Read in zgfx_decompress_segment.
[Moderate] Integer overflow & OutOfBound Write in
clear_decompress_residual_data.
[Low] integer underflow in nsc_rle_decode.
[Low] OutOfBound Read in planar_skip_plane_rle.
[Low] OutOfBound Read in ncrush_decompress.
[Low] OutOfBound Read in interleaved_decompress.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32041https://www.cve.org/CVERecord?id=CVE-2024-32039https://www.cve.org/CVERecord?id=CVE-2024-32040https://www.cve.org/CVERecord?id=CVE-2024-32458https://www.cve.org/CVERecord?id=CVE-2024-32459https://www.cve.org/CVERecord?id=CVE-2024-32460
(* Security fix *)
a/aaa_glibc-solibs-2.39-x86_64-2.txz: Rebuilt.
ap/vim-9.1.0346-x86_64-1.txz: Upgraded.
d/llvm-18.1.4-x86_64-1.txz: Upgraded.
d/nasm-2.16.03-x86_64-1.txz: Upgraded.
l/glibc-2.39-x86_64-2.txz: Rebuilt.
This update fixes a security issue:
The iconv() function in the GNU C Library versions 2.39 and older may
overflow the output buffer passed to it by up to 4 bytes when converting
strings to the ISO-2022-CN-EXT character set, which may be used to crash
an application or overwrite a neighbouring variable.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-2961
(* Security fix *)
l/glibc-i18n-2.39-x86_64-2.txz: Rebuilt.
l/glibc-profile-2.39-x86_64-2.txz: Rebuilt.
l/pycups-2.0.4-x86_64-1.txz: Upgraded.
l/python-hatchling-1.24.1-x86_64-1.txz: Upgraded.
l/python-sphinx-7.3.6-x86_64-1.txz: Upgraded.
n/bind-9.18.26-x86_64-1.txz: Upgraded.
This is a bugfix release.
xap/vim-gvim-9.1.0346-x86_64-1.txz: Upgraded.
ap/linuxdoc-tools-0.9.83-x86_64-1.txz: Upgraded.
Upgraded to linuxdoc-tools-0.9.83, gtk-doc-1.34.0, and asciidoc-10.2.0.
See the ChangeLog in source/ap/linuxdoc-tools for more details.
Thanks to Stuart Winter.
ap/sqlite-3.45.3-x86_64-1.txz: Upgraded.
l/Mako-1.3.3-x86_64-1.txz: Upgraded.
l/pipewire-1.0.5-x86_64-1.txz: Upgraded.
l/python-hatchling-1.23.0-x86_64-1.txz: Upgraded.
x/libwacom-2.11.0-x86_64-1.txz: Upgraded.
x/xcb-proto-1.17.0-x86_64-1.txz: Upgraded.
x/xf86-input-wacom-1.2.2-x86_64-1.txz: Upgraded.
xap/pan-0.158-x86_64-1.txz: Upgraded.
Let's process the git pull with NOCONFIGURE=1 ./autogen.sh for FTIO. :-)
a/less-653-x86_64-2.txz: Rebuilt.
This update patches a security issue:
less through 653 allows OS command execution via a newline character in the
name of a file, because quoting is mishandled in filename.c. Exploitation
typically requires use with attacker-controlled file names, such as the files
extracted from an untrusted archive. Exploitation also requires the LESSOPEN
environment variable, but this is set by default in many common cases.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-32487
(* Security fix *)
ap/inxi-3.3.34_1-noarch-1.txz: Upgraded.
d/python-setuptools-69.5.1-x86_64-1.txz: Upgraded.
n/bluez-5.74-x86_64-1.txz: Upgraded.
xfce/xfce4-notifyd-0.9.4-x86_64-1.txz: Upgraded.
Almost everyone has jumped to this version, so we'll get with the program.
l/imagemagick-7.1.1_29-x86_64-1.txz: Upgraded.
Revert to the previous ImageMagick because the latest one is destroying SVG
files if "identify" or "display" is used on them.
Thanks to pc2005.
l/imagemagick-7.1.1_30-x86_64-1.txz: Upgraded.
l/libarchive-3.7.3-x86_64-1.txz: Upgraded.
This update fixes a security issue:
Fix possible vulnerability in tar error reporting introduced in f27c173
by JiaT75.
For more information, see:
f27c173d17https://github.com/libarchive/libarchive/pull/2101
(* Security fix *)
n/net-snmp-5.9.4-x86_64-3.txz: Rebuilt.
[PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp.
Thanks to walecha.
n/rsync-3.3.0-x86_64-1.txz: Upgraded.
x/xorg-sgml-doctools-1.12.1-x86_64-1.txz: Upgraded.
xap/gimp-2.10.36-x86_64-3.txz: Rebuilt.
[PATCH] QuitDialog: disconnect signal handler on dialog destroy.
This fixes a crash on quit.
Thanks to USUARIONUEVO.
xap/xlockmore-5.77-x86_64-1.txz: Upgraded.
a/pciutils-3.12.0-x86_64-1.txz: Upgraded.
l/pygobject-2.28.7-x86_64-10.txz: Rebuilt.
Build with PYTHON=python2 so that we don't have a call to unversioned python
in pygobject-codegen-2.0. Fixes building gimp from git.
Thanks to Petri Kaukasoina.
l/pygobject3-3.48.2-x86_64-1.txz: Upgraded.
x/libX11-1.8.9-x86_64-1.txz: Upgraded.
x/mtdev-1.1.7-x86_64-1.txz: Upgraded.
a/etc-15.1-x86_64-10.txz: Rebuilt.
Added nut user (218) and nut group (218).
a/genpower-1.0.5-x86_64-5.txz: Removed.
a/nut-2.8.2-x86_64-1.txz: Added.
This is a package to support uninterruptible power supplies, and replaces
the obsolete genpower package.
Thanks to V'yacheslav Stetskevych for the original SBo script.
a/sysvinit-scripts-15.1-noarch-16.txz: Rebuilt.
rc.M: start the NUT init scripts rc.nut-drvctl, rc.nut-upsd, and
rc.nut-upsmon. Remove the genpower block.
rc.6: support stopping the UPS inverter on the way down if we see
/etc/killpower. Remove the genpower block.
a/tcsh-6.24.12-x86_64-1.txz: Upgraded.
ap/man-db-2.12.1-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.6-x86_64-1.txz: Upgraded.
ap/vim-9.1.0265-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.14-x86_64-1.txz: Upgraded.
d/nasm-2.16.02-x86_64-1.txz: Upgraded.
l/libproxy-0.5.5-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.5-x86_64-1.txz: Upgraded.
l/python-typing_extensions-4.11.0-x86_64-1.txz: Upgraded.
x/xdm-1.1.16-x86_64-1.txz: Upgraded.
xap/vim-gvim-9.1.0265-x86_64-1.txz: Upgraded.
extra/bash-completion/bash-completion-2.13.0-noarch-1.txz: Upgraded.
extra/tigervnc/tigervnc-1.13.1-x86_64-5.txz: Rebuilt.
Recompiled against xorg-server-21.1.12 to fix security issues:
Heap buffer overread/data leakage in ProcXIGetSelectedEvents.
Heap buffer overread/data leakage in ProcXIPassiveGrabDevice.
Heap buffer overread/data leakage in ProcAppleDRICreatePixmap.
Use-after-free in ProcRenderAddGlyphs.
For more information, see:
https://lists.x.org/archives/xorg-announce/2024-April/003497.htmlhttps://www.cve.org/CVERecord?id=CVE-2024-31080https://www.cve.org/CVERecord?id=CVE-2024-31081https://www.cve.org/CVERecord?id=CVE-2024-31082https://www.cve.org/CVERecord?id=CVE-2024-31083
(* Security fix *)
a/hwdata-0.381-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.25-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.25-x86_64-1.txz: Upgraded.
d/cmake-3.29.1-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.25-x86-1.txz: Upgraded.
d/llvm-18.1.3-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.25-noarch-1.txz: Upgraded.
kde/kstars-3.7.0-x86_64-1.txz: Upgraded.
l/enchant-2.6.9-x86_64-1.txz: Upgraded.
l/libclc-18.1.3-x86_64-1.txz: Upgraded.
l/sof-firmware-2024.03-noarch-1.txz: Upgraded.
n/gnutls-3.8.5-x86_64-1.txz: Upgraded.
n/httpd-2.4.59-x86_64-1.txz: Upgraded.
This update fixes security issues:
HTTP/2 DoS by memory exhaustion on endless continuation frames.
HTTP Response Splitting in multiple modules.
HTTP response splitting.
For more information, see:
https://downloads.apache.org/httpd/CHANGES_2.4.59https://www.cve.org/CVERecord?id=CVE-2024-27316https://www.cve.org/CVERecord?id=CVE-2024-24795https://www.cve.org/CVERecord?id=CVE-2023-38709
(* Security fix *)
n/nghttp2-1.61.0-x86_64-1.txz: Upgraded.
This update fixes security issues:
nghttp2 library keeps reading the unbounded number of HTTP/2 CONTINUATION
frames even after a stream is reset to keep HPACK context in sync. This
causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates
this vulnerability by limiting the number of CONTINUATION frames it can
accept after a HEADERS frame.
For more information, see:
https://github.com/nghttp2/nghttp2/security/advisories/GHSA-x6x3-gv8h-m57qhttps://www.kb.cert.org/vuls/id/421644https://www.cve.org/CVERecord?id=CVE-2024-28182
(* Security fix *)
x/xdg-desktop-portal-1.18.3-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/kernel-generic-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.24-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.24-x86_64-1.txz: Upgraded.
d/kernel-headers-6.6.24-x86-1.txz: Upgraded.
d/python3-3.11.9-x86_64-1.txz: Upgraded.
k/kernel-source-6.6.24-noarch-1.txz: Upgraded.
-AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT n
-GCC11_NO_ARRAY_BOUNDS y
NUMA_BALANCING n -> y
+GCC10_NO_ARRAY_BOUNDS y
+NUMA_BALANCING_DEFAULT_ENABLED y
kde/libindi-2.0.7-x86_64-1.txz: Upgraded.
l/SDL2-2.30.2-x86_64-1.txz: Upgraded.
l/aom-3.8.2-x86_64-1.txz: Added.
Needed to add AV1 encode/decode support to ffmpeg.
Thanks to Andrew Strong.
l/dav1d-1.4.1-x86_64-1.txz: Added.
Needed to add AV1 decode support to ffmpeg.
l/ffmpeg-6.1.1-x86_64-2.txz: Rebuilt.
Patched to build with nv-codec-headers-12.2.72.0. Thanks to J_W.
Compiled against aom-3.8.2 and dav1d-1.4.1 for AV1 support.
Thanks to glennmcc.
l/gtk4-4.14.2-x86_64-1.txz: Upgraded.
n/whois-5.5.22-x86_64-1.txz: Upgraded.
Fixed a segmentation fault with --no-recursion.
Updated the .bm and .vi TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/MPlayer-20240403-x86_64-1.txz: Upgraded.
Compiled using --enable-libaom-lavc and --enable-libdav1d-lavc.
Thanks to glennmcc.
xap/pan-0.157-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
d/python-pip-24.0-x86_64-3.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
d/python2-2.7.18-x86_64-8.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
l/PyQt-builder-1.15.4-x86_64-3.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
l/python-installer-0.7.0-x86_64-3.txz: Rebuilt.
Get rid of unneeded Windows garbage in the package.
ap/hplip-3.23.12-x86_64-4.txz: Rebuilt.
Add a few patches from Arch, including one to fix a Unicode error with the
sixext.py script that causes hp-setup to crash after detecting a printer.
Thanks to truepatriot76.
d/Cython-3.0.10-x86_64-1.txz: Upgraded.
d/cargo-vendor-filterer-0.5.13-x86_64-1.txz: Upgraded.
d/poke-4.0-x86_64-1.txz: Upgraded.
l/editorconfig-core-c-0.12.7-x86_64-1.txz: Upgraded.
l/jasper-4.2.3-x86_64-1.txz: Upgraded.
l/libical-3.0.18-x86_64-1.txz: Upgraded.
l/pango-1.52.2-x86_64-1.txz: Upgraded.
l/python-lxml-5.2.0-x86_64-1.txz: Upgraded.
l/wireplumber-0.5.1-x86_64-1.txz: Upgraded.
n/c-ares-1.28.1-x86_64-1.txz: Upgraded.
xap/blueman-2.4-x86_64-1.txz: Upgraded.
ap/undervolt-0.4.0-x86_64-1.txz: Upgraded.
kde/kig-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled to link with libboost_python311.so.1.84.0.
kde/kopeninghours-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled to link with libboost_python311.so.1.84.0. Thanks to gmgf.
a/xz-5.6.1-x86_64-3.txz: Rebuilt.
[PATCH] CMake: Fix sabotaged Landlock sandbox check.
We don't build with CMake (yet), but it doesn't hurt to apply this.
d/mercurial-6.7.2-x86_64-1.txz: Upgraded.
l/boost-1.84.0-x86_64-3.txz: Rebuilt.
Recompiled against python-3.11.8. Thanks to rinza.
l/python-pycparser-2.22-x86_64-1.txz: Upgraded.
l/python-pytz-2024.1-x86_64-2.txz: Removed.
No longer needed with python-3.11. Thanks to audriusk.
l/python-tomli-2.0.1-x86_64-2.txz: Removed.
No longer needed with python-3.11. Thanks to TommyC7 and audriusk.
n/c-ares-1.28.0-x86_64-1.txz: Upgraded.
xap/xsnow-3.7.9-x86_64-1.txz: Upgraded.
extra/brltty/brltty-6.6-x86_64-4.txz: Rebuilt.
Don't install anything under /usr/local. Thanks to reddog83.
a/coreutils-9.5-x86_64-1.txz: Upgraded.
chmod -R now avoids a race where an attacker may replace a traversed file
with a symlink, causing chmod to operate on an unintended file.
[This bug was present in "the beginning".]
split --line-bytes with a mixture of very long and short lines no longer
overwrites the heap.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-0684
(* Security fix *)
a/btrfs-progs-6.8-x86_64-1.txz: Upgraded.
a/gpm-1.20.7-x86_64-10.txz: Rebuilt.
Clean up the compile fix patch omitting the Emacs Lisp file.
Clean up and apply the weak-wgetch patch.
Build using the option --without-curses.
Thanks to qunying.
a/util-linux-2.40-x86_64-1.txz: Upgraded.
This release fixes a vulnerability where the wall command did not filter
escape sequences from command line arguments, allowing unprivileged users
to put arbitrary text on other users terminals.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2024-28085
(* Security fix *)
d/rust-1.77.1-x86_64-1.txz: Upgraded.
l/fluidsynth-2.3.5-x86_64-1.txz: Upgraded.
l/protobuf-26.1-x86_64-1.txz: Upgraded.
l/python-build-1.2.1-x86_64-1.txz: Upgraded.
n/samba-4.20.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.4-x86_64-1.txz: Upgraded.
xap/seamonkey-2.53.18.2-x86_64-1.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.seamonkey-project.org/releases/seamonkey2.53.18.2
(* Security fix *)
a/shadow-4.15.1-x86_64-1.txz: Upgraded.
The main point of this release is to fix a bug that caused spurious error
messages about unknown login.defs configuration options.
a/sysvinit-3.09-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.3.25-x86_64-1.txz: Upgraded.
x/libX11-1.8.8-x86_64-1.txz: Upgraded.
x/libXmu-1.2.0-x86_64-1.txz: Upgraded.
x/lndir-1.0.5-x86_64-1.txz: Upgraded.
x/xf86-video-savage-2.4.1-x86_64-1.txz: Upgraded.
x/xman-1.2.0-x86_64-1.txz: Upgraded.
x/xorg-docs-1.7.3-noarch-1.txz: Upgraded.
e/emacs-29.3-x86_64-1.txz: Upgraded.
Emacs 29.3 is an emergency bugfix release intended to fix several security
vulnerabilities described below:
Arbitrary Lisp code is no longer evaluated as part of turning on Org mode.
This is for security reasons, to avoid evaluating malicious Lisp code.
New buffer-local variable 'untrusted-content'. When this is non-nil, Lisp
programs should treat buffer contents with extra caution.
Gnus now treats inline MIME contents as untrusted. To get back previous
insecure behavior, 'untrusted-content' should be reset to nil in the buffer.
LaTeX preview is now by default disabled for email attachments. To get back
previous insecure behavior, set the variable 'org--latex-preview-when-risky'
to a non-nil value.
Org mode now considers contents of remote files to be untrusted.
Remote files are recognized by calling 'file-remote-p'.
(* Security fix *)
l/enchant-2.6.8-x86_64-1.txz: Upgraded.
l/gnu-efi-3.0.18-x86_64-1.txz: Upgraded.
l/libproxy-0.5.4-x86_64-2.txz: Rebuilt.
Rebuilt with -Dpacrunner-duktape=true. Thanks to gmgf.
l/libxkbcommon-1.7.0-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.4-x86_64-1.txz: Upgraded.
x/libpciaccess-0.18.1-x86_64-1.txz: Upgraded.
x/xdm-1.1.15-x86_64-1.txz: Upgraded.
x/xedit-1.2.4-x86_64-1.txz: Upgraded.
x/xload-1.2.0-x86_64-1.txz: Upgraded.
extra/emacs-regular-build/emacs-29.3-x86_64-1_regular.txz: Upgraded.
(* Security fix *)
ap/vim-9.1.0199-x86_64-1.txz: Upgraded.
Dropped python2 support. Thanks to Audrius Kažukauskas.
l/duktape-2.7.0-x86_64-1.txz: Added.
Needed by polkit.
l/gjs-1.80.1-x86_64-1.txz: Upgraded.
l/libdeflate-1.20-x86_64-1.txz: Upgraded.
l/mozjs102-102.15.1esr-x86_64-2.txz: Removed.
l/mozjs115-115.9.1esr-x86_64-1.txz: Upgraded.
l/polkit-123-x86_64-2.txz: Rebuilt.
Use duktape instead of mozjs102 as the JavaScript engine.
x/iceauth-1.0.10-x86_64-2.txz: Rebuilt.
It's never too early to build with --enable-year2038. Thanks to bigbadaboum.
xap/geeqie-2.4-x86_64-1.txz: Upgraded.
xap/mozilla-firefox-115.9.1esr-x86_64-1.txz: Upgraded.
This update fixes a critical security issue:
An attacker was able to inject an event handler into a privileged object
that would allow arbitrary JavaScript execution in the parent process.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.9.1esr/releasenotes/https://www.mozilla.org/security/advisories/mfsa2024-16/https://www.cve.org/CVERecord?id=CVE-2024-29944
(* Security fix *)
xap/vim-gvim-9.1.0199-x86_64-1.txz: Upgraded.
Dropped python2 support. Thanks to Audrius Kažukauskas.
d/mercurial-6.7.1-x86_64-1.txz: Upgraded.
d/rust-1.77.0-x86_64-1.txz: Upgraded.
l/cairomm1-1.18.0-x86_64-1.txz: Added.
Thanks to jloco.
l/glibmm2-2.78.1-x86_64-1.txz: Added.
Thanks to jloco.
l/gtkmm4-4.12.0-x86_64-1.txz: Added.
Thanks to jloco.
l/libclc-18.1.2-x86_64-1.txz: Upgraded.
l/pangomm-2.46.4-x86_64-1.txz: Upgraded.
l/pangomm2-2.50.2-x86_64-1.txz: Added.
Thanks to jloco.
n/openvpn-2.6.10-x86_64-1.txz: Upgraded.
x/libkkc-0.3.5-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/libkkc-data-0.2.7-x86_64-5.txz: Rebuilt.
Use python for the build, not python2.
x/marisa-0.2.6-x86_64-8.txz: Rebuilt.
Drop python2 support and rebuild marisa module for python3.
x/wayland-protocols-1.34-noarch-1.txz: Upgraded.
a/libblockdev-2.28-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/sysvinit-scripts-15.1-noarch-15.txz: Rebuilt.
rc.M: start rc.iceccd and rc.icecc-scheduler earlier.
a/util-linux-2.39.3-x86_64-2.txz: Rebuilt.
Drop python2 support.
a/volume_key-0.3.12-x86_64-6.txz: Rebuilt.
Drop python2 support.
ap/man-pages-6.7-noarch-1.txz: Upgraded.
d/cmake-3.28.4-x86_64-1.txz: Upgraded.
d/llvm-18.1.2-x86_64-1.txz: Upgraded.
d/python2-2.7.18-x86_64-7.txz: Rebuilt.
Bundle the final python2 versions of pip and setuptools.
Drop the /usr/bin/python symlink.
d/python3-3.9.19-x86_64-1.txz: Upgraded.
Point the /usr/bin/python symlink at python3.9.
PEP 394 says we can do this, and in a world of ambigious shebangs, this
is probably the best of the available options.
This update also fixes security issues:
bundled libexpat was updated to 2.6.0.
zipfile is now protected from the "quoted-overlap" zipbomb.
tempfile.TemporaryDirectory cleanup no longer dereferences symlinks when
working around file system permission errors.
For more information, see:
https://pythoninsider.blogspot.com/2024/03/python-31014-3919-and-3819-is-now.htmlhttps://www.cve.org/CVERecord?id=CVE-2023-52425https://www.cve.org/CVERecord?id=CVE-2024-0450https://www.cve.org/CVERecord?id=CVE-2023-6597
(* Security fix *)
d/strace-6.8-x86_64-1.txz: Upgraded.
kde/kross-interpreters-23.08.5-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/libxml2-2.12.6-x86_64-2.txz: Rebuilt.
Drop python2 support.
l/mozjs115-115.9.0esr-x86_64-2.txz: Rebuilt.
Fixed installed library name. Thanks to reddog83.
Fixed slack-desc. Thanks to r1w1s1.
l/phonon-4.12.0-x86_64-1.txz: Upgraded.
l/pilot-link-0.12.5-x86_64-17.txz: Rebuilt.
Drop python2 support.
l/python2-module-collection-2.7.18-x86_64-6.txz: Removed.
Good bye!
l/python2-pycairo-1.18.2-x86_64-1.txz: Added.
We'll need this (along with pygtk and pygobject) until we get gimp3.
Well, we could build gimp without python support, but I really don't think
that's the route we want to take.
n/bind-9.18.25-x86_64-1.txz: Upgraded.
n/crda-4.15-x86_64-1.txz: Removed.
The kernel is able to load from wireless-regdb directly. Obsolete.
n/getmail-6.18.14-x86_64-1.txz: Upgraded.
n/gpgme-1.23.2-x86_64-2.txz: Rebuilt.
Drop python2 support.
n/obexftp-0.24.2-x86_64-11.txz: Rebuilt.
Drop python2 support.
n/wireless-regdb-2024.01.23-x86_64-1.txz: Added.
Wireless regulatory database, previously bundled with crda.
x/ibus-1.5.29-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/libkkc-0.3.5-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/libkkc-data-0.2.7-x86_64-4.txz: Rebuilt.
Still forcing python2 with this one, but perhaps a python3 marisa module
could work around this.
x/xcb-proto-1.16.0-x86_64-2.txz: Rebuilt.
Drop python2 support.
x/xpyb-1.3.1-x86_64-7.txz: Removed.
Nothing uses it, and it was never updated for python3. Removed as obsolete.
d/perl-5.38.2-x86_64-2.txz: Rebuilt.
Added IO-Tty-1.20, needed by mosh.
Upgraded: DBD-mysql-4.051, URI-5.27, XML-Parser-2.47, IO-Socket-SSL-2.085,
and Net-SSLeay-1.94.
kde/cantor-23.08.5-x86_64-3.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/plasma-workspace-5.27.11-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
kde/step-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against libqalculate-5.0.0.
l/abseil-cpp-20240116.1-x86_64-1.txz: Added.
Needed for protobuf and mosh.
l/libgnt-2.14.3-x86_64-2.txz: Rebuilt.
Build with -Dpython2=false. Thanks to USUARIONUEVO.
l/libqalculate-5.0.0-x86_64-2.txz: Rebuilt.
Shared library .so-version bump.
Thanks to gmgf.
l/protobuf-26.0-x86_64-1.txz: Added.
Needed for mosh.
n/mosh-1.4.0-x86_64-1.txz: Added.
Thanks to unInstance for cueing me in on this one.
n/pinentry-1.3.0-x86_64-1.txz: Upgraded.
x/vulkan-sdk-1.3.275.0-x86_64-2.txz: Rebuilt.
Build glslang with -DENABLE_OPT=Off. Thanks to F0nix.
La fheile Padraig sona dhaoibh!
Pionta Guinness, le do thoil. :-)
kde/digikam-8.3.0-x86_64-2.txz: Rebuilt.
Fixed internal version number.
l/harfbuzz-8.3.1-x86_64-1.txz: Upgraded.
l/libappindicator-12.10.0-x86_64-4.txz: Rebuilt.
Drop the python bindings.
l/mozilla-nss-3.99-x86_64-1.txz: Upgraded.
l/python-hatchling-1.22.2-x86_64-1.txz: Upgraded.
l/python-markdown-3.6-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.1-x86_64-1.txz: Upgraded.
l/qt5-5.15.13_20240314_6694e805-x86_64-1.txz: Upgraded.
d/mercurial-6.7-x86_64-1.txz: Upgraded.
kde/digikam-8.3.0-x86_64-1.txz: Upgraded.
l/libxml2-2.12.6-x86_64-1.txz: Upgraded.
n/php-8.3.4-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.php.net/ChangeLog-8.php#8.3.4
n/proftpd-1.3.8b-x86_64-3.txz: Rebuilt.
Added mod_ldap. Thanks to Thom1b.
a/etc-15.1-x86_64-9.txz: Rebuilt.
Added proftpd user (97) and proftpd group (97).
Added nm-openvpn user (320) and nm-openvpn group (320).
Added openvpn user (443) and openvpn group (443).
Added overflowuid user (65534) and overflowgid group (65534).
Thanks to opty for encouraging us to think about nobody.
d/meson-1.4.0-x86_64-1.txz: Upgraded.
d/python-setuptools-69.2.0-x86_64-1.txz: Upgraded.
l/expat-2.6.2-x86_64-1.txz: Upgraded.
Prevent billion laughs attacks with isolated use of external parsers.
For more information, see:
1d50b80cf3https://www.cve.org/CVERecord?id=CVE-2024-28757
(* Security fix *)
l/pipewire-1.0.4-x86_64-1.txz: Upgraded.
l/python-zipp-3.18.0-x86_64-1.txz: Upgraded.
n/openvpn-2.6.9-x86_64-2.txz: Rebuilt.
Run as openvpn:openvpn. Thanks to rkelsen.
n/proftpd-1.3.8b-x86_64-2.txz: Rebuilt.
Run as proftpd:proftpd.
x/libva-2.21.0-x86_64-1.txz: Upgraded.
x/libva-utils-2.21.0-x86_64-1.txz: Upgraded.
xap/NetworkManager-openvpn-1.10.2-x86_64-2.txz: Rebuilt.
Run as nm-openvpn:nm-openvpn. Thanks to Markus Wiesner.
a/dialog-1.3_20240307-x86_64-1.txz: Upgraded.
l/libpaper-2.2.3-x86_64-1.txz: Upgraded.
l/libqalculate-5.0.0-x86_64-1.txz: Upgraded.
l/pyparsing-3.1.2-x86_64-1.txz: Upgraded.
l/python-packaging-24.0-x86_64-1.txz: Upgraded.
n/openssh-9.7p1-x86_64-1.txz: Upgraded.
Future deprecation notice
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025 and compile-time disable it later this year.
n/wget-1.24.5-x86_64-1.txz: Upgraded.
x/iceauth-1.0.10-x86_64-1.txz: Upgraded.
x/libXaw-1.0.16-x86_64-1.txz: Upgraded.
xap/xaos-4.3.2-x86_64-1.txz: Upgraded.
ap/ghostscript-10.03.0-x86_64-1.txz: Upgraded.
This update addresses a security issue:
A vulnerability was identified in the way Ghostscript/GhostPDL called
tesseract for the OCR devices, which could allow arbitrary code execution.
Thanks to J_W for the heads-up.
(* Security fix *)
ap/lxc-4.0.12-x86_64-3.txz: Rebuilt.
lxc-slackware.in: include gnupg2 (not gnupg) for slackpkg.
ap/slackpkg-15.0.10-noarch-3.txz: Rebuilt.
core-functions.sh: use gpg2, not gpg.
d/Cython-3.0.9-x86_64-1.txz: Upgraded.
d/git-2.44.0-x86_64-2.txz: Rebuilt.
Include git-subtree. Thanks to gwhl.
d/llvm-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
kde/kdevelop-23.08.5-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/openexr-3.2.3-x86_64-1.txz: Upgraded.
l/python-importlib_metadata-7.0.2-x86_64-1.txz: Upgraded.
l/python-trove-classifiers-2024.3.3-x86_64-1.txz: Upgraded.
l/qt5-5.15.12_20240228_6609503f-x86_64-1.txz: Upgraded.
Compiled against llvm-18.1.0.
l/qt6-6.6.2_20240210_15b7e743-x86_64-3.txz: Rebuilt.
Recompiled against llvm-18.1.0.
l/spirv-llvm-translator-18.1.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
n/gnupg2-2.4.5-x86_64-1.txz: Upgraded.
n/libassuan-2.5.7-x86_64-1.txz: Upgraded.
n/postfix-3.9.0-x86_64-1.txz: Upgraded.
x/mesa-24.0.2-x86_64-2.txz: Rebuilt.
Recompiled against llvm-18.1.0 and spirv-llvm-translator-18.1.0.
isolinux/initrd.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
usb-and-pxe-installers/usbboot.img: Rebuilt.
Fixed kernel version. Thanks to chrisVV.
l/gst-plugins-bad-free-1.24.0-x86_64-1.txz: Upgraded.
l/gst-plugins-base-1.24.0-x86_64-1.txz: Upgraded.
l/gst-plugins-good-1.24.0-x86_64-1.txz: Upgraded.
l/gst-plugins-libav-1.24.0-x86_64-1.txz: Upgraded.
l/gstreamer-1.24.0-x86_64-1.txz: Upgraded.
l/libnice-0.1.22-x86_64-1.txz: Upgraded.
l/opus-1.5.1-x86_64-1.txz: Upgraded.
l/pycairo-1.26.0-x86_64-2.txz: Rebuilt.
Build with meson so that the pkgconfig file is included. Thanks to jloco.
l/sof-firmware-2023.12.1-noarch-1.txz: Upgraded.
n/postfix-3.8.6-x86_64-1.txz: Upgraded.
This is a bugfix release.
For more information, see:
https://www.postfix.org/announcements/postfix-3.8.6.html
xap/mozilla-thunderbird-115.8.1-x86_64-1.txz: Upgraded.
This release contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/thunderbird/115.8.1/releasenotes/https://www.mozilla.org/en-US/security/advisories/mfsa2024-11/https://www.cve.org/CVERecord?id=CVE-2024-1936
(* Security fix *)
xap/x3270-4.3ga6-x86_64-1.txz: Upgraded.
xfce/xfce4-screensaver-4.18.3-x86_64-1.txz: Upgraded.
d/parallel-20240222-noarch-1.txz: Upgraded.
kde/krita-5.2.2-x86_64-4.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/accountsservice-23.13.9-x86_64-1.txz: Upgraded.
Thanks to reddog83.
l/libass-0.17.1-x86_64-2.txz: Rebuilt.
Recompiled against libunibreak-6.0.
l/libunibreak-6.0-x86_64-1.txz: Upgraded.
Shared library .so-version bump.
l/orc-0.4.38-x86_64-1.txz: Upgraded.
l/python-requests-2.31.0-x86_64-1.txz: Upgraded.
l/python-urllib3-2.2.1-x86_64-1.txz: Upgraded.
l/qt6-6.6.2_20240210_15b7e743-x86_64-1.txz: Added.
n/wpa_supplicant-2.10-x86_64-3.txz: Rebuilt.
Patched the implementation of PEAP in wpa_supplicant to prevent an
authentication bypass. For a successful attack, wpa_supplicant must be
configured to not verify the network's TLS certificate during Phase 1
authentication, and an eap_peap_decrypt vulnerability can then be abused
to skip Phase 2 authentication. The attack vector is sending an EAP-TLV
Success packet instead of starting Phase 2. This allows an adversary to
impersonate Enterprise Wi-Fi networks.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2023-52160
(* Security fix *)
xap/gparted-1.6.0-x86_64-1.txz: Upgraded.
a/mdadm-4.3-x86_64-1.txz: Upgraded.
a/pciutils-3.11.1-x86_64-1.txz: Upgraded.
d/swig-4.2.1-x86_64-1.txz: Upgraded.
l/LibRaw-0.21.2-x86_64-2.txz: Rebuilt.
Include the example programs (which are actually useful). Thanks to giomat.
l/imagemagick-7.1.1_29-x86_64-1.txz: Upgraded.
l/openjpeg-2.5.1-x86_64-1.txz: Upgraded.
Fixed a heap-based buffer overflow in openjpeg in color.c:379:42 in
sycc420_to_rgb when decompressing a crafted .j2k file. An attacker could use
this to execute arbitrary code with the permissions of the application
compiled against openjpeg.
For more information, see:
https://www.cve.org/CVERecord?id=CVE-2021-3575
(* Security fix *)
l/pango-1.52.0-x86_64-1.txz: Upgraded.
x/sddm-0.21.0-x86_64-1.txz: Upgraded.
xap/x3270-4.3ga5-x86_64-1.txz: Upgraded.
a/etc-15.1-x86_64-7.txz: Rebuilt.
Don't leave {group,gshadow,passwd,shadow}.new laying around.
We'd left these as a reference in case new default entries were added so that
the admin could take a look at them and merge the new entries into the
existing files. But we've been merging them over automatically for quite some
time. The files contain no unique information and are sort of a footbullet.
ap/qpdf-11.9.0-x86_64-1.txz: Upgraded.
ap/vim-9.1.0136-x86_64-1.txz: Upgraded.
n/whois-5.5.21-x86_64-1.txz: Upgraded.
Updated the .cv and .sd TLD servers.
Removed 4 new gTLDs which are no longer active.
xap/vim-gvim-9.1.0136-x86_64-1.txz: Upgraded.
xfce/xfce4-terminal-1.1.2-x86_64-2.txz: Rebuilt.
[PATCH] screen: Fix wrong assert.
Thanks to J_W.
[PATCH] prefs-dialog: Fix wrong assert.
Thanks to mario.
a/pkgtools-15.1-noarch-10.txz: Rebuilt.
setup.services: typo/syntax error fix. Thanks to gramaxo and pghvlaans.
a/xz-5.6.0-x86_64-1.txz: Upgraded.
ap/man-pages-6.06-noarch-2.txz: Rebuilt.
Restored the previously included posix pages, and added the posix "sh" page
since it's more correct than getting the ksh page for "sh".
Thanks to pghvlaans.
d/git-2.44.0-x86_64-1.txz: Upgraded.
kde/kdnssd-5.115.0-x86_64-2.txz: Rebuilt.
Recompiled to add Zeroconf support. (This one fooled me because it doesn't
actually link to any avahi libraries.)
Thanks to audriusk.
kde/kid3-3.9.5-x86_64-1.txz: Upgraded.
l/libpng-1.6.43-x86_64-1.txz: Upgraded.
l/libunistring-1.2-x86_64-1.txz: Upgraded.
n/libksba-1.6.6-x86_64-1.txz: Upgraded.
n/npth-1.7-x86_64-1.txz: Upgraded.
t/texlive-2023.230322-x86_64-7.txz: Rebuilt.
Use the bundled zlib to make the bundled lua happy. Thanks to sombragris.
a/dcron-4.5-x86_64-17.txz: Rebuilt.
run-parts.8: document skiping *.orig files. Thanks to metaed.
a/etc-15.1-x86_64-6.txz: Rebuilt.
Add support for nss-mdns to /etc/nsswitch.conf.
a/kernel-firmware-20240220_97b693d-noarch-1.txz: Upgraded.
a/kernel-generic-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-huge-6.6.18-x86_64-1.txz: Upgraded.
a/kernel-modules-6.6.18-x86_64-1.txz: Upgraded.
ap/cups-filters-1.28.17-x86_64-5.txz: Rebuilt.
Don't specify --with-browseremoteprotocols=cups in order to get the default
values of cups and dnssd, which should enable discovering shared printers on
the network. We'll refrain from sharing your printer -- you'll need to change
that setting yourself. ;-)
Thanks to TurboBlaze.
ap/hplip-3.23.12-x86_64-2.txz: Rebuilt.
The new --disable-imageProcessor-build option doesn't do squat, so we'll hit
it with the good old patch again.
Thanks to Petri Kaukasoina and Stuart Winter.
d/kernel-headers-6.6.18-x86-1.txz: Upgraded.
k/kernel-source-6.6.18-noarch-1.txz: Upgraded.
l/gvfs-1.52.2-x86_64-2.txz: Rebuilt.
Added -Ddnssd=true option and recompiled against avahi.
l/libsecret-0.21.4-x86_64-1.txz: Upgraded.
n/c-ares-1.27.0-x86_64-1.txz: Upgraded.
n/libgpg-error-1.48-x86_64-1.txz: Upgraded.
n/nss-mdns-0.15.1-x86_64-1.txz: Added.
Needed for .local lookups. Thanks to Lockywolf.
xap/pidgin-2.14.13-x86_64-1.txz: Upgraded.
isolinux/initrd.img: Rebuilt.
kernels/*: Upgraded.
usb-and-pxe-installers/usbboot.img: Rebuilt.
a/aaa_libraries-15.1-x86_64-26.txz: Rebuilt.
Upgraded: libacl.so.1.1.2302, libattr.so.1.1.2502, liblzma.so.5.4.6,
libpcre2-8.so.0.12.0, libz.so.1.3.1, libcares.so.2.11.0,
libexpat.so.1.9.0, libffi.so.8.1.4, libglib-2.0.so.0.7800.4,
libgmodule-2.0.so.0.7800.4, libgobject-2.0.so.0.7800.4,
libgthread-2.0.so.0.7800.4, libidn.so.12.6.5, libidn2.so.0.4.0,
libpng16.so.16.41.0, libpsl.so.5.3.5, libtdb.so.1.4.10, libusb-1.0.so.0.4.0.
a/etc-15.1-x86_64-5.txz: Rebuilt.
Added UID 214 and GID 214 for avahi.
a/gettext-0.22.5-x86_64-1.txz: Upgraded.
a/pkgtools-15.1-noarch-9.txz: Rebuilt.
setup.services: support rc.avahidaemon and rc.avahidnsconfd.
a/sysvinit-scripts-15.1-noarch-13.txz: Rebuilt.
rc.M: start (if executable) rc.avahidaemon and rc.avahidnsconfd.
ap/cups-2.4.7-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
ap/cups-filters-1.28.17-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
ap/hplip-3.23.12-x86_64-1.txz: Upgraded.
Compiled against avahi.
ap/xmltoman-0.6-x86_64-1.txz: Added.
This is needed to generate manpages for avahi.
d/distcc-3.4-x86_64-4.txz: Rebuilt.
Recompiled against avahi.
d/gettext-tools-0.22.5-x86_64-1.txz: Upgraded.
l/avahi-20240220_dffd549-x86_64-1.txz: Added.
It was either this, or drop (or fork) hplip. We'll enjoy it in the long run.
Thanks to David Somero for the original build script, and to Robby Workman
for years of maintenance.
Signed-off-by: volkerdi
Acked-by: alienBOB
l/libdaemon-0.14-x86_64-1.txz: Added.
This is needed by avahi.
l/pipewire-1.0.3-x86_64-5.txz: Rebuilt.
Recompiled against avahi.
l/pulseaudio-17.0-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
n/NetworkManager-1.46.0-x86_64-1.txz: Upgraded.
n/netatalk-3.1.18-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
n/samba-4.19.5-x86_64-2.txz: Rebuilt.
Recompiled against avahi.
xap/pidgin-2.14.12-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
xap/sane-1.2.1-x86_64-3.txz: Rebuilt.
Recompiled against avahi.
extra/bash-completion/bash-completion-2.12.0-noarch-1.txz: Upgraded.
a/ndctl-78-x86_64-1.txz: Upgraded.
ap/mpg123-1.32.5-x86_64-1.txz: Upgraded.
l/libffi-3.4.6-x86_64-1.txz: Upgraded.
x/mesa-24.0.1-x86_64-2.txz: Rebuilt.
Added av1dec,av1enc,and vp9dec to the list of codecs to support.
Thanks to fulalas and ZhaoLin1547.